On Wed, Jun 27, 2018 at 12:55:18PM -0700, Bart Van Assche wrote:
> This patch avoids that removing a path controlled by the dm-mpath driver
> while mkfs is running triggers the following kernel bug:
>
> kernel BUG at block/blk-core.c:3347!
> invalid opcode: 0000 [#1] PREEMPT SMP KASAN
> CPU: 20 PID: 24369 Comm: mkfs.ext4 Not tainted 4.18.0-rc1-dbg+ #2
> RIP: 0010:blk_end_request_all+0x68/0x70
> Call Trace:
> <IRQ>
> dm_softirq_done+0x326/0x3d0 [dm_mod]
> blk_done_softirq+0x19b/0x1e0
> __do_softirq+0x128/0x60d
> irq_exit+0x100/0x110
> smp_call_function_single_interrupt+0x90/0x330
> call_function_single_interrupt+0xf/0x20
> </IRQ>
>
> Fixes: f9d03f96b988 ("block: improve handling of the magic discard payload")
> Signed-off-by: Bart Van Assche <bart.vanassche@xxxxxxx>
> Cc: Christoph Hellwig <hch@xxxxxx>
> Cc: Mike Snitzer <snitzer@xxxxxxxxxx>
> Cc: Ming Lei <ming.lei@xxxxxxxxxx>
> Cc: Hannes Reinecke <hare@xxxxxxxx>
> Cc: Johannes Thumshirn <jthumshirn@xxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx>
> ---
> block/blk-core.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/block/blk-core.c b/block/blk-core.c
> index 118dd17eb71f..f1e07ed1513c 100644
> --- a/block/blk-core.c
> +++ b/block/blk-core.c
> @@ -3529,6 +3529,10 @@ static void __blk_rq_prep_clone(struct request *dst, struct request *src)
> dst->cpu = src->cpu;
> dst->__sector = blk_rq_pos(src);
> dst->__data_len = blk_rq_bytes(src);
> + if (src->rq_flags & RQF_SPECIAL_PAYLOAD) {
> + dst->rq_flags |= RQF_SPECIAL_PAYLOAD;
> + dst->special_vec = src->special_vec;
> + }
> dst->nr_phys_segments = src->nr_phys_segments;
> dst->ioprio = src->ioprio;
> dst->extra_len = src->extra_len;
> --
> 2.17.1
Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx>
BTW, if possible, could you please make a block test to catch this issue?
thanks,
Ming
