kernel-packages team mailing list archive

Thread
Date
[Bug 1265841] Re: kernel BUG at /build/buildd/linux-3.11.0/fs/buffer.c:1268!; RIP: 0010:[<ffffffff816e3efd>] [<ffffffff816e3efd>] check_irqs_on.part.11+0x4/0x6

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Nate Eldredge <1265841@xxxxxxxxxxxxxxxxxx>
Date: Fri, 17 Jan 2014 06:30:13 -0000
Reply-to: Bug 1265841 <1265841@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
For what it's worth, here is the backtrace from when I reproduced the
bug using emacs/evince.  Maybe it is helpful to look for similarities in
the code path, though it certainly sounds like the crypto code in
ecryptfs is the place to begin.  I may try putting in lots of
WARN_ON(irqs_disabled()).

Just as a note, from disassembly it doesn't appear that the aesni_intel
module contains the cli instruction, so interrupts must get disabled
somewhere else.  As a wild guess, I speculate that somewhere there is a
irq_enable/irq_disable pair with the possibility to erroneously jump out
from the middle, and something about using the aesni_intel module makes
that happen.  Maybe in the generic crypto code that only calls
aesni_intel if it's available?

[  322.435871] ------------[ cut here ]------------
[  322.435925] kernel BUG at /build/buildd/linux-3.11.0/fs/buffer.c:1268!
[  322.435979] invalid opcode: 0000 [#1] SMP 
[  322.436017] Modules linked in: xt_recent michael_mic arc4 dm_crypt joydev ip6t_REJECT xt_hl ip6t_rt nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT xt_comment xt_LOG parport_pc ppdev lp parport xt_limit xt_tcpudp xt_addrtype nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack ip6table_filter ip6_tables nf_conntrack_netbios_ns nf_conntrack_broadcast nf_nat_ftp nf_nat nf_conntrack_ftp nf_conntrack iptable_filter ip_tables x_tables bnep rfcomm bluetooth x86_pkg_temp_thermal intel_powerclamp coretemp kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd hp_wmi sparse_keymap snd_hda_codec_hdmi snd_hda_codec_idt binfmt_misc uvcvideo videobuf2_vmalloc snd_hda_intel snd_hda_codec videobuf2_memops snd_hwdep videobuf2_core videodev snd_pcm lib80211_crypt_tkip snd_page_alloc snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq microcode wl(POF) snd_seq_device snd_timer lib80211 psmouse serio_raw cfg80211 rtsx_pci_ms snd memstick lpc_ich mei_me soundcore mei mac_hid rtsx_pci_sdmmc i915 i2c_algo_bit drm_kms_helper sdhci_pci sdhci drm ahci r8169 rtsx_pci mii libahci wmi video
[  322.437181] CPU: 3 PID: 3174 Comm: evince Tainted: PF          O 3.11.0-15-generic #23-Ubuntu
[  322.437266] Hardware name: Hewlett-Packard HP Folio 13 Notebook PC/17F8, BIOS F.0B 01/23/2013
[  322.437353] task: ffff880146af2ee0 ti: ffff880144152000 task.ti: ffff880144152000
[  322.437511] RIP: 0010:[<ffffffff816e3efd>]  [<ffffffff816e3efd>] check_irqs_on.part.11+0x4/0x6
[  322.437699] RSP: 0018:ffff8801441534c8  EFLAGS: 00010046
[  322.437805] RAX: 0000000000000086 RBX: 0000000000001000 RCX: ffff880144955800
[  322.437937] RDX: 0000000000001000 RSI: 0000000000000554 RDI: ffff88014934a3c0
[  322.438069] RBP: ffff8801441534c8 R08: 0000000000000000 R09: 0000000000000000
[  322.438186] R10: ffff880144955800 R11: 0000000000001000 R12: ffff880144153650
[  322.438262] R13: ffff8801438b9000 R14: ffff88014f8a8000 R15: ffff88014934a3c0
[  322.438338] FS:  00007feab6487a00(0000) GS:ffff88014fac0000(0000) knlGS:0000000000000000
[  322.438425] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  322.438486] CR2: 00000000021aa1b8 CR3: 0000000001c0e000 CR4: 00000000000407e0
[  322.438561] Stack:
[  322.438584]  ffff880144153538 ffffffff811d81a9 0000000000000000 0000000000000000
[  322.438672]  0000000000000000 0000000000000000 0000000000000000 0000000000000000
[  322.438757]  0000000000000000 0000000000000000 0000000000001000 ffff880144153650
[  322.438842] Call Trace:
[  322.438881]  [<ffffffff811d81a9>] __find_get_block+0x229/0x230
[  322.438948]  [<ffffffff811d81d4>] __getblk+0x24/0x2e0
[  322.439013]  [<ffffffff81241230>] __ext4_get_inode_loc+0x110/0x3d0
[  322.439084]  [<ffffffff81242f9d>] ext4_get_inode_loc+0x1d/0x20
[  322.439168]  [<ffffffff81244796>] ext4_reserve_inode_write+0x26/0xa0
[  322.439251]  [<ffffffff812479b0>] ? ext4_dirty_inode+0x40/0x60
[  322.439322]  [<ffffffff81244854>] ext4_mark_inode_dirty+0x44/0x1f0
[  322.439398]  [<ffffffff812479b0>] ext4_dirty_inode+0x40/0x60
[  322.439461]  [<ffffffff811d13b2>] __mark_inode_dirty+0x1f2/0x2f0
[  322.439529]  [<ffffffff811c0b8e>] update_time+0x8e/0xd0
[  322.439588]  [<ffffffff811c0d90>] file_update_time+0x80/0xd0
[  322.439658]  [<ffffffff81140d40>] __generic_file_aio_write+0x180/0x3d0
[  322.439730]  [<ffffffff81140fed>] generic_file_aio_write+0x5d/0xc0
[  322.439800]  [<ffffffff8123c6f9>] ext4_file_write+0x99/0x3f0
[  322.439866]  [<ffffffff811a69f0>] do_sync_write+0x80/0xb0
[  322.439927]  [<ffffffff811a712d>] vfs_write+0xbd/0x1e0
[  322.439986]  [<ffffffff811d2888>] kernel_write+0x38/0x50
[  322.440049]  [<ffffffff812aab69>] ecryptfs_write_lower+0x29/0x50
[  322.440117]  [<ffffffff812abf6c>] ecryptfs_encrypt_page+0xec/0x180
[  322.440186]  [<ffffffff812aa084>] ecryptfs_writepage+0x14/0x60
[  322.443446]  [<ffffffff81148553>] __writepage+0x13/0x40
[  322.446584]  [<ffffffff81148f31>] write_cache_pages+0x241/0x4b0
[  322.449735]  [<ffffffff81092599>] ? ttwu_do_wakeup+0x19/0xd0
[  322.453039]  [<ffffffff81148540>] ? global_dirtyable_memory+0x50/0x50
[  322.455525]  [<ffffffff811ed50b>] ? ep_poll_callback+0x11b/0x170
[  322.458577]  [<ffffffff8108977b>] ? srcu_readers_seq_idx.isra.6+0x5b/0x80
[  322.461975]  [<ffffffff816ee5be>] ? _raw_spin_lock+0xe/0x20
[  322.463799]  [<ffffffff811491e0>] generic_writepages+0x40/0x60
[  322.466051]  [<ffffffff8114a695>] do_writepages+0x35/0x40
[  322.468529]  [<ffffffff811401e9>] __filemap_fdatawrite_range+0x59/0x60
[  322.471404]  [<ffffffff8114024c>] filemap_write_and_wait+0x2c/0x60
[  322.474554]  [<ffffffff812a9d02>] ecryptfs_put_lower_file+0x32/0x60
[  322.476670]  [<ffffffff812a6fe2>] ecryptfs_release+0x12/0x30
[  322.478669]  [<ffffffff811a8be1>] __fput+0xe1/0x230
[  322.481218]  [<ffffffff811a8d7e>] ____fput+0xe/0x10
[  322.484676]  [<ffffffff810813c4>] task_work_run+0xc4/0xe0
[  322.488118]  [<ffffffff81064257>] do_exit+0x2b7/0xa40
[  322.490307]  [<ffffffff81071133>] ? __sigqueue_free.part.15+0x33/0x40
[  322.492447]  [<ffffffff81064a5f>] do_group_exit+0x3f/0xa0
[  322.494632]  [<ffffffff810742c0>] get_signal_to_deliver+0x1d0/0x5e0
[  322.496851]  [<ffffffff81012438>] do_signal+0x48/0x960
[  322.498977]  [<ffffffff815d9b0c>] ? SYSC_recvfrom+0x11c/0x160
[  322.500196]  [<ffffffff81011609>] ? __switch_to+0x169/0x4b0
[  322.502213]  [<ffffffff810913c0>] ? finish_task_switch+0x50/0xf0
[  322.504268]  [<ffffffff81012dc8>] do_notify_resume+0x78/0xa0
[  322.506307]  [<ffffffff816f74da>] int_signal+0x12/0x17
[  322.508366] Code: f0 2c a6 81 e8 b5 d9 ff ff 4d 85 e4 74 14 49 8d 7c 24 58 e8 b6 9f 96 ff 66 90 4c 89 e7 e8 bc 90 ad ff 5b 41 5c 5d c3 55 48 89 e5 <0f> 0b 55 48 89 e5 0f 0b 55 48 89 e5 0f 0b 55 48 89 e5 0f 0b 55 
[  322.513147] RIP  [<ffffffff816e3efd>] check_irqs_on.part.11+0x4/0x6
[  322.515577]  RSP <ffff8801441534c8>
[  322.526687] ---[ end trace 37836371a7bce466 ]---
[  322.526690] Fixing recursive fault but reboot is needed!

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1265841

Title:
  kernel BUG at /build/buildd/linux-3.11.0/fs/buffer.c:1268!; RIP:
  0010:[<ffffffff816e3efd>]  [<ffffffff816e3efd>]
  check_irqs_on.part.11+0x4/0x6

Status in “linux” package in Ubuntu:
  Triaged

Bug description:
  This only happens when aesni_intel is loaded.

  In my attempts to find an easy way to reproduce this bug:
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1265684
  I actually found a very simple way to trigger a bug that is similar but not identical. I suspect that both bugs have the same cause: something in the kernel is disabling IRQs and the ext4 code will crash when this happens. The stack trace for this bug is different from the other one. This one appears to be less severe, the system is still usable after the crash, only the process that caused the crash will hang (uninterruptible sleep). This bug is 100% reproducible on both Ubuntu 13.10 with kernel 3.11.0 and Arch Linux with kernel 3.12.6.

  The steps to reproduce the bug are based on this:
  http://www.spinics.net/lists/linux-ext4/msg38949.html

  * Set up an ecryptfs 'Private' folder in your home directory.
  * In that directory, create a file called 'crashme.c' with the following code in it:
  #include <assert.h>
  int main() { assert(0); }

  * Compile the program:
  gcc -Wall crashme.c -o crashme

  * Change the core dump pattern so core dumps are saved in the current directory:
  echo "coredump-%p" | sudo tee /proc/sys/kernel/core_pattern

  * Enable core dumps:
  ulimit -c unlimited

  * Make sure that you have a second terminal open to run dmesg, because you may not be able to do so later.
  * Run 'crashme' - this will hang and trigger the bug:
  ./crashme

  ProblemType: Bug
  DistroRelease: Ubuntu 13.10
  Package: linux-image-3.11.0-15-generic 3.11.0-15.23
  ProcVersionSignature: Ubuntu 3.11.0-15.23-generic 3.11.10
  Uname: Linux 3.11.0-15-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.12.5-0ubuntu2.2
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  maarten    1666 F.... lxpanel
  CRDA: Error: [Errno 2] No such file or directory: 'iw'
  Date: Fri Jan  3 15:58:24 2014
  EcryptfsInUse: Yes
  HibernationDevice: RESUME=UUID=bc17e234-da75-457f-b17c-22d9c0e27dd8
  InstallationDate: Installed on 2013-12-28 (6 days ago)
  InstallationMedia: Lubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
  IwConfig:
   eth0      no wireless extensions.

   lo        no wireless extensions.
  MachineType: Gigabyte Technology Co., Ltd. Z87X-D3H
  MarkForUpload: True
  ProcFB: 0 EFI VGA
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.11.0-15-generic.efi.signed root=UUID=5a8ae1fc-91bf-4ce0-8dea-a519976fd56b ro quiet splash vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-3.11.0-15-generic N/A
   linux-backports-modules-3.11.0-15-generic  N/A
   linux-firmware                             1.116
  RfKill:

  SourcePackage: linux
  StagingDrivers: zram
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/02/2013
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: F7
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: Z87X-D3H-CF
  dmi.board.vendor: Gigabyte Technology Co., Ltd.
  dmi.board.version: x.x
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
  dmi.chassis.version: To Be Filled By O.E.M.
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF7:bd08/02/2013:svnGigabyteTechnologyCo.,Ltd.:pnZ87X-D3H:pvrTobefilledbyO.E.M.:rvnGigabyteTechnologyCo.,Ltd.:rnZ87X-D3H-CF:rvrx.x:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvrToBeFilledByO.E.M.:
  dmi.product.name: Z87X-D3H
  dmi.product.version: To be filled by O.E.M.
  dmi.sys.vendor: Gigabyte Technology Co., Ltd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1265841/+subscriptions
References

[Bug 1265841] [NEW] Kernel crash in ext4/ecryptfs after core dump in encrypted folder
From: Maarten Baert, 2014-01-03