aarch64/tcg crash with malloc(): unsorted double linked list corrupted
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Expired
|
Undecided
|
Unassigned |
Bug Description
Based on commit b29c3e23f649387
QEMU configured with --enable-debug --extra-
Download Raspberry Pi 3 UEFI Firmware v1.15 from:
https:/
(unzip RPi3_UEFI_
Run QEMU with:
$ qemu-system-aarch64 -M raspi3 \
-serial null -serial stdio \
-device loader,
Normal behavior:
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v2.1(release):v2.1
NOTICE: BL1: Built : 15:26:06, May 13 2019
NOTICE: rpi3: Detected: Raspberry Pi 3 Model B (1GB, Sony, UK) [0x00a02082]
NOTICE: BL1: Booting BL2
ERROR: rpi3_sdhost: timeout status 0x40
NOTICE: BL2: v2.1(release):v2.1
NOTICE: BL2: Built : 15:26:01, May 13 2019
NOTICE: BL1: Booting BL31
NOTICE: BL31: v2.1(release):v2.1
NOTICE: BL31: Built : 15:26:04, May 13 2019
=UEFI firmware (version UEFI Firmware v1.15 built at 11:58:44 on Feb 14 2020)
========
Synchronous Exception at 0x0000000037A1A4E8
But I sometimes get:
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v2.1(release):v2.1
NOTICE: BL1: Built : 15:26:06, May 13 2019
NOTICE: rpi3: Detected: Raspberry Pi 3 Model B (1GB, Sony, UK) [0x00a02082]
NOTICE: BL1: Booting BL2
ERROR: rpi3_sdhost: timeout status 0x40
NOTICE: BL2: v2.1(release):v2.1
NOTICE: BL2: Built : 15:26:01, May 13 2019
NOTICE: BL1: Booting BL31
NOTICE: BL31: v2.1(release):v2.1
NOTICE: BL31: Built : 15:26:04, May 13 2019
=UEFI firmware (version UEFI Firmware v1.15 built at 11:58:44 on Feb 14 2020)
========malloc(): unsorted double linked list corrupted
Thread 3 "qemu-system-aar" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffe9c22700 (LWP 22746)]
0x00007ffff515ce35 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff515ce35 in raise () at /lib64/libc.so.6
#1 0x00007ffff5147895 in abort () at /lib64/libc.so.6
#2 0x00007ffff51a008f in __libc_message () at /lib64/libc.so.6
#3 0x00007ffff51a740c in () at /lib64/libc.so.6
#4 0x00007ffff51aa48c in _int_malloc () at /lib64/libc.so.6
#5 0x00007ffff51aad4e in _int_memalign () at /lib64/libc.so.6
#6 0x00007ffff51abdda in _mid_memalign () at /lib64/libc.so.6
#7 0x00007ffff51ad3c6 in posix_memalign () at /lib64/libc.so.6
#8 0x00007ffff7be2407 in slab_allocator_
#9 0x00007ffff7be3573 in g_slice_alloc () at /lib64/
#10 0x00007ffff7bf410a in g_tree_
#11 0x0000555555853f10 in tcg_tb_insert (tb=0x7fffd44b4d80 <code_gen_
#12 0x00005555558dbe3d in tb_gen_code (cpu=0x555556af
#13 0x00005555558d7c73 in tb_find (cpu=0x555556af
#14 0x00005555558d8543 in cpu_exec (cpu=0x555556af
#15 0x00005555558981e1 in tcg_cpu_exec (cpu=0x555556af
#16 0x0000555555898a37 in qemu_tcg_
#17 0x0000555556057af8 in qemu_thread_start (args=0x5555575
#18 0x00007ffff52f34c0 in start_thread () at /lib64/
#19 0x00007ffff5221163 in clone () at /lib64/libc.so.6
Changed in qemu: | |
status: | New → Incomplete |
Maybe the same problem we had with U-boot, the SoC starts with only 1 core enabled.
I'm now trying with `-global bcm2836. enabled- cpus=1` .