Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix sim:bluetooth compiler error #18

Merged
merged 1 commit into from
Dec 31, 2019

Conversation

xiaoxiang781216
Copy link
Contributor

wireless/bluetooth/bt_null.c:274:10: warning: implicit declaration of function 'bt_driver_register'; did you mean 'bt_netdev_register'? [-Wimplicit-function-declaration]
return bt_driver_register(&g_bt_null);

sim_bringup.c:324:9: error: too few arguments to function 'bt_netdev_register'
ret = bt_netdev_register();

Change-Id: I61bab23e6b1d6aa70e6c2da03f345f8d0701d862
Signed-off-by: Xiang Xiao xiaoxiang@xiaomi.com

wireless/bluetooth/bt_null.c:274:10: warning: implicit declaration of function 'bt_driver_register'; did you mean 'bt_netdev_register'? [-Wimplicit-function-declaration]
   return bt_driver_register(&g_bt_null);

sim_bringup.c:324:9: error: too few arguments to function 'bt_netdev_register'
   ret = bt_netdev_register();

Change-Id: I61bab23e6b1d6aa70e6c2da03f345f8d0701d862
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
@patacongo patacongo merged commit 3187dde into apache:master Dec 31, 2019
@xiaoxiang781216 xiaoxiang781216 deleted the fix-buildbreak branch December 31, 2019 16:40
xiaoxiang781216 referenced this pull request in xiaoxiang781216/incubator-nuttx Dec 31, 2019
wireless/bluetooth/bt_null.c:274:10: warning: implicit declaration of function 'bt_driver_register'; did you mean 'bt_netdev_register'? [-Wimplicit-function-declaration]

   return bt_driver_register(&g_bt_null);

sim_bringup.c:324:9: error: too few arguments to function 'bt_netdev_register'

   ret = bt_netdev_register();
anchao added a commit to anchao/nuttx that referenced this pull request Jun 15, 2020
ASAN trace:
...
==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8
WRITE of size 1 at 0xf4502120 thread T0
    #0 0x56673ca2 in strcpy string/lib_strcpy.c:64

0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120)
allocated by thread T0 here:
    #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54)
    #1 0x5667725d in up_create_stack sim/up_createstack.c:135
    #2 0x56657ed8 in nxthread_create task/task_create.c:125
    #3 0x566580bb in kthread_create task/task_create.c:297
    #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149
    #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181
    #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436
    apache#7 0x56656e95 in nx_start init/nx_start.c:809
    apache#8 0x566548d4 in main sim/up_head.c:95
    apache#9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)

CALLSTACK:
    apache#8  0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4
    apache#9  0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64
    apache#10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570
    apache#11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714
    apache#12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143
    apache#13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297
    apache#14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149
    apache#15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181
    apache#16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436
    apache#17 0x565e3d96 in nx_start () at init/nx_start.c:809
    apache#18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95

Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac
Signed-off-by: chao.an <anchao@xiaomi.com>
patacongo pushed a commit that referenced this pull request Jun 15, 2020
ASAN trace:
...
==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8
WRITE of size 1 at 0xf4502120 thread T0
    #0 0x56673ca2 in strcpy string/lib_strcpy.c:64

0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120)
allocated by thread T0 here:
    #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54)
    #1 0x5667725d in up_create_stack sim/up_createstack.c:135
    #2 0x56657ed8 in nxthread_create task/task_create.c:125
    #3 0x566580bb in kthread_create task/task_create.c:297
    #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149
    #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181
    #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436
    #7 0x56656e95 in nx_start init/nx_start.c:809
    #8 0x566548d4 in main sim/up_head.c:95
    #9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)

CALLSTACK:
    #8  0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4
    #9  0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64
    #10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570
    #11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714
    #12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143
    #13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297
    #14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149
    #15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181
    #16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436
    #17 0x565e3d96 in nx_start () at init/nx_start.c:809
    #18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95

Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac
Signed-off-by: chao.an <anchao@xiaomi.com>
donghengqaz pushed a commit to donghengqaz/incubator-nuttx that referenced this pull request Jul 20, 2020
…_component

Feature/esp add esp32 wifi component
anchao added a commit to anchao/nuttx that referenced this pull request Dec 14, 2020
Deadlock during recursive access if unionfs overlays procfs,
check the critical segment only and remove the useless protection part.

|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
...
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026

original call stack:
(gdb) bt
|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
|#1  0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119
|#2  0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90
|#3  0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193
|#4  0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169
|#5  0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026
|apache#8  0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110
|apache#9  0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175
|apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206
|apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116
|apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73
|apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061
|apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741
|apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578
|apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662
|apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191
|apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115
|apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168
|apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165
|apache#21 0x08049713 in nxtask_start () at task/task_start.c:144
|apache#22 0x00000000 in ?? ()

Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca
Signed-off-by: chao.an <anchao@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Dec 14, 2020
Deadlock during recursive access if unionfs overlays procfs,
check the critical segment only and remove the useless protection part.

|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
...
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026

original call stack:
(gdb) bt
|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
|#1  0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119
|#2  0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90
|#3  0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193
|#4  0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169
|#5  0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026
|apache#8  0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110
|apache#9  0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175
|apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206
|apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116
|apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73
|apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061
|apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741
|apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578
|apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662
|apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191
|apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115
|apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168
|apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165
|apache#21 0x08049713 in nxtask_start () at task/task_start.c:144
|apache#22 0x00000000 in ?? ()

Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca
Signed-off-by: chao.an <anchao@xiaomi.com>
xiaoxiang781216 pushed a commit that referenced this pull request Dec 15, 2020
Deadlock during recursive access if unionfs overlays procfs,
check the critical segment only and remove the useless protection part.

|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
...
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026

original call stack:
(gdb) bt
|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
|#1  0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119
|#2  0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90
|#3  0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193
|#4  0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169
|#5  0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537
|#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026
|#8  0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110
|#9  0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175
|#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206
|#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116
|#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73
|#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061
|#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741
|#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578
|#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662
|#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191
|#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115
|#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168
|#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165
|#21 0x08049713 in nxtask_start () at task/task_start.c:144
|#22 0x00000000 in ?? ()

Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca
Signed-off-by: chao.an <anchao@xiaomi.com>
GUIDINGLI added a commit to GUIDINGLI/incubator-nuttx that referenced this pull request Mar 25, 2022
VELAPLATFO-1942

-apache#9  0xf7abf899 in __asan::__asan_report_load2 (addr=4072681776) at ../../../../../src/libsanitizer/asan/asan_rtl.cc:117
-apache#10 0x5693f718 in inode_release (node=0xf2c03124) at inode/fs_inoderelease.c:69
-apache#11 0x568ea61b in file_close (filep=0xf55fedd0) at vfs/fs_close.c:79
-apache#12 0x568e7e56 in nx_close (fd=3) at inode/fs_files.c:528
-apache#13 0x568e7f0e in close (fd=3) at inode/fs_files.c:562
-apache#14 0x56e76c39 in epoll_close (epfd=3) at vfs/fs_epoll.c:252
-apache#15 0x56c33829 in sensor_service_delete (ctrl=0x578b8540 <control>) at src/common.c:439
-apache#16 0x56a0561e in sensor_middle_service_main (argc=1, argv=0xf55de820) at sensor_main.c:118
-apache#17 0x56878675 in nxtask_startup (entrypt=0x56a054cc <sensor_middle_service_main>, argc=1, argv=0xf55de820) at sched/task_startup.c:70
-apache#18 0x5684427a in nxtask_start () at task/task_start.c:133
-apache#19 0xdeadbeef in ?? ()

reason:
epoll_close -> close -> epoll_do_close (free inode)
                     -> inode_release  (reuse inode, crash)

fix:
use the global inode to match the fd which will return to user.
like the g_sock_inode in fs/socket/socket.c

Change-Id: I0096ac691ce9cf4169d1fb8bfa6d27a8c1ee7d52
Signed-off-by: ligd <liguiding1@xiaomi.com>
GUIDINGLI added a commit to GUIDINGLI/incubator-nuttx that referenced this pull request Mar 25, 2022
-apache#9  0xf7abf899 in __asan::__asan_report_load2 (addr=4072681776) at ../../../../../src/libsanitizer/asan/asan_rtl.cc:117
-apache#10 0x5693f718 in inode_release (node=0xf2c03124) at inode/fs_inoderelease.c:69
-apache#11 0x568ea61b in file_close (filep=0xf55fedd0) at vfs/fs_close.c:79
-apache#12 0x568e7e56 in nx_close (fd=3) at inode/fs_files.c:528
-apache#13 0x568e7f0e in close (fd=3) at inode/fs_files.c:562
-apache#14 0x56e76c39 in epoll_close (epfd=3) at vfs/fs_epoll.c:252
-apache#15 0x56c33829 in sensor_service_delete (ctrl=0x578b8540 <control>) at src/common.c:439
-apache#16 0x56a0561e in sensor_middle_service_main (argc=1, argv=0xf55de820) at sensor_main.c:118
-apache#17 0x56878675 in nxtask_startup (entrypt=0x56a054cc <sensor_middle_service_main>, argc=1, argv=0xf55de820) at sched/task_startup.c:70
-apache#18 0x5684427a in nxtask_start () at task/task_start.c:133
-apache#19 0xdeadbeef in ?? ()

reason:
epoll_close -> close -> epoll_do_close (free inode)
                     -> inode_release  (reuse inode, crash)

fix:
use the global inode to match the fd which will return to user.
like the g_sock_inode in fs/socket/socket.c

Signed-off-by: ligd <liguiding1@xiaomi.com>
pkarashchenko pushed a commit that referenced this pull request Mar 27, 2022
-#9  0xf7abf899 in __asan::__asan_report_load2 (addr=4072681776) at ../../../../../src/libsanitizer/asan/asan_rtl.cc:117
-#10 0x5693f718 in inode_release (node=0xf2c03124) at inode/fs_inoderelease.c:69
-#11 0x568ea61b in file_close (filep=0xf55fedd0) at vfs/fs_close.c:79
-#12 0x568e7e56 in nx_close (fd=3) at inode/fs_files.c:528
-#13 0x568e7f0e in close (fd=3) at inode/fs_files.c:562
-#14 0x56e76c39 in epoll_close (epfd=3) at vfs/fs_epoll.c:252
-#15 0x56c33829 in sensor_service_delete (ctrl=0x578b8540 <control>) at src/common.c:439
-#16 0x56a0561e in sensor_middle_service_main (argc=1, argv=0xf55de820) at sensor_main.c:118
-#17 0x56878675 in nxtask_startup (entrypt=0x56a054cc <sensor_middle_service_main>, argc=1, argv=0xf55de820) at sched/task_startup.c:70
-#18 0x5684427a in nxtask_start () at task/task_start.c:133
-#19 0xdeadbeef in ?? ()

reason:
epoll_close -> close -> epoll_do_close (free inode)
                     -> inode_release  (reuse inode, crash)

fix:
use the global inode to match the fd which will return to user.
like the g_sock_inode in fs/socket/socket.c

Signed-off-by: ligd <liguiding1@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Aug 1, 2022
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.

|  (gdb) bt
|  #0  kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
|  #1  0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
|  #2  0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
|  #3  0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
|  #4  0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
|  #5  0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
|  #6  0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
|  apache#7  0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
|  apache#8  0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
|  apache#9  0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
|  apache#10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
|  apache#11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
|  apache#12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
|  apache#13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
|  apache#14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
|  apache#15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
|  apache#16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
|  apache#17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
|  apache#18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
|  apache#19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
|  apache#20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
|  apache#21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
|  apache#22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
|  apache#23 0x0000000000000000 in ?? ()

Signed-off-by: chao.an <anchao@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Aug 1, 2022
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.

|  (gdb) bt
|  #0  kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
|  #1  0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
|  #2  0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
|  #3  0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
|  #4  0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
|  #5  0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
|  #6  0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
|  apache#7  0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
|  apache#8  0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
|  apache#9  0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
|  apache#10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
|  apache#11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
|  apache#12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
|  apache#13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
|  apache#14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
|  apache#15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
|  apache#16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
|  apache#17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
|  apache#18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
|  apache#19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
|  apache#20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
|  apache#21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
|  apache#22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
|  apache#23 0x0000000000000000 in ?? ()

Signed-off-by: chao.an <anchao@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Aug 1, 2022
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.

|  (gdb) bt
|  #0  kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
|  #1  0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
|  #2  0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
|  #3  0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
|  #4  0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
|  #5  0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
|  #6  0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
|  apache#7  0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
|  apache#8  0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
|  apache#9  0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
|  apache#10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
|  apache#11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
|  apache#12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
|  apache#13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
|  apache#14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
|  apache#15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
|  apache#16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
|  apache#17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
|  apache#18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
|  apache#19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
|  apache#20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
|  apache#21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
|  apache#22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
|  apache#23 0x0000000000000000 in ?? ()

Signed-off-by: chao.an <anchao@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Aug 1, 2022
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.

|  (gdb) bt
|  #0  kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
|  #1  0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
|  #2  0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
|  #3  0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
|  #4  0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
|  #5  0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
|  #6  0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
|  apache#7  0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
|  apache#8  0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
|  apache#9  0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
|  apache#10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
|  apache#11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
|  apache#12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
|  apache#13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
|  apache#14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
|  apache#15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
|  apache#16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
|  apache#17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
|  apache#18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
|  apache#19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
|  apache#20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
|  apache#21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
|  apache#22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
|  apache#23 0x0000000000000000 in ?? ()

Signed-off-by: chao.an <anchao@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Aug 1, 2022
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.

|  (gdb) bt
|  #0  kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
|  #1  0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
|  #2  0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
|  #3  0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
|  #4  0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
|  #5  0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
|  #6  0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
|  apache#7  0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
|  apache#8  0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
|  apache#9  0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
|  apache#10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
|  apache#11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
|  apache#12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
|  apache#13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
|  apache#14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
|  apache#15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
|  apache#16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
|  apache#17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
|  apache#18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
|  apache#19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
|  apache#20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
|  apache#21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
|  apache#22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
|  apache#23 0x0000000000000000 in ?? ()

Signed-off-by: chao.an <anchao@xiaomi.com>
xiaoxiang781216 pushed a commit that referenced this pull request Aug 1, 2022
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.

|  (gdb) bt
|  #0  kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
|  #1  0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
|  #2  0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
|  #3  0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
|  #4  0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
|  #5  0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
|  #6  0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
|  #7  0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
|  #8  0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
|  #9  0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
|  #10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
|  #11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
|  #12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
|  #13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
|  #14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
|  #15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
|  #16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
|  #17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
|  #18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
|  #19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
|  #20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
|  #21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
|  #22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
|  #23 0x0000000000000000 in ?? ()

Signed-off-by: chao.an <anchao@xiaomi.com>
curuvar pushed a commit to curuvar/nuttx that referenced this pull request Aug 16, 2022
The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.

|  (gdb) bt
|  #0  kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
|  apache#1  0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
|  apache#2  0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
|  apache#3  0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
|  apache#4  0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
|  apache#5  0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
|  apache#6  0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
|  apache#7  0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
|  apache#8  0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
|  apache#9  0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
|  apache#10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
|  apache#11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
|  apache#12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
|  apache#13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
|  apache#14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
|  apache#15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
|  apache#16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
|  apache#17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
|  apache#18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
|  apache#19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
|  apache#20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
|  apache#21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
|  apache#22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
|  apache#23 0x0000000000000000 in ?? ()

Signed-off-by: chao.an <anchao@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Aug 31, 2022
apps/examples/usrsocktest/usrsocktest_basic_daemon.c:

321 static void basic_daemon_dup2(FAR struct usrsocktest_daemon_conf_s *dconf)
322 {
...
335   ret = dup2(sd2, sd);
352 }

Usrsocktest Task hold the file group lock and send the close request to usrsock deamon :

| #0  net_lockedwait_uninterruptible (sem=0x5555555f8ba2 <g_usrsockdev+34>) at utils/net_lock.c:427
| #1  0x000055555557489c in usrsockdev_do_request (conn=0x5555555f8800 <g_usrsock_connections>, iov=0x7ffff3f36040, iovcnt=1) at usrsock/usrsock_dev.c:1185
|                           --> send close request to usrsock deamon
|
| #2  0x00005555555d0439 in do_close_request (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:109
| #3  0x00005555555d04f5 in usrsock_close (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:157
| #4  0x00005555555cf100 in usrsock_sockif_close (psock=0x7ffff3ea4a60) at usrsock/usrsock_sockif.c:234
| #5  0x00005555555c7b2f in psock_close (psock=0x7ffff3ea4a60) at socket/net_close.c:102
| #6  0x000055555557a518 in sock_file_close (filep=0x7ffff3f253d0) at socket/socket.c:115
| apache#7  0x000055555557678f in file_close (filep=0x7ffff3f253d0) at vfs/fs_close.c:74
| apache#8  0x000055555557694c in file_dup2 (filep1=0x7ffff3f253e8, filep2=0x7ffff3f253d0) at vfs/fs_dup2.c:129
|                           --->  hold group file list lock  ( _files_semtake(list) )
|
| apache#9  0x0000555555575aab in nx_dup2 (fd1=7, fd2=6) at inode/fs_files.c:451
| apache#10 0x0000555555575af3 in dup2 (fd1=7, fd2=6) at inode/fs_files.c:473
| apache#11 0x000055555559d937 in basic_daemon_dup2 (dconf=0x5555555f8d80 <usrsocktest_daemon_config>) at usrsocktest_basic_daemon.c:335
| apache#12 0x000055555559ed80 in usrsocktest_test_basic_daemon_basic_daemon_dup2 () at usrsocktest_basic_daemon.c:612
| apache#13 0x000055555559f18d in usrsocktest_group_basic_daemon_run () at usrsocktest_basic_daemon.c:666
| apache#14 0x0000555555599f8d in run_tests (name=0x5555555dc8c3 "basic_daemon", test_fn=0x55555559ef50 <usrsocktest_group_basic_daemon_run>) at usrsocktest_main.c:117
| apache#15 0x000055555559a06c in run_all_tests () at usrsocktest_main.c:154
| apache#16 0x000055555559a3d1 in usrsocktest_main (argc=1, argv=0x7ffff3f25450) at usrsocktest_main.c:248
| apache#17 0x000055555555cad8 in nxtask_startup (entrypt=0x55555559a357 <usrsocktest_main>, argc=1, argv=0x7ffff3f25450) at sched/task_startup.c:70
| apache#18 0x0000555555559938 in nxtask_start () at task/task_start.c:134

Usrsock Deamon weakup and setup the poll want to perform close request, but locked on fs_getfilep():

| #0  _files_semtake (list=0x7ffff3f250b8) at inode/fs_files.c:51
|                           --> Request group lock but which hold by close request, deadlock
| #1  0x00005555555758b1 in fs_getfilep (fd=5, filep=0x7ffff3f47190) at inode/fs_files.c:375
| #2  0x00005555555d3064 in poll_fdsetup (fd=5, fds=0x7ffff3f47290, setup=true) at vfs/fs_poll.c:79
| #3  0x00005555555d3243 in poll_setup (fds=0x7ffff3f47290, nfds=2, sem=0x7ffff3f47206) at vfs/fs_poll.c:139
| #4  0x00005555555d39a6 in nx_poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:383
| #5  0x00005555555d3abd in poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:501
|                           --> daemon weak up
| #6  0x00005555555c62c7 in usrsocktest_daemon (param=0x5555555f5360 <g_ub_daemon>) at usrsocktest_daemon.c:1846
| apache#7  0x000055555559161e in pthread_startup (entry=0x5555555c60d3 <usrsocktest_daemon>, arg=0x5555555f5360 <g_ub_daemon>) at pthread/pthread_create.c:59
| apache#8  0x00005555555d45f0 in pthread_start () at pthread/pthread_create.c:175
| apache#9  0x0000000000000000 in ?? ()

Signed-off-by: chao an <anchao@xiaomi.com>
CV-Bowen added a commit to CV-Bowen/incubator-nuttx that referenced this pull request Sep 1, 2022
==2117790==ERROR: AddressSanitizer: global-buffer-overflow on address 0x64d9e3c0 at pc 0x59ac4e16 bp 0xcefe8058 sp 0xcefe8048
READ of size 1 at 0x64d9e3c0 thread T0
    #0 0x59ac4e15 in up_nputs sim/up_nputs.c:54
    #1 0x59a67e4c in syslog_default_write syslog/syslog_channel.c:220
    #2 0x59a67823 in syslog_default_write syslog/syslog_write.c:101
    apache#3 0x59a67f10 in syslog_write syslog/syslog_write.c:153
    apache#4 0x59a651c3 in syslogstream_flush syslog/syslog_stream.c:60
    apache#5 0x59a6564e in syslogstream_addchar syslog/syslog_stream.c:104
    apache#6 0x59a6576f in syslogstream_putc syslog/syslog_stream.c:140
    apache#7 0x5989fc4d in vsprintf_internal stdio/lib_libvsprintf.c:952
    apache#8 0x598a1298 in lib_vsprintf stdio/lib_libvsprintf.c:1379
    apache#9 0x59a64ea4 in nx_vsyslog syslog/vsyslog.c:223
    apache#10 0x598a601a in vsyslog syslog/lib_syslog.c:68
    apache#11 0x59b0e3dc in AIOTJS::logPrintf(int, char const*, ...) src/ajs_log.cpp:45
    apache#12 0x59b03d56 in jse_dump_obj src/jse/quickjs/jse_quickjs.cpp:569
    apache#13 0x59b03ea1 in jse_dump_error1(JSContext*, unsigned long long) src/jse/quickjs/jse_quickjs.cpp:602
    apache#14 0x59b03dd9 in jse_dump_error(JSContext*) src/jse/quickjs/jse_quickjs.cpp:591
    apache#15 0x59bed615 in ferry::DomComponent::callHook(char const*) src/framework/dom/component.cpp:65
    apache#16 0x59bfe0ff in ferry::DomComponent::initialize() src/framework/dom/component.cpp:645
    apache#17 0x59bb141d in dom_create_component(JSContext*, unsigned long long, unsigned long long, unsigned long long) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x365c41d)
    apache#18 0x59b4c0d3 in AIOTJS::__createComponent(JSContext*, unsigned long long, int, unsigned long long*) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x35f70d3)
    apache#19 0x5a56ec17 in js_call_c_function quickjs/quickjs.c:16108

Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Sep 1, 2022
apps/examples/usrsocktest/usrsocktest_basic_daemon.c:

321 static void basic_daemon_dup2(FAR struct usrsocktest_daemon_conf_s *dconf)
322 {
...
335   ret = dup2(sd2, sd);
352 }

Usrsocktest Task hold the file group lock and send the close request to usrsock deamon :

| #0  net_lockedwait_uninterruptible (sem=0x5555555f8ba2 <g_usrsockdev+34>) at utils/net_lock.c:427
| #1  0x000055555557489c in usrsockdev_do_request (conn=0x5555555f8800 <g_usrsock_connections>, iov=0x7ffff3f36040, iovcnt=1) at usrsock/usrsock_dev.c:1185
|                           --> send close request to usrsock deamon
|
| #2  0x00005555555d0439 in do_close_request (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:109
| #3  0x00005555555d04f5 in usrsock_close (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:157
| #4  0x00005555555cf100 in usrsock_sockif_close (psock=0x7ffff3ea4a60) at usrsock/usrsock_sockif.c:234
| #5  0x00005555555c7b2f in psock_close (psock=0x7ffff3ea4a60) at socket/net_close.c:102
| #6  0x000055555557a518 in sock_file_close (filep=0x7ffff3f253d0) at socket/socket.c:115
| apache#7  0x000055555557678f in file_close (filep=0x7ffff3f253d0) at vfs/fs_close.c:74
| apache#8  0x000055555557694c in file_dup2 (filep1=0x7ffff3f253e8, filep2=0x7ffff3f253d0) at vfs/fs_dup2.c:129
|                           --->  hold group file list lock  ( _files_semtake(list) )
|
| apache#9  0x0000555555575aab in nx_dup2 (fd1=7, fd2=6) at inode/fs_files.c:451
| apache#10 0x0000555555575af3 in dup2 (fd1=7, fd2=6) at inode/fs_files.c:473
| apache#11 0x000055555559d937 in basic_daemon_dup2 (dconf=0x5555555f8d80 <usrsocktest_daemon_config>) at usrsocktest_basic_daemon.c:335
| apache#12 0x000055555559ed80 in usrsocktest_test_basic_daemon_basic_daemon_dup2 () at usrsocktest_basic_daemon.c:612
| apache#13 0x000055555559f18d in usrsocktest_group_basic_daemon_run () at usrsocktest_basic_daemon.c:666
| apache#14 0x0000555555599f8d in run_tests (name=0x5555555dc8c3 "basic_daemon", test_fn=0x55555559ef50 <usrsocktest_group_basic_daemon_run>) at usrsocktest_main.c:117
| apache#15 0x000055555559a06c in run_all_tests () at usrsocktest_main.c:154
| apache#16 0x000055555559a3d1 in usrsocktest_main (argc=1, argv=0x7ffff3f25450) at usrsocktest_main.c:248
| apache#17 0x000055555555cad8 in nxtask_startup (entrypt=0x55555559a357 <usrsocktest_main>, argc=1, argv=0x7ffff3f25450) at sched/task_startup.c:70
| apache#18 0x0000555555559938 in nxtask_start () at task/task_start.c:134

Usrsock Deamon weakup and setup the poll want to perform close request, but locked on fs_getfilep():

| #0  _files_semtake (list=0x7ffff3f250b8) at inode/fs_files.c:51
|                           --> Request group lock but which hold by close request, deadlock
| #1  0x00005555555758b1 in fs_getfilep (fd=5, filep=0x7ffff3f47190) at inode/fs_files.c:375
| #2  0x00005555555d3064 in poll_fdsetup (fd=5, fds=0x7ffff3f47290, setup=true) at vfs/fs_poll.c:79
| #3  0x00005555555d3243 in poll_setup (fds=0x7ffff3f47290, nfds=2, sem=0x7ffff3f47206) at vfs/fs_poll.c:139
| #4  0x00005555555d39a6 in nx_poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:383
| #5  0x00005555555d3abd in poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:501
|                           --> daemon weak up
| #6  0x00005555555c62c7 in usrsocktest_daemon (param=0x5555555f5360 <g_ub_daemon>) at usrsocktest_daemon.c:1846
| apache#7  0x000055555559161e in pthread_startup (entry=0x5555555c60d3 <usrsocktest_daemon>, arg=0x5555555f5360 <g_ub_daemon>) at pthread/pthread_create.c:59
| apache#8  0x00005555555d45f0 in pthread_start () at pthread/pthread_create.c:175
| apache#9  0x0000000000000000 in ?? ()

Signed-off-by: chao an <anchao@xiaomi.com>
xiaoxiang781216 pushed a commit that referenced this pull request Sep 1, 2022
==2117790==ERROR: AddressSanitizer: global-buffer-overflow on address 0x64d9e3c0 at pc 0x59ac4e16 bp 0xcefe8058 sp 0xcefe8048
READ of size 1 at 0x64d9e3c0 thread T0
    #0 0x59ac4e15 in up_nputs sim/up_nputs.c:54
    #1 0x59a67e4c in syslog_default_write syslog/syslog_channel.c:220
    #2 0x59a67823 in syslog_default_write syslog/syslog_write.c:101
    #3 0x59a67f10 in syslog_write syslog/syslog_write.c:153
    #4 0x59a651c3 in syslogstream_flush syslog/syslog_stream.c:60
    #5 0x59a6564e in syslogstream_addchar syslog/syslog_stream.c:104
    #6 0x59a6576f in syslogstream_putc syslog/syslog_stream.c:140
    #7 0x5989fc4d in vsprintf_internal stdio/lib_libvsprintf.c:952
    #8 0x598a1298 in lib_vsprintf stdio/lib_libvsprintf.c:1379
    #9 0x59a64ea4 in nx_vsyslog syslog/vsyslog.c:223
    #10 0x598a601a in vsyslog syslog/lib_syslog.c:68
    #11 0x59b0e3dc in AIOTJS::logPrintf(int, char const*, ...) src/ajs_log.cpp:45
    #12 0x59b03d56 in jse_dump_obj src/jse/quickjs/jse_quickjs.cpp:569
    #13 0x59b03ea1 in jse_dump_error1(JSContext*, unsigned long long) src/jse/quickjs/jse_quickjs.cpp:602
    #14 0x59b03dd9 in jse_dump_error(JSContext*) src/jse/quickjs/jse_quickjs.cpp:591
    #15 0x59bed615 in ferry::DomComponent::callHook(char const*) src/framework/dom/component.cpp:65
    #16 0x59bfe0ff in ferry::DomComponent::initialize() src/framework/dom/component.cpp:645
    #17 0x59bb141d in dom_create_component(JSContext*, unsigned long long, unsigned long long, unsigned long long) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x365c41d)
    #18 0x59b4c0d3 in AIOTJS::__createComponent(JSContext*, unsigned long long, int, unsigned long long*) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x35f70d3)
    #19 0x5a56ec17 in js_call_c_function quickjs/quickjs.c:16108

Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
xiaoxiang781216 pushed a commit that referenced this pull request Sep 1, 2022
apps/examples/usrsocktest/usrsocktest_basic_daemon.c:

321 static void basic_daemon_dup2(FAR struct usrsocktest_daemon_conf_s *dconf)
322 {
...
335   ret = dup2(sd2, sd);
352 }

Usrsocktest Task hold the file group lock and send the close request to usrsock deamon :

| #0  net_lockedwait_uninterruptible (sem=0x5555555f8ba2 <g_usrsockdev+34>) at utils/net_lock.c:427
| #1  0x000055555557489c in usrsockdev_do_request (conn=0x5555555f8800 <g_usrsock_connections>, iov=0x7ffff3f36040, iovcnt=1) at usrsock/usrsock_dev.c:1185
|                           --> send close request to usrsock deamon
|
| #2  0x00005555555d0439 in do_close_request (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:109
| #3  0x00005555555d04f5 in usrsock_close (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:157
| #4  0x00005555555cf100 in usrsock_sockif_close (psock=0x7ffff3ea4a60) at usrsock/usrsock_sockif.c:234
| #5  0x00005555555c7b2f in psock_close (psock=0x7ffff3ea4a60) at socket/net_close.c:102
| #6  0x000055555557a518 in sock_file_close (filep=0x7ffff3f253d0) at socket/socket.c:115
| #7  0x000055555557678f in file_close (filep=0x7ffff3f253d0) at vfs/fs_close.c:74
| #8  0x000055555557694c in file_dup2 (filep1=0x7ffff3f253e8, filep2=0x7ffff3f253d0) at vfs/fs_dup2.c:129
|                           --->  hold group file list lock  ( _files_semtake(list) )
|
| #9  0x0000555555575aab in nx_dup2 (fd1=7, fd2=6) at inode/fs_files.c:451
| #10 0x0000555555575af3 in dup2 (fd1=7, fd2=6) at inode/fs_files.c:473
| #11 0x000055555559d937 in basic_daemon_dup2 (dconf=0x5555555f8d80 <usrsocktest_daemon_config>) at usrsocktest_basic_daemon.c:335
| #12 0x000055555559ed80 in usrsocktest_test_basic_daemon_basic_daemon_dup2 () at usrsocktest_basic_daemon.c:612
| #13 0x000055555559f18d in usrsocktest_group_basic_daemon_run () at usrsocktest_basic_daemon.c:666
| #14 0x0000555555599f8d in run_tests (name=0x5555555dc8c3 "basic_daemon", test_fn=0x55555559ef50 <usrsocktest_group_basic_daemon_run>) at usrsocktest_main.c:117
| #15 0x000055555559a06c in run_all_tests () at usrsocktest_main.c:154
| #16 0x000055555559a3d1 in usrsocktest_main (argc=1, argv=0x7ffff3f25450) at usrsocktest_main.c:248
| #17 0x000055555555cad8 in nxtask_startup (entrypt=0x55555559a357 <usrsocktest_main>, argc=1, argv=0x7ffff3f25450) at sched/task_startup.c:70
| #18 0x0000555555559938 in nxtask_start () at task/task_start.c:134

Usrsock Deamon weakup and setup the poll want to perform close request, but locked on fs_getfilep():

| #0  _files_semtake (list=0x7ffff3f250b8) at inode/fs_files.c:51
|                           --> Request group lock but which hold by close request, deadlock
| #1  0x00005555555758b1 in fs_getfilep (fd=5, filep=0x7ffff3f47190) at inode/fs_files.c:375
| #2  0x00005555555d3064 in poll_fdsetup (fd=5, fds=0x7ffff3f47290, setup=true) at vfs/fs_poll.c:79
| #3  0x00005555555d3243 in poll_setup (fds=0x7ffff3f47290, nfds=2, sem=0x7ffff3f47206) at vfs/fs_poll.c:139
| #4  0x00005555555d39a6 in nx_poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:383
| #5  0x00005555555d3abd in poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:501
|                           --> daemon weak up
| #6  0x00005555555c62c7 in usrsocktest_daemon (param=0x5555555f5360 <g_ub_daemon>) at usrsocktest_daemon.c:1846
| #7  0x000055555559161e in pthread_startup (entry=0x5555555c60d3 <usrsocktest_daemon>, arg=0x5555555f5360 <g_ub_daemon>) at pthread/pthread_create.c:59
| #8  0x00005555555d45f0 in pthread_start () at pthread/pthread_create.c:175
| #9  0x0000000000000000 in ?? ()

Signed-off-by: chao an <anchao@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Jan 10, 2023
tg_info is still in use after task_uninit_info() unifies
lib_stream_* with life cycle of task info to avoid this issue.

|apache#10 0xf7abec89 in __asan::__asan_report_load2 (addr=4100993760) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|apache#11 0x5677356a in nxsem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:73
|apache#12 0x56773695 in sem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:120
|apache#13 0x5676faa2 in nxmutex_destroy (mutex=0xf47032e0) at include/nuttx/mutex.h:126
|apache#14 0x567a3430 in lib_stream_release (group=0xf4901ba0) at stdio/lib_libstream.c:98
|apache#15 0x5676da75 in group_release (group=0xf4901ba0) at group/group_leave.c:162
|apache#16 0x5676e51c in group_leave (tcb=0xf5377740) at group/group_leave.c:360
|apache#17 0x569fe79b in nxtask_exithook (tcb=0xf5377740, status=0) at task/task_exithook.c:455
|apache#18 0x569f90b9 in _exit (status=0) at task/exit.c:82
|apache#19 0x56742680 in exit (status=0) at stdlib/lib_exit.c:61
|apache#20 0x56a69c78 in iperf_showusage (progname=0xf2f28838 "iperf", exitcode=0) at iperf_main.c:91
|apache#21 0x56a6a6ec in iperf_main (argc=1, argv=0xf2f28830) at iperf_main.c:140
|apache#22 0x5679c148 in nxtask_startup (entrypt=0x56a69c78 <iperf_main>, argc=1, argv=0xf2f28830) at sched/task_startup.c:70
|apache#23 0x56767f58 in nxtask_start () at task/task_start.c:134

Signed-off-by: chao an <anchao@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Jan 10, 2023
tg_info is still in use after task_uninit_info() unifies
lib_stream_* with life cycle of task info to avoid this issue.

| ==1940861==ERROR: AddressSanitizer: heap-use-after-free on address 0xf47032e0 at pc 0x5676dc4f bp 0xf2f38c68 sp 0xf2f38c58
|
|apache#10 0xf7abec89 in __asan::__asan_report_load2 (addr=4100993760) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|apache#11 0x5677356a in nxsem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:73
|apache#12 0x56773695 in sem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:120
|apache#13 0x5676faa2 in nxmutex_destroy (mutex=0xf47032e0) at include/nuttx/mutex.h:126
|apache#14 0x567a3430 in lib_stream_release (group=0xf4901ba0) at stdio/lib_libstream.c:98
|apache#15 0x5676da75 in group_release (group=0xf4901ba0) at group/group_leave.c:162
|apache#16 0x5676e51c in group_leave (tcb=0xf5377740) at group/group_leave.c:360
|apache#17 0x569fe79b in nxtask_exithook (tcb=0xf5377740, status=0) at task/task_exithook.c:455
|apache#18 0x569f90b9 in _exit (status=0) at task/exit.c:82
|apache#19 0x56742680 in exit (status=0) at stdlib/lib_exit.c:61
|apache#20 0x56a69c78 in iperf_showusage (progname=0xf2f28838 "iperf", exitcode=0) at iperf_main.c:91
|apache#21 0x56a6a6ec in iperf_main (argc=1, argv=0xf2f28830) at iperf_main.c:140
|apache#22 0x5679c148 in nxtask_startup (entrypt=0x56a69c78 <iperf_main>, argc=1, argv=0xf2f28830) at sched/task_startup.c:70
|apache#23 0x56767f58 in nxtask_start () at task/task_start.c:134

Signed-off-by: chao an <anchao@xiaomi.com>
anchao added a commit to anchao/nuttx that referenced this pull request Jan 10, 2023
tg_info is still in use after task_uninit_info(), unifies
lib_stream_* with life cycle of task info to avoid this issue.

| ==1940861==ERROR: AddressSanitizer: heap-use-after-free on address 0xf47032e0 at pc 0x5676dc4f bp 0xf2f38c68 sp 0xf2f38c58
|
|apache#10 0xf7abec89 in __asan::__asan_report_load2 (addr=4100993760) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|apache#11 0x5677356a in nxsem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:73
|apache#12 0x56773695 in sem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:120
|apache#13 0x5676faa2 in nxmutex_destroy (mutex=0xf47032e0) at include/nuttx/mutex.h:126
|apache#14 0x567a3430 in lib_stream_release (group=0xf4901ba0) at stdio/lib_libstream.c:98
|apache#15 0x5676da75 in group_release (group=0xf4901ba0) at group/group_leave.c:162
|apache#16 0x5676e51c in group_leave (tcb=0xf5377740) at group/group_leave.c:360
|apache#17 0x569fe79b in nxtask_exithook (tcb=0xf5377740, status=0) at task/task_exithook.c:455
|apache#18 0x569f90b9 in _exit (status=0) at task/exit.c:82
|apache#19 0x56742680 in exit (status=0) at stdlib/lib_exit.c:61
|apache#20 0x56a69c78 in iperf_showusage (progname=0xf2f28838 "iperf", exitcode=0) at iperf_main.c:91
|apache#21 0x56a6a6ec in iperf_main (argc=1, argv=0xf2f28830) at iperf_main.c:140
|apache#22 0x5679c148 in nxtask_startup (entrypt=0x56a69c78 <iperf_main>, argc=1, argv=0xf2f28830) at sched/task_startup.c:70
|apache#23 0x56767f58 in nxtask_start () at task/task_start.c:134

Signed-off-by: chao an <anchao@xiaomi.com>
xiaoxiang781216 pushed a commit that referenced this pull request Jan 10, 2023
tg_info is still in use after task_uninit_info(), unifies
lib_stream_* with life cycle of task info to avoid this issue.

| ==1940861==ERROR: AddressSanitizer: heap-use-after-free on address 0xf47032e0 at pc 0x5676dc4f bp 0xf2f38c68 sp 0xf2f38c58
|
|#10 0xf7abec89 in __asan::__asan_report_load2 (addr=4100993760) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|#11 0x5677356a in nxsem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:73
|#12 0x56773695 in sem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:120
|#13 0x5676faa2 in nxmutex_destroy (mutex=0xf47032e0) at include/nuttx/mutex.h:126
|#14 0x567a3430 in lib_stream_release (group=0xf4901ba0) at stdio/lib_libstream.c:98
|#15 0x5676da75 in group_release (group=0xf4901ba0) at group/group_leave.c:162
|#16 0x5676e51c in group_leave (tcb=0xf5377740) at group/group_leave.c:360
|#17 0x569fe79b in nxtask_exithook (tcb=0xf5377740, status=0) at task/task_exithook.c:455
|#18 0x569f90b9 in _exit (status=0) at task/exit.c:82
|#19 0x56742680 in exit (status=0) at stdlib/lib_exit.c:61
|#20 0x56a69c78 in iperf_showusage (progname=0xf2f28838 "iperf", exitcode=0) at iperf_main.c:91
|#21 0x56a6a6ec in iperf_main (argc=1, argv=0xf2f28830) at iperf_main.c:140
|#22 0x5679c148 in nxtask_startup (entrypt=0x56a69c78 <iperf_main>, argc=1, argv=0xf2f28830) at sched/task_startup.c:70
|#23 0x56767f58 in nxtask_start () at task/task_start.c:134

Signed-off-by: chao an <anchao@xiaomi.com>
chenzhihong007 pushed a commit to hpmicro/nuttx that referenced this pull request Mar 8, 2023
tg_info is still in use after task_uninit_info(), unifies
lib_stream_* with life cycle of task info to avoid this issue.

| ==1940861==ERROR: AddressSanitizer: heap-use-after-free on address 0xf47032e0 at pc 0x5676dc4f bp 0xf2f38c68 sp 0xf2f38c58
|
|apache#10 0xf7abec89 in __asan::__asan_report_load2 (addr=4100993760) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|apache#11 0x5677356a in nxsem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:73
|apache#12 0x56773695 in sem_destroy (sem=0xf47032e0) at semaphore/sem_destroy.c:120
|apache#13 0x5676faa2 in nxmutex_destroy (mutex=0xf47032e0) at include/nuttx/mutex.h:126
|apache#14 0x567a3430 in lib_stream_release (group=0xf4901ba0) at stdio/lib_libstream.c:98
|apache#15 0x5676da75 in group_release (group=0xf4901ba0) at group/group_leave.c:162
|apache#16 0x5676e51c in group_leave (tcb=0xf5377740) at group/group_leave.c:360
|apache#17 0x569fe79b in nxtask_exithook (tcb=0xf5377740, status=0) at task/task_exithook.c:455
|apache#18 0x569f90b9 in _exit (status=0) at task/exit.c:82
|apache#19 0x56742680 in exit (status=0) at stdlib/lib_exit.c:61
|apache#20 0x56a69c78 in iperf_showusage (progname=0xf2f28838 "iperf", exitcode=0) at iperf_main.c:91
|apache#21 0x56a6a6ec in iperf_main (argc=1, argv=0xf2f28830) at iperf_main.c:140
|apache#22 0x5679c148 in nxtask_startup (entrypt=0x56a69c78 <iperf_main>, argc=1, argv=0xf2f28830) at sched/task_startup.c:70
|apache#23 0x56767f58 in nxtask_start () at task/task_start.c:134

Signed-off-by: chao an <anchao@xiaomi.com>
chenzhihong007 pushed a commit to hpmicro/nuttx that referenced this pull request Aug 1, 2023
- Draft implementation of the SDMMC driver
- Brought up the SDMMC device in board

Signed-off-by: Fan YANG <fan.yang@hpmicro.com>
chenzhihong007 pushed a commit to hpmicro/nuttx that referenced this pull request Aug 1, 2023
- Added mmcsd config
- Removed duplicate definitions

Signed-off-by: Fan YANG <fan.yang@hpmicro.com>
chenzhihong007 pushed a commit to hpmicro/nuttx that referenced this pull request Feb 23, 2024
- Draft implementation of the SDMMC driver
- Brought up the SDMMC device in board

Signed-off-by: Fan YANG <fan.yang@hpmicro.com>
chenzhihong007 pushed a commit to hpmicro/nuttx that referenced this pull request Feb 23, 2024
- Added mmcsd config
- Removed duplicate definitions

Signed-off-by: Fan YANG <fan.yang@hpmicro.com>
jasonbu pushed a commit to jasonbu/nuttx that referenced this pull request Sep 27, 2024
ap> cat pm
=================================================================
==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98
READ of size 1 at 0xf436edd9 thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    apache#1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174
    apache#2 0x371b066 in pm_open power/pm/pm_procfs.c:207
    apache#3 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    apache#4 0x359bce2 in file_vopen vfs/fs_open.c:240
    apache#5 0x359c431 in nx_vopen vfs/fs_open.c:312
    apache#6 0x359cb53 in open vfs/fs_open.c:465
    apache#7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    apache#8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    apache#9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    apache#10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    apache#11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    apache#12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    apache#13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    apache#14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    apache#15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    apache#16 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    apache#17 0x323ec3f in nxtask_start task/task_start.c:134
    apache#18 0x33636ea in pre_start sim/sim_initialstate.c:52

ap> cat net
=================================================================
==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8
READ of size 1 at 0xf4479a5a thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    apache#1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215
    apache#2 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    apache#3 0x359bce2 in file_vopen vfs/fs_open.c:240
    apache#4 0x359c431 in nx_vopen vfs/fs_open.c:312
    apache#5 0x359cb53 in open vfs/fs_open.c:465
    apache#6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    apache#7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    apache#8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    apache#9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    apache#10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    apache#11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    apache#12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    apache#13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    apache#14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    apache#15 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    apache#16 0x323ec3f in nxtask_start task/task_start.c:134
    apache#17 0x33636ea in pre_start sim/sim_initialstate.c:52

Signed-off-by: dulibo1 <dulibo1@xiaomi.com>
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
xiaoxiang781216 pushed a commit that referenced this pull request Sep 27, 2024
ap> cat pm
=================================================================
==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98
READ of size 1 at 0xf436edd9 thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    #1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174
    #2 0x371b066 in pm_open power/pm/pm_procfs.c:207
    #3 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    #4 0x359bce2 in file_vopen vfs/fs_open.c:240
    #5 0x359c431 in nx_vopen vfs/fs_open.c:312
    #6 0x359cb53 in open vfs/fs_open.c:465
    #7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    #8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    #9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    #10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    #11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    #12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    #13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    #14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    #15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    #16 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    #17 0x323ec3f in nxtask_start task/task_start.c:134
    #18 0x33636ea in pre_start sim/sim_initialstate.c:52

ap> cat net
=================================================================
==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8
READ of size 1 at 0xf4479a5a thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    #1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215
    #2 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    #3 0x359bce2 in file_vopen vfs/fs_open.c:240
    #4 0x359c431 in nx_vopen vfs/fs_open.c:312
    #5 0x359cb53 in open vfs/fs_open.c:465
    #6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    #7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    #8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    #9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    #10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    #11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    #12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    #13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    #14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    #15 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    #16 0x323ec3f in nxtask_start task/task_start.c:134
    #17 0x33636ea in pre_start sim/sim_initialstate.c:52

Signed-off-by: dulibo1 <dulibo1@xiaomi.com>
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
kywwilson11 pushed a commit to kywwilson11/nuttx that referenced this pull request Sep 30, 2024
ap> cat pm
=================================================================
==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98
READ of size 1 at 0xf436edd9 thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    #1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174
    apache#2 0x371b066 in pm_open power/pm/pm_procfs.c:207
    apache#3 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    apache#4 0x359bce2 in file_vopen vfs/fs_open.c:240
    apache#5 0x359c431 in nx_vopen vfs/fs_open.c:312
    apache#6 0x359cb53 in open vfs/fs_open.c:465
    apache#7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    apache#8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    apache#9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    apache#10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    apache#11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    apache#12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    apache#13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    apache#14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    apache#15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    apache#16 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    apache#17 0x323ec3f in nxtask_start task/task_start.c:134
    apache#18 0x33636ea in pre_start sim/sim_initialstate.c:52

ap> cat net
=================================================================
==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8
READ of size 1 at 0xf4479a5a thread T0
    #0 0x3338a47 in strncmp string/lib_strncmp.c:42
    #1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215
    apache#2 0x3640d20 in procfs_open procfs/fs_procfs.c:419
    apache#3 0x359bce2 in file_vopen vfs/fs_open.c:240
    apache#4 0x359c431 in nx_vopen vfs/fs_open.c:312
    apache#5 0x359cb53 in open vfs/fs_open.c:465
    apache#6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
    apache#7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
    apache#8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
    apache#9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
    apache#10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
    apache#11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
    apache#12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
    apache#13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
    apache#14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
    apache#15 0x332b6e6 in nxtask_startup sched/task_startup.c:70
    apache#16 0x323ec3f in nxtask_start task/task_start.c:134
    apache#17 0x33636ea in pre_start sim/sim_initialstate.c:52

Signed-off-by: dulibo1 <dulibo1@xiaomi.com>
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
pwnall pushed a commit to pwnall/nuttx that referenced this pull request Oct 23, 2024
Deadlock during recursive access if unionfs overlays procfs,
check the critical segment only and remove the useless protection part.

|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
...
|apache#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026

original call stack:
(gdb) bt
|#0  unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136
|apache#1  0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119
|apache#2  0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90
|apache#3  0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193
|apache#4  0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169
|apache#5  0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537
|apache#6  0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412
|apache#7  0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026
|apache#8  0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110
|apache#9  0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175
|apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206
|apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116
|apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73
|apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061
|apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741
|apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578
|apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662
|apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191
|apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115
|apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168
|apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165
|apache#21 0x08049713 in nxtask_start () at task/task_start.c:144
|apache#22 0x00000000 in ?? ()

Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca
Signed-off-by: chao.an <anchao@xiaomi.com>
zhhyu7 added a commit to zhhyu7/incubator-nuttx that referenced this pull request Oct 29, 2024
current sizeof(struct sockaddr_in) is 66

arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment
0xe5f134e6: note: pointer points here
 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^
    #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241
    #1 0x5432a11f in arp_snapshot arp/arp_table.c:574
    #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547
    apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715
    apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743
    apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382
    apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625
    apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96
    apache#8 0x542bc94b in psock_sendto socket/sendto.c:134
    apache#9 0x542bcb28 in sendto socket/sendto.c:247
    apache#10 0x542bc5ea in send socket/send.c:163
    apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152
    apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197
    apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263
    apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718
    apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619
    apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706
    apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245
    apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75
    apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74
    apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70
    apache#21 0x53f366c6 in nxtask_start task/task_start.c:116
    apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52

Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
zhhyu7 added a commit to zhhyu7/incubator-nuttx that referenced this pull request Oct 29, 2024
current sizeof(struct sockaddr_in) is 66

arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment
0xe5f134e6: note: pointer points here
 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^
    #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241
    #1 0x5432a11f in arp_snapshot arp/arp_table.c:574
    #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547
    apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715
    apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743
    apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382
    apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625
    apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96
    apache#8 0x542bc94b in psock_sendto socket/sendto.c:134
    apache#9 0x542bcb28 in sendto socket/sendto.c:247
    apache#10 0x542bc5ea in send socket/send.c:163
    apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152
    apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197
    apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263
    apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718
    apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619
    apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706
    apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245
    apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75
    apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74
    apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70
    apache#21 0x53f366c6 in nxtask_start task/task_start.c:116
    apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52

Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
xiaoxiang781216 pushed a commit that referenced this pull request Oct 29, 2024
current sizeof(struct sockaddr_in) is 66

arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment
0xe5f134e6: note: pointer points here
 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^
    #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241
    #1 0x5432a11f in arp_snapshot arp/arp_table.c:574
    #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547
    #3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715
    #4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743
    #5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382
    #6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625
    #7 0x542be94d in psock_sendmsg socket/sendmsg.c:96
    #8 0x542bc94b in psock_sendto socket/sendto.c:134
    #9 0x542bcb28 in sendto socket/sendto.c:247
    #10 0x542bc5ea in send socket/send.c:163
    #11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152
    #12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197
    #13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263
    #14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718
    #15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619
    #16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706
    #17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245
    #18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75
    #19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74
    #20 0x54067ee1 in nxtask_startup sched/task_startup.c:70
    #21 0x53f366c6 in nxtask_start task/task_start.c:116
    #22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52

Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
JaeheeKwon pushed a commit to JaeheeKwon/nuttx that referenced this pull request Nov 28, 2024
current sizeof(struct sockaddr_in) is 66

arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment
0xe5f134e6: note: pointer points here
 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^
    #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241
    apache#1 0x5432a11f in arp_snapshot arp/arp_table.c:574
    apache#2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547
    apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715
    apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743
    apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382
    apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625
    apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96
    apache#8 0x542bc94b in psock_sendto socket/sendto.c:134
    apache#9 0x542bcb28 in sendto socket/sendto.c:247
    apache#10 0x542bc5ea in send socket/send.c:163
    apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152
    apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197
    apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263
    apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718
    apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619
    apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706
    apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245
    apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75
    apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74
    apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70
    apache#21 0x53f366c6 in nxtask_start task/task_start.c:116
    apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52

Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants