Android ndk debugging - suspect stack corruption

Android ndk debugging - suspect stack corruption - linux

I have limited experience in debugging on linux and android. I have ported an C++ application to run on Android. There are quite a few threads(around 15) and i set their stack size to 16384. It crashes randomly when i run the binary. From the stack trace it is not making much sense. Sometimes it crashes within localtime_t.
I notice that the region around SP is all FFFFFFFF. Is it some stack corruption. Or am i exceeding the heap. Any pointer on how to go about debugging it. I suspect memory leaks will not cause such issues.
I/DEBUG ( 80): r0 42b4c358 r1 00000000 r2 00000000 r3 00000000
I/DEBUG ( 80): r4 42b24008 r5 00000000 r6 42b241d0 r7 41820d90
I/DEBUG ( 80): r8 40020cc9 r9 41819000 sl 42b241d4 fp 401b62ec
I/DEBUG ( 80): ip 42b241d0 sp 41816d40 lr 40046387 pc 40046396 cpsr 60010030
I/DEBUG ( 80): d0 323320657a697320 d1 6b63617473207465
I/DEBUG ( 80): d2 6568635320646165 d3 7963696c6f502064
I/DEBUG ( 80): d4 0000000000000000 d5 0000000000000000
I/DEBUG ( 80): d6 0000000000000000 d7 bd6bc8e300000000
I/DEBUG ( 80): d8 0000000000000000 d9 0000000000000000
I/DEBUG ( 80): d10 0000000000000000 d11 0000000000000000
I/DEBUG ( 80): d12 0000000000000000 d13 0000000000000000
I/DEBUG ( 80): d14 0000000000000000 d15 0000000000000000
I/DEBUG ( 80): d16 41ca6a16232db22d d17 3f50624dd2f1a9fc
I/DEBUG ( 80): d18 41b315d6d5000000 d19 0000000000000000
I/DEBUG ( 80): d20 0000000000000000 d21 0000000000000000
I/DEBUG ( 80): d22 0000000000000000 d23 0000000000000000
I/DEBUG ( 80): d24 0000000000000000 d25 0000000000000000
I/DEBUG ( 80): d26 0000000000000000 d27 0000000000000000
I/DEBUG ( 80): d28 0000000000000000 d29 0000000000000000
I/DEBUG ( 80): d30 0000000000000000 d31 0000000000000000
I/DEBUG ( 80): scr 00000010
I/DEBUG ( 80):
I/DEBUG ( 80): backtrace:
I/DEBUG ( 80): #00 pc 00034396
I/DEBUG ( 80): #01 pc 0000ecdd
I/DEBUG ( 80): #02 pc 0000d228
I/DEBUG ( 80): #03 pc 0000d3c0
I/DEBUG ( 80):
I/DEBUG ( 80): stack:
I/DEBUG ( 80): ........ ........
I/DEBUG ( 80): ........ ........
I/DEBUG ( 80): #01 41820da8 41820dd0
I/DEBUG ( 80): 41820dac 40020cc9
I/DEBUG ( 80): 41820db0 42b241d0
I/DEBUG ( 80): 41820db4 4017722c /system/lib/libc.so (__thread_entry+76)
I/DEBUG ( 80): #02 41820db8 42b241d0
I/DEBUG ( 80): 41820dbc 42c767d0
I/DEBUG ( 80): 41820dc0 41820dd0
I/DEBUG ( 80): 41820dc4 00000000
I/DEBUG ( 80): 41820dc8 00000078
I/DEBUG ( 80): 41820dcc 401773c4 /system/lib/libc.so (pthread_create+244)
I/DEBUG ( 80):
I/DEBUG ( 80): memory near r0:
I/DEBUG ( 80): 42b4c338 00000000 00000000 00000000 00013fff
I/DEBUG ( 80): 42b4c348 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c358 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c368 000d8a6d 42182ed8 00000000 000000fe
I/DEBUG ( 80): 42b4c378 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c388 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c398 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c3a8 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c3b8 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c3c8 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c3d8 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c3e8 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c3f8 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c408 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c418 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b4c428 00000000 00000000 00000000 00000000
I/DEBUG ( 80):
I/DEBUG ( 80): memory near r4:
I/DEBUG ( 80): 42b23fe8 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 42b23ff8 ffffffff ffffffff 00000000 00028ff0
I/DEBUG ( 80): 42b24008 400539f4 400537ac 00000001 00000000
I/DEBUG ( 80): 42b24018 00000000 00000001 400537ac 00000001
I/DEBUG ( 80): 42b24028 00000000 00000000 42957d50 42957b78
I/DEBUG ( 80): 42b24038 42bec4e8 400539a8 00000000 400537ac
I/DEBUG ( 80): 42b24048 00000001 00000000 00000000 400537ac
I/DEBUG ( 80): 42b24058 00000001 00000000 00000000 00000000
I/DEBUG ( 80): 42b24068 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24078 00000000 400539a8 00000000 400537ac
I/DEBUG ( 80): 42b24088 00000001 00000000 00000000 400537ac
I/DEBUG ( 80): 42b24098 00000001 00000000 00000000 00000000
I/DEBUG ( 80): 42b240a8 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b240b8 00000000 400539a8 00000000 400537ac
I/DEBUG ( 80): 42b240c8 00000001 00000000 00000000 400537ac
I/DEBUG ( 80): 42b240d8 00000001 00000000 00000000 00000000
I/DEBUG ( 80):
I/DEBUG ( 80): memory near r6:
I/DEBUG ( 80): 42b241b0 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b241c0 00000000 00000000 00000000 429575f0
I/DEBUG ( 80): 42b241d0 400537bc 42c767d0 0000001e 6d454154
I/DEBUG ( 80): 42b241e0 00000075 00000000 00000000 00000000
I/DEBUG ( 80): 42b241f0 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24200 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24210 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24220 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24230 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24240 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24250 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24260 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24270 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24280 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24290 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b242a0 00000000 00000000 00000000 00000000
I/DEBUG ( 80):
I/DEBUG ( 80): memory near r7:
I/DEBUG ( 80): 41820d70 00000000 00000000 00000003 df52773d
I/DEBUG ( 80): 41820d80 00000000 42b241d0 42c767d0 40020cc9
I/DEBUG ( 80): 41820d90 41820db0 40020cc9 41819000 42b241d4
I/DEBUG ( 80): 41820da0 401b62ec 40020cdf 41820dd0 40020cc9
I/DEBUG ( 80): 41820db0 42b241d0 4017722c 42b241d0 42c767d0
I/DEBUG ( 80): 41820dc0 41820dd0 00000000 00000078 401773c4
I/DEBUG ( 80): 41820dd0 41820dd0 42c767d0 00000000 00000000
I/DEBUG ( 80): 41820de0 00000000 df52773d 00000000 00000000
I/DEBUG ( 80): 41820df0 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41820e00 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41820e10 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41820e20 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41820e30 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41820e40 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41820e50 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41820e60 00000000 00000000 00000000 00000000
I/DEBUG ( 80):
I/DEBUG ( 80): memory near r8:
I/DEBUG ( 80): 40020ca8 68096809 bf041a89 bdf0b007 eadef7f3
I/DEBUG ( 80): 40020cb8 000330be 0002d276 000330d8 00033064
I/DEBUG ( 80): 40020cc8 af02b5d0 b1d44604 1114f8d4 6820b909
I/DEBUG ( 80): 40020cd8 46206881 20004788 010cf884 011cf894
I/DEBUG ( 80): 40020ce8 6860b168 3fcdf1b0 f64fbf1e f6cf61ee
I/DEBUG ( 80): 40020cf8 428861ee 6820d003 46206841 20004788
I/DEBUG ( 80): 40020d08 0000bdd0 af02b5b0 4605b084 461c4824
I/DEBUG ( 80): 40020d18 447868bb 4f00f5b3 68006800 46289003
I/DEBUG ( 80): 40020d28 1114f8c5 bfb84611 4300f44f f7ff4622
I/DEBUG ( 80): 40020d38 2801ff7f 6868d126 aa02a901 ebe0f7f3
I/DEBUG ( 80): 40020d48 4818b9f0 9a014621 f7fc4478 4816fd79
I/DEBUG ( 80): 40020d58 9a024621 f7fc4478 68a8fd73 9002aa02
I/DEBUG ( 80): 40020d68 99016868 ebd2f7f3 f7f3b950 6800eb4c
I/DEBUG ( 80): 40020d78 ebd2f7f3 480d4602 44784621 fd60f7fc
I/DEBUG ( 80): 40020d88 e0022001 f8c52000 49090114 44799a03
I/DEBUG ( 80): 40020d98 68096809 bf041a89 bdb0b004 ea66f7f3
I/DEBUG ( 80):
I/DEBUG ( 80): memory near r9:
I/DEBUG ( 80): 41818fe0 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41818ff0 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41819000 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41819010 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41819020 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41819030 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41819040 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41819050 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41819060 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41819070 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41819080 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 41819090 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 418190a0 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 418190b0 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 418190c0 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 418190d0 00000000 00000000 00000000 00000000
I/DEBUG ( 80):
I/DEBUG ( 80): memory near sl:
I/DEBUG ( 80): 42b241b4 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b241c4 00000000 00000000 429575f0 400537bc
I/DEBUG ( 80): 42b241d4 42c767d0 0000001e 6d454154 00000075
I/DEBUG ( 80): 42b241e4 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b241f4 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24204 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24214 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24224 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24234 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24244 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24254 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24264 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24274 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24284 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24294 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b242a4 00000000 00000000 00000000 00000000
I/DEBUG ( 80):
I/DEBUG ( 80): memory near fp:
I/DEBUG ( 80): 401b62cc 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b62dc 00000000 00000000 ffffffff 00000000
I/DEBUG ( 80): 401b62ec 00000000 00000001 0001ffff 00000000
I/DEBUG ( 80): 401b62fc 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b630c 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b631c 00000000 00000000 4017cb05 4017cb01
I/DEBUG ( 80): 401b632c 4017d4b3 4017d5ed 00000000 00000000
I/DEBUG ( 80): 401b633c 00000000 00000000 4004776d 4019e861
I/DEBUG ( 80): 401b634c 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b635c 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b636c 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b637c 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b638c 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b639c 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b63ac 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 401b63bc 00000000 00000000 00000000 00000000
I/DEBUG ( 80):
I/DEBUG ( 80): memory near ip:
I/DEBUG ( 80): 42b241b0 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b241c0 00000000 00000000 00000000 429575f0
I/DEBUG ( 80): 42b241d0 400537bc 42c767d0 0000001e 6d454154
I/DEBUG ( 80): 42b241e0 00000075 00000000 00000000 00000000
I/DEBUG ( 80): 42b241f0 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24200 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24210 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24220 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24230 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24240 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24250 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24260 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24270 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24280 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b24290 00000000 00000000 00000000 00000000
I/DEBUG ( 80): 42b242a0 00000000 00000000 00000000 00000000
I/DEBUG ( 80):
I/DEBUG ( 80): memory near sp:
I/DEBUG ( 80): 41816d20 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816d30 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816d40 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816d50 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816d60 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816d70 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816d80 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816d90 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816da0 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816db0 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816dc0 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816dd0 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816de0 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816df0 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816e00 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80): 41816e10 ffffffff ffffffff ffffffff ffffffff
I/DEBUG ( 80):
I/DEBUG ( 80): code around pc:
I/DEBUG ( 80): 40046374 447876e4 68006800 0c14f847 f7da4630
I/DEBUG ( 80): 40046384 2801fd3a 82e4f040 3020f504 f5002500
I/DEBUG ( 80): 40046394 90097054 3020f504 7052f500 f504900a
I/DEBUG ( 80): 400463a4 f50030a0 900c704c 30a0f504 794df500
I/DEBUG ( 80): 400463b4 70fff649 0a05eba0 eb00a80e f8d40b05
I/DEBUG ( 80): 400463c4 b3b801c4 69c96801 b3984788 f826f7d9
I/DEBUG ( 80): 400463d4 46594620 f7ff4652 4680fcc1 0f01f1b8
I/DEBUG ( 80): 400463e4 990cdb1c 0000f8d9 38016809 45401a40
I/DEBUG ( 80): 400463f4 f8d4dd11 b17001c4 69c96801 b1504788
I/DEBUG ( 80): 40046404 0108eb0b 0208ebaa f7ff4620 2800fca7
I/DEBUG ( 80): 40046414 4480bfc8 f1b8dce5 da160f01 0f00f1b8
I/DEBUG ( 80): 40046424 828df040 db0e2d01 0134f894 0f06f010
I/DEBUG ( 80): 40046434 e01bd003 f7d92032 4630f82d fcdbf7da
I/DEBUG ( 80): 40046444 d1bc2800 200ae284 4445e7f5 0800f04f
I/DEBUG ( 80): 40046454 46282d02 db10900b 0b38f10d f04f2000
I/DEBUG ( 80): 40046464 f04f0a01 25000c00 e0ac9008 4620a90e
I/DEBUG ( 80):
I/DEBUG ( 80): code around lr:
I/DEBUG ( 80): 40046364 f5adaf03 b0914d20 f8df4604 f5040604
I/DEBUG ( 80): 40046374 447876e4 68006800 0c14f847 f7da4630
I/DEBUG ( 80): 40046384 2801fd3a 82e4f040 3020f504 f5002500
I/DEBUG ( 80): 40046394 90097054 3020f504 7052f500 f504900a
I/DEBUG ( 80): 400463a4 f50030a0 900c704c 30a0f504 794df500
I/DEBUG ( 80): 400463b4 70fff649 0a05eba0 eb00a80e f8d40b05
I/DEBUG ( 80): 400463c4 b3b801c4 69c96801 b3984788 f826f7d9
I/DEBUG ( 80): 400463d4 46594620 f7ff4652 4680fcc1 0f01f1b8
I/DEBUG ( 80): 400463e4 990cdb1c 0000f8d9 38016809 45401a40
I/DEBUG ( 80): 400463f4 f8d4dd11 b17001c4 69c96801 b1504788
I/DEBUG ( 80): 40046404 0108eb0b 0208ebaa f7ff4620 2800fca7
I/DEBUG ( 80): 40046414 4480bfc8 f1b8dce5 da160f01 0f00f1b8
I/DEBUG ( 80): 40046424 828df040 db0e2d01 0134f894 0f06f010
I/DEBUG ( 80): 40046434 e01bd003 f7d92032 4630f82d fcdbf7da
I/DEBUG ( 80): 40046444 d1bc2800 200ae284 4445e7f5 0800f04f
I/DEBUG ( 80): 40046454 46282d02 db10900b 0b38f10d f04f2000
I/DEBUG ( 80):
I/DEBUG ( 80): memory map around fault addr 41816d64:
I/DEBUG ( 80): 41811000-41812000 rw-
I/DEBUG ( 80): (no map for address)
I/DEBUG ( 80): 41819000-4181a000 ---
I/BootReceiver( 376): Copying /data/tombstones/tombstone_04 to DropBox (SYSTEM_TOMBSTONE)
D/dalvikvm( 376): GC_CONCURRENT freed 330K, 9% free 6452K/7088K, paused 2ms+2ms, total 29ms
EDIT: I changed the stack size for all the threads to 64k. The application seems to be running for sometime without any crashes. I am not sure if this was the issue or the actual issue is just masked now.
I have worked with devices with small memory footprint and rtos. Usually the tasks are small and have max upto 16k of stack size. This particaular application is quite big with large function call depths. What is the optimum stack size recommended.
According to this link default seems to be 2Mb
https://unix.stackexchange.com/questions/127602/default-stack-size-for-pthreads

Related

Executing boot ROM functions in Linux drivers

I'm trying to execute some functions from the boot ROM on an NXP IMX6UL in a Linux device driver. I figured a device driver is the only place I can get manage this.
Currently, I map the boot ROM using devm_ioremap_resource() and I can read the ROM table in the device fine and it shows the values as expected. The problem comes when I try and execute a function from there, I get a paging request error and crash.
I get the following crash message:
Unable to handle kernel paging request at virtual address bf968f88
pgd = 8e5fa23c
[bf968f88] *pgd=b839e811, *pte=00008653, *ppte=00008453
Internal error: Oops: 8000000f [#1] PREEMPT ARM
Modules linked in:
CPU: 0 PID: 299 Comm: sh Not tainted 4.19.35-00007-ga99feb79b139-dirty #639
Hardware name: Freescale i.MX6 UltraLite (Device Tree)
PC is at 0xbf968f88
LR is at hab_rvt_entry+0x98/0xb4
pc : [<bf968f88>] lr : [<804ee430>] psr: 600f0033
sp : b9f85ea8 ip : 00000000 fp : 00000000
r10: b9e55e90 r9 : b9f85f78 r8 : b9a96800
r7 : 00000002 r6 : bf960000 r5 : 00008f89 r4 : bf968f89
r3 : fde952f0 r2 : fde952f0 r1 : 00000001 r0 : 00000000
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA Thumb Segment none
Control: 10c53c7d Table: b9ea8059 DAC: 00000051
Process sh (pid: 299, stack limit = 0x00d86b0c)
Stack: (0xb9f85ea8 to 0xb9f86000)
5ea0: 00000002 b9e55e80 00000000 00000000 b9a96800 8027b3ec
5ec0: 00000000 00000000 81004048 8027b304 002478d0 b9f85f78 00000000 002478d0
5ee0: 00000002 802032c0 00002ee7 00000000 81004048 fde952f0 81004048 7e87c490
5f00: 00235a30 80208600 000007ff 00008180 00000001 00001000 00000000 00000000
5f20: 00000000 00000000 00002ee7 00000000 00000000 fde952f0 b98f1164 00000002
5f40: b9cbb840 002478d0 b9f85f78 00000000 002478d0 8020357c 5dca454a 00000000
5f60: 81004048 b9cbb840 00000000 00000000 b9cbb840 80203794 00000000 00000000
5f80: 00000000 fde952f0 00000002 002478d0 76ec0d98 00000004 80101204 b9f84000
5fa0: 00000004 80101000 00000002 002478d0 00000001 002478d0 00000002 00000000
5fc0: 00000002 002478d0 76ec0d98 00000004 002478d0 00000002 00000000 00000000
5fe0: 00000064 7e87c9d0 76de9ce0 76e42a74 600e0010 00000001 00000000 00000000
[<804ee430>] (hab_rvt_entry) from [<8027b3ec>] (kernfs_fop_write+0xe8/0x1c8)
[<8027b3ec>] (kernfs_fop_write) from [<802032c0>] (__vfs_write+0x2c/0x160)
[<802032c0>] (__vfs_write) from [<8020357c>] (vfs_write+0xa4/0x17c)
[<8020357c>] (vfs_write) from [<80203794>] (ksys_write+0x4c/0xac)
[<80203794>] (ksys_write) from [<80101000>] (ret_fast_syscall+0x0/0x54)
Exception stack(0xb9f85fa8 to 0xb9f85ff0)
5fa0: 00000002 002478d0 00000001 002478d0 00000002 00000000
5fc0: 00000002 002478d0 76ec0d98 00000004 002478d0 00000002 00000000 00000000
5fe0: 00000064 7e87c9d0 76de9ce0 76e42a74
Code: ffc4 f7fd f833 e7fe (b5f0) b087
For reference and to make sense of these error messages a bit, BF960000 is what the base of my boot ROM is mapped to, and the address of the command I'm trying to execute is physically is at 8F89, virtually at BF968F89.
Is there any way to execute commands like this that exist in the boot ROM?

Sony Spresense "audio_manager" assertion failed

I am working over a Spresense project but I have a problem with audio reproduction.
The SD card has three files called "1.mp3", "2.mp3" and "3.mp3", but when I call one of them Serial puts an error and the board halts.
Other audio examples worked well also with the files actually used in my project (renamed)
void Play(int id){
// Open file placed on SD card
if(id == 1){
Serial.println("Required file 1");
myFile = theSD.open("1.mp3");
}
if(id == 2){
Serial.println("Required file 2");
myFile = theSD.open("2.mp3");
}
if(id == 3){
Serial.println("Required file 3");
myFile = theSD.open("3.mp3");
}
// Verify file open
if (!myFile)
{
Serial.println("File open error");
}
// Send first frames to be decoded
err_t err = theAudio->writeFrames(AudioClass::Player0, myFile);
if ((err != AUDIOLIB_ECODE_OK) && (err != AUDIOLIB_ECODE_FILEEND))
{
Serial.println("File Read Error!");
myFile.close();
}
theAudio->startPlayer(AudioClass::Player0);
}
Required file 1
Attention: module[1] attention id[2]/code[1] (dma_controller/audio_dma_drv.cpp L886)
Attention!
up_assert: Assertion failed at file:manager/audio_manager.cpp line: 586 task: init
up_dumpstate: sp: 0d08464c
up_dumpstate: IRQ stack:
up_dumpstate: base: 0d07b900
up_dumpstate: size: 00000800
up_dumpstate: used: 000000f8
up_dumpstate: User stack:
up_dumpstate: base: 0d084898
up_dumpstate: size: 00001fec
up_dumpstate: used: 00000518
up_stackdump: 0d084640: 0d03dc80 00000000 00000000 0d03dc80 00000000 0d0168ed 000fd080 000fda14
up_stackdump: 0d084660: 000fd040 0d01d715 0d0846e0 0d015af5 0d0846c0 000fd040 0001e000 00008000
up_stackdump: 0d084680: 0d03fdf8 0d03fdf8 00000000 0d000000 0d03dc80 0d0017a5 00004000 00004000
up_stackdump: 0d0846a0: 0d03fdf8 0d03fdc8 00000000 0d012071 00000000 0d03fdf8 00004000 0d001f93
up_stackdump: 0d0846c0: 022300f8 0d045500 00000001 0d001fdd 0d0455f8 00000000 0d03fdc8 0d03fc00
up_stackdump: 0d0846e0: 0d03fc00 0d000000 0d03dc80 0d03fc00 0d03fc00 0d000597 0d03fc00 0d00065f
up_stackdump: 0d084700: 060107bc 00170000 0000020a 00010000 00000000 00000000 0f0dfdc2 3dbc48c1
up_stackdump: 0d084720: fd1b2fa3 bdbc5713 00000000 c0320000 00000000 00000000 bf800000 bf800000
up_stackdump: 0d084740: bf800000 bf800000 00000000 00000000 00000000 00000000 00000000 00000000
up_stackdump: 0d084760: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
up_stackdump: 0d084780: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
up_stackdump: 0d0847a0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
up_stackdump: 0d0847c0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
up_stackdump: 0d0847e0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
up_stackdump: 0d084800: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
up_stackdump: 0d084820: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
up_stackdump: 0d084840: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
up_stackdump: 0d084860: 00000000 00000000 00000000 0d03dc90 0d03dc90 0d0032cd 0d01c23b 00000101
up_stackdump: 0d084880: 00000000 00000000 00000000 0d005cdb 00000000 00000000 deadbeef 0d0848a4
up_taskdump: Idle Task: PID=0 Stack Used=0 of 0
up_taskdump: hpwork: PID=1 Stack Used=584 of 2028
up_taskdump: lpwork: PID=2 Stack Used=352 of 2028
up_taskdump: lpwork: PID=3 Stack Used=352 of 2028
up_taskdump: lpwork: PID=4 Stack Used=352 of 2028
up_taskdump: init: PID=5 Stack Used=1304 of 8172
up_taskdump: cxd56_pm_task: PID=6 Stack Used=320 of 996
up_taskdump: <pthread>: PID=7 Stack Used=704 of 1020
up_taskdump: AMNG: PID=8 Stack Used=616 of 2028
up_taskdump: PLY_OBJ: PID=9 Stack Used=1088 of 3052
up_taskdump: SUB_PLY_OBJ: PID=10 Stack Used=324 of 3044
up_taskdump: OMIX_OBJ: PID=11 Stack Used=520 of 3044
up_taskdump: RENDER_CMP_DEV0: PID=12 Stack Used=696 of 2020
up_taskdump: RENDER_CMP_DEV1: PID=13 Stack Used=312 of 2020
up_taskdump: REC_OBJ: PID=14 Stack Used=352 of 2028
up_taskdump: CAPTURE_CMP_DEV0: PID=15 Stack Used=312 of 2012
up_taskdump: <pthread>: PID=16 Stack Used=344 of 2044

To analyze a stack dump the Spresense full SDK provide a tool where you can specify two files as arguments. One is your saved log file, and the other one is the system map file. Doing that you should be able to get the stack trace.
If you have build your software with the Arduino IDE you should be able to find where your map file is located in the Arduino IDE log window.
Go to File -> Preferences -> Settings -> Show verbose output during and select compilation and when you build your sketch you should be able to find where your build folder is. Normally this folder would be located in /tmp and look something like this:
/tmp/arduino_build_724727/
Fetch the full SDK from github:
git clone --recursive git#github.com:sonydevworld/spresense.git
Change directory to the SDK:
$cd spresense/sdk
spresense/sdk$ ./tools/callstack.py -h
Usage: python ./tools/callstack.py <System.map> <stackdump.log>
Now just specify the location of your files:
./tools/callstack.py /tmp/arduino_build_724727/output.map stackoverflow.log
For Spresense specific questions and technical support please see: https://forum.developer.sony.com/

Kernel debugging from /dev/kmsg

I am having some problem with a (customized) driver (smsc95xx) which runs on my embedded systems, and I would need to understand where the issue exactely comes from.
For example, this is a kernel error message from /dev/kmsg reporting the issue:
1,737,1433656890,-;Unable to handle kernel NULL pointer dereference at virtual address 000001a0
1,738,1433665618,-;pgd = daafc000
1,739,1433668609,-;[000001a0] *pgd=9d5dd831, *pte=00000000, *ppte=00000000
0,740,1433675720,-;Internal error: Oops: 17 [#2] SMP ARM
4,741,1433680664,-;Modules linked in: ctr ccm ecb hci_uart rfcomm bnep bluetooth arc4 usb_trimble(O) wl18xx wlcore mac80211 cfg80211 rfkill wlcore_sdio twl4030_madc industrialio ftdi_sio smsc95xx(O) usbserial(O) ipv6
4,742,1433700378,-;CPU: 0 PID: 17418 Comm: sh Tainted: G D O 3.18.18-custom #20
4,743,1433708343,-;task: de30cd40 ti: da9b8000 task.ti: da9b8000
4,744,1433714050,-;PC is at __pm_runtime_resume+0x1c/0x64
4,745,1433719085,-;LR is at usb_autopm_get_interface+0x18/0x5c
4,746,1433724578,-;pc : [<c03cb590>] lr : [<c04677d4>] psr: 20000013\x0asp : da9b9ea8 ip : da9b9f14 fp : 00000000
4,747,1433736633,-;r10: daa22a4c r9 : 00000024 r8 : 00000004
4,748,1433742126,-;r7 : 000000a0 r6 : 00000004 r5 : 00000000 r4 : 00000020
4,749,1433748992,-;r3 : 000001a0 r2 : 00000040 r1 : 00000004 r0 : 00000020
4,750,1433755859,-;Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
4,751,1433763366,-;Control: 10c5387d Table: 9aafc019 DAC: 00000015
0,752,1433769378,-;Process sh (pid: 17418, stack limit = 0xda9b8240)
0,753,1433775421,-;Stack: (0xda9b9ea8 to 0xda9ba000)
0,754,1433779998,-;9ea0: 00000000 00000000 00000000 00000020 000000a0 c04677d4
0,755,1433788604,-;9ec0: dd31f680 00000000 00000040 c04574c8 c01ae218 c0085f58 00000001 00000000
0,756,1433797210,-;9ee0: 00000000 00000024 c04574a0 dd31f680 c0457510 de687a00 da9b9f88 bf0d44e4
0,757,1433805816,-;9f00: 00000024 da9b9f14 00000004 de687a00 da9b9f88 01110000 00000000 bf0d7990
0,758,1433814422,-;9f20: bf0d7cbc 00000000 00000000 bf0d4554 00000002 00000002 daa22a40 c01ae24c
0,759,1433823028,-;9f40: 00000000 00000000 dd3721c0 00000002 000eb408 da9b9f88 c000e824 da9b8000
0,760,1433831634,-;9f60: 00000000 c0145fd8 de30cd40 c08f20d4 dd3721c0 dd3721c0 00000002 000eb408
0,761,1433840240,-;9f80: c000e824 c01464e0 00000000 00000000 00000000 00000002 000eb408 b6ee1d60
0,762,1433848815,-;9fa0: 00000004 c000e660 00000002 000eb408 00000001 000eb408 00000002 00000000
0,763,1433857421,-;9fc0: 00000002 000eb408 b6ee1d60 00000004 00000000 000e515c 00000001 00000000
0,764,1433865997,-;9fe0: 00000000 beaef904 b6e1946c b6e7139c 60000010 00000001 00000000 00000000
4,765,1433874603,-;[<c03cb590>] (__pm_runtime_resume) from [<c04677d4>] (usb_autopm_get_interface+0x18/0x5c)
4,766,1433884307,-;[<c04677d4>] (usb_autopm_get_interface) from [<c04574c8>] (usbnet_write_cmd+0x28/0x70)
4,767,1433893737,-;[<c04574c8>] (usbnet_write_cmd) from [<bf0d44e4>] (__smsc95xx_write_reg+0x50/0x8c [smsc95xx])
4,768,1433903839,-;[<bf0d44e4>] (__smsc95xx_write_reg [smsc95xx]) from [<bf0d4554>] (smsc95xx_store+0x34/0x218 [smsc95xx])
4,769,1433914794,-;[<bf0d4554>] (smsc95xx_store [smsc95xx]) from [<c01ae24c>] (kernfs_fop_write+0xc0/0x184)
4,770,1433924438,-;[<c01ae24c>] (kernfs_fop_write) from [<c0145fd8>] (vfs_write+0xa0/0x1ac)
4,771,1433932586,-;[<c0145fd8>] (vfs_write) from [<c01464e0>] (SyS_write+0x44/0x9c)
4,772,1433940002,-;[<c01464e0>] (SyS_write) from [<c000e660>] (ret_fast_syscall+0x0/0x50)
0,773,1433947967,-;Code: e1a04000 0a000006 e2803d06 f5d3f000 (e1932f9f)
4,774,1433954650,-;---[ end trace bdd277dec40e1d5c ]---
I suppose the most important part are the last few lines:
4,765,1433874603,-;[<c03cb590>] (__pm_runtime_resume) from [<c04677d4>] (usb_autopm_get_interface+0x18/0x5c)
4,766,1433884307,-;[<c04677d4>] (usb_autopm_get_interface) from [<c04574c8>] (usbnet_write_cmd+0x28/0x70)
4,767,1433893737,-;[<c04574c8>] (usbnet_write_cmd) from [<bf0d44e4>] (__smsc95xx_write_reg+0x50/0x8c [smsc95xx])
4,768,1433903839,-;[<bf0d44e4>] (__smsc95xx_write_reg [smsc95xx]) from [<bf0d4554>] (smsc95xx_store+0x34/0x218 [smsc95xx])
4,769,1433914794,-;[<bf0d4554>] (smsc95xx_store [smsc95xx]) from [<c01ae24c>] (kernfs_fop_write+0xc0/0x184)
4,770,1433924438,-;[<c01ae24c>] (kernfs_fop_write) from [<c0145fd8>] (vfs_write+0xa0/0x1ac)
4,771,1433932586,-;[<c0145fd8>] (vfs_write) from [<c01464e0>] (SyS_write+0x44/0x9c)
4,772,1433940002,-;[<c01464e0>] (SyS_write) from [<c000e660>] (ret_fast_syscall+0x0/0x50)
but maybe there is a better way than checking /dev/kmsg to understand this output ?

Problem solved.
The driver was modified to create the files into the
/sys/class/dirnamae/files
directory (where dirname and files are named into the driver's code).
The problem was that the driver did not delete the directory previously created, so unplugging and replugging the device and then writing into the files was causing the kernel error showed before, because it's like writing into a memory area which is not referenced any more.
The solution is to delete the
/sys/class/dirnamae
and recreating it every time the device is unplugged.

How to understand the ARM registers dumped by kernel panic?

After Linux kernel oops on ARM platform, registers are dumped to console. But I got confused with analyzing these registers.
For example,
Unable to handle kernel paging request at virtual address 0b56e8b8
pgd = c0004000
[0b56e8b8] *pgd=00000000
Internal error: Oops: 5 [#1] PREEMPT SMP ARM
......
pc : [<bf65e7c0>] lr : [<bf65ec14>] psr: 20000113
sp : c07059f0 ip : 00008d4c fp : c0705a3c
r10: 00000003 r9 : e8bcd800 r8 : e88b006c
r7 : 0000e203 r6 : c0705a44 r5 : e88b0000 r4 : 0b56e8b8
r3 : 00000000 r2 : 00000b56 r1 : e4592e10 r0 : e889570c
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel
Control: 10c5787d Table: 69fec06a DAC: 00000015
SP: 0xc0705970:
5970 e8e70000 e45de100 00000181 00000180 c070599c bf65e7c0 20000113 ffffffff
5990 c07059dc e88b006c c0705a3c c07059a8 c000e318 c0008360 e889570c e4592e10
59b0 00000b56 00000000 0b56e8b8 e88b0000 c0705a44 0000e203 e88b006c e8bcd800
59d0 00000003 c0705a3c 00008d4c c07059f0 bf65ec14 bf65e7c0 20000113 ffffffff
59f0 e8b80000 e2030b56 00000000 e889570c 00000003 e88b006c c007eccc c007ebb4
5a10 00000000 eacc0480 e88b0000 00002098 e9c80480 e8c08000 00000000 e8bcdc80
5a30 c0705a5c c0705a40 bf65ec14 bf65e6c0 bf5e51c4 00000000 e88b0000 00000000
5a50 c0705a74 c0705a60 bf65ecfc bf65ebe4 e4554500 e4554500 c0705a84 c0705a78
R5: 0xe88aff80:
ff80 bf10f0b0 e8aca4c0 e88aff8c e88b1680 00000000 bf05b70c e87c3580 00000000
ffa0 bf095024 e87c3580 00000000 bf095024 e87c3580 00000000 bf095024 00000001
ffc0 00000004 ebd83000 00000793 e8cc2500 00000002 00000004 00000043 ffffffff
ffe0 40320354 be9ee8d8 00030444 40320380 20000010 00000000 70cfe821 70cfec21
0000 bf81e1f8 e88b0018 e88b000c e88e9a00 00000000 bf095024 00000000 fffffffe
0020 00000000 00000000 fffffffe 00000000 00000000 fffffffe 00000000 00000000
0040 00000001 e91dd000 00001073 0010051b 00080000 f1e4d900 00000001 00000002
0060 000000c8 6df9eca0 00008044 e8895700 00000040 00000026 00000003 0b56e8b8
R8: 0xe88affec:
ffec 40320380 20000010 00000000 70cfe821 70cfec21 bf81e1f8 e88b0018 e88b000c
000c e88e9a00 00000000 bf095024 00000000 fffffffe 00000000 00000000 fffffffe
002c 00000000 00000000 fffffffe 00000000 00000000 00000001 e91dd000 00001073
004c 0010051b 00060000 f1e4d900 00000001 00000002 000000c8 6df9eca0 00008044
006c e8895700 00000040 00000026 00000003 0b56e8b8 e4604000 0000026c 000000da
008c 00000000 21d7ff6e 000078a9 bf05add4 e88b0000 e88b0000 ebd02600 f1015a05
00ac 00000001 000000a6 000000c4 00000000 e88b0000 1e1e1e1e 1e1e1e1e 1e1e1e1e
00cc 1e1e1e1e 1e1e1e1e 1e1e1e1e 1e1e1e1e 1e1e1e1e 1e1e1e1e 1e1e1e1e 1e1e1e1e
Questions:
What does the 0xc0705970 stands for in SP: 0xc0705970:? Code address or data address? Where to find it?
Why sp : c07059f0 is not at the beginning or end of SP register? How is the stack organized in this register?
What does the first column of each register mean? If they stand for relative address, why are they not continuous?
Is 0b56e8b8 a pointer pointing to a page? How is it be accessed in R5 and R8?

How the registers are used in an OS is something up to the ABI, a.k.a Application Binary Interface.
However we can give a quick, informal and simplified explanation of the dump.
I'm not an expert on Linux on ARM but some name seem quite intuitive:
sp is Stack Pointer. A pointer to a useful memory area called the stack.
fp is Frame Pointer. A pointer used by routine to access local vars.
lr is Link Register. A register containing the Return address of a call.
nzCv are the flags, If a flag is in uppercase it is set, otherwise clear.
n = Last result was Negative
z = Last result was Zero
C = Last result needed/produced a Carry bit
v = Last result Overflowed
IRQ on means Hardware interrupts are enabled.
FIRQ on means that some hardware interrupts are handled with a fast context switch.
Mode is the CPU mode, indicating that the code was privileged.
The following info are control structures for the the CPU set by the kernel.
The dump make you a favor by considering the sp, r5 and r8 register values as pointers and showing the memory at that addresses.
The block below SP: 0xc0705970: for example is a dump of the memory at 0xc0705970. Each row is formatted as follow:
The first column is the current address. Only the last four digit are shown as is it obvious what the full address is (ie there is no ambiguity, the addresses start from 0xc0705970).
The following eight columns are 32 bit values dumped from memory. Each row show you 32 byte of memory.
For example by looking at
R5: 0xe88aff80:
ff80 bf10f0b0 e8aca4c0 e88aff8c e88b1680 00000000 bf05b70c e87c3580 00000000
ffa0 bf095024 e87c3580 00000000 bf095024 e87c3580 00000000 bf095024 00000001
ffc0 00000004 ebd83000 00000793 e8cc2500 00000002 00000004 00000043 ffffffff
ffe0 40320354 be9ee8d8 00030444 40320380 20000010 00000000 70cfe821 70cfec21
0000 bf81e1f8 e88b0018 e88b000c e88e9a00 00000000 bf095024 00000000 fffffffe
0020 00000000 00000000 fffffffe 00000000 00000000 fffffffe 00000000 00000000
0040 00000001 e91dd000 00001073 0010051b 00080000 f1e4d900 00000001 00000002
0060 000000c8 6df9eca0 00008044 e8895700 00000040 00000026 00000003 0b56e8b8
You can tell that the 32 bit value r5 was pointing to was 0xbf10f0b0 or that the 32 bit value at 0xe88a0000 was 0xbf81e1f8 or that the 32 bit value at 0xe88a0028 was 0xfffffffe.
All this information are useful for the developer of the code that panicked.

qemu running powerpc u-boot failed

I'm trying to emulate freescale powerpc with QEMU,but faced some problem.
When I try to run ppc u-boot,it fails with the infomation below:
$ qemu-system-ppc -M ppce500 -nographic -kernel u-boot
qemu: fatal: Trying to execute code outside RAM or ROM at 0xeff40000
NIP eff40000 LR 00000000 CTR 00000000 XER 00000000
MSR 00000000 HID0 00000000 HF 00000000 idx 1
TB 00000000 05858550 DECR 00000000
GPR00 0000000000000000 0000000000fffff8 0000000000000000 00000000f1800000
GPR04 0000000000000000 0000000000000000 0000000045504150 0000000000000000
GPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
CR 00000000 [ - - - - - - - - ] RES ffffffff
FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 00000000
SRR0 00000000 SRR1 00000000 PVR 80210030 VRSAVE 00000000
SPRG0 00000000 SPRG1 00000000 SPRG2 00000000 SPRG3 00000000
SPRG4 00000000 SPRG5 00000000 SPRG6 00000000 SPRG7 00000000
CSRR0 00000000 CSRR1 00000000 MCSRR0 00000000 MCSRR1 00000000
TCR 00000000 TSR 00000000 ESR 00000000 DEAR 00000000
PIR 00000000 DECAR 00000000 IVPR 00000000 EPCR 00000000
MCSR 00000000 SPRG8 00000000 EPR 00000000
MCAR 00000000 PID1 00000000 PID2 00000000 SVR 00000000
MAS0 00000000 MAS1 00000000 MAS2 00000000 MAS3 00000000
MAS4 00000000 MAS6 00000000 MAS7 00000000 PID 00000000
MMUCFG 00000000 TLB0CFG 04110200 TLB1CFG 101cc010
[1] 13621 abort (core dumped) qemu-system-ppc -M ppce500 -nographic -kernel u-boot
As the error message shows: qemu: fatal: Trying to execute code outside RAM or ROM at 0xeff40000.It's Strange.The u-boot I tried is ok on powerpc e500 board.What's more,I have run powerpc linux kernel successfully whih qemu-system-ppc.
The version of my qemu is the latest 2.3.50, and I've tried 1.7 have the same problem.
Is there anybody faced the same problem?

There was a bug in 2.3.50 (bugreport) with this effect.
It has been fixed in more recent qemu releases.
Why it breaks in v1.7, I don't know. (are you sure?)

Develop Reference

node.js excel linux python-3.x azure haskell apache-spark rust .htaccess string