Hello, I reckon the following patch fixes http://bugs.dragonflybsd.org/issue739.
I couldn't reproduce the issue, so I simply rebuilt the kernel to test this patch. When the collision occurs in deget(), the newly created vnode (nvp) is destroyed. At this point, nvp->v_data does not yet point to the denode (ldep) and is presumably NULL, so when nvp->v_data is dereferenced in msdosfs_inactive() (dep->de_name[0] == SLOT_DELETED), the kernel takes a fault. The patch simply checks that dep is not NULL before dereferencing it. This mimics what is done in ufs_inactive() and is documented in http://www.dragonflybsd.org/cvsweb/src/sys/vfs/ufs/ufs_ihash.c?r1=1.12. Cheers, Nicolas Index: msdosfs_denode.c =================================================================== RCS file: /home/dcvs/src/sys/vfs/msdosfs/msdosfs_denode.c,v retrieving revision 1.29 diff -u -r1.29 msdosfs_denode.c --- msdosfs_denode.c 14 Jun 2007 02:55:27 -0000 1.29 +++ msdosfs_denode.c 29 Jul 2007 19:11:05 -0000 @@ -698,7 +698,7 @@ /* * Ignore denodes related to stale file handles. */ - if (dep->de_Name[0] == SLOT_DELETED) + if (dep == NULL || dep->de_Name[0] == SLOT_DELETED) goto out; /*
