Since I don't understand how com1_dev.pause_ct can be zero, I'll hack
around the problem to keep the runs stable:
diff --git a/usr.sbin/vmd/ns8250.c b/usr.sbin/vmd/ns8250.c
index 74e86a92954..69957e38cce 100644
--- a/usr.sbin/vmd/ns8250.c
+++ b/usr.sbin/vmd/ns8250.c
@@ -237,7 +237,7 @@ vcpu_process_com_data(struct vm_exit *vei, uint32_t
vm_id, uint32_t vcpu_id)
if (com1_dev.regs.ier & IER_ETXRDY) {
/* Limit output rate if needed */
- if (com1_dev.byte_out % com1_dev.pause_ct == 0) {
+ if (com1_dev.pause_ct > 0 && com1_dev.byte_out % com1_dev.pause_ct == 0) {
evtimer_add(&com1_dev.rate, &com1_dev.rate_tv);
} else {
/* Set TXRDY and clear "no pending interrupt" */
On Wed, Oct 3, 2018 at 11:40 AM Greg Steuck <g...@nest.cx> wrote:
> $ egdb /syzkaller/src/usr.sbin/vmd/obj/vmd /var/crash/vmd/38082.core
> Core was generated by `vmd'.
> Program terminated with signal SIGFPE, Arithmetic exception.
> #0 0x00000c07a64174a0 in vcpu_process_com_data (vei=<optimized out>,
> vm_id=<optimized out>, vcpu_id=<optimized out>)
> at /syzkaller/src/usr.sbin/vmd/ns8250.c:240
> 240 if (com1_dev.byte_out % com1_dev.pause_ct
> == 0) {
> [Current thread is 1 (process 259192)]
> (gdb) p com1_dev.pause_ct
> $1 = 0
> $1 = {mutex = 0xc0a4b1242c0, regs = {lcr = 5 '\005', fcr = 6 '\006', iir =
> 3 '\003', ier = 15 '\017', divlo = 64 '@', divhi = 56 '8',
> msr = 0 '\000', lsr = 0 '\000', mcr = 11 '\v', scr = 0 '\000', data =
> 0 '\000'}, event = {ev_next = {tqe_next = 0xc0a4b120808,
> tqe_prev = 0xc09e1428848}, ev_active_next = {tqe_next = 0x0,
> tqe_prev = 0x0}, ev_signal_next = {tqe_next = 0x0, tqe_prev = 0x0},
> min_heap_idx = 4294967295, ev_base = 0xc0a52c3bc00, ev_fd = 9,
> ev_events = 18, ev_ncalls = 0, ev_pncalls = 0x0, ev_timeout = {tv_sec = 0,
> tv_usec = 0}, ev_pri = 0, ev_callback = 0xc07a6417340
> <com_rcv_event>, ev_arg = 0x6, ev_res = 0, ev_flags = 4226}, rate =
> {ev_next = {
> tqe_next = 0x0, tqe_prev = 0x0}, ev_active_next = {tqe_next =
> 0xc07a66b65c8 <rtc+256>, tqe_prev = 0xc0a4b121f40}, ev_signal_next = {
> tqe_next = 0x0, tqe_prev = 0x0}, min_heap_idx = 4294967295, ev_base
> = 0xc0a52c3bc00, ev_fd = -1, ev_events = 0, ev_ncalls = 0,
> ev_pncalls = 0xc0a4b8f3f68, ev_timeout = {tv_sec = 2745, tv_usec =
> 969355}, ev_pri = 0, ev_callback = 0xc07a64173c0 <ratelimit>, ev_arg = 0x0,
> ev_res = 1, ev_flags = 128}, rate_tv = {tv_sec = 0, tv_usec = 10000},
> fd = 9, irq = 4, rcv_pending = 0, vmid = 6, byte_out = 56924,
> baudrate = 8, pause_ct = 0}
>
> (gdb) bt
> #0 0x00000c07a64174a0 in vcpu_process_com_data (vei=<optimized out>,
> vm_id=<optimized out>, vcpu_id=<optimized out>)
> at /syzkaller/src/usr.sbin/vmd/ns8250.c:240
> #1 0x00000c07a6417985 in vcpu_exit_com (vrp=<optimized out>) at
> /syzkaller/src/usr.sbin/vmd/ns8250.c:590
> #2 0x00000c07a640f0ec in vcpu_exit_inout (vrp=<optimized out>) at
> /syzkaller/src/usr.sbin/vmd/vm.c:1444
> #3 vcpu_exit (vrp=0xc0a4b047e60) at /syzkaller/src/usr.sbin/vmd/vm.c:1496
> #4 0x00000c07a640ed36 in vcpu_run_loop (arg=0xc0a4b047e60) at
> /syzkaller/src/usr.sbin/vmd/vm.c:1355
> #5 0x00000c0a6307adce in _rthread_start (v=0xde5c) at
> /usr/src/lib/librthread/rthread.c:96
> #6 0x00000c09f2abdf4b in __tfork_thread () at
> /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
> #7 0x0000000000000000 in ?? ()
>
> --
> nest.cx is Gmail hosted, use PGP for anything private. Key:
> http://goo.gl/6dMsr
> Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
>
>
--
nest.cx is Gmail hosted, use PGP for anything private. Key:
http://goo.gl/6dMsr
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
