Neeraj Pal <[email protected]> wrote: > On Thu, Feb 27, 2020 at 10:17 AM Theo de Raadt <[email protected]> wrote: > > > > Garbage in, garbage out. > > > > What do you expect? > > > > The ffs layer cannot 100% gaurantee that an provided block of > > storage satisfies all conditions. It is impossible since FFS > > is not designed as a ACID transactional system. It's best effort > > at coherency a 3-step dance to allow fsck to figure out where it > > crashed. > > > > But if you make synthetic tests, you'll be at this for years and years > > and years. > > Thank you for the information, Theo. > > So, can we say that this assertion panic is expected behavior for FFS?
Any of a thousand failures could occur. 1 - you didn't fsck those filesystems. 2 - even if you did, fsck does not create clean filesystems out of garbage. The only tooling I know of which could convert a totally broken filesystem into a less broken filesystem is "dump | restore", but I expect even dump to be full of bugs. This filesystem was not written to meet the parameters you expect of it. We could make 50 changes to try to cope, but it will simply escalate into directory loops, clusters layed out on top of directory maps which get modified by fsck, etc etc etc. It cannot be won because this filesystem was not written to meet the parameters you are suddenly expecting of it.
