From netch@nn.kiev.ua Sun Nov 28 04:28:43 1999
Return-Path: <netch@nn.kiev.ua>
Received: from sivka.carrier.kiev.ua (sivka.carrier.kiev.ua [193.193.193.101])
	by hub.freebsd.org (Postfix) with ESMTP id AB05014E82
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 28 Nov 1999 04:28:26 -0800 (PST)
	(envelope-from netch@nn.kiev.ua)
Received: from nn.kiev.ua (nn.kiev.ua [193.193.193.203])
        by sivka.carrier.kiev.ua (8.Who.Cares/Kilkenny_is_better) with ESMTP id OKW11474
        for <FreeBSD-gnats-submit@freebsd.org>; Sun, 28 Nov 1999 14:28:15 +0200 (EET)
        (envelope-from netch@nn.kiev.ua)
Received: (from netch@localhost)
	by nn.kiev.ua (8.10.0.Beta6/8.9.3) id dASCSCQ01254;
	Sun, 28 Nov 1999 14:28:12 +0200 (EET)
	(envelope-from netch)
Message-Id: <199911281228.dASCSCQ01254@nn.kiev.ua>
Date: Sun, 28 Nov 1999 14:28:12 +0200 (EET)
From: netch@lucky.net (Valentin Nechayev)
Sender: netch@nn.kiev.ua
Reply-To: netch@lucky.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: Panic on MSDOS FS mount
X-Send-Pr-Version: 3.2

>Number:         15136
>Category:       kern
>Synopsis:       Panic on MSDOS FS mount
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 28 04:30:00 PST 1999
>Closed-Date:    Tue Dec 28 07:39:04 PST 1999
>Last-Modified:  Wed Dec 29 01:20:00 PST 1999
>Originator:     Valentin Nechayev
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
Lucky Net Ltd.
>Environment:

4.0-CURRENT i386
3.3-STABLE i386

>Description:

On attempt to mount MSDOS (FAT16) file system, kernel falls to panic with
message:
panic: vm_fault: fault on nofault entry, addr=c16de000

The effect is constant and appears on both 3.3-STABLE and 4.0-CURRENT.

Debugging says that fault is when fillinusemap() is in cycle with
cn == 51200 in code part (debug print is inserted by me) after first debug
print in following code before second one. Sorry but I cannot debug more
in depth of this problem just now.

==={
                if (!bo || !bp) {
                        printf( "fillinusemap(%d): cn=%d\n", __LINE__, cn );
                        /* Read new FAT block */
                        if (bp)
                                brelse(bp);
                        fatblock(pmp, byteoffset, &bn, &bsize, NULL);
                        error = bread(pmp->pm_devvp, bn, bsize, NOCRED, &bp);
                        if (error) {
                                brelse(bp);
                                return (error);
                        }
                }
===}

The file system is on /dev/wd0s6, C/H/S location 570:0:1 - 773:254:63.
Its super block is:

begin 644 su.D
MZSR0;6MD;W-F<P```D`!``(``@``^,@`/P#_``````",`3(````ITKD8.$DQ
M-40@("`@("`@1D%4,38@("`.'[Y;?*PBP'0+5K0.NP<`S1!>Z_`RY,T6S1GK
M_E1H:7,@:7,@;F]T(&$@8F]O=&%B;&4@9&ES:RX@(%!L96%S92!I;G-E<G0@
M82!B;V]T86)L92!F;&]P<'D@86YD#0IP<F5S<R!A;GD@:V5Y('1O('1R>2!A
M9V%I;B`N+BX@#0H`````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
1````````````````````5:H`
`
end

None of other MSDOS filesystems on this disk cause such effect. Linux (RedHat
6.0), Win98 and MS-DOS all work with all local MSDOS partitions correctly.

Kernel config for 4.0-CURRENT is:

==={
machine		i386
cpu		I586_CPU
cpu		I686_CPU
ident		"nn5"
maxusers	32

makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols

options 	INET			#InterNETworking
options 	FFS			#Berkeley Fast Filesystem
options 	FFS_ROOT		#FFS usable as root device [keep this!]
options 	MFS			#Memory Filesystem
options 	NFS			#Network Filesystem
options 	MSDOSFS			#MSDOS Filesystem
options 	CD9660			#ISO 9660 Filesystem
options 	CD9660_ROOT		#CD-ROM usable as root. "CD9660" req'ed
options 	PROCFS			#Process filesystem
options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
options 	SCSI_DELAY=5000
options 	USERCONFIG		#boot -c editor
options 	VISUAL_USERCONFIG	#visual boot -c editor
options		INCLUDE_CONFIG_FILE
options 	KTRACE			#ktrace(1) syscall trace support
options		DDB
options 	SYSVSHM			#SYSV-style shared memory
options 	SYSVMSG			#SYSV-style message queues
options 	SYSVSEM			#SYSV-style semaphores

controller	isa0
controller	pnp0			# PnP support for ISA
controller	pci0

# Floppy drives
controller	fdc0	at isa? port IO_FD1 irq 6 drq 2
device		fd0	at fdc0 drive 0

# IDE controller and disks
controller	wdc0	at isa? port IO_WD1 irq 14
device		wd0	at wdc0 drive 0
device		wd1	at wdc0 drive 1

# ATAPI devices on wdc?
device		wcd0		#IDE CD-ROM

# atkbdc0 controls both the keyboard and the PS/2 mouse
controller	atkbdc0	at isa? port IO_KBD
device		atkbd0	at atkbdc? irq 1
device		psm0	at atkbdc? irq 12

device		vga0	at isa? port ? conflicts

# splash screen/screen saver
pseudo-device	splash

# syscons is the default console driver, resembling an SCO console
device		sc0	at isa?

# Floating point support - do not disable.
device		npx0	at nexus? port IO_NPX irq 13

# Power management support (see LINT for more options)
device		apm0    at nexus? flags 0x31 # Advanced Power Management

# Serial (COM) ports
device		sio0	at isa? port IO_COM1 flags 0x10 irq 4
device		sio1	at isa? port IO_COM2 irq 3

# Parallel port
device		ppc0	at isa? port? flags 0x40 irq 7
controller	ppbus0		# Parallel port bus (required)
device		lpt0		# Printer
device		plip0		# TCP/IP over parallel
device		ppi0		# Parallel port interface device
#controller	vpo0		# Requires scbus and da0

# Pseudo devices - the number indicates how many units to allocated.
pseudo-device	loop		# Network loopback
pseudo-device	ether		# Ethernet support
pseudo-device	sl	1	# Kernel SLIP
pseudo-device	ppp	1	# Kernel PPP
pseudo-device	tun		# Packet tunnel.
pseudo-device	pty		# Pseudo-ttys (telnet etc)
pseudo-device	gzip		# Exec gzipped a.out's
pseudo-device	vn	2
pseudo-device	disc

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device	bpf	2	#Berkeley packet filter

# USB support
controller	uhci0		# UHCI PCI->USB interface
controller	ohci0		# OHCI PCI->USB interface
controller	usb0		# USB Bus (required)
device		ugen0		# Generic
device		uhid0		# "Human Interface Devices"
device		ukbd0		# Keyboard
device		ulpt0		# Printer
device		ums0		# Mouse
options 	INVARIANTS
options 	INVARIANT_SUPPORT
options 	NETATALK		#Appletalk communications protocols
#options 	NS			#Xerox NS protocols
options 	IPFIREWALL		#firewall
options 	IPFIREWALL_VERBOSE
options 	IPFIREWALL_DEFAULT_TO_ACCEPT	#allow everything by default
options		IPPORTACL_V1
options		IPPORTACL_V1_DEBUG=1
options 	TCP_DROP_SYNFIN		#drop TCP packets with SYN+FIN
options 	TCP_RESTRICT_RST	#restrict emission of TCP RST
options 	ICMP_BANDLIM
options 	DUMMYNET
#options 	DEVFS			#devices filesystem
options 	QUOTA			#enable disk quotas
options 	P1003_1B
options 	_KPOSIX_PRIORITY_SCHEDULING
options 	_KPOSIX_VERSION=199309L
pseudo-device	speaker		#Play IBM BASIC-style noises out your speaker
pseudo-device	snp		#Snoop device - to look at pty/vty/etc..
options 	MSGBUF_SIZE=81920
options 	SC_DFLT_FONT		# compile font in
makeoptions	SC_DFLT_FONT=koi8-r
options 	SC_HISTORY_SIZE=600	# number of history buffer lines
options 	SC_MOUSE_CHAR=0x3	# char code for text mode mouse cursor
options 	IDE_DELAY=5000	# Be optimistic about Joe IDE device
===}

>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:

From: Boris Popov <bp@butya.kz>
To: freebsd-gnats-submit@freebsd.org, netch@lucky.net
Cc:  
Subject: Re: kern/15136: Panic on MSDOS FS mount
Date: Fri, 24 Dec 1999 15:41:23 +0600

 > On attempt to mount MSDOS (FAT16) file system, kernel falls to panic with
 >      message:
 >      panic: vm_fault: fault on nofault entry, addr=c16de000
 
 	This caused by inconsistent data in the boot record. Could please test
 the following patch and tell me if this helps:
 
 diff -u ../msdosfs_vfsops.c ./msdosfs_vfsops.c
 --- ../msdosfs_vfsops.c Sun Dec 19 12:07:56 1999
 +++ ./msdosfs_vfsops.c  Fri Dec 24 15:15:08 1999
 @@ -364,6 +364,7 @@
         struct byte_bpb50 *b50;
         struct byte_bpb710 *b710;
         u_int8_t SecPerClust;
 +       u_long clusters;
         int     ronly, error;
  
         /*
 @@ -595,14 +596,13 @@
                 pmp->pm_firstcluster = pmp->pm_rootdirblk +
 pmp->pm_rootdirsize;
         }
  
 -       pmp->pm_nmbrofclusters = (pmp->pm_HugeSectors - pmp->pm_firstcluster)
 /
 -           SecPerClust;
 -       pmp->pm_maxcluster = pmp->pm_nmbrofclusters + 1;
 +       pmp->pm_maxcluster = (pmp->pm_HugeSectors - pmp->pm_firstcluster) /
 +           SecPerClust + 1;
         pmp->pm_fatsize = pmp->pm_FATsecs * pmp->pm_BytesPerSec;
  
  #ifndef __FreeBSD__
         if (argp->flags & MSDOSFSMNT_GEMDOSFS) {
 -               if ((pmp->pm_nmbrofclusters <= (0xff0 - 2))
 +               if ((pmp->pm_maxcluster <= (0xff0 - 2))
                       && ((dtype == DTYPE_FLOPPY) || ((dtype == DTYPE_VNODE)
                       && ((pmp->pm_Heads == 1) || (pmp->pm_Heads == 2))))
                     ) {
 @@ -633,6 +633,15 @@
                         pmp->pm_fatdiv = 1;
                 }
         }
 +
 +       clusters = (pmp->pm_fatsize / pmp->pm_fatmult) * pmp->pm_fatdiv;
 +       if (pmp->pm_maxcluster >= clusters) {
 +               printf("Warning: number of clusters (%ld) exceeds FAT "
 +                   "capasity (%ld)\n", pmp->pm_maxcluster + 1, clusters);
 +               pmp->pm_maxcluster = clusters - 1;
 +       }
 +
 +
         if (FAT12(pmp))
                 pmp->pm_fatblocksize = 3 * pmp->pm_BytesPerSec;
         else
 @@ -829,7 +838,7 @@
         pmp = VFSTOMSDOSFS(mp);
         sbp->f_bsize = pmp->pm_bpcluster;
         sbp->f_iosize = pmp->pm_bpcluster;
 -       sbp->f_blocks = pmp->pm_nmbrofclusters;
 +       sbp->f_blocks = pmp->pm_maxcluster + 1;
         sbp->f_bfree = pmp->pm_freeclustercount;
         sbp->f_bavail = pmp->pm_freeclustercount;
         sbp->f_files = pmp->pm_RootDirEnts;                     /* XXX */
 diff -u ../msdosfsmount.h ./msdosfsmount.h
 --- ../msdosfsmount.h   Sat Aug 28 07:48:11 1999
 +++ ./msdosfsmount.h    Fri Dec 24 12:18:12 1999
 @@ -73,7 +73,6 @@
         u_long pm_rootdirblk;   /* block # (cluster # for FAT32) of root
 directory number */
         u_long pm_rootdirsize;  /* size in blocks (not clusters) */
         u_long pm_firstcluster; /* block number of first cluster */
 -       u_long pm_nmbrofclusters;       /* # of clusters in filesystem */
         u_long pm_maxcluster;   /* maximum cluster number */
         u_long pm_freeclustercount;     /* number of free clusters */
         u_long pm_cnshift;      /* shift file offset right this amount to get
 a cluster number */
 
State-Changed-From-To: open->closed 
State-Changed-By: bp 
State-Changed-When: Tue Dec 28 07:39:04 PST 1999 
State-Changed-Why:  
Fix committed. Thanks! 

From: Valentin Nechayev <netch@lucky.net>
To: Boris Popov <bp@butya.kz>, freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: kern/15136: Panic on MSDOS FS mount
Date: Wed, 29 Dec 1999 11:09:29 +0200

  Fri, Dec 24, 1999 at 15:41:23, bp wrote about "Re: kern/15136: Panic on MSDOS FS mount": 
 
 > > On attempt to mount MSDOS (FAT16) file system, kernel falls to panic with
 > >      message:
 > >      panic: vm_fault: fault on nofault entry, addr=c16de000
 > 
 > 	This caused by inconsistent data in the boot record. Could please test
 > the following patch and tell me if this helps:
 > 
 > diff -u ../msdosfs_vfsops.c ./msdosfs_vfsops.c
 
 [skip]
 
 Thanks, it fixed. On mounting, the following message appeared:
 
 Warning: number of clusters (51201) exceeds FAT capasity (51200)
 
 and disk mount occured normally.
 
 --
 NVA
 
>Unformatted:
