Fatal trap 12 on booting GERERIC kernel

Noritoshi Demizu demizu at dd.iij4u.or.jp
Thu Aug 11 02:21:22 PDT 2005

Thank you, Yonetani-san.

I just come to the same place.  In my case, when I type "ls" in the
sinle user mode,

	dp->d_reclen			= 12
	offsetof(struct dirent, d_name)	= 8
	dp->d_namlen			= 9

So, (dp->d_reclen - offsetof(struct dirent, d_name) - dp->d_namlen) == -5
in my case.

BTW, vop_write_dirent() calls bzero as the following.

	bzero(dp->d_name + dp->d_namelen,
	      dp->d_reclen - offsetof(struct dirent, d_name) - dp->d_namlen);

And "dp" points to an auto variable.

So, generic_bzero() might interpret -5 as 0xfffffffb and clears the
kernel stack from the auto variable to the bottom of the kernel stack,
then encounters page fault.  That would be the reason why generic_bzero()
is displayed at the bottom of the stack trace and its arguments are all

In vop_write_dirent(), dp->d_reclen = GENERIC_DIRSIZ(dp) is executed
without assigning a value to dp->d_namelen.  I think this is the reason
why dp->d_reclen was 12 (too short) in my case.

A possible fix would be to assign a correct value to tp->d_namelen
before using GENERIC_DIRSIZ(dp).

Noritoshi Demizu

> From: YONETANI Tomokazu <qhwt+dfly at xxxxxxxxxx>
> To: kernel at xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: Fatal trap 12 on booting GERERIC kernel
> Date: Thu, 11 Aug 2005 17:46:04 +0900
> On Thu, Aug 11, 2005 at 05:20:50PM +0900, Noritoshi Demizu wrote:
> > > The latest GENERIC kernel fails to boot on my machine.
> >
> > When I reported this problem, I chose multi user mode in my all trys.
> >
> > I just find that, if I choose single user mode, the '#' prompt of
> > /bin/sh is successfully displayed.  And the "pwd" command successfully
> > prints "/".  But when I typed "ls", the kernel paniced in generic_bzero.
> >
> > I did buildworld & installworld both yesterday and today.  Yesterdays'
> > GENERIC kernel works fine with both yesterdays' and today's userland.
> > But today's GENERIC kernel does not work with yesterdays' nor today's
> > userland.
> Yes, I'm seeing this too, and I suspect that the calculation in
> vop_write_dirent() is wrong; I inserted a printf() before the bzero()
> and found that the second argument, or
>   dp->d_reclen - offsetof(struct dirent, d_name) - dp->d_namlen,
> can be negative.  Try reverting the users of vop_write_dirent()
> to the previous revisions and see if it helps.
> Cheers.

More information about the Kernel mailing list