[Ocfs2-devel] kernel BUG in function ocfs2_truncate_file

Gang He ghe at suse.com
Tue Mar 29 06:15:18 PDT 2016 

Hello Guys,

I got a bug, which reported a kernel BUG in function ocfs2_truncate_file,
Base on my initial analysis, this bug looks like a race condition problem.
Unfortunately, there was no kernel crash dump caught, just got some kernel log as below,

kernel BUG at /usr/src/packages/BUILD/ocfs2-1.6/default/ocfs2/file.c:466!
Oct 21 13:02:19 uii316 [ 1766.831230] Supported: Yes
Oct 21 13:02:19 uii316 [ 1766.831234]
Oct 21 13:02:19 uii316 [ 1766.831238] Pid: 7134, comm: saposcol Not tainted 3.0.101-0.47.67-default #1
Oct 21 13:02:19 uii316 HP ProLiant BL460c G1
Oct 21 13:02:19 uii316
Oct 21 13:02:19 uii316 [ 1766.831247] RIP: 0010:[<ffffffffa0744b95>]
Oct 21 13:02:19 uii316 [<ffffffffa0744b95>] ocfs2_truncate_file+0xa5/0x490 [ocfs2]
Oct 21 13:02:19 uii316 [ 1766.831312] RSP: 0018:ffff880f39d79b68  EFLAGS: 00010296
Oct 21 13:02:19 uii316 [ 1766.831321] RAX: 000000000000008f RBX: ffff880f39c5e240 RCX: 00000000000039fd
Oct 21 13:02:19 uii316 [ 1766.831326] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000246
Oct 21 13:02:19 uii316 [ 1766.831331] RBP: 1000000000000000 R08: ffffffff81da0ac0 R09: 0000000000000000
Oct 21 13:02:19 uii316 [ 1766.831336] R10: 0000000000000003 R11: 00000000ffffffff R12: ffff880f3949bc78
Oct 21 13:02:19 uii316 [ 1766.831342] R13: ffff880f39c5e888 R14: ffff880f3d481000 R15: 00000000000e43bc
Oct 21 13:02:19 uii316 [ 1766.831347] FS:  00007f11cda9d720(0000) GS:ffff880fefd40000(0000) knlGS:0000000000000000
Oct 21 13:02:19 uii316 [ 1766.831353] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Oct 21 13:02:19 uii316 [ 1766.831358] CR2: 00007f11cdad4000 CR3: 0000000f39d35000 CR4: 00000000000007e0
Oct 21 13:02:19 uii316 [ 1766.831363] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Oct 21 13:02:19 uii316 [ 1766.831368] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Oct 21 13:02:19 uii316 [ 1766.831374] Process saposcol (pid: 7134, threadinfo ffff880f39d78000, task ffff880f39c5e240)
Oct 21 13:02:19 uii316 [ 1766.831379] Stack:
Oct 21 13:02:19 uii316 [ 1766.831383]  000000000002433c
Oct 21 13:02:19 uii316 00000000000e43bc
Oct 21 13:02:19 uii316 00000000000eab40
Oct 21 13:02:19 uii316 ffff880f00000001
Oct 21 13:02:19 uii316
Oct 21 13:02:19 uii316 [ 1766.831397]  ffff880f394956e0
Oct 21 13:02:19 uii316 ffff880f8e0d1000
Oct 21 13:02:19 uii316 ffff880f3949b800
Oct 21 13:02:19 uii316 0000000000000000
Oct 21 13:02:19 uii316
Oct 21 13:02:19 uii316 [ 1766.831410]  ffff880f39454980
Oct 21 13:02:19 uii316 0000000000000001
Oct 21 13:02:19 uii316 000000000002433c
Oct 21 13:02:19 uii316 0000000000000008
Oct 21 13:02:19 uii316
Oct 21 13:02:19 uii316 [ 1766.831423] Call Trace:
Oct 21 13:02:19 uii316 [ 1766.831492]  [<ffffffffa074742e>] ocfs2_setattr+0x26e/0xa90 [ocfs2]
Oct 21 13:02:19 uii316 [ 1766.831522]  [<ffffffff81178faf>] notify_change+0x19f/0x2f0
Oct 21 13:02:19 uii316 [ 1766.831534]  [<ffffffff8115d517>] do_truncate+0x57/0x80
Oct 21 13:02:19 uii316 [ 1766.831544]  [<ffffffff8116c053>] do_last+0x603/0x800
Oct 21 13:02:19 uii316 [ 1766.831551]  [<ffffffff8116ceb9>] path_openat+0xd9/0x420
Oct 21 13:02:19 uii316 [ 1766.831558]  [<ffffffff8116d33c>] do_filp_open+0x4c/0xc0
Oct 21 13:02:19 uii316 [ 1766.831566]  [<ffffffff8115de5f>] do_sys_open+0x17f/0x250
Oct 21 13:02:19 uii316 [ 1766.831575]  [<ffffffff8146e1f2>] system_call_fastpath+0x16/0x1b
Oct 21 13:02:19 uii316 [ 1766.831588]  [<00007f11ccb07080>] 0x7f11ccb0707f
Oct 21 13:02:19 uii316 [ 1766.831592] Code:

 The source code in question is as below,
 444 static int ocfs2_truncate_file(struct inode *inode,
 445                                struct buffer_head *di_bh,
 446                                u64 new_i_size)
 447 {
 448         int status = 0;
 449         struct ocfs2_dinode *fe = NULL;
 450         struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
 451
 452         /* We trust di_bh because it comes from ocfs2_inode_lock(), which
 453          * already validated it */
 454         fe = (struct ocfs2_dinode *) di_bh->b_data;
 455
 456         trace_ocfs2_truncate_file((unsigned long long)OCFS2_I(inode)->ip_blkno,
 457                                   (unsigned long long)le64_to_cpu(fe->i_size),
 458                                   (unsigned long long)new_i_size);
 459
 460         mlog_bug_on_msg(le64_to_cpu(fe->i_size) != i_size_read(inode),     <<= here
 461                         "Inode %llu, inode i_size = %lld != di "
 462                         "i_size = %llu, i_flags = 0x%x\n",
 463                         (unsigned long long)OCFS2_I(inode)->ip_blkno,
 464                         i_size_read(inode),
 465                         (unsigned long long)le64_to_cpu(fe->i_size),
 466                         le32_to_cpu(fe->i_flags));
 467

If your encountered the similar issue in the past, please let me know, to see if there is any patch/discussion for this bug.

Thanks a lot.
Gang

More information about the Ocfs2-devel mailing list