All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Kani, Toshimitsu" <toshi.kani@hpe.com>
To: "linux-nvdimm@lists.01.org" <linux-nvdimm@lists.01.org>,
	"hirofumi@mail.parknet.co.jp" <hirofumi@mail.parknet.co.jp>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
Subject: FIle copy to FAT FS on NVDIMM hits BUG_ON at fs/buffer.c:3305!
Date: Tue, 25 Jul 2017 21:37:38 +0000	[thread overview]
Message-ID: <1501018096.2042.70.camel@hpe.com> (raw)

Hi,

Copying files to vfat FS on an NVDIMM device hits
BUG_ON(!PageLocked(page)) in try_to_free_buffers().  It happens on
4.13-rc1, and happens on older kernels as well.

A simple reproducer is shown below.  It is 100% reproducible on my
setup (8GB of regular memory and 16GB of NVDIMM).  It usually hits in
the 3rd or 4th file copy and does not repeat with the while-loop. 
Interestingly, it hits only when an NVDIMM device is set as raw or
memory mode.  It does not hit with sector mode.
 
==
DEV=pmem0
set -x
mkfs.vfat /dev/$DEV
mount /dev/$DEV /mnt/$DEV
dd if=/dev/zero of=/mnt/$DEV/1Gfile bs=1M count=1024
while true; do
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-1
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-2
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-3
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-4
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-5
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-6
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-7
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-8
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-9
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-10
done
==

 kernel BUG at fs/buffer.c:3305!
 invalid opcode: 0000 [#1] SMP
  :
 Workqueue: writeback wb_workfn (flush-259:0)
 task: ffff8d02595b8000 task.stack: ffffa22242400000
 RIP: 0010:try_to_free_buffers+0xd2/0xe0
 RSP: 0018:ffffa22242403830 EFLAGS: 00010246
 RAX: 00afffc000001028 RBX: 0000000000000008 RCX: ffff8d012dcf19c0
 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffc468e3b52b80
 RBP: ffffa22242403858 R08: 0000000000000000 R09: 000000000002067c
 R10: ffff8d027ffe6000 R11: 0000000000000000 R12: 0000000000000000
 R13: ffff8d022fccdbe0 R14: ffffc468e3b52b80 R15: ffffa22242403ad0
 FS:  0000000000000000(0000) GS:ffff8d027fd40000(0000)
knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00007f9d2bb80b70 CR3: 000000084fe09000 CR4: 00000000007406e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 PKRU: 55555554
 Call Trace:
  clean_buffers+0x5d/0x70
  __mpage_writepage+0x567/0x760
  ? page_mkclean+0x6a/0xb0
  write_cache_pages+0x205/0x580
  ? clean_buffers+0x70/0x70
  ? fat_add_cluster+0x80/0x80 [fat]
  mpage_writepages+0x7c/0x100
  ? fat_add_cluster+0x80/0x80 [fat]
  ? __set_page_dirty+0x9b/0xc0
  ? fprop_fraction_percpu+0x2f/0x80
  fat_writepages+0x15/0x20 [fat]
  ? fat_writepages+0x15/0x20 [fat]
  do_writepages+0x25/0x80
  __writeback_single_inode+0x45/0x350
  writeback_sb_inodes+0x25e/0x610
  __writeback_inodes_wb+0x92/0xc0
  wb_writeback+0x29b/0x340
  wb_workfn+0x195/0x3d0
  ? wb_workfn+0x195/0x3d0
  process_one_work+0x193/0x3d0
  worker_thread+0x4e/0x3d0
  kthread+0x114/0x150
  ? process_one_work+0x3d0/0x3d0
  ? kthread_park+0x60/0x60
  ? kthread_park+0x60/0x60
  ret_from_fork+0x25/0x30
  :
 RIP: try_to_free_buffers+0xd2/0xe0 RSP: ffffa22242403830


Thanks,
-Toshi
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

WARNING: multiple messages have this Message-ID (diff)
From: "Kani, Toshimitsu" <toshi.kani@hpe.com>
To: "linux-nvdimm@lists.01.org" <linux-nvdimm@lists.01.org>,
	"hirofumi@mail.parknet.co.jp" <hirofumi@mail.parknet.co.jp>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
Subject: FIle copy to FAT FS on NVDIMM hits BUG_ON at fs/buffer.c:3305!
Date: Tue, 25 Jul 2017 21:37:38 +0000	[thread overview]
Message-ID: <1501018096.2042.70.camel@hpe.com> (raw)

Hi,

Copying files to vfat FS on an NVDIMM device hits
BUG_ON(!PageLocked(page)) in try_to_free_buffers().  It happens on
4.13-rc1, and happens on older kernels as well.

A simple reproducer is shown below.  It is 100% reproducible on my
setup (8GB of regular memory and 16GB of NVDIMM).  It usually hits in
the 3rd or 4th file copy and does not repeat with the while-loop. 
Interestingly, it hits only when an NVDIMM device is set as raw or
memory mode.  It does not hit with sector mode.
 
==
DEV=pmem0
set -x
mkfs.vfat /dev/$DEV
mount /dev/$DEV /mnt/$DEV
dd if=/dev/zero of=/mnt/$DEV/1Gfile bs=1M count=1024
while true; do
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-1
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-2
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-3
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-4
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-5
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-6
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-7
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-8
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-9
cp /mnt/$DEV/1Gfile /mnt/$DEV/file-10
done
==

 kernel BUG at fs/buffer.c:3305!
 invalid opcode: 0000 [#1] SMP
  :
 Workqueue: writeback wb_workfn (flush-259:0)
 task: ffff8d02595b8000 task.stack: ffffa22242400000
 RIP: 0010:try_to_free_buffers+0xd2/0xe0
 RSP: 0018:ffffa22242403830 EFLAGS: 00010246
 RAX: 00afffc000001028 RBX: 0000000000000008 RCX: ffff8d012dcf19c0
 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffc468e3b52b80
 RBP: ffffa22242403858 R08: 0000000000000000 R09: 000000000002067c
 R10: ffff8d027ffe6000 R11: 0000000000000000 R12: 0000000000000000
 R13: ffff8d022fccdbe0 R14: ffffc468e3b52b80 R15: ffffa22242403ad0
 FS:  0000000000000000(0000) GS:ffff8d027fd40000(0000)
knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00007f9d2bb80b70 CR3: 000000084fe09000 CR4: 00000000007406e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 PKRU: 55555554
 Call Trace:
  clean_buffers+0x5d/0x70
  __mpage_writepage+0x567/0x760
  ? page_mkclean+0x6a/0xb0
  write_cache_pages+0x205/0x580
  ? clean_buffers+0x70/0x70
  ? fat_add_cluster+0x80/0x80 [fat]
  mpage_writepages+0x7c/0x100
  ? fat_add_cluster+0x80/0x80 [fat]
  ? __set_page_dirty+0x9b/0xc0
  ? fprop_fraction_percpu+0x2f/0x80
  fat_writepages+0x15/0x20 [fat]
  ? fat_writepages+0x15/0x20 [fat]
  do_writepages+0x25/0x80
  __writeback_single_inode+0x45/0x350
  writeback_sb_inodes+0x25e/0x610
  __writeback_inodes_wb+0x92/0xc0
  wb_writeback+0x29b/0x340
  wb_workfn+0x195/0x3d0
  ? wb_workfn+0x195/0x3d0
  process_one_work+0x193/0x3d0
  worker_thread+0x4e/0x3d0
  kthread+0x114/0x150
  ? process_one_work+0x3d0/0x3d0
  ? kthread_park+0x60/0x60
  ? kthread_park+0x60/0x60
  ret_from_fork+0x25/0x30
  :
 RIP: try_to_free_buffers+0xd2/0xe0 RSP: ffffa22242403830


Thanks,
-Toshi

             reply	other threads:[~2017-07-25 21:36 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-25 21:37 Kani, Toshimitsu [this message]
2017-07-25 21:37 ` FIle copy to FAT FS on NVDIMM hits BUG_ON at fs/buffer.c:3305! Kani, Toshimitsu
2017-07-25 22:22 ` Ross Zwisler
2017-07-25 22:22   ` Ross Zwisler
2017-07-25 22:27   ` Kani, Toshimitsu
2017-07-25 22:27     ` Kani, Toshimitsu
2017-07-26  8:21   ` Johannes Thumshirn
2017-07-26  8:21     ` Johannes Thumshirn
2017-07-26  9:23     ` OGAWA Hirofumi
2017-07-26  9:23       ` OGAWA Hirofumi
2017-07-26 14:23       ` Ross Zwisler
2017-07-26 14:23         ` Ross Zwisler
2017-07-26 16:08         ` Dan Williams
2017-07-26 16:08           ` Dan Williams
2017-07-26 17:03           ` Christoph Hellwig
2017-07-26 17:03             ` Christoph Hellwig
2017-07-26 17:11       ` Matthew Wilcox
2017-07-26 17:11         ` Matthew Wilcox
2017-07-27 16:12         ` Kani, Toshimitsu
2017-07-27 16:12           ` Kani, Toshimitsu
2017-07-27 18:03           ` Ross Zwisler
2017-07-27 18:03             ` Ross Zwisler
2017-07-27 18:20             ` Kani, Toshimitsu
2017-07-27 18:20               ` Kani, Toshimitsu
2017-09-20 21:04           ` Kani, Toshimitsu
2017-09-20 21:04             ` Kani, Toshimitsu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1501018096.2042.70.camel@hpe.com \
    --to=toshi.kani@hpe.com \
    --cc=hirofumi@mail.parknet.co.jp \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-nvdimm@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.