Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault in fastboot mode with imx6 board. #420

Closed
hamzehnasajpour opened this issue Apr 15, 2024 · 13 comments
Closed

Segmentation fault in fastboot mode with imx6 board. #420

hamzehnasajpour opened this issue Apr 15, 2024 · 13 comments

Comments

@hamzehnasajpour
Copy link

I have a MX6 custom board, after sending the bootloader via UUU, I run the fastboot 0 in my bootloader. The uuu can't detect the device and faced with segmentation fault.

commit: 88ce01edebbcd651f9288d664d17ef45beffb441
version: uuu (Universal Update Utility) for nxp imx chips -- libuuu_1.5.177-0-g88ce01e
backtrace with gdb:

(gdb) run -lsusb
Starting program: /home/hamzeh/Desktop/dev/imx/uuu-built -lsusb
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff7599700 (LWP 19614)]
uuu (Universal Update Utility) for nxp imx chips -- libuuu_1.5.177-0-g88ce01e

Connected Known USB Devices
        Path     Chip    Pro     Vid     Pid     BcdVersion      Serial_no
        ====================================================================

Thread 1 "uuu-built" received signal SIGSEGV, Segmentation fault.
0x00005555555e7518 in get_device_serial_no (dev=0x55555568ffe0, desc=0x7fffffffdf60, 
    item=0x555555673b40) at /home/hamzeh/Desktop/dev/imx/mfgtools/libuuu/usbhotplug.cpp:250
250                     sid = info->serial_idx;
(gdb) bt
#0  0x00005555555e7518 in get_device_serial_no (dev=0x55555568ffe0, desc=0x7fffffffdf60, 
    item=0x555555673b40) at /home/hamzeh/Desktop/dev/imx/mfgtools/libuuu/usbhotplug.cpp:250
#1  0x00005555555e8d4a in uuu_for_each_devices (
    fn=0x5555555690a0 <print_usb_device(char const*, char const*, char const*, unsigned short, unsigned short, unsigned short, char const*, void*)>, p=0x0)
    at /home/hamzeh/Desktop/dev/imx/mfgtools/libuuu/usbhotplug.cpp:621
#2  0x00005555555688b6 in main (argc=2, argv=0x7fffffffe4e8)
    at /home/hamzeh/Desktop/dev/imx/mfgtools/uuu/uuu.cpp:1014

If I use the previous versions it works and I can list my device.

This is the patch that works but I am not sure this is the best solution or not:

diff --git a/libuuu/usbhotplug.cpp b/libuuu/usbhotplug.cpp
index 48a0fc5..0e60ef9 100644
--- a/libuuu/usbhotplug.cpp
+++ b/libuuu/usbhotplug.cpp
@@ -247,7 +247,7 @@ static string get_device_serial_no(libusb_device *dev, struct libusb_device_desc
 
        if (!sid) {
                const ROM_INFO *info= search_rom_info(item);
-               sid = info->serial_idx;
+               if(sid) sid = info->serial_idx;
        }
 
        serial.resize(SERIAL_NO_MAX);
@nxpfrankli
Copy link
Contributor

Does below patch fix your problem.

diff --git a/libuuu/rominfo.cpp b/libuuu/rominfo.cpp
index 9f21668..cded9d3 100644
--- a/libuuu/rominfo.cpp
+++ b/libuuu/rominfo.cpp
@@ -41,22 +41,22 @@ using namespace std;

 static constexpr std::array<ROM_INFO, 16> g_RomInfo
 {
-       ROM_INFO{ "MX6Q",        0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 },
-       ROM_INFO{ "MX6D",        0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 },
-       ROM_INFO{ "MX6SL",       0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 },
-       ROM_INFO{ "MX7D",        0x00911000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
-       ROM_INFO{ "MX6UL",       0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
-       ROM_INFO{ "MX6ULL",      0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
-       ROM_INFO{ "MX6SLL",      0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
+       ROM_INFO{ "MX6Q",        0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6, 0},
+       ROM_INFO{ "MX6D",        0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6, 0 },
+       ROM_INFO{ "MX6SL",       0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6, 0 },
+       ROM_INFO{ "MX7D",        0x00911000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
+       ROM_INFO{ "MX6UL",       0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
+       ROM_INFO{ "MX6ULL",      0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
+       ROM_INFO{ "MX6SLL",      0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
        ROM_INFO{ "MX8MQ",       0x00910000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD | ROM_INFO_NEED_BAREBOX_FULL_IMAGE, 4},
-       ROM_INFO{ "MX7ULP",      0x2f018000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
-       ROM_INFO{ "MXRT106X",    0x1000,     ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD },
+       ROM_INFO{ "MX7ULP",      0x2f018000, ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
+       ROM_INFO{ "MXRT106X",    0x1000,     ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_HID_SKIP_DCD, 0 },
        ROM_INFO{ "MX8QXP",      0x0,        ROM_INFO_HID | ROM_INFO_HID_NO_CMD | ROM_INFO_HID_UID_STRING, 4},
        ROM_INFO{ "MX28",        0x0,        ROM_INFO_HID},
        ROM_INFO{ "MX815",       0x0,        ROM_INFO_HID | ROM_INFO_HID_NO_CMD | ROM_INFO_HID_UID_STRING | ROM_INFO_HID_EP1 | ROM_INFO_HID_PACK_SIZE_1020 | ROM_INFO_HID_ROMAPI, 4},
        ROM_INFO{ "MX95",        0x0,        ROM_INFO_HID | ROM_INFO_HID_NO_CMD | ROM_INFO_HID_UID_STRING | ROM_INFO_HID_EP1 | ROM_INFO_HID_PACK_SIZE_1020, 4},
-       ROM_INFO{ "SPL",         0x0,        ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_SPL_JUMP | ROM_INFO_HID_SDP_NO_MAX_PER_TRANS},
-       ROM_INFO{ "SPL1",        0x0,        ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_SPL_JUMP | ROM_INFO_HID_SDP_NO_MAX_PER_TRANS | ROM_INFO_AUTO_SCAN_UBOOT_POS},
+       ROM_INFO{ "SPL",         0x0,        ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_SPL_JUMP | ROM_INFO_HID_SDP_NO_MAX_PER_TRANS, 0},
+       ROM_INFO{ "SPL1",        0x0,        ROM_INFO_HID | ROM_INFO_HID_MX6 | ROM_INFO_SPL_JUMP | ROM_INFO_HID_SDP_NO_MAX_PER_TRANS | ROM_INFO_AUTO_SCAN_UBOOT_POS, 0},
 };

@hamzehnasajpour
Copy link
Author

But this patch you have sent is already applied and I can see these modifications are exist in the latest commits and I have this issue with latest version. anyway it doesnt fix.

@nxpfrankli
Copy link
Contributor

Strange, info->serial_idx should be 0 for imx6.

@capiman
Copy link
Contributor

capiman commented Apr 21, 2024

I think I have the same problem with i.MX8MP.

lsusb -v for this device shows:

Bus 001 Device 006: ID 1fc9:0146 NXP Semiconductors SE Blank 865
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  idVendor           0x1fc9 NXP Semiconductors
  idProduct          0x0146
  bcdDevice            0.02
  iManufacturer           1 NXP       SemiConductor Inc
  iProduct                2 SE Blank 865
  iSerial                 0
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength       0x0029
    bNumInterfaces          1
    bConfigurationValue     1
    iConfiguration          4 211BB800CA7EFD69
    bmAttributes         0xc0
      Self Powered
    MaxPower               10mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass         3 Human Interface Device
      bInterfaceSubClass      0
      bInterfaceProtocol      0
      iInterface              0
        HID Device Descriptor:
          bLength                 9
          bDescriptorType        33
          bcdHID               1.10
          bCountryCode            0 Not supported
          bNumDescriptors         1
          bDescriptorType        34 Report
          wDescriptorLength      76
         Report Descriptors:
           ** UNAVAILABLE **
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x01  EP 1 OUT
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x03fd  1x 1021 bytes
        bInterval               1
Device Qualifier (for other device speed):
  bLength                10
  bDescriptorType         6
  bcdUSB               2.00
  bDeviceClass            0
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  bNumConfigurations      1
cannot read device status, Resource temporarily unavailable (11)

Interesting:

iConfiguration 4 211BB800CA7EFD69

This looks more like a serial number, than a configuration name.

Brand new git clone of mfgtools!

trio@pi4runner:~/mfgtools/uuu $ sudo gdb -args ./uuu -V -b emmc_all ../../flash.bin-phyboard-pollux-imx8mp-3-sd ../../phytec-headless-image-phyboard-pollux-imx8mp-3.rootfs-20240416210044.wic
GNU gdb (Debian 13.1-3) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "aarch64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./uuu...
(No debugging symbols found in ./uuu)
(gdb) run
Starting program: /home/trio/mfgtools/uuu/uuu -V -b emmc_all ../../flash.bin-phyboard-pollux-imx8mp-3-sd ../../phytec-headless-image-phyboard-pollux-imx8mp-3.rootfs-20240416210044.wic
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ff73df140 (LWP 1484)]
uuu (Universal Update Utility) for nxp imx chips -- libuuu_1.5.179-1-gb6ae918

Build in config:
        Pctl     Chip            Vid     Pid     BcdVersion      Serial_No
        ==================================================
        SDPS:    MX8QXP          0x1fc9  0x012f  [0x0002..0xffff]
        SDPS:    MX8QM           0x1fc9  0x0129  [0x0002..0xffff]
        SDPS:    MX8DXL          0x1fc9  0x0147
        SDPS:    MX28            0x15a2  0x004f
        SDPS:    MX815           0x1fc9  0x013e
        SDPS:    MX865           0x1fc9  0x0146
        SDPS:    MX8ULP          0x1fc9  0x014a
        SDPS:    MX8ULP          0x1fc9  0x014b
        SDPS:    MX93            0x1fc9  0x014e
        SDPS:    MX93            0x1fc9  0x0159
        SDPS:    MX95            0x1fc9  0x015d
        SDPS:    MX95            0x1fc9  0x015c
        SDP:     MX7D            0x15a2  0x0076
        SDP:     MX6Q            0x15a2  0x0054
        SDP:     MX6D            0x15a2  0x0061
        SDP:     MX6SL           0x15a2  0x0063
        SDP:     MX6SX           0x15a2  0x0071
        SDP:     MX6UL           0x15a2  0x007d
        SDP:     MX6ULL          0x15a2  0x0080
        SDP:     MX6SLL          0x1fc9  0x0128
        SDP:     MX7ULP          0x1fc9  0x0126
        SDP:     MXRT106X        0x1fc9  0x0135
        SDP:     MX8MM           0x1fc9  0x0134
        SDP:     MX8MQ           0x1fc9  0x012b
        SDPU:    SPL             0x0525  0xb4a4  [0x0000..0x04ff]
        SDPV:    SPL1            0x0525  0xb4a4  [0x0500..0x9998]
        SDPV:    SPL1            0x1fc9  0x0151  [0x0500..0x9998]
        SDPU:    SPL             0x0525  0xb4a4  [0x9999..0x9999]
        SDPU:    SPL             0x3016  0x1001  [0x0000..0x04ff]
        SDPV:    SPL1            0x3016  0x1001  [0x0500..0x9998]
        FBK:                     0x066f  0x9afe
        FBK:                     0x066f  0x9bff
        FBK:                     0x1fc9  0x0153
        FB:                      0x0525  0xa4a5
        FB:                      0x18d1  0x0d02
        FB:                      0x3016  0x0001
        FB:                      0x1fc9  0x0152
        FB:                      0x0483  0x0afb

Run built-in script:

uuu_version 1.4.149

# @_flash.bin            | bootloader, which can extract from wic image
# @_image   [_flash.bin] | wic image burn to emmc.


# This command will be run when i.MX6/7 i.MX8MM, i.MX8MQ
SDP: boot -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -scanlimited 0x800000

# This command will be run when ROM support stream mode
# i.MX8QXP, i.MX8QM
SDPS: boot -scanterm -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -scanlimited 0x800000

# These commands will be run when use SPL and will be skipped if no spl
# SDPU will be deprecated. please use SDPV instead of SDPU
# {
SDPU: delay 1000
SDPU: write -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -offset 0x57c00
SDPU: jump -scanlimited 0x800000
# }

# These commands will be run when use SPL and will be skipped if no spl
# if (SPL support SDPV)
# {
SDPV: delay 1000
SDPV: write -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -skipspl -scanterm -scanlimited 0x800000
SDPV: jump -scanlimited 0x800000
# }


FB: ucmd setenv fastboot_dev mmc
FB: ucmd setenv mmcdev ${emmc_dev}
FB: ucmd mmc dev ${emmc_dev}
FB: flash -raw2sparse all ../../phytec-headless-image-phyboard-pollux-imx8mp-3.rootfs-20240416210044.wic
FB: flash -scanterm -scanlimited 0x800000 bootloader ../../flash.bin-phyboard-pollux-imx8mp-3-sd
FB: ucmd if env exists emmc_ack; then ; else setenv emmc_ack 0; fi;
FB: ucmd mmc partconf ${emmc_dev} ${emmc_ack} 1 0
FB: done


Wait for Known USB Device Appear...
[New Thread 0x7ff6bcf140 (LWP 1485)]
New USB Device Attached at 1:14-211BB800CA7EFD69
1:14-211BB800CA7EFD69>Start Cmd:SDPS: boot -scanterm -f ../../flash.bin-phyboard-pollux-imx8mp-3-sd -scanlimited 0x800000
[New Thread 0x7ff63bf140 (LWP 1486)]
[Thread 0x7ff63bf140 (LWP 1486) exited]
100%1:14-211BB800CA7EFD69>Okay (3.013s)
[Thread 0x7ff6bcf140 (LWP 1485) exited]

Thread 1 "uuu" received signal SIGSEGV, Segmentation fault.
0x00000055555d49e8 in get_device_serial_no(libusb_device*, libusb_device_descriptor*, ConfigItem*) ()
(gdb) bp
Undefined command: "bp".  Try "help".
(gdb) bt
#0  0x00000055555d49e8 in get_device_serial_no(libusb_device*, libusb_device_descriptor*, ConfigItem*) ()
#1  0x00000055555d4ff0 in usb_add(libusb_device*) ()
#2  0x00000055555d51fc in compare_list(libusb_device**, libusb_device**) ()
#3  0x00000055555d55b4 in polling_usb(std::atomic<int>&) ()
#4  0x000000555559adb0 in uuu_wait_uuu_finish(int, int) ()
#5  0x0000005555561ff0 in main ()
(gdb)

@capiman
Copy link
Contributor

capiman commented Apr 21, 2024

Additional notice:

When I call uuu with Yocto Phytec Kirkstone Bootloader and Image -> uuu works
When I call uuu with Yocto Phytec Scarthgap Bootloader and Image -> Seg Fault happens

It could also happen that instead of "Seg Fault" the download just hangs.

Depends on version/kind of bootloader, if it offers something or not, or wrong?

@hamzehnasajpour Where are your files, you want to flash and get Seg Fault, coming from?

@capiman
Copy link
Contributor

capiman commented Apr 22, 2024

Bus 001 Device 018: ID 1fc9:0152 NXP Semiconductors USB download gadget
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  idVendor           0x1fc9 NXP Semiconductors
  idProduct          0x0152
  bcdDevice            2.23
  iManufacturer           1 FSL
  iProduct                2 USB download gadget
  iSerial                 3 211bb800ca7efd69
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength       0x0020
    bNumInterfaces          1
    bConfigurationValue     1
    iConfiguration          2 USB download gadget
    bmAttributes         0xc0
      Self Powered
    MaxPower                2mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass     66
      bInterfaceProtocol      3
      iInterface              4 Android Fastboot
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               0
Device Qualifier (for other device speed):
  bLength                10
  bDescriptorType         6
  bcdUSB               2.00
  bDeviceClass            0
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  bNumConfigurations      1
Device Status:     0x0001
  Self Powered

@capiman
Copy link
Contributor

capiman commented Apr 22, 2024

@hamzehnasajpour Could it be that above patch is not what you tested with?

-               sid = info->serial_idx;
+               if(sid) sid = info->serial_idx;

The error case seems to be that sid = 0. Then info will be used. But in case of Seg Fault info is also 0.
The crash then happens in

info->serial_idx;

I have now used something very similar:

-               sid = info->serial_idx;
+               if(info) sid = info->serial_idx;

Is this sid (which is later used for libusb_get_string_descriptor_ascii) used for any important purpose?
Or just some printout of the serial number?
Or perhaps for some use case besides downloading.

All in all with change

-               sid = info->serial_idx;
+               if(info) sid = info->serial_idx;

it seems to download till end without a segfault.
And downloaded image can be started and is running!

@nxpfrankli
Copy link
Contributor

Thanks, I missed if(info) sid = info->serial_idx;

Add serial number help option -ms to filter out the devices, which have super speed support. When multi board devices connect to PC, uuu -m usb2.0_port -m usb3.0_port uuu.script. User need find out two physical ports for one devices.

If support serial number uuu -ms <serial_no> will only monitor devices, regardless connected to which physcial ports

Can you send pull request to me?

capiman added a commit to capiman/mfgtools that referenced this issue Apr 22, 2024
Bugfix against SegFault of nxp-imx#420: If info is 0, no access on content is possible.
capiman added a commit to capiman/mfgtools that referenced this issue Apr 22, 2024
Update usbhotplug.cpp - bugfix against SegFault of nxp-imx#420
@capiman
Copy link
Contributor

capiman commented Apr 22, 2024

Thanks for the explanation and the tool itself!
Here is the merge request

nxpfrankli pushed a commit that referenced this issue Apr 22, 2024
Bugfix against SegFault of #420: If info is 0, no access on content is possible.
@capiman
Copy link
Contributor

capiman commented Apr 29, 2024

@hamzehnasajpour Can you please retest, if the above change also fixed the problem on your side?

@hamzehnasajpour
Copy link
Author

@nxpfrankli This change was my solution which I had mentioned in the description :), you can see it. anyway, it will fix the problem.

@capiman
Copy link
Contributor

capiman commented Apr 29, 2024

Thanks for your reply!

Pay attention that your suggested fix and the now commited fix is different.

if (sid) ...

->

if (info) ...

@hamzehnasajpour
Copy link
Author

@capiman Sorry, was my mistake, I dont know why I had submitted wrong patch. I also was using

if (info) ....

as solution. Anyway the patch works fine. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants