From owner-freebsd-amd64@FreeBSD.ORG Thu Nov 17 20:31:02 2005 Return-Path: X-Original-To: freebsd-amd64@FreeBSD.org Delivered-To: freebsd-amd64@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 474B816A41F for ; Thu, 17 Nov 2005 20:31:02 +0000 (GMT) (envelope-from bde@zeta.org.au) Received: from mailout1.pacific.net.au (mailout1.pacific.net.au [61.8.0.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D32C43D45 for ; Thu, 17 Nov 2005 20:31:01 +0000 (GMT) (envelope-from bde@zeta.org.au) Received: from mailproxy2.pacific.net.au (mailproxy2.pacific.net.au [61.8.0.87]) by mailout1.pacific.net.au (8.13.4/8.13.4/Debian-3) with ESMTP id jAHKUwcx026099; Fri, 18 Nov 2005 07:30:58 +1100 Received: from katana.zip.com.au (katana.zip.com.au [61.8.7.246]) by mailproxy2.pacific.net.au (8.13.4/8.13.4/Debian-3) with ESMTP id jAHKUunk008519; Fri, 18 Nov 2005 07:30:57 +1100 Date: Fri, 18 Nov 2005 07:30:56 +1100 (EST) From: Bruce Evans X-X-Sender: bde@delplex.bde.org To: Ivo Janssen In-Reply-To: <200511171820.jAHIKJef046199@freefall.freebsd.org> Message-ID: <20051118071624.V96570@delplex.bde.org> References: <200511171820.jAHIKJef046199@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-amd64@FreeBSD.org Subject: Re: amd64/89202: Kernel crash when accessing filesystem X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 20:31:02 -0000 On Thu, 17 Nov 2005, Ivo Janssen wrote: > I recreated the filesystem without the huge -f (avg filesize) option, > which we had initially set to 1Gb: > # newfs -U -O2 -b 8192 -f 1024 > # tunefs -e 20480 (10x the default) > > With the defaults of avg filesize of 16384, we don't see a crash. I > then started playing with tunefs. > Increasing the avg filesize to -f 16777216 (16Mb), we don't see a crash. > Increasing the avg filesize to -f 33554432 (32Mb), we repro the crash. I have had the following comment about this bug (but haven't fixed it) for many years % Index: ffs_alloc.c % =================================================================== % RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_alloc.c,v % retrieving revision 1.121 % diff -u -2 -r1.121 ffs_alloc.c % --- ffs_alloc.c 16 Jun 2004 09:47:25 -0000 1.121 % +++ ffs_alloc.c 28 Oct 2004 15:12:47 -0000 % @@ -964,4 +991,11 @@ % minbfree = 1; % cgsize = fs->fs_fsize * fs->fs_fpg; % + /* % + * XXX the following multiplication can overflow, since newfs can % + * be abused to set fs_avgfilesize and fs_avgfpdir to preposterous % + * values. For the particular preposterous values of (64M, 16), % + * the multiplication overflows to 0 and then dirsize = 0 sometimes % + * causes division by 0. % + */ % dirsize = fs->fs_avgfilesize * fs->fs_avgfpdir; % curdirsize = avgndir ? (cgsize - avgbfree * fs->fs_bsize) / avgndir : 0; This bug is easy to work around by not changing fs->fs_avgfilesize or fs->fs_avgfpdir. Tuning them has limited useful effects. Bruce