Chaos 4.4-4.1 (RHEL 5.5) with Lustre 1.8.5.0.6chaos release. Hardware is Dell R710 with IBSRP connected DDN 9900 backend storage. Client traffic is both IB and 10gigE routed. The problem was also experienced on the same hardware running Chaos 4.4-2 (RHEL 5.5) and Lustre 1.8.5.0.3chaos.

This looks somewhat like LU-38, or https://bugzilla.lustre.org/show_bug.cgi?id=22299 - but per that bug, the fix should have landed on Chaos in the 1.8.4 timeframe. Can you verify you have the patch?

I thought the same thing when I encountered the panic and I believe that the patch was incorporated in all versions > 1.8.4 based on Chris' comments in LU-38. It was one of the reasons for moving to the later version of the operating environment. I will check to make sure though. I have a strong suspicion that there is a new user code that is exposing this bug because until last weekend we have never encountered this particular failure in nearly a year of operation with the chaos-4.4-2 and lustre 1.8.5 environment.

The only other tidbit of information is from the syslog:

Jun 22 14:07:17 aoss5 LDISKFS-fs error (device dm-0): ldiskfs_valid_block_bitmap: Invalid block bitmap - block_group = 38734
, block = 1269235714
Jun 22 14:07:17 aoss5 Aborting journal on device dm-0.
Jun 22 14:07:17 aoss5 pa ffff8101693abdc8: logic 14848, phys. 1279868416, len 470
Jun 22 14:07:17 aoss5 free 470, pa_free 214
Jun 22 14:07:17 aoss5 ----------- [cut here ] --------- [please bite here ] ---------

One thing that occurred several weeks ago was we had a severe power outage that pretty much took down everything. There were a number of controllers that needed to be replaced. However, once everything was operational again, I ran fscks on each of the OSTs without error. I am only mentioning it because it was an event that occurred recently.

Is there anything else I can be looking for?

Niu

Could you please look into this one?

Thanks

Peter

We had another server hang this morning with the same kernel bug. In this particular case the console logs produced a LOT more information and identified some other bugs. I attached the syslog info and the console log. Unfortunately it did not capture any debug info at the time of the crash - only reconnect info after the reboot.

The traces showed on console looks like b=16680, inconsistence was found between free blocks in pa descriptor and free blocks in bitmap.

And the b=16680 was resolved by the patch from b=22299, which is removing the 'set rdonly to device on umount'. One thing confused me is that why 'set rdonly' could lead to filesystem inconsistency? Theoretically, I think journal should be able to guarantee the fs consistency no matter when we 'set rdonly' to the device, so maybe the 'removing set rdonly on umount' patch just reduce the chance of hitting the problem, but didn't fix the defect itself. I suspect the defect could be lurking in jbd or mballoc (some data isn't written back in transaction)? Unfortunately, I'm not expert in these areas.

Alex, any comments? Could you give some guidance on what's the next step should we moving on to tracing this problem? Thanks in advance.

because rdonly means "all writes will be skipped". so, we update on-disk bitmap (but that doesn't hit the disk),
corresponded bh is released, then we try to load it again and find it inconsistent with our in-core data (pa).
the journal can't help here.

The first question here is whether this ldiskfs is built from ext3 or ext4 code? It should print this when the OST is first mounted, like "ldiskfs created from ext3-2.6-rhel5" or similar.

It looks like the ldiskfs code that you are running is missing a patch on master named "ext4-mballoc-pa_free-mismatch.patch". This can be seen because the error message printed here was changed in that patch (note square brackets around the values that are not in your output):

-       if (free != pa->pa_free) {
-               printk(KERN_CRIT "pa %p: logic %lu, phys. %lu, len %lu\n",
-                       pa, (unsigned long) pa->pa_lstart,
-                       (unsigned long) pa->pa_pstart,
-                       (unsigned long) pa->pa_len);
+
+        /* "free < pa->pa_free" means we maybe double alloc the same blocks,
+         * otherwise maybe leave some free blocks unavailable, no need to BUG.*
/
+        if ((free > pa->pa_free && !pa->pa_error) || (free < pa->pa_free)) {
+                ext4_error(sb,"pa free mismatch: [pa %p] "
+                              "[phy %lu] [logic %lu] [len %u] [free %u] "
+                              "[error %u] [inode %lu] [freed %u]", pa,
+                              (unsigned long)pa->pa_pstart,
+                              (unsigned long)pa->pa_lstart,
+                              (unsigned)pa->pa_len, (unsigned)pa->pa_free,
+                              (unsigned)pa->pa_error, pa->pa_inode->i_ino,
+                              free);

The logfile shows the old format message:

Jun 23 09:12:50 aoss3 LDISKFS-fs error (device dm-3): ldiskfs_valid_block_bitmap: Invalid block bitmap - block_group = 21178, block = 693960706
Jun 23 09:12:50 aoss3 Aborting journal on device dm-3.
Jun 23 09:12:50 aoss3 pa ffff81034e51b4d8: logic 2562, phys. 694501376, len 510
Jun 23 09:12:50 aoss3 free 510, pa_free 254

However, it isn't clear whether the fix in that patch was included in your version of ldiskfs or not?

Andreas - Our OSTs were built from ext3:

ldiskfs created from ext3-2.6-rhel5Lustre: Lustre Client File System; http://www.lustre.org/kjournald starting. Commit interval 5 seconds
LDISKFS FS on dm-4, internal journal

We have verified that patches from bugs 22299 and 29345 have been applied. The "ext4-mballoc-pa_free-mismatch.patch" has not.

Over the weekend we had 9 separate occurrences of hitting the bug. During that time the file system was topping 90% capacity on a petabyte file system and I was running as many as 50 du processes at any given time to see who the big users were. (We did not initialize quotas early on and to do so now would probably require a pretty significant downtime for running quotacheck.) Although we hit this bug earlier in the week when du was not being run, the number of times we did this weekend make it suspect.

So a couple of questions:

1. The assumption here is that mballoc should only be called when files are created/expanded. Should du have any interaction with mballoc?
2. There is a theory here that under heavy load and the fact that the file system is at > 90% capacity that finding available blocks could be an issue. Where is the warning track with regard to reaching the usable limits of the file system?

du scans filesystem, allocates memory for new buffers causing dirty data to get flushed, so allocations on OST.

Please excuse my ignorance, but when you say du scans the file system do you mean that it is scanning the area of interest or does it look at the entire OST only reporting on the area of interest? Also, with dirty data getting flushed, are you implying that dirty data is associated with the file being queried or are all the buffers just being flushed as an interrupt operation outside the normal scheduling?

In any event, although I was pretty much abusing the file system with the number of simultaneous du operations, in the case of our file systems where we have on the order of 1000 users, the possibility that a large number of du's or ls -l operations occurring at the same time is not that remote and in fact the potential for an individual user to check his disk usage during the course of a run is quite high.

no, du just puts amount of pressure on the memory (in terms of new buffers/pages), so the kernel flushes dirty data onto OST(s). this is a regular process and actually can happen w/o du.

(Hit the wrong key...)
To follow on, this means that hitting this bug could potentially occur very often and the fact that we hadn't encountered it until 2 weekends ago leads me to believe that something else is involved that coupled with processes like du is exposing it. As I mentioned earlier we where concerned that we were reaching the usable limits of the file system and when I looked at the individual OSTs, fragmentation was around 10%. Could that be a contributor?

well, not that often given that it happens only once rdonly is set (at umount). in general, it's sensitive to workload and to the fragmentation as well - the higher fragmentation, the more bitmaps to scan, the more likely to reload bitmaps from the disk. and in the end, the assertion happens specifically at bitmap loading.

In our case the file system (or OST) is not being umounted or going read-only. I'm sure you're aware of that but just wanted to reiterate. Also since we formatted this file system with ext3 apparently we wouldn't have a fix for any pa_free_mismatch.

sorry then. I was under wrong assumption.. need to think a bit.

Alex, is it possible the same problem of race in ext4_ext_walk_space()? (LU-508)?

no, I don't think so - the allocation itself is serialized in the callback. though I'll check that anyway.

Joe, would it be correct to say the trouble began to happen after that power outage
and before there was no occurence?

Joe, the reason that I ask about ext3 vs. ext4 for your ldiskfs is that ext3 is the version of mballoc that CFS patched and maintained for a long time, but the mballoc code was merged into RHEL5/6 only for ext4, and we're only using ext4 going forward with 1.8.7+. Do you have any plans to upgrade the servers to Lustre 1.8.8 (with ext4) in the near future? That would definitely determine if this bug is fixed already, since there were definitely several fixes in this area.

I don't think that this has any inconsistency on disk, but I could definitely imagine that it relates to filesystem fullness. As Alex mentioned, this inconsistency is only detected when fetching the block allocation bitmaps from disk, which happens much more frequently when the filesystem is full.

also, would you mind to grab output of debugfs -R stats from dm-3 device (on aoss3) and attach it here? thanks.

To answer the questions in succession,

Alex - Yes, the trouble began after the power hit. In general the file system has been extremely stable.

Andreas - We do not plan to update 1.8 opting instead to move to 2.X at the beginning of our fiscal year (October time frame). We just had a major push with the users to reduce they usage and have brought the capacity down to ~75%. Since then we have not had the panic condition - with the caveat being that a lot of the jobs that were running during the times of failure are not running now. We are still in the process of correlating that data hoping that we can zero in on a code that's exposing the failure condition. One other bit of detail is that when we looked at the targets that experienced the fault their capacity was higher than the other OSTs - ~91% - that kind of supports the fullness theory. That brings me back to the question I posted earlier about at what percentage of the total capacity should we consider a lustre file system "full".

Alex - unfortunately because we took the file system away from the users for a couple of days (from a running jobs standpoint) I really can't take it down again to get the debugfs output on dm-3. If we do have a system panic again I'll be sure to get that though as well as the output for the current failure.

I'm closing this old bug, since it has not been reported again since last year.