From dm@home3.dinoex.sub.de  Wed Oct  8 18:15:08 2008
Return-Path: <dm@home3.dinoex.sub.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 491FC1065688
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  8 Oct 2008 18:15:08 +0000 (UTC)
	(envelope-from dm@home3.dinoex.sub.de)
Received: from uucp.dinoex.sub.de (uucp.dinoex.sub.de [194.45.71.2])
	by mx1.freebsd.org (Postfix) with ESMTP id 696498FC20
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  8 Oct 2008 18:15:06 +0000 (UTC)
	(envelope-from dm@home3.dinoex.sub.de)
Received: from home3.dinoex.sub.de (home3.dinoex.sub.de [194.45.71.20])
	by uucp.dinoex.sub.de (8.14.2/8.14.2) with ESMTP id m98Hi3QB089868
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 8 Oct 2008 19:44:18 +0200 (CEST)
	(envelope-from dm@home3.dinoex.sub.de)
Received: (from dm@localhost)
	by home3.dinoex.sub.de (8.14.2/8.14.2/Submit) id m98Hi4nN033154;
	Wed, 8 Oct 2008 19:44:04 +0200 (CEST)
	(envelope-from dm)
Message-Id: <200810081744.m98Hi4nN033154@home3.dinoex.sub.de>
Date: Wed, 8 Oct 2008 19:44:04 +0200 (CEST)
From: dirk.meyer@dinoex.sub.org
Reply-To: dirk.meyer@dinoex.sub.org
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: kernel crash in fsck_ufs
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         127951
>Category:       kern
>Synopsis:       [ufs] [panic] [patch] kernel crash in fsck_ufs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kib
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 08 18:20:01 UTC 2008
>Closed-Date:    Fri Oct 31 13:59:48 UTC 2008
>Last-Modified:  Fri Oct 31 13:59:48 UTC 2008
>Originator:     Dirk Meyer
>Release:        FreeBSD 7.0-STABLE
>Organization:
privat
>Environment:

FreeBSD 7.0-STABLE Sun Aug 17 09:29:19 CEST 2008
Kernel = GENERIC+
options       IPFIREWALL              #firewall
options       IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options       IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
options       IPFIREWALL_FORWARD      #packet destination changes
options       IPFIREWALL_DEFAULT_TO_ACCEPT
options       DUMMYNET


>Description:

	Running background fsck n a 5.5 T ufs2 after power loss.
	The system crashes hard.

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x474e7d94
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc09a910e
stack pointer	        = 0x28:0xe9087a14
frame pointer	        = 0x28:0xe9087a74
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1220 (fsck_ufs)
trap number		= 12
panic: page fault
cpuid = 0
Uptime: 3h9m25s
Physical memory: 3059 MB
Dumping 240 MB: 225 209 193 177 161 145 129 113 97 81 65 49 33 17 1

Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/nullfs.ko...Reading symbols from /boot/kernel/nullfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/nullfs.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
#0  doadump () at pcpu.h:195
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc079b1c6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc079b49e in panic (fmt=) at /usr/src/sys/kern/kern_shutdown.c:572
#3  0xc0ac171c in trap_fatal (frame=0xe90879d4, eva=1196326292) at /usr/src/sys/i386/i386/trap.c:899
#4  0xc0ac19ab in trap_pfault (frame=0xe90879d4, usermode=0, eva=1196326292) at /usr/src/sys/i386/i386/trap.c:812
#5  0xc0ac23c5 in trap (frame=0xe90879d4) at /usr/src/sys/i386/i386/trap.c:490
#6  0xc0aa7cab in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc09a910e in ffs_snapblkfree (fs=0xc6724800, devvp=0xc680e564, bno=-2147409120, size=16384, inum=2) at /usr/src/sys/ufs/ffs/ffs_snapshot.c:1731
#8  0xc099e890 in ffs_blkfree (ump=0xc685fc00, fs=0xc6724800, devvp=0xc680e564, bno=-2147409120, size=16384, inum=2)
    at /usr/src/sys/ufs/ffs/ffs_alloc.c:1851
#9  0xc09a0b74 in sysctl_ffs_fsck (oidp=0xc0c15dc0, arg1=0xe9087c20, arg2=0, req=0xe9087ba4) at /usr/src/sys/ufs/ffs/ffs_alloc.c:2518
#10 0xc07a4b67 in sysctl_root (oidp=) at /usr/src/sys/kern/kern_sysctl.c:1306
#11 0xc07a4cd1 in userland_sysctl (td=0xc6cfa880, name=0xe9087c14, namelen=3, old=0x0, oldlenp=0x0, inkernel=0, new=0x805df80, newlen=32, 
    retval=0xe9087c10, flags=0) at /usr/src/sys/kern/kern_sysctl.c:1401
#12 0xc07a5a7c in __sysctl (td=0xc6cfa880, uap=0xe9087cfc) at /usr/src/sys/kern/kern_sysctl.c:1336
#13 0xc0ac1d35 in syscall (frame=0xe9087d38) at /usr/src/sys/i386/i386/trap.c:1035
#14 0xc0aa7d10 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#15 0x00000033 in ?? ()
(kgdb) ~~  thread 
[Current thread is 89 (Thread 100106)]
(kgdb) GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x473c6794
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc09a910e
stack pointer	        = 0x28:0xe907ea14
frame pointer	        = 0x28:0xe907ea74
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1161 (fsck_ufs)
trap number		= 12
panic: page fault
cpuid = 0
Uptime: 2h54m42s
Physical memory: 3059 MB
Dumping 288 MB: 273 257 241 225 209 193 177 161 145 129 113 97 81 65 49 33 17 1

Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/nullfs.ko...Reading symbols from /boot/kernel/nullfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/nullfs.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
#0  doadump () at pcpu.h:195
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc079b1c6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc079b49e in panic (fmt=) at /usr/src/sys/kern/kern_shutdown.c:572
#3  0xc0ac171c in trap_fatal (frame=0xe907e9d4, eva=1195141012) at /usr/src/sys/i386/i386/trap.c:899
#4  0xc0ac19ab in trap_pfault (frame=0xe907e9d4, usermode=0, eva=1195141012) at /usr/src/sys/i386/i386/trap.c:812
#5  0xc0ac23c5 in trap (frame=0xe907e9d4) at /usr/src/sys/i386/i386/trap.c:490
#6  0xc0aa7cab in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc09a910e in ffs_snapblkfree (fs=0xc6722000, devvp=0xc6811678, bno=-2147409120, size=16384, inum=2) at /usr/src/sys/ufs/ffs/ffs_snapshot.c:1731
#8  0xc099e890 in ffs_blkfree (ump=0xc6785600, fs=0xc6722000, devvp=0xc6811678, bno=-2147409120, size=16384, inum=2)
    at /usr/src/sys/ufs/ffs/ffs_alloc.c:1851
#9  0xc09a0b74 in sysctl_ffs_fsck (oidp=0xc0c15dc0, arg1=0xe907ec20, arg2=0, req=0xe907eba4) at /usr/src/sys/ufs/ffs/ffs_alloc.c:2518
#10 0xc07a4b67 in sysctl_root (oidp=) at /usr/src/sys/kern/kern_sysctl.c:1306
#11 0xc07a4cd1 in userland_sysctl (td=0xc685f880, name=0xe907ec14, namelen=3, old=0x0, oldlenp=0x0, inkernel=0, new=0x805df80, newlen=32, 
    retval=0xe907ec10, flags=0) at /usr/src/sys/kern/kern_sysctl.c:1401
#12 0xc07a5a7c in __sysctl (td=0xc685f880, uap=0xe907ecfc) at /usr/src/sys/kern/kern_sysctl.c:1336
#13 0xc0ac1d35 in syscall (frame=0xe907ed38) at /usr/src/sys/i386/i386/trap.c:1035
#14 0xc0aa7d10 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#15 0x00000033 in ?? ()
(kgdb) GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x47428794
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc09a910e
stack pointer	        = 0x28:0xe8faaa14
frame pointer	        = 0x28:0xe8faaa74
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1153 (fsck_ufs)
trap number		= 12
panic: page fault
cpuid = 0
Uptime: 3h9m40s
Physical memory: 3059 MB
Dumping 216 MB: 201 185 169 153 137 121 105 89 73 57 41 25 9

Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/nullfs.ko...Reading symbols from /boot/kernel/nullfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/nullfs.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
#0  doadump () at pcpu.h:195
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc079b1c6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc079b49e in panic (fmt=) at /usr/src/sys/kern/kern_shutdown.c:572
#3  0xc0ac171c in trap_fatal (frame=0xe8faa9d4, eva=1195542420) at /usr/src/sys/i386/i386/trap.c:899
#4  0xc0ac19ab in trap_pfault (frame=0xe8faa9d4, usermode=0, eva=1195542420) at /usr/src/sys/i386/i386/trap.c:812
#5  0xc0ac23c5 in trap (frame=0xe8faa9d4) at /usr/src/sys/i386/i386/trap.c:490
#6  0xc0aa7cab in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc09a910e in ffs_snapblkfree (fs=0xc671f000, devvp=0xc678b450, bno=-2147409120, size=16384, inum=2) at /usr/src/sys/ufs/ffs/ffs_snapshot.c:1731
#8  0xc099e890 in ffs_blkfree (ump=0xc673ae00, fs=0xc671f000, devvp=0xc678b450, bno=-2147409120, size=16384, inum=2)
    at /usr/src/sys/ufs/ffs/ffs_alloc.c:1851
#9  0xc09a0b74 in sysctl_ffs_fsck (oidp=0xc0c15dc0, arg1=0xe8faac20, arg2=0, req=0xe8faaba4) at /usr/src/sys/ufs/ffs/ffs_alloc.c:2518
#10 0xc07a4b67 in sysctl_root (oidp=) at /usr/src/sys/kern/kern_sysctl.c:1306
#11 0xc07a4cd1 in userland_sysctl (td=0xc6538660, name=0xe8faac14, namelen=3, old=0x0, oldlenp=0x0, inkernel=0, new=0x805df80, newlen=32, 
    retval=0xe8faac10, flags=0) at /usr/src/sys/kern/kern_sysctl.c:1401
#12 0xc07a5a7c in __sysctl (td=0xc6538660, uap=0xe8faacfc) at /usr/src/sys/kern/kern_sysctl.c:1336
#13 0xc0ac1d35 in syscall (frame=0xe8faad38) at /usr/src/sys/i386/i386/trap.c:1035
#14 0xc0aa7d10 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#15 0x00000033 in ?? ()
(kgdb) GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x471de994
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc09a910e
stack pointer	        = 0x28:0xe8f82a14
frame pointer	        = 0x28:0xe8f82a74
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1218 (fsck_ufs)
trap number		= 12
panic: page fault
cpuid = 0
Uptime: 3h9m19s
Physical memory: 3059 MB
Dumping 216 MB: 201 185 169 153 137 121 105 89 73 57 41 25 9

Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/nullfs.ko...Reading symbols from /boot/kernel/nullfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/nullfs.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
#0  doadump () at pcpu.h:195
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc079b1c6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xc079b49e in panic (fmt=) at /usr/src/sys/kern/kern_shutdown.c:572
#3  0xc0ac171c in trap_fatal (frame=0xe8f829d4, eva=1193142676) at /usr/src/sys/i386/i386/trap.c:899
#4  0xc0ac19ab in trap_pfault (frame=0xe8f829d4, usermode=0, eva=1193142676) at /usr/src/sys/i386/i386/trap.c:812
#5  0xc0ac23c5 in trap (frame=0xe8f829d4) at /usr/src/sys/i386/i386/trap.c:490
#6  0xc0aa7cab in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc09a910e in ffs_snapblkfree (fs=0xc6727000, devvp=0xc6816000, bno=-2147409120, size=16384, inum=2) at /usr/src/sys/ufs/ffs/ffs_snapshot.c:1731
#8  0xc099e890 in ffs_blkfree (ump=0xc6717200, fs=0xc6727000, devvp=0xc6816000, bno=-2147409120, size=16384, inum=2)
    at /usr/src/sys/ufs/ffs/ffs_alloc.c:1851
#9  0xc09a0b74 in sysctl_ffs_fsck (oidp=0xc0c15dc0, arg1=0xe8f82c20, arg2=0, req=0xe8f82ba4) at /usr/src/sys/ufs/ffs/ffs_alloc.c:2518
#10 0xc07a4b67 in sysctl_root (oidp=) at /usr/src/sys/kern/kern_sysctl.c:1306
#11 0xc07a4cd1 in userland_sysctl (td=0xc6752cc0, name=0xe8f82c14, namelen=3, old=0x0, oldlenp=0x0, inkernel=0, new=0x805df80, newlen=32, 
    retval=0xe8f82c10, flags=0) at /usr/src/sys/kern/kern_sysctl.c:1401
#12 0xc07a5a7c in __sysctl (td=0xc6752cc0, uap=0xe8f82cfc) at /usr/src/sys/kern/kern_sysctl.c:1336
#13 0xc0ac1d35 in syscall (frame=0xe8f82d38) at /usr/src/sys/i386/i386/trap.c:1035
#14 0xc0aa7d10 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#15 0x00000033 in ?? ()
(kgdb) q

>How-To-Repeat:


>Fix:

	Running fsck manually solved the problem.
	A big snapshotfile was removed by fsck.


>Release-Note:
>Audit-Trail:

From: Tor Egge <Tor.Egge@cvsup.no.freebsd.org>
To: dirk.meyer@dinoex.sub.org
Cc: FreeBSD-gnats-submit@freebsd.org, kib@freebsd.org, jhb@freebsd.org
Subject: Re: kern/127951: kernel crash in fsck_ufs
Date: Thu, 09 Oct 2008 22:04:50 +0000 (UTC)

 ----Next_Part(Thu_Oct__9_22_04_50_2008_475)--
 Content-Type: Text/Plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 
 
 check_maps() in /usr/src/sbin/fsck_ffs/pass5.c seems to be limited to file
 systems less than 1 TB, due to using 32-bits integers for file system block
 numbers.
 
 This also causes incorrect error reporting for foreground fsck.
 
 - Tor Egge
 
 
 ----Next_Part(Thu_Oct__9_22_04_50_2008_475)--
 Content-Type: Text/Plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline; filename=fsckdiff
 
 Index: pass5.c
 ===================================================================
 RCS file: /home/ncvs/src/sbin/fsck_ffs/pass5.c,v
 retrieving revision 1.43
 diff -u -r1.43 pass5.c
 --- pass5.c	31 Oct 2006 22:06:56 -0000	1.43
 +++ pass5.c	9 Oct 2008 21:56:51 -0000
 @@ -48,7 +48,7 @@
  
  #include "fsck.h"
  
 -static void check_maps(u_char *, u_char *, int, int, const char *, int *, int, int);
 +static void check_maps(u_char *, u_char *, int, ufs2_daddr_t, const char *, int *, int, int);
  
  void
  pass5(void)
 @@ -321,13 +321,17 @@
  			}
  			if (excessdirs > 0)
  				check_maps(cg_inosused(newcg), cg_inosused(cg),
 -				    inomapsize, cg->cg_cgx * fs->fs_ipg, "DIR",
 +				    inomapsize,
 +				    cg->cg_cgx * (ufs2_daddr_t) fs->fs_ipg,
 +				    "DIR",
  				    freedirs, 0, excessdirs);
  			check_maps(cg_inosused(newcg), cg_inosused(cg),
 -			    inomapsize, cg->cg_cgx * fs->fs_ipg, "FILE",
 +			    inomapsize,
 +			    cg->cg_cgx * (ufs2_daddr_t) fs->fs_ipg, "FILE",
  			    freefiles, excessdirs, fs->fs_ipg);
  			check_maps(cg_blksfree(cg), cg_blksfree(newcg),
 -			    blkmapsize, cg->cg_cgx * fs->fs_fpg, "FRAG",
 +			    blkmapsize,
 +			    cg->cg_cgx * (ufs2_daddr_t) fs->fs_fpg, "FRAG",
  			    freeblks, 0, fs->fs_fpg);
  		}
  		if (cursnapshot == 0 &&
 @@ -407,7 +411,7 @@
  	u_char *map1,	/* map of claimed allocations */
  	u_char *map2,	/* map of determined allocations */
  	int mapsize,	/* size of above two maps */
 -	int startvalue,	/* resource value for first element in map */
 +	ufs2_daddr_t startvalue, /* resource value for first element in map */
  	const char *name,	/* name of resource found in maps */
  	int *opcode,	/* sysctl opcode to free resource */
  	int skip,	/* number of entries to skip before starting to free */
 @@ -415,8 +419,8 @@
  {
  #	define BUFSIZE 16
  	char buf[BUFSIZE];
 -	long i, j, k, l, m, n, size;
 -	int astart, aend, ustart, uend;
 +	long i, j, k, l, m, size;
 +	ufs2_daddr_t n, astart, aend, ustart, uend;
  	void (*msg)(const char *fmt, ...);
  
  	if (bkgrdflag)
 @@ -443,10 +447,12 @@
  					continue;
  				}
  				if (astart == aend)
 -					(*msg)("ALLOCATED %s %d MARKED FREE\n",
 +					(*msg)("ALLOCATED %s %" PRId64
 +					    " MARKED FREE\n",
  					    name, astart);
  				else
 -					(*msg)("%s %sS %d-%d MARKED FREE\n",
 +					(*msg)("%s %sS %" PRId64 "-%" PRId64
 +					    " MARKED FREE\n",
  					    "ALLOCATED", name, astart, aend);
  				astart = aend = n;
  			} else {
 @@ -472,10 +478,12 @@
  				if (size > limit)
  					size = limit;
  				if (debug && size == 1)
 -					pwarn("%s %s %d MARKED USED\n",
 +					pwarn("%s %s %" PRId64
 +					    " MARKED USED\n",
  					    "UNALLOCATED", name, ustart);
  				else if (debug)
 -					pwarn("%s %sS %d-%ld MARKED USED\n",
 +					pwarn("%s %sS %" PRId64 "-%" PRId64
 +					    " MARKED USED\n",
  					    "UNALLOCATED", name, ustart,
  					    ustart + size - 1);
  				if (bkgrdflag != 0) {
 @@ -497,9 +505,11 @@
  	}
  	if (astart != -1) {
  		if (astart == aend)
 -			(*msg)("ALLOCATED %s %d MARKED FREE\n", name, astart);
 +			(*msg)("ALLOCATED %s %" PRId64
 +			    " MARKED FREE\n", name, astart);
  		else
 -			(*msg)("ALLOCATED %sS %d-%d MARKED FREE\n",
 +			(*msg)("ALLOCATED %sS %" PRId64 "-%" PRId64
 +			    " MARKED FREE\n",
  			    name, astart, aend);
  	}
  	if (ustart != -1) {
 @@ -514,10 +524,12 @@
  			size = limit;
  		if (debug) {
  			if (size == 1)
 -				pwarn("UNALLOCATED %s %d MARKED USED\n",
 +				pwarn("UNALLOCATED %s %" PRId64
 +				    " MARKED USED\n",
  				    name, ustart);
  			else
 -				pwarn("UNALLOCATED %sS %d-%ld MARKED USED\n",
 +				pwarn("UNALLOCATED %sS %" PRId64 "-%" PRId64
 +				    " MARKED USED\n",
  				    name, ustart, ustart + size - 1);
  		}
  		if (bkgrdflag != 0) {
 
 ----Next_Part(Thu_Oct__9_22_04_50_2008_475)----
Responsible-Changed-From-To: freebsd-bugs->kib 
Responsible-Changed-By: kib 
Responsible-Changed-When: Fri Oct 10 12:35:04 UTC 2008 
Responsible-Changed-Why:  
Take it to read feedback on the patch. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127951 

From: Tor Egge <Tor.Egge@cvsup.no.freebsd.org>
To: dirk.meyer@dinoex.sub.org
Cc: FreeBSD-gnats-submit@freebsd.org, kib@freebsd.org, jhb@freebsd.org,
        delphij@freebsd.org
Subject: Re: kern/127951: kernel crash in fsck_ufs
Date: Sat, 11 Oct 2008 02:21:39 +0000 (UTC)

 ----Next_Part(Sat_Oct_11_02_21_39_2008_499)--
 Content-Type: Text/Plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 
 
 One nearby error in background fsck is that some summary totals changes are
 incorrectly applied twice.  The next background fsck on the same file system
 might then print negative numbers for reclaimed directories/files/fragments.
 
 The enclosed patch tries to address that issue, to a very limited degree.  Code
 for proper recomputation of summary information (syncing up fs->fs_cs(fs, cyl))
 is still missing from background fsck, and the workaround (sysctl
 vfs.ffs.compute_summary_at_mount=1) has a noticeable mount latency penalty.
 
 - Tor Egge
 
 ----Next_Part(Sat_Oct_11_02_21_39_2008_499)--
 Content-Type: Text/Plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline; filename="fsck-bgsummary.diff"
 
 --- /tmp/fsck_ffs/pass5.c	2008-10-11 03:01:30.000000000 +0200
 +++ sbin/fsck_ffs/pass5.c	2008-10-11 00:05:12.000000000 +0200
 @@ -291,10 +291,17 @@
  				sump[run]++;
  			}
  		}
 -		cstotal.cs_nffree += newcg->cg_cs.cs_nffree;
 -		cstotal.cs_nbfree += newcg->cg_cs.cs_nbfree;
 -		cstotal.cs_nifree += newcg->cg_cs.cs_nifree;
 -		cstotal.cs_ndir += newcg->cg_cs.cs_ndir;
 +		if (bkgrdflag != 0) {
 +			cstotal.cs_nffree += cg->cg_cs.cs_nffree;
 +			cstotal.cs_nbfree += cg->cg_cs.cs_nbfree;
 +			cstotal.cs_nifree += cg->cg_cs.cs_nifree;
 +			cstotal.cs_ndir += cg->cg_cs.cs_ndir;
 +		} else {
 +			cstotal.cs_nffree += newcg->cg_cs.cs_nffree;
 +			cstotal.cs_nbfree += newcg->cg_cs.cs_nbfree;
 +			cstotal.cs_nifree += newcg->cg_cs.cs_nifree;
 +			cstotal.cs_ndir += newcg->cg_cs.cs_ndir;
 +		}
  		cs = &fs->fs_cs(fs, c);
  		if (cursnapshot == 0 &&
  		    memcmp(&newcg->cg_cs, cs, sizeof *cs) != 0 &&
 
 ----Next_Part(Sat_Oct_11_02_21_39_2008_499)----

From: dirk.meyer@dinoex.sub.org (Dirk Meyer)
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: kern/127951: kernel crash in fsck_ufs
Date: Sat, 11 Oct 2008 09:25:17 +0200

 Thanks for looking into this.
 I rebuild fsck under 7-STABLE with both patches and tested it in forground.
 Does this looks right?
 
 kind regards Dirk
 
 - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
 
 $ fsck /data
 ** /dev/da0p1 (NO WRITE)
 ** Last Mounted on /data
 ** Phase 1 - Check Blocks and Sizes
 ** Phase 2 - Check Pathnames
 UNALLOCATED  I=7556106  OWNER=dm MODE=100644
 SIZE=23008 MTIME=Oct 11 08:48 2008 
 FILE=/geobaldi1/tb.txt~
 
 UNEXPECTED SOFT UPDATE INCONSISTENCY
 
 REMOVE? no
 
 UNALLOCATED  I=7555993  OWNER=dm MODE=100644
 SIZE=1301792 MTIME=Oct 11 08:48 2008 
 FILE=/geobaldi1/tb.state~
 
 UNEXPECTED SOFT UPDATE INCONSISTENCY
 
 REMOVE? no
 
 ** Phase 3 - Check Connectivity
 ** Phase 4 - Check Reference Counts
 UNREF FILE  I=7556044  OWNER=dm MODE=100644
 SIZE=1301792 MTIME=Oct 11 08:51 2008 
 RECONNECT? no
 
 
 CLEAR? no
 
 UNREF FILE  I=7556086  OWNER=dm MODE=100644
 SIZE=23008 MTIME=Oct 11 08:51 2008 
 RECONNECT? no
 
 
 CLEAR? no
 
 LINK COUNT FILE I=7556092  OWNER=dm MODE=0
 SIZE=0 MTIME=Oct 11 08:52 2008  COUNT 0 SHOULD BE -1
 ADJUST? no
 
 LINK COUNT FILE I=7556096  OWNER=dm MODE=0
 SIZE=0 MTIME=Oct 11 08:52 2008  COUNT 0 SHOULD BE -1
 ADJUST? no
 
 ** Phase 5 - Check Cyl groups
 FREE BLK COUNT(S) WRONG IN SUPERBLK
 SALVAGE? no
 
 SUMMARY INFORMATION BAD
 SALVAGE? no
 
 ALLOCATED FRAGS 1-8 MARKED FREE
 BLK(S) MISSING IN BIT MAPS
 SALVAGE? no
 
 ALLOCATED FILE 13738768 MARKED FREE
 ALLOCATED FILE 13738964 MARKED FREE
 ALLOCATED FRAGS 2731364672-2731364679 MARKED FREE
 ALLOCATED FRAGS 2731369792-2731369799 MARKED FREE
 ALLOCATED FRAGS 2731369808-2731369811 MARKED FREE
 ALLOCATED FRAGS 2731374600-2731374663 MARKED FREE
 ALLOCATED FRAGS 2731374696-2731374759 MARKED FREE
 ALLOCATED FRAGS 2731374864-2731374991 MARKED FREE
 ALLOCATED FRAGS 2731375080-2731375135 MARKED FREE
 ALLOCATED FRAGS 2731375752-2731375807 MARKED FREE
 ALLOCATED FRAGS 2731375816-2731375943 MARKED FREE
 ALLOCATED FRAGS 2731422920-2731423063 MARKED FREE
 29533 files, 1926903667 used, 1000499840 free (1888 frags, 125062244 blocks, 0.0% fragmentation)
 

From: Tor Egge <Tor.Egge@cvsup.no.freebsd.org>
To: dirk.meyer@dinoex.sub.org
Cc: FreeBSD-gnats-submit@freebsd.org, kib@freebsd.org, jhb@freebsd.org,
        delphij@freebsd.org
Subject: Re: kern/127951: kernel crash in fsck_ufs
Date: Sat, 11 Oct 2008 20:14:17 +0000 (UTC)

 ----Next_Part(Sat_Oct_11_20_14_17_2008_697)--
 Content-Type: Text/Plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 
 
 The enclosed patch tries to sync up some of the summary information while
 making a snapshot.  No extra IO operations are involved.
 
 - Tor Egge
 
 
 ----Next_Part(Sat_Oct_11_20_14_17_2008_697)--
 Content-Type: Text/Plain; charset=us-ascii
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline; filename="snapshot.diff"
 
 Index: sys/ufs/ffs/ffs_snapshot.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_snapshot.c,v
 retrieving revision 1.145
 diff -u -r1.145 ffs_snapshot.c
 --- sys/ufs/ffs/ffs_snapshot.c	16 Sep 2008 11:51:06 -0000	1.145
 +++ sys/ufs/ffs/ffs_snapshot.c	11 Oct 2008 19:13:19 -0000
 @@ -864,6 +864,13 @@
  	}
  	UFS_LOCK(ip->i_ump);
  	ACTIVESET(fs, cg);
 +	/* 
 +	 * Recomputation of summary information might not have been performed
 +	 * at mount time.  Sync up summary information for current cylinder
 +	 * group while data is in memory to ensure that result of background
 +	 * fsck is slightly more consistent.
 +	 */
 +	fs->fs_cs(fs, cg) = cgp->cg_cs;
  	UFS_UNLOCK(ip->i_ump);
  	bcopy(bp->b_data, nbp->b_data, fs->fs_cgsize);
  	if (fs->fs_cgsize < fs->fs_bsize)
 
 ----Next_Part(Sat_Oct_11_20_14_17_2008_697)----
State-Changed-From-To: open->closed 
State-Changed-By: kib 
State-Changed-When: Fri Oct 31 13:59:18 UTC 2008 
State-Changed-Why:  
Patch committed to HEAD and 7. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127951 
>Unformatted:
