This bug was fixed in the package linux - 4.4.0-135.161
---------------
linux (4.4.0-135.161) xenial; urgency=medium
* linux: 4.4.0-135.161 -proposed tracker (LP: #1788766)
* [Regression] APM Merlin boards fail to recover link after interface down/up
(LP: #1785739)
- net: phylib: fix interrupts re-enablement in phy_start
- net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
* qeth: don't clobber buffer on async TX completion (LP: #1786057)
- s390/qeth: don't clobber buffer on async TX completion
* nvme: avoid cqe corruption (LP: #1788035)
- nvme: avoid cqe corruption when update at the same time as read
* CacheFiles: Error: Overlong wait for old active object to go away.
(LP: #1776254)
- cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
- cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
* fscache cookie refcount updated incorrectly during fscache object allocation
(LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
object allocation (LP: #1776277)
- fscache: Fix reference overput in fscache_attach_object() error handling
* FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
- Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
- fscache: Allow cancelled operations to be enqueued
- cachefiles: Fix refcounting bug in backing-file read monitoring
* linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
walinuxagent.service (LP: #1739107)
- [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
walinuxagent.service
-- Khalid Elmously <khalid.elmou...@canonical.com> Sun, 26 Aug 2018
23:56:50 -0400
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1776277
Title:
fscache cookie refcount updated incorrectly during fscache object
allocation
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Released
Bug description:
== SRU Justification ==
[Impact]
Oops during heavy NFS + FSCache + Cachefiles use:
kernel BUG at /build/linux-Y09MKI/linux-4.4.0/fs/fscache/internal.h:321!
kernel BUG at /build/linux-Y09MKI/linux-4.4.0/fs/fscache/cookie.c:639!
[Cause]
1)Two threads are trying to do operate on a cookie and two objects.
2a)One thread tries to unmount the filesystem and in process goes over
a huge list of objects marking them dead and deleting the objects.
cookie->usage is also decremented in following path
nfs_fscache_release_super_cookie
-> __fscache_relinquish_cookie
->__fscache_cookie_put
->BUG_ON(atomic_read(&cookie->usage) <= 0);
2b)second thread tries to lookup an object for reading data in
following path
fscache_alloc_object
1) cachefiles_alloc_object
-> fscache_object_init
-> assign cookie, but usage not bumped.
2) fscache_attach_object -> fails in cant_attach_object because the
cookie's backing object or cookie's->parent object are going away
3)fscache_put_object
-> cachefiles_put_object
->fscache_object_destroy
->fscache_cookie_put
->BUG_ON(atomic_read(&cookie->usage) <= 0);
[Fix]
Bump up the cookie usage in fscache_object_init,
when it is first being assigned a cookie atomically such that the cookie
is added and bumped up if its refcount is not zero.
remove the assignment in the attach_object.
[Testcase]
A user has run ~100 hours of NFS stress tests and not seen this bug recur.
[Regression Potential]
- Limited to fscache/cachefiles.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1776277/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
