Ubuntu
linux package

OSDs Linked list corruption causes kernel BUG at /build/buildd/linux-3.13.0/net/ceph/osd_client.c:892!

Bug #1488035 reported by Gavin Guo
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Gavin Guo
Trusty
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

The node which mounts a ceph rbd volume causes a panic when all OSD daemons on the all ceph nodes are restarted.

[642981.871592] ------------[ cut here ]------------
[642981.912255] kernel BUG at
/build/buildd/linux-3.13.0/net/ceph/osd_client.c:892!
[642981.994517] invalid opcode: 0000 [#1] SMP
[642982.037227] Modules linked in: xt_multiport iptable_mangle xt_nat
xt_tcpudp veth xfs rbd libceph libcrc32c xt_addrtype xt_conntrack
ipt_MASQUERADE iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4
iptable_filter ip_tables x_tables nf_nat nf_conntrack bridge aufs
ipmi_devintf joydev gpio_ich x86_pkg_temp_thermal intel_powerclamp coretemp
kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel
aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd hid_generic mei_me
ioatdma mei lpc_ich wmi ipmi_si 8021q garp stp mrp llc bonding
acpi_power_meter mac_hid lp parport ixgbe usbhid dca tg3 ahci libahci hid
ptp megaraid_sas mdio pps_core
[642982.528519] CPU: 0 PID: 1062099 Comm: kworker/0:6 Not tainted
3.13.0-45-generic #74-Ubuntu
[642982.648057] Hardware name: NEC Express5800/R120f-1M
[N8100-2203Y]/MS-S0901, BIOS 5.0.4016 12/17/2014
[642982.775433] Workqueue: ceph-msgr con_work [libceph]
[642982.841300] task: ffff881028444800 ti: ffff880d92374000 task.ti:
ffff880d92374000
[642982.973255] RIP: 0010:[<ffffffffa025f5be>] [<ffffffffa025f5be>]
osd_reset+0x22e/0x2c0 [libceph]
[642983.114484] RSP: 0018:ffff880d92375d80 EFLAGS: 00010283
[642983.188540] RAX: ffff8800197f2ca8 RBX: ffff882028194750 RCX:
ffff880036bcdc48
[642983.334096] RDX: ffff8800197f2ca8 RSI: ffff8800197f2c10 RDI:
0000000000000286
[642983.485552] RBP: ffff880d92375dd8 R08: 0000000000000000 R09:
0000000000000000
[642983.643277] R10: ffffffff8160afcf R11: ffffea00710cae00 R12:
ffff8800197f2c58
[642983.805364] R13: ffff882028194810 R14: ffff880036bcdbf8 R15:
ffff880036bcdc18
[642983.968728] FS: 0000000000000000(0000) GS:ffff88103fa00000(0000)
knlGS:0000000000000000
[642984.135368] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[642984.220577] CR2: 00007f60d4cb7868 CR3: 0000000001c0e000 CR4:
00000000001407f0
[642984.383051] Stack:
[642984.459809] ffff8820281947a8 ffff882028194760 ffff8800197f2800
ffff8800197f2ca8
[642984.618038] ffff880d92375da0 ffff880d92375da0 ffff8800197f2c10
ffff8800197f2830

[Fix]

A linked list to manage OSDs in the kernel was corrupted when restarting
all OSD daemons on all ceph nodes at the almost same time.

The issues must be fixed by the following.

libceph: must use new tid when watch is resent
http://tracker.ceph.com/issues/8806

This includes two patched and they has been already released.

http://comments.gmane.org/gmane.comp.file-systems.ceph.devel/20878
[PATCH 1/2] libceph: abstract out ceph_osd_request enqueue logic
[PATCH 2/2] libceph: resend lingering requests with a new tid

3.18 kernel adopts the fixes.

libceph: abstract out ceph_osd_request enqueue logic
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f671b581f1dac61354186b7373af5f97fe420584
libceph: resend lingering requests with a new tid
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2cc6128ab2afff7864dbdc33a73e2deaa935d9e0

[Test Case]

After setting up the ceph environment, repeatedly issued the following
command from a node to all ceph nodes.

rsh -i key -l ubuntu sn_hostname sudo service ceph-all restart

And verify if there is panics.

A test kernel with this fix was verified to fix this problem.

See original description
Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1488035

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Gavin Guo (mimi0213kimo)
description: updated
Changed in linux (Ubuntu):
assignee: nobody → Gavin Guo (mimi0213kimo)
Gavin Guo (mimi0213kimo)
description: updated
Brad Figg (brad-figg)
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Gavin Guo (mimi0213kimo)
tags: added: verification-done-trusty
removed: verification-needed-trusty
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package linux - 3.13.0-65.105

---------------
linux (3.13.0-65.105) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1498108

  [ Upstream Kernel Changes ]

  * net: Fix skb_set_peeked use-after-free bug
      - LP: #1497184

linux (3.13.0-64.104) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1493803

  [ Chris J Arges ]

  * [Config] DEFAULT_IOSCHED="deadline" for ppc64el
    - LP: #1469829

  [ Upstream Kernel Changes ]

  * tcp: fix recv with flags MSG_WAITALL | MSG_PEEK
    - LP: #1486146
  * libceph: abstract out ceph_osd_request enqueue logic
    - LP: #1488035
  * libceph: resend lingering requests with a new tid
    - LP: #1488035
  * n_tty: Refactor input_available_p() by call site
    - LP: #1397976
  * tty: Fix pty master poll() after slave closes v2
    - LP: #1397976
  * md: use kzalloc() when bitmap is disabled
    - LP: #1493305
  * ata: pmp: add quirk for Marvell 4140 SATA PMP
    - LP: #1493305
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for HP 250GB SATA disk
    VB0250EAVER
    - LP: #1493305
  * libata: add ATA_HORKAGE_NOTRIM
    - LP: #1493305
  * libata: force disable trim for SuperSSpeed S238
    - LP: #1493305
  * libata: increase the timeout when setting transfer mode
    - LP: #1493305
  * libata: Do not blacklist M510DC
    - LP: #1493305
  * mac80211: clear subdir_stations when removing debugfs
    - LP: #1493305
  * ALSA: hda - Add new GPU codec ID 0x10de007d to snd-hda
    - LP: #1493305
  * drm: Stop resetting connector state to unknown
    - LP: #1493305
  * usb: dwc3: Reset the transfer resource index on SET_INTERFACE
    - LP: #1493305
  * usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init()
    function
    - LP: #1493305
  * xhci: Calculate old endpoints correctly on device reset
    - LP: #1493305
  * xhci: report U3 when link is in resume state
    - LP: #1493305
  * xhci: prevent bus_suspend if SS port resuming in phase 1
    - LP: #1493305
  * xhci: do not report PLC when link is in internal resume state
    - LP: #1493305
  * USB: OHCI: Fix race between ED unlink and URB submission
    - LP: #1493305
  * usb-storage: ignore ZTE MF 823 card reader in mode 0x1225
    - LP: #1493305
  * blkcg: fix gendisk reference leak in blkg_conf_prep()
    - LP: #1493305
  * tile: use free_bootmem_late() for initrd
    - LP: #1493305
  * Input: usbtouchscreen - avoid unresponsive TSC-30 touch screen
    - LP: #1493305
  * md/raid1: fix test for 'was read error from last working device'.
    - LP: #1493305
  * mmc: omap_hsmmc: Fix DTO and DCRC handling
    - LP: #1493305
  * isdn/gigaset: reset tty->receive_room when attaching ser_gigaset
    - LP: #1493305
  * mmc: sdhci-pxav3: fix platform_data is not initialized
    - LP: #1493305
  * mmc: block: Add missing mmc_blk_put() in power_ro_lock_show()
    - LP: #1493305
  * mmc: sdhci-esdhc: Make 8BIT bus work
    - LP: #1493305
  * bonding: correctly handle bonding type change on enslave failure
    - LP: #1493305
  * net: Clone skb before setting peeked flag
    - LP: #1493305
  * bridge: mdb: fix double add notification
    - LP: #1493305
  * usb: gadget: mv_udc_c...

Read more...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.