FIle copy to FAT FS on NVDIMM hits BUG_ON at fs/buffer.c:3305!

Hi, Copying files to vfat FS on an NVDIMM device hits BUG_ON(!PageLocked(page)) in try_to_free_buffers(). It happens on 4.13-rc1, and happens on older kernels as well. A simple reproducer is shown below. It is 100% reproducible on my setup (8GB of regular memory and 16GB of NVDIMM). It usually hits in the 3rd or 4th file copy and does not repeat with the while-loop.  Interestingly, it hits only when an NVDIMM device is set as raw or memory mode. It does not hit with sector mode. == DEV=pmem0 set -x mkfs.vfat /dev/$DEV mount /dev/$DEV /mnt/$DEV dd if=/dev/zero of=/mnt/$DEV/1Gfile bs=1M count=1024 while true; do cp /mnt/$DEV/1Gfile /mnt/$DEV/file-1 cp /mnt/$DEV/1Gfile /mnt/$DEV/file-2 cp /mnt/$DEV/1Gfile /mnt/$DEV/file-3 cp /mnt/$DEV/1Gfile /mnt/$DEV/file-4 cp /mnt/$DEV/1Gfile /mnt/$DEV/file-5 cp /mnt/$DEV/1Gfile /mnt/$DEV/file-6 cp /mnt/$DEV/1Gfile /mnt/$DEV/file-7 cp /mnt/$DEV/1Gfile /mnt/$DEV/file-8 cp /mnt/$DEV/1Gfile /mnt/$DEV/file-9 cp /mnt/$DEV/1Gfile /mnt/$DEV/file-10 done ==  kernel BUG at fs/buffer.c:3305!  invalid opcode: 0000 [#1] SMP :  Workqueue: writeback wb_workfn (flush-259:0)  task: ffff8d02595b8000 task.stack: ffffa22242400000  RIP: 0010:try_to_free_buffers+0xd2/0xe0  RSP: 0018:ffffa22242403830 EFLAGS: 00010246  RAX: 00afffc000001028 RBX: 0000000000000008 RCX: ffff8d012dcf19c0  RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffc468e3b52b80  RBP: ffffa22242403858 R08: 0000000000000000 R09: 000000000002067c  R10: ffff8d027ffe6000 R11: 0000000000000000 R12: 0000000000000000  R13: ffff8d022fccdbe0 R14: ffffc468e3b52b80 R15: ffffa22242403ad0  FS:  0000000000000000(0000) GS:ffff8d027fd40000(0000) knlGS:0000000000000000  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  CR2: 00007f9d2bb80b70 CR3: 000000084fe09000 CR4: 00000000007406e0  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  PKRU: 55555554  Call Trace:   clean_buffers+0x5d/0x70   __mpage_writepage+0x567/0x760   ? page_mkclean+0x6a/0xb0   write_cache_pages+0x205/0x580   ? clean_buffers+0x70/0x70   ? fat_add_cluster+0x80/0x80 [fat]   mpage_writepages+0x7c/0x100   ? fat_add_cluster+0x80/0x80 [fat]   ? __set_page_dirty+0x9b/0xc0   ? fprop_fraction_percpu+0x2f/0x80   fat_writepages+0x15/0x20 [fat]   ? fat_writepages+0x15/0x20 [fat]   do_writepages+0x25/0x80   __writeback_single_inode+0x45/0x350   writeback_sb_inodes+0x25e/0x610   __writeback_inodes_wb+0x92/0xc0   wb_writeback+0x29b/0x340   wb_workfn+0x195/0x3d0   ? wb_workfn+0x195/0x3d0   process_one_work+0x193/0x3d0   worker_thread+0x4e/0x3d0   kthread+0x114/0x150   ? process_one_work+0x3d0/0x3d0   ? kthread_park+0x60/0x60   ? kthread_park+0x60/0x60   ret_from_fork+0x25/0x30 :  RIP: try_to_free_buffers+0xd2/0xe0 RSP: ffffa22242403830 Thanks, -Toshi