On 200712 2025, Alexander Bulekov wrote: > Public bug reported: > > Hello, > Here is a reproducer: > cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\ > -qtest null -nographic -vga qxl -qtest stdio -nodefaults\ > -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\ > -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw\ > -device ide-cd,drive=drive0 -device ide-hd,drive=drive1 > outw 0x176 0x3538 > outl 0xcf8 0x80000903 > outl 0xcfc 0x184275c > outb 0x376 0x2f > outb 0x376 0x0 > outw 0x176 0xa1a4 > outl 0xcf8 0x80000920 > outb 0xcfc 0xff > outb 0xf8 0x9 > EOF > > The stack-trace: > ==16513==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address > 0x556783603fdc (pc 0x556783603fdc bp 0x7fff82143b10 sp 0x7fff82143ab0 T16513) > #0 0x556783603fdc in ide_set_sector > /home/alxndr/Development/qemu/hw/ide/core.c:626:26 > #1 0x556783603fdc in ide_dma_cb > /home/alxndr/Development/qemu/hw/ide/core.c:883:9 > #2 0x55678349d74d in dma_complete > /home/alxndr/Development/qemu/dma-helpers.c:120:9 > #3 0x55678349d74d in dma_blk_cb > /home/alxndr/Development/qemu/dma-helpers.c:138:9 > #4 0x556783962f25 in blk_aio_complete > /home/alxndr/Development/qemu/block/block-backend.c:1402:9 > #5 0x556783962f25 in blk_aio_complete_bh > /home/alxndr/Development/qemu/block/block-backend.c:1412:5 > #6 0x556783ac030f in aio_bh_call > /home/alxndr/Development/qemu/util/async.c:136:5 > #7 0x556783ac030f in aio_bh_poll > /home/alxndr/Development/qemu/util/async.c:164:13 > #8 0x556783a9a863 in aio_dispatch > /home/alxndr/Development/qemu/util/aio-posix.c:380:5 > #9 0x556783ac1b4c in aio_ctx_dispatch > /home/alxndr/Development/qemu/util/async.c:306:5 > #10 0x7f4f1c0fe9ed in g_main_context_dispatch > (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e9ed) > #11 0x556783acdccb in glib_pollfds_poll > /home/alxndr/Development/qemu/util/main-loop.c:219:9 > #12 0x556783acdccb in os_host_main_loop_wait > /home/alxndr/Development/qemu/util/main-loop.c:242:5 > #13 0x556783acdccb in main_loop_wait > /home/alxndr/Development/qemu/util/main-loop.c:518:11 > #14 0x5567833613e5 in qemu_main_loop > /home/alxndr/Development/qemu/softmmu/vl.c:1664:9 > #15 0x556783a07a4d in main > /home/alxndr/Development/qemu/softmmu/main.c:49:5 > #16 0x7f4f1ac84e0a in __libc_start_main > /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16 > #17 0x5567830a9089 in _start > (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0x7d2089) > > With -trace ide* > > 12163@1594585516.671265:ide_reset IDEstate 0x56162a269058 > [R +0.024963] outw 0x176 0x3538 > 12163@1594585516.673676:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); > val 0x38; bus 0x56162a268c00 IDEState 0x56162a268c88 > 12163@1594585516.673683:ide_ioport_write IDE PIO wr @ 0x177 (Command); val > 0x35; bus 0x56162a268c00 IDEState 0x56162a269058 > 12163@1594585516.673686:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; state > 0x56162a269058; cmd 0x35 > OK > [S +0.025002] OK > [R +0.025012] outl 0xcf8 0x80000903 > OK > [S +0.025018] OK > [R +0.025026] outl 0xcfc 0x184275c > OK > [S +0.025210] OK > [R +0.025219] outb 0x376 0x2f > 12163@1594585516.673916:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); > val 0x2f; bus 0x56162a268c00 > OK > [S +0.025229] OK > [R +0.025234] outb 0x376 0x0 > 12163@1594585516.673928:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); > val 0x00; bus 0x56162a268c00 > OK > [S +0.025240] OK > [R +0.025246] outw 0x176 0xa1a4 > 12163@1594585516.673940:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); > val 0xa4; bus 0x56162a268c00 IDEState 0x56162a269058 > 12163@1594585516.673943:ide_ioport_write IDE PIO wr @ 0x177 (Command); val > 0xa1; bus 0x56162a268c00 IDEState 0x56162a268c88 > 12163@1594585516.673946:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; state > 0x56162a268c88; cmd 0xa1 > OK > [S +0.025265] OK > [R +0.025270] outl 0xcf8 0x80000920 > OK > [S +0.025274] OK > [R +0.025279] outb 0xcfc 0xff > OK > [S +0.025443] OK > [R +0.025451] outb 0xf8 0x9 > 12163@1594585516.674221:ide_dma_cb IDEState 0x56162a268c88; sector_num=0 n=1 > cmd=DMA READ > OK > [S +0.025724] OK > UndefinedBehaviorSanitizer:DEADLYSIGNAL > ==12163==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address > 0x5616279cffdc (pc 0x5616279cffdc bp 0x7ffcdaabae90 sp 0x7ffcdaabae30 T12163) > > -Alex > > ** Affects: qemu > Importance: Undecided > Status: New > > -- > You received this bug notification because you are a member of qemu- > devel-ml, which is subscribed to QEMU. > https://bugs.launchpad.net/bugs/1887309 > > Title: > Floating-point exception in ide_set_sector > > Status in QEMU: > New > > Bug description: > Hello, > Here is a reproducer: > cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\ > -qtest null -nographic -vga qxl -qtest stdio -nodefaults\ > -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\ > -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw\ > -device ide-cd,drive=drive0 -device ide-hd,drive=drive1 > outw 0x176 0x3538 > outl 0xcf8 0x80000903 > outl 0xcfc 0x184275c > outb 0x376 0x2f > outb 0x376 0x0 > outw 0x176 0xa1a4 > outl 0xcf8 0x80000920 > outb 0xcfc 0xff > outb 0xf8 0x9 > EOF > > The stack-trace: > ==16513==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address > 0x556783603fdc (pc 0x556783603fdc bp 0x7fff82143b10 sp 0x7fff82143ab0 T16513) > #0 0x556783603fdc in ide_set_sector > /home/alxndr/Development/qemu/hw/ide/core.c:626:26 > #1 0x556783603fdc in ide_dma_cb > /home/alxndr/Development/qemu/hw/ide/core.c:883:9 > #2 0x55678349d74d in dma_complete > /home/alxndr/Development/qemu/dma-helpers.c:120:9 > #3 0x55678349d74d in dma_blk_cb > /home/alxndr/Development/qemu/dma-helpers.c:138:9 > #4 0x556783962f25 in blk_aio_complete > /home/alxndr/Development/qemu/block/block-backend.c:1402:9 > #5 0x556783962f25 in blk_aio_complete_bh > /home/alxndr/Development/qemu/block/block-backend.c:1412:5 > #6 0x556783ac030f in aio_bh_call > /home/alxndr/Development/qemu/util/async.c:136:5 > #7 0x556783ac030f in aio_bh_poll > /home/alxndr/Development/qemu/util/async.c:164:13 > #8 0x556783a9a863 in aio_dispatch > /home/alxndr/Development/qemu/util/aio-posix.c:380:5 > #9 0x556783ac1b4c in aio_ctx_dispatch > /home/alxndr/Development/qemu/util/async.c:306:5 > #10 0x7f4f1c0fe9ed in g_main_context_dispatch > (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e9ed) > #11 0x556783acdccb in glib_pollfds_poll > /home/alxndr/Development/qemu/util/main-loop.c:219:9 > #12 0x556783acdccb in os_host_main_loop_wait > /home/alxndr/Development/qemu/util/main-loop.c:242:5 > #13 0x556783acdccb in main_loop_wait > /home/alxndr/Development/qemu/util/main-loop.c:518:11 > #14 0x5567833613e5 in qemu_main_loop > /home/alxndr/Development/qemu/softmmu/vl.c:1664:9 > #15 0x556783a07a4d in main > /home/alxndr/Development/qemu/softmmu/main.c:49:5 > #16 0x7f4f1ac84e0a in __libc_start_main > /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16 > #17 0x5567830a9089 in _start > (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0x7d2089) >
This adds a check to avoid the FPE, but I don't know how to properly report the error, and whether this is the correct place to add this check. diff --git a/hw/ide/core.c b/hw/ide/core.c index d997a78e47..c191d74ca6 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -622,7 +622,7 @@ void ide_set_sector(IDEState *s, int64_t sector_num) s->hob_lcyl = sector_num >> 32; s->hob_hcyl = sector_num >> 40; } - } else { + } else if (s->heads && s->sectors){ cyl = sector_num / (s->heads * s->sectors); r = sector_num % (s->heads * s->sectors); s->hcyl = cyl >> 8; > With -trace ide* > > 12163@1594585516.671265:ide_reset IDEstate 0x56162a269058 > [R +0.024963] outw 0x176 0x3538 > 12163@1594585516.673676:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); > val 0x38; bus 0x56162a268c00 IDEState 0x56162a268c88 > 12163@1594585516.673683:ide_ioport_write IDE PIO wr @ 0x177 (Command); val > 0x35; bus 0x56162a268c00 IDEState 0x56162a269058 > 12163@1594585516.673686:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; > state 0x56162a269058; cmd 0x35 > OK > [S +0.025002] OK > [R +0.025012] outl 0xcf8 0x80000903 > OK > [S +0.025018] OK > [R +0.025026] outl 0xcfc 0x184275c > OK > [S +0.025210] OK > [R +0.025219] outb 0x376 0x2f > 12163@1594585516.673916:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); > val 0x2f; bus 0x56162a268c00 > OK > [S +0.025229] OK > [R +0.025234] outb 0x376 0x0 > 12163@1594585516.673928:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); > val 0x00; bus 0x56162a268c00 > OK > [S +0.025240] OK > [R +0.025246] outw 0x176 0xa1a4 > 12163@1594585516.673940:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); > val 0xa4; bus 0x56162a268c00 IDEState 0x56162a269058 > 12163@1594585516.673943:ide_ioport_write IDE PIO wr @ 0x177 (Command); val > 0xa1; bus 0x56162a268c00 IDEState 0x56162a268c88 > 12163@1594585516.673946:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; > state 0x56162a268c88; cmd 0xa1 > OK > [S +0.025265] OK > [R +0.025270] outl 0xcf8 0x80000920 > OK > [S +0.025274] OK > [R +0.025279] outb 0xcfc 0xff > OK > [S +0.025443] OK > [R +0.025451] outb 0xf8 0x9 > 12163@1594585516.674221:ide_dma_cb IDEState 0x56162a268c88; sector_num=0 > n=1 cmd=DMA READ > OK > [S +0.025724] OK > UndefinedBehaviorSanitizer:DEADLYSIGNAL > ==12163==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address > 0x5616279cffdc (pc 0x5616279cffdc bp 0x7ffcdaabae90 sp 0x7ffcdaabae30 T12163) > > -Alex > > To manage notifications about this bug go to: > https://bugs.launchpad.net/qemu/+bug/1887309/+subscriptions >