Hi, I think I found a bug in bcache. When I try to create a cache set on a loop device, I get the following error in dmesg: > ------------[ cut here ]------------ > kernel BUG at drivers/md/bcache/super.c:2040! > invalid opcode: 0000 [#2] PREEMPT SMP PTI > CPU: 0 PID: 16925 Comm: bcache-register Tainted: G D > 4.18.7-arch1-1-ARCH #1 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014 > RIP: 0010:register_bcache+0x122d/0x1560 [bcache] > Code: e9 48 f1 48 8b 55 90 48 c7 c6 18 f8 ae c0 48 c7 c7 40 c6 af c0 > e8 71 ac df f0 48 8b 7d a0 e8 8a 14 47 f1 e9 7a 7c 00 00 0f 0b <0f> 0b > 3e 41 80 89 40 03 00 00 01 4c 89 cf e8 70 df ff ff e9 8c fc > RSP: 0018:ffffa89d8081fd70 EFLAGS: 00010246 > RAX: 0000000000000000 RBX: ffff9e9889ed7000 RCX: 0000000022619a00 > RDX: 0000000022619800 RSI: 0000000022619800 RDI: ffff9e98fd001a80 > RBP: ffffa89d8081fe00 R08: ffff9e989eb933e8 R09: 00000000ffffffff > R10: ffff9e98ea7b40f0 R11: 0000000000000240 R12: 000000000000000b > R13: ffff9e98e6968340 R14: ffff9e98ea7b4710 R15: ffff9e989eb92000 > FS: 00007ff70ab56540(0000) GS:ffff9e98ffc00000(0000) > knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 000056292c0afbf0 CR3: 000000006f15e004 CR4: 00000000001606f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > ? retint_kernel+0x1b/0x1d > ? kernfs_fop_write+0x116/0x190 > ? bch_cache_set_alloc+0x4f0/0x4f0 [bcache] > kernfs_fop_write+0x116/0x190 > __vfs_write+0x36/0x190 > ? __audit_syscall_entry+0xd7/0x160 > ? handle_mm_fault+0x10a/0x250 > vfs_write+0xa9/0x190 > ksys_write+0x4f/0xb0 > do_syscall_64+0x5b/0x170 > entry_SYSCALL_64_after_hwframe+0x44/0xa9 > RIP: 0033:0x7ff70aa7d7a8 > Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e > fa 48 8d 05 95 6d 0d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d > 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55 > RSP: 002b:00007ffca7aa07e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 > RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007ff70aa7d7a8 > RDX: 000000000000000b RSI: 0000557ba02e9260 RDI: 0000000000000003 > RBP: 0000557ba02e9260 R08: 00007ffca7aa2e37 R09: 00007ffca7aa0460 > R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca7aa0890 > R13: 000000000000000b R14: 00007ff70ab4b5c0 R15: 000000000000000b > Modules linked in: bcache loop nf_conntrack_ipv6 nf_defrag_ipv6 > ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_tcpudp > xt_state xt_conntrack nf_conntrack iptable_filter cirrus ttm > drm_kms_helper drm ext4 crc16 mbcache jbd2 fscrypto psmouse joydev > input_leds intel_agp led_class pcspkr mousedev intel_gtt syscopyarea > sysfillrect sysimgblt i2c_piix4 fb_sys_fops agpgart evdev qemu_fw_cfg > mac_hid zram sg ip_tables x_tables btrfs libcrc32c crc32c_generic xor > zstd_decompress zstd_compress xxhash raid6_pq algif_skcipher af_alg > dm_crypt dm_mod hid_generic usbhid hid virtio_net net_failover > failover virtio_rng virtio_blk rng_core virtio_balloon sr_mod cdrom > ata_generic pata_acpi crct10dif_pclmul crc32_pclmul crc32c_intel > ghash_clmulni_intel serio_raw atkbd libps2 pcbc ata_piix uhci_hcd > ehci_pci ehci_hcd aesni_intel libata aes_x86_64 crypto_simd cryptd > glue_helper virtio_pci virtio_ring virtio usbcore usb_common scsi_mod > floppy i8042 serio > ---[ end trace 9c400b357ca9bc1b ]--- > RIP: 0010:register_bcache+0x122d/0x1560 [bcache] > Code: e9 48 f1 48 8b 55 90 48 c7 c6 18 f8 ae c0 48 c7 c7 40 c6 af c0 > e8 71 ac df f0 48 8b 7d a0 e8 8a 14 47 f1 e9 7a 7c 00 00 0f 0b <0f> 0b > 3e 41 80 89 40 03 00 00 01 4c 89 cf e8 70 df ff ff e9 8c fc > RSP: 0018:ffffa89d808bfd70 EFLAGS: 00010246 > RAX: 0000000000000000 RBX: ffff9e98b2618000 RCX: 0000000021ffc000 > RDX: 0000000021ffbe00 RSI: 0000000021ffbe00 RDI: ffff9e98fd001a80 > RBP: ffffa89d808bfe00 R08: ffff9e989eb973e8 R09: 00000000ffffffff > R10: ffff9e989c35aad0 R11: 0000000000000f20 R12: 000000000000000d > R13: ffff9e98e696ad80 R14: ffff9e989c35af50 R15: ffff9e989eb96000 > FS: 00007ff70ab56540(0000) GS:ffff9e98ffc00000(0000) > knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007f3ce70f6000 CR3: 000000006f15e001 CR4: 00000000001606f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > audit: type=1006 audit(1537323691.553:147): pid=17000 uid=0 > old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=14 res=1 It appears to be a segfault during register_bcache. The steps to reproduce are pretty simple: # dd if=/dev/zero of=data bs=1M count=100 # losetup /dev/loop0 data # sudo make-bcache -C /dev/loop0 make-bcache probably automatically registers the set, which then leads to the bug. This happened on 4.18.7 and 4.18.8 on two different machines (one a VPS, one a physical machine).
