You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
3.2.0-rc1 built for HiKey960 with CFG_WITH_PAGER=y CFG_WITH_STATS=y COMPILE_S_KERNEL=32.
xtest 1001 triggers an assertion in bget create_free_block(). Symbolized call stack:
# xtest 1001
[...]
* regression_1001 Core self tests
E/TC:0 assertion 'bn->prevfree == 0' failed at lib/libutils/isoc/bget_malloc.c:386 <create_free_block>
E/TC:0 Panic at core/kernel/assert.c:28 <_assert_break>
E/TC:0 Call stack:
E/TC:0 0x3f003b4d print_kernel_stack at optee_os/core/arch/arm/kernel/unwind_arm32.c:413
E/TC:0 0x3f006989 __do_panic at optee_os/core/kernel/panic.c:30
E/TC:0 0x3f006843 _assert_break at optee_os/core/kernel/assert.c:28
E/TC:0 0x3f04ecfb create_free_block at optee_os/lib/libutils/isoc/bget_malloc.c:384
E/TC:0 0x3f04ef01 brel_before at optee_os/lib/libutils/isoc/bget_malloc.c:445
E/TC:0 0x3f03d9cd self_test_malloc at optee_os/core/arch/arm/pta/core_self_tests.c:376
E/TC:0 0x3f03a1ef pseudo_ta_enter_invoke_cmd at optee_os/core/arch/arm/kernel/pseudo_ta.c:195
E/TC:0 0x3f03f14b tee_ta_invoke_command at optee_os/core/kernel/tee_ta_manager.c:614
E/TC:0 0x3f03d297 entry_invoke_command at optee_os/core/arch/arm/tee/entry_std.c:360
E/TC:0 0x3f03ac3b __thread_std_smc_entry at optee_os/core/arch/arm/kernel/thread.c:591
E/TC:0 0x3f001888 thread_std_smc_entry at optee_os/core/arch/arm/kernel/thread_a32.S:361
The call stack is a bit weird due to optimization I suppose (self_test_malloc() does not call brel_before() directly obviously, only through memalign() -> raw_memalign()). But, with optimization set at -O0 I get a panic much earlier due to not enough memory it seems. [Edit: irrelevant stack trace deleted]
The text was updated successfully, but these errors were encountered:
Hi @jforissier , I observed similar issue, although in different place. It was caused by use-after-free in TA loader. Relevant fix was merged, so looks like you have spotted another problem.
Thanks @lorc. I tried tracing allocations and de-allocations but as soon as I change the slightest thing I can't reproduce the bug. Even changing the compiler version makes the problem disappear. I'm afraid this one will be tricky to debug :(
jforissier
changed the title
HiKey960: assertion in bget create_free_block()
HiKey960: assertion in bget create_free_block() [memalign() self-test]
Jul 4, 2018
This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.
3.2.0-rc1 built for HiKey960 with
CFG_WITH_PAGER=y CFG_WITH_STATS=y COMPILE_S_KERNEL=32
.xtest 1001 triggers an assertion in bget
create_free_block()
. Symbolized call stack:The call stack is a bit weird due to optimization I suppose (
self_test_malloc()
does not callbrel_before()
directly obviously, only throughmemalign()
->raw_memalign()
). But, with optimization set at-O0
I get a panic much earlier due to not enough memory it seems. [Edit: irrelevant stack trace deleted]The text was updated successfully, but these errors were encountered: