Subject: port-i386/33260: [dM] kernel divide-by-zero for some broken disks
To: None <port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: netbsd-bugs
Date: 04/15/2006 04:20:00
>Number: 33260
>Category: port-i386
>Synopsis: [dM] kernel divide-by-zero for some broken disks
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: port-i386-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Apr 15 04:20:00 +0000 2006
>Originator: der Mouse
>Release: NetBSD 3.0
>Organization:
Dis-
>Environment:
NetBSD-3.0/i386, probably any using MBR partitioning
>Description:
When an IDE drive reports zero sectors/track, zero heads, and
zero cylinders, the kernel gets a divide-by-zero panic.
>How-To-Repeat:
Find an IDE drive that's badly enough broken that it
acknowledges its existence but claims to have zero
sectors/track, zero heads, and zero cylinders. (I have two
such on hand and have seen a third in the past.) Try to boot
with that drive connected. Watch the kernel panic with a
divide-by-zero trap. For example (ten-finger copy):
...
wd1 at atabus1 drive 1: <Maxtor N40P>
wd1: drive supports 1-sector PIO transfers, chs addressing
wd1: 0, 0 cyl, 0 head, 0 sec, 512 bytes/sec x 0 sectors
wd1: 32-bit data port
wd1(viaide0:1:1): using PIO mode 0
kernel: integer divide fault trap, code=0
The backtrace from this example goes read_sector, scan_mbr,
readdisklabel, wdgetdisklabel, wdopen, spec_open,
rf_find_raid_components, rf_autoconfig, ...
While I didn't look up the exact pc in read_sector, it is small
and does only one division, that being
bp->b_cylinder = sector / a->lp->d_secpercyl;
and it's totally plausible that d_secpercyl is zero in view of
the numbers printed.
>Fix:
Not sure. Maybe error out of read_sector when d_secpercyl is
zero? It won't make such a disk _work_, but probably nothing
will, and it should stop the panics.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B