[BUG] bisected to: block: fix splitting segments on boundary masks

From: Steven Rostedt
Date: Mon Jan 13 2020 - 22:13:27 EST


Hi!

Running one of my ftrace stress tests, I hit this bug:
(On i386, haven't tested on x86_64 yet)

------------[ cut here ]------------
kernel BUG at block/bio.c:1885!
invalid opcode: 0000 [#1] SMP PTI
CPU: 1 PID: 105 Comm: kworker/u8:6 Not tainted 5.5.0-rc4-test+ #365
Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014
Workqueue: writeback wb_workfn (flush-8:0)
EIP: bio_split+0xf/0x67
Code: 89 d8 e8 90 0f 02 00 85 c0 79 09 89 d8 31 db e8 e0 fa ff ff 89 d8 5b 5e 5f 5d c3 e8 db 5b d2 ff 55 89 e5 57 56 53 85 d2 7f 02 <0f> 0b 8b 58 20 c1 eb 09 39 d3 77 02 0f 0b 89 cb 8b 4d 08 89 d6 89
EAX: e2ddb600 EBX: ec74bc80 ECX: 00000c00 EDX: 00000000
ESI: 00000000 EDI: 00025000 EBP: ec74bbec ESP: ec74bbe0
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010246
CR0: 80050033 CR2: 025c7ed4 CR3: 270bc000 CR4: 001406f0
Call Trace:
__blk_queue_split+0x327/0x40b
? blk_mq_try_issue_directly+0x91/0x91
? blk_mq_try_issue_directly+0x91/0x91
blk_mq_make_request+0x6e/0x407
? function_trace_call+0xb8/0xdc
? blk_mq_try_issue_directly+0x91/0x91
generic_make_request+0xc7/0x1e1
submit_bio+0x113/0x12b
? ftrace_call+0x5/0x15
ext4_io_submit+0x47/0x51
ext4_writepages+0x53d/0x6ee
? trace_function+0xcc/0xd4
? page_writeback_cpu_online+0x11/0x11
do_writepages+0x29/0x55
__writeback_single_inode+0xc4/0x420
writeback_sb_inodes+0x239/0x395
__writeback_inodes_wb+0x5c/0x8b
? trace_trigger_soft_disabled+0x40/0x40
wb_writeback+0x175/0x30a
wb_workfn+0x255/0x348
? function_trace_call+0xb8/0xdc
? inode_wait_for_writeback+0x28/0x28
process_one_work+0x25e/0x3d1
worker_thread+0x170/0x21f
kthread+0xe1/0xe3
? rescuer_thread+0x217/0x217
? kthread_worker_fn+0x116/0x116
ret_from_fork+0x2e/0x38
Modules linked in: ip6t_REJECT nf_reject_ipv6 ip6table_filter ip6_tables ipv6 crc_ccitt realtek ppdev r8169 parport_pc parport
---[ end trace 7b7d4d993e5ceea3 ]---

It is very reproducible and I bisected it to 429120f3df2dba ("block: fix
splitting segments on boundary masks")

The test is simply:

# perf record -o perf-test.dat -a -- \
trace-cmd record -e all -p function ./hackbench 20
# trace-cmd report > /tmp/tempfile

It appears to crash on the trace-cmd report.

Attached is the config.

-- Steve

Attachment: .config.gz
Description: application/gzip