Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-2555] Null pointer deref in ldiskfs_ext_calc_credits_for_insert https://jira.whamcloud.com/browse/LU-2555 Lustre <p>Hit this oops while running racer in a loop, seems to be a call from quota code into ldiskfs.</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>[232945.455907] BUG: unable to handle kernel NULL pointer dereference at 0000000000000002 [232945.456006] IP: [&lt;ffffffffa07478fe&gt;] ldiskfs_ext_calc_credits_for_insert+0x2e/0x40 [ldiskfs] [232945.456006] PGD 89330067 PUD 4651c067 PMD 0 [232945.456006] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC [232945.456006] last sysfs file: /sys/devices/system/cpu/possible [232945.456006] CPU 0 [232945.456006] Modules linked in: lustre ofd osp lod ost mdt osd_ldiskfs fsfilt_ldiskfs ldiskfs mdd mgs lquota obdecho mgc lov osc mdc lmv fid fld ptlrpc obdclass lvfs ksocklnd lnet libcfs exportfs jbd sha512_generic sha256_generic ext4 mbcache jbd2 virtio_balloon virtio_console i2c_piix4 i2c_core virtio_blk virtio_net virtio_pci virtio_ring virtio pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod nfs lockd fscache nfs_acl auth_rpcgss sunrpc be2iscsi bnx2i cnic uio ipv6 cxgb3i libcxgbi cxgb3 mdio libiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi [last unloaded: libcfs] [232945.456006] [232945.456006] Pid: 29361, comm: ll_ost_io00_002 Not tainted 2.6.32-debug #6 Bochs Bochs [232945.456006] RIP: 0010:[&lt;ffffffffa07478fe&gt;] [&lt;ffffffffa07478fe&gt;] ldiskfs_ext_calc_credits_for_insert+0x2e/0x40 [ldiskfs] [232945.456006] RSP: 0018:ffff88005a53b620 EFLAGS: 00010212 [232945.456006] RAX: 0000000000000001 RBX: ffff88005a53b790 RCX: 5a5a5a5a5a5a5a60 [232945.456006] RDX: 0000000000000000 RSI: ffff8800147a7c80 RDI: ffff88002dae5b98 [232945.456006] RBP: ffff88005a53b620 R08: ffff88005a53b790 R09: ffff8800147a7c80 [232945.456006] R10: d84156c5635688c0 R11: 2222222222222222 R12: ffff88005a53b710 [232945.456006] R13: ffff88002dae5b98 R14: ffff8800147a7c80 R15: 0000000000000001 [232945.456006] FS: 00007f4c965c4700(0000) GS:ffff880006200000(0000) knlGS:0000000000000000 [232945.456006] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [232945.456006] CR2: 0000000000000002 CR3: 0000000084a56000 CR4: 00000000000006f0 [232945.456006] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [232945.456006] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [232945.456006] Process ll_ost_io00_002 (pid: 29361, threadinfo ffff88005a53a000, task ffff88005a538380) [232945.456006] Stack: [232945.456006] ffff88005a53b6d0 ffffffffa02c7509 5a5a5a5a5a5a5a60 ffff88002dae5a90 [232945.456006] &lt;d&gt; 0000000000000282 ffff88002dae5b88 ffff88002dae5a90 0000000000000011 [232945.456006] &lt;d&gt; ffff8800147a7c80 ffff88002dae5a90 0000000000000000 ffff88002dae5b98 [232945.456006] Call Trace: [232945.456006] [&lt;ffffffffa02c7509&gt;] ldiskfs_ext_new_extent_cb+0x1b9/0x6c8 [fsfilt_ldiskfs] [232945.456006] [&lt;ffffffff8127c158&gt;] ? call_rwsem_wake+0x18/0x30 [232945.456006] [&lt;ffffffffa07496ef&gt;] ldiskfs_ext_walk_space+0x14f/0x340 [ldiskfs] [232945.456006] [&lt;ffffffffa02c7350&gt;] ? ldiskfs_ext_new_extent_cb+0x0/0x6c8 [fsfilt_ldiskfs] [232945.456006] [&lt;ffffffffa02c7078&gt;] fsfilt_map_nblocks+0xd8/0x100 [fsfilt_ldiskfs] [232945.456006] [&lt;ffffffff81276936&gt;] ? rwsem_wake+0x76/0x170 [232945.456006] [&lt;ffffffffa02c71b3&gt;] fsfilt_ldiskfs_map_ext_inode_pages+0x113/0x220 [fsfilt_ldiskfs] [232945.456006] [&lt;ffffffff811db553&gt;] ? dquot_initialize+0xe3/0x1b0 [232945.456006] [&lt;ffffffffa02c7345&gt;] fsfilt_ldiskfs_map_inode_pages+0x85/0x90 [fsfilt_ldiskfs] [232945.456006] [&lt;ffffffffa077d283&gt;] ? ldiskfs_dquot_initialize+0x73/0xc0 [ldiskfs] [232945.456006] [&lt;ffffffffa07e6307&gt;] osd_write_commit+0x327/0x640 [osd_ldiskfs] [232945.456006] [&lt;ffffffffa09bdc8c&gt;] ofd_commitrw_write+0x6cc/0x12a0 [ofd] [232945.456006] [&lt;ffffffffa09bec15&gt;] ofd_commitrw+0x3b5/0x9c0 [ofd] [232945.456006] [&lt;ffffffffa08f66b8&gt;] obd_commitrw+0x128/0x3d0 [ost] [232945.456006] [&lt;ffffffffa08fd84d&gt;] ost_brw_write+0xe4d/0x1500 [ost] [232945.456006] [&lt;ffffffff8127a646&gt;] ? vsnprintf+0x2b6/0x5f0 [232945.456006] [&lt;ffffffffa104a300&gt;] ? target_bulk_timeout+0x0/0xc0 [ptlrpc] [232945.456006] [&lt;ffffffffa0902a55&gt;] ost_handle+0x3125/0x4550 [ost] [232945.456006] [&lt;ffffffffa0d873d4&gt;] ? libcfs_id2str+0x74/0xb0 [libcfs] [232945.456006] [&lt;ffffffffa10989c3&gt;] ptlrpc_server_handle_request+0x463/0xe70 [ptlrpc] [232945.456006] [&lt;ffffffffa0d7b66e&gt;] ? cfs_timer_arm+0xe/0x10 [libcfs] [232945.456006] [&lt;ffffffffa1091691&gt;] ? ptlrpc_wait_event+0xb1/0x2a0 [ptlrpc] [232945.456006] [&lt;ffffffff81051f73&gt;] ? __wake_up+0x53/0x70 [232945.456006] [&lt;ffffffffa109b4fd&gt;] ptlrpc_main+0xb3d/0x18e0 [ptlrpc] [232945.495125] [&lt;ffffffffa109a9c0&gt;] ? ptlrpc_main+0x0/0x18e0 [ptlrpc] [232945.495125] [&lt;ffffffff8100c14a&gt;] child_rip+0xa/0x20 [232945.495125] [&lt;ffffffffa109a9c0&gt;] ? ptlrpc_main+0x0/0x18e0 [ptlrpc] [232945.495125] [&lt;ffffffffa109a9c0&gt;] ? ptlrpc_main+0x0/0x18e0 [ptlrpc] [232945.495125] [&lt;ffffffff8100c140&gt;] ? child_rip+0x0/0x20 [232945.495125] Code: e5 0f 1f 44 00 00 48 85 f6 74 2a 0f b7 87 fe fe ff ff 48 8d 14 c5 00 00 00 00 48 c1 e0 06 48 29 d0 48 8b 54 30 28 b8 01 00 00 00 &lt;0f&gt; b7 4a 02 66 3b 4a 04 72 05 b8 18 00 00 00 c9 c3 90 55 48 89 </pre> </div></div> <p>Crashdump is in /exports/crashdumps/192.168.10.220-2012-12-30-10:34:18</p> LU-2555 Null pointer deref in ldiskfs_ext_calc_credits_for_insert Bug Blocker Resolved Fixed Niu Yawei Oleg Drokin Mon, 31 Dec 2012 11:40:49 +0000 Wed, 20 Feb 2013 08:40:06 +0000 Mon, 18 Feb 2013 08:40:43 +0000 Lustre 2.1.5 Lustre 2.4.0 Lustre 2.1.5 0 5 <p>Niu</p> <p>Could you please look into this one?</p> <p>Thanks</p> <p>Peter</p> <p>Hm, I just hit an issue that might be related, also in racer, but this one is in b2_1:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>[66139.377930] Lustre: 16068:0:(cmm_object.c:689:cml_rename_warn()) cml_rename failed for mdo_rename, should revoke: [mo_po [0x200000400:0x1:0x0]] [mo_pn [0x200000400:0x1:0x0]] [lf [0x200000401:0x67cb:0x0]] [sname 4] [mo_t [0x200000400:0x662e:0x0]] [tname 7] [err -39] [66139.378939] Lustre: 16068:0:(cmm_object.c:689:cml_rename_warn()) Skipped 7 previous similar messages [66221.622554] Slab corruption (Not tainted): ldiskfs_prealloc_space start=ffff88008bcc2d58, len=128 [66221.623116] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b. [66221.623353] Last user: [&lt;ffffffffa05ef139&gt;](ldiskfs_mb_pa_callback+0x19/0x20 [ldiskfs]) [66221.623818] 000: 48 69 c0 ff ff e8 ff ff 6b 6b 6b 6b 6b 6b 6b 6b [66221.624333] Prev obj: start=ffff88008bcc2cc0, len=128 [66221.624641] Redzone: 0xd84156c5635688c0/0xd84156c5635688c0. [66221.624922] Last user: [&lt;ffffffffa05f2757&gt;](ldiskfs_mb_new_group_pa+0x67/0x300 [ldiskfs]) [66221.625960] 000: e0 de 90 b6 00 88 ff ff c8 6a c0 ff ff e8 ff ff [66221.626767] 010: 08 16 0b b0 00 88 ff ff d0 97 63 20 00 88 ff ff [66221.627114] Next obj: start=ffff88008bcc2df0, len=128 [66221.627347] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b. [66221.627587] Last user: [&lt;ffffffffa05ef139&gt;](ldiskfs_mb_pa_callback+0x19/0x20 [ldiskfs]) [66221.628032] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [66221.628368] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [66242.372765] Slab corruption (Not tainted): ldiskfs_prealloc_space start=ffff88008bcc2d58, len=128 [66242.374951] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b. [66242.375197] Last user: [&lt;ffffffffa05ef139&gt;](ldiskfs_mb_pa_callback+0x19/0x20 [ldiskfs]) [66242.375635] 000: 48 69 c0 ff ff e8 ff ff 6b 6b 6b 6b 6b 6b 6b 6b [66242.375966] Prev obj: start=ffff88008bcc2cc0, len=128 [66242.376202] Redzone: 0xd84156c5635688c0/0xd84156c5635688c0. [66242.376442] Last user: [&lt;ffffffffa05f2757&gt;](ldiskfs_mb_new_group_pa+0x67/0x300 [ldiskfs]) [66242.376883] 000: e0 de 90 b6 00 88 ff ff c8 6a c0 ff ff e8 ff ff [66242.381760] 010: 08 16 0b b0 00 88 ff ff d0 97 63 20 00 88 ff ff [66242.385331] Next obj: start=ffff88008bcc2df0, len=128 [66242.385565] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b. [66242.385804] Last user: [&lt;ffffffffa05ef139&gt;](ldiskfs_mb_pa_callback+0x19/0x20 [ldiskfs]) [66242.386245] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [66242.386573] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [66242.604727] BUG: spinlock bad magic on CPU#4, ll_ost_io_121/15373 (Not tainted) [66242.605217] BUG: unable to handle kernel paging request at ffffe8ffffc07028 [66242.605497] IP: [&lt;ffffffff812772c9&gt;] strnlen+0x9/0x40 [66242.605743] PGD b1b87067 PUD b1b86067 PMD b1b85067 PTE 0 [66242.608625] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC [66242.609017] last sysfs file: /sys/devices/system/cpu/possible [66242.609176] CPU 4 [66242.609176] Modules linked in: lustre obdfilter ost osd_ldiskfs cmm fsfilt_ldiskfs mdt mdd mds mgs ldiskfs mgc lov osc mdc lmv fid fld lquota ptlrpc obdclass lvfs ksocklnd lnet libcfs jbd exportfs ext4 mbcache jbd2 virtio_balloon virtio_console i2c_piix4 i2c_core virtio_net virtio_blk virtio_pci virtio_ring virtio pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod nfs lockd fscache nfs_acl auth_rpcgss sunrpc be2iscsi bnx2i cnic uio ipv6 cxgb3i libcxgbi cxgb3 mdio libiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi [last unloaded: libcfs] [66242.609176] [66242.609176] Pid: 15373, comm: ll_ost_io_121 Not tainted 2.6.32-debug #6 Bochs Bochs [66242.609176] RIP: 0010:[&lt;ffffffff812772c9&gt;] [&lt;ffffffff812772c9&gt;] strnlen+0x9/0x40 [66242.609176] RSP: 0018:ffff88009fd1b130 EFLAGS: 00010086 [66242.609176] RAX: ffffffff81797d7c RBX: ffffffff81ddf600 RCX: 0000000000000002 [66242.609176] RDX: ffffe8ffffc07028 RSI: ffffffffffffffff RDI: ffffe8ffffc07028 [66242.609176] RBP: ffff88009fd1b130 R08: 0000000000000073 R09: 0000000000000000 [66242.609176] R10: 0000000000000007 R11: 000000000000000f R12: ffffffff81ddf236 [66242.609176] R13: ffffe8ffffc07028 R14: 00000000ffffffff R15: 0000000000000000 [66242.609176] FS: 00007fe8f9da0700(0000) GS:ffff880006300000(0000) knlGS:0000000000000000 [66242.609176] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [66242.609176] CR2: ffffe8ffffc07028 CR3: 00000000a3849000 CR4: 00000000000006e0 [66242.609176] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [66242.609176] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [66242.609176] Process ll_ost_io_121 (pid: 15373, threadinfo ffff88009fd1a000, task ffff88009fd18180) [66242.609176] Stack: [66242.609176] ffff88009fd1b170 ffffffff81279160 ffff88009fd1b150 ffffffff81ddf236 [66242.609176] &lt;d&gt; ffffffff817c62fe ffffffff817c62fc ffff88009fd1b2e0 ffffffff81ddf600 [66242.609176] &lt;d&gt; ffff88009fd1b210 ffffffff8127a6a0 0000000000000004 0000000affffffff [66242.609176] Call Trace: [66242.609176] [&lt;ffffffff81279160&gt;] string+0x40/0x100 [66242.609176] [&lt;ffffffff8127a6a0&gt;] vsnprintf+0x310/0x5f0 [66242.609176] [&lt;ffffffff8127aa41&gt;] vscnprintf+0x11/0x30 [66242.609176] [&lt;ffffffff81069cd6&gt;] vprintk+0xc6/0x5a0 [66242.609176] [&lt;ffffffff814f76ed&gt;] printk+0x41/0x44 [66242.609176] [&lt;ffffffff81280985&gt;] spin_bug+0xa5/0x100 [66242.609176] [&lt;ffffffff81280b25&gt;] _raw_spin_lock+0xa5/0x180 [66242.609176] [&lt;ffffffff814fafde&gt;] _spin_lock+0xe/0x10 [66242.609176] [&lt;ffffffffa05eeb3c&gt;] ldiskfs_mb_use_preallocated+0x13c/0x230 [ldiskfs] [66242.609176] [&lt;ffffffffa05f6d3d&gt;] ldiskfs_mb_new_blocks+0x2bd/0x660 [ldiskfs] [66242.609176] [&lt;ffffffff811adc29&gt;] ? __find_get_block+0xa9/0x200 [66242.609176] [&lt;ffffffffa07cc01a&gt;] ldiskfs_ext_new_extent_cb+0x59a/0x6d0 [fsfilt_ldiskfs] [66242.609176] [&lt;ffffffffa05dd6df&gt;] ldiskfs_ext_walk_space+0x14f/0x340 [ldiskfs] [66242.609176] [&lt;ffffffffa07cba80&gt;] ? ldiskfs_ext_new_extent_cb+0x0/0x6d0 [fsfilt_ldiskfs] [66242.609176] [&lt;ffffffffa07cb798&gt;] fsfilt_map_nblocks+0xd8/0x100 [fsfilt_ldiskfs] [66242.609176] [&lt;ffffffffa0377263&gt;] ? start_this_handle+0x433/0x550 [jbd2] [66242.609176] [&lt;ffffffffa07cb8d3&gt;] fsfilt_ldiskfs_map_ext_inode_pages+0x113/0x220 [fsfilt_ldiskfs] [66242.609176] [&lt;ffffffff81163bf1&gt;] ? kmem_cache_alloc+0x141/0x240 [66242.609176] [&lt;ffffffffa07cba75&gt;] fsfilt_ldiskfs_map_inode_pages+0x95/0xa0 [fsfilt_ldiskfs] [66242.609176] [&lt;ffffffffa0888c8b&gt;] filter_alloc_iobuf+0x8eb/0x11e0 [obdfilter] [66242.609176] [&lt;ffffffffa07ca5c8&gt;] ? fsfilt_ldiskfs_brw_start+0x278/0x590 [fsfilt_ldiskfs] [66242.609176] [&lt;ffffffffa088a84b&gt;] filter_commitrw_write+0x12cb/0x2d40 [obdfilter] [66242.609176] [&lt;ffffffffa0b5edb9&gt;] ? lnet_send+0x3b9/0xa50 [lnet] [66242.609176] [&lt;ffffffffa0b5f6ed&gt;] ? LNetGet+0x29d/0x830 [lnet] [66242.609176] [&lt;ffffffffa087ddca&gt;] filter_commitrw+0x27a/0x2a0 [obdfilter] [66242.609176] [&lt;ffffffff814faf3e&gt;] ? _spin_unlock+0xe/0x10 [66242.609176] [&lt;ffffffffa0830bbd&gt;] obd_commitrw+0x11d/0x3c0 [ost] [66242.609176] [&lt;ffffffffa0838794&gt;] ost_brw_write+0xcc4/0x1600 [ost] [66242.609176] [&lt;ffffffff8127a646&gt;] ? vsnprintf+0x2b6/0x5f0 [66242.609176] [&lt;ffffffffa11d4080&gt;] ? target_bulk_timeout+0x0/0xc0 [ptlrpc] [66242.609176] [&lt;ffffffffa083dc86&gt;] ost_handle+0x2b76/0x4280 [ost] [66242.609176] [&lt;ffffffffa0abe524&gt;] ? libcfs_id2str+0x74/0xb0 [libcfs] [66242.609176] [&lt;ffffffffa1221789&gt;] ptlrpc_main+0xc79/0x1aa0 [ptlrpc] [66242.609176] [&lt;ffffffffa1220b10&gt;] ? ptlrpc_main+0x0/0x1aa0 [ptlrpc] [66242.609176] [&lt;ffffffff8100c14a&gt;] child_rip+0xa/0x20 [66242.609176] [&lt;ffffffffa1220b10&gt;] ? ptlrpc_main+0x0/0x1aa0 [ptlrpc] [66242.609176] [&lt;ffffffffa1220b10&gt;] ? ptlrpc_main+0x0/0x1aa0 [ptlrpc] [66242.609176] [&lt;ffffffff8100c140&gt;] ? child_rip+0x0/0x20 [66242.609176] Code: 66 90 48 83 c2 01 80 3a 00 75 f7 48 89 d0 48 29 f8 c9 c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 f6 48 89 e5 74 2e &lt;80&gt; 3f 00 74 29 48 83 ee 01 48 89 f8 eb 12 66 0f 1f 84 00 00 00 [66242.609176] RIP [&lt;ffffffff812772c9&gt;] strnlen+0x9/0x40 [66242.609176] RSP &lt;ffff88009fd1b130&gt; [66242.609176] CR2: ffffe8ffffc07028 </pre> </div></div> <p>crashdump and modules in /exports/crashdumps/192.168.10.220-2013-01-03-12\:15\:57</p> <p>This two crash looks little bit different, the master crashed in ldiskfs_ext_calc_credits_for_insert(), it seems because we didn't protect this function call by i_data_sem. (see ldiskfs_ext_new_extent_cb()). The 2.1 crashed in ldiskfs_mb_use_preallocated(), I'm not sure the reason yet, what's the kernel version did you run 2.1 test for?</p> <p>BTW: where is the /exports/crashdumps located? Thanks.</p> <p>if you think these are different, I can file another bug for the 2.1 crash.<br/> the dir is on my test cluster</p> <p>Yes, please file another ticket for the 2.1 crash. It crashed on 3334 of mballoc.c, looks like some race on the lg_prealloc_list.</p> <p>In ldiskfs_mb_add_n_trim():</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> <span class="code-comment">/* Add the prealloc space to lg */</span> rcu_read_lock(); list_for_each_entry_rcu(tmp_pa, &amp;lg-&gt;lg_prealloc_list[order], pa_inode_list) { spin_lock(&amp;tmp_pa-&gt;pa_lock); <span class="code-keyword">if</span> (tmp_pa-&gt;pa_deleted) { spin_unlock(&amp;tmp_pa-&gt;pa_lock); <span class="code-keyword">continue</span>; } <span class="code-keyword">if</span> (!added &amp;&amp; pa-&gt;pa_free &lt; tmp_pa-&gt;pa_free) { <span class="code-comment">/* Add to the tail of the previous entry */</span> list_add_tail_rcu(&amp;pa-&gt;pa_inode_list, &amp;tmp_pa-&gt;pa_inode_list); added = 1; /* * we want to count the total * number of entries in the list */ } spin_unlock(&amp;tmp_pa-&gt;pa_lock); lg_prealloc_count++; } <span class="code-keyword">if</span> (!added) list_add_tail_rcu(&amp;pa-&gt;pa_inode_list, &amp;lg-&gt;lg_prealloc_list[order]); rcu_read_unlock(); </pre> </div></div> <p>Looks it doesn't take the lg_prealloc_lock when changing the lg_prealloc_list, not sure if it's correct. Alex, any comments? Thanks.</p> <p>patch against master for the first crash: <a href="http://review.whamcloud.com/4957" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/4957</a></p> <p>Niu, for the 4957 I'm not sure.. why do you think the path is invalid ? in which specific place?</p> <p>as for the second problem I agree the list modification must be protected with the spinlock like in other places.</p> <blockquote> <p>Niu, for the 4957 I'm not sure.. why do you think the path is invalid ? in which specific place?</p></blockquote> <p>ext3_ext_calc_credits_for_insert() is accessing the tree 'path', however, the extent tree could probably has been changed (depth could be changed), so the path<span class="error">&#91;depth&#93;</span> could be invalid, no?</p> <p>ldiskfs_ext_calc_credits_for_insert():<br/> depth = ext_depth(inode);</p> <p>and depth can change by this moment. instead we should be taking it from path-&gt;p_depth like ldiskfs_ext_drop_refs()</p> <p>though I'm pretty confused this hasn't happened before...</p> <p>patch against master for the second crash: <a href="http://review.whamcloud.com/4961" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/4961</a></p> <p>patch for b2_1 (first crash): <a href="http://review.whamcloud.com/4977" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/4977</a></p> <p>patch for b2_1 (second crash): <a href="http://review.whamcloud.com/4978" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/4978</a></p> <p>The patches for master are landed. The two patches for b2_1 are ready to land.</p> <p>Landed for 2.4</p> Development Rank 1|hzvefj: Rank (Obsolete) 5979 Severity