QEMU

  1. Bug #1887309
  2. Comment #1

Comment 1 for bug 1887309

Revision history for this message
Alexander Bulekov (a1xndr) wrote : Re: [Bug 1887309] [NEW] Floating-point exception in ide_set_sector

On 200712 2025, Alexander Bulekov wrote:
> Public bug reported:
>
> Hello,
> Here is a reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\
> -qtest null -nographic -vga qxl -qtest stdio -nodefaults\
> -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\
> -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw\
> -device ide-cd,drive=drive0 -device ide-hd,drive=drive1
> outw 0x176 0x3538
> outl 0xcf8 0x80000903
> outl 0xcfc 0x184275c
> outb 0x376 0x2f
> outb 0x376 0x0
> outw 0x176 0xa1a4
> outl 0xcf8 0x80000920
> outb 0xcfc 0xff
> outb 0xf8 0x9
> EOF
>
> The stack-trace:
> ==16513==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 0x556783603fdc (pc 0x556783603fdc bp 0x7fff82143b10 sp 0x7fff82143ab0 T16513)
> #0 0x556783603fdc in ide_set_sector /home/alxndr/Development/qemu/hw/ide/core.c:626:26
> #1 0x556783603fdc in ide_dma_cb /home/alxndr/Development/qemu/hw/ide/core.c:883:9
> #2 0x55678349d74d in dma_complete /home/alxndr/Development/qemu/dma-helpers.c:120:9
> #3 0x55678349d74d in dma_blk_cb /home/alxndr/Development/qemu/dma-helpers.c:138:9
> #4 0x556783962f25 in blk_aio_complete /home/alxndr/Development/qemu/block/block-backend.c:1402:9
> #5 0x556783962f25 in blk_aio_complete_bh /home/alxndr/Development/qemu/block/block-backend.c:1412:5
> #6 0x556783ac030f in aio_bh_call /home/alxndr/Development/qemu/util/async.c:136:5
> #7 0x556783ac030f in aio_bh_poll /home/alxndr/Development/qemu/util/async.c:164:13
> #8 0x556783a9a863 in aio_dispatch /home/alxndr/Development/qemu/util/aio-posix.c:380:5
> #9 0x556783ac1b4c in aio_ctx_dispatch /home/alxndr/Development/qemu/util/async.c:306:5
> #10 0x7f4f1c0fe9ed in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e9ed)
> #11 0x556783acdccb in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
> #12 0x556783acdccb in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
> #13 0x556783acdccb in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
> #14 0x5567833613e5 in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
> #15 0x556783a07a4d in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
> #16 0x7f4f1ac84e0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
> #17 0x5567830a9089 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0x7d2089)
>
> With -trace ide*
>
> 12163@1594585516.671265:ide_reset IDEstate 0x56162a269058
> [R +0.024963] outw 0x176 0x3538
> 12163@1594585516.673676:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); val 0x38; bus 0x56162a268c00 IDEState 0x56162a268c88
> 12163@1594585516.673683:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 0x35; bus 0x56162a268c00 IDEState 0x56162a269058
> 12163@1594585516.673686:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; state 0x56162a269058; cmd 0x35
> OK
> [S +0.025002] OK
> [R +0.025012] outl 0xcf8 0x80000903
> OK
> [S +0.025018] OK
> [R +0.025026] outl 0xcfc 0x184275c
> OK
> [S +0.025210] OK
> [R +0.025219] outb 0x376 0x2f
> 12163@1594585516.673916:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); val 0x2f; bus 0x56162a268c00
> OK
> [S +0.025229] OK
> [R +0.025234] outb 0x376 0x0
> 12163@1594585516.673928:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); val 0x00; bus 0x56162a268c00
> OK
> [S +0.025240] OK
> [R +0.025246] outw 0x176 0xa1a4
> 12163@1594585516.673940:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); val 0xa4; bus 0x56162a268c00 IDEState 0x56162a269058
> 12163@1594585516.673943:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 0xa1; bus 0x56162a268c00 IDEState 0x56162a268c88
> 12163@1594585516.673946:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; state 0x56162a268c88; cmd 0xa1
> OK
> [S +0.025265] OK
> [R +0.025270] outl 0xcf8 0x80000920
> OK
> [S +0.025274] OK
> [R +0.025279] outb 0xcfc 0xff
> OK
> [S +0.025443] OK
> [R +0.025451] outb 0xf8 0x9
> 12163@1594585516.674221:ide_dma_cb IDEState 0x56162a268c88; sector_num=0 n=1 cmd=DMA READ
> OK
> [S +0.025724] OK
> UndefinedBehaviorSanitizer:DEADLYSIGNAL
> ==12163==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 0x5616279cffdc (pc 0x5616279cffdc bp 0x7ffcdaabae90 sp 0x7ffcdaabae30 T12163)
>
> -Alex
>
> ** Affects: qemu
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/1887309
>
> Title:
> Floating-point exception in ide_set_sector
>
> Status in QEMU:
> New
>
> Bug description:
> Hello,
> Here is a reproducer:
> cat << EOF | ./i386-softmmu/qemu-system-i386 -M pc,accel=qtest\
> -qtest null -nographic -vga qxl -qtest stdio -nodefaults\
> -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw\
> -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw\
> -device ide-cd,drive=drive0 -device ide-hd,drive=drive1
> outw 0x176 0x3538
> outl 0xcf8 0x80000903
> outl 0xcfc 0x184275c
> outb 0x376 0x2f
> outb 0x376 0x0
> outw 0x176 0xa1a4
> outl 0xcf8 0x80000920
> outb 0xcfc 0xff
> outb 0xf8 0x9
> EOF
>
> The stack-trace:
> ==16513==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 0x556783603fdc (pc 0x556783603fdc bp 0x7fff82143b10 sp 0x7fff82143ab0 T16513)
> #0 0x556783603fdc in ide_set_sector /home/alxndr/Development/qemu/hw/ide/core.c:626:26
> #1 0x556783603fdc in ide_dma_cb /home/alxndr/Development/qemu/hw/ide/core.c:883:9
> #2 0x55678349d74d in dma_complete /home/alxndr/Development/qemu/dma-helpers.c:120:9
> #3 0x55678349d74d in dma_blk_cb /home/alxndr/Development/qemu/dma-helpers.c:138:9
> #4 0x556783962f25 in blk_aio_complete /home/alxndr/Development/qemu/block/block-backend.c:1402:9
> #5 0x556783962f25 in blk_aio_complete_bh /home/alxndr/Development/qemu/block/block-backend.c:1412:5
> #6 0x556783ac030f in aio_bh_call /home/alxndr/Development/qemu/util/async.c:136:5
> #7 0x556783ac030f in aio_bh_poll /home/alxndr/Development/qemu/util/async.c:164:13
> #8 0x556783a9a863 in aio_dispatch /home/alxndr/Development/qemu/util/aio-posix.c:380:5
> #9 0x556783ac1b4c in aio_ctx_dispatch /home/alxndr/Development/qemu/util/async.c:306:5
> #10 0x7f4f1c0fe9ed in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e9ed)
> #11 0x556783acdccb in glib_pollfds_poll /home/alxndr/Development/qemu/util/main-loop.c:219:9
> #12 0x556783acdccb in os_host_main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:242:5
> #13 0x556783acdccb in main_loop_wait /home/alxndr/Development/qemu/util/main-loop.c:518:11
> #14 0x5567833613e5 in qemu_main_loop /home/alxndr/Development/qemu/softmmu/vl.c:1664:9
> #15 0x556783a07a4d in main /home/alxndr/Development/qemu/softmmu/main.c:49:5
> #16 0x7f4f1ac84e0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
> #17 0x5567830a9089 in _start (/home/alxndr/Development/qemu/build/i386-softmmu/qemu-system-i386+0x7d2089)
>

This adds a check to avoid the FPE, but I don't know how to properly
report the error, and whether this is the correct place to add this
check.

diff --git a/hw/ide/core.c b/hw/ide/core.c
index d997a78e47..c191d74ca6 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -622,7 +622,7 @@ void ide_set_sector(IDEState *s, int64_t sector_num)
             s->hob_lcyl = sector_num >> 32;
             s->hob_hcyl = sector_num >> 40;
         }
- } else {
+ } else if (s->heads && s->sectors){
         cyl = sector_num / (s->heads * s->sectors);
         r = sector_num % (s->heads * s->sectors);
         s->hcyl = cyl >> 8;

> With -trace ide*
>
> 12163@1594585516.671265:ide_reset IDEstate 0x56162a269058
> [R +0.024963] outw 0x176 0x3538
> 12163@1594585516.673676:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); val 0x38; bus 0x56162a268c00 IDEState 0x56162a268c88
> 12163@1594585516.673683:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 0x35; bus 0x56162a268c00 IDEState 0x56162a269058
> 12163@1594585516.673686:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; state 0x56162a269058; cmd 0x35
> OK
> [S +0.025002] OK
> [R +0.025012] outl 0xcf8 0x80000903
> OK
> [S +0.025018] OK
> [R +0.025026] outl 0xcfc 0x184275c
> OK
> [S +0.025210] OK
> [R +0.025219] outb 0x376 0x2f
> 12163@1594585516.673916:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); val 0x2f; bus 0x56162a268c00
> OK
> [S +0.025229] OK
> [R +0.025234] outb 0x376 0x0
> 12163@1594585516.673928:ide_cmd_write IDE PIO wr @ 0x376 (Device Control); val 0x00; bus 0x56162a268c00
> OK
> [S +0.025240] OK
> [R +0.025246] outw 0x176 0xa1a4
> 12163@1594585516.673940:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); val 0xa4; bus 0x56162a268c00 IDEState 0x56162a269058
> 12163@1594585516.673943:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 0xa1; bus 0x56162a268c00 IDEState 0x56162a268c88
> 12163@1594585516.673946:ide_exec_cmd IDE exec cmd: bus 0x56162a268c00; state 0x56162a268c88; cmd 0xa1
> OK
> [S +0.025265] OK
> [R +0.025270] outl 0xcf8 0x80000920
> OK
> [S +0.025274] OK
> [R +0.025279] outb 0xcfc 0xff
> OK
> [S +0.025443] OK
> [R +0.025451] outb 0xf8 0x9
> 12163@1594585516.674221:ide_dma_cb IDEState 0x56162a268c88; sector_num=0 n=1 cmd=DMA READ
> OK
> [S +0.025724] OK
> UndefinedBehaviorSanitizer:DEADLYSIGNAL
> ==12163==ERROR: UndefinedBehaviorSanitizer: FPE on unknown address 0x5616279cffdc (pc 0x5616279cffdc bp 0x7ffcdaabae90 sp 0x7ffcdaabae30 T12163)
>
> -Alex
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/1887309/+subscriptions
>