Skip to content

OCPBUGS-88742: Fix nested container test mount check for BusyBox#31361

Merged
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
bitoku:fix/OCPBUGS-88742-busybox-mount-truncation
Jul 2, 2026
Merged

OCPBUGS-88742: Fix nested container test mount check for BusyBox#31361
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
bitoku:fix/OCPBUGS-88742-busybox-mount-truncation

Conversation

@bitoku

@bitoku bitoku commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

BusyBox mount truncates output when /proc/self/mounts entries exceed ~1008 bytes, causing 700-play.bats to fail. Replace mount | grep /tmp with grep /tmp /proc/self/mounts.

OCPBUGS-88742: Summary

Bug: podman kube generate tmpfs on /tmp test failure in OCP 5.0
Component: Node / Kubelet | Version: 5.0 | Label: component-regression
Jira: https://redhat.atlassian.net/browse/OCPBUGS-88742
Triage: https://sippy-auth.dptools.openshift.org/sippy-ng/component_readiness/triages/586


What Happened

The podman system test podman kube generate tmpfs on /tmp (containers/podman:test/system/700-play.bats) passes on OCP 4.22 but fails on OCP 5.0. The test runs inside a user-namespace pod (hostUsers: false), creates a nested container via podman kube play, and checks for /tmp by running mount | grep /tmp. On OCP 5.0, BusyBox mount returns only 3 entries instead of 36, so /tmp is missing from the output.

The /tmp mount IS present and functional — visible via cat /proc/self/mounts, findmnt, and df -h. Only BusyBox mount fails to display it.

Root Cause

BusyBox mount calls musl's getmntent_r() with a fixed ~1008-byte buffer. When a line in /proc/self/mounts exceeds this, musl returns NULL and aborts all iteration. In nested containers, overlay bind-mount entries (e.g. /etc/hosts) are ~1881 bytes due to long lowerdir= paths. Once BusyBox hits the first such entry, all remaining mounts — including /tmp — are invisible.

Why this regresses on OCP 5.0

The overlay entries are equally long on both OCP versions. The difference is mount ordering in /proc/self/mounts:

  • Kernel 5.14 (OCP 4.22): mounts listed in insertion order (linked list). /tmp appears at line 5, before the first long overlay entry at line 12. BusyBox parses 11 entries including /tmp.
  • Kernel 6.12 (OCP 5.0): kernel commit 2eea9ce4310d (Linux 6.8) replaced the linked list with a red-black tree keyed by mnt_id_unique. Long overlay entries now appear at line 4, /tmp at line 12. BusyBox parses only 3 entries.
Kernel 5.14 (OCP 4.22) Kernel 6.12 (OCP 5.0)
/tmp position in /proc/self/mounts Line 5 (before first long entry) Line 12 (after first long entry)
BusyBox entries shown 11 (including /tmp) 3 (without /tmp)

How to Reproduce

On OCP 5.0 (kernel 6.12+), run a user-namespace pod with nested podman, create a container via podman kube play with a tmpfs on /tmp, then compare:

podman exec <ctr> mount                        # 3 entries, no /tmp
podman exec <ctr> grep /tmp /proc/self/mounts  # /tmp is there

Automated reproducer: https://gist.github.com/bitoku/770d63cf49a9a1597090a1988cdcf39c

Recommended Fix

Change the test to use grep /tmp /proc/self/mounts or findmnt /tmp instead of mount | grep /tmp.

Sources

Assisted-by: Claude Code https://claude.com/claude-code

Summary by CodeRabbit

  • Bug Fixes
    • Updated test behavior to avoid truncated output in environments with large mount listings, improving reliability on BusyBox-based systems.
    • Adjusted nested container test setup to use a more stable mount lookup approach.

BusyBox `mount` truncates output when /proc/self/mounts entries
exceed ~1008 bytes, causing 700-play.bats to fail. Replace
`mount | grep /tmp` with `grep /tmp /proc/self/mounts`.

Assisted-by: Claude Code <https://claude.com/claude-code>
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Jul 1, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@bitoku: This pull request references Jira Issue OCPBUGS-88742, which is invalid:

  • expected the bug to target the "5.0.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

BusyBox mount truncates output when /proc/self/mounts entries exceed ~1008 bytes, causing 700-play.bats to fail. Replace mount | grep /tmp with grep /tmp /proc/self/mounts.

Assisted-by: Claude Code https://claude.com/claude-code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@bitoku

bitoku commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

/jira refresh

@openshift-ci-robot

Copy link
Copy Markdown

@bitoku: This pull request references Jira Issue OCPBUGS-88742, which is invalid:

  • expected the bug to target the "5.0.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Walkthrough

Both the embedded testdata bindata and the nested_container skip_tests.sh script were updated to patch the 700-play.bats test, replacing "mount | grep /tmp" with "grep /tmp /proc/self/mounts" via sed, with added comments explaining BusyBox mount truncation.

Changes

Mount Truncation Fix

Layer / File(s) Summary
Patch mount detection command in bats tests
test/extended/testdata/bindata.go, test/extended/testdata/node/nested_container/skip_tests.sh
Both files apply a sed -i rewrite of 700-play.bats replacing "mount | grep /tmp" with "grep /tmp /proc/self/mounts", with comments documenting BusyBox mount output truncation when /proc/self/mounts output is large.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Poem:
A rabbit hopped through mounts so deep,
Where BusyBox truncation liked to creep,
"Grep the proc, not the mount!" it cried,
So /tmp paths no longer hide,
Two files patched, and tests now leap. 🐰

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the main change: fixing the nested container test mount check for BusyBox.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed The patch only changes shell-script text/comments in test data; no Ginkgo titles were added or modified, and no dynamic test names appear.
Test Structure And Quality ✅ Passed PR only updates embedded shell testdata and generated bindata; no Ginkgo It/BeforeEach/Eventually code changed, so this check is not applicable.
Microshift Test Compatibility ✅ Passed Touched files are testdata/script-only; no new Ginkgo tests or MicroShift-unsupported APIs/features were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed The PR only changes testdata/script assets; it adds no new Ginkgo tests or multi-node/HA assumptions to assess for SNO.
Topology-Aware Scheduling Compatibility ✅ Passed Only testdata/fixture scripts changed; no deployment, operator, or controller scheduling code was modified.
Ote Binary Stdout Contract ✅ Passed Only testdata scripts/assets changed; no main/init/TestMain/suite setup stdout writes were added, and the shell helper only alters a grep target.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; the PR only updates testdata shell scripts to swap a mount check, with no IPv4 or external connectivity assumptions.
No-Weak-Crypto ✅ Passed PR only changes testdata shell text replacing a mount check; no weak-crypto primitives, custom crypto, or secret comparisons are added.
Container-Privileges ✅ Passed Only testdata shell text changed; no K8s/container manifest fields like privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, or allowPrivilegeEscalation were added or edited.
No-Sensitive-Data-In-Logs ✅ Passed The changed files add only comments and a mount-check command swap; no new logging or sensitive data exposure was introduced.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@bitoku

bitoku commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Jul 1, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@bitoku: This pull request references Jira Issue OCPBUGS-88742, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)
Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot

Copy link
Copy Markdown

@bitoku: This pull request references Jira Issue OCPBUGS-88742, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (5.0.0) matches configured target version for branch (5.0.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
Details

In response to this:

BusyBox mount truncates output when /proc/self/mounts entries exceed ~1008 bytes, causing 700-play.bats to fail. Replace mount | grep /tmp with grep /tmp /proc/self/mounts.

Assisted-by: Claude Code https://claude.com/claude-code

Summary by CodeRabbit

  • Bug Fixes
  • Updated test behavior to avoid truncated output in environments with large mount listings, improving reliability on BusyBox-based systems.
  • Adjusted nested container test setup to use a more stable mount lookup approach.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@bitoku

bitoku commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

/payload-job periodic-ci-openshift-release-main-ci-5.0-e2e-gcp-ovn-usernamespace

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@bitoku: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-main-ci-5.0-e2e-gcp-ovn-usernamespace

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/dcf1db20-754f-11f1-97b4-03d2d6384f86-0

@openshift-ci openshift-ci Bot requested review from deads2k and sjenning July 1, 2026 13:22
@openshift-ci openshift-ci Bot added the ready-for-human-review Indicates a PR has been reviewed by automated tools and is ready for human review label Jul 1, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Scheduling required tests:
/test e2e-aws-csi
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-microshift
/test e2e-aws-ovn-microshift-serial
/test e2e-aws-ovn-serial-1of2
/test e2e-aws-ovn-serial-2of2
/test e2e-gcp-csi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upgrade
/test e2e-metal-ipi-ovn-ipv6
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi

@bitoku

bitoku commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

/payload-job periodic-ci-openshift-release-main-ci-5.0-e2e-gcp-ovn-usernamespace

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@bitoku: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-release-main-ci-5.0-e2e-gcp-ovn-usernamespace

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/54f4a1d0-755e-11f1-90b7-909de0e271c7-0

@bitoku

bitoku commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

@bitoku

bitoku commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

/retest

@saschagrunert saschagrunert left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

# Replace `mount` with /proc/self/mounts — BusyBox mount truncates output
# when /proc/self/mounts entries exceed ~1008 bytes
# https://redhat.atlassian.net/browse/OCPBUGS-88742?focusedCommentId=17458910
sed -i 's#mount | grep /tmp#grep /tmp /proc/self/mounts#' $TEST_DIR/700-play.bats

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

non blocking nit:

Suggested change
sed -i 's#mount | grep /tmp#grep /tmp /proc/self/mounts#' $TEST_DIR/700-play.bats
sed -i 's#mount | grep /tmp#grep /tmp /proc/self/mounts#' "$TEST_DIR/700-play.bats"

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 2, 2026
@dgoodwin

dgoodwin commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

/approve

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bitoku, dgoodwin, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 2, 2026
@haircommander

Copy link
Copy Markdown
Member

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Jul 2, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@haircommander: This PR has been marked as verified by ci https://pr-payload-tests.ci.openshift.org/runs/ci/54f4a1d0-755e-11f1-90b7-909de0e271c7-0.

Details

In response to this:

/verified by ci https://pr-payload-tests.ci.openshift.org/runs/ci/54f4a1d0-755e-11f1-90b7-909de0e271c7-0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@bitoku: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-csi 366b9cb link true /test e2e-aws-csi

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@haircommander

Copy link
Copy Markdown
Member

/skip

@openshift-merge-bot openshift-merge-bot Bot merged commit f2c72ee into openshift:main Jul 2, 2026
21 checks passed
@openshift-ci-robot

Copy link
Copy Markdown

@bitoku: Jira Issue Verification Checks: Jira Issue OCPBUGS-88742
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-88742 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

BusyBox mount truncates output when /proc/self/mounts entries exceed ~1008 bytes, causing 700-play.bats to fail. Replace mount | grep /tmp with grep /tmp /proc/self/mounts.

OCPBUGS-88742: Summary

Bug: podman kube generate tmpfs on /tmp test failure in OCP 5.0
Component: Node / Kubelet | Version: 5.0 | Label: component-regression
Jira: https://redhat.atlassian.net/browse/OCPBUGS-88742
Triage: https://sippy-auth.dptools.openshift.org/sippy-ng/component_readiness/triages/586


What Happened

The podman system test podman kube generate tmpfs on /tmp (containers/podman:test/system/700-play.bats) passes on OCP 4.22 but fails on OCP 5.0. The test runs inside a user-namespace pod (hostUsers: false), creates a nested container via podman kube play, and checks for /tmp by running mount | grep /tmp. On OCP 5.0, BusyBox mount returns only 3 entries instead of 36, so /tmp is missing from the output.

The /tmp mount IS present and functional — visible via cat /proc/self/mounts, findmnt, and df -h. Only BusyBox mount fails to display it.

Root Cause

BusyBox mount calls musl's getmntent_r() with a fixed ~1008-byte buffer. When a line in /proc/self/mounts exceeds this, musl returns NULL and aborts all iteration. In nested containers, overlay bind-mount entries (e.g. /etc/hosts) are ~1881 bytes due to long lowerdir= paths. Once BusyBox hits the first such entry, all remaining mounts — including /tmp — are invisible.

Why this regresses on OCP 5.0

The overlay entries are equally long on both OCP versions. The difference is mount ordering in /proc/self/mounts:

  • Kernel 5.14 (OCP 4.22): mounts listed in insertion order (linked list). /tmp appears at line 5, before the first long overlay entry at line 12. BusyBox parses 11 entries including /tmp.
  • Kernel 6.12 (OCP 5.0): kernel commit 2eea9ce4310d (Linux 6.8) replaced the linked list with a red-black tree keyed by mnt_id_unique. Long overlay entries now appear at line 4, /tmp at line 12. BusyBox parses only 3 entries.
Kernel 5.14 (OCP 4.22) Kernel 6.12 (OCP 5.0)
/tmp position in /proc/self/mounts Line 5 (before first long entry) Line 12 (after first long entry)
BusyBox entries shown 11 (including /tmp) 3 (without /tmp)

How to Reproduce

On OCP 5.0 (kernel 6.12+), run a user-namespace pod with nested podman, create a container via podman kube play with a tmpfs on /tmp, then compare:

podman exec <ctr> mount                        # 3 entries, no /tmp
podman exec <ctr> grep /tmp /proc/self/mounts  # /tmp is there

Automated reproducer: https://gist.github.com/bitoku/770d63cf49a9a1597090a1988cdcf39c

Recommended Fix

Change the test to use grep /tmp /proc/self/mounts or findmnt /tmp instead of mount | grep /tmp.

Sources

Assisted-by: Claude Code https://claude.com/claude-code

Summary by CodeRabbit

  • Bug Fixes
  • Updated test behavior to avoid truncated output in environments with large mount listings, improving reliability on BusyBox-based systems.
  • Adjusted nested container test setup to use a more stable mount lookup approach.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. ready-for-human-review Indicates a PR has been reviewed by automated tools and is ready for human review verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants