Segmentation fault in fastboot mode with imx6 board.
hamzehnasajpour opened this issue · 13 comments
I have a MX6 custom board, after sending the bootloader via UUU, I run the fastboot 0
in my bootloader. The uuu
can't detect the device and faced with segmentation fault
.
commit: 88ce01edebbcd651f9288d664d17ef45beffb441
version: uuu (Universal Update Utility) for nxp imx chips -- libuuu_1.5.177-0-g88ce01e
backtrace with gdb
:
(gdb) run -lsusb
Starting program: /home/hamzeh/Desktop/dev/imx/uuu-built -lsusb
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff7599700 (LWP 19614)]
uuu (Universal Update Utility) for nxp imx chips -- libuuu_1.5.177-0-g88ce01e
Connected Known USB Devices
Path Chip Pro Vid Pid BcdVersion Serial_no
====================================================================
Thread 1 "uuu-built" received signal SIGSEGV, Segmentation fault.
0x00005555555e7518 in get_device_serial_no (dev=0x55555568ffe0, desc=0x7fffffffdf60,
item=0x555555673b40) at /home/hamzeh/Desktop/dev/imx/mfgtools/libuuu/usbhotplug.cpp:250
250 sid = info->serial_idx;
(gdb) bt
#0 0x00005555555e7518 in get_device_serial_no (dev=0x55555568ffe0, desc=0x7fffffffdf60,
item=0x555555673b40) at /home/hamzeh/Desktop/dev/imx/mfgtools/libuuu/usbhotplug.cpp:250
#1 0x00005555555e8d4a in uuu_for_each_devices (
fn=0x5555555690a0 <print_usb_device(char const*, char const*, char const*, unsigned short, unsigned short, unsigned short, char const*, void*)>, p=0x0)
at /home/hamzeh/Desktop/dev/imx/mfgtools/libuuu/usbhotplug.cpp:621
#2 0x00005555555688b6 in main (argc=2, argv=0x7fffffffe4e8)
at /home/hamzeh/Desktop/dev/imx/mfgtools/uuu/uuu.cpp:1014
If I use the previous versions it works and I can list my device.
This is the patch that works but I am not sure this is the best solution or not:
diff --git a/libuuu/usbhotplug.cpp b/libuuu/usbhotplug.cpp
index 48a0fc5..0e60ef9 100644
--- a/libuuu/usbhotplug.cpp
+++ b/libuuu/usbhotplug.cpp
@@ -247,7 +247,7 @@ static string get_device_serial_no(libusb_device *dev, struct libusb_device_desc
if (!sid) {
const ROM_INFO *info= search_rom_info(item);
- sid = info->serial_idx;
+ if(sid) sid = info->serial_idx;
}
serial.resize(SERIAL_NO_MAX);
Does below patch fix your problem.
diff --git a/libuuu/rominfo.cpp b/libuuu/rominfo.cpp
index 9f21668..cded9d3 100644
--- a/libuuu/rominfo.cpp
+++ b/libuuu/rominfo.cpp
@@ -41,22 +41,22 @@ using namespace std;
static constexpr std::array<ROM_INFO, 16> g_RomInfo
{
- ROM_INFO{ "MX6Q", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 },
- ROM_INFO{ "MX6D", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 },
- ROM_INFO{ "MX6SL", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 },
- ROM_INFO{ "MX7D", 0x00911000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
- ROM_INFO{ "MX6UL", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
- ROM_INFO{ "MX6ULL", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
- ROM_INFO{ "MX6SLL", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
+ ROM_INFO{ "MX6Q", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6, 0},
+ ROM_INFO{ "MX6D", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6, 0 },
+ ROM_INFO{ "MX6SL", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6, 0 },
+ ROM_INFO{ "MX7D", 0x00911000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
+ ROM_INFO{ "MX6UL", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
+ ROM_INFO{ "MX6ULL", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
+ ROM_INFO{ "MX6SLL", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
ROM_INFO{ "MX8MQ", 0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD | ROM_INFO_NEED_BAREBOX_FULL_IMAGE, 4},
- ROM_INFO{ "MX7ULP", 0x2f018000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
- ROM_INFO{ "MXRT106X", 0x1000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
+ ROM_INFO{ "MX7ULP", 0x2f018000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
+ ROM_INFO{ "MXRT106X", 0x1000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
ROM_INFO{ "MX8QXP", 0x0, ROM_INFO_HID | ROM_INFO_HID_NO_CMD | ROM_INFO_HID_UID_STRING, 4},
ROM_INFO{ "MX28", 0x0, ROM_INFO_HID},
ROM_INFO{ "MX815", 0x0, ROM_INFO_HID | ROM_INFO_HID_NO_CMD | ROM_INFO_HID_UID_STRING | ROM_INFO_HID_EP1 | ROM_INFO_HID_PACK_SIZE_1020 | ROM_INFO_HID_ROMAPI, 4},
ROM_INFO{ "MX95", 0x0, ROM_INFO_HID | ROM_INFO_HID_NO_CMD | ROM_INFO_HID_UID_STRING | ROM_INFO_HID_EP1 | ROM_INFO_HID_PACK_SIZE_1020, 4},
- ROM_INFO{ "SPL", 0x0, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_SPL_JUMP | ROM_INFO_HID_SDP_NO_MAX_PER_TRANS},
- ROM_INFO{ "SPL1", 0x0, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_SPL_JUMP | ROM_INFO_HID_SDP_NO_MAX_PER_TRANS | ROM_INFO_AUTO_SCAN_UBOOT_POS},
+ ROM_INFO{ "SPL", 0x0, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_SPL_JUMP | ROM_INFO_HID_SDP_NO_MAX_PER_TRANS, 0},
+ ROM_INFO{ "SPL1", 0x0, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_SPL_JUMP | ROM_INFO_HID_SDP_NO_MAX_PER_TRANS | ROM_INFO_AUTO_SCAN_UBOOT_POS, 0},
};
But this patch you have sent is already applied and I can see these modifications are exist in the latest commits and I have this issue with latest version. anyway it doesnt fix.
Strange, info->serial_idx should be 0 for imx6.
I think I have the same problem with i.MX8MP.
lsusb -v for this device shows:
Bus 001 Device 006: ID 1fc9:0146 NXP Semiconductors SE Blank 865
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x1fc9 NXP Semiconductors
idProduct 0x0146
bcdDevice 0.02
iManufacturer 1 NXP SemiConductor Inc
iProduct 2 SE Blank 865
iSerial 0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0029
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 4 211BB800CA7EFD69
bmAttributes 0xc0
Self Powered
MaxPower 10mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 3 Human Interface Device
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
HID Device Descriptor:
bLength 9
bDescriptorType 33
bcdHID 1.10
bCountryCode 0 Not supported
bNumDescriptors 1
bDescriptorType 34 Report
wDescriptorLength 76
Report Descriptors:
** UNAVAILABLE **
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x03fd 1x 1021 bytes
bInterval 1
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
cannot read device status, Resource temporarily unavailable (11)
Interesting:
iConfiguration 4 211BB800CA7EFD69
This looks more like a serial number, than a configuration name.
Brand new git clone of mfgtools!
trio@pi4runner:~/mfgtools/uuu $ sudo gdb -args ./uuu -V -b emmc_all ../../flash.bin-phyboard-pollux-imx8mp-3-sd ../../phytec-headless-image-phyboard-pollux-imx8mp-3.rootfs-20240416210044.wic
GNU gdb (Debian 13.1-3) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "aarch64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./uuu...
(No debugging symbols found in ./uuu)
(gdb) run
Starting program: /home/trio/mfgtools/uuu/uuu -V -b emmc_all ../../flash.bin-phyboard-pollux-imx8mp-3-sd ../../phytec-headless-image-phyboard-pollux-imx8mp-3.rootfs-20240416210044.wic
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ff73df140 (LWP 1484)]
uuu (Universal Update Utility) for nxp imx chips -- libuuu_1.5.179-1-gb6ae918
Build in config:
Pctl Chip Vid Pid BcdVersion Serial_No
==================================================
SDPS: MX8QXP 0x1fc9 0x012f [0x0002..0xffff]
SDPS: MX8QM 0x1fc9 0x0129 [0x0002..0xffff]
SDPS: MX8DXL 0x1fc9 0x0147
SDPS: MX28 0x15a2 0x004f
SDPS: MX815 0x1fc9 0x013e
SDPS: MX865 0x1fc9 0x0146
SDPS: MX8ULP 0x1fc9 0x014a
SDPS: MX8ULP 0x1fc9 0x014b
SDPS: MX93 0x1fc9 0x014e
SDPS: MX93 0x1fc9 0x0159
SDPS: MX95 0x1fc9 0x015d
SDPS: MX95 0x1fc9 0x015c
SDP: MX7D 0x15a2 0x0076
SDP: MX6Q 0x15a2 0x0054
SDP: MX6D 0x15a2 0x0061
SDP: MX6SL 0x15a2 0x0063
SDP: MX6SX 0x15a2 0x0071
SDP: MX6UL 0x15a2 0x007d
SDP: MX6ULL 0x15a2 0x0080
SDP: MX6SLL 0x1fc9 0x0128
SDP: MX7ULP 0x1fc9 0x0126
SDP: MXRT106X 0x1fc9 0x0135
SDP: MX8MM 0x1fc9 0x0134
SDP: MX8MQ 0x1fc9 0x012b
SDPU: SPL 0x0525 0xb4a4 [0x0000..0x04ff]
SDPV: SPL1 0x0525 0xb4a4 [0x0500..0x9998]
SDPV: SPL1 0x1fc9 0x0151 [0x0500..0x9998]
SDPU: SPL 0x0525 0xb4a4 [0x9999..0x9999]
SDPU: SPL 0x3016 0x1001 [0x0000..0x04ff]
SDPV: SPL1 0x3016 0x1001 [0x0500..0x9998]
FBK: 0x066f 0x9afe
FBK: 0x066f 0x9bff
FBK: 0x1fc9 0x0153
FB: 0x0525 0xa4a5
FB: 0x18d1 0x0d02
FB: 0x3016 0x0001
FB: 0x1fc9 0x0152
FB: 0x0483 0x0afb
Run built-in script:
uuu_version 1.4.149
# @_flash.bin | bootloader, which can extract from wic image
# @_image [_flash.bin] | wic image burn to emmc.
# This command will be run when i.MX6/7 i.MX8MM, i.MX8MQ
SDP: boot -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -scanlimited 0x800000
# This command will be run when ROM support stream mode
# i.MX8QXP, i.MX8QM
SDPS: boot -scanterm -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -scanlimited 0x800000
# These commands will be run when use SPL and will be skipped if no spl
# SDPU will be deprecated. please use SDPV instead of SDPU
# {
SDPU: delay 1000
SDPU: write -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -offset 0x57c00
SDPU: jump -scanlimited 0x800000
# }
# These commands will be run when use SPL and will be skipped if no spl
# if (SPL support SDPV)
# {
SDPV: delay 1000
SDPV: write -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -skipspl -scanterm -scanlimited 0x800000
SDPV: jump -scanlimited 0x800000
# }
FB: ucmd setenv fastboot_dev mmc
FB: ucmd setenv mmcdev ${emmc_dev}
FB: ucmd mmc dev ${emmc_dev}
FB: flash -raw2sparse all ../../phytec-headless-image-phyboard-pollux-imx8mp-3.rootfs-20240416210044.wic
FB: flash -scanterm -scanlimited 0x800000 bootloader ../../flash.bin-phyboard-pollux-imx8mp-3-sd
FB: ucmd if env exists emmc_ack; then ; else setenv emmc_ack 0; fi;
FB: ucmd mmc partconf ${emmc_dev} ${emmc_ack} 1 0
FB: done
Wait for Known USB Device Appear...
[New Thread 0x7ff6bcf140 (LWP 1485)]
New USB Device Attached at 1:14-211BB800CA7EFD69
1:14-211BB800CA7EFD69>Start Cmd:SDPS: boot -scanterm -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -scanlimited 0x800000
[New Thread 0x7ff63bf140 (LWP 1486)]
[Thread 0x7ff63bf140 (LWP 1486) exited]
100%1:14-211BB800CA7EFD69>Okay (3.013s)
[Thread 0x7ff6bcf140 (LWP 1485) exited]
Thread 1 "uuu" received signal SIGSEGV, Segmentation fault.
0x00000055555d49e8 in get_device_serial_no(libusb_device*, libusb_device_descriptor*, ConfigItem*) ()
(gdb) bp
Undefined command: "bp". Try "help".
(gdb) bt
#0 0x00000055555d49e8 in get_device_serial_no(libusb_device*, libusb_device_descriptor*, ConfigItem*) ()
#1 0x00000055555d4ff0 in usb_add(libusb_device*) ()
#2 0x00000055555d51fc in compare_list(libusb_device**, libusb_device**) ()
#3 0x00000055555d55b4 in polling_usb(std::atomic<int>&) ()
#4 0x000000555559adb0 in uuu_wait_uuu_finish(int, int) ()
#5 0x0000005555561ff0 in main ()
(gdb)
Additional notice:
When I call uuu with Yocto Phytec Kirkstone Bootloader and Image -> uuu works
When I call uuu with Yocto Phytec Scarthgap Bootloader and Image -> Seg Fault happens
It could also happen that instead of "Seg Fault" the download just hangs.
Depends on version/kind of bootloader, if it offers something or not, or wrong?
@hamzehnasajpour Where are your files, you want to flash and get Seg Fault, coming from?
Bus 001 Device 018: ID 1fc9:0152 NXP Semiconductors USB download gadget
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x1fc9 NXP Semiconductors
idProduct 0x0152
bcdDevice 2.23
iManufacturer 1 FSL
iProduct 2 USB download gadget
iSerial 3 211bb800ca7efd69
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0020
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 2 USB download gadget
bmAttributes 0xc0
Self Powered
MaxPower 2mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 66
bInterfaceProtocol 3
iInterface 4 Android Fastboot
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0001
Self Powered
@hamzehnasajpour Could it be that above patch is not what you tested with?
- sid = info->serial_idx;
+ if(sid) sid = info->serial_idx;
The error case seems to be that sid = 0. Then info will be used. But in case of Seg Fault info is also 0.
The crash then happens in
info->serial_idx;
I have now used something very similar:
- sid = info->serial_idx;
+ if(info) sid = info->serial_idx;
Is this sid (which is later used for libusb_get_string_descriptor_ascii) used for any important purpose?
Or just some printout of the serial number?
Or perhaps for some use case besides downloading.
All in all with change
- sid = info->serial_idx;
+ if(info) sid = info->serial_idx;
it seems to download till end without a segfault.
And downloaded image can be started and is running!
Thanks, I missed if(info) sid = info->serial_idx;
Add serial number help option -ms to filter out the devices, which have super speed support. When multi board devices connect to PC, uuu -m usb2.0_port -m usb3.0_port uuu.script. User need find out two physical ports for one devices.
If support serial number uuu -ms <serial_no> will only monitor devices, regardless connected to which physcial ports
Can you send pull request to me?
Thanks for the explanation and the tool itself!
Here is the merge request
@hamzehnasajpour Can you please retest, if the above change also fixed the problem on your side?
@nxpfrankli This change was my solution which I had mentioned in the description :), you can see it. anyway, it will fix the problem.
Thanks for your reply!
Pay attention that your suggested fix and the now commited fix is different.
if (sid) ...
->
if (info) ...
@capiman Sorry, was my mistake, I dont know why I had submitted wrong patch. I also was using
if (info) ....
as solution. Anyway the patch works fine. Thanks.