RTEMS | noelv: DTB parsing is broken (#5383)
Matteo Concas (@matteo.concas)
gitlab at rtems.org
Wed Oct 29 15:07:53 UTC 2025
Matteo Concas created an issue: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5383
## Summary
Parsing a DTB will lead to the application getting an illegal instruction:
```
grmon4> load /home/matteo/dev/rtems-gaisler/build/riscv/noel64imafd/testsuites/samples/hello.exe; run
0 .start 232B [===============>] 100%
f0 .text 97.3kB / 97.3kB [===============>] 100%
18610 .rodata 265.6kB / 265.6kB [===============>] 100%
5ac58 .eh_frame 4B [===============>] 100%
5ac60 .tdata 24B [===============>] 100%
5ac78 .init_array 8B [===============>] 100%
5ac80 .fini_array 8B [===============>] 100%
5ac88 .rtemsroset 176B [===============>] 100%
5ad38 .data 1.8kB / 1.8kB [===============>] 100%
5b448 .sdata 328B [===============>] 100%
Total size: 365.38kB (518.56kbit/s)
Entry point 0x00000000
Image /home/matteo/dev/rtems-gaisler/build/riscv/noel64imafd/testsuites/samples/hello.exe loaded
CPU 0: Error mode (4, Load address misaligned)
0x0000000030011000: 0000 illegal instruction
CPU 1: Forced into debug mode
0x00000000000000ac: ffdff06f j 0xa8
```
This is new behavior from RTEMS 7, RTEMS 6.1 will run the test correctly with the same DTB file loaded:
```
grmon4> load /home/matteo/dev/rtems-gaisler/build/riscv/noel64imafd/testsuites/samples/hello.exe; run
0 .start 232B [===============>] 100%
e8 .text 94.7kB / 94.7kB [===============>] 100%
17be0 .rodata 265.4kB / 265.4kB [===============>] 100%
5a188 .eh_frame 4B [===============>] 100%
5a190 .tdata 24B [===============>] 100%
5a1a8 .init_array 8B [===============>] 100%
5a1b0 .fini_array 8B [===============>] 100%
5a1b8 .rtemsroset 176B [===============>] 100%
5a268 .data 1.8kB / 1.8kB [===============>] 100%
5a978 .sdata 336B [===============>] 100%
Total size: 362.69kB (527.83kbit/s)
Entry point 0x00000000
Image /home/matteo/dev/rtems-gaisler/build/riscv/noel64imafd/testsuites/samples/hello.exe loaded
*** BEGIN OF TEST HELLO WORLD ***
*** TEST VERSION: 6.0.0.0a46769ba42d3476b0f37a85db49b3276658d293
*** TEST STATE: EXPECTED_PASS
*** TEST BUILD: RTEMS_POSIX_API RTEMS_SMP
*** TEST TOOLS: 13.3.0 20240521 (RTEMS 6, RSB no-repo, Newlib 1b3dcfd)
Hello World
*** END OF TEST HELLO WORLD ***
[ RTEMS shutdown ]
CPU: 0
RTEMS version: 6.0.0.0a46769ba42d3476b0f37a85db49b3276658d293
RTEMS tools: 13.3.0 20240521 (RTEMS 6, RSB no-repo, Newlib 1b3dcfd)
executing thread ID: 0x0a010001
executing thread name: UI1
CPU 0: Program exited normally
CPU 1: Forced into debug mode
0x00000000000000ac: ffdff06f j 0xa8
```
## Steps to reproduce
Build noel64imafd BSP kernel from `main` branch with tests, run the hello.exe sample.
## More info
The instruction trace shows it's still parsing the FDT when it encounters the error:
```
grmon4> inst cpu0
TIME L P ADDRESS INSTRUCTION RESULT SYMBOL
103909 0 M 000000000000e4bc subw a4, a4, a1 [00000000000002a0] fdt_get_string+0x1b4
103909 1 M 000000000000e4c0 mv a2, a4 [00000000000002a0] fdt_get_string+0x1b8
103910 1 M 000000000000e4c4 bltu a0, a4, 0xe4e8 [00000000000002a0] fdt_get_string+0x1bc
103910 0 M 000000000000e4c8 slli a2, a2, 0x20 [000002a000000000] fdt_get_string+0x1c0
103913 0 M 000000000000e4cc srli a2, a2, 0x20 [00000000000002a0] fdt_get_string+0x1c4
103913 1 M 000000000000e4d0 j 0xe3ec [000000000000e4d4] fdt_get_string+0x1c8
103915 0 M 000000000000e3ec slli a5, a5, 0x20 [0000120400000000] fdt_get_string+0xe4
103916 0 M 000000000000e3f0 srli a5, a5, 0x20 [0000000000001204] fdt_get_string+0xe8
103917 0 M 000000000000e3f4 add s0, s0, a5 [000000000001b5dc] fdt_get_string+0xec
103917 1 M 000000000000e3f8 li a1, 0 [0000000000000000] fdt_get_string+0xf0
103918 0 M 000000000000e3fc mv a0, s0 [000000000001b5dc] fdt_get_string+0xf4
103918 1 M 000000000000e400 jal ra, 0x14bcc [000000000000e404] fdt_get_string+0xf8
103920 0 M 0000000000014bcc andi a3, a0, 7 [0000000000000004] memchr+0x0
103921 0 M 0000000000014bd0 mv a4, a0 [000000000001b5dc] memchr+0x4
103921 1 M 0000000000014bd4 andi t1, a1, 255 [0000000000000000] memchr+0x8
103922 1 M 0000000000014bd8 beqz a3, 0x14c80 [0000000000000000] memchr+0xc
103922 0 M 0000000000014bdc li a5, 8 [0000000000000008] memchr+0x10
103923 0 M 0000000000014be0 sub a5, a5, a3 [0000000000000004] memchr+0x14
103923 1 M 0000000000014be4 bltu a2, a5, 0x14d50 [00000000000002a0] memchr+0x18
103924 0 M 0000000000014be8 li a3, 7 [0000000000000007] memchr+0x1c
103924 1 M 0000000000014bec bltu a3, a5, 0x14c7c [0000000000000007] memchr+0x20
103925 0 M 0000000000014bf0 auipc a0, 0x46 [000000000005abf0] memchr+0x24
103925 1 M 0000000000014bf4 addi a0, a0, -184 [000000000005ab38] memchr+0x28
103926 0 M 0000000000014bf8 slli a3, a5, 0x2 [0000000000000010] memchr+0x2c
103926 1 M 0000000000014bfc add a3, a3, a0 [000000000005ab48] memchr+0x30
103929 0 M 0000000000014c00 lw a3, 0(a3) [fffffffffffba104] memchr+0x34
103930 0 M 0000000000014c04 add a3, a3, a0 [0000000000014c3c] memchr+0x38
103933 1 M 0000000000014c08 jalr zero, a3 [0000000000014c0c] memchr+0x3c
103957 0 M 0000000000014c3c lbu a3, 0(a4) [0000000000000063] memchr+0x70
103958 0 M 0000000000014c40 mv a0, a4 [000000000001b5dc] memchr+0x74
103958 1 M 0000000000014c44 beq a3, t1, 0x14cac [0000000000000063] memchr+0x78
103959 1 M 0000000000014c48 addi a4, a4, 1 [000000000001b5dd] memchr+0x7c
103960 0 M 0000000000014c4c lbu a3, 0(a4) [000000000000006f] memchr+0x80
103960 1 M 0000000000014c50 mv a0, a4 [000000000001b5dd] memchr+0x84
103961 1 M 0000000000014c54 beq a3, t1, 0x14cac [000000000000006f] memchr+0x88
103961 0 M 0000000000014c58 addi a4, a4, 1 [000000000001b5de] memchr+0x8c
103962 0 M 0000000000014c5c lbu a3, 0(a4) [000000000000006d] memchr+0x90
103962 1 M 0000000000014c60 mv a0, a4 [000000000001b5de] memchr+0x94
103963 1 M 0000000000014c64 beq a3, t1, 0x14cac [000000000000006d] memchr+0x98
103963 0 M 0000000000014c68 addi a4, a4, 1 [000000000001b5df] memchr+0x9c
103964 0 M 0000000000014c6c lbu a3, 0(a4) [0000000000000070] memchr+0xa0
103964 1 M 0000000000014c70 mv a0, a4 [000000000001b5df] memchr+0xa4
103965 1 M 0000000000014c74 beq a3, t1, 0x14cac [0000000000000070] memchr+0xa8
103965 0 M 0000000000014c78 addi a4, a4, 1 [000000000001b5e0] memchr+0xac
103966 0 M 0000000000014c7c sub a2, a2, a5 [000000000000029c] memchr+0xb0
103966 1 M 0000000000014c80 andi a0, a2, -8 [0000000000000298] memchr+0xb4
103969 0 M 0000000000014c84 add a0, a4, a0 [000000000001b878] memchr+0xb8
103969 1 M 0000000000014c88 bltu a4, a0, 0x14cb0 [000000000001b5e0] memchr+0xbc
103976 0 M 0000000000014cb0 andi a1, a1, 255 [0000000000000000] memchr+0xe4
103976 1 M 0000000000014cb4 slliw a5, a1, 0x8 [0000000000000000] memchr+0xe8
103977 0 M 0000000000014cb8 add a5, a5, a1 [0000000000000000] memchr+0xec
103980 0 M 0000000000014cbc slli a6, a5, 0x10 [0000000000000000] memchr+0xf0
103981 0 M 0000000000014cc0 add a6, a6, a5 [0000000000000000] memchr+0xf4
103981 1 M 0000000000014cc4 lui a5, 0x7f7f8 [000000007f7f8000] memchr+0xf8
103982 0 M 0000000000014cc8 addi a5, a5, -129 [000000007f7f7f7f] memchr+0xfc
103982 1 M 0000000000014ccc slli a3, a6, 0x20 [0000000000000000] memchr+0x100
103983 0 M 0000000000014cd0 slli a1, a5, 0x20 [7f7f7f7f00000000] memchr+0x104
103983 1 M 0000000000014cd4 add a6, a6, a3 [0000000000000000] memchr+0x108
103984 0 M 0000000000014cd8 add a1, a1, a5 [7f7f7f7f7f7f7f7f] memchr+0x10c
103984 1 M 0000000000014cdc li a7, -1 [ffffffffffffffff] memchr+0x110
103985 1 M 0000000000014ce0 j 0x14cec [0000000000014ce4] memchr+0x114
103987 0 M 0000000000014cec ld a3, 0(a4) [6d00656c62697461] memchr+0x120
103989 0 M 0000000000014cf0 xor a3, a6, a3 [6d00656c62697461] memchr+0x124
103989 1 M 0000000000014cf4 and a5, a3, a1 [6d00656c62697461] memchr+0x128
103990 0 M 0000000000014cf8 add a5, a5, a1 [ec7fe4ebe1e8f3e0] memchr+0x12c
103993 0 M 0000000000014cfc or a5, a5, a3 [ed7fe5efe3e9f7e1] memchr+0x130
103994 0 M 0000000000014d00 or a5, a5, a1 [ff7fffffffffffff] memchr+0x134
103994 1 M 0000000000014d04 beq a5, a7, 0x14ce4 [ff7fffffffffffff] memchr+0x138
103995 0 M 0000000000014d08 lbu a5, 0(a4) [0000000000000061] memchr+0x13c
103995 1 M 0000000000014d0c mv a0, a4 [000000000001b5e0] memchr+0x140
103996 1 M 0000000000014d10 beq a5, t1, 0x14cac [0000000000000061] memchr+0x144
103997 0 M 0000000000014d14 lbu a5, 1(a4) [0000000000000074] memchr+0x148
103997 1 M 0000000000014d18 beq a5, t1, 0x14d70 [0000000000000074] memchr+0x14c
103998 0 M 0000000000014d1c lbu a5, 2(a4) [0000000000000069] memchr+0x150
103998 1 M 0000000000014d20 beq a5, t1, 0x14d78 [0000000000000069] memchr+0x154
103999 0 M 0000000000014d24 lbu a5, 3(a4) [0000000000000062] memchr+0x158
103999 1 M 0000000000014d28 beq a5, t1, 0x14d80 [0000000000000062] memchr+0x15c
104000 0 M 0000000000014d2c lbu a5, 4(a4) [000000000000006c] memchr+0x160
104000 1 M 0000000000014d30 beq a5, t1, 0x14d88 [000000000000006c] memchr+0x164
104001 0 M 0000000000014d34 lbu a5, 5(a4) [0000000000000065] memchr+0x168
104001 1 M 0000000000014d38 beq a5, t1, 0x14d68 [0000000000000065] memchr+0x16c
104002 0 M 0000000000014d3c lbu a5, 6(a4) [0000000000000000] memchr+0x170
104002 1 M 0000000000014d40 addi a0, a4, 7 [000000000001b5e7] memchr+0x174
104003 1 M 0000000000014d44 bne a5, t1, 0x14cac [0000000000000000] memchr+0x178
104003 0 M 0000000000014d48 addi a0, a4, 6 [000000000001b5e6] memchr+0x17c
104004 1 M 0000000000014d4c ret [0000000000014d50] memchr+0x180
104006 1 M 000000000000e404 beqz a0, 0xe4f0 [0000000000000000] fdt_get_string+0xfc
104007 1 M 000000000000e408 beqz s1, 0xe43c [0000000000000000] fdt_get_string+0x100
104007 0 M 000000000000e40c sub a0, a0, s0 [000000000000000a] fdt_get_string+0x104
104008 0 M 000000000000e410 sw a0, 0(s1) [000000000000000a] fdt_get_string+0x108
104010 0 M 000000000000e414 ld ra, 40(sp) [000000000000e5e4] fdt_get_string+0x10c
104010 1 M 000000000000e418 mv a0, s0 [000000000001b5dc] fdt_get_string+0x110
104011 0 M 000000000000e41c ld s0, 32(sp) [0000000000000050] fdt_get_string+0x114
104012 0 M 000000000000e420 ld s1, 24(sp) [000000000001a3d8] fdt_get_string+0x118
104012 1 M 000000000000e424 addi sp, sp, 48 [0000000000060130] fdt_get_string+0x11c
104013 1 M 000000000000e428 ret [000000000000e42c] fdt_get_string+0x120
104015 1 M 000000000000e5e4 beqz a0, 0xe5f0 [0000000000000000] fdt_get_property_namelen_+0xe8
104020 0 M 000000000000e5e8 lw a5, 12(sp) [000000000000000a] fdt_get_property_namelen_+0xec
104020 1 M 000000000000e5ec beq a5, s3, 0xe65c [000000000000000a] fdt_get_property_namelen_+0xf0
104027 0 M 000000000000e65c mv a2, s3 [000000000000000a] fdt_get_property_namelen_+0x160
104028 0 M 000000000000e660 mv a1, s6 [0000000000018858] fdt_get_property_namelen_+0x164
104028 1 M 000000000000e664 jal ra, 0x13e38 [000000000000e668] fdt_get_property_namelen_+0x168
104030 0 M 0000000000013e38 li a3, 7 [0000000000000007] memcmp+0x0
104030 1 M 0000000000013e3c bgeu a3, a2, 0x13e5c [0000000000000007] memcmp+0x4
104031 0 M 0000000000013e40 ld a4, 0(a0) [MISALIGNED LOAD 000000000001b5dc] memcmp+0x8
```
>From what I can see there were some small changes in `cpukit/dtc/libfdt`from 6.1 tag to now but it seems those broke the parsing.
--
View it on GitLab: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5383
You're receiving this email because of your account on gitlab.rtems.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/bugs/attachments/20251029/2116b00e/attachment-0001.htm>
More information about the bugs
mailing list