Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Floating point exception (core dumped) #24

Closed
JiaDuo opened this issue Dec 9, 2021 · 4 comments
Closed

Floating point exception (core dumped) #24

JiaDuo opened this issue Dec 9, 2021 · 4 comments

Comments

@JiaDuo
Copy link

JiaDuo commented Dec 9, 2021

I test the "uart_echo" example. But failed. It show "Floating point exception (core dumped)"

CMD LOG:

$cd peripherals/uart/uart_echo
$idf.py build
$cd build
$esptool.py --chip esp32 merge_bin --fill-flash-size 4MB -o flash_image.bin 0x8000 partition_table/partition-table.bin 0x1000 bootloader/bootloader.bin 0x10000 uart_echo.bin
$~/other/espressif_qemu/qemu/bin/qemu-system-xtensa -nographic -M esp32 -drive file=flash_image.bin,if=mtd,format=raw

QEMU OUTPUT:

Adding SPI flash device
ets Jul 29 2019 12:21:46

rst:0x1 (POWERON_RESET),boot:0x12 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0030,len:7064
load:0x40078000,len:14308
load:0x40080400,len:3716
entry 0x40080680
I (888) boot: ESP-IDF v4.3.1 2nd stage bootloader
I (894) boot: compile time 15:19:40
I (904) boot: chip revision: 0
I (912) boot.esp32: SPI Speed : 40MHz
I (912) boot.esp32: SPI Mode : DIO
I (913) boot.esp32: SPI Flash Size : 2MB
I (924) boot: Enabling RNG early entropy source...
I (941) boot: Partition Table:
I (941) boot: ## Label Usage Type ST Offset Length
I (942) boot: 0 nvs WiFi data 01 02 00009000 00006000
I (945) boot: 1 phy_init RF data 01 01 0000f000 00001000
I (946) boot: 2 factory factory app 00 00 00010000 00100000
I (950) boot: End of partition table
I (960) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=08764h ( 34660) map
I (1016) esp_image: segment 1: paddr=0001878c vaddr=3ffb0000 size=0290ch ( 10508) load
I (1046) esp_image: segment 2: paddr=0001b0a0 vaddr=40080000 size=04f78h ( 20344) load
I (1065) esp_image: segment 3: paddr=00020020 vaddr=400d0020 size=165c4h ( 91588) map
I (1226) esp_image: segment 4: paddr=000365ec vaddr=40084f78 size=06a88h ( 27272) load
I (1271) esp_image: segment 5: paddr=0003d07c vaddr=50000000 size=00010h ( 16) load
I (1297) boot: Loaded app from partition at offset 0x10000
I (1299) boot: Disabling RNG early entropy source...
I (1313) cpu_start: Pro cpu up.
I (1314) cpu_start: Starting app cpu, entry point is 0x400810e0
I (5429) cpu_start: App cpu up.
I (2247) cpu_start: Pro cpu start user code
I (2248) cpu_start: cpu freq: 160000000
I (2248) cpu_start: Application information:
I (2249) cpu_start: Project name: uart_echo
I (2249) cpu_start: App version: v4.3.1
I (2250) cpu_start: Compile time: Dec 9 2021 15:19:35
I (2251) cpu_start: ELF file SHA256: 29985d43c52312e9...
I (2252) cpu_start: ESP-IDF: v4.3.1
I (2259) heap_init: Initializing. RAM available for dynamic allocation:
I (2263) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (2265) heap_init: At 3FFB31D0 len 0002CE30 (179 KiB): DRAM
I (2266) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
I (2267) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (2269) heap_init: At 4008BA00 len 00014600 (81 KiB): IRAM
I (2350) spi_flash: detected chip: gd
I (2375) spi_flash: flash io: dio
W (2395) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the size in the binary image header.
I (2427) cpu_start: Starting scheduler on PRO CPU.
I (10) cpu_start: Starting scheduler on APP CPU.
Floating point exception (core dumped)

@JiaDuo
Copy link
Author

JiaDuo commented Dec 9, 2021

I found this is cause by '/hw/char/esp32_uart.c' . in fuction 'uart_set_rx_timeout'

int64_t rx_timeout_ns = now + threshold_reg * 8 * NANOSECONDS_PER_SECOND / s->baud_rate;

s->baud_rate is 'zer0' when run .

I do the fix

        s->baud_rate = s->baud_rate ? s->baud_rate : 115200;

        int64_t rx_timeout_ns = now + threshold_reg * 8 * NANOSECONDS_PER_SECOND / s->baud_rate;

@igrr
Copy link
Member

igrr commented Dec 9, 2021

Thanks for finding the issue and its cause @JiaDuo. I'll add this fix to the next release.

@igrr
Copy link
Member

igrr commented Dec 16, 2021

The root cause was that only UART0 was properly reset and initialized here:

qemu/hw/xtensa/esp32.c

Lines 169 to 171 in fd85235

for (int i = 0; i < ESP32_UART_COUNT; ++i) {
device_cold_reset(DEVICE(&s->uart));
}

this should have been &s->uart[i] not &s->uart.

@igrr
Copy link
Member

igrr commented Feb 3, 2022

@igrr igrr closed this as completed Feb 3, 2022
igrr pushed a commit that referenced this issue Aug 2, 2022
Include the qtest reproducer provided by Alexander Bulekov
in https://gitlab.com/qemu-project/qemu/-/issues/542.
Without the previous commit, we get:

  $ make check-qtest-i386
  ...
  Running test tests/qtest/intel-hda-test
  AddressSanitizer:DEADLYSIGNAL
  =================================================================
  ==1580408==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc3d566fe0
      #0 0x63d297cf in address_space_translate_internal softmmu/physmem.c:356
      #1 0x63d27260 in flatview_do_translate softmmu/physmem.c:499:15
      #2 0x63d27af5 in flatview_translate softmmu/physmem.c:565:15
      #3 0x63d4ce84 in flatview_write softmmu/physmem.c:2850:10
      #4 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
      #5 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
      #6 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
      #7 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
      #8 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
      #9 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
      #10 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
      #11 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
      #12 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
      #13 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
      #14 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
      #15 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
      #16 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
      #17 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
      #18 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
      #19 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
      #20 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
      #21 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
      #22 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
      #23 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
      #24 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
      #25 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
      #26 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
      #27 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
      #28 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
      #29 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
      #30 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
      #31 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
      #32 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
      #33 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
      #34 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
      #35 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
      #36 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
      #37 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
      #38 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
      #39 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
      #40 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
      #41 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
      #42 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
      #43 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
      #44 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
      #45 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
      #46 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
      qemu#47 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
      #48 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
      ...
  SUMMARY: AddressSanitizer: stack-overflow softmmu/physmem.c:356 in address_space_translate_internal
  ==1580408==ABORTING
  Broken pipe
  Aborted (core dumped)

Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Acked-by: Thomas Huth <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Thomas Huth <[email protected]>
mattiantonini pushed a commit to mattiantonini/ESP32-QEMU that referenced this issue Feb 23, 2023
Fixes this tsan crash, easy to reproduce with any large enough program:

$ tests/unit/test-qht
1..2
ThreadSanitizer: CHECK failed: sanitizer_deadlock_detector.h:67 "((n_all_locks_)) < (((sizeof(all_locks_with_contexts_)/sizeof((all_locks_with_contexts_)[0]))))" (0x40, 0x40) (tid=1821568)
    #0 __tsan::CheckUnwind() ../../../../src/libsanitizer/tsan/tsan_rtl.cpp:353 (libtsan.so.2+0x90034)
    #1 __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:86 (libtsan.so.2+0xca555)
    espressif#2 __sanitizer::DeadlockDetectorTLS<__sanitizer::TwoLevelBitVector<1ul, __sanitizer::BasicBitVector<unsigned long> > >::addLock(unsigned long, unsigned long, unsigned int) ../../../../src/libsanitizer/sanitizer_common/sanitizer_deadlock_detector.h:67 (libtsan.so.2+0xb3616)
    espressif#3 __sanitizer::DeadlockDetectorTLS<__sanitizer::TwoLevelBitVector<1ul, __sanitizer::BasicBitVector<unsigned long> > >::addLock(unsigned long, unsigned long, unsigned int) ../../../../src/libsanitizer/sanitizer_common/sanitizer_deadlock_detector.h:59 (libtsan.so.2+0xb3616)
    espressif#4 __sanitizer::DeadlockDetector<__sanitizer::TwoLevelBitVector<1ul, __sanitizer::BasicBitVector<unsigned long> > >::onLockAfter(__sanitizer::DeadlockDetectorTLS<__sanitizer::TwoLevelBitVector<1ul, __sanitizer::BasicBitVector<unsigned long> > >*, unsigned long, unsigned int) ../../../../src/libsanitizer/sanitizer_common/sanitizer_deadlock_detector.h:216 (libtsan.so.2+0xb3616)
    espressif#5 __sanitizer::DD::MutexAfterLock(__sanitizer::DDCallback*, __sanitizer::DDMutex*, bool, bool) ../../../../src/libsanitizer/sanitizer_common/sanitizer_deadlock_detector1.cpp:169 (libtsan.so.2+0xb3616)
    espressif#6 __tsan::MutexPostLock(__tsan::ThreadState*, unsigned long, unsigned long, unsigned int, int) ../../../../src/libsanitizer/tsan/tsan_rtl_mutex.cpp:200 (libtsan.so.2+0xa3382)
    espressif#7 __tsan_mutex_post_lock ../../../../src/libsanitizer/tsan/tsan_interface_ann.cpp:384 (libtsan.so.2+0x76bc3)
    espressif#8 qemu_spin_lock /home/cota/src/qemu/include/qemu/thread.h:259 (test-qht+0x44a97)
    espressif#9 qht_map_lock_buckets ../util/qht.c:253 (test-qht+0x44a97)
    espressif#10 do_qht_iter ../util/qht.c:809 (test-qht+0x45f33)
    espressif#11 qht_iter ../util/qht.c:821 (test-qht+0x45f33)
    espressif#12 iter_check ../tests/unit/test-qht.c:121 (test-qht+0xe473)
    espressif#13 qht_do_test ../tests/unit/test-qht.c:202 (test-qht+0xe473)
    espressif#14 qht_test ../tests/unit/test-qht.c:240 (test-qht+0xe7c1)
    espressif#15 test_default ../tests/unit/test-qht.c:246 (test-qht+0xe828)
    espressif#16 <null> <null> (libglib-2.0.so.0+0x7daed)
    espressif#17 <null> <null> (libglib-2.0.so.0+0x7d80a)
    espressif#18 <null> <null> (libglib-2.0.so.0+0x7d80a)
    espressif#19 g_test_run_suite <null> (libglib-2.0.so.0+0x7dfe9)
    espressif#20 g_test_run <null> (libglib-2.0.so.0+0x7e055)
    espressif#21 main ../tests/unit/test-qht.c:259 (test-qht+0xd2c6)
    espressif#22 __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 (libc.so.6+0x29d8f)
    espressif#23 __libc_start_main_impl ../csu/libc-start.c:392 (libc.so.6+0x29e3f)
    espressif#24 _start <null> (test-qht+0xdb44)

Signed-off-by: Emilio Cota <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Alex Bennée <[email protected]>
Message-Id: <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants