Re: bug in bcachefs -> bio_copy_data_iter

public inbox for linux-bcachefs@vger.kernel.org
 help / color / mirror / Atom feed

From: Coly Li <colyli@suse.de>
To: hch@lst.de, Kent Overstreet <kent.overstreet@gmail.com>
Cc: ming.lei@redhat.com, linux-bcachefs@vger.kernel.org
Subject: Re: bug in bcachefs -> bio_copy_data_iter
Date: Wed, 10 Nov 2021 20:02:06 +0800	[thread overview]
Message-ID: <84ff96fe-ff4b-b58b-b732-88e87fe0b502@suse.de> (raw)
In-Reply-To: <YYrwbksSPdtITbEs@moria.home.lan>

On 11/10/21 6:04 AM, Kent Overstreet wrote:
> Hey Christoph, got a strange one.
>
> I've got a user that's reporting a bug where we deref a bad ptr in bio_copy_data
> -> memcpy, and reverting your patch "block: rewrite bio_copy_data_iter to use
> bvec_kmap_local and memcpy_to_bvec" seems to make it go away.
>
> I haven't figured out what's different yet between the two versions (your patch
> looks like it should be functionally equivalent), but clearly I'm missing
> something... wonder if there might be some relation to the bug you guys hit in
> bcache with bvec_virt.
>
> Any ideas?

I experience similar one in bcache code during my recent development,

[ 3134.522913] BUG: unable to handle page fault for address: 
ffffa100e2eaa3f8^M
[ 3134.605187] #PF: supervisor read access in kernel mode^M
[ 3134.666654] #PF: error_code(0x0000) - not-present page^M
[ 3134.728124] PGD 523c805067 P4D 523c805067 PUD 5b35ea1067 PMD 
5b35d89067 PTE 800ffffb5d155060^M
[ 3134.829113] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI^M
[ 3134.889545] CPU: 3 PID: 458 Comm: kworker/3:2 Kdump: loaded Tainted: 
G            EL    5.15.0-59.27-default+ #15^M
[ 3135.012373] Hardware name: Lenovo ThinkSystem SR650 
-[7X05CTO1WW]-/-[7X05CTO1WW]-, BIOS -[IVE164L-2.80]- 10/23/2020^M
[ 3135.137281] Workqueue: bcache cached_dev_read_done [bcache]^M
[ 3135.203970] RIP: 0010:bio_copy_data_iter+0x1a8/0x260^M
[ 3135.263365] Code: 8d 04 3e 48 3d 00 10 00 00 0f 87 a3 00 00 00 4c 01 
f9 41 83 f8 08 0f 82 89 fe ff ff 48 8b 06 48 8d 79 08 48 83 e7 f8 48 89 
01 <4a> 8b 44 36 f8 4a 89 44 31 f8 48 29 f9 48 29 ce 44 01 c1 c1 e9 03^M
[ 3135.488114] RSP: 0018:ffffba1607fcbdb8 EFLAGS: 00010282^M
[ 3135.550624] RAX: 0000000000000000 RBX: ffffa0ff6912f968 RCX: 
ffffa0fe22626000^M
[ 3135.636012] RDX: ffffa0ffa8cc4160 RSI: ffffa100e2ea9400 RDI: 
ffffa0fe22626008^M
[ 3135.721402] RBP: 0000000000001000 R08: 0000000000001000 R09: 
0000000000000c00^M
[ 3135.806793] R10: ffffba1607fcbdf8 R11: ffffba1607fcbe10 R12: 
ffffa0fc40000000^M
[ 3135.892180] R13: ffffe04500000000 R14: 0000000000001000 R15: 
0000000000000000^M
[ 3135.977570] FS:  0000000000000000(0000) GS:ffffa1084b000000(0000) 
knlGS:0000000000000000^M
[ 3136.074399] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033^M
[ 3136.143147] CR2: ffffa100e2eaa3f8 CR3: 000000036854c003 CR4: 
00000000007706e0^M
[ 3136.228538] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000^M
[ 3136.313926] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400^M
[ 3136.399317] PKRU: 55555554^M
[ 3136.431665] Call Trace:^M
[ 3136.460896]  bio_copy_data+0x5e/0x80^M
[ 3136.503647]  cached_dev_read_done+0xa8/0x210 [bcache]^M
[ 3136.564082]  process_one_work+0x2e3/0x640^M
[ 3136.612034]  worker_thread+0x39/0x400^M
[ 3136.655824]  ? process_one_work+0x640/0x640^M
[ 3136.705854]  kthread+0x13c/0x160^M
[ 3136.744442]  ? set_kthread_struct+0x40/0x40^M
[ 3136.794471]  ret_from_fork+0x22/0x30^M



Coly Li

next prev parent reply	other threads:[~2021-11-10 12:02 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-09 22:04 bug in bcachefs -> bio_copy_data_iter Kent Overstreet
2021-11-10 12:02 ` Coly Li [this message]
2022-04-23 17:31   ` Christoph Hellwig
2022-05-07 18:28     ` Kent Overstreet
2022-05-08  7:41       ` Coly Li

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=84ff96fe-ff4b-b58b-b732-88e87fe0b502@suse.de \
    --to=colyli@suse.de \
    --cc=hch@lst.de \
    --cc=kent.overstreet@gmail.com \
    --cc=linux-bcachefs@vger.kernel.org \
    --cc=ming.lei@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox