From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tokarev Subject: Another SIGFPE in display code, now in cirrus Date: Fri, 07 May 2010 00:07:20 +0400 Message-ID: <4BE32178.2090103@msgid.tls.msk.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit To: KVM list Return-path: Received: from isrv.corpit.ru ([81.13.33.159]:50803 "EHLO isrv.corpit.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757130Ab0EFUHW (ORCPT ); Thu, 6 May 2010 16:07:22 -0400 Sender: kvm-owner@vger.kernel.org List-ID: There was a bug recently fixed in vnc code. Apparently there's something similar in the cirrus emulation as well. Here it triggers _always_ (including old versions of kvm) when running windows NT and hitting "test" button in its display resolution dialog. Here's what gdb is to say: Program received signal SIGFPE, Arithmetic exception. [Switching to Thread 0xf76cab70 (LWP 580)] 0x080c5e45 in cirrus_do_copy (s=0x86134dc, dst=960000, src=0, w=2, h=9) at hw/cirrus_vga.c:687 687 sx = (src % ABS(s->cirrus_blt_srcpitch)) / depth; (gdb) p depth $1 = 2 (gdb) p s->cirrus_blt_srcpitch $2 = 0 (gdb) p *s $3 = {vga = { vram_ptr = 0xd5e42000 "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\37 7"..., vram_offset = 537133056, vram_size = 16777216, lfb_addr = 4026531840, lfb_end = 4043309056, map_addr = 4026531840, map_end = 4043309056, lfb_vram_mapped = 1, bios_offset = 0, bios_size = 0, latch = 3876589584, sr_index = 19 '\023', sr = "\003!\017\000\016\000\022\027\000\000\030####\230\000\000\000?\000\004\017$\000\000\000\024\024\024\024-", '\000' , gr_index = 56 '8', gr = "\000\000\000\000\000@\005\017\377\000\000$", '\000' , "\017\000\000\000\000\000\000\000\001\000\b\000\001\000\000\000\000\246\016\000\000\000\000\000\000\201\016", '\000' , ar_index = 32 ' ', ar = "\000\001\002\003\004\005\024\a89:;<=>?\005\000\017\b", ar_flip_flop = 1, cr_index = 39 '\'', cr = "}cc\200k\032\230\360\000`\016\017\000\000\000\000}#W\310@W\230\303\377\000\000\"", '\000' "\270, ", '\000' , msr = 103 'g', fcr = 0 '\000', st00 = 0 '\000', st01 = 0 '\000', dac_state = 0 '\000', dac_sub_index = 0 '\000', dac_read_index = 16 '\020', dac_write_index = 16 '\020', dac_cache = "**?", dac_8bit = 0, palette = "\000\000\000\000\000*\000*\000\000***\000\000*\000***\000***\000\000\025\000\000?\000*\025\000*?*\000\025*\000?**\025**?\000\025\000\000\025*\000?\000\000?**\025\000*\025**?\000*?*\000\025\025\000\025?\000?\025\000??*\025\025*\025?*?\025*??\025\000\000\025\000*\025*\000\025**?\000\000?\000*?*\000?**\025\000\025\025\000?\025*\025\025*??\000\025?\000??*\025?*?\025\025\000\025\025*\025?\000\025?*?\025\000?\025*??\000??*\025\025\025\025\025?\025?\025\025???\025\025?\025???\025???", '\000' , bank_offset = 0, vga_io_memory = 56, get_bpp = 0x80c70e0 , get_offsets = 0x80c6f9e , get_resolution = 0x80c717e , vbe_index = 0, vbe_regs = {45248, 0, 0, 0, 0, 0, 0, 0, 0, 0}, vbe_start_addr = 0, vbe_line_offset = 0, vbe_bank_mask = 255, vbe_mapped = 0, ds = 0x8489fb0, font_offsets = {2, 2}, graphic_mode = 1, shift_control = 2 '\002', double_scan = 0 '\000', line_offset = 1600, line_compare = 1023, start_addr = 0, plane_updated = 0, last_line_offset = 1600, last_cw = 9 '\t', last_ch = 16 '\020', last_width = 800, last_height = 600, last_scr_width = 800, last_scr_height = 600, last_depth = 16, cursor_start = 14 '\016', cursor_end = 15 '\017', cursor_offset = 0, rgb_to_pixel = 0x809fadb , update = 0x80a19f4 , invalidate = 0x80a1ac1 , screen_dump = 0x80a2fda , text_update = 0x80a1e83 , invalidated_y_table = { 0 }, cursor_invalidate = 0x80c8b9c , cursor_draw_line = 0x80c8e33 , last_palette = {0, 168, 43008, 43176, 11010048, 11010216, 11032320, 11053224, 5723991, 5724159, 5766999, 5767167, 16734039, 16734207, 16777047, 16777215, 0 }, last_ch_attr = {0 , 4294967295, 0 }, retrace = 0x809b64c , update_retrace_info = 0x809b298 , retrace_info = {precise = {ticks_per_char = 0, total_chars = 0, htotal = 0, hstart = 0, hend = 0, vstart = 0, vend = 0, freq = 0}}, is_vbe_vmstate = 1 '\001'}, cirrus_linear_io_addr = 64, cirrus_linear_bitblt_io_addr = 72, cirrus_mmio_io_addr = 80, cirrus_addr_mask = 4194303, linear_mmio_mask = 4194048, cirrus_shadow_gr0 = 0 '\000', cirrus_shadow_gr1 = 0 '\000', cirrus_hidden_dac_lockindex = 0 '\000', cirrus_hidden_dac_data = 225 '\341', cirrus_bank_base = {0, 32768}, cirrus_bank_limit = {4194304, 4161536}, cirrus_hidden_palette = '\000' "\377, \377\377", hw_cursor_x = 0, hw_cursor_y = 0, cirrus_blt_pixelwidth = 1, cirrus_blt_width = 2, cirrus_blt_height = 9, cirrus_blt_dstpitch = 1, cirrus_blt_srcpitch = 0, cirrus_blt_fgcol = 0, cirrus_blt_bgcol = 0, cirrus_blt_dstaddr = 960000, cirrus_blt_srcaddr = 0, cirrus_blt_mode = 0 '\000', cirrus_blt_modeext = 0 '\000', cirrus_rop = 0x80b60f5 , cirrus_bltbuf = '\000' , cirrus_srcptr = 0x8623b94 "", cirrus_srcptr_end = 0x8623b94 "", cirrus_srccounter = 0, last_hw_cursor_size = 0, last_hw_cursor_x = 0, last_hw_cursor_y = 0, last_hw_cursor_y_start = 0, last_hw_cursor_y_end = 0, real_vram_size = 4194304, device_id = 184, bustype = 32} (gdb) bt #0 0x080c5e45 in cirrus_do_copy (s=0x86134dc, dst=960000, src=0, w=2, h=9) at hw/cirrus_vga.c:687 #1 0x080c6226 in cirrus_bitblt_videotovideo_copy (s=0x86134dc) at hw/cirrus_vga.c:748 #2 0x080c6692 in cirrus_bitblt_videotovideo (s=0x86134dc) at hw/cirrus_vga.c:870 #3 0x080c6ccc in cirrus_bitblt_start (s=0x86134dc) at hw/cirrus_vga.c:1011 #4 0x080c7b3c in cirrus_vga_write_gr (s=0x86134dc, reg_index=42, reg_value=14) at hw/cirrus_vga.c:1526 #5 0x080c82d1 in cirrus_mmio_blt_write (s=0x86134dc, address=18, value=14 '\016') at hw/cirrus_vga.c:1848 #6 0x080c8a79 in cirrus_vga_mem_writeb (opaque=0x86134dc, addr=98322, mem_value=14) at hw/cirrus_vga.c:2089 #7 0x080c8b6f in cirrus_vga_mem_writel (opaque=0x86134dc, addr=98320, val=960000) at hw/cirrus_vga.c:2120 #8 0x0816b41e in cpu_physical_memory_rw (addr=753680, buf=0xf7fdc270 "", len=4, is_write=1) at exec.c:3207 #9 0x08073198 in kvm_run (env=0x847cff0) at qemu-kvm.c:937 #10 0x0807454f in kvm_cpu_exec (env=0x847cff0) at qemu-kvm.c:1651 #11 0x08074ceb in kvm_main_loop_cpu (env=0x847cff0) at qemu-kvm.c:1893 #12 0x08074e36 in ap_main_loop (_env=0x847cff0) at qemu-kvm.c:1943 #13 0xf7fad3d0 in start_thread () from /lib/libpthread.so.0 #14 0xf7bb010e in clone () from /lib/libc.so.6 This qemu-kvm-0.12.3 - actually a debian package of it, but there's no patches relevant to video applied. Anything can be done with it? Thanks! /mjt