search

utsaslab / WineFS

WineFS (SOSP 21): a huge-page aware file system for persistent memory
34 stars 2 forks source link

Kernel bug when truncating file #4

Closed hayley-leblanc closed 2 years ago

hayley-leblanc commented 2 years ago

Hi Rohan,

I've come across a bug in WineFS that occurs when a file is truncated. I'm running WineFS in a QEMU/KVM virtual machine with 4 cores, 8GB DRAM, and 128MB emulated PM.

The steps to reproduce the issue are:

  1. Mount WineFS at /mnt/pmem using mount -t winefs -o init,strict /dev/pmem0 /mnt/pmem
  2. Run this program: test5.zip which creates a file and performs some writes to it with multiple file descriptors, then truncates it

While truncating, the kernel appears to hit the BUG_ON on line 544 of inode.c. This is the output I get: 

[   72.575926] kernel BUG at fs/winefs/inode.c:547!
[   72.578380] invalid opcode: 0000 [#1] SMP KASAN
[   72.580638] CPU: 2 PID: 390 Comm: a.out Tainted: G            E     5.1.0+ #445
[   72.584938] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[   72.589759] RIP: 0010:pmfs_setsize+0xf53/0x146b [winefs]
[   72.592559] Code: e0 48 c7 c7 e0 4c 4c a0 e8 19 10 d1 e0 c7 85 28 ff ff ff 00 00 00 00 48 83 bd 18 ff ff ff 00 0f f
[   72.603064] RSP: 0018:ffff8880b8fb7b08 EFLAGS: 00010293
[   72.606821] RAX: ffff8880b3835b00 RBX: 0000000061ac0d4b RCX: ffffffffa04a109d
[   72.611344] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888111b1f600
[   72.615227] RBP: ffff8880b8fb7c58 R08: ffffed1022363ec1 R09: ffffed1022363ec1
[   72.619640] R10: 0000000000000008 R11: ffffed1022363ec0 R12: ffff8880b236f930
[   72.623865] R13: 1ffff110171f6f71 R14: ffff888101200480 R15: ffff8880b236f980
[   72.627702] FS:  00007f9021616b80(0000) GS:ffff888111b00000(0000) knlGS:0000000000000000
[   72.632041] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.635151] CR2: 00007f902089d6e0 CR3: 00000000b89b8000 CR4: 00000000000006a0
[   72.639166] Call Trace:
[   72.640636]  ? pmfs_truncate_add+0x8db/0x8db [winefs]
[   72.643861]  ? pmfs_evict_inode+0x1840/0x1840 [winefs]
[   72.646701]  ? inode_newsize_ok+0x91/0xe0
[   72.648933]  pmfs_notify_change+0x58e/0xb22 [winefs]
[   72.651657]  ? pmfs_new_inode+0x122c/0x122c [winefs]
[   72.654125]  ? evm_inode_setattr+0x3f/0xd0
[   72.656378]  ? pmfs_new_inode+0x122c/0x122c [winefs]
[   72.659077]  notify_change+0x5ad/0x7b0
[   72.660928]  do_truncate+0x112/0x1a0
[   72.662787]  ? do_truncate+0x112/0x1a0
[   72.664656]  ? file_open_root+0x330/0x330
[   72.666838]  ? vfs_write+0x16d/0x2b0
[   72.668937]  ? apparmor_path_truncate+0x26/0x30
[   72.671686]  do_sys_ftruncate+0x1f5/0x270
[   72.674242]  __x64_sys_ftruncate+0x3b/0x40
[   72.676283]  do_syscall_64+0x7d/0x1b0
[   72.678228]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   72.680770] RIP: 0033:0x7f90208a4ec7
[   72.682579] Code: 73 01 c3 48 8b 0d d1 5f 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 8
[   72.691903] RSP: 002b:00007ffc5a126c58 EFLAGS: 00000202 ORIG_RAX: 000000000000004d
[   72.695599] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f90208a4ec7
[   72.699173] RDX: 0000000000008000 RSI: 0000000000000001 RDI: 0000000000000004
[   72.703008] RBP: 00007ffc5a12ec70 R08: 00007f90213fb960 R09: 00007f90213f0740
[   72.706669] R10: 00000000000000b4 R11: 0000000000000202 R12: 000056250a98d850
[   72.710460] R13: 00007ffc5a12ed50 R14: 0000000000000000 R15: 0000000000000000
[   72.714111] Modules linked in: winefs(E) bochs_drm ttm drm_kms_helper drm ppdev psmouse dax_pmem_compat device_daxs
[   72.728023] ---[ end trace 4b383b502e0a168f ]---
[   72.730621] RIP: 0010:pmfs_setsize+0xf53/0x146b [winefs]
[   72.734011] Code: e0 48 c7 c7 e0 4c 4c a0 e8 19 10 d1 e0 c7 85 28 ff ff ff 00 00 00 00 48 83 bd 18 ff ff ff 00 0f f
[   72.743861] RSP: 0018:ffff8880b8fb7b08 EFLAGS: 00010293
[   72.747017] RAX: ffff8880b3835b00 RBX: 0000000061ac0d4b RCX: ffffffffa04a109d
[   72.751063] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888111b1f600
[   72.755958] RBP: ffff8880b8fb7c58 R08: ffffed1022363ec1 R09: ffffed1022363ec1
[   72.762441] R10: 0000000000000008 R11: ffffed1022363ec0 R12: ffff8880b236f930
[   72.766497] R13: 1ffff110171f6f71 R14: ffff888101200480 R15: ffff8880b236f980
[   72.770804] FS:  00007f9021616b80(0000) GS:ffff888111b00000(0000) knlGS:0000000000000000
[   72.775760] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.779157] CR2: 00007f902089d6e0 CR3: 00000000b89b8000 CR4: 00000000000006a0
Segmentation fault
rohankadekodi commented 2 years ago

Thanks! Fixed and committed in main.