Bug #739

Panic in msdosfs on -HEAD

Added by wa1ter over 9 years ago. Updated over 9 years ago.

Target version:
Start date:
Due date:
% Done:



Several times I've had this panic while trying to move a file from
DFly to a mounted msdos file system:

Unread portion of the kernel message buffer:
debug: msdosfs: hashins collision, retrying

Fatal trap 12: page fault while in kernel mode

#0 dumpsys () at thread.h:83
#1 0xc01955a3 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:371
#2 0xc01956f7 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:796
#3 0xc02c38fa in trap_fatal (frame=0xcf1c8880, eva=Variable "eva" is not
) at /usr/src/sys/platform/pc32/i386/trap.c:1097
#4 0xc02c3a52 in trap_pfault (frame=0xcf1c8880, usermode=0, eva=44)
at /usr/src/sys/platform/pc32/i386/trap.c:998
#5 0xc02c4316 in trap (frame=0xcf1c8880) at
#6 0xc02b5ef6 in calltrap () at /usr/src/sys/platform/pc32/i386/exception.s:783
#7 0xc01edb1b in msdosfs_inactive (ap=0xcf1c88ec) at
#8 0xc01e5ec8 in vop_inactive (ops=0xc7f1ded8, vp=0xcf093438) at
#9 0xc01dd34a in vnode_terminate (vp=0xcf093438) at
#10 0xc0177434 in _sysref_put (sr=0xcf093448) at
#11 0xc01dd519 in vx_put (vp=0xcf093438) at sysref2.h:85
#12 0xc01ede93 in deget (pmp=0xccece1b8, dirclust=642, diroffset=64,
at /usr/src/sys/vfs/msdosfs/msdosfs_denode.c:318
#13 0xc01f04c6 in createde (dep=0xcf1c8a2c, ddep=0xcb148938, depp=0xcf1c8a28,
at /usr/src/sys/vfs/msdosfs/msdosfs_lookup.c:664
#14 0xc01f25a0 in msdosfs_create (ap=0xcf1c8aac) at
#15 0xc01e5aa8 in vop_old_create (ops=0xc7f1ded8, dvp=0xcebe4a78,
vpp=0xcf1c8bfc, cnp=0xcf1c8af4,
vap=0xcf1c8b8c) at /usr/src/sys/kern/vfs_vopops.c:189
#16 0xc01d5515 in vop_compat_ncreate (ap=0xcf1c8b38) at
#17 0xc01d41e8 in vop_defaultop (ap=0xcf1c8b38) at
#18 0xc01e691f in vop_ncreate (ops=0xc7f1ded8, nch=0xcf1c8c80, vpp=0xcf1c8bfc,
vap=0xcf1c8b8c) at /usr/src/sys/kern/vfs_vopops.c:991
#19 0xc01e5016 in vn_open (nd=0xcf1c8c80, fp=0xceed3a98, fmode=3586, cmode=0)
at /usr/src/sys/kern/vfs_vnops.c:184
#20 0xc01e1f52 in kern_open (nd=0xcf1c8c80, oflags=3585, mode=0, res=0xcf1c8cf0)
at /usr/src/sys/kern/vfs_syscalls.c:1499
#21 0xc01e21ab in sys_open (uap=0xcf1c8cf0) at
#22 0xc02c3dde in syscall2 (frame=0xcf1c8d40) at
#23 0xc02b5f95 in Xint0x80_syscall () at
#24 0x08049e48 in ?? ()
#25 0xbfbff18c in ?? ()
#26 0x0000002f in ?? ()
#27 0x00000000 in ?? ()
#28 0x00000000 in ?? ()
#29 0x00000000 in ?? ()
#30 0x00000000 in ?? ()
#31 0x10ff8000 in ?? ()
#32 0xcf023800 in ?? ()
#33 0xcb13ec00 in ?? ()
#34 0xcf1c86e8 in ?? ()
#35 0xcf1c86c8 in ?? ()
#36 0xff800000 in ?? ()
#37 0xc019c2b8 in lwkt_switch () at /usr/src/sys/kern/lwkt_thread.c:752
Previous frame inner to this frame (corrupt stack?)

May be just a coincidence, but each time I've been doing this:
#mv /usr/obj/usr/src/sys/boot/pc32/loader/loader /c
just after compiling a patched version of 'loader' (/c is an msdosfs).
After rebooting I see that /c/loader has 0 bytes. I've trying moving
other files in the same way, but so far it only happens with 'loader'.
(Maybe a name cache problem? Dunno.)


#1 Updated by nthery almost 11 years ago

Please see for a possible fix.

#2 Updated by dillon almost 11 years ago

:Nicolas Thery <> added the comment:
:Please see for a possible fix.
:priority: -> bug
:status: unread -> chatting

Good Sleuthing on the msdos bug too, I have committed a slightly
more involved version of your fix (several other places in that
same procedure needed NULL checks).

Matthew Dillon

Also available in: Atom PDF