This is backport of the upstream commit that fixes memory corruption in dm-io. It is suitable for stable kernels 4.8 to 4.11. (the bug was already fixed in 4.12) Mikulas commit feb7695fe9fb83084aa29de0094774f4c9d4c9fc Author: Mike Snitzer <snitzer@xxxxxxxxxx> Date: Tue Jun 20 19:14:30 2017 -0400 dm io: fix duplicate bio completion due to missing ref count If only a subset of the devices associated with multiple regions support a given special operation (eg. DISCARD) then the dec_count() that is used to set error for the region must increment the io->count. Otherwise, when the dec_count() is called it can cause the dm-io caller's bio to be completed multiple times. As was reported against the dm-mirror target that had mirror legs with a mix of discard capabilities. Bug: https://bugzilla.kernel.org/show_bug.cgi?id=196077 Reported-by: Zhang Yi <yizhan@xxxxxxxxxx> Signed-off-by: Mike Snitzer <snitzer@xxxxxxxxxx> --- drivers/md/dm-io.c | 1 + 1 file changed, 1 insertion(+) Index: linux-stable/drivers/md/dm-io.c =================================================================== --- linux-stable.orig/drivers/md/dm-io.c 2018-03-06 14:13:59.000000000 +0100 +++ linux-stable/drivers/md/dm-io.c 2018-03-06 14:14:23.000000000 +0100 @@ -316,6 +316,7 @@ static void do_region(int op, int op_fla special_cmd_max_sectors = q->limits.max_write_same_sectors; if ((op == REQ_OP_DISCARD || op == REQ_OP_WRITE_SAME) && special_cmd_max_sectors == 0) { + atomic_inc(&io->count); dec_count(io, region, -EOPNOTSUPP); return; }