STM32F756 jumps unknown address "BX LR"

Question

Hello everyone,I and my collegue have more than 20 years experience on embedded desing with MCUs. We have a problem which we haven't seen this kind of problem before. I guess someone can help us in here.MCU: STM32F756IDE: Project created from cubeMX and toughgfx, coded from IARThe main problem is our code jumps unknown address. We have custom bootloader, it runs first and jumps application. After it jumps user application, we initialize every peripherals again. We start freeRTOS kernel and toughgfx task. Actually the code runs well but, sometimes it couldn't run after user application starts.When we dig on it, we saw the code try to jump unknown address which is not on address space. (We get Hard fault or Bus fault or Mem Fault exeption)Anyway, we decided to remove bootloader and try to user code alone. At that moment the code started to do same thing at same location.The code starts from Reset_Handler, initializes stack pointer, goes to SystemInit, iar_program_start and jumps main.You can see the main code below. The code jumps unknown address from inside HAL_Init(). This is the main code starts as simple as possible. Here is the debug pictures: It jumps to HAL_Init() function and then HAL_TickInit() function. Then it goes to HAL_NVIC_EanbleIRQ function after system tick timer initialized. And it goes to NVIC_Enable function. Finally it reaches NVIC->ISER[(((uint32_t)IRQn) >> 5UL)] = (uint32_t)(1UL << (((uint32_t)IRQn) & 0x1FUL));At that moment we continue to single step on disassembly window. We saw everything is ok on CPU Registers But when we go single step at "BX LR", it jumps unknown address.Actually there was return address on LR register (0x08032a4d) and we were hopping to jump this address in LR, but it jumps unknown address. At this moment IAR fault exception viewer says "A bus fault occurred on an instruction prefetch (CFSR.IBUSERR, BFAR)...". MCU voltages are stable, VCAP voltages are stables. PDR_ON pin = 1, BYPASS_REG pin=0. Boot0 pin=0. We checked it with ST Link and also JLink, same things happened.Thanks for all for any suggestion.

Epamuk · Accepted Answer

Hi I had same problem and I solved it. I highley recommend you review the following document.

https://www.st.com/resource/en/errata_sheet/es0290-stm32f74xxx-and-stm32f75xxx-device-limitations-stmicroelectronics.pdf

Cortex M7 have some limitations. Some of theese have solutions , some doesnt, so You have to find another way to solve problem.

Especially you have to look

CORE -> Cortex-M7 data corruption when using Data cache configured in write-through

FMC

QUADSPI

sections.

Best luck

Tesla DeLorean · Answer

So likely going to the IRQ Handler, and that's trashing the stack.

Most likely the one you're enabling.

Check stack depth, auto/local variables, context switching if you're doing any of that.

Any subroutine/function that calls something else, pushes LR first, typically in the prologue, and popping PC in the epilogue.

The 0xFFFFFFF9 is a call-gate, lets the fault/handler know which stack to pull return context from.

I prefer to dump as many registers as I can, the stack, and the instruction stream

https://github.com/cturvey/RandomNinjaChef/blob/main/KeilHardFault.c

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded