4.15 s390x kernel BUG at /build/linux-Gycr4Z/linux-4.15.0/drivers/block/virtio_blk.c:565!

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1788432

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Maybe related to: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/s390x/l/linux/20180822_104342_a8a5e@/log.gz

FYI, I've added easier detection of which sysfs file is causing this with commit: http://kernel.ubuntu.com/git/cking/stress-ng.git/commit/?id=690b6392645219702f410318a3c99bee7c4f192b

I think this is a race in ccw_io_helper(). The stress-ng sysfs stressor is running multiple threaded reads of /sys/devices/css0/0.0.0000/0.0.0000/virtio0/block/vda/cache_type which results in reads via virtio_cread8() and ultimately reads using virtio_ccw_get_config()

I added debug into virtio_cread8 and it returns 1 99% of the time, and sometimes in a threaded read we get it returning garbage, such as 200 in the following trace:

[ 39.767777] virtio_cread8 32 -> 1
[ 39.767933] virtio_cread8 32 -> 1
[ 39.787712] virtio_cread8 32 -> 200
[ 39.787810] kernel BUG at drivers/block/virtio_blk.c:576!

------- Comment From <email address hidden> 2018-08-30 06:23 EDT-------
Colin King,

it might also be a QEMU issue. Is there a chance to try a 16.04 host instead of an 18.04 host?

------- Comment From <email address hidden> 2018-08-30 08:06 EDT-------
I've tried to reproduce the issue but failed miserably. I installed a fresh Ubuntu 18.04.1 made a cqow image essentially copying the filesystem for the guest. That means I was running the 4.15.0-29-generic kernel (reported as affected) both as host and guest. After an hour of running with 50
hogs (as root) I hit OOM but not the reported bug:

# uname -r
4.15.0-29-generic
# ~/git/stress-ng/stress-ng --sysfs 50 -t 5h
stress-ng: info: [1148] dispatching hogs: 50 sysfs
[ 3993.143284] Out of memory: Kill process 587 (networkd-dispat) score 3 or sacrifice child
[ 3993.143295] Killed process 587 (networkd-dispat) total-vm:99944kB, anon-rss:7792kB, file-rss:2512kB, shmem-rss:0kB
[ 4012.251714] Out of memory: Kill process 619 (libvirtd) score 3 or sacrifice child
[ 4012.251742] Killed process 619 (libvirtd) total-vm:1349072kB, anon-rss:6980kB, file-rss:2728kB, shmem-rss:0kB

Can you provide some more information about your setup (e.g. qemu version, domain xml or qemu command line, etc.)?

Host information:

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial

uname -a
Linux s2lp5 4.4.0-130-generic #156-Ubuntu SMP Thu Jun 14 09:18:59 UTC 2018 s390x s390x s390x GNU/Linux

qemu: 2.5+dfsg-5ubuntu10.30

this was created using uvt:

#!/bin/bash
#
# Quick and dirty script to create temporary guests which are reachable
# from the kernel VPN via uvt-kvm. After creation one has to login once
# via "virsh console <vm-name>" to figure out the ip address. :/

BASEDIR=$(dirname $0)

if [ "$1" = "" ]; then
 echo "$(basename $0) <vm-name>"
 exit 1
fi
VMNAME="$1"
shift
uvt-kvm create --cpu 2 --memory 2048 --disk 20 --password ubuntu \
 --template $BASEDIR/uvt-template.xml $VMNAME arch=s390x "$@"

uvt-template.xml:

<domain type="kvm">
    <os>
        <type arch="s390x" machine="s390-ccw-virtio">hvm</type>
    </os>
    <iothreads>1</iothreads>
    <on_poweroff>destroy</on_poweroff>
    <on_reboot>restart</on_reboot>
    <on_crash>preserve</on_crash>
    <devices>
        <emulator>/usr/bin/qemu-system-s390x</emulator>
        <interface type="direct">
            <source dev="encc000.2719" mode="bridge"/>
            <model type="virtio"/>
        </interface>
        <console type="pty">
            <target type="sclp"/>
        </console>
    </devices>
</domain>

Hope that's enough info

------- Comment From <email address hidden> 2018-08-30 11:27 EDT-------
Ah ok. So you run an 18.04 guest under an 16.04 host?
Does the problem goes away with a newer QEMU? (e.g. from the cloud archive)

------- Comment From <email address hidden> 2018-08-31 05:28 EDT-------
Colin, thanks for the input. Based on Christians realization, that your hypervisor may have been 16.4 all along, and on the qemu version you stated, I managed to reproduce the bug with upstream tag v2.5.0. From there I bisected to commit e32652f7594 "virtio-ccw: respond to READ_STATUS command" (which seems to fix the problem). I still have to figure out the whys tough.

Anyway, you should stop seeing the bug with QEMU 2.8 (or more recent).

Cheers,
Halil

OK, thanks for the info so far, apologies for being slow to get back to you.

------- Comment From <email address hidden> 2018-12-03 10:18 EDT-------
Fixes available on the relevant Linux mailing lists. Connie posted a pull request https://www.spinics.net/lists/kvm/msg175437.html some two months ago, and pinged Michael last week. Hope the fixes will find their way into the mainline kernel soon.

Looks like this got pulled into mainline:

$ git describe 2448a299ec416a80f699940a86f4a6d9a4f643b1
v4.20-rc5-2-g2448a299ec41

$ git describe 78b1a52e05c9db11d293342e8d6d8a230a04b4e7
v4.20-rc5-3-g78b1a52e05c9

Should we request kernel team to pull these into ubuntu SRUs trees? or have these been alredy been CC'ed for stable trees and are part of point releases anyway?

------- Comment From <email address hidden> 2019-02-12 13:23 EDT-------
(In reply to comment #22)
> Looks like this got pulled into mainline:
>
> $ git describe 2448a299ec416a80f699940a86f4a6d9a4f643b1
> v4.20-rc5-2-g2448a299ec41
>
> $ git describe 78b1a52e05c9db11d293342e8d6d8a230a04b4e7
> v4.20-rc5-3-g78b1a52e05c9
>
> Should we request kernel team to pull these into ubuntu SRUs trees? or have
> these been alredy been CC'ed for stable trees and are part of point releases
> anyway?

Yep, CC stable is in place. E.g.: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=linux-4.4.y&qt=author&q=Pasic

Just to confirm that 2448a299ec416a80f699940a86f4a6d9a4f643b1 and 78b1a52e05c9db11d293342e8d6d8a230a04b4e7 are in the Ubuntu 5.0 kernel since Ubuntu-5.0.0-0.1

Just double checked and can confirm that the commits "virtio/s390: avoid race on vcdev->config" and "virtio/s390: fix race in ccw_io_helper()" landed in disco-proposed kernel "Ubuntu-5.0.0-7.8" (as "2448a29" and "78b1a52").
Hence changing disco entry to Fix Committed.

Just checked and Disco 5.0.0-7.8 is now released.

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Successfully verified on cosmic:

ubuntu@hwe0002:~/stress-ng$ apt-cache policy linux-generic
linux-generic:
  Installed: 4.18.0.18.19
  Candidate: 4.18.0.18.19
  Version table:
 *** 4.18.0.18.19 500
        500 http://us.ports.ubuntu.com/ubuntu-ports cosmic-proposed/main s390x Packages
        100 /var/lib/dpkg/status
     4.18.0.17.18 500
        500 http://us.ports.ubuntu.com/ubuntu-ports cosmic-updates/main s390x Packages
        500 http://ports.ubuntu.com/ubuntu-ports cosmic-security/main s390x Packages
     4.18.0.10.11 500
        500 http://us.ports.ubuntu.com/ubuntu-ports cosmic/main s390x Packages
ubuntu@hwe0002:~/stress-ng$ uname -r
4.18.0-18-generic
ubuntu@hwe0002:~/stress-ng$ ./stress-ng --sysfs 0 -t 60
stress-ng: info: [11889] dispatching hogs: 4 sysfs
stress-ng: info: [11889] successful run completed in 60.00s (1 min, 0.00 secs)
ubuntu@hwe0002:~/stress-ng$

and on bionic:
ubuntu@hwe0007:~/stress-ng$ apt-cache policy linux-generic
linux-generic:
  Installed: 4.15.0.48.50
  Candidate: 4.15.0.48.50
  Version table:
 *** 4.15.0.48.50 500
        500 http://us.ports.ubuntu.com/ubuntu-ports bionic-proposed/main s390x Packages
        100 /var/lib/dpkg/status
     4.15.0.47.49 500
        500 http://us.ports.ubuntu.com/ubuntu-ports bionic-updates/main s390x Packages
        500 http://ports.ubuntu.com/ubuntu-ports bionic-security/main s390x Packages
     4.15.0.20.23 500
        500 http://us.ports.ubuntu.com/ubuntu-ports bionic/main s390x Packages
ubuntu@hwe0007:~/stress-ng$ uname -r
4.15.0-48-generic
ubuntu@hwe0007:~/stress-ng$ ./stress-ng --sysfs 0 -t 60
stress-ng: info: [9386] dispatching hogs: 4 sysfs
stress-ng: info: [9386] successful run completed in 60.00s (1 min, 0.00 secs)
ubuntu@hwe0007:~/stress-ng$

Adjusting tags accordingly...

This bug was fixed in the package linux - 4.18.0-18.19

---------------
linux (4.18.0-18.19) cosmic; urgency=medium

  * linux: 4.18.0-18.19 -proposed tracker (LP: #1822796)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()

  * [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
    - ACPI / property: Allow multiple property compatible _DSD entries
    - PCI / ACPI: Identify untrusted PCI devices
    - iommu/vt-d: Force IOMMU on for platform opt in hint
    - iommu/vt-d: Do not enable ATS for untrusted devices
    - thunderbolt: Export IOMMU based DMA protection support to userspace
    - iommu/vt-d: Disable ATS support on untrusted devices

  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next: hinic: fix a problem in free_tx_poll()
    - hinic: remove ndo_poll_controller
    - net-next/hinic: add checksum offload and TSO support
    - hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
    - net-next/hinic:replace multiply and division operators
    - net-next/hinic:add rx checksum offload for HiNIC
    - net-next/hinic:fix a bug in set mac address
    - net-next/hinic: fix a bug in rx data flow
    - net: hinic: fix null pointer dereference on pointer hwdev
    - hinic: optmize rx refill buffer mechanism
    - net-next/hinic:add shutdown callback
    - net-next/hinic: replace disable_irq_nosync/enable_irq

  * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
    - Fonts: New Terminus large console font
    - [Config]: enable highdpi Terminus 16x32 font support

  * [19.04 FEAT] qeth: Enhanced link speed - kernel part (LP: #1814892)
    - s390/qeth: report 25Gbit link speed

  * Avoid potential memory corruption on HiSilicon SoCs (LP: #1819546)
    - iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads

  * CVE-2017-5715
    - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
    - x86/speculation: Propagate information about RSB filling mitigation to sysfs
    - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
      variant
    - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
    - x86/retpoline: Remove minimal retpoline support
    - x86/speculation: Update the TIF_SSBD comment
    - x86/speculation: Clean up spectre_v2_parse_cmdline()
    - x86/speculation: Remove unnecessary ret variable in cpu_show_common()
    - x86/speculation: Move STIPB/IBPB string conditionals out of
      cpu_show_common()
    - x86/speculation: Disable STIBP when enhanced IBRS is in use
    - x86/speculation: Rename SSBD update functions
    - x86/speculation: Reorganize speculation control MSRs update
    - sched/smt: Make sched_smt_present track topology
    - x86/Kconfig: Select SCHED_SMT if SMP enabled
    - sched/smt: Expose sched_smt_present static key
    - x86/speculation: Rework SMT state change
    - x86/l1tf: Show actual SMT state
    - x86/speculation: R...

This bug was fixed in the package linux - 4.15.0-48.51

---------------
linux (4.15.0-48.51) bionic; urgency=medium

  * linux: 4.15.0-48.51 -proposed tracker (LP: #1822820)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()

  * [P9][LTCTest][Opal][FW910] cpupower monitor shows multiple stop Idle_Stats
    (LP: #1719545)
    - cpupower : Fix header name to read idle state name

  * [amdgpu] screen corruption when using touchpad (LP: #1818617)
    - drm/amdgpu/gmc: steal the appropriate amount of vram for fw hand-over (v3)
    - drm/amdgpu: Free VGA stolen memory as soon as possible.

  * [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
    - ACPICA: AML parser: attempt to continue loading table after error
    - ACPI / property: Allow multiple property compatible _DSD entries
    - PCI / ACPI: Identify untrusted PCI devices
    - iommu/vt-d: Force IOMMU on for platform opt in hint
    - iommu/vt-d: Do not enable ATS for untrusted devices
    - thunderbolt: Export IOMMU based DMA protection support to userspace
    - iommu/vt-d: Disable ATS support on untrusted devices

  * Add basic support to NVLink2 passthrough (LP: #1819989)
    - powerpc/powernv/npu: Do not try invalidating 32bit table when 64bit table is
      enabled
    - powerpc/powernv: call OPAL_QUIESCE before OPAL_SIGNAL_SYSTEM_RESET
    - powerpc/powernv: Export opal_check_token symbol
    - powerpc/powernv: Make possible for user to force a full ipl cec reboot
    - powerpc/powernv/idoa: Remove unnecessary pcidev from pci_dn
    - powerpc/powernv: Move npu struct from pnv_phb to pci_controller
    - powerpc/powernv/npu: Move OPAL calls away from context manipulation
    - powerpc/pseries/iommu: Use memory@ nodes in max RAM address calculation
    - powerpc/pseries/npu: Enable platform support
    - powerpc/pseries: Remove IOMMU API support for non-LPAR systems
    - powerpc/powernv/npu: Check mmio_atsd array bounds when populating
    - powerpc/powernv/npu: Fault user page into the hypervisor's pagetable

  * Huawei Hi1822 NIC has poor performance (LP: #1820187)
    - net-next: hinic: fix a problem in free_tx_poll()
    - hinic: remove ndo_poll_controller
    - net-next/hinic: add checksum offload and TSO support
    - hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
    - net-next/hinic:replace multiply and division operators
    - net-next/hinic:add rx checksum offload for HiNIC
    - net-next/hinic:fix a bug in set mac address
    - net-next/hinic: fix a bug in rx data flow
    - net: hinic: fix null pointer dereference on pointer hwdev
    - hinic: optmize rx refill buffer mechanism
    - net-next/hinic:add shutdown callback
    - net-next/hinic: replace disable_irq_nosync/enable_irq

  * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
    - Fonts: New Terminus large console font
    - [Config]: enable highdpi Terminus 16x32 font support

  * [19.04 FEAT] qeth: Enhanced link...

------- Comment From <email address hidden> 2019-04-29 03:46 EDT-------
IBM Bugzilla status-> closed, Fix Released for all requested distros

The verification of the Stable Release Update for linux-azure has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.