-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tcp_conn: Check if the remote address is unspecified #5
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Change-Id: I6f547bb4bfb3bb621573db9097a531ce2260e794 Signed-off-by: chao.an <anchao@xiaomi.com>
This is also against master. See my comment and questions s with regard to PR 4. Please advise and I will expedite the inclusion of the change. |
I will assume that you will be unable to respond due to the time difference. I will go ahead and incorporate the change as a patch to keep things moving. |
anchao
referenced
this pull request
in anchao/nuttx
Jun 15, 2020
ASAN trace: ... ==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8 WRITE of size 1 at 0xf4502120 thread T0 #0 0x56673ca2 in strcpy string/lib_strcpy.c:64 0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120) allocated by thread T0 here: #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54) #1 0x5667725d in up_create_stack sim/up_createstack.c:135 #2 0x56657ed8 in nxthread_create task/task_create.c:125 #3 0x566580bb in kthread_create task/task_create.c:297 #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149 #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181 #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436 apache#7 0x56656e95 in nx_start init/nx_start.c:809 apache#8 0x566548d4 in main sim/up_head.c:95 apache#9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80) CALLSTACK: apache#8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4 apache#9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64 apache#10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570 apache#11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714 apache#12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143 apache#13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297 apache#14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149 apache#15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181 apache#16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436 apache#17 0x565e3d96 in nx_start () at init/nx_start.c:809 apache#18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95 Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac Signed-off-by: chao.an <anchao@xiaomi.com>
patacongo
pushed a commit
that referenced
this pull request
Jun 15, 2020
ASAN trace: ... ==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8 WRITE of size 1 at 0xf4502120 thread T0 #0 0x56673ca2 in strcpy string/lib_strcpy.c:64 0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120) allocated by thread T0 here: #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54) #1 0x5667725d in up_create_stack sim/up_createstack.c:135 #2 0x56657ed8 in nxthread_create task/task_create.c:125 #3 0x566580bb in kthread_create task/task_create.c:297 #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149 #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181 #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436 #7 0x56656e95 in nx_start init/nx_start.c:809 #8 0x566548d4 in main sim/up_head.c:95 #9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80) CALLSTACK: #8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4 #9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64 #10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570 #11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714 #12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143 #13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297 #14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149 #15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181 #16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436 #17 0x565e3d96 in nx_start () at init/nx_start.c:809 #18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95 Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac Signed-off-by: chao.an <anchao@xiaomi.com>
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Sep 1, 2020
Note: dlsymtab is not in standards. but just in case. (gdb) bt #0 getpid () at task/task_getpid.c:91 apache#1 0x00000000004fbc9d in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000719ee0 in modsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92 apache#3 0x000000000071597d in dlsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164 apache#4 0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#5 0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#6 0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#7 0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#8 0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007fff028f686b in ?? () apache#12 0x0000000000000000 in ?? () (gdb) quit
xiaoxiang781216
pushed a commit
that referenced
this pull request
Sep 1, 2020
Note: dlsymtab is not in standards. but just in case. (gdb) bt #0 getpid () at task/task_getpid.c:91 #1 0x00000000004fbc9d in modlib_registry_lock () at modlib/modlib_registry.c:89 #2 0x0000000000719ee0 in modsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92 #3 0x000000000071597d in dlsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164 #4 0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #5 0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #6 0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #7 0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2 #8 0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2 #9 0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2 #10 0x0000000000000001 in ?? () #11 0x00007fff028f686b in ?? () #12 0x0000000000000000 in ?? () (gdb) quit
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Sep 17, 2020
This reverts commit 21cff9f. It broke sim on macOS. In the following backtrace, the host socket() should be used instead of nuttx's. (lldb) bt * thread apache#1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1 * frame #0: 0x00000001000f5391 nuttx`socket(domain=1, type=1, protocol=0) at socket.c:192:12 frame apache#1: 0x000000010012b682 nuttx`vpnkit_connect at up_vpnkit.c:75:8 frame apache#2: 0x000000010012b60b nuttx`vpnkit_init at up_vpnkit.c:136:3 frame apache#3: 0x0000000100034b56 nuttx`netdriver_init at up_netdriver.c:334:3 frame apache#4: 0x0000000100033294 nuttx`up_initialize at up_initialize.c:260:3 frame apache#5: 0x00000001000031e3 nuttx`nx_start at nx_start.c:701:3 frame apache#6: 0x0000000100000b12 nuttx`main(argc=1, argv=0x00007ffeefbfd6c8, envp=0x00007ffeefbfd6d8) at up_head.c:96:7 frame apache#7: 0x00007fff7831b3d5 libdyld.dylib`start + 1 frame apache#8: 0x00007fff7831b3d5 libdyld.dylib`start + 1 (lldb)
Closed
anchao
referenced
this pull request
in anchao/nuttx
Nov 9, 2020
(gdb) b longjmp Breakpoint 1 at 0x8270 (gdb) r Starting program: /home/chao/code/m3/nuttx/nuttx [ 0.000000] Assertion failed at file:task/task_onexit.c line: 99 Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 (gdb) (gdb) bt |#0 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 |#1 0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0 |#2 0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132 |#3 0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36 |#4 0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99 |#5 0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109 |#6 0x565fd819 in simuart_start () at sim/up_simuart.c:112 |apache#7 0x5656c844 in up_uartinit () at sim/up_uart.c:496 |apache#8 0x5656ba7a in up_initialize () at sim/up_initialize.c:234 |apache#9 0x5655da56 in nx_start () at init/nx_start.c:701 |apache#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96 Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6 Signed-off-by: chao.an <anchao@xiaomi.com>
acassis
pushed a commit
that referenced
this pull request
Nov 9, 2020
(gdb) b longjmp Breakpoint 1 at 0x8270 (gdb) r Starting program: /home/chao/code/m3/nuttx/nuttx [ 0.000000] Assertion failed at file:task/task_onexit.c line: 99 Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 (gdb) (gdb) bt |#0 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 |#1 0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0 |#2 0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132 |#3 0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36 |#4 0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99 |#5 0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109 |#6 0x565fd819 in simuart_start () at sim/up_simuart.c:112 |#7 0x5656c844 in up_uartinit () at sim/up_uart.c:496 |#8 0x5656ba7a in up_initialize () at sim/up_initialize.c:234 |#9 0x5655da56 in nx_start () at init/nx_start.c:701 |#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96 Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6 Signed-off-by: chao.an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
Dec 14, 2020
Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |apache#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |apache#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |apache#21 0x08049713 in nxtask_start () at task/task_start.c:144 |apache#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
Dec 14, 2020
Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |apache#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |apache#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |apache#21 0x08049713 in nxtask_start () at task/task_start.c:144 |apache#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <anchao@xiaomi.com>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Dec 15, 2020
Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |#21 0x08049713 in nxtask_start () at task/task_start.c:144 |#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <anchao@xiaomi.com>
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Mar 23, 2021
``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 apache#1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 apache#3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 apache#4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () apache#5 0x000000000048181e in InitializeCommonInterceptors() () apache#6 0x000000000048106a in __asan::InitializeAsanInterceptors() () apache#7 0x000000000049b85e in __asan::AsanInitInternal() () apache#8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007ffe4cdfff56 in ?? () apache#12 0x0000000000000000 in ?? () ```
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Mar 23, 2021
Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux. ``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 apache#1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 apache#3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 apache#4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () apache#5 0x000000000048181e in InitializeCommonInterceptors() () apache#6 0x000000000048106a in __asan::InitializeAsanInterceptors() () apache#7 0x000000000049b85e in __asan::AsanInitInternal() () apache#8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007ffe4cdfff56 in ?? () apache#12 0x0000000000000000 in ?? () ```
xiaoxiang781216
pushed a commit
that referenced
this pull request
Mar 23, 2021
Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux. ``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 #1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 #2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 #3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 #4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () #5 0x000000000048181e in InitializeCommonInterceptors() () #6 0x000000000048106a in __asan::InitializeAsanInterceptors() () #7 0x000000000049b85e in __asan::AsanInitInternal() () #8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 #9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 #10 0x0000000000000001 in ?? () #11 0x00007ffe4cdfff56 in ?? () #12 0x0000000000000000 in ?? () ```
yamt
added a commit
to yamt/incubator-nuttx
that referenced
this pull request
Apr 16, 2021
This reverts commit 2335b69. It seems that the commit is question broke sim/Linux and sim/macOS. Both of the following crashes are fixed by this revert. My app running with sim/Linux started crashing with the commit. ``` Program received signal SIGSEGV, Segmentation fault. 0x00000000004583ad in snprintf (buf=0x7f6260682b30 "\020", size=140060500962096, format=0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>) at stdio/lib_snprintf.c:41 41 stdio/lib_snprintf.c: No such file or directory. rax 0x0 0 rbx 0x0 0 rcx 0x1 1 rdx 0x5515d0 5576144 rsi 0x10 16 rdi 0x7f6260682858 140060500961368 rbp 0x7f6260682808 0x7f6260682808 rsp 0x7f6260682628 0x7f6260682628 r8 0x7f62606825e0 140060500960736 r9 0x0 0 r10 0x8 8 r11 0x246 582 r12 0x0 0 r13 0x0 0 r14 0x0 0 r15 0x0 0 rip 0x4583ad 0x4583ad <snprintf+13> eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 ``` sim:ostest on macOS crashes like the following. ``` spacetanuki% lldb ./nuttx (lldb) target create "./nuttx" Current executable set to './nuttx' (x86_64). (lldb) run Process 67434 launched: '/Users/yamamoto/git/nuttx/nuttx/nuttx' (x86_64) Process 67434 stopped * thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error libdyld.dylib`stack_not_16_byte_aligned_error: -> 0x7fff6f1633a6 <+0>: movdqa %xmm0, (%rsp) 0x7fff6f1633ab <+5>: int3 libdyld.dylib`_dyld_fast_stub_entry: 0x7fff6f1633ac <+0>: pushq %rbp 0x7fff6f1633ad <+1>: movq %rsp, %rbp Target 0: (nuttx) stopped. (lldb) bt * thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error frame apache#1: 0x0000000101002048 frame apache#2: 0x000000010001682d nuttx`tty_send(dev=0x000000010002f370, ch=115) at up_uart.c:447:3 frame apache#3: 0x000000010000d7df nuttx`uart_xmitchars(dev=0x000000010002f370) at serial_io.c:68:7 frame apache#4: 0x0000000100016a95 nuttx`tty_txint(dev=0x000000010002f370, enable='\x01') at up_uart.c:462:7 frame apache#5: 0x000000010000ce48 nuttx`uart_write(filep=0x00000001010011e8, buffer="", buflen=0) at serial.c:1260:7 frame apache#6: 0x0000000100024ef3 nuttx`file_write(filep=0x00000001010011e8, buf=0x0000000100027a30, nbytes=23) at fs_write.c:89:10 frame apache#7: 0x0000000100024f6a nuttx`nx_write(fd=1, buf=0x0000000100027a30, nbytes=23) at fs_write.c:138:13 frame apache#8: 0x0000000100024fab nuttx`file_write(filep=0x0000000100027a30, buf=0x0000000000000017, nbytes=0) at fs_write.c:76:7 frame apache#9: 0x000000010002215e nuttx`stdio_test at ostest_main.c:574:3 frame apache#10: 0x0000000100021f1b nuttx`ostest_main(argc=1, argv=0x0000000101001300) at ostest_main.c:602:3 frame apache#11: 0x000000010000ff05 nuttx`nxtask_startup(entrypt=(nuttx`ostest_main at ostest_main.c:592), argc=1, argv=0x0000000101001300) at task_startup.c:150:8 frame apache#12: 0x000000010000a580 nuttx`nxtask_start at task_start.c:129:7 (lldb) ```
GUIDINGLI
added a commit
to GUIDINGLI/incubator-nuttx
that referenced
this pull request
Mar 28, 2022
==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478 READ of size 4 at 0xf514f8a8 thread T0 #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211 #1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312 #2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331 apache#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623 apache#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340 apache#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985 apache#6 0x57755a50 in rptun_worker rptun/rptun.c:303 apache#7 0x57755e51 in rptun_thread rptun/rptun.c:352 apache#8 0x57730d4a in nxtask_start task/task_start.c:128 apache#9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee) Signed-off-by: ligd <liguiding1@xiaomi.com>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Mar 29, 2022
==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478 READ of size 4 at 0xf514f8a8 thread T0 #0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211 #1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312 #2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331 #3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623 #4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340 #5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985 #6 0x57755a50 in rptun_worker rptun/rptun.c:303 #7 0x57755e51 in rptun_thread rptun/rptun.c:352 #8 0x57730d4a in nxtask_start task/task_start.c:128 #9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee) Signed-off-by: ligd <liguiding1@xiaomi.com>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Sep 22, 2022
I noticed that the conn instance will leak during stress test, The close work queued from tcp_close_eventhandler() will be canceled by tcp_timer() immediately: Breakpoint 1, tcp_close_eventhandler (dev=0x565cd338 <up_irq_restore+108>, pvpriv=0x5655e6ff <getpid+12>, flags=0) at tcp/tcp_close.c:71 (gdb) bt | #0 tcp_close_eventhandler (dev=0x565cd338 <up_irq_restore+108>, pvpriv=0x5655e6ff <getpid+12>, flags=0) at tcp/tcp_close.c:71 | #1 0x5658bf1e in devif_conn_event (dev=0x5660bd80 <g_sim_dev>, flags=512, list=0x5660d558 <g_cbprealloc+312>) at devif/devif_callback.c:508 | #2 0x5658a219 in tcp_callback (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>, flags=512) at tcp/tcp_callback.c:167 | #3 0x56589253 in tcp_timer (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:378 | #4 0x5658dd47 in tcp_poll (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_devpoll.c:95 | #5 0x5658b95f in devif_poll_tcp_connections (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:601 | #6 0x5658b9ea in devif_poll (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:722 | #7 0x56577230 in netdriver_txavail_work (arg=0x5660bd80 <g_sim_dev>) at sim/up_netdriver.c:308 | #8 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178 | #9 0x5655983f in nxtask_start () at task/task_start.c:129 (gdb) c Continuing. Breakpoint 2, tcp_update_timer (conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:178 (gdb) bt | #0 tcp_update_timer (conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:178 | #1 0x5658952a in tcp_timer (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:708 | #2 0x5658dd47 in tcp_poll (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_devpoll.c:95 | #3 0x5658b95f in devif_poll_tcp_connections (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:601 | #4 0x5658b9ea in devif_poll (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:722 | #5 0x56577230 in netdriver_txavail_work (arg=0x5660bd80 <g_sim_dev>) at sim/up_netdriver.c:308 | #6 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178 | #7 0x5655983f in nxtask_start () at task/task_start.c:129 Since a separate work will add 24 bytes to each conn instance, but in order to support the feature of asynchronous close(), I can not find a better way than adding a separate work, for resource constraints, I recommend the developers to enable CONFIG_NET_ALLOC_CONNS, which will reduce the ram usage. Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 6, 2023
Redefine built-in command (info thread/thread/c) to compatible with developer habits Test board: ./tools/configure.sh -E lm3s6965-ek:qemu-flat 1. start qemu: qemu-system-arm -M lm3s6965evb -device loader,file=nuttx -serial mon:stdio -nographic -s 2. gdb attach: gdb-multiarch -ix tools/nuttx-gdbinit nuttx -ex "target extended-remote localhost:1234" 3. show thread info and callstack: | (gdb) info thread | * 0 Thread 0x20001548 (Name: Idle Task, State: Running, Priority: 0, Stack: 1000) PC: 0x9eee in up_idle() | 1 Thread 0x20005058 (Name: hpwork, State: Waiting,Semaphore, Priority: 224, Stack: 1992) PC: 0xa124 in up_switch_context() | 2 Thread 0x20005c20 (Name: nsh_main, State: Waiting,Semaphore, Priority: 100, Stack: 2000) PC: 0xa124 in up_switch_context() | 3 Thread 0x20006b30 (Name: NTP daemon, State: Waiting,Semaphore, Priority: 100, Stack: 1952) PC: 0xa124 in up_switch_context() | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 0x00009eee in up_idle () at chip/common/tiva_idle.c:62 | #1 0x00003dd2 in nx_start () at init/nx_start.c:698 | #2 0x00000190 in __start () at chip/common/lmxx_tm4c_start.c:177 | (gdb) thread 4 | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 up_switch_context (tcb=0x20001548 <g_idletcb>, rtcb=rtcb@entry=0x200086f0) at common/arm_switchcontext.c:95 | #1 0x0000453a in nxsem_wait (sem=sem@entry=0x2000916c) at semaphore/sem_wait.c:176 | #2 0x0000197e in _net_timedwait (sem=sem@entry=0x2000916c, interruptible=interruptible@entry=true, timeout=timeout@entry=4294967295) at utils/net_lock.c:101 | #3 0x0000198e in net_sem_timedwait (sem=sem@entry=0x2000916c, timeout=timeout@entry=4294967295) at utils/net_lock.c:242 | #4 0x00001996 in net_sem_wait (sem=sem@entry=0x2000916c) at utils/net_lock.c:330 | #5 0x00025f84 in psock_tcp_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newconn=newconn@entry=0x2000956c) at tcp/tcp_accept.c:274 | #6 0x00025432 in inet_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newsock=0x20009568, flags=0) at inet/inet_sockif.c:1443 | apache#7 0x00027a10 in psock_accept (psock=0x200044b8, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, newsock=newsock@entry=0x20009568, flags=flags@entry=0) at socket/accept.c:149 | apache#8 0x00027a8c in accept4 (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, flags=flags@entry=0) at socket/accept.c:280 | apache#9 0x0002a256 in accept (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c) at net/lib_accept.c:50 | apache#10 0x0001efaa in telnetd_daemon (config=config@entry=0x20009290) at telnetd_daemon.c:200 | apache#11 0x0001e508 in telnetd_main (argc=1, argv=0x20008af8) at telnetd.c:98 | apache#12 0x00008486 in nxtask_startup (entrypt=0x1e4bd <telnetd_main>, entrypt@entry=0x1 <up_putc>, argc=1, argv=0x20008af8) at sched/task_startup.c:70 | apache#13 0x000056d2 in nxtask_start () at task/task_start.c:134 | apache#14 0x00000000 in ?? () | (gdb) c Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 6, 2023
Redefine built-in command (info thread/thread/c) to compatible with developer habits Test board: ./tools/configure.sh -E lm3s6965-ek:qemu-flat 1. start qemu: qemu-system-arm -M lm3s6965evb -device loader,file=nuttx -serial mon:stdio -nographic -s 2. gdb attach: gdb-multiarch -ix tools/nuttx-gdbinit nuttx -ex "target extended-remote localhost:1234" 3. show thread info and callstack: | (gdb) info thread | * 0 Thread 0x20001548 (Name: Idle Task, State: Running, Priority: 0, Stack: 1000) PC: 0x9eee in up_idle() | 1 Thread 0x20005058 (Name: hpwork, State: Waiting,Semaphore, Priority: 224, Stack: 1992) PC: 0xa124 in up_switch_context() | 2 Thread 0x20005c20 (Name: nsh_main, State: Waiting,Semaphore, Priority: 100, Stack: 2000) PC: 0xa124 in up_switch_context() | 3 Thread 0x20006b30 (Name: NTP daemon, State: Waiting,Semaphore, Priority: 100, Stack: 1952) PC: 0xa124 in up_switch_context() | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 0x00009eee in up_idle () at chip/common/tiva_idle.c:62 | #1 0x00003dd2 in nx_start () at init/nx_start.c:698 | #2 0x00000190 in __start () at chip/common/lmxx_tm4c_start.c:177 | (gdb) thread 4 | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 up_switch_context (tcb=0x20001548 <g_idletcb>, rtcb=rtcb@entry=0x200086f0) at common/arm_switchcontext.c:95 | #1 0x0000453a in nxsem_wait (sem=sem@entry=0x2000916c) at semaphore/sem_wait.c:176 | #2 0x0000197e in _net_timedwait (sem=sem@entry=0x2000916c, interruptible=interruptible@entry=true, timeout=timeout@entry=4294967295) at utils/net_lock.c:101 | #3 0x0000198e in net_sem_timedwait (sem=sem@entry=0x2000916c, timeout=timeout@entry=4294967295) at utils/net_lock.c:242 | #4 0x00001996 in net_sem_wait (sem=sem@entry=0x2000916c) at utils/net_lock.c:330 | #5 0x00025f84 in psock_tcp_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newconn=newconn@entry=0x2000956c) at tcp/tcp_accept.c:274 | #6 0x00025432 in inet_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newsock=0x20009568, flags=0) at inet/inet_sockif.c:1443 | apache#7 0x00027a10 in psock_accept (psock=0x200044b8, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, newsock=newsock@entry=0x20009568, flags=flags@entry=0) at socket/accept.c:149 | apache#8 0x00027a8c in accept4 (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, flags=flags@entry=0) at socket/accept.c:280 | apache#9 0x0002a256 in accept (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c) at net/lib_accept.c:50 | apache#10 0x0001efaa in telnetd_daemon (config=config@entry=0x20009290) at telnetd_daemon.c:200 | apache#11 0x0001e508 in telnetd_main (argc=1, argv=0x20008af8) at telnetd.c:98 | apache#12 0x00008486 in nxtask_startup (entrypt=0x1e4bd <telnetd_main>, entrypt@entry=0x1 <up_putc>, argc=1, argv=0x20008af8) at sched/task_startup.c:70 | apache#13 0x000056d2 in nxtask_start () at task/task_start.c:134 | apache#14 0x00000000 in ?? () | (gdb) c Signed-off-by: chao an <anchao@xiaomi.com>
xiaoxiang781216
pushed a commit
that referenced
this pull request
May 7, 2023
Redefine built-in command (info thread/thread/c) to compatible with developer habits Test board: ./tools/configure.sh -E lm3s6965-ek:qemu-flat 1. start qemu: qemu-system-arm -M lm3s6965evb -device loader,file=nuttx -serial mon:stdio -nographic -s 2. gdb attach: gdb-multiarch -ix tools/nuttx-gdbinit nuttx -ex "target extended-remote localhost:1234" 3. show thread info and callstack: | (gdb) info thread | * 0 Thread 0x20001548 (Name: Idle Task, State: Running, Priority: 0, Stack: 1000) PC: 0x9eee in up_idle() | 1 Thread 0x20005058 (Name: hpwork, State: Waiting,Semaphore, Priority: 224, Stack: 1992) PC: 0xa124 in up_switch_context() | 2 Thread 0x20005c20 (Name: nsh_main, State: Waiting,Semaphore, Priority: 100, Stack: 2000) PC: 0xa124 in up_switch_context() | 3 Thread 0x20006b30 (Name: NTP daemon, State: Waiting,Semaphore, Priority: 100, Stack: 1952) PC: 0xa124 in up_switch_context() | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 0x00009eee in up_idle () at chip/common/tiva_idle.c:62 | #1 0x00003dd2 in nx_start () at init/nx_start.c:698 | #2 0x00000190 in __start () at chip/common/lmxx_tm4c_start.c:177 | (gdb) thread 4 | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 up_switch_context (tcb=0x20001548 <g_idletcb>, rtcb=rtcb@entry=0x200086f0) at common/arm_switchcontext.c:95 | #1 0x0000453a in nxsem_wait (sem=sem@entry=0x2000916c) at semaphore/sem_wait.c:176 | #2 0x0000197e in _net_timedwait (sem=sem@entry=0x2000916c, interruptible=interruptible@entry=true, timeout=timeout@entry=4294967295) at utils/net_lock.c:101 | #3 0x0000198e in net_sem_timedwait (sem=sem@entry=0x2000916c, timeout=timeout@entry=4294967295) at utils/net_lock.c:242 | #4 0x00001996 in net_sem_wait (sem=sem@entry=0x2000916c) at utils/net_lock.c:330 | #5 0x00025f84 in psock_tcp_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newconn=newconn@entry=0x2000956c) at tcp/tcp_accept.c:274 | #6 0x00025432 in inet_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newsock=0x20009568, flags=0) at inet/inet_sockif.c:1443 | #7 0x00027a10 in psock_accept (psock=0x200044b8, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, newsock=newsock@entry=0x20009568, flags=flags@entry=0) at socket/accept.c:149 | #8 0x00027a8c in accept4 (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, flags=flags@entry=0) at socket/accept.c:280 | #9 0x0002a256 in accept (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c) at net/lib_accept.c:50 | #10 0x0001efaa in telnetd_daemon (config=config@entry=0x20009290) at telnetd_daemon.c:200 | #11 0x0001e508 in telnetd_main (argc=1, argv=0x20008af8) at telnetd.c:98 | #12 0x00008486 in nxtask_startup (entrypt=0x1e4bd <telnetd_main>, entrypt@entry=0x1 <up_putc>, argc=1, argv=0x20008af8) at sched/task_startup.c:70 | #13 0x000056d2 in nxtask_start () at task/task_start.c:134 | #14 0x00000000 in ?? () | (gdb) c Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 8, 2023
…_pairs=2 ================================================================= ==2920138==ERROR: AddressSanitizer: invalid-pointer-pair: 0x603000000130 0x000000000000 #0 0x5602d3c6a89d in qsort stdlib/lib_qsort.c:180 #1 0x5602d3c28928 in romfs_cachenode romfs/fs_romfsutil.c:503 #2 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486 #3 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777 #4 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111 #5 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427 #6 0x5602d3bf5796 in mount mount/fs_mount.c:539 apache#7 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110 apache#8 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127 apache#9 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69 apache#10 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70 apache#11 0x5602d3b5de89 in nxtask_start task/task_start.c:134 0x603000000130 is located 0 bytes inside of 32-byte region [0x603000000130,0x603000000150) allocated by thread T0 here: #0 0x7fcdac74793c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226 #1 0x5602d3c9024e in host_memalign sim/posix/sim_hostmemory.c:180 #2 0x5602d3c907d2 in host_realloc sim/posix/sim_hostmemory.c:222 #3 0x5602d3b8aaff in mm_realloc sim/sim_heap.c:262 #4 0x5602d3b87a6a in realloc umm_heap/umm_realloc.c:91 #5 0x5602d3c280c4 in romfs_cachenode romfs/fs_romfsutil.c:466 #6 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486 apache#7 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777 apache#8 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111 apache#9 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427 apache#10 0x5602d3bf5796 in mount mount/fs_mount.c:539 apache#11 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110 apache#12 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127 apache#13 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69 apache#14 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70 apache#15 0x5602d3b5de89 in nxtask_start task/task_start.c:134 Address 0x000000000000 is a wild pointer. SUMMARY: AddressSanitizer: invalid-pointer-pair stdlib/lib_qsort.c:180 in qsort ==2920138==ABORTING Aborted (core dumped) Signed-off-by: chao an <anchao@xiaomi.com>
jerpelea
pushed a commit
that referenced
this pull request
May 8, 2023
…_pairs=2 ================================================================= ==2920138==ERROR: AddressSanitizer: invalid-pointer-pair: 0x603000000130 0x000000000000 #0 0x5602d3c6a89d in qsort stdlib/lib_qsort.c:180 #1 0x5602d3c28928 in romfs_cachenode romfs/fs_romfsutil.c:503 #2 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486 #3 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777 #4 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111 #5 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427 #6 0x5602d3bf5796 in mount mount/fs_mount.c:539 #7 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110 #8 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127 #9 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69 #10 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70 #11 0x5602d3b5de89 in nxtask_start task/task_start.c:134 0x603000000130 is located 0 bytes inside of 32-byte region [0x603000000130,0x603000000150) allocated by thread T0 here: #0 0x7fcdac74793c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226 #1 0x5602d3c9024e in host_memalign sim/posix/sim_hostmemory.c:180 #2 0x5602d3c907d2 in host_realloc sim/posix/sim_hostmemory.c:222 #3 0x5602d3b8aaff in mm_realloc sim/sim_heap.c:262 #4 0x5602d3b87a6a in realloc umm_heap/umm_realloc.c:91 #5 0x5602d3c280c4 in romfs_cachenode romfs/fs_romfsutil.c:466 #6 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486 #7 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777 #8 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111 #9 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427 #10 0x5602d3bf5796 in mount mount/fs_mount.c:539 #11 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110 #12 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127 #13 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69 #14 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70 #15 0x5602d3b5de89 in nxtask_start task/task_start.c:134 Address 0x000000000000 is a wild pointer. SUMMARY: AddressSanitizer: invalid-pointer-pair stdlib/lib_qsort.c:180 in qsort ==2920138==ABORTING Aborted (core dumped) Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 23, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 23, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 23, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 24, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 24, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 25, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
May 25, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
xiaoxiang781216
pushed a commit
that referenced
this pull request
May 25, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk #10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 #7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 #8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 #9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 #10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 #11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 #12 0x1080378c in nxtask_start () at task/task_start.c:134 #13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
extinguish
pushed a commit
to extinguish/nuttx
that referenced
this pull request
Jun 1, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk apache#1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 apache#1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 apache#2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 apache#3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 apache#4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 apache#5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 apache#6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
Jul 14, 2023
Redefine built-in command (info thread/thread/c) to compatible with developer habits Test board: ./tools/configure.sh -E lm3s6965-ek:qemu-flat 1. start qemu: qemu-system-arm -M lm3s6965evb -device loader,file=nuttx -serial mon:stdio -nographic -s 2. gdb attach: gdb-multiarch -ix tools/nuttx-gdbinit nuttx -ex "target extended-remote localhost:1234" 3. show thread info and callstack: | (gdb) info thread | * 0 Thread 0x20001548 (Name: Idle Task, State: Running, Priority: 0, Stack: 1000) PC: 0x9eee in up_idle() | 1 Thread 0x20005058 (Name: hpwork, State: Waiting,Semaphore, Priority: 224, Stack: 1992) PC: 0xa124 in up_switch_context() | 2 Thread 0x20005c20 (Name: nsh_main, State: Waiting,Semaphore, Priority: 100, Stack: 2000) PC: 0xa124 in up_switch_context() | 3 Thread 0x20006b30 (Name: NTP daemon, State: Waiting,Semaphore, Priority: 100, Stack: 1952) PC: 0xa124 in up_switch_context() | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 0x00009eee in up_idle () at chip/common/tiva_idle.c:62 | #1 0x00003dd2 in nx_start () at init/nx_start.c:698 | #2 0x00000190 in __start () at chip/common/lmxx_tm4c_start.c:177 | (gdb) thread 4 | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 up_switch_context (tcb=0x20001548 <g_idletcb>, rtcb=rtcb@entry=0x200086f0) at common/arm_switchcontext.c:95 | #1 0x0000453a in nxsem_wait (sem=sem@entry=0x2000916c) at semaphore/sem_wait.c:176 | #2 0x0000197e in _net_timedwait (sem=sem@entry=0x2000916c, interruptible=interruptible@entry=true, timeout=timeout@entry=4294967295) at utils/net_lock.c:101 | #3 0x0000198e in net_sem_timedwait (sem=sem@entry=0x2000916c, timeout=timeout@entry=4294967295) at utils/net_lock.c:242 | #4 0x00001996 in net_sem_wait (sem=sem@entry=0x2000916c) at utils/net_lock.c:330 | #5 0x00025f84 in psock_tcp_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newconn=newconn@entry=0x2000956c) at tcp/tcp_accept.c:274 | #6 0x00025432 in inet_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newsock=0x20009568, flags=0) at inet/inet_sockif.c:1443 | apache#7 0x00027a10 in psock_accept (psock=0x200044b8, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, newsock=newsock@entry=0x20009568, flags=flags@entry=0) at socket/accept.c:149 | apache#8 0x00027a8c in accept4 (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, flags=flags@entry=0) at socket/accept.c:280 | apache#9 0x0002a256 in accept (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c) at net/lib_accept.c:50 | apache#10 0x0001efaa in telnetd_daemon (config=config@entry=0x20009290) at telnetd_daemon.c:200 | apache#11 0x0001e508 in telnetd_main (argc=1, argv=0x20008af8) at telnetd.c:98 | apache#12 0x00008486 in nxtask_startup (entrypt=0x1e4bd <telnetd_main>, entrypt@entry=0x1 <up_putc>, argc=1, argv=0x20008af8) at sched/task_startup.c:70 | apache#13 0x000056d2 in nxtask_start () at task/task_start.c:134 | apache#14 0x00000000 in ?? () | (gdb) c Change-Id: Iff0992976890236f3629c3bb3ab763fb4f625fa1 Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
Jul 14, 2023
…_pairs=2 ================================================================= ==2920138==ERROR: AddressSanitizer: invalid-pointer-pair: 0x603000000130 0x000000000000 #0 0x5602d3c6a89d in qsort stdlib/lib_qsort.c:180 #1 0x5602d3c28928 in romfs_cachenode romfs/fs_romfsutil.c:503 #2 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486 #3 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777 #4 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111 #5 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427 #6 0x5602d3bf5796 in mount mount/fs_mount.c:539 apache#7 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110 apache#8 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127 apache#9 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69 apache#10 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70 apache#11 0x5602d3b5de89 in nxtask_start task/task_start.c:134 0x603000000130 is located 0 bytes inside of 32-byte region [0x603000000130,0x603000000150) allocated by thread T0 here: #0 0x7fcdac74793c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226 #1 0x5602d3c9024e in host_memalign sim/posix/sim_hostmemory.c:180 #2 0x5602d3c907d2 in host_realloc sim/posix/sim_hostmemory.c:222 #3 0x5602d3b8aaff in mm_realloc sim/sim_heap.c:262 #4 0x5602d3b87a6a in realloc umm_heap/umm_realloc.c:91 #5 0x5602d3c280c4 in romfs_cachenode romfs/fs_romfsutil.c:466 #6 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486 apache#7 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777 apache#8 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111 apache#9 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427 apache#10 0x5602d3bf5796 in mount mount/fs_mount.c:539 apache#11 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110 apache#12 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127 apache#13 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69 apache#14 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70 apache#15 0x5602d3b5de89 in nxtask_start task/task_start.c:134 Address 0x000000000000 is a wild pointer. SUMMARY: AddressSanitizer: invalid-pointer-pair stdlib/lib_qsort.c:180 in qsort ==2920138==ABORTING Aborted (core dumped) Signed-off-by: chao an <anchao@xiaomi.com>
anchao
referenced
this pull request
in anchao/nuttx
Jul 14, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Change-Id: Idd3df1e474ff76c645976971b794c7116c841c9a Signed-off-by: chao an <anchao@xiaomi.com>
zhhyu7
added a commit
to zhhyu7/incubator-nuttx
that referenced
this pull request
Jul 17, 2023
if client is a noblocking socket, user can do close when server has not yet invoke accept interface, so we need remove this socket from server.lc_waiters. avoid server socket access the freed memory. ==936564==ERROR: AddressSanitizer: heap-use-after-free on address 0xf23071c8 at pc 0x58eaac3b bp 0xf0b9e218 sp 0xf0b9e208 READ of size 4 at 0xf23071c8 thread T0 #0 0x58eaac3a in dq_remfirst queue/dq_remfirst.c:45 #1 0x58fd1efe in local_accept local/local_accept.c:141 #2 0x58f66df6 in psock_accept socket/accept.c:149 apache#3 0x58f672a4 in accept4 socket/accept.c:280 apache#4 0x5be9ee0c in accept net/lib_accept.c:50 apache#5 0x592d6a5d in uv__accept libuv/src/unix/core.c:502 apache#6 0x5930d83b in uv__server_io libuv/src/unix/stream.c:550 apache#7 0x592efbde in uv__io_poll libuv/src/unix/posix-poll.c:335 apache#8 0x592d649a in uv_run libuv/src/unix/core.c:387 apache#9 0x5a7180f7 in service_schedule_loop service/common/service_loop.c:146 apache#10 0x591f300b in pthread_startup pthread/pthread_create.c:59 apache#11 0x5be8134f in pthread_start pthread/pthread_create.c:139 apache#12 0x58ee2762 in pre_start sim/sim_initialstate.c:53 Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com> Change-Id: If4f79e6d359922c8b00d44fefd393f6df0b63638
zhhyu7
added a commit
to zhhyu7/incubator-nuttx
that referenced
this pull request
Jul 17, 2023
if client is a noblocking socket, user can do close when server has not yet invoke accept interface, so we need remove this socket from server.lc_waiters. avoid server socket access the freed memory. ==936564==ERROR: AddressSanitizer: heap-use-after-free on address 0xf23071c8 at pc 0x58eaac3b bp 0xf0b9e218 sp 0xf0b9e208 READ of size 4 at 0xf23071c8 thread T0 #0 0x58eaac3a in dq_remfirst queue/dq_remfirst.c:45 #1 0x58fd1efe in local_accept local/local_accept.c:141 #2 0x58f66df6 in psock_accept socket/accept.c:149 apache#3 0x58f672a4 in accept4 socket/accept.c:280 apache#4 0x5be9ee0c in accept net/lib_accept.c:50 apache#5 0x592d6a5d in uv__accept libuv/src/unix/core.c:502 apache#6 0x5930d83b in uv__server_io libuv/src/unix/stream.c:550 apache#7 0x592efbde in uv__io_poll libuv/src/unix/posix-poll.c:335 apache#8 0x592d649a in uv_run libuv/src/unix/core.c:387 apache#9 0x5a7180f7 in service_schedule_loop service/common/service_loop.c:146 apache#10 0x591f300b in pthread_startup pthread/pthread_create.c:59 apache#11 0x5be8134f in pthread_start pthread/pthread_create.c:139 apache#12 0x58ee2762 in pre_start sim/sim_initialstate.c:53 Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
jerpelea
pushed a commit
that referenced
this pull request
Jul 17, 2023
if client is a noblocking socket, user can do close when server has not yet invoke accept interface, so we need remove this socket from server.lc_waiters. avoid server socket access the freed memory. ==936564==ERROR: AddressSanitizer: heap-use-after-free on address 0xf23071c8 at pc 0x58eaac3b bp 0xf0b9e218 sp 0xf0b9e208 READ of size 4 at 0xf23071c8 thread T0 #0 0x58eaac3a in dq_remfirst queue/dq_remfirst.c:45 #1 0x58fd1efe in local_accept local/local_accept.c:141 #2 0x58f66df6 in psock_accept socket/accept.c:149 #3 0x58f672a4 in accept4 socket/accept.c:280 #4 0x5be9ee0c in accept net/lib_accept.c:50 #5 0x592d6a5d in uv__accept libuv/src/unix/core.c:502 #6 0x5930d83b in uv__server_io libuv/src/unix/stream.c:550 #7 0x592efbde in uv__io_poll libuv/src/unix/posix-poll.c:335 #8 0x592d649a in uv_run libuv/src/unix/core.c:387 #9 0x5a7180f7 in service_schedule_loop service/common/service_loop.c:146 #10 0x591f300b in pthread_startup pthread/pthread_create.c:59 #11 0x5be8134f in pthread_start pthread/pthread_create.c:139 #12 0x58ee2762 in pre_start sim/sim_initialstate.c:53 Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
GUIDINGLI
added a commit
to GUIDINGLI/incubator-nuttx
that referenced
this pull request
Sep 23, 2023
==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148 READ of size 2 at 0xf0501d60 thread T0 #0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94 #1 0x3548cf5 in _net_timedwait utils/net_lock.c:97 #2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236 apache#3 0x3548f8c in net_sem_wait utils/net_lock.c:318 apache#4 0x350124d in local_accept local/local_accept.c:246 apache#5 0x3492719 in psock_accept socket/accept.c:149 apache#6 0x3492bcc in accept4 socket/accept.c:280 apache#7 0x662dc04 in accept net/lib_accept.c:50 apache#8 0x55c81ab in kvdb_loop kvdb/server.c:415 apache#9 0x55c860a in kvdbd_main kvdb/server.c:458 apache#10 0x33d968b in nxtask_startup sched/task_startup.c:70 apache#11 0x32ec039 in nxtask_start task/task_start.c:134 apache#12 0x34109be in pre_start sim/sim_initialstate.c:52 0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4) freed by thread T0 here: #0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192 #2 0x34131d6 in mm_free sim/sim_heap.c:230 apache#3 0x3409388 in free umm_heap/umm_free.c:49 apache#4 0x35631f3 in local_free local/local_conn.c:225 apache#5 0x3563f75 in local_release local/local_release.c:129 apache#6 0x34f5a32 in local_close local/local_sockif.c:785 apache#7 0x3496ee8 in psock_close socket/net_close.c:102 apache#8 0x36500bc in sock_file_close socket/socket.c:115 apache#9 0x3635f6c in file_close vfs/fs_close.c:74 apache#10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670 apache#11 0x36324f3 in nx_close inode/fs_files.c:697 apache#12 0x3632557 in close inode/fs_files.c:735 apache#13 0x55be289 in property_set_ kvdb/client.c:210 apache#14 0x55c0309 in property_set_int32_ kvdb/common.c:226 apache#15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236 Signed-off-by: ligd <liguiding1@xiaomi.com>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Sep 24, 2023
==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148 READ of size 2 at 0xf0501d60 thread T0 #0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94 #1 0x3548cf5 in _net_timedwait utils/net_lock.c:97 #2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236 #3 0x3548f8c in net_sem_wait utils/net_lock.c:318 #4 0x350124d in local_accept local/local_accept.c:246 #5 0x3492719 in psock_accept socket/accept.c:149 #6 0x3492bcc in accept4 socket/accept.c:280 #7 0x662dc04 in accept net/lib_accept.c:50 #8 0x55c81ab in kvdb_loop kvdb/server.c:415 #9 0x55c860a in kvdbd_main kvdb/server.c:458 #10 0x33d968b in nxtask_startup sched/task_startup.c:70 #11 0x32ec039 in nxtask_start task/task_start.c:134 #12 0x34109be in pre_start sim/sim_initialstate.c:52 0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4) freed by thread T0 here: #0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192 #2 0x34131d6 in mm_free sim/sim_heap.c:230 #3 0x3409388 in free umm_heap/umm_free.c:49 #4 0x35631f3 in local_free local/local_conn.c:225 #5 0x3563f75 in local_release local/local_release.c:129 #6 0x34f5a32 in local_close local/local_sockif.c:785 #7 0x3496ee8 in psock_close socket/net_close.c:102 #8 0x36500bc in sock_file_close socket/socket.c:115 #9 0x3635f6c in file_close vfs/fs_close.c:74 #10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670 #11 0x36324f3 in nx_close inode/fs_files.c:697 #12 0x3632557 in close inode/fs_files.c:735 #13 0x55be289 in property_set_ kvdb/client.c:210 #14 0x55c0309 in property_set_int32_ kvdb/common.c:226 #15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236 Signed-off-by: ligd <liguiding1@xiaomi.com>
xiaoxiang781216
pushed a commit
that referenced
this pull request
Nov 7, 2023
Race condition if the remote proc is stoped during initialization phase | #0 0x0249f959 in rpmsg_destroy_ept (ept=0xffffffc0) at open-amp/lib/rpmsg/rpmsg.c:376 | #1 0x024a938c in rpmsg_deinit_vdev (rvdev=0xf2303a48) at open-amp/lib/rpmsg/rpmsg_virtio.c:971 | #2 0x02117e33 in rptun_dev_stop (rproc=0xf2303a04, stop_ns=true) at rptun/rptun.c:891 | #3 0x021181d8 in rptun_do_ioctl (priv=0xf2303a00, cmd=11010, arg=0) at rptun/rptun.c:922 | #4 0x02119722 in rptun_ioctl_foreach (cpuname=0x0, cmd=11010, value=0) at rptun/rptun.c:1086 | #5 0x0211b9df in rptun_poweroff (cpuname=0x0) at rptun/rptun.c:1378 | #6 0x02053aa6 in board_power_off (status=0) at sim/sim_head.c:206 | #7 0x0253d65c in boardctl (cmd=65283, arg=0) at boardctl.c:400 | #8 0x021eb497 in cmd_poweroff (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_syscmds.c:356 | #9 0x021cdb4d in nsh_command (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_command.c:1164 | #10 0x021baa72 in nsh_execute (vtbl=0xef606280, argc=1, argv=0xef9b73e0, redirfile=0x0, oflags=0) at nsh_parse.c:845 | #11 0x021c6b0a in nsh_parse_command (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2744 | #12 0x021c7166 in nsh_parse (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2828 | #13 0x0221fa2f in nsh_session (pstate=0xef606280, login=1, argc=1, argv=0xef7a7860) at nsh_session.c:245 | #14 0x021f8c04 in nsh_consolemain (argc=1, argv=0xef7a7860) at nsh_consolemain.c:75 | #15 0x021b77eb in nsh_main (argc=1, argv=0xef7a7860) at nsh_main.c:74 | #16 0x02166ddf in nxtask_startup (entrypt=0x21b76ca <nsh_main>, argc=1, argv=0xef7a7860) at sched/task_startup.c:70 | #17 0x020b363c in nxtask_start () at task/task_start.c:134 Signed-off-by: chao an <anchao@xiaomi.com>
halyssonJr
pushed a commit
to halyssonJr/nuttx
that referenced
this pull request
Apr 10, 2024
Race condition if the remote proc is stoped during initialization phase | #0 0x0249f959 in rpmsg_destroy_ept (ept=0xffffffc0) at open-amp/lib/rpmsg/rpmsg.c:376 | apache#1 0x024a938c in rpmsg_deinit_vdev (rvdev=0xf2303a48) at open-amp/lib/rpmsg/rpmsg_virtio.c:971 | apache#2 0x02117e33 in rptun_dev_stop (rproc=0xf2303a04, stop_ns=true) at rptun/rptun.c:891 | apache#3 0x021181d8 in rptun_do_ioctl (priv=0xf2303a00, cmd=11010, arg=0) at rptun/rptun.c:922 | apache#4 0x02119722 in rptun_ioctl_foreach (cpuname=0x0, cmd=11010, value=0) at rptun/rptun.c:1086 | apache#5 0x0211b9df in rptun_poweroff (cpuname=0x0) at rptun/rptun.c:1378 | apache#6 0x02053aa6 in board_power_off (status=0) at sim/sim_head.c:206 | apache#7 0x0253d65c in boardctl (cmd=65283, arg=0) at boardctl.c:400 | apache#8 0x021eb497 in cmd_poweroff (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_syscmds.c:356 | apache#9 0x021cdb4d in nsh_command (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_command.c:1164 | apache#10 0x021baa72 in nsh_execute (vtbl=0xef606280, argc=1, argv=0xef9b73e0, redirfile=0x0, oflags=0) at nsh_parse.c:845 | apache#11 0x021c6b0a in nsh_parse_command (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2744 | apache#12 0x021c7166 in nsh_parse (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2828 | apache#13 0x0221fa2f in nsh_session (pstate=0xef606280, login=1, argc=1, argv=0xef7a7860) at nsh_session.c:245 | apache#14 0x021f8c04 in nsh_consolemain (argc=1, argv=0xef7a7860) at nsh_consolemain.c:75 | apache#15 0x021b77eb in nsh_main (argc=1, argv=0xef7a7860) at nsh_main.c:74 | apache#16 0x02166ddf in nxtask_startup (entrypt=0x21b76ca <nsh_main>, argc=1, argv=0xef7a7860) at sched/task_startup.c:70 | apache#17 0x020b363c in nxtask_start () at task/task_start.c:134 Signed-off-by: chao an <anchao@xiaomi.com>
nealef
pushed a commit
to nealef/nuttx
that referenced
this pull request
May 29, 2024
Race condition if the remote proc is stoped during initialization phase | #0 0x0249f959 in rpmsg_destroy_ept (ept=0xffffffc0) at open-amp/lib/rpmsg/rpmsg.c:376 | apache#1 0x024a938c in rpmsg_deinit_vdev (rvdev=0xf2303a48) at open-amp/lib/rpmsg/rpmsg_virtio.c:971 | apache#2 0x02117e33 in rptun_dev_stop (rproc=0xf2303a04, stop_ns=true) at rptun/rptun.c:891 | apache#3 0x021181d8 in rptun_do_ioctl (priv=0xf2303a00, cmd=11010, arg=0) at rptun/rptun.c:922 | apache#4 0x02119722 in rptun_ioctl_foreach (cpuname=0x0, cmd=11010, value=0) at rptun/rptun.c:1086 | apache#5 0x0211b9df in rptun_poweroff (cpuname=0x0) at rptun/rptun.c:1378 | apache#6 0x02053aa6 in board_power_off (status=0) at sim/sim_head.c:206 | apache#7 0x0253d65c in boardctl (cmd=65283, arg=0) at boardctl.c:400 | apache#8 0x021eb497 in cmd_poweroff (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_syscmds.c:356 | apache#9 0x021cdb4d in nsh_command (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_command.c:1164 | apache#10 0x021baa72 in nsh_execute (vtbl=0xef606280, argc=1, argv=0xef9b73e0, redirfile=0x0, oflags=0) at nsh_parse.c:845 | apache#11 0x021c6b0a in nsh_parse_command (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2744 | apache#12 0x021c7166 in nsh_parse (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2828 | apache#13 0x0221fa2f in nsh_session (pstate=0xef606280, login=1, argc=1, argv=0xef7a7860) at nsh_session.c:245 | apache#14 0x021f8c04 in nsh_consolemain (argc=1, argv=0xef7a7860) at nsh_consolemain.c:75 | apache#15 0x021b77eb in nsh_main (argc=1, argv=0xef7a7860) at nsh_main.c:74 | apache#16 0x02166ddf in nxtask_startup (entrypt=0x21b76ca <nsh_main>, argc=1, argv=0xef7a7860) at sched/task_startup.c:70 | apache#17 0x020b363c in nxtask_start () at task/task_start.c:134 Signed-off-by: chao an <anchao@xiaomi.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change-Id: I6f547bb4bfb3bb621573db9097a531ce2260e794
Signed-off-by: chao.an anchao@xiaomi.com