[PATCHv5 1/2] block: accumulate memory segment gaps per bio

[Yu Kuai]

Hi,

在 2025/11/11 15:14, Christoph Hellwig 写道:
> On Mon, Nov 10, 2025 at 11:50:51PM -0500, Keith Busch wrote:
>> Thanks for the heads up. This is in the path I'd been modifying lately,
>> so sounds plausible that I introduced the bug. The information here
>> should be enough for me to make progress: it looks like req->bio is NULL
>> in your trace, which I did not expect would happen. But it's late here
>> too, so look with fresh eyes in the morning.
> req->bio should only be NULL for flush requests or passthrough requests
> that do not transfer data.  None of them should end up in this path.

This can be reproduced 100% with branch for-6.19/block now, just:

blkdiscard /dev/md0

Where discard IO will be split to different underlying disks and then
merge. And for discard bio, bio->bi_io_vec is NULL. So when discard
bio ends up to the merge path, bio->bi_io_vec will be dereferenced
unconditionally.

How about following simple fix:

diff --git a/block/blk-merge.c b/block/blk-merge.c
index 3ca6fbf8b787..31f460422fe3 100644
--- a/block/blk-merge.c
+++ b/block/blk-merge.c
@@ -740,6 +740,9 @@ u8 bio_seg_gap(struct request_queue *q, struct bio *prev, struct bio *next,
         gaps_bit = min_not_zero(gaps_bit, prev->bi_bvec_gap_bit);
         gaps_bit = min_not_zero(gaps_bit, next->bi_bvec_gap_bit);

+       if (op_is_discard(prev->bi_opf) || op_is_discard(next->bi_opf))
+               return gaps_bit;
+
         bio_get_last_bvec(prev, &pb);
         bio_get_first_bvec(next, &nb);
         if (!biovec_phys_mergeable(q, &pb, &nb))

Thanks,
Kuai