__blkdev_direct_IO_simple() is allocating a bio on the stack. When that bio needs to be split bio_chain_endio() invokes bio_put() on this bio, causing the kernel to crash in mempool_free() as the bio was never allocated from a mempool in the first place. So call bio_get() before submitting to avoid this problem.
Signed-off-by: Hannes Reinecke <[email protected]> --- fs/block_dev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/block_dev.c b/fs/block_dev.c index c546cdce77e6..4b3a04c3b8bd 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -235,6 +235,7 @@ __blkdev_direct_IO_simple(struct kiocb *iocb, struct iov_iter *iter, if (iocb->ki_flags & IOCB_HIPRI) bio.bi_opf |= REQ_HIPRI; + bio_get(&bio); qc = submit_bio(&bio); for (;;) { set_current_state(TASK_UNINTERRUPTIBLE); @@ -254,7 +255,7 @@ __blkdev_direct_IO_simple(struct kiocb *iocb, struct iov_iter *iter, if (unlikely(bio.bi_status)) ret = blk_status_to_errno(bio.bi_status); - + bio_put(&bio); out: if (vecs != inline_vecs) kfree(vecs); -- 2.16.4
