netbsd-bugs: bin/23866: systat bufcache quits with SIGFPE

Subject: bin/23866: systat bufcache quits with SIGFPE
To: None <gnats-bugs@gnats.netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 12/24/2003 05:28:59
>Number:         23866
>Category:       bin
>Synopsis:       systat bufcache quits with SIGFPE
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 24 05:29:03 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Christian Biere
>Release:        NetBSD 1.6ZG
>Organization:
>Environment:
System: NetBSD cyclonus 1.6ZG NetBSD 1.6ZG (STARSCREAM) #0: Wed Dec 24 04:46:20 CET 2003 bin@cyclonus:/usr/build/src/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
>Description:

systat bufcache crashes immediately with SIGFPE. This happens due to a
division by zero. I hope this isn't a case of kernel/userland out-of-sync.
How could I verify that? IIRC, the kernel is only a few days younger than
userland.

Starting program: /usr/src/usr.bin/systat/systat bufcache
Program received signal SIGFPE, Arithmetic exception.
0x0804a8dc in showbufcache () at bufcache.c:183
183				wprintw(wnd,
(gdb) bt
#0  0x0804a8dc in showbufcache () at bufcache.c:183
#1  0x08050393 in display (signo=0) at main.c:296
#2  0x08050174 in main (argc=0, argv=0xbfbffc18) at main.c:233
#3  0x0804a342 in ___start ()
(gdb) info local
tbuf = 1
i = 6
lastrow = 5
tvalid = 0
tsize = 656
ml = (struct ml_entry *) 0x8152000
(gdb) p *ml
$1 = {ml_count = 1, ml_size = 0, ml_valid = 0, ml_addr = 0x765ff, ml_mount = {
    mnt_list = {cqe_next = 0x0, cqe_prev = 0x0}, mnt_op = 0x0, 
    mnt_vnodecovered = 0x0, mnt_syncer = 0x0, mnt_vnodelist = {
      lh_first = 0x0}, mnt_lock = {lk_interlock = {lock_data = 0}, 
      lk_flags = 0, lk_sharecount = 0, lk_exclusivecount = 0, 
      lk_recurselevel = 0, lk_waitcount = 0, lk_wmesg = 0x0, lk_un = {
        lk_un_sleep = {lk_sleep_lockholder = 0, lk_sleep_locklwp = 0, 
          lk_sleep_prio = 0, lk_sleep_timo = 0}, lk_un_spin = {
          lk_spin_cpu = 0}}}, mnt_flag = 0, mnt_iflag = 0, 
    mnt_maxsymlinklen = 0, mnt_fs_bshift = 0, mnt_dev_bshift = 0, mnt_stat = {
      f_type = 0, f_oflags = 0, f_bsize = 0, f_iosize = 0, f_blocks = 0, 
      f_bfree = 0, f_bavail = 0, f_files = 0, f_ffree = 0, f_fsid = {val = {0, 
          0}}, f_owner = 0, f_flags = 0, f_syncwrites = 0, f_asyncwrites = 0, 
      f_spare = {0}, f_fstypename = '\0' <repeats 15 times>, 
      f_mntonname = '\0' <repeats 89 times>, 
      f_mntfromname = '\0' <repeats 89 times>}, mnt_data = 0x0, mnt_wcnt = 0, 
    mnt_unmounter = 0x0, mnt_writeopcountupper = 0, 
    mnt_writeopcountlower = 0}, ml_entries = {le_next = 0x0, 
    le_prev = 0x8152378}}

CMIIW, the division-by-zero is caused by ml->ml_size being zero.

I also see this error message at the bottom:
error reading kmem for bufaddr at 0xc58be000 (Bad address)

>How-To-Repeat:

# systat bufcache

>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: