[SRU][ZESTY]kernel BUG at /build/linux-H5UzH8/linux-4.10.0/drivers/nvme/host/pci.c:567!

Bug #1709073 reported by Fabian Grünbichler
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Zesty
Undecided
Unassigned

Bug Description

SRU Justification:

Impact: reliably reproducible kernel BUG_ON leading to complete system hang
Fix: cherry-pick upstream followup commit
Testcase: mkfs.btrfs on Samsung SM/PM961 no longer triggers the BUG_ON

Detailed description:

the fix for http://bugs.launchpad.net/bugs/1657539 which cherry-picked

729204ef49ec00b788ce23deb9eb922a5769f55d block: relax check on sg gap

is missing a follow-up fix commit

5a8d75a1b8c99bdc926ba69b7b7dbe4fae81a5af block: fix bio_will_gap() for first bvec with offset

without, the following BUG_ON is triggered using a mkfs.btrfs /dev/nvme0n1 on a Samsung SM961/PM961 M.2 device:

Aug 07 09:19:09 ubuntu kernel: kernel BUG at /build/linux-H5UzH8/linux-4.10.0/drivers/nvme/host/pci.c:567!
Aug 07 09:19:09 ubuntu kernel: invalid opcode: 0000 [#1] SMP
Aug 07 09:19:09 ubuntu kernel: Modules linked in: nls_iso8859_1 ppdev snd_hda_intel snd_hda_codec snd_hda_core joydev snd_hwdep snd_pcm snd_ti
Aug 07 09:19:09 ubuntu kernel: CPU: 0 PID: 2071 Comm: mkfs.btrfs Not tainted 4.10.0-30-generic #34-Ubuntu
Aug 07 09:19:09 ubuntu kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Aug 07 09:19:09 ubuntu kernel: task: ffff8e537417bfc0 task.stack: ffffb580c1698000
Aug 07 09:19:09 ubuntu kernel: RIP: 0010:nvme_queue_rq+0x746/0x8e0 [nvme]
Aug 07 09:19:09 ubuntu kernel: RSP: 0018:ffffb580c169b950 EFLAGS: 00010286
Aug 07 09:19:09 ubuntu kernel: RAX: 0000000000000078 RBX: 00000000fffffa00 RCX: 0000000000001000
Aug 07 09:19:09 ubuntu kernel: RDX: 0000000000000010 RSI: 0000000000000200 RDI: 0000000000000246
Aug 07 09:19:09 ubuntu kernel: RBP: ffffb580c169ba28 R08: ffff8e53733cb000 R09: 000000000000fa00
Aug 07 09:19:09 ubuntu kernel: R10: 0000000000001000 R11: ffff8e53733d0000 R12: 0000000273a8a000
Aug 07 09:19:09 ubuntu kernel: R13: 000000000002fc00 R14: ffff8e53733cb000 R15: 0000000000000200
Aug 07 09:19:09 ubuntu kernel: FS: 00007f92511ba080(0000) GS:ffff8e537fc00000(0000) knlGS:0000000000000000
Aug 07 09:19:09 ubuntu kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Aug 07 09:19:09 ubuntu kernel: CR2: 00007ffeecdc9000 CR3: 0000000274323000 CR4: 00000000000006f0
Aug 07 09:19:09 ubuntu kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Aug 07 09:19:09 ubuntu kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Aug 07 09:19:09 ubuntu kernel: Call Trace:
Aug 07 09:19:09 ubuntu kernel: blk_mq_try_issue_directly+0x7e/0x100
Aug 07 09:19:09 ubuntu kernel: blk_mq_make_request+0x3cf/0x4e0
Aug 07 09:19:09 ubuntu kernel: generic_make_request+0x110/0x2d0
Aug 07 09:19:09 ubuntu kernel: submit_bio+0x73/0x150
Aug 07 09:19:09 ubuntu kernel: ? __percpu_counter_add+0x4f/0x60
Aug 07 09:19:09 ubuntu kernel: submit_bh_wbc+0x152/0x180
Aug 07 09:19:09 ubuntu kernel: __block_write_full_page+0x176/0x360
Aug 07 09:19:09 ubuntu kernel: ? I_BDEV+0x20/0x20
Aug 07 09:19:09 ubuntu kernel: ? I_BDEV+0x20/0x20
Aug 07 09:19:09 ubuntu kernel: block_write_full_page+0x13b/0x160
Aug 07 09:19:09 ubuntu kernel: blkdev_writepage+0x18/0x20
Aug 07 09:19:09 ubuntu kernel: __writepage+0x13/0x30
Aug 07 09:19:09 ubuntu kernel: write_cache_pages+0x205/0x530
Aug 07 09:19:09 ubuntu kernel: ? wb_position_ratio+0x1f0/0x1f0
Aug 07 09:19:09 ubuntu kernel: generic_writepages+0x56/0x90
Aug 07 09:19:09 ubuntu kernel: blkdev_writepages+0x2f/0x40
Aug 07 09:19:09 ubuntu kernel: do_writepages+0x1e/0x30
Aug 07 09:19:09 ubuntu kernel: __filemap_fdatawrite_range+0xc6/0x100
Aug 07 09:19:09 ubuntu kernel: SyS_fadvise64+0x25e/0x290
Aug 07 09:19:09 ubuntu kernel: entry_SYSCALL_64_fastpath+0x1e/0xad
Aug 07 09:19:09 ubuntu kernel: RIP: 0033:0x7f925066debd
Aug 07 09:19:09 ubuntu kernel: RSP: 002b:00007ffeecd46a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
Aug 07 09:19:09 ubuntu kernel: RAX: ffffffffffffffda RBX: 00007ffeecd45a30 RCX: 00007f925066debd
Aug 07 09:19:09 ubuntu kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
Aug 07 09:19:09 ubuntu kernel: RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000001001
Aug 07 09:19:09 ubuntu kernel: R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000010
Aug 07 09:19:09 ubuntu kernel: R13: 00007ffeecd45a40 R14: 0000000000000004 R15: 0000000000000000
Aug 07 09:19:09 ubuntu kernel: Code: f1 61 26 d5 8b 95 48 ff ff ff 48 89 85 60 ff ff ff 4c 8b 50 10 44 8b 48 18 8b 8d 50 ff ff ff 44 8b 9d 58
Aug 07 09:19:09 ubuntu kernel: RIP: nvme_queue_rq+0x746/0x8e0 [nvme] RSP: ffffb580c169b950

LKML reference: https://lkml.org/lkml/2017/4/13/105

CVE References

tags: added: zesty
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1709073

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Fabian Grünbichler (f-gruenbichler) wrote :

apport-collect does not work after triggering the issue, and I have included the relevant kernel traces anyway. => confirmed

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Changed in linux (Ubuntu Zesty):
status: New → Fix Committed
Revision history for this message
Kleber Sacilotto de Souza (kleber-souza) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-zesty' to 'verification-done-zesty'. If the problem still exists, change the tag 'verification-needed-zesty' to 'verification-failed-zesty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-zesty
Revision history for this message
Fabian Grünbichler (f-gruenbichler) wrote :

no longer have the test hardware to verify the kernel in -proposed, but I did verify that the commit in question fixes the problem (hence my report ;)).

tags: added: verification-done-zesty
removed: verification-needed-zesty
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package linux - 4.10.0-35.39

---------------
linux (4.10.0-35.39) zesty; urgency=low

  * linux: 4.10.0-35.39 -proposed tracker (LP: #1716606)

  * kernel panic -not syncing: Fatal exception: panic_on_oops (LP: #1708399)
    - SAUCE: s390/mm: fix local TLB flushing vs. detach of an mm address space
    - SAUCE: s390/mm: fix race on mm->context.flush_mm

  * CVE-2017-1000251
    - Bluetooth: Properly check L2CAP config option output buffer length

linux (4.10.0-34.38) zesty; urgency=low

  * linux: 4.10.0-34.38 -proposed tracker (LP: #1713470)

  * Ubuntu 16.04.03: perf tool does not count pm_run_inst_cmpl with rcode on
    POWER9 DD2.0 (LP: #1709964)
    - powerpc/perf: Fix Power9 test_adder fields

  * HID: multitouch: Support ALPS PTP Stick and Touchpad devices (LP: #1712481)
    - HID: multitouch: Support PTP Stick and Touchpad device
    - SAUCE: HID: multitouch: Support ALPS PTP stick with pid 0x120A

  * igb: Support using Broadcom 54616 as PHY (LP: #1712024)
    - SAUCE: igb: add support for using Broadcom 54616 as PHY

  * RPT related fixes missing in Ubuntu 16.04.3 (LP: #1709220)
    - powerpc/mm/radix: Optimise tlbiel flush all case
    - powerpc/mm/radix: Improve _tlbiel_pid to be usable for PWC flushes
    - powerpc/mm/radix: Improve TLB/PWC flushes
    - powerpc/mm/radix: Avoid flushing the PWC on every flush_tlb_range

  * AMD RV platforms with SNPS 3.1 USB controller stop responding (S3 issue)
    (LP: #1711098)
    - usb: xhci: Issue stop EP command only when the EP state is running

  * dma-buf: performance issue when looking up the fence status (LP: #1711096)
    - dma-buf: avoid scheduling on fence status query v2

  * IPR driver causes multipath to fail paths/stuck IO on Medium Errors
    (LP: #1682644)
    - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION

  * Disable CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE (LP: #1709171)
    - [Config] CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=n for ppc64el

  * memory-hotplug test needs to be fixed (LP: #1710868)
    - selftests: typo correction for memory-hotplug test
    - selftests: check hot-pluggagble memory for memory-hotplug test
    - selftests: check percentage range for memory-hotplug test
    - selftests: add missing test name in memory-hotplug test
    - selftests: fix memory-hotplug test

  * Ubuntu 16.04.3: Qemu fails on P9 (LP: #1686019)
    - KVM: PPC: Pass kvm* to kvmppc_find_table()
    - KVM: PPC: Use preregistered memory API to access TCE list
    - KVM: PPC: VFIO: Add in-kernel acceleration for VFIO
    - powerpc/powernv/iommu: Add real mode version of iommu_table_ops::exchange()
    - powerpc/powernv/ioda2: Update iommu table base on ownership change
    - powerpc/iommu/vfio_spapr_tce: Cleanup iommu_table disposal
    - powerpc/vfio_spapr_tce: Add reference counting to iommu_table
    - powerpc/mmu: Add real mode support for IOMMU preregistered memory
    - KVM: PPC: Reserve KVM_CAP_SPAPR_TCE_VFIO capability number
    - KVM: PPC: Book3S HV: Add radix checks in real-mode hypercall handlers

  * [SRU][Zesty] [QDF2400] pl011 E44 erratum patch needed for 2.0 firmware and
    1.1 silicon (LP: #1709123)
    - tty: pl011: fix initialization or...

Read more...

Changed in linux (Ubuntu Zesty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers