Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933766AbdDFQBU (ORCPT ); Thu, 6 Apr 2017 12:01:20 -0400 Received: from mail-lf0-f65.google.com ([209.85.215.65]:33792 "EHLO mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933630AbdDFQBO (ORCPT ); Thu, 6 Apr 2017 12:01:14 -0400 From: Dmitry Monakhov To: Christoph Hellwig Cc: linux-kernel@vger.kernel.org, darrick.wong@oracle.com, axboe@kernel.dk, tytso@mit.edu, jack@suse.cz, hch@infradead.org Subject: Re: [PATCH 1/5] bh: Prevent panic on invalid BHs In-Reply-To: <20170406154236.GA16767@infradead.org> References: <1491480169-1889-1-git-send-email-dmonakhov@openvz.org> <1491480169-1889-2-git-send-email-dmonakhov@openvz.org> <20170406154236.GA16767@infradead.org> Date: Thu, 06 Apr 2017 19:01:11 +0300 Message-ID: <8760ihjzjs.fsf@dmlp.sw.ru> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 805 Lines: 37 Christoph Hellwig writes: > This look ok, but how did you manage to trigger this case? # testcases # TEST1 # Via bug in fallocate truncate -l 1G img losetup /dev/loop img mkfs.ext4 -qF /dev/loop0 mkdir m mount /dev/loop0 m # command above truncate bdevs pagecache xfs_io -c "falloc -k 0 32G" -d /dev/loop0 for ((i=0;i<100;i++));do xfs_io -c "pwrite 0 4k" -d m/test-$i; done sync # TEST2: NBD close_sock -> kill_bdev mkdir -p a/mnt cd a truncate -s 1G img mkfs.ext4 -qF img qemu-nbd -c /dev/nbd0 img mount /dev/nbd0 /mnt cp -r /bin/ /mnt& # Disconnect nbd while cp is active qemu-nbd -d /dev/nbd0 sync > I think > we might have a deeper problem here. Probably. It seems that !buffer_locked(bh) case should stay BUG_ON because it is hard to make semi-correct decesion here.