Ubuntu
linux package

[regression] task bcache_register blocked

Bug #1551327 reported by Stefan Bader
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
High
Unassigned
Trusty
Fix Released
High
Kamal Mostafa

Bug Description

On boot with bcache-tools installed and bcache configured.

OK: 3.13.0-78.122
BAD: 3.13.0-80.124
BAD: 3.13.11-031311ckt35.201602161330

[ 492.780491] INFO: task bcache-register:1677 blocked for more than 120 seconds.
[ 492.780648] Not tainted 3.13.11-031311ckt35-generic #201602161330
[ 492.780782] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 492.780943] bcache-register D 0000000000000000 0 1677 1 0x00000004
[ 492.780951] ffff8800882a7d70 0000000000000286 ffff880002cb3000 0000000000013180
[ 492.780960] ffff8800882a7fd8 0000000000013180 ffff880002cb3000 ffffffffa00cd840
[ 492.780970] ffffffffa00cd844 ffff880002cb3000 00000000ffffffff ffffffffa00cd848
[ 492.780980] Call Trace:
[ 492.780994] [<ffffffff8171a1f9>] schedule_preempt_disabled+0x29/0x70
[ 492.781003] [<ffffffff8171c065>] __mutex_lock_slowpath+0x135/0x1b0
[ 492.781015] [<ffffffff8171c0ff>] mutex_lock+0x1f/0x2f
[ 492.781040] [<ffffffffa00bb912>] register_bcache+0x52/0x1350 [bcache]
[ 492.781048] [<ffffffff81721a64>] ? __do_page_fault+0x204/0x560
[ 492.781058] [<ffffffff8117f80e>] ? do_mmap_pgoff+0x34e/0x3d0
[ 492.781067] [<ffffffff8135a9ef>] kobj_attr_store+0xf/0x20
[ 492.781075] [<ffffffff81231f18>] sysfs_write_file+0x128/0x1c0
[ 492.781084] [<ffffffff811bbb54>] vfs_write+0xb4/0x1f0
[ 492.781093] [<ffffffff811bc589>] SyS_write+0x49/0xa0
[ 492.781102] [<ffffffff8172641d>] system_call_fastpath+0x1a/0x1f
[ 612.779211] INFO: task bcache_writebac:532 blocked for more than 120 seconds.
[ 612.779309] Not tainted 3.13.11-031311ckt35-generic #201602161330
[ 612.779384] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 612.779495] bcache_writebac D 0000000000000000 0 532 2 0x00000000
[ 612.779508] ffff8800865d9eb8 0000000000000246 ffff880086608000 0000000000013180
[ 612.779521] ffff8800865d9fd8 0000000000013180 ffff880086608000 ffff880002899440
[ 612.779532] ffff880086790000 ffffffffa00b2840 0000000000000000 0000000000000000
[ 612.779543] Call Trace:
[ 612.779594] [<ffffffffa00b2840>] ? read_dirty+0x400/0x400 [bcache]
[ 612.779611] [<ffffffff81719ce9>] schedule+0x29/0x70
[ 612.779624] [<ffffffff8108a134>] kthread+0xa4/0xe0
[ 612.779633] [<ffffffff8108a090>] ? kthread_create_on_node+0x180/0x180
[ 612.779644] [<ffffffff81726368>] ret_from_fork+0x58/0x90
[ 612.779653] [<ffffffff8108a090>] ? kthread_create_on_node+0x180/0x180

CVE References

Revision history for this message
Kamal Mostafa (kamalmostafa) wrote :

The problem is likely caused by:

[trusty] 5d2f571 bcache: allows use of register in udev to avoid "device_busy" error.
... which introduces a code path that calls mutex_unlock(&bch_register_lock) twice.

Another mainline commit (added in Linux v3.15, but not marked cc: stable) removes one of the unlocks, and is likely the fix we need for trusty and 3.13-stable:

[mainline] 4fa0340 bcache: Fix a lockdep splat in an error path

Revision history for this message
Stefan Bader (smb) wrote :

I built a test kernel with that one additional mainline patch and the lockup is gone.

affects: ubuntu → linux (Ubuntu)
Changed in linux (Ubuntu):
importance: Undecided → High
status: New → Triaged
Revision history for this message
Kamal Mostafa (kamalmostafa) wrote :

Only affects Ubuntu Trusty.

Changed in linux (Ubuntu Trusty):
status: New → In Progress
assignee: nobody → Kamal Mostafa (kamalmostafa)
importance: Undecided → High
Changed in linux (Ubuntu):
status: Triaged → Invalid
Luis Henriques (henrix)
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (14.5 KiB)

This bug was fixed in the package linux - 3.13.0-83.127

---------------
linux (3.13.0-83.127) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1555839

  [ Florian Westphal ]

  * SAUCE: [nf,v2] netfilter: x_tables: don't rely on well-behaving
    userspace
    - LP: #1555338

linux (3.13.0-82.126) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1554732

  [ Upstream Kernel Changes ]

  * Revert "drm/radeon: call hpd_irq_event on resume"
    - LP: #1554608
  * net: generic dev_disable_lro() stacked device handling
    - LP: #1547680

linux (3.13.0-81.125) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1552316

  [ Upstream Kernel Changes ]

  * Revert "firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6"
    - LP: #1551419
  * bcache: Fix a lockdep splat in an error path
    - LP: #1551327

linux (3.13.0-80.124) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1548519

  [ Andy Whitcroft ]

  * [Debian] hv: hv_set_ifconfig -- convert to python3
    - LP: #1506521
  * [Debian] hv: hv_set_ifconfig -- switch to approved indentation
    - LP: #1540586
  * [Debian] hv: hv_set_ifconfig -- fix numerous parameter handling issues
    - LP: #1540586

  [ Dan Streetman ]

  * SAUCE: nbd: ratelimit error msgs after socket close
    - LP: #1505564

  [ Upstream Kernel Changes ]

  * Revert "workqueue: make sure delayed work run in local cpu"
    - LP: #1546320
  * [media] gspca: ov534/topro: prevent a division by 0
    - LP: #1542497
  * [media] media: dvb-core: Don't force CAN_INVERSION_AUTO in oneshot mode
    - LP: #1542497
  * tools lib traceevent: Fix output of %llu for 64 bit values read on 32
    bit machines
    - LP: #1542497
  * KVM: x86: correctly print #AC in traces
    - LP: #1542497
  * drm/radeon: call hpd_irq_event on resume
    - LP: #1542497
  * xhci: refuse loading if nousb is used
    - LP: #1542497
  * arm64: Clear out any singlestep state on a ptrace detach operation
    - LP: #1542497
  * time: Avoid signed overflow in timekeeping_get_ns()
    - LP: #1542497
  * rtlwifi: fix memory leak for USB device
    - LP: #1542497
  * wlcore/wl12xx: spi: fix oops on firmware load
    - LP: #1542497
  * EDAC, mc_sysfs: Fix freeing bus' name
    - LP: #1542497
  * EDAC: Don't try to cancel workqueue when it's never setup
    - LP: #1542497
  * EDAC: Robustify workqueues destruction
    - LP: #1542497
  * powerpc: Make value-returning atomics fully ordered
    - LP: #1542497
  * powerpc: Make {cmp}xchg* and their atomic_ versions fully ordered
    - LP: #1542497
  * dm space map metadata: remove unused variable in brb_pop()
    - LP: #1542497
  * dm thin: fix race condition when destroying thin pool workqueue
    - LP: #1542497
  * futex: Drop refcount if requeue_pi() acquired the rtmutex
    - LP: #1542497
  * drm/radeon: clean up fujitsu quirks
    - LP: #1542497
  * mmc: sdio: Fix invalid vdd in voltage switch power cycle
    - LP: #1542497
  * mmc: sdhci: Fix sdhci_runtime_pm_bus_on/off()
    - LP: #1542497
  * udf: limit the maximum number of indirect extents in a row
    - LP: #1542497
  * nfs: Fix race in __update_open_stateid...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.