From owner-freebsd-bugs@FreeBSD.ORG  Mon Apr 21 11:30:02 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 890201065678
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 21 Apr 2008 11:30:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 674BA8FC33
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 21 Apr 2008 11:30:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3LBU2jv000581
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 21 Apr 2008 11:30:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3LBU2C8000576;
	Mon, 21 Apr 2008 11:30:02 GMT (envelope-from gnats)
Resent-Date: Mon, 21 Apr 2008 11:30:02 GMT
Resent-Message-Id: <200804211130.m3LBU2C8000576@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Dominic Fandrey <kamikaze@bsdforen.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 15A8E1065673
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon, 21 Apr 2008 11:26:00 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id EF1EF8FC17
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon, 21 Apr 2008 11:25:59 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3LBPdZj093757
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Apr 2008 11:25:39 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m3LBPdNJ093755;
	Mon, 21 Apr 2008 11:25:39 GMT (envelope-from nobody)
Message-Id: <200804211125.m3LBPdNJ093755@www.freebsd.org>
Date: Mon, 21 Apr 2008 11:25:39 GMT
From: Dominic Fandrey <kamikaze@bsdforen.de>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: kern/122961: write operation on msdosfs file system causes panic
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Apr 2008 11:30:02 -0000


>Number:         122961
>Category:       kern
>Synopsis:       write operation on msdosfs file system causes panic
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 21 11:30:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Dominic Fandrey
>Release:        RELENG_7
>Organization:
private
>Environment:
FreeBSD mobileKamikaze.norad 7.0-STABLE FreeBSD 7.0-STABLE #0: Sat Apr 19 01:05:43 CEST 2008     root@mobileKamikaze.norad:/usr/obj/HP6510b/amd64/usr/src/sys/HP6510b  amd64

>Description:
Trying to copy files to an msdosfs file system on a USB stick causes the system to panic. This is reproducible, the backtrace always looks the same.

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0xe
fault code		= supervisor write data, page not present
instruction pointer	= 0x8:0xffffff00705ba1f0
stack pointer	        = 0x10:0xffffffffaf0fe2e0
frame pointer	        = 0x10:0xffffffffaf0fe390
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 2047 (cp)
trap number		= 12
panic: page fault
cpuid = 0
Uptime: 13m32s
Physical memory: 2030 MB
Dumping 209 MB: 194 178 162 146 130 114 98 82 66 50 34 18 2

#0  doadump () at pcpu.h:194
194	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:194
#1  0x0000000000000004 in ?? ()
#2  0xffffffff801ff9c1 in boot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:418
#3  0xffffffff801ffdf2 in panic (fmt=0x104 <Address 0x104 out of bounds>)
    at /usr/src/sys/kern/kern_shutdown.c:572
#4  0xffffffff803dbe8a in trap_fatal (frame=0xffffff0001ff46a0, 
    eva=18446742974281863168) at /usr/src/sys/amd64/amd64/trap.c:724
#5  0xffffffff803dc231 in trap_pfault (frame=0xffffffffaf0fe230, usermode=0)
    at /usr/src/sys/amd64/amd64/trap.c:641
#6  0xffffffff803dcaef in trap (frame=0xffffffffaf0fe230)
    at /usr/src/sys/amd64/amd64/trap.c:410
#7  0xffffffff803c392e in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:169
#8  0xffffff00705ba1f0 in ?? ()
#9  0x00000009802813e4 in ?? ()
#10 0xffffff00705ba1f0 in ?? ()
#11 0xffffff0001ff46a0 in ?? ()
#12 0xffffff0005659700 in ?? ()
#13 0xffffffffaf0fe4e0 in ?? ()
#14 0x0000000000003041 in ?? ()
#15 0xffffff0001ff46a0 in ?? ()
#16 0xffffffff80416924 in cdrom_rootdevnames ()
---Type <return> to continue, or q <return> to quit---
#17 0x000000000000080e in ?? ()
#18 0x0000000000000000 in ?? ()
#19 0xffffff00705ba1f0 in ?? ()
#20 0x0000000000000000 in ?? ()
#21 0xffffff007cf86ec8 in ?? ()
#22 0xffffff0001ff46a0 in ?? ()
#23 0xffffff0005d5a820 in ?? ()
#24 0x0000000000009000 in ?? ()
#25 0xffffff00705ba1f0 in ?? ()
#26 0xffffffffaf0fe4e0 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000004 in ?? ()
#29 0xffffffff803bceba in vnode_pager_getpages (object=0xffffff0001ff46a0, 
    m=0x0, count=Variable "count" is not available.
) at vnode_if.h:1129
#30 0xffffffff803a87d0 in vm_fault (map=0xffffff0005b9f000, vaddr=34368442368, 
    fault_type=1 '\001', fault_flags=0) at vm_pager.h:130
#31 0xffffffff803dc0ae in trap_pfault (frame=0xffffffffaf0fe740, usermode=0)
    at /usr/src/sys/amd64/amd64/trap.c:618
#32 0xffffffff803dcaef in trap (frame=0xffffffffaf0fe740)
    at /usr/src/sys/amd64/amd64/trap.c:410
#33 0xffffffff803c392e in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:169
#34 0xffffffff803db4ed in copyin () at /usr/src/sys/amd64/amd64/support.S:303
---Type <return> to continue, or q <return> to quit---
#35 0xffffffff802063f7 in uiomove (cp=0xffffffff9bc99000, n=4096, 
    uio=0xffffffffaf0feb10) at /usr/src/sys/kern/kern_subr.c:170
#36 0xffffffff801a5fb2 in msdosfs_write (ap=Variable "ap" is not available.
)
    at /usr/src/sys/fs/msdosfs/msdosfs_vnops.c:812
#37 0xffffffff803f89ae in VOP_WRITE_APV (vop=0xffffffff805421a0, 
    a=0xffffffffaf0fea20) at vnode_if.c:691
#38 0xffffffff80282797 in vn_write (fp=0xffffff0070379000, 
    uio=0xffffffffaf0feb10, active_cred=Variable "active_cred" is not available.
) at vnode_if.h:373
#39 0xffffffff80233a0f in dofilewrite (td=0xffffff0001ff46a0, fd=4, 
    fp=0xffffff0070379000, auio=0xffffffffaf0feb10, offset=Variable "offset" is not available.
) at file.h:254
#40 0xffffffff80233cbb in kern_writev (td=0xffffff0001ff46a0, fd=4, 
    auio=0xffffffffaf0feb10) at /usr/src/sys/kern/sys_generic.c:401
#41 0xffffffff80233d28 in write (td=Variable "td" is not available.
) at /usr/src/sys/kern/sys_generic.c:317
#42 0xffffffff803dc49c in syscall (frame=0xffffffffaf0fec70)
    at /usr/src/sys/amd64/amd64/trap.c:852
#43 0xffffffff803c3b3b in Xfast_syscall ()
    at /usr/src/sys/amd64/amd64/exception.S:290
#44 0x000000080070c5bc in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) 

>How-To-Repeat:
Just write a file on an msdosfs mount.
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: