On Tue, 27. Aug 18:03, David Sterba wrote:
On Tue, Aug 27, 2024 at 06:12:43PM +0300, Fedor Pchelkin wrote:
The extent changeset may have some additional memory dynamically allocated for ulist in result of clear_record_extent_bits() execution.
This can happen, as clear_record_extent_bits adds more data to the changeset in some cases. What I don't see yet how it happens. An extent range must be split so that a new entry is added with different bits set. This is usual thing, but why does this happen with the quotas disabled.
In the reproducer case, qgroup_reserve_data() which sets the bits happens just before disabling the quotas via ioctl.
Commit af0e2aab3b70 ("btrfs: qgroup: flush reservations during quota disable") added a call to clear_record_extent_bits() inside __btrfs_qgroup_release_data(). The changeset being passed is freshly initialized and empty. So the first call to clear_state_bit() there will definitely create a new entry and add it to the ulist.
If for some reason clear_state_bit() shouldn't be eventually called then, to be honest, I don't quite understand why a call to clear_record_extent_bits() was added in the first place without expecting it to do the real work with clear_state_bit().