2019-04-01 12:10:30 |
Po-Hsu Lin |
bug |
|
|
added bug |
2019-04-01 12:10:44 |
Po-Hsu Lin |
nominated for series |
|
Ubuntu Xenial |
|
2019-04-01 12:10:44 |
Po-Hsu Lin |
bug task added |
|
linux (Ubuntu Xenial) |
|
2019-04-01 12:13:01 |
Po-Hsu Lin |
bug task added |
|
ubuntu-kernel-tests |
|
2019-04-01 12:30:08 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Confirmed |
|
2019-04-01 12:30:10 |
Ubuntu Kernel Bot |
linux (Ubuntu Xenial): status |
New |
Confirmed |
|
2019-04-03 11:55:38 |
Andrea Righi |
ubuntu-kernel-tests: assignee |
|
Andrea Righi (arighi) |
|
2019-04-03 11:55:45 |
Andrea Righi |
ubuntu-kernel-tests: assignee |
Andrea Righi (arighi) |
|
|
2019-04-03 11:55:58 |
Andrea Righi |
linux (Ubuntu Xenial): assignee |
|
Andrea Righi (arighi) |
|
2019-04-03 12:13:13 |
Andrea Righi |
attachment added |
|
btrfs-fallocate-test.sh https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1822579/+attachment/5252459/+files/btrfs-fallocate-test.sh |
|
2019-04-03 12:28:32 |
Andrea Righi |
description |
If one issues a rmmod (or modprobe -r) command after a failed fallocate attempt, it will cause error with call trace:
=============================================================================
BUG btrfs_extent_map (Not tainted): Objects remaining in btrfs_extent_map on kmem_cache_close()
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: Slab 0xf7526fb0 objects=34 used=1 fp=0xf43fef78 flags=0x2800080
CPU: 1 PID: 1608 Comm: rmmod Tainted: G B 4.4.0-143-generic #169-Ubuntu
Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012
c1b0d967 35a7d73c 00000286 f4ed9ddc c13c034f f7526fb0 f4ed9dfc f4ed9e70
c11ccc42 c1a164b0 f7526fb0 00000022 00000001 f43fef78 02800080 656a624f
20737463 616d6572 6e696e69 6e692067 72746220 655f7366 6e657478 616d5f74
Call Trace:
[<c13c034f>] dump_stack+0x58/0x79
[<c11ccc42>] slab_err+0x82/0xa0
[<c11d090d>] ? __kmalloc+0x22d/0x240
[<c11ce550>] ? __free_slab+0xa0/0x130
[<c11d0ba9>] ? free_partial+0xa9/0x1b0
[<c11d0ba9>] ? free_partial+0xa9/0x1b0
[<c11d0bce>] free_partial+0xce/0x1b0
[<c11cf350>] ? __flush_cpu_slab+0x40/0x40
[<c11d24e2>] __kmem_cache_shutdown+0x42/0x80
[<c119e5e2>] kmem_cache_destroy+0x162/0x1e0
[<f8dc0ac6>] extent_map_exit+0x16/0x20 [btrfs]
[<f8e2ee20>] exit_btrfs_fs+0x26/0x206 [btrfs]
[<c10fd19f>] SyS_delete_module+0x1af/0x200
[<c11edbad>] ? ____fput+0xd/0x10
[<c109062f>] ? task_work_run+0x8f/0xa0
[<c10031f6>] ? exit_to_usermode_loop+0xb6/0xe0
[<c10038af>] do_fast_syscall_32+0x9f/0x160
[<c17e63f0>] sysenter_past_esp+0x3d/0x61
INFO: Object 0xf43fe078 @offset=120
kmem_cache_destroy btrfs_extent_map: Slab cache still has objects
CPU: 1 PID: 1608 Comm: rmmod Tainted: G B 4.4.0-143-generic #169-Ubuntu
Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012
c1b0d967 35a7d73c 00000286 f4ed9ed4 c13c034f ef34f600 ef34f674 f4ed9f0c
c119e630 c1a14d18 f55f3220 f4ed9f04 000d96ab f4ed9eec f4ed9eec f4ed9ef4
f4ed9ef4 35a7d73c 022ffd44 f8e46880 f4ed8000 f4ed9f14 f8dc0ac6 f4ed9f1c
Call Trace:
[<c13c034f>] dump_stack+0x58/0x79
[<c119e630>] kmem_cache_destroy+0x1b0/0x1e0
[<f8dc0ac6>] extent_map_exit+0x16/0x20 [btrfs]
[<f8e2ee20>] exit_btrfs_fs+0x26/0x206 [btrfs]
[<c10fd19f>] SyS_delete_module+0x1af/0x200
[<c11edbad>] ? ____fput+0xd/0x10
[<c109062f>] ? task_work_run+0x8f/0xa0
[<c10031f6>] ? exit_to_usermode_loop+0xb6/0xe0
[<c10038af>] do_fast_syscall_32+0x9f/0x160
[<c17e63f0>] sysenter_past_esp+0x3d/0x61
Steps to reproduce this:
TMP=/tmp
MNT=/tmp/mnt
mkdir $MNT
TMPIMG0=$TMP/test0.img
DEV0=`losetup -f`
truncate --size 512M $TMPIMG0
losetup $DEV0 $TMPIMG0
mkfs.btrfs -f $DEV0 >& /dev/null
mount $DEV0 $MNT
btrfs quota enable $MNT
btrfs sub create $MNT/subv
btrfs qgroup limit 10M $MNT/subv
fallocate --length 20M $MNT/subv/data
rmmod btrfs
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-143-generic 4.4.0-143.169
ProcVersionSignature: User Name 4.4.0-143.169-generic 4.4.170
Uname: Linux 4.4.0-143-generic i686
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Apr 1 11:43 seq
crw-rw---- 1 root audio 116, 33 Apr 1 11:43 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: i386
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
Date: Mon Apr 1 11:55:56 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
MachineType: Dell Inc. PowerEdge R310
PciMultimedia:
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-143-generic root=UUID=6aaa11f6-d386-4c0c-b4b8-38e6c408980a ro
RelatedPackageVersions:
linux-restricted-modules-4.4.0-143-generic N/A
linux-backports-modules-4.4.0-143-generic N/A
linux-firmware 1.157.21
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/18/2012
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.11.0
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.11.0:bd09/18/2012:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc. |
SRU Justification:
[Impact]
* If fallocate() is failing on a btrfs subvolume when its qgroup quota limit exceeded, a previously allocated extent map isn't correctly released, causing a memory leak from the pool btrfs_extent_map.
* Fix by correctly deallocating the object in case of failure
[Test Case]
* https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1822579/+attachment/5252459/+files/btrfs-fallocate-test.sh
[Fix]
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be2d253cc98244765323a7c94cc1ac5cd5a17072
Fix the memory leak by adding the proper free_extent_map() call to the failure path.
[Regression Potential]
* This is an upstream fix, tested on the affected platform. The patch is really small, backport changes are minimal. All the other Ubuntu releases are including this fix already.
[Original bug report]
If one issues a rmmod (or modprobe -r) command after a failed fallocate attempt, it will cause error with call trace:
=============================================================================
BUG btrfs_extent_map (Not tainted): Objects remaining in btrfs_extent_map on kmem_cache_close()
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: Slab 0xf7526fb0 objects=34 used=1 fp=0xf43fef78 flags=0x2800080
CPU: 1 PID: 1608 Comm: rmmod Tainted: G B 4.4.0-143-generic #169-Ubuntu
Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012
c1b0d967 35a7d73c 00000286 f4ed9ddc c13c034f f7526fb0 f4ed9dfc f4ed9e70
c11ccc42 c1a164b0 f7526fb0 00000022 00000001 f43fef78 02800080 656a624f
20737463 616d6572 6e696e69 6e692067 72746220 655f7366 6e657478 616d5f74
Call Trace:
[<c13c034f>] dump_stack+0x58/0x79
[<c11ccc42>] slab_err+0x82/0xa0
[<c11d090d>] ? __kmalloc+0x22d/0x240
[<c11ce550>] ? __free_slab+0xa0/0x130
[<c11d0ba9>] ? free_partial+0xa9/0x1b0
[<c11d0ba9>] ? free_partial+0xa9/0x1b0
[<c11d0bce>] free_partial+0xce/0x1b0
[<c11cf350>] ? __flush_cpu_slab+0x40/0x40
[<c11d24e2>] __kmem_cache_shutdown+0x42/0x80
[<c119e5e2>] kmem_cache_destroy+0x162/0x1e0
[<f8dc0ac6>] extent_map_exit+0x16/0x20 [btrfs]
[<f8e2ee20>] exit_btrfs_fs+0x26/0x206 [btrfs]
[<c10fd19f>] SyS_delete_module+0x1af/0x200
[<c11edbad>] ? ____fput+0xd/0x10
[<c109062f>] ? task_work_run+0x8f/0xa0
[<c10031f6>] ? exit_to_usermode_loop+0xb6/0xe0
[<c10038af>] do_fast_syscall_32+0x9f/0x160
[<c17e63f0>] sysenter_past_esp+0x3d/0x61
INFO: Object 0xf43fe078 @offset=120
kmem_cache_destroy btrfs_extent_map: Slab cache still has objects
CPU: 1 PID: 1608 Comm: rmmod Tainted: G B 4.4.0-143-generic #169-Ubuntu
Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.11.0 09/18/2012
c1b0d967 35a7d73c 00000286 f4ed9ed4 c13c034f ef34f600 ef34f674 f4ed9f0c
c119e630 c1a14d18 f55f3220 f4ed9f04 000d96ab f4ed9eec f4ed9eec f4ed9ef4
f4ed9ef4 35a7d73c 022ffd44 f8e46880 f4ed8000 f4ed9f14 f8dc0ac6 f4ed9f1c
Call Trace:
[<c13c034f>] dump_stack+0x58/0x79
[<c119e630>] kmem_cache_destroy+0x1b0/0x1e0
[<f8dc0ac6>] extent_map_exit+0x16/0x20 [btrfs]
[<f8e2ee20>] exit_btrfs_fs+0x26/0x206 [btrfs]
[<c10fd19f>] SyS_delete_module+0x1af/0x200
[<c11edbad>] ? ____fput+0xd/0x10
[<c109062f>] ? task_work_run+0x8f/0xa0
[<c10031f6>] ? exit_to_usermode_loop+0xb6/0xe0
[<c10038af>] do_fast_syscall_32+0x9f/0x160
[<c17e63f0>] sysenter_past_esp+0x3d/0x61
Steps to reproduce this:
TMP=/tmp
MNT=/tmp/mnt
mkdir $MNT
TMPIMG0=$TMP/test0.img
DEV0=`losetup -f`
truncate --size 512M $TMPIMG0
losetup $DEV0 $TMPIMG0
mkfs.btrfs -f $DEV0 >& /dev/null
mount $DEV0 $MNT
btrfs quota enable $MNT
btrfs sub create $MNT/subv
btrfs qgroup limit 10M $MNT/subv
fallocate --length 20M $MNT/subv/data
rmmod btrfs
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-143-generic 4.4.0-143.169
ProcVersionSignature: User Name 4.4.0-143.169-generic 4.4.170
Uname: Linux 4.4.0-143-generic i686
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Apr 1 11:43 seq
crw-rw---- 1 root audio 116, 33 Apr 1 11:43 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: i386
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
Date: Mon Apr 1 11:55:56 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
MachineType: Dell Inc. PowerEdge R310
PciMultimedia:
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-143-generic root=UUID=6aaa11f6-d386-4c0c-b4b8-38e6c408980a ro
RelatedPackageVersions:
linux-restricted-modules-4.4.0-143-generic N/A
linux-backports-modules-4.4.0-143-generic N/A
linux-firmware 1.157.21
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/18/2012
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.11.0
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.11.0:bd09/18/2012:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc. |
|
2019-04-03 12:29:04 |
Andrea Righi |
tags |
apport-bug i386 uec-images xenial |
apport-bug i386 patch uec-images xenial |
|
2019-04-04 23:25:43 |
Terry Rudd |
bug |
|
|
added subscriber Terry Rudd |
2019-04-15 03:49:08 |
Khaled El Mously |
linux (Ubuntu Xenial): status |
Confirmed |
Fix Committed |
|
2019-04-26 14:31:47 |
Ubuntu Kernel Bot |
tags |
apport-bug i386 patch uec-images xenial |
apport-bug i386 patch uec-images verification-needed-xenial xenial |
|
2019-04-29 10:26:53 |
Andrea Righi |
tags |
apport-bug i386 patch uec-images verification-needed-xenial xenial |
apport-bug i386 patch uec-images verification-done-xenial xenial |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2017-5715 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2017-5753 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2017-5754 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2018-12126 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2018-12127 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2018-12130 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2018-3620 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2018-3639 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2018-3646 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2019-3874 |
|
2019-05-14 19:08:52 |
Launchpad Janitor |
cve linked |
|
2019-3882 |
|
2019-09-16 15:05:49 |
Po-Hsu Lin |
ubuntu-kernel-tests: status |
New |
Fix Released |
|
2019-09-16 15:07:12 |
Po-Hsu Lin |
linux (Ubuntu): status |
Confirmed |
Fix Released |
|