Plugging in a LUKS device causes the following error: Error unlocking device: cryptsetup exited with exit code 239: Command failed: Device already exists

Architecture: i386
CheckboxSubmission: 19ba8f45e3d3d7bf348103cee5a0eeaa
CheckboxSystem: 099634613a96bc3665b92c4a813055e8
DistroRelease: Ubuntu 9.10
Package: palimsest (not installed)
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=en_CA.UTF-8
 LANGUAGE=
ProcVersionSignature: Ubuntu 2.6.31-12.41-generic
Uname: Linux 2.6.31-12-generic i686
UserGroups: adm admin cdrom dialout fuse lpadmin plugdev sambashare

Setting to Confirmed, Medium.
From : https://wiki.ubuntu.com/Bugs/Importance

Medium: most bugs are of medium importance, examples are:
    * A bug that has a moderate impact on a core application.
    * A bug that has a severe impact on a non-core application.
    * A problem with a non-essential hardware component (network card, camera, webcam, music player, sound card, power management feature, printer, etc.)

The problem is only partially solved by making "Disk Utility" close the luks device.

In fact all other situations in which a device is not closed correctly also lead to this error.
I use an encrypted external harddrive. Whenever I shutdown the drive before unmounting or suspend the pc, then disconnect the drive and resume the pc, the luks device is not closed cleanly. Such situations can happen and should be handeled correctly, by making nautilus (or the gvfs backend, I'm not an expert here) close a luks drive automatically, when it is no longer accessible.

Steps to reproduce:
1) mount an luks-encrypted external harddrive
2) suspend the system
3) disconnect the drive
4) resume the system
5) connect the drive
6) try to mount the encryptet partition (happens automatically by default when inserted)

I would be happy to give further details when helpful and will test a patch if available.

I just has the same issue using a LUKS encrypted USB drive (created in Karmic) on a Lucid beta LiveCD session.

Unfortunately the workaround in the description no longer works for me.

$ sudo cryptsetup luksClose devkit-disks-luks-uuid-35df8717-0b13-45e6-9cfc-71d2cad4fd4d-uid1000
Command failed: Device busy

(Have tried this when the drive was unmounted)
$ sudo cryptsetup luksClose devkit-disks-luks-uuid-35df8717-0b13-45e6-9cfc-71d2cad4fd4d-uid1000
Command failed

unsatisfactory workaround to do the whole thing manually.

NOTE: assumes that your external LUKS encrypted drive is mounted as /dev/sdb1 and the device name in /dev/mapper is wdcrypt. Change these for your own situation.

Create 2 scripts - mount-luks and unmount-luks (or umount-luks if you are a purest!) as below, and make executable. This also assumes you have something like:

   /dev/mapper/wdcrypt /mnt/wdcrypt ext3 user,atime,noauto,rw,dev,exec,owner

in /etc/fstab.

Run the mount-luks script, and you get prompted for a password, then the disk gets mounted. unmount-luks umounts it so you can unplug it. Not exactly seamless but as an interim measure it's OK.

::::::::::::::
/home/pete/bin/mount-luks
::::::::::::::
#!/bin/sh

# mount encrypted external USB WD drive
# ASSUMES plugged in disk is /dev/sdb1!!

sudo cryptsetup luksOpen /dev/sdb1 wdcrypt
mount /mnt/wdcrypt

::::::::::::::
/home/pete/bin/unmount-luks
::::::::::::::
#!/bin/sh

# unmount encrypted external USB WD drive
# ASSUMES plugged in disk is /dev/sdb1!!

umount /mnt/wdcrypt
sudo cryptsetup luksClose wdcrypt

I got the same problem on Lucid.

It appears that this may be fixed in the upstream cryptsetup

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574126

cryptsetup 1.1.2 has been merged into maverick - can anyone confirm this is fixed there?

Ubuntu Maverick Alpha 2
cryptsetup 1.1.2

Problem still exists.

Does anyone have a current workaround? None posted here work. This bug should be marked criticial as it makes encrypted drives unusable on Ubuntu.

so based on comment #12, the problem is either with gnome-disk-utility or not fixed in the latest cryptsetup. Will target to lucid and maverick, but still needs investigation into finding the right solution.

I beleive that one solution would be to have palimpsest lock the encrypted drive after creating it. This way it could be ejected any number of ways (palimpsest, nautilus, etc...) without the mapper point still existing.

In the initial description I had mentioned that disk utility does not lock the drive after creating it.

I have just discovered another way to get this error:
1) Plug in a LUKS encrypted disk
2) At the password prompt unlock it (Disk will mount and be displayed on the desktop)
3) Suspend computer
4) On resume, "Device already exists" error is shown.

After discussing this with other users we feel that this issue could be corrected in cryptsetup, or al least the graphical front end for it. A dialog stating "A mapper point for this encrypted drive exists already therefore the disk could not be mounted, would you like us to try and fix this (Y/n)".

Another method of correcting this would be to have cryptsetup work on a message bus where when the device is present, the mapping point is created and managed by those messages. Once the device is removed, the encrypted mapper point is removed as well (not just the mountpoint).

I know this is all very confusing and this is the best way I know to explain it:
A-Disk Device
B -Encrypted Device
C -Mapper Point Device (Unencrypted/Unlocked Device)
D -Mountpoint
E -Filesystem

The issue is that if C is not cleanly closed (disk being removed without being locked/luksClose) it blocks anyone from using that drive ever again on that computer (workaround listed in description). It would be nice to cook up a solution which could be tested in the next few releases and ready for the next LTS.

> After discussing this with other users we feel that this issue could be
> corrected in cryptsetup, or al least the graphical front end for it.

There is no graphical frontend that's part of cryptsetup.

I can't reproduce this issue on my system unless I forcibly remove the device (or suspend as commented by komputes), on the other hand, it happens as well in nautilus, which leads me to believe the issue lies in udisks rather than cryptsetup or elsewhere.

I can also see that udisks doesn't seem (to me at least) to do things right, searching through all devices' properties to look for the one that has the removed device as slave, when these properties have already been updated and removed.

Since I was able to write a patch that seems to me like it's fixing the issue for both use cases (nautilus/palimpsest and suspend), I'm adding a task for udisks (and I pushed the patch upstream for review).

Pushed to upstream git head, thanks Mathieu!

Uploaded into maverick review queue.

This bug was fixed in the package udisks - 1.0.1+git20100614-3

---------------
udisks (1.0.1+git20100614-3) unstable; urgency=low

  * Add 00git-fix-luks-forced-removal.patch: In the event of the forced
    removal of a crypto device, use the luks_holder property since it is still
    available to figure out which underlying cleartext LUKS device to
    teardown, instead of scanning through all available devices (because the
    cleartext device already has had its properties cleaned up). Many thanks
    to Mathieu Trudel for the patch! Patch cherrypicked from upstream git
    trunk. (LP: #484429)
 -- Martin Pitt <email address hidden> Mon, 27 Sep 2010 18:56:00 +0200

Mathieu's patch fixes the error message in most scenarios:
- Ejecting device from palimsest without locking
- Pulling out device without warning the OS (unsafe)
- Suspend, Resume

However I found that it did not work for me in the following scenario (received same error):
- Suspend, Pull Out, Resume

In fact, while sleeping, I pulled out the disk, on return, the disk is still there, and I can copy stuff to disk for a while before it realizes the disk is not there. When it realizes the disk is no longer available, it gives the following error:

Method "DriveEject" with signature "as" on interface "org.freedesktop.UDisks.Device" doesn't exist.

komputes,

this sounds like a more general problem, though -- I bet you can also reproduce this with normal unencrypted USB sticks. Anyway, I think it's worth filing a new bug about it. I guess what happens is that nothing checks the state of USB devices after resuming, and thus there is never a "remove" event for the device. This requires some more thorough discussion what the right solution is.

00git-fix-luks-forced-removal.patch does not apply to the lucid sources. Will some kind soul please backport the patch so we can get an SRU for lucid?

I can reproduce this bug in oneiric beta2 after unsafe remove of encrypted drive.

I can't reproduce this in oneiric. Can you please give the output of "dmesg", "udisks --dump", and "udevadm info --export-db" after ripping out the USB stick?

I created an excrypted sdcard with palimpset.

1) Plug in a LUKS encrypted disk
2) At the password prompt unlock it (Disk will mount and be displayed on the desktop)
3) Suspend computer
4) Remove sdcard
5) On resume, no errors
6) Insert encrypted sdcard from step 4)
7) Prompted to enter password for device.
8) "Error unlocking device: cryptsetup exited with exit code 239" error is shown.
9) sdcard is never mounted.

just adding that #33 is on 11.10 64bit with gnome-shell

ubuntu 11.10 64bit, system76 serval laptop.
dmesg output after plugging in sdcard, entering password, recieving error

ubuntu 11.10 64bit, system76 serval laptop.
udisk dump output after plugging in sdcard, entering password, recieving error

ubuntu 11.10 64bit, system76 serval laptop.
udevadm output after plugging in sdcard, entering password, recieving error

ubuntu 11.10 64bit, system76 serval laptop.
dmesg output after pulling out sdcard

ubuntu 11.10 64bit, system76 serval laptop.
udevadm output after pulling out sdcard

ubuntu 11.10 64bit, system76 serval laptop.
udisk output after pulling out sdcard

I can reproduce the behavior on Ubuntu 11.10 (Natty) 64bit with the following steps:

1) connect a luks-encrypted external harddrive and mount it
2) disconnect the drive
3) connect the drive
4) try to mount the encrypted partition again (happens automatically by default when inserted)

This bug still exists with at least Ubuntu 13.04 and Ubuntu 13.10.

For the work-around: "sudo cryptsetup luksClose <luks-id>" works when you close all shells and editors which were working on a file or path on the LUKS-drive.

I still experience this problem in trusty when

1) mount encrypted USB disk
2) suspend
3) unplug USB disk
4) wake up
5) plug in USB disk
6) try to mount again and answer the password prompt

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

This problem still exists in trusty.

after suspend / resume an external excrypted harddrive automaint fails with this error.

How to solve this totally annoying behaviour?

Also I would like to know: how can I make the automount mechanism forget the password?

BTW this error seems to be triggered by the password input mechanism - when I save the luks password "forever", volume management will always remount that enrypted device without trouble after resume.

The two other options ("forget immediately" and "forget when log out") lead to the described problem with cryptsetup failing with a "device already exists".

For what it's worth, I'm seeing this exact problem in 15.04.

I am having this problem using 15.10. May be related to trying to mount an encrypted external harddisk after the computer was suspended.
6 years after this bug has been opened it is still affecting people.

This error is making using encrypted external USB harddrives completely unusable for me. I see that error every time I try to use any (of two completely different) devices after a few minutes, sometimes after a bit longer.

There are suggestions on help pages to use "sudo dmsetup remove /dev/mapper/udisks-luks-uuid-xxxx" however this fails with a "device busy" message.

There are suggestions on help pages to use "sudo cryptsetup luksClose udisks-luks-uuid-xxxxx" however this also failes with a "Device or resource busy message".

The only temporary way to make this error message go away is to completely reboot my computer, reattach the harddrive, enter the password and use it for a few minutes until the same error appears again.

I am using Ubuntu 15.10 4.2.0-35-generic #40-Ubuntu SMP Tue Mar 15 22:15:45 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux