Galaxy Nexus (I9250) Serial Console

Serial console

See SamsungSerial for the setup.

When you connect the cable you get the FIQ debugger, but what if you want kgdb instead:
  • apply that patch:
    diff --git a/arch/arm/mach-omap2/board-tuna.c b/arch/arm/mach-omap2/board-tuna.c
    index a022a43..7098227 100644
    --- a/arch/arm/mach-omap2/board-tuna.c
    +++ b/arch/arm/mach-omap2/board-tuna.c
    @@ -1001,6 +1001,8 @@ static inline void __init board_serial_init(void)
            omap_serial_init_port_pads(0, uart1_pads, uart1_pads_sz, NULL);
            omap_serial_init_port_pads(1, tuna_uart2_pads,
                    ARRAY_SIZE(tuna_uart2_pads), &tuna_uart2_info);
    +       omap_serial_init_port_pads(2,tuna_uart3_pads,
    +               ARRAY_SIZE(tuna_uart3_pads), NULL);
            omap_serial_init_port_pads(3, tuna_uart4_pads,
                                       ARRAY_SIZE(tuna_uart4_pads), NULL);
  • remove the FIQ debugger in the kernel configuration.
  • change the CMDLINE trough the kernel configuration:
    CONFIG_CMDLINE="console=ttyO2 androidboot.console=ttyO2 [...]"

    Instead of:
    CONFIG_CMDLINE="console=ttyFIQ0 androidboot.console=ttyFIQ0 [...]"
  • Verify that you get the kernel messages.


  • Then change the cmdline for kgdb
    CONFIG_CMDLINE="kgdboc=ttyO2,115200 console=ttyO2 androidboot.console=ttyO2 [...]" 

Don't add kgdbwait tough because it result in that:

(gdb) set remotebaud 115200
(gdb) target remote /dev/ttyUSB0
/dev/ttyUSB0: Device or resource busy.
(gdb) target remote /dev/ttyUSB0
Remote debugging using /dev/ttyUSB0
kgdb_breakpoint ()
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/debug/debug_core.c:954
954        arch_kgdb_breakpoint();
(gdb) c

Program received signal SIGSEGV, Segmentation fault.
__raw_spin_lock_irqsave (lock=0x288)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/spinlock.c:112
112    BUILD_LOCK_OPS(spin, raw_spinlock);
(gdb) bt
#0  __raw_spin_lock_irqsave (lock=0x288)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/spinlock.c:112
#1  0xc061aecc in _raw_spin_lock_irqsave (lock=0x288)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/spinlock.c:145
#2  0xc0098620 in try_to_wake_up (p=0x0, state=1611595795, wake_flags=1)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/sched.c:2681
#3  0xc009897c in wake_up_process (p=0x288)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/sched.c:2785
#4  0xc00e2090 in proc_dohung_task_timeout_secs (table=<value optimized out>, write=<value optimized out>, 
    buffer=<value optimized out>, lenp=<value optimized out>, ppos=0xc782bf70)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/hung_task.c:190
#5  0xc0174178 in proc_sys_call_handler (filp=<value optimized out>, buf=0x24808, count=1, ppos=0xc782bf70, 
    write=1) at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/proc/proc_sysctl.c:158
#6  0xc01741b0 in proc_sys_write (filp=0x288, buf=0x600f0013 <Address 0x600f0013 out of bounds>, count=1, 
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/proc/proc_sysctl.c:176
#7  0xc0126420 in vfs_write (file=0xc73be500, buf=0x24808 "0", count=<value optimized out>, pos=0xc782bf70)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/read_write.c:377
#8  0xc0126590 in sys_write (fd=<value optimized out>, buf=0x24808 "0", count=1)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/read_write.c:429
#9  0xc0055a00 in ?? ()
Cannot access memory at address 0x0
#10 0xc0055a00 in ?? ()
Cannot access memory at address 0x0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

  • disable the watchdog timer in the kernel, and recompile it and reflash the boot.img.

then open a root console and do:

echo g > /proc/sysrq-trigger

gnutoo@gnutoo-laptop:~/embedded/android/replicant-4.0$ . build/ 
including device/ti/panda/
including vendor/replicant/
including sdk/bash_completion/adb.bash
gnutoo@gnutoo-laptop:~/embedded/android/replicant-4.0$ lunch replicant_maguro-eng


gnutoo@gnutoo-laptop:~/embedded/android/replicant-4.0$ arm-linux-androideabi-gdb
GNU gdb (GDB) 7.1-android-gg2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying" 
and "show warranty" for details.
This GDB was configured as "--host=i686-linux-gnu --target=arm-elf-linux".
For bug reporting instructions, please see:
(gdb) file /home/gnutoo/embedded/android/replicant-4.0/out/target/product/maguro/obj/KERNEL_OBJ/vmlinux
Reading symbols from /home/gnutoo/embedded/android/replicant-4.0/out/target/product/maguro/obj/KERNEL_OBJ/vmlinux...done.
(gdb) set remotebaud 115200
(gdb) target remote /dev/ttyUSB0
Remote debugging using /dev/ttyUSB0
kgdb_breakpoint ()
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/debug/debug_core.c:954
954        arch_kgdb_breakpoint();
(gdb) bt
#0  kgdb_breakpoint ()
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/debug/debug_core.c:954
#1  0xc00df764 in sysrq_handle_dbg (key=-29306880)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/debug/debug_core.c:745
#2  0xc02f2e18 in __handle_sysrq (key=103, check_mask=false)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/drivers/tty/sysrq.c:522
#3  0xc02f2ec4 in write_sysrq_trigger (file=<value optimized out>, buf=<value optimized out>, count=2, 
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/drivers/tty/sysrq.c:870
#4  0xc016ba88 in proc_reg_write (file=0xc49ea3c0, buf=0x137fc84 "g\n\f@", count=2, ppos=0xc4a01f70)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/proc/inode.c:200
#5  0xc0126420 in vfs_write (file=0xc49ea3c0, buf=0x137fc84 "g\n\f@", count=<value optimized out>, 
    pos=0xc4a01f70) at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/read_write.c:377
#6  0xc0126590 in sys_write (fd=<value optimized out>, buf=0x137fc84 "g\n\f@", count=2)
    at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/read_write.c:429
#7  0xc0055a00 in ?? ()
Cannot access memory at address 0x0
#8  0xc0055a00 in ?? ()
Cannot access memory at address 0x0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Multiplexing the serial port

since we have only 1 serial port, you can also use agent proxy to get kgdb and the console at the same time....

git clone git://
cd agent-proxy ; make

Root on serial port

  • Modify system/su/su.c:
    diff --git a/su.c b/su.c
    index d36eaed..51137d4 100644
    --- a/su.c
    +++ b/su.c
    @@ -494,11 +494,13 @@ int main(int argc, char *argv[])
    +#if 0
             // disallow su in a shell if appropriate
             if (ctx.from.uid == AID_SHELL && (atoi(enabled) == 1)) {
                 LOGE("Root access is disabled by a system setting - enable it under settings -> developer options");
         if (ctx.from.uid == AID_ROOT || ctx.from.uid == AID_SHELL)
  • adb push it to /system/xbin/su
  • remove /system/bin/su
  • chmod +s it:
    busybox chmod +s /system/xbin/su


  • reliable rebugging (right now it breaks on the wrong line)
  • phone that doesn't power off screen while debugging...