** Description changed: + SRU Justification: + + [Impact] + + * Parity page in btrfs raid56 is incorrectly unmapped, allowing to + easily trigger a reference counter bug on i386 causing a kernel panic + + * The fix unmaps the right rbio pages and adds the proper kunmap() call + for the parity page + + [Test Case] + + * create a raid5 btrfs filesystem: + # mkfs.btrfs -m raid5 -d raid5 /dev/sdb /dev/sdc /dev/sdd /dev/sde + + * mount it: + # mount /dev/sdb /mnt + + * run btrfs scrub in a loop: + # while :; do btrfs scrub start -BR /mnt; done + + [Regression Potential] + + * This is an upstream fix, regression potential is minimal. + + [Original bug report] + This issue was not spotted on AMD64 Reproduce rate: 100% The following command is the key to trigger this: - btrfs scrub start -BR $MNT + btrfs scrub start -BR $MNT Steps: # (Install necessary packages) # git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests # TMP=/tmp/tmp MNT=/tmp/mnt # mkdir -p $TMP; mkdir -p $MNT # cd autotest-client-tests/ubuntu_btrfs_kernel_fixes # TMP=/tmp/tmp MNT=/tmp/mnt ./3b080b2564287be91605bfd1d5ee985696e61d3c.sh Trace: - [ 494.357824] ------------[ cut here ]------------ - [ 494.357828] kernel BUG at /build/linux-bnzN1b/linux-4.15.0/mm/highmem.c:350! - [ 494.365079] invalid opcode: 0000 [#1] SMP - [ 494.369205] Modules linked in: cfg80211 intel_powerclamp ipmi_ssif gpio_ich coretemp kvm_intel kvm ipmi_si irqbypass input_leds joydev dcdbas intel_cstate ipmi_devintf sch_fq_codel shpchp i7core_edac lpc_ich ipmi_msghandler acpi_power_meter mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 i2c_algo_bit ttm drm_kms_helper hid_generic syscopyarea sysfillrect usbhid sysimgblt mpt3sas fb_sys_fops drm hid raid_class bnx2 scsi_transport_sas pata_acpi wmi - [ 494.430188] CPU: 2 PID: 2093 Comm: kworker/u16:1 Not tainted 4.15.0-43-generic #46-Ubuntu - [ 494.438618] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012 - [ 494.446494] Workqueue: btrfs-endio-raid56 btrfs_endio_raid56_helper [btrfs] - [ 494.453657] EIP: kunmap_high+0xaa/0xb0 - [ 494.457571] EFLAGS: 00010246 CPU: 2 - [ 494.461229] EAX: 00000115 EBX: fffff000 ECX: 00000001 EDX: 00000000 - [ 494.467840] ESI: 00000004 EDI: 00000004 EBP: f4883e44 ESP: f4883e40 - [ 494.474264] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 - [ 494.479931] CR0: 80050033 CR2: 005885e0 CR3: 0fe16000 CR4: 000006f0 - [ 494.486353] Call Trace: - [ 494.488967] kunmap+0x3e/0x50 - [ 494.492140] finish_parity_scrub+0x24d/0x570 [btrfs] - [ 494.497226] ? update_load_avg+0x64f/0x830 - [ 494.501528] validate_rbio_for_parity_scrub+0xc2/0xd0 [btrfs] - [ 494.507527] raid56_parity_scrub_end_io+0x53/0x70 [btrfs] - [ 494.513058] bio_endio+0xb9/0x110 - [ 494.516574] ? end_workqueue_fn+0x2c/0x40 [btrfs] - [ 494.521435] end_workqueue_fn+0x33/0x40 [btrfs] - [ 494.526139] normal_work_helper+0x7d/0x2f0 [btrfs] - [ 494.531087] btrfs_endio_raid56_helper+0x10/0x20 [btrfs] - [ 494.536621] process_one_work+0x1b9/0x3d0 - [ 494.540799] worker_thread+0x37/0x420 - [ 494.544628] kthread+0xf0/0x110 - [ 494.547931] ? process_one_work+0x3d0/0x3d0 - [ 494.552282] ? kthread_create_worker_on_cpu+0x20/0x20 - [ 494.557488] ? kthread_create_worker_on_cpu+0x20/0x20 - [ 494.562701] ret_from_fork+0x2e/0x38 - [ 494.566441] Code: 2d ee ff 58 8b 5d fc c9 c3 90 8d b4 26 00 00 00 00 a1 80 d1 c4 cf 31 c9 3d 80 d1 c4 cf 0f 95 c1 eb bc 8d b4 26 00 00 00 00 0f 0b <0f> 0b 8d 74 26 00 66 66 66 66 90 55 89 e5 56 53 31 db e8 1f ef - [ 494.585751] EIP: kunmap_high+0xaa/0xb0 SS:ESP: 0068:f4883e40 - [ 494.591688] ---[ end trace 5e6d708abb85eeba ]--- + [ 494.357824] ------------[ cut here ]------------ + [ 494.357828] kernel BUG at /build/linux-bnzN1b/linux-4.15.0/mm/highmem.c:350! + [ 494.365079] invalid opcode: 0000 [#1] SMP + [ 494.369205] Modules linked in: cfg80211 intel_powerclamp ipmi_ssif gpio_ich coretemp kvm_intel kvm ipmi_si irqbypass input_leds joydev dcdbas intel_cstate ipmi_devintf sch_fq_codel shpchp i7core_edac lpc_ich ipmi_msghandler acpi_power_meter mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 i2c_algo_bit ttm drm_kms_helper hid_generic syscopyarea sysfillrect usbhid sysimgblt mpt3sas fb_sys_fops drm hid raid_class bnx2 scsi_transport_sas pata_acpi wmi + [ 494.430188] CPU: 2 PID: 2093 Comm: kworker/u16:1 Not tainted 4.15.0-43-generic #46-Ubuntu + [ 494.438618] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012 + [ 494.446494] Workqueue: btrfs-endio-raid56 btrfs_endio_raid56_helper [btrfs] + [ 494.453657] EIP: kunmap_high+0xaa/0xb0 + [ 494.457571] EFLAGS: 00010246 CPU: 2 + [ 494.461229] EAX: 00000115 EBX: fffff000 ECX: 00000001 EDX: 00000000 + [ 494.467840] ESI: 00000004 EDI: 00000004 EBP: f4883e44 ESP: f4883e40 + [ 494.474264] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 + [ 494.479931] CR0: 80050033 CR2: 005885e0 CR3: 0fe16000 CR4: 000006f0 + [ 494.486353] Call Trace: + [ 494.488967] kunmap+0x3e/0x50 + [ 494.492140] finish_parity_scrub+0x24d/0x570 [btrfs] + [ 494.497226] ? update_load_avg+0x64f/0x830 + [ 494.501528] validate_rbio_for_parity_scrub+0xc2/0xd0 [btrfs] + [ 494.507527] raid56_parity_scrub_end_io+0x53/0x70 [btrfs] + [ 494.513058] bio_endio+0xb9/0x110 + [ 494.516574] ? end_workqueue_fn+0x2c/0x40 [btrfs] + [ 494.521435] end_workqueue_fn+0x33/0x40 [btrfs] + [ 494.526139] normal_work_helper+0x7d/0x2f0 [btrfs] + [ 494.531087] btrfs_endio_raid56_helper+0x10/0x20 [btrfs] + [ 494.536621] process_one_work+0x1b9/0x3d0 + [ 494.540799] worker_thread+0x37/0x420 + [ 494.544628] kthread+0xf0/0x110 + [ 494.547931] ? process_one_work+0x3d0/0x3d0 + [ 494.552282] ? kthread_create_worker_on_cpu+0x20/0x20 + [ 494.557488] ? kthread_create_worker_on_cpu+0x20/0x20 + [ 494.562701] ret_from_fork+0x2e/0x38 + [ 494.566441] Code: 2d ee ff 58 8b 5d fc c9 c3 90 8d b4 26 00 00 00 00 a1 80 d1 c4 cf 31 c9 3d 80 d1 c4 cf 0f 95 c1 eb bc 8d b4 26 00 00 00 00 0f 0b <0f> 0b 8d 74 26 00 66 66 66 66 90 55 89 e5 56 53 31 db e8 1f ef + [ 494.585751] EIP: kunmap_high+0xaa/0xb0 SS:ESP: 0068:f4883e40 + [ 494.591688] ---[ end trace 5e6d708abb85eeba ]--- Follow up with CPU soft lockup. Please find the attachment for the complete log. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-43-generic 4.15.0-43.46 ProcVersionSignature: User Name 4.15.0-43.46-generic 4.15.18 Uname: Linux 4.15.0-43-generic i686 AlsaDevices: - total 0 - crw-rw---- 1 root audio 116, 1 Jan 22 11:54 seq - crw-rw---- 1 root audio 116, 33 Jan 22 11:54 timer + total 0 + crw-rw---- 1 root audio 116, 1 Jan 22 11:54 seq + crw-rw---- 1 root audio 116, 33 Jan 22 11:54 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay' ApportVersion: 2.20.9-0ubuntu7.5 Architecture: i386 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: Date: Tue Jan 22 11:54:49 2019 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' MachineType: Dell Inc. PowerEdge R310 PciMultimedia: - + ProcFB: 0 mgadrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-43-generic root=UUID=6aaa11f6-d386-4c0c-b4b8-38e6c408980a ro console=ttyS0,115200n8 RelatedPackageVersions: - linux-restricted-modules-4.15.0-43-generic N/A - linux-backports-modules-4.15.0-43-generic N/A - linux-firmware 1.173.3 + linux-restricted-modules-4.15.0-43-generic N/A + linux-backports-modules-4.15.0-43-generic N/A + linux-firmware 1.173.3 RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 09/18/2012 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.11.0 dmi.board.name: 05XKKK dmi.board.vendor: Dell Inc. dmi.board.version: A05 dmi.chassis.type: 23 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.11.0:bd09/18/2012:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr: dmi.product.name: PowerEdge R310 dmi.sys.vendor: Dell Inc.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812845 Title: 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes triggers system hang on i386 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812845/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
