FYI, we noticed the following commit (built with gcc-7):
commit: fa53228721876515adabc7bc74368490bd97aa3b ("block: avoid blk_bio_segment_split for small I/O operations")
https://git.kernel.org/cgit/linux/kernel/git/axboe/linux-block.git for-5.5/block
in testcase: xfstests
with following parameters:
disk: 4HDD
fs: xfs
test: xfs-group16
test-description: xfstests is a regression test suite for xfs and other files ystems.
test-url: git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+---------------------------------------------+------------+------------+
| | d2c9be89f8 | fa53228721 |
+---------------------------------------------+------------+------------+
| boot_successes | 12 | 0 |
| boot_failures | 0 | 16 |
| WARNING:at_block/blk-merge.c:#blk_rq_map_sg | 0 | 16 |
| RIP:blk_rq_map_sg | 0 | 16 |
| kernel_BUG_at_drivers/scsi/scsi_lib.c | 0 | 16 |
| invalid_opcode:#[##] | 0 | 16 |
| RIP:scsi_init_io | 0 | 16 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 16 |
+---------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <[email protected]>
[ 203.892883] WARNING: CPU: 0 PID: 443 at block/blk-merge.c:559 blk_rq_map_sg+0x649/0x700
[ 203.897634] Modules linked in: sd_mod scsi_debug xfs libcrc32c dm_mod sr_mod cdrom intel_rapl_msr intel_rapl_common sg ata_generic pata_acpi crct10dif_pclmul crc32_pclmul crc32c_intel bochs_drm ppdev drm_vram_helper ghash_clmulni_intel ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops snd_pcm drm snd_timer snd aesni_intel crypto_simd ata_piix cryptd glue_helper soundcore joydev pcspkr serio_raw libata i2c_piix4 floppy parport_pc parport ip_tables
[ 203.910875] CPU: 0 PID: 443 Comm: kworker/0:1H Not tainted 5.4.0-rc2-00027-gfa53228721876 #7
[ 203.913336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 203.915809] Workqueue: kblockd blk_mq_run_work_fn
[ 203.917547] RIP: 0010:blk_rq_map_sg+0x649/0x700
[ 203.919306] Code: 0f 84 83 fb ff ff f7 d0 21 d0 83 c0 01 01 41 0c 01 86 cc 00 00 00 e9 6e fb ff ff 48 8b 04 24 4c 89 e1 8b 40 1c e9 56 fb ff ff <0f> 0b e9 5d fc ff ff 0f 0b 0f 0b 0f 0b 80 3d cf 5b 3b 01 00 74 09
[ 203.924618] RSP: 0018:ffffb420403c3bd8 EFLAGS: 00010202
[ 203.926540] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffff8f4f5fe49800
[ 203.928780] RDX: 0000000000001000 RSI: ffff8f4f31832400 RDI: ffffb4204035fb60
[ 203.931084] RBP: ffff8f4f5ed641c0 R08: ffff8f4f5ed641c0 R09: 0000000000000600
[ 203.933389] R10: 0000000000001000 R11: 0000000000001000 R12: ffff8f4f5fe49800
[ 203.935687] R13: 0000000000000002 R14: 0000000000000600 R15: 0000000000000000
[ 203.937962] FS: 0000000000000000(0000) GS:ffff8f4fbfc00000(0000) knlGS:0000000000000000
[ 203.940416] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 203.942414] CR2: 000056365d914000 CR3: 0000000228cb6000 CR4: 00000000000406f0
[ 203.944683] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 203.946992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 203.949261] Call Trace:
[ 203.951375] scsi_init_io+0x66/0x170
[ 203.952941] sd_init_command+0x192/0xac0 [sd_mod]
[ 203.954775] scsi_queue_rq+0x597/0xac0
[ 203.956361] blk_mq_dispatch_rq_list+0x3da/0x5b0
[ 203.958160] ? syscall_return_via_sysret+0x10/0x7f
[ 203.959984] ? __switch_to_asm+0x40/0x70
[ 203.961606] ? __switch_to_asm+0x34/0x70
[ 203.963263] ? elv_rb_del+0x1f/0x30
[ 203.964810] ? deadline_remove_request+0x55/0xc0
[ 203.966618] blk_mq_do_dispatch_sched+0x76/0x120
[ 203.968365] blk_mq_sched_dispatch_requests+0x100/0x170
[ 203.970222] __blk_mq_run_hw_queue+0x60/0x130
[ 203.971930] process_one_work+0x1ae/0x3d0
[ 203.973539] worker_thread+0x3c/0x3b0
[ 203.975115] ? process_one_work+0x3d0/0x3d0
[ 203.976737] kthread+0x11e/0x140
[ 203.978206] ? kthread_park+0x90/0x90
[ 203.979727] ret_from_fork+0x35/0x40
[ 203.981236] ---[ end trace a0fde01679c74e77 ]---
To reproduce:
# build kernel
cd linux
cp config-5.4.0-rc2-00027-gfa53228721876 .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
Thanks,
lkp
On Fri, Nov 8, 2019 at 4:23 PM kernel test robot <[email protected]> wrote:
>
> FYI, we noticed the following commit (built with gcc-7):
>
> commit: fa53228721876515adabc7bc74368490bd97aa3b ("block: avoid blk_bio_segment_split for small I/O operations")
> https://git.kernel.org/cgit/linux/kernel/git/axboe/linux-block.git for-5.5/block
>
> in testcase: xfstests
> with following parameters:
>
> disk: 4HDD
> fs: xfs
> test: xfs-group16
>
> test-description: xfstests is a regression test suite for xfs and other files ystems.
> test-url: git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git
>
>
> on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
>
> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
>
>
> +---------------------------------------------+------------+------------+
> | | d2c9be89f8 | fa53228721 |
> +---------------------------------------------+------------+------------+
> | boot_successes | 12 | 0 |
> | boot_failures | 0 | 16 |
> | WARNING:at_block/blk-merge.c:#blk_rq_map_sg | 0 | 16 |
> | RIP:blk_rq_map_sg | 0 | 16 |
> | kernel_BUG_at_drivers/scsi/scsi_lib.c | 0 | 16 |
> | invalid_opcode:#[##] | 0 | 16 |
> | RIP:scsi_init_io | 0 | 16 |
> | Kernel_panic-not_syncing:Fatal_exception | 0 | 16 |
> +---------------------------------------------+------------+------------+
>
>
> If you fix the issue, kindly add following tag
> Reported-by: kernel test robot <[email protected]>
>
>
> [ 203.892883] WARNING: CPU: 0 PID: 443 at block/blk-merge.c:559 blk_rq_map_sg+0x649/0x700
If the bvec crosses page boundary, and meantime its length is
<=PAGE_SIZE, this issue may be triggered, given
some device has PAGE_SIZE segment boundary limit.
The following patch should fix this issue:
diff --git a/block/blk-merge.c b/block/blk-merge.c
index f22cb6251d06..367d3358de2a 100644
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -319,7 +319,8 @@ void __blk_queue_split(struct request_queue *q,
struct bio **bio,
*/
if (!q->limits.chunk_sectors &&
(*bio)->bi_vcnt == 1 &&
- (*bio)->bi_io_vec[0].bv_len <= PAGE_SIZE) {
+ ((*bio)->bi_io_vec[0].bv_len +
+ (*bio)->bi_io_vec[0].bv_offset) <= PAGE_SIZE) {
*nr_segs = 1;
break;
}
However, in case of 64K PAGE_SIZE, I guess this way is still not safe enough.
thanks,
Ming