cgdstrategy: divide fault in supervisor mode

To: tech-kern%NetBSD.org@localhost
Subject: cgdstrategy: divide fault in supervisor mode
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Tue, 13 Sep 2016 09:41:47 +0100

Someone warned me that adding cgd to dump devices can have bad
consequences. I think I caught one possible bad case yesterday.
I was lucky enough to still have my data.

My setup is quite complicated. I have a small root on wd0a which
does only one thing: to mount a real root on cgd0a and chroot to
it. The rest of the system is on cgd1.

I was in a single-user mode, inside /altroot (iirc), all fs mounted
but I wanted to remount them in read-only mode. Some of them couldn't
be unmounted and I forced umounts with the -f flag. Then I mounted them
with read-only flag. I don't remember exact commands but I have nested
mount points, e.g. /var/log inside /var and I was definitely trying to
remount both inner and outer fs.

All mount/umount worked but when I ran reboot, the system trapped here:

fatal integer divide fault in supervisor mode
trap type 8 code 0 rip ffffffff808db36f cs 8 rflags 10246 cr2 efd...
curlwp 0xfffffe81163b4a40 pid 276.1 lowest kstack 0xfffffe8117343...
kernel: integer divide fault trap, code=0
Stopped in pid 276.1 (reboot) at        netbsd:cgdstrategy+0x26:
4
0(%rdi),%eax

This it what I run:

NetBSD neva 7.99.36 NetBSD 7.99.36 (GENERIC) #0: Fri Sep  2 22:04:02 BST 2016  alnsn@nebeda:/home/alnsn/netbsd-current/clean/src/sys/arch/amd64/compile/obj/GENERIC amd64

Sources checked out on Sep 2.

Looking at the assembly, it appears that the fault happened at the
second line of this branch:

        if (bp->b_blkno < 0 ||
            (bp->b_bcount % dg->dg_secsize) != 0 ||

(offset of b_blkno is 0x48, b_bcount's offset is 0x34).

ffffffff808db349 <cgdstrategy>:
ffffffff808db349:       55                      push   %rbp
ffffffff808db34a:       48 89 e5                mov    %rsp,%rbp
ffffffff808db34d:       53                      push   %rbx
ffffffff808db34e:       48 83 ec 08             sub    $0x8,%rsp
ffffffff808db352:       48 89 fb                mov    %rdi,%rbx
ffffffff808db355:       48 8b 7f 38             mov    0x38(%rdi),%rdi
ffffffff808db359:       e8 4d fe ff ff          callq  ffffffff808db1ab <getcgd_
softc>
ffffffff808db35e:       48 83 7b 48 00          cmpq   $0x0,0x48(%rbx)
ffffffff808db363:       78 3d                   js     ffffffff808db3a2 <cgdstra
tegy+0x59>
ffffffff808db365:       48 89 c7                mov    %rax,%rdi
ffffffff808db368:       8b 4b 34                mov    0x34(%rbx),%ecx
ffffffff808db36b:       89 c8                   mov    %ecx,%eax
ffffffff808db36d:       31 d2                   xor    %edx,%edx
ffffffff808db36f:       f7 77 40                divl   0x40(%rdi)

Alex

Follow-Ups:
- Re: cgdstrategy: divide fault in supervisor mode
  - From: Michael van Elst

Prev by Date: Re: Move kern_ctf to the dtrace module?
Next by Date: Re: cgdstrategy: divide fault in supervisor mode
Previous by Thread: Move kern_ctf to the dtrace module?
Next by Thread: Re: cgdstrategy: divide fault in supervisor mode
Indexes:

Home | Main Index | Thread Index | Old Index