SIGILL Illegal Instruction Problem

Question to the folks at NXP:

I was wondering if anyone using the i.MX6 has seen problems where a SIGILL illegal operand instruction was generated while running various Qt 5.6 demos that utilize OpenGL?

Is the Vivante GPU driver blob compiled with Thumb instructions enabled?

When running the Qt5 CinematicExperience demo, which demonstrates Qt Quick 2 and OpenGL features, I kept getting a SIGILL instruction at some point after the program was running.

One example stacktrace I had:

# ./CinematicExperience-demo

QEglFSVivIntegration will set environment variable FB_MULTI_BUFFER=2 to enable double buffering and vsync.

If this is not desired, you can override this via: export QT_EGLFS_IMX6_NO_FB_MULTI_BUFFER=1

Unable to query physical screen size, defaulting to 100 dpi.

To override, set QT_QPA_EGLFS_PHYSICAL_WIDTH and QT_QPA_EGLFS_PHYSICAL_HEIGHT (in millimeters).

[ 169.029881] Qt5_CinematicEx (166): undefined instruction: pc=6a75c886

[ 169.036343] CPU: 0 PID: 166 Comm: Qt5_CinematicEx Tainted: G O 4.1.15 #1

[ 169.045122] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)

[ 169.051840] task: a87d9400 ti: a8572000 task.ti: a8572000

[ 169.057255] PC is at 0x6a75c886

[ 169.060841] LR is at 0x75ab82c8

[ 169.063998] pc : [<6a75c886>] lr : [<75ab82c8>] psr: 800b0030

[ 169.063998] sp : 7ee3b7d8 ip : 7ffa0000 fp : 6a9013e0

[ 169.075903] r10: 01e80318 r9 : 00000000 r8 : 00000000

[ 169.081171] r7 : 7ee3b820 r6 : 01e80318 r5 : 00000000 r4 : 76122070

[ 169.087705] r3 : a8e15c00 r2 : a8e15c00 r1 : 40000000 r0 : 00000000

[ 169.094630] Flags: Nzcv IRQs on FIQs on Mode USER_32 ISA Thumb Segment user

[ 169.102068] Control: 10c5387d Table: 38844059 DAC: 00000015

[ 169.107829] Code: f3afbf00 f0008000 ec41b857 e0010b18 (8b14ed1b)

Illegal instruction (core dumped)[ 169.233354] Qt5_CinematicEx (166) used greatest stack depth: 4792 bytes left

One thing I thought was interesting was that the Instruction Set Architecture was set to Thumb, which none of the code that I compile is using, since I'm building everything from scratch in Buildroot using the ARM instruction set only.

So that got me wondering whether the code I was tripping over was coming from the precompiled GPU driver blob or associated tools?

# ./qml_example_app

QEglFSVivIntegration will set environment variable FB_MULTI_BUFFER=2 to enable double buffering and vsync.

If this is not desired, you can override this via: export QT_EGLFS_IMX6_NO_FB_MULTI_BUFFER=1

Unable to query physical screen size, defaulting to 100 dpi.

To override, set QT_QPA_EGLFS_PHYSICAL_WIDTH and QT_QPA_EGLFS_PHYSICAL_HEIGHT (in millimeters).

[ 641.895299] qml_example_app (325): undefined instruction: pc=68ca2c64

[ 641.901971] CPU: 0 PID: 325 Comm: qml_example_app Tainted: G O 4.1.15 #1

[ 641.910714] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)

[ 641.917259] task: a8563c00 ti: a8090000 task.ti: a8090000

[ 641.923015] PC is at 0x68ca2c64

[ 641.926170] LR is at 0x75e2b1a0

[ 641.929318] pc : [<68ca2c64>] lr : [<75e2b1a0>] psr: 600e0030

[ 641.929318] sp : 7ece9a10 ip : 7ffe4000 fp : 698013d8

[ 641.941267] r10: 00a535b8 r9 : 00000000 r8 : 00000000

[ 641.946503] r7 : 7ece9a50 r6 : 00a535b8 r5 : 00000000 r4 : 760d7070

[ 641.953337] r3 : c70d9800 r2 : c70d9800 r1 : 7ffe0000 r0 : 6a17d640

[ 641.959902] Flags: nZCv IRQs on FIQs on Mode USER_32 ISA Thumb Segment user

[ 641.967305] Control: 10c5387d Table: 38860059 DAC: 00000015

[ 641.973451] Code: cc38f84b 0c00f244 7cfef6c7 cc34f84b (0b12ed1b)

Illegal instruction (core dumped)[ 642.132461] qml_example_app (325) used greatest stack depth: 4848 bytes left

# gdb ./qml_example_app core

GNU gdb (GDB) 7.9.1

Copyright (C) 2015 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law. Type "show copying"

and "show warranty" for details.

This GDB was configured as "arm-unu-linux-gnueabihf".

Type "show configuration" for configuration details.

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>.

Find the GDB manual and other documentation resources online at:

<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".

Type "apropos word" to search for commands related to "word"...

Reading symbols from ./qml_example_app...(no debugging symbols found)...done.

warning: core file may not match specified executable file.

[New LWP 325]

[New LWP 326]

[New LWP 327]

[New LWP 331]

warning: Could not load shared library symbols for linux-vdso.so.1.

Do you need "set solib-search-path" or "set sysroot"?

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib/libthread_db.so.1".

Core was generated by `./qml_example_app'.

Program terminated with signal SIGILL, Illegal instruction.

#0 0x68ca2c64 in ?? ()

(gdb) bt

#0 0x68ca2c64 in ?? ()

#1 0x75e2b1a0 in QQmlVMEMetaObject::readVarProperty(int) ()

  from /usr/lib/libQt5Qml.so.5

Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Now I did actually find a solution to the problem, which (I believe) is to enable support for Thumb instruction set binaries in user mode. I don't know if this was part of the kernel imx6_imx7_defconfig, but it took me about a week to figure this out as the root cause. But I don't know why there's any Thumb code in any of my user-space binaries.

The current software settings I'm using in Buildroot are:

• gcc / g++ 5.3.0
• ARM EABI hard-float
• NEON is disabled at the moment
• Linux 4.1.5 GA (sources from the Freescale git repo)
• glibc 2.22
• binutils 2.25.1
• Qt 5.6.0