Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751742AbdIAJ2N (ORCPT ); Fri, 1 Sep 2017 05:28:13 -0400 Received: from mail-pf0-f169.google.com ([209.85.192.169]:35849 "EHLO mail-pf0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751457AbdIAJ2J (ORCPT ); Fri, 1 Sep 2017 05:28:09 -0400 X-Google-Smtp-Source: ADKCNb6VYkGDtOSoBuADB1DX5CytdG03YW/HyWXyaIxENCp8frFWe6vE1xIOxrZQEKpN2lyP0GKQiw== From: Dennis Yang To: shli@kernel.org Cc: linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, Dennis Yang Subject: Re: [PATCH] md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list Date: Fri, 1 Sep 2017 17:26:48 +0800 Message-Id: <1504258008-24637-1-git-send-email-dennisyang@qnap.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <20170901053857.a5qaqhzdevucby6p@kernel.org> References: <20170901053857.a5qaqhzdevucby6p@kernel.org> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 9450 Lines: 148 >On Mon, Aug 28, 2017 at 08:01:59PM +0800, Dennis Yang wrote: >> break_stripe_batch_list() did not preserve STRIPE_ON_UNPLUG_LIST which is >> set when a stripe_head gets queued to the stripe_head list maintained by >> raid5_plug_cb and waiting for releasing after blk_unplug(). >> >> In release_stripe_plug(), if a stripe_head has its STRIPE_ON_UNPLUG_LIST >> set, it indicates that this stripe_head is already in the raid5_plug_cb >> list and release_stripe() would be called instead to drop a reference >> count. Otherwise, the STRIPE_ON_UNPLUG_LIST bit would be set for this >> stripe_head and it will get queued into the raid5_plug_cb list. >> >> Without preserving STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list(), >> a stripe_head could be re-added to the raid5_plug_cb list while it is >> currently on that list and waiting to be released. This would mess up >> the raid5_plug_cb and leads to soft/hard lockup in raid5_unplug() or >> kernel crash. > >Did you observe this? From my understanding, this is impossible. If a stripe is >in batch list (that's why we have break_stripe_batch_list), add_stripe_bio will >bail out (because sh->batch_head != NULL), so the stripe is never added into >plug list, hence has the STRIPE_ON_UNPLUG_LIST bit set. Am I missing anything? > >Thanks, >Shaohua It is hard to reproduce. Our storage exports 4 iscsi LUNs which are built on top of a dm-thin pool with 8 x SSD RAID6. Each two of these iscsi LUNs are connected to a windows server which runs 4 fio jobs with 16 threads and iodepth = 16. In this setup, we can get the following call trace after couples of hours. The stack dump basically shows that the raid5_unplug is holding the conf->device_lock for a very long time. After adding some debug traces, we can confirm that the raid5_plug_cb->list is corrupted which sometimes leads to infinite loop in raid5_unplug. I didn't notice that add_stripe_bio will bail out if the stripe_head is in someone's batch list, but I am wondering if the following scenario will still happen. If a stripe_head A is added to another stripe_head B's batch list, in this case A will have its batch_head != NULL and be added into the plug list. After that, stripe_head B gets handled and called break_stripe_batch_list() to reset all the batched stripe_head(including A which is still on the plug list)'s state and reset their batch_head to NULL. Before the plug list gets processed, if there is another write request comes in and get stripe_head A, A will have its batch_head == NULL (cleared by calling break_stripe_batch_list() on B) and be added to plug list once again. Since we have the environment which can reproduce this issue in 6 hours, if there is anything we can do to help resolve this issue, we are more than willing to help. Thanks, Dennis [ 4481.493998] BUG: spinlock lockup suspected on CPU#10, md1_raid6/5497 [ 4481.501109] lock: 0xffff88102b242888, .magic: dead4ead, .owner: kworker/u24:2/22322, .owner_cpu: 0 [ 4481.511231] CPU: 10 PID: 5497 Comm: md1_raid6 Tainted: P W O 4.2.8 #7 [ 4481.519504] Hardware name: Default string Default string/Default string, BIOS QY38AR06 01/24/2017 [ 4481.529429] ffff88102b242888 ffff881014967c78 ffffffff81c933b6 0000000000000007 [ 4481.537739] ffff8805c9720a00 ffff881014967c98 ffffffff810d2c20 ffff88102b242888 [ 4481.546048] 0000000082d0f7c8 ffff881014967cc8 ffffffff810d2d9b ffff88102b242888 [ 4481.554357] Call Trace: [ 4481.557093] [] dump_stack+0x4c/0x65 [ 4481.562840] [] spin_dump+0x80/0xd0 [ 4481.568489] [] do_raw_spin_lock+0x9b/0x120 [ 4481.574916] [] _raw_spin_lock_irq+0x41/0x50 [ 4481.581443] [] ? raid5d+0x64/0x790 [ 4481.587091] [] raid5d+0x64/0x790 [ 4481.592546] [] ? finish_wait+0x46/0x80 [ 4481.598583] [] ? finish_wait+0x68/0x80 [ 4481.604621] [] md_thread+0x13e/0x150 [ 4481.610464] [] ? wait_woken+0xb0/0xb0 [ 4481.616405] [] ? find_pers+0x80/0x80 [ 4481.622249] [] kthread+0x105/0x120 [ 4481.627899] [] ? kthread_create_on_node+0x220/0x220 [ 4481.635201] [] ret_from_fork+0x3f/0x70 [ 4481.641239] [] ? kthread_create_on_node+0x220/0x220 [ 4481.654638] NMI backtrace for cpu 0 [ 4481.658536] CPU: 0 PID: 22322 Comm: kworker/u24:2 Tainted: P W O 4.2.8 #7 [ 4481.667198] Hardware name: Default string Default string/Default string, BIOS QY38AR06 01/24/2017 [ 4481.677124] Workqueue: writeback wb_workfn (flush-252:15) [ 4481.683160] task: ffff8805c9720a00 ti: ffff8805c84f8000 task.ti: ffff8805c84f8000 [ 4481.691531] RIP: 0010:[] [] raid5_unplug+0x71/0x270 [ 4481.700582] RSP: 0018:ffff8805c84fb938 EFLAGS: 00000046 [ 4481.706521] RAX: ffff8805cd2ce258 RBX: ffff881038557280 RCX: ffff8805cd2ce258 [ 4481.714502] RDX: ffff8805cd2ce258 RSI: ffff8805cd2ce248 RDI: ffff88102b242000 [ 4481.722483] RBP: ffff8805c84fb978 R08: ffffffff81e0a1c0 R09: 0000000000000000 [ 4481.730464] R10: 0000000000000000 R11: 00000000071775d0 R12: 00000000b921e53c [ 4481.738445] R13: ffff88102b242000 R14: ffff8810385572a0 R15: ffff88102feec000 [ 4481.746427] FS: 0000000000000000(0000) GS:ffff88107fc00000(0000) knlGS:0000000000000000 [ 4481.755477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4481.761904] CR2: 00007fb7bf2d2000 CR3: 0000000fff8df000 CR4: 00000000003406f0 [ 4481.769886] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4481.777868] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4481.785848] Stack: [ 4481.788094] 00000000f835a020 ffff88102b242888 ffff8805c84fbb48 ffff8805c84fb9a8 [ 4481.796366] 0000000000000000 ffff8805c84fba28 ffff8805c84fba48 ffff8805c84fb998 [ 4481.804640] ffff8805c84fb9e8 ffffffff81463c8b ffff8805c84fb9d8 ffffffff81461bb2 [ 4481.812912] Call Trace: [ 4481.815644] [] blk_flush_plug_list+0x9b/0x230 [ 4481.822361] [] ? submit_bio+0x62/0x150 [ 4481.828398] [] blk_finish_plug+0x24/0x40 [ 4481.834628] [] mpage_writepages+0x73/0x90 [ 4481.840956] [] ? I_BDEV+0x10/0x10 [ 4481.846506] [] qnap_blkdev_writepages+0x10/0x20 [ 4481.853418] [] do_writepages+0x59/0x70 [ 4481.859455] [] __writeback_single_inode+0x74/0xa50 [ 4481.866658] [] writeback_sb_inodes+0x2f1/0x680 [ 4481.873472] [] __writeback_inodes_wb+0x84/0xb0 [ 4481.880287] [] wb_writeback+0x329/0x6e0 [ 4482.914006] NMI backtrace for cpu 5 [ 4482.917906] CPU: 5 PID: 26333 Comm: kworker/u24:5 Tainted: P W O 4.2.8 #7 [ 4482.926567] Hardware name: Default string Default string/Default string, BIOS QY38AR06 01/24/2017 [ 4482.936492] Workqueue: writeback wb_workfn (flush-252:14) [ 4482.942529] task: ffff8805c7a74340 ti: ffff8805c6228000 task.ti: ffff8805c6228000 [ 4482.950898] RIP: 0010:[] [] delay_tsc+0x17/0x70 [ 4482.959558] RSP: 0018:ffff8805c622b368 EFLAGS: 00000082 [ 4482.965498] RAX: 00000000dc0ef28f RBX: ffff88102b242888 RCX: 00000000dc0ef259 [ 4482.973479] RDX: 0000000000003c68 RSI: 0000000000000005 RDI: 0000000000000001 [ 4482.981460] RBP: ffff8805c622b368 R08: 0000000000000001 R09: 0000000000000001 [ 4482.989441] R10: 0000000000000000 R11: 0000000000000007 R12: 00000000763815f7 [ 4482.997422] R13: 0000000000000001 R14: 0000000082d0f7c8 R15: ffff88102feec000 [ 4483.005403] FS: 0000000000000000(0000) GS:ffff88107fca0000(0000) knlGS:0000000000000000 [ 4483.014459] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4483.020876] CR2: 00007f54d805a030 CR3: 0000001006c20000 CR4: 00000000003406e0 [ 4483.028858] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4483.036840] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4483.044822] Stack: [ 4483.047069] ffff8805c622b378 ffffffff8149cf2a ffff8805c622b3a8 ffffffff810d2d87 [ 4483.055341] ffff88102b242888 0000000000000000 ffff88102b242000 ffff881007d702a0 [ 4483.063613] ffff8805c622b3d8 ffffffff81ca14d1 ffffffff816cd9ca 0000000000000000 [ 4483.071885] Call Trace: [ 4483.074617] [] __delay+0xa/0x10 [ 4483.079973] [] do_raw_spin_lock+0x87/0x120 [ 4483.086399] [] _raw_spin_lock_irq+0x41/0x50 [ 4483.092920] [] ? raid5_unplug+0x4a/0x270 [ 4483.099151] [] raid5_unplug+0x4a/0x270 [ 4483.105188] [] blk_flush_plug_list+0x9b/0x230 [ 4483.111907] [] schedule+0x6d/0x90 [ 4483.117459] [] __get_active_stripe.constprop.61+0x750/0x970 [ 4483.125539] [] ? wait_woken+0xb0/0xb0 [ 4483.131480] [] make_request+0x1fa/0xe30 [ 4483.137616] [] ? md_make_request+0x1fe/0x4b0 [ 4483.144238] [] ? wait_woken+0xb0/0xb0 [ 4483.150179] [] ? md_make_request+0x1c2/0x4b0 [ 4483.156800] [] md_make_request+0x1fe/0x4b0 [ 4483.163227] [] ? md_make_request+0x4e/0x4b0 [ 4483.169750] [] ? dm_make_request+0x73/0x110 [ 4483.176273] [] generic_make_request+0xce/0x110