[Ocfs2-users] BUG_ON(le64_to_cpu(fe->i_size) != i_size_read(inode)) is triggered in ocfs2_truncate_file()
Eric Ren
zren at suse.com
Thu Oct 27 22:04:29 PDT 2016
Hi all,
Any one ever see this BUG_ON() assertion (https://github.com/torvalds/linux/blob/master/fs/ocfs2/file.c#L460)
triggered? (paste log message at the end). I cannot reproduced it so far.
fallocate with FALLOC_FL_KEEP_SIZE flag (man 2 fallocate) can result in "le64_to_cpu(fe->i_size) != i_size_read(inode)"
as explained in this commit message:
```
commit d62e74be1270c89fbaf7aada8218bfdf62d00a58
Author: Younger Liu <younger.liu at huawei.com <mailto:younger.liu at huawei.com>>
Date: Mon Feb 10 14:25:51 2014 -0800
ocfs2: fix issue that ocfs2_setattr() does not deal with new_i_size==i_size
The issue scenario is as following:
- Create a small file and fallocate a large disk space for a file with
FALLOC_FL_KEEP_SIZE option.
- ftruncate the file back to the original size again. but the disk free
space is not changed back. This is a real bug that be fixed in this
patch.
In order to solve the issue above, we modified ocfs2_setattr(), if
attr->ia_size != i_size_read(inode), It calls ocfs2_truncate_file(), and
truncate disk space to attr->ia_size.
```
I was thinking to remove this BUG_ON() assertion. But, the following steps cannot
trigger it:
$dd if=/dev/zero of=/mnt/ocfs2/test2 bs=512 count=1
$fallocate --keep-size --length 1024000000 /mnt/ocfs2/test2
$truncate --size=512 /mnt/ocfs2/test2
I'm wondering why the testing result goes against what I expect? Finally, I find that:
ocfs2_inode_lock(inode, bh, 1) in ocfs2_setattr() will update the inode->i_size filed from LVB value
or ocfs2_dinode from disk.
---
vfs_truncate
do_truncate
inode_lock()
notify_change
ocfs2_setattr
ocfs2_rw_lock()
ocfs2_inode_lock()
ocfs2_truncate_file
ocfs2_rw_lock()
ocfs2_inode_unlock
inode_unlock()
---
ocfs2_inode_lock()
ocfs2_inode_lock_full_nested() ocfs2_inode_lock_update() ==>
https://github.com/torvalds/linux/blob/master/fs/ocfs2/dlmglue.c#L2204 if
(ocfs2_meta_lvb_is_trustable()) ocfs2_refresh_inode_from_lvb() else {
ocfs2_read_inode_block() ocfs2_refresh_inode() } Since we update inode->i_size under the protection of thus locks, how was the assertion triggered?
As always, any comments and suggestion will be appreciated!
Thanks,
Eric
Log message:
```
kernel-default-3.0.101-80
ocfs2-kmp-default-1.6_3.0.101_68-0.25.6
[239098.534619] (dsmc,8244,6):ocfs2_truncate_file:466 ERROR: bug expression: le64_to_cpu(fe->i_size) != i_size_read(inode)
[239098.534633] (dsmc,8244,6):ocfs2_truncate_file:466 ERROR: Inode 10812, inode i_size = 677 != di i_size = 738, i_flags = 0x1
...
[239098.534724] kernel BUG at /usr/src/packages/BUILD/ocfs2-1.6/default/ocfs2/file.c:466!
PID: 8244 TASK: ffff8801dfb862c0 CPU: 6 COMMAND: "dsmc"
#0 [ffff8801f59618d0] machine_kexec at ffffffff8102c54e
#1 [ffff8801f5961920] crash_kexec at ffffffff810ae858
#2 [ffff8801f59619f0] oops_end at ffffffff8146b558
#3 [ffff8801f5961a10] do_invalid_op at ffffffff810036c4
#4 [ffff8801f5961ab0] invalid_op at ffffffff81472d5b
[exception RIP: ocfs2_truncate_file+165]
RIP: ffffffffa0929ba5 RSP: ffff8801f5961b68 RFLAGS: 00010296
RAX: 0000000000000085 RBX: ffff8801dfb862c0 RCX: 0000000000007335
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000246
RBP: 1000000000000000 R8: ffffffff81da3ac0 R9: 0000000000000000
R10: 0000000000000003 R11: 00000000ffffffff R12: ffff8801cbb864f8
R13: ffff8801dfb86930 R14: ffff8801bf5ad000 R15: 00000000000002a5
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#5 [ffff8801f5961bd0] ocfs2_setattr at ffffffffa092c43e [ocfs2]
#6 [ffff8801f5961c90] notify_change at ffffffff8117a0cf
#7 [ffff8801f5961cf0] do_truncate at ffffffff8115e177
#8 [ffff8801f5961d60] do_last at ffffffff8116d0c3
#9 [ffff8801f5961dc0] path_openat at ffffffff8116df29
#10 [ffff8801f5961e50] do_filp_open at ffffffff8116e39c
#11 [ffff8801f5961f20] do_sys_open at ffffffff8115eabf
#12 [ffff8801f5961f80] system_call_fastpath at ffffffff81471d72
RIP: 00007f7da23f67b0 RSP: 00007fffae4a3470 RFLAGS: 00010246
RAX: 0000000000000002 RBX: ffffffff81471d72 RCX: 0000000000000000
RDX: 00000000000001b6 RSI: 0000000000000241 RDI: 0000000000cff3df
RBP: 00007fffae4a4ab0 R8: 0000000000000004 R9: 0000000000000001
R10: 0000000000000241 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000d1d2f0 R14: 0000000000930a68 R15: 0000000000000004
ORIG_RAX: 0000000000000002 CS: 0033 SS: 002b
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/ocfs2-users/attachments/20161028/0bc20abc/attachment.html
More information about the Ocfs2-users
mailing list