Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HiKey960: assertion in bget create_free_block() [memalign() self-test] #2414

Closed
jforissier opened this issue Jun 21, 2018 · 3 comments
Closed

HiKey960: assertion in bget create_free_block() [memalign() self-test] #2414

jforissier opened this issue Jun 21, 2018 · 3 comments
Labels
Stale

Comments

@jforissier
Copy link
Contributor

jforissier commented Jun 21, 2018
edited

3.2.0-rc1 built for HiKey960 with CFG_WITH_PAGER=y CFG_WITH_STATS=y COMPILE_S_KERNEL=32.
xtest 1001 triggers an assertion in bget create_free_block(). Symbolized call stack:

# xtest 1001
[...]
* regression_1001 Core self tests
E/TC:0 assertion 'bn->prevfree == 0' failed at lib/libutils/isoc/bget_malloc.c:386 <create_free_block>
E/TC:0 Panic at core/kernel/assert.c:28 <_assert_break>
E/TC:0 Call stack:
E/TC:0  0x3f003b4d print_kernel_stack at optee_os/core/arch/arm/kernel/unwind_arm32.c:413
E/TC:0  0x3f006989 __do_panic at optee_os/core/kernel/panic.c:30
E/TC:0  0x3f006843 _assert_break at optee_os/core/kernel/assert.c:28
E/TC:0  0x3f04ecfb create_free_block at optee_os/lib/libutils/isoc/bget_malloc.c:384
E/TC:0  0x3f04ef01 brel_before at optee_os/lib/libutils/isoc/bget_malloc.c:445
E/TC:0  0x3f03d9cd self_test_malloc at optee_os/core/arch/arm/pta/core_self_tests.c:376
E/TC:0  0x3f03a1ef pseudo_ta_enter_invoke_cmd at optee_os/core/arch/arm/kernel/pseudo_ta.c:195
E/TC:0  0x3f03f14b tee_ta_invoke_command at optee_os/core/kernel/tee_ta_manager.c:614
E/TC:0  0x3f03d297 entry_invoke_command at optee_os/core/arch/arm/tee/entry_std.c:360
E/TC:0  0x3f03ac3b __thread_std_smc_entry at optee_os/core/arch/arm/kernel/thread.c:591
E/TC:0  0x3f001888 thread_std_smc_entry at optee_os/core/arch/arm/kernel/thread_a32.S:361

The call stack is a bit weird due to optimization I suppose (self_test_malloc() does not call brel_before() directly obviously, only through memalign() -> raw_memalign()). But, with optimization set at -O0 I get a panic much earlier due to not enough memory it seems. [Edit: irrelevant stack trace deleted]
@lorc
Copy link
Contributor

lorc commented Jun 21, 2018

Hi @jforissier , I observed similar issue, although in different place. It was caused by use-after-free in TA loader. Relevant fix was merged, so looks like you have spotted another problem.

@jforissier
Copy link
Contributor Author

Thanks @lorc. I tried tracing allocations and de-allocations but as soon as I change the slightest thing I can't reproduce the bug. Even changing the compiler version makes the problem disappear. I'm afraid this one will be tricky to debug :(

@jforissier jforissier mentioned this issue Jun 27, 2018
Merged
@lorc lorc mentioned this issue Jun 29, 2018
Closed
@jforissier jforissier mentioned this issue Jul 3, 2018
Closed
@jforissier jforissier changed the title HiKey960: assertion in bget create_free_block() HiKey960: assertion in bget create_free_block() [memalign() self-test] Jul 4, 2018
@github-actions
Copy link

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

@github-actions github-actions bot added the Stale label Jan 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lorc @jforissier