Develop Reference

Raspberry PI 4 hardware registers access

I'm working on an embedded Linux training with Raspberry PI 4B and in order to create I2C bus driver I need to access hardware registers. The problem is when I try to read any of them I get "Unhandled fault: unknown 3 (0x203) at 0xf08c5000".
Here is the code I'm using to read register:
void i2cHandler_init(void)
{
const u32 rpiPeriphBase = 0xfe000000;
const u32 rpiGpioOffset = 0x200000;
const void *rpiGpioAddress = rpiPeriphBase + rpiGpioOffset;
__iomem u32 *ioMemory;
ioMemory = ioremap(rpiGpioAddress, 0x40 * 8);
pr_info("%s: rpiGpioAddress = 0x%x\r\n", __func__, rpiGpioAddress);
pr_info("%s: ioMemory = 0x%x\r\n", __func__, ioMemory);
pr_info("%s: Register value = 0x%x\r\n", __func__, readl(ioMemory));
if(ioMemory != NULL)
iounmap(ioMemory);
}
Yes, I'm trying to read GPIO GPFSEL0 register here, but changing offset to read I2C Control register changes nothing.
Kernel log output looks like this:
[ 1467.677279] i2cHandler_init: rpiGpioAddress = 0xfe200000
[ 1467.677289] i2cHandler_init: ioMemory = 0xf08c5000
[ 1467.677308] 8<--- cut here ---
[ 1467.677325] Unhandled fault: unknown 3 (0x203) at 0xf08c5000
[ 1467.677340] pgd = f812a8c9
[ 1467.677353] [f08c5000] *pgd=80000000007003, *pmd=2ff5b003, *pte=c00ffffe200713
[ 1467.677385] Internal error: : 203 [#1] SMP ARM
[ 1467.677400] Modules linked in: rpi_driver_I2C(O+) rfcomm cmac algif_hash aes_arm_bs crypto_simd cryptd algif_skcipher af_alg bnep hci_uart btbcm bluetooth ecdh_generic ecc spidev snd_soc_hdmi_codec 8021q garp stp llc brcmfmac brcmutil v3d cfg80211 gpu_sched rfkill raspberrypi_hwmon i2c_brcmstb vc4 spi_bcm2835 cec bcm2835_codec(C) bcm2835_v4l2(C) bcm2835_isp(C) v4l2_mem2mem bcm2835_mmal_vchiq(C) videobuf2_dma_contig videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common vc_sm_cma(C) drm_kms_helper videodev snd_bcm2835(C) snd_soc_core mc snd_compress snd_pcm_dmaengine snd_pcm rpivid_mem snd_timer snd syscopyarea sysfillrect sysimgblt fb_sys_fops uio_pdrv_genirq uio nvmem_rmem i2c_dev drm drm_panel_orientation_quirks backlight fuse ip_tables x_tables ipv6 [last unloaded: rpi_driver_I2C]
[ 1467.677744] CPU: 0 PID: 2059 Comm: insmod Tainted: G C O 5.15.32-v7l+ #1538
[ 1467.677764] Hardware name: BCM2711
[ 1467.677775] PC is at i2cHandler_init+0xc4/0x178 [rpi_driver_I2C]
[ 1467.677808] LR is at irq_work_queue+0x14/0x2c
[ 1467.677833] pc : [<bf3fe464>] lr : [<c0358054>] psr: 60000013
[ 1467.677846] sp : c3e57d68 ip : 00000000 fp : c3e57d7c
[ 1467.677859] r10: c1205048 r9 : bf400380 r8 : 00000000
[ 1467.677871] r7 : 00000002 r6 : bf3fe5a8 r5 : c1205048 r4 : f08c5000
[ 1467.677884] r3 : 3391a86e r2 : 3391a86e r1 : 00000027 r0 : 00000029
[ 1467.677898] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 1467.677914] Control: 30c5383d Table: 041e1e40 DAC: fffffffd
[ 1467.677926] Register r0 information: non-paged memory
[ 1467.677943] Register r1 information: non-paged memory
[ 1467.677958] Register r2 information: non-paged memory
[ 1467.677973] Register r3 information: non-paged memory
[ 1467.677988] Register r4 information: 0-page vmalloc region starting at 0xf08c5000 allocated at i2cHandler_init+0x80/0x178 [rpi_driver_I2C]
[ 1467.678024] Register r5 information: non-slab/vmalloc memory
[ 1467.678041] Register r6 information: 4-page vmalloc region starting at 0xbf3fe000 allocated at load_module+0xb94/0x2840
[ 1467.678069] Register r7 information: non-paged memory
[ 1467.678084] Register r8 information: NULL pointer
[ 1467.678099] Register r9 information: 4-page vmalloc region starting at 0xbf3fe000 allocated at load_module+0xb94/0x2840
[ 1467.678124] Register r10 information: non-slab/vmalloc memory
[ 1467.678140] Register r11 information: non-slab/vmalloc memory
[ 1467.678155] Register r12 information: NULL pointer
[ 1467.678170] Process insmod (pid: 2059, stack limit = 0x91bbcd6e)
[ 1467.678185] Stack: (0xc3e57d68 to 0xc3e58000)
[ 1467.678199] 7d60: bf400380 c1205048 c3e57d8c c3e57d80 bf3fe5fc bf3fe3ac
[ 1467.678217] 7d80: c3e57d9c c3e57d90 bf3fe5cc bf3fe5e4 c3e57e14 c3e57da0 c02021c4 bf3fe5b4
[ 1467.678234] 7da0: c0439ca0 c0bd5bf4 c1401180 00000000 c3e57dd4 c3e57dc0 c0bd5bf4 c029f244
[ 1467.678251] 7dc0: c1401180 c043ade4 c3e57e14 c3e57dd8 c043ade4 c03f4518 c041c20c c043997c
[ 1467.678269] 7de0: 00000008 c02d056c f097d000 3391a86e 00000002 bf400380 00000002 c3c36d80
[ 1467.678286] 7e00: 00000002 c4ad01c8 c3e57e3c c3e57e18 c02d058c c0202180 c3e57e3c c3e57e28
[ 1467.678303] 7e20: c041c394 c3e57f30 00000002 c4ad0180 c3e57f14 c3e57e40 c02d2dac c02d0544
[ 1467.678320] 7e40: bf40038c 00007fff bf400380 c02cf240 c1205048 c0e3b448 c0e3b460 c0e3b3f0
[ 1467.678337] 7e60: bf0c609a c0e3b4b0 c0c03df0 c3e57f30 bf400594 c4dc6418 bf4003c8 c4ad0188
[ 1467.678354] 7e80: c0e3afcc 00000001 00000000 c0efea84 c0ee67d0 00000000 00000000 00000000
[ 1467.678371] 7ea0: 00000000 00000000 6e72656b 00006c65 00000000 00000000 00000000 00000000
[ 1467.678388] 7ec0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 1467.678405] 7ee0: 00000000 3391a86e c3e57f2c c1205048 00000000 0002de04 00000003 c0200244
[ 1467.678423] 7f00: c3e56000 0000017b c3e57fa4 c3e57f18 c02d33b0 c02d0900 c3e57f2c 7fffffff
[ 1467.678439] 7f20: 00000000 00000002 c3e57f24 f097d000 f097db9e f097e5c0 f097d000 000033ac
[ 1467.678456] 7f40: f097ff9c f097fea8 f097f3a0 00003000 000036e0 00002018 00003aab 00000000
[ 1467.678474] 7f60: 00000000 00000000 00002008 00000017 00000018 00000010 0000000d 0000000a
[ 1467.678491] 7f80: 00000000 3391a86e 00000000 00000002 f9957800 0000017b 00000000 c3e57fa8
[ 1467.678508] 7fa0: c0200040 c02d32f4 00000000 00000002 00000003 0002de04 00000000 b6f68074
[ 1467.678535] 7fc0: 00000000 00000002 f9957800 0000017b 00e9acc8 00000002 bee367d4 00000000
[ 1467.678554] 7fe0: bee36600 bee365f0 00023bc0 b6c459e0 60000010 00000003 00000000 00000000
[ 1467.678568] Backtrace:
[ 1467.678582] [<bf3fe3a0>] (i2cHandler_init [rpi_driver_I2C]) from [<bf3fe5fc>] (mainCycle_init+0x24/0x38 [rpi_driver_I2C])
[ 1467.678632] r5:c1205048 r4:bf400380
[ 1467.678643] [<bf3fe5d8>] (mainCycle_init [rpi_driver_I2C]) from [<bf3fe5cc>] (init_module+0x24/0x30 [rpi_driver_I2C])
[ 1467.678687] [<bf3fe5a8>] (init_module [rpi_driver_I2C]) from [<c02021c4>] (do_one_initcall+0x50/0x244)
[ 1467.678726] [<c0202174>] (do_one_initcall) from [<c02d058c>] (do_init_module+0x54/0x23c)
[ 1467.678760] r8:c4ad01c8 r7:00000002 r6:c3c36d80 r5:00000002 r4:bf400380
[ 1467.678776] [<c02d0538>] (do_init_module) from [<c02d2dac>] (load_module+0x24b8/0x2840)
[ 1467.678807] r6:c4ad0180 r5:00000002 r4:c3e57f30
[ 1467.678824] [<c02d08f4>] (load_module) from [<c02d33b0>] (sys_finit_module+0xc8/0xfc)
[ 1467.678857] r10:0000017b r9:c3e56000 r8:c0200244 r7:00000003 r6:0002de04 r5:00000000
[ 1467.678876] r4:c1205048
[ 1467.678892] [<c02d32e8>] (sys_finit_module) from [<c0200040>] (ret_fast_syscall+0x0/0x1c)
[ 1467.678925] Exception stack(0xc3e57fa8 to 0xc3e57ff0)
[ 1467.678943] 7fa0: 00000000 00000002 00000003 0002de04 00000000 b6f68074
[ 1467.678969] 7fc0: 00000000 00000002 f9957800 0000017b 00e9acc8 00000002 bee367d4 00000000
[ 1467.678986] 7fe0: bee36600 bee365f0 00023bc0 b6c459e0
[ 1467.679007] r7:0000017b r6:f9957800 r5:00000002 r4:00000000
[ 1467.679030] Code: e1a02004 e30f0360 e34b0f3f eb5f37d6 (e5942000)
[ 1467.679052] ---[ end trace b887a2abb18bba14 ]---
Also I'm sure peripherals base address is correct because output of "sudo cat /proc/iomem" looks like this:
00000000-3b3fffff : System RAM
00008000-00ffffff : Kernel code
01200000-013ef203 : Kernel data
40000000-7fffffff : System RAM
fd500000-fd50930f : fd500000.pcie pcie#7d500000
fd580000-fd58ffff : fd580000.ethernet ethernet#7d580000
fd580e14-fd580e1c : unimac-mdio.-19
fe004000-fe00401f : fe004000.txp txp#7e004000
fe007000-fe007aff : fe007000.dma dma#7e007000
fe007b00-fe007eff : fe007b00.dma dma#7e007b00
fe00a000-fe00a023 : fe100000.watchdog watchdog#7e100000
fe00b840-fe00b87b : fe00b840.mailbox mailbox#7e00b840
fe00b880-fe00b8bf : fe00b880.mailbox mailbox#7e00b880
fe100000-fe100113 : fe100000.watchdog watchdog#7e100000
fe101000-fe102fff : fe101000.cprman cprman#7e101000
fe104000-fe104027 : fe104000.rng rng#7e104000
**fe200000-fe2000b3 : fe200000.gpio gpio#7e200000**
fe201000-fe2011ff : serial#7e201000
fe201000-fe2011ff : fe201000.serial serial#7e201000
fe204000-fe2041ff : fe204000.spi spi#7e204000
fe206000-fe2060ff : fe206000.pixelvalve pixelvalve#7e206000
fe207000-fe2070ff : fe207000.pixelvalve pixelvalve#7e207000
fe20a000-fe20a0ff : fe20a000.pixelvalve pixelvalve#7e20a000
fe215000-fe215007 : fe215000.aux aux#7e215000
fe216000-fe2160ff : fe216000.pixelvalve pixelvalve#7e216000
fe300000-fe3000ff : fe300000.mmcnr mmcnr#7e300000
fe340000-fe3400ff : fe340000.mmc mmc#7e340000
fe400000-fe407fff : fe400000.hvs hvs#7e400000
fec00000-fec03fff : fec00000.v3d hub
fec04000-fec07fff : fec00000.v3d core0
fec11000-fec1101f : fe100000.watchdog watchdog#7e100000
fec12000-fec120ff : fec12000.pixelvalve pixelvalve#7ec12000
fef00000-fef0000f : fef00000.clock clock#7ef00000
fef00b00-fef00dff : fef04500.i2c auto-i2c
fef04500-fef045ff : fef04500.i2c bsc
fef05b00-fef05dff : fef09500.i2c auto-i2c
fef09500-fef095ff : fef09500.i2c bsc
600000000-63fffffff : pcie#7d500000
600000000-6000fffff : PCI Bus 0000:01
600000000-600000fff : 0000:01:00.0
600000000-600000fff : xhci-hcd
Raspbeerry PI works under the Raspbian OS 32-bit version. Kernel version is 5.15.32-v7l+.
I tried different base addresses found from different sources:
0x20000000 - ioremap returns 0.
0x3e000000 - ioremap works, no errors, but values there make no sense and writing with this base address leads to no reaction at all.
0x7e000000 - ioremap returns 0.
0x7e000000 without ioremap - error "Unable to handle kernel paging request at virtual address ...".
According to different forums topics and examples my piece of code should just work, but it is not, so I'm out of ideas right now. Does anyone have any thoughts? Is this my error or something else is wrong?

Problem is solved. Nothing seems wrong with my code, 64-bit OS helped.
I didn't actually install 64-bit system, I added "arm_64bit=1" to my /boot/config.txt and updated all packages, because this was just for testing purposes, but this worked.

Kernel panic on simple loadable kernel module

I`m trying to create an elementary loadable kernel module to embedded OpenWRT system on the Ralink 3050 SOC (processor MIPS 24KEs). The target system built with MODULES=y and CONFIG_MODULE_UNLOAD=y options. I work under Ubuntu 20 X86 machine.
#include <linux/init.h>
#include <linux/module.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("test");
int init_module(void) {
printk(KERN_INFO "Hello, world!\n");
return 0;
}
void cleanup_module(void) {
printk(KERN_INFO "Goodbye, world!\n");
}
The first time, I`m was trying to compile module by the built-in OpenWRT buildroot cross-compiler:
make ARCH=mips CROSS_COMPILE=mipsel-openwrt-linux-musl-
The kernel headers included the OpenWRT buildroot were used.
Result, fail: after insmod load module was marked as [permanent]. I.e. the cleanup_module procedure was not seen by the kernel. I assumed that problem in a file structure. I`m was checking the vermagic signature (to an other system module that is workable): It matched.
$modinfo module.ko -> vermagic: 5.10.100 mod_unload MIPS32_R2 32BIT
Just in case, I had rebuilt the target system, may be it`s stochastic errors? But the result is the same…
Then I decided to build a custom cross-compiler and original kernel headers. I had downloaded and installed the binutils 2.38 and gcc 11.2.0 (same as at the OpenWRT buildroot) and was downloaded and prepared the kernel header with same .config file (kernel 5.10.100 – same as on the target system).
Now the next result:
After compilation make ARCH=mips CROSS_COMPILE=mipsel-unknown-linux-gnu- by custom cross compiler the module loads, but any next callers lsmod, rmmod or insmod finished by kernel panic. Looks like, the module corrupts kernel memory. If the module compiled without the cleanup_module procedure, it loads correct but have status [permanent] and can`t be unloaded.
I tried to change the function declaration: used __exit and static specificator – no result.
root#(none):/# lsmod
[ 456.197482] CPU 0 Unable to handle kernel paging request at virtual address 034881e0, epc == 80068f78, ra == 80068f64
[ 456.218804] Oops[#1]:
[ 456.223350] CPU: 0 PID: 1017 Comm: lsmod Not tainted 5.10.100 #0
[ 456.235314] $ 0 : 00000000 00000001 00000000 00000001
[ 456.245763] $ 4 : 8160200e 80320b64 00000000 00000001
[ 456.256206] $ 8 : 00000020 00000002 00000001 00000000
[ 456.266645] $12 : 7faff400 77eca2b0 77ec0020 7faff43f
[ 456.277090] $16 : 81a440a4 816110d8 034881d0 80320b64
[ 456.287534] $20 : 80380000 81a441d0 816110f0 81611100
[ 456.297977] $24 : 00000000 80101500
[ 456.308420] $28 : 81a46000 81a47d60 00000002 80068f64
[ 456.318864] Hi : 00000000
[ 456.324594] Lo : 0a3d70a4
[ 456.330333] epc : 80068f78 0x80068f78
[ 456.337973] ra : 80068f64 0x80068f64
[ 456.345609] Status: 1100e403 KERNEL EXL IE
[ 456.353965] Cause : 00800008 (ExcCode 02)
[ 456.361946] BadVA : 034881e0
[ 456.367679] PrId : 0001964c (MIPS 24KEc)
[ 456.375658] Modules linked in: module rt2800soc rt2800mmio rt2800lib rt2x00soc rt2x00mmio rt2x00lib mac80211 cfg80211 crc_ccitt compat sha256_generic libsha256 seqiv jitterentropy_rng drbg hmac cmac leds_gpio crc32c_generic
[ 456.415692] Process lsmod (pid: 1017, threadinfo=1acffaea, task=80d5ed61, tls=77ecbdd4)
[ 456.431637] Stack : 81621700 00400cc0 00000000 00000001 ffffffff 800b6700 81847c80 00002000
[ 456.448345] 00000000 81a47e18 00000000 a050f4de 81847c80 816110d8 81a440a4 00000000
[ 456.465053] 81a47f00 81a47e38 81a47e20 801011d8 00000001 00000001 00000000 00000601
[ 456.481760] 816e2904 800c7f98 77ec1000 81a47e8c 80584860 00000000 00000000 00000000
[ 456.498467] 81847c80 81a47f00 00000400 00000000 00000000 00000003 00000002 80101630
[ 456.515174] ...
[ 456.520050] Call Trace:
[ 456.520071] [<800b6700>] 0x800b6700
[ 456.531895] [<801011d8>] 0x801011d8
[ 456.538848] [<800c7f98>] 0x800c7f98
[ 456.545803] [<80101630>] 0x80101630
[ 456.552751] [<800c1bdc>] 0x800c1bdc
[ 456.559699] [<80018628>] 0x80018628
[ 456.566665] [<800df8f0>] 0x800df8f0
[ 456.573627] [<800faae8>] 0x800faae8
[ 456.580579] [<800de2b0>] 0x800de2b0
[ 456.587531] [<800dfbf0>] 0x800dfbf0
[ 456.594479] [<800c7e2c>] 0x800c7e2c
[ 456.601433] [<8000d36c>] 0x8000d36c
[ 456.611364] Сode: 00001025 10000007 26730b64 <8e460010> 24c6000c 0c040199 02202025 8e520000 24020001
UPD
Did you include calls to the module_init() and module_exit() macros to
register the functions as init/exit? Seems like you didn't from your
example. Also, you should add __init and __exit annotations. See this
simple example of mine. – Marco Bonelli
Yes, I tried to use the macro module_init() and module_exit(). It has no result. Anyway, this macro just translates the init and clean function name to the canonical function name: init_module and cleanup_module, like the main function in a user space program. Prefix __init and __exit also has no effect.
Smells like you use a compiler which configuration is not suitable for
the kernel. You could try to debug "Unable to handle kernel paging
request" error. – Tsyvarev
What is a "compiler configuration" that specifies the user or kernel object file type?
If we look (using readelf -a utility) at the difference between my module and any built-in module, we will see that the entry points of the init_module method in the .rel.gnu.linkonce.this_module section are identical, but the entry points of the cleanup_module are different.
Relocation section '.rel.gnu.linkonce.this_module' at offset 0x594 contains 2 entries:
Offset Info Type Sym.Value Sym. Name
000000d0 00001d02 R_MIPS_32 00000000 init_module
00000130 00001c02 R_MIPS_32 00000000 cleanup_module
Relocation section '.rel.gnu.linkonce.this_module' at offset 0x1c8c contains 2 entries:
Offset Info Type Sym.Value Sym. Name
000000d0 00000a02 R_MIPS_32 00000000 _1
00000140 00000902 R_MIPS_32 00000000 _0

Print inconsistency when booting linux kernel

I am trying to port kernel 4.12 to my board, but I'm facing a very weird issue.
Some context: I am using u-boot as bootloader, booting from a zImage with device tree support. The board has a Sitara AM3352.
What happens is that sometimes the kernel will start printing stuff, but most often it does nothing.
Situation 1:
U-Boot# bootz $kloadaddr - $fdtaddr
## Current stack ends at 0x83ee8bf8 Kernel image # 0x80007fc0 [ 0x00000000 - 0x002d9430 ]
## Flattened Device Tree blob at 88000000
Booting using the fdt blob at 0x88000000
using: FDT
using: FDT
Loading Device Tree to 83edd000, end 83ee7337 ... OK
## Transferring control to Linux (at address 80007fc0)...
Starting kernel ...
Situation 2:
U-Boot# bootz $kloadaddr - $fdtaddr
## Current stack ends at 0x83ee8bf8 Kernel image # 0x80007fc0 [ 0x00000000 - 0x002d9430 ]
## Flattened Device Tree blob at 88000000
Booting using the fdt blob at 0x88000000
using: FDT
using: FDT
Loading Device Tree to 83edd000, end 83ee7337 ... OK
## Transferring control to Linux (at address 80007fc0)...
Starting kernel ...
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Linux version 4.12.0R01-Beta (guilherme#epoch) (gcc version 4.9.3 (crosstool-NG crosstool-ng-1.22.0) ) #4 Thu Aug 3 14:30:16 BRT 2017
[ 0.000000] CPU: ARMv7 Processor [413fc082] revision 2 (ARMv7), cr=10c5387d
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[ 0.000000] OF: fdt: Machine model: Test Board
[ 0.000000] earlycon: omapserial0 at MMIO 0x44e09000 (options '')
[ 0.000000] bootconsole [omapserial0] enabled
[ 0.000000] Memory policy: Data cache writeback
[ 0.000000] CPU: All CPU(s) started in SVC mode.
[ 0.000000] AM335X ES2.1 (neon)
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 16256
[ 0.000000] Kernel command line: console=ttyO0,115200n8 root=/dev/mtdblock10 rw rootfstype=jffs2 noinitrd earlycon
[ 0.000000] PID hash table entries: 256 (order: -2, 1024 bytes)
[ 0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
[ 0.000000] Memory: 56952K/65536K available (4096K kernel code, 179K rwdata, 1484K rodata, 1024K init, 438K bss, 8584K reserved, 0K cma-reserved, 0K highmem)
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xffc00000 - 0xfff00000 (3072 kB)
[ 0.000000] vmalloc : 0xc4800000 - 0xff800000 ( 944 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xc4000000 ( 64 MB)
[ 0.000000] pkmap : 0xbfe00000 - 0xc0000000 ( 2 MB)
[ 0.000000] modules : 0xbf000000 - 0xbfe00000 ( 14 MB)
[ 0.000000] .text : 0xc0008000 - 0xc0500000 (5088 kB)
[ 0.000000] .init : 0xc0700000 - 0xc0800000 (1024 kB)
[ 0.000000] .data : 0xc0800000 - 0xc082cd90 ( 180 kB)
[ 0.000000] .bss : 0xc0831794 - 0xc089f2c8 ( 439 kB)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] NR_IRQS:16 nr_irqs:16 16
[ 0.000000] IRQ: Found an INTC at 0xfa200000 (revision 5.0) with 128 interrupts
[ 0.000000] OMAP clockevent source: timer2 at 24000000 Hz
[ 0.000020] sched_clock: 32 bits at 24MHz, resolution 41ns, wraps every 89478484971ns
[ 0.008003] clocksource: timer1: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 79635851949 ns
[ 0.017467] OMAP clocksource: timer1 at 24000000 Hz
[ 0.022622] clocksource_probe: no matching clocksources found
[ 0.028583] Calibrating delay loop... 599.04 BogoMIPS (lpj=1198080)
[ 0.059960] pid_max: default: 32768 minimum: 301
[ 0.064987] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.071729] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.079579] CPU: Testing write buffer coherency: ok
[ 0.085216] Setting up static identity map for 0x80100000 - 0x80100060
[ 0.095211] devtmpfs: initialized
[ 0.107961] VFP support v0.3: implementor 41 architecture 3 part 30 variant c rev 3
[ 0.116265] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[ 0.126579] futex hash table entries: 256 (order: -1, 3072 bytes)
[ 0.132888] pinctrl core: initialized pinctrl subsystem
[ 0.139759] NET: Registered protocol family 16
[ 0.145433] DMA: preallocated 256 KiB pool for atomic coherent allocations
[ 0.165036] omap_hwmod: debugss: _wait_target_disable failed
[ 0.171060] Unhandled fault: external abort on non-linefetch (0x1028) at 0xf9e3e078
[ 0.178849] pgd = c0004000
[ 0.181618] [f9e3e078] *pgd=44e11452(bad)
[ 0.185740] Internal error: : 1028 [#1] ARM
[ 0.190019] Modules linked in:
[ 0.193157] CPU: 0 PID: 1 Comm: swapper Not tainted 4.12.0R01-Beta #4
[ 0.199760] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 0.206019] task: c3830000 task.stack: c382e000
[ 0.210684] PC is at _update_sysc_cache+0x2c/0x94
[ 0.215494] LR is at _enable+0x240/0x2a8
[ 0.219517] pc : [<c0120b24>] lr : [<c0121314>] psr: 40000013
[ 0.219517] sp : c382fe98 ip : c0124774 fp : 00000000
[ 0.231311] r10: c0721838 r9 : 00000045 r8 : c08317c0
[ 0.236673] r7 : c080abf0 r6 : 00000000 r5 : c0831c68 r4 : c080a5a4
[ 0.243377] r3 : f9e3e078 r2 : c080b084 r1 : f9e3e000 r0 : c080a5a4
[ 0.250083] Flags: nZcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 0.257409] Control: 10c5387d Table: 80004019 DAC: 00000051
[ 0.263307] Process swapper (pid: 1, stack limit = 0xc382e210)
[ 0.269296] Stack: (0xc382fe98 to 0xc3830000)
[ 0.273768] fe80: 00000000 c0121314
[ 0.282173] fea0: 00000000 a0000013 c08092a8 c0803048 c080a5a4 c080a5d4 c080a5e8 c0709328
[ 0.290574] fec0: c382fed4 d3053b52 c080ae5c d3053b52 c080a5a4 c0807808 c0709240 00000000
[ 0.298975] fee0: c08317c0 c0121718 0000100c c0803048 00000002 c07099c8 00000000 c0709a6c
[ 0.307377] ff00: 00000000 c0101794 00000154 c3ffed09 c0671b34 c0147200 000017c0 c0228d30
[ 0.315777] ff20: c0803048 c05edd2c c07005dc 00000000 00000002 00000002 00000000 c0803048
[ 0.324179] ff40: 00000000 c3ffed09 00000000 d3053b52 00000000 d3053b52 00000002 c072c0f8
[ 0.332580] ff60: 00000002 c0721820 c08317c0 c08317c0 00000045 c0700dc8 00000002 00000002
[ 0.340981] ff80: 00000000 c07005dc 00000000 c04a7cc0 00000000 00000000 00000000 00000000
[ 0.349382] ffa0: 00000000 c04a7cc8 00000000 c010dd98 00000000 00000000 00000000 00000000
[ 0.357783] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 0.366184] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 ffffffff fffffffb
[ 0.374609] [<c0120b24>] (_update_sysc_cache) from [<c0121314>] (_enable+0x240/0x2a8)
[ 0.382637] [<c0121314>] (_enable) from [<c0709328>] (_setup+0xe8/0x4e8)
[ 0.389516] [<c0709328>] (_setup) from [<c0121718>] (omap_hwmod_for_each+0x38/0x60)
[ 0.397378] [<c0121718>] (omap_hwmod_for_each) from [<c0709a6c>] (__omap_hwmod_setup_all+0xa4/0xac)
[ 0.406676] [<c0709a6c>] (__omap_hwmod_setup_all) from [<c0101794>] (do_one_initcall+0x50/0x18c)
[ 0.415708] [<c0101794>] (do_one_initcall) from [<c0700dc8>] (kernel_init_freeable+0x140/0x1dc)
[ 0.424650] [<c0700dc8>] (kernel_init_freeable) from [<c04a7cc8>] (kernel_init+0x8/0x10c)
[ 0.433052] [<c04a7cc8>] (kernel_init) from [<c010dd98>] (ret_from_fork+0x14/0x3c)
[ 0.440815] Code: e3110c01 e5901054 e6f13073 1a00000c (e5933000)
[ 0.447075] ---[ end trace 396cebd12b8145f9 ]---
[ 0.451867] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 0.451867]
[ 0.461190] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 0.461190]
[ 1.373583] random: fast init done
This is my .dts file:
/dts-v1/;
#include "am33xx.dtsi"
#include <dt-bindings/interrupt-controller/irq.h>
/ {
model = "Test Board";
compatible = "guilherme,test_board", "ti,am33xx";
memory#80000000 {
device_type = "memory";
reg = <0x80000000 0x04000000>; /* 64 MB */
};
chosen {
stdout-path = &uart0;
bootargs ="console=ttyO0,115200n8 root=/dev/mtdblock10 rw rootfstype=jffs2 noinitrd earlycon";
};
};
While I was expecting to run into a kernel panic, what bugs me is this printing inconsistency. Also I can't see a way to pinpoint if this issue is due to some weird u-boot config, or something related to the kernel itself.

So, found out the problem! As I was working with a previously configured u-Boot, I tried to keep the u-Boot modifications to a minimum. Among these previously existing configurations, was a setenv bootargs = .... This bootargs definition overrides the definition in the .dtb file, causing conflicts. Once I removed this variable definition, the printing issue was resolved.
The reason the system was printing seemingly at random is because the bootargs definition was dependant on the state of a pin the is used to boot from images in a SDCard.

How can I see the full backtrace using kgdb to debug an ARM Linux module?

I worked my way through all of the free Linux training materials created by Free Electrons. In the last lab, we learn to use kgdb to remotely debug a simple crash in a loadable module. The crash is caused by a null pointer dereference in a memzero function call.
I am using Linux kernel 4.9 and a BeagleBone Black as the target, all according to the recommendations for the labs, and I've had no problems up to this point. My host is Ubuntu xenial and I am using standard packages for the ARM toolchain (Ubuntu/Linaro 5.4.0-6ubuntu1~16.04.4) and gdb (7.11.1-0ubuntu1~16.04) debugger.
gdb is able to read the symbol tables from vmlinux and from the module with the bug in it, which is called drvbroken.ko. The module has a bug in its init function, so it crashes immediately when I insmod it.
gdb output:
(gdb) backtrace
#0 __memzero () at arch/arm/lib/memzero.S:69
#1 0x00000000 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) list 69
64 ldmeqfd sp!, {pc} # 1/2 quick exit
65 /*
66 * No need to correct the count; we're only testing bits from now on
67 */
68 tst r1, #32 # 1
69 stmneia r0!, {r2, r3, ip, lr} # 4
70 stmneia r0!, {r2, r3, ip, lr} # 4
71 tst r1, #16 # 1 16 bytes or more?
72 stmneia r0!, {r2, r3, ip, lr} # 4
73 ldr lr, [sp], #4 # 1
The result is the same whether I build the kernel with CONFIG_ARM_UNWIND (the default) or disable that and use CONFIG_FRAME_POINTER (the old method recommended by the lab notes).
I tried the same procedure in kdb, and here I see a very long backtrace that includes the calling functions. The caller of memzero is cdev_init.
kdb output:
Entering kdb (current=0xde616240, pid 106) on processor 0 Oops: (null)
due to oops # 0xc04c2be0
CPU: 0 PID: 106 Comm: insmod Tainted: G O 4.9.0-dirty #1
Hardware name: Generic AM33XX (Flattened Device Tree)
task: de616240 task.stack: de676000
PC is at __memzero+0x40/0x7c
LR is at 0x0
pc : [<c04c2be0>] lr : [<00000000>] psr: 00000013
sp : de677da4 ip : 00000000 fp : de677dbc
r10: bf000240 r9 : 219a3868 r8 : 00000000
r7 : de65c7c0 r6 : de6420c0 r5 : bf0000b4 r4 : 00000000
r3 : 00000000 r2 : 00000000 r1 : fffffffc r0 : 00000000
Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: 9e69c019 DAC: 00000051
CPU: 0 PID: 106 Comm: insmod Tainted: G O 4.9.0-dirty #1
Hardware name: Generic AM33XX (Flattened Device Tree)
Backtrace:
... pruned function calls related to kdb itself ...
[<c08326cc>] (do_page_fault) from [<c010138c>] (do_DataAbort+0x3c/0xbc)
r10:bf000240 r9:de676000 r8:de677d50 r7:00000000 r6:c08326cc r5:00000817
r4:c0d0bb2c
[<c0101350>] (do_DataAbort) from [<c0831d04>] (__dabt_svc+0x64/0xa0)
Exception stack(0xde677d50 to 0xde677d98)
7d40: 00000000 fffffffc 00000000 00000000
7d60: 00000000 bf0000b4 de6420c0 de65c7c0 00000000 219a3868 bf000240 de677dbc
7d80: 00000000 de677da4 00000000 c04c2be0 00000013 ffffffff
r8:00000000 r7:de677d84 r6:ffffffff r5:00000013 r4:c04c2be0
[<c02bf44c>] (cdev_init) from [<bf002048>] (init_module+0x48/0xb4 [drvbroken])
r5:bf002000 r4:bf000480
[<bf002000>] (init_module [drvbroken]) from [<c01018d4>] (do_one_initcall+0x44/0x180)
r5:bf002000 r4:ffffe000
[<c0101890>] (do_one_initcall) from [<c024fa2c>] (do_init_module+0x64/0x1d8)
r8:00000001 r7:de65c7c0 r6:de6420c0 r5:c0dbfa84 r4:bf000240
[<c024f9c8>] (do_init_module) from [<c01e10e8>] (load_module+0x1d6c/0x23d8)
r6:c0d0512c r5:c0dbfa84 r4:c0d4c70f
[<c01df37c>] (load_module) from [<c01e18ac>] (SyS_init_module+0x158/0x17c)
r10:00000051 r9:de676000 r8:e0a95100 r7:00000000 r6:000ac118 r5:00004100
It is pretty easy to figure out where to look for the bug with this information, but alas, it is not possible to get a line number or list the source directly from kdb. This is much easier in gdb, assuming that I can get a full backtrace.

Crash at init time of Cobalt 8.20698

The latest version of Cobalt(8.20698) will crash at init time on arm linux platform, the backtrace is as follows, but the old version doesn't has this issue, could anyone help to have a look?
[00000000] *pgd=0dce6831, *pte=00000000, *ppte=00000000
CPU: 0 PID: 4268 Comm: cobalt_qa Tainted: P O 3.10.79 #2
task: cf33b400 ti: d24bc000 task.ti: d24bc000
PC is at 0xb5d12180
LR is at 0x161610
pc : [<b5d12180>] lr : [<00161610>] psr: 600f0010
sp : bed2fc20 ip : b5d12180 fp : 00000000
r10: bed30088 r9 : bed2ff78 r8 : bed2fe84
r7 : 00000002 r6 : 00000000 r5 : 00000000 r4 : 01027e68
r3 : 00000043 r2 : 00000049 r1 : 0000002e r0 : 00000000
Flags: nZCv IRQs on FIQs on Mode USER_32 ISA ARM Segment user
Control: 10c5387d Table: 124d406a DAC: 00000015
CPU: 0 PID: 4268 Comm: cobalt_qa Tainted: P O 3.10.79 #2
[<c0012c20>] (unwind_backtrace+0x0/0xdc) from [<c0010ef8>] (show_stack+0x10/0x14)
[<c0010ef8>] (show_stack+0x10/0x14) from [<c0014204>] (__do_user_fault+0x13c/0x1ac)
[<c0014204>] (__do_user_fault+0x13c/0x1ac) from [<c001449c>] (do_page_fault+0x228/0x268)
[<c001449c>] (do_page_fault+0x228/0x268) from [<c0008328>] (do_DataAbort+0x34/0x120)
[<c0008328>] (do_DataAbort+0x34/0x120) from [<c000dab4>] (__dabt_usr+0x34/0x40)
Exception stack(0xd24bdfb0 to 0xd24bdff8)
dfa0: 00000000 0000002e 00000049 00000043
dfc0: 01027e68 00000000 00000000 00000002 bed2fe84 bed2ff78 bed30088 00000000
dfe0: b5d12180 bed2fc20 00161610 b5d12180 600f0010 ffffffff
Caught signal: SIGSEGV (11)
<unknown> [0xb5d12180]
uprv_getDefaultLocaleID_56 [0x161610]
icu_56::locale_set_default_internal() [0x15a114]
icu_56::Locale::getDefault() [0x159ca0]
locale_get_default_56 [0x159cb0]
EzTimeValueExplode [0xb4d10]
EzTimeTExplode [0xb5048]
EzTimeTExplodeLocal [0xb5838]
logging::LogMessage::Init() [0x7b7cc]
logging::LogMessage::LogMessage() [0x7bcf4]
base::UserLog::IsRegistrationSupported() [0x6b108]
cobalt::browser::Application::RegisterUserLogs() [0x2c608]
cobalt::browser::Application::Application() [0x2d998]
cobalt::browser::CreateApplication() [0x2b278]
SbEventHandle [0x2b0c0]
starboard::shared::starboard::Application::DispatchStart() [0xbadec]
starboard::shared::starboard::Application::Run() [0xbb4e0]
main [0x21c24]
<unknown> [0xb5cb2278]

After tracing the code of Cobalt, the cobalt need to get the posix_id by SbSystemGetLocaledId() in system_get_locale_id.cc, but the system didn't set the clang environment variable yet, and it get null which made the Crash, after setting the LANG environment variable(export LANG="en_US.UTF-8"), it works.
Add CLANG environment variable