>Number:         36783
>Category:       kern
>Synopsis:       system panics under certain conditions when mounting a fileystem with fragsize > 2048
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 15 08:50:00 +0000 2007
>Originator:     Blair Sadewitz
>Release:        4.99.28
>Organization:
>Environment:
NetBSD/amd64 4.99.28
>Description:
Under certain conditions which I've yet to fully narrow down, the kernel will panic with the message:

pool_get: lfsbpppl: page empty

I can't capture the trace, but it goes like this:

lfs_mountfs() -> lfs_order_freelist() -> lfs_seglock() -> pool_get()

Looking at the code in lfs_mountfs, lfs_setup_resblks is called--and then later in the same functions, lfs_order_freelist() is called.  Both of those functions use the lfsbpppl pool.

Thusfar I've only been able to reproduce this under certain conditions, namely a filesystem size greater than ~64GB and block/frag sizes of 65536/8192 and 32768/4096.



>How-To-Repeat:
On a large (greater than 64GB, definitely 160GB+ should do it) slice, run:

newfs_lfs -A -b65536 -f8192 device

Now, mount it.  Observe panic. 
>Fix:
Sorry, beyond my comprehension, I think. Is there some sort of overflow happening?  *Is* bpp small? ;)