Fix compilation errors with arm-none-eabi-gcc 7 #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@jlecoeur thanks, but we currently only change nuttx via patches. https://github.com/PX4/Firmware/tree/master/nuttx-patches Do you want to also submit this upsteam? https://bitbucket.org/nuttx/nuttx |
|
In the past, compiler specific changes, using different build flags than those that nuttx uses have not been accepted upstream. You can try again. If they are rejected we can carry the patch. |
PX4BuildBot
pushed a commit
that referenced
this pull request
Jun 15, 2020
ASAN trace:
...
==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8
WRITE of size 1 at 0xf4502120 thread T0
#0 0x56673ca2 in strcpy string/lib_strcpy.c:64
0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120)
allocated by thread T0 here:
#0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54)
#1 0x5667725d in up_create_stack sim/up_createstack.c:135
#2 0x56657ed8 in nxthread_create task/task_create.c:125
#3 0x566580bb in kthread_create task/task_create.c:297
#4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149
#5 0x56656f31 in nx_workqueues init/nx_bringup.c:181
#6 0x56656fc6 in nx_bringup init/nx_bringup.c:436
#7 0x56656e95 in nx_start init/nx_start.c:809
#8 0x566548d4 in main sim/up_head.c:95
#9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)
CALLSTACK:
#8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4
#9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64
#10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570
#11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714
#12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143
#13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297
#14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149
#15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181
#16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436
#17 0x565e3d96 in nx_start () at init/nx_start.c:809
#18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95
Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac
Signed-off-by: chao.an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Sep 1, 2020
Note: dlsymtab is not in standards. but just in case. (gdb) bt #0 getpid () at task/task_getpid.c:91 #1 0x00000000004fbc9d in modlib_registry_lock () at modlib/modlib_registry.c:89 #2 0x0000000000719ee0 in modsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92 #3 0x000000000071597d in dlsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164 #4 0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #5 0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #6 0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #7 0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2 #8 0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2 #9 0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2 #10 0x0000000000000001 in ?? () #11 0x00007fff028f686b in ?? () #12 0x0000000000000000 in ?? () (gdb) quit
PX4BuildBot
pushed a commit
that referenced
this pull request
Nov 9, 2020
(gdb) b longjmp Breakpoint 1 at 0x8270 (gdb) r Starting program: /home/chao/code/m3/nuttx/nuttx [ 0.000000] Assertion failed at file:task/task_onexit.c line: 99 Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 (gdb) (gdb) bt |#0 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 |#1 0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0 |#2 0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132 |#3 0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36 |#4 0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99 |#5 0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109 |#6 0x565fd819 in simuart_start () at sim/up_simuart.c:112 |#7 0x5656c844 in up_uartinit () at sim/up_uart.c:496 |#8 0x5656ba7a in up_initialize () at sim/up_initialize.c:234 |#9 0x5655da56 in nx_start () at init/nx_start.c:701 |#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96 Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6 Signed-off-by: chao.an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Dec 15, 2020
Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |#21 0x08049713 in nxtask_start () at task/task_start.c:144 |#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Mar 23, 2021
Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux.
```
Program received signal SIGSEGV, Segmentation fault.
getpid () at task/task_getpid.c:76
76 task/task_getpid.c: No such file or directory.
rax 0x2feeb4 3141300
rbx 0xc53f83 12926851
rcx 0x6837665ee4c00 1833394399759360
rdx 0x472080 4661376
rsi 0xc53f83 12926851
rdi 0xffffffffffffffff -1
rbp 0x7ffe4cdfe140 0x7ffe4cdfe140
rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0
r8 0xffffffffffffffff -1
r9 0x0 0
r10 0x22 34
r11 0x246 582
r12 0x472080 4661376
r13 0x7ffe4cdfe3e8 140730188162024
r14 0x472080 4661376
r15 0xf60398 16122776
rip 0x4e9b93 0x4e9b93 <getpid+35>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
#0 getpid () at task/task_getpid.c:76
#1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89
#2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77
#3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149
#4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) ()
#5 0x000000000048181e in InitializeCommonInterceptors() ()
#6 0x000000000048106a in __asan::InitializeAsanInterceptors() ()
#7 0x000000000049b85e in __asan::AsanInitInternal() ()
#8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2
#9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2
#10 0x0000000000000001 in ?? ()
#11 0x00007ffe4cdfff56 in ?? ()
#12 0x0000000000000000 in ?? ()
```
PX4BuildBot
pushed a commit
that referenced
this pull request
Mar 29, 2022
==1598322==ERROR: AddressSanitizer: heap-use-after-free on address 0xf514f8a8 at pc 0x58ac3898 bp 0xd0b4d488 sp 0xd0b4d478
READ of size 4 at 0xf514f8a8 thread T0
#0 0x58ac3897 in rpmsg_socket_pollnotify rpmsg/rpmsg_sockif.c:211
#1 0x58ac512f in rpmsg_socket_ept_cb rpmsg/rpmsg_sockif.c:312
#2 0x5787881c in rpmsg_virtio_rx_callback open-amp/lib/rpmsg/rpmsg_virtio.c:331
#3 0x57886a67 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:623
#4 0x5786fb89 in rproc_virtio_notified open-amp/lib/remoteproc/remoteproc_virtio.c:340
#5 0x5786bde3 in remoteproc_get_notification open-amp/lib/remoteproc/remoteproc.c:985
#6 0x57755a50 in rptun_worker rptun/rptun.c:303
#7 0x57755e51 in rptun_thread rptun/rptun.c:352
#8 0x57730d4a in nxtask_start task/task_start.c:128
#9 0xdeadbeee (/memfd:pulseaudio (deleted)+0x15dbeee)
Signed-off-by: ligd <liguiding1@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Apr 13, 2022
The different optimization of compilers will cause ambiguity in
obtaining sp through up_getsp() in arm_stack_color(), if compile
with clang and enable the optimization flag (-Ofast), up_getsp()
call will be earlier than push {r0-r9,lr}, the end address of color
stack will overlap with saved registers.
Compile line:
clang --target=arm-none-eabi -c "-Ofast" -fno-builtin -march=armv8.1-m.main+mve.fp+fp.dp \
-mtune=cortex-m55 -mthumb -mfpu=fpv5-d16 -mfloat-abi=hard -D__NuttX__ -common/arm_checkstack.c -o arm_checkstack.o
Assembler code:
llvm-objdump -aS arm_checkstack.o
------------------------------------
|00000000 <arm_stack_color>:
|; start = INT32_ALIGN_UP((uintptr_t)stackbase);
| 0: c2 1c adds r2, r0, #3
| 2: 22 f0 03 02 bic r2, r2, #3
|; end = nbytes ? INT32_ALIGN_DOWN((uintptr_t)stackbase + nbytes) :
| 6: 19 b1 cbz r1, 0x10 <arm_stack_color+0x10> @ imm = #6
| 8: 08 44 add r0, r1
| a: 20 f0 03 00 bic r0, r0, #3
| e: 00 e0 b 0x12 <arm_stack_color+0x12> @ imm = #0
|; __asm__
| 10: 68 46 mov r0, sp <--- fetch the sp before push {r7 lr}
| 12: 80 b5 push {r7, lr} <--- sp changed
|; nwords = (end - start) >> 2;
| 14: 80 1a subs r0, r0, r2
| 16: 80 08 lsrs r0, r0, #2
|; }
| 18: 08 bf it eq
| 1a: 80 bd popeq {r7, pc}
| 1c: 4b f6 ef 63 movw r3, #48879
| 20: cd f6 ad 63 movt r3, #57005
| 24: a0 ee 10 3b vdup.32 q0, r3
|; while (nwords-- > 0)
| 28: 20 f0 01 e0 dlstp.32 lr, r0
|; *ptr++ = STACK_COLOR; <--- overwrite
| 2c: a2 ec 04 1f vstrw.32 q0, [r2], #16
| 30: 1f f0 05 c0 letp lr, 0x2c <arm_stack_color+0x2c> @ imm = #-8
|; }
| 34: 80 bd pop {r7, pc}
------------------------------------
Signed-off-by: chao.an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Jul 8, 2022
This reverts commit b88a1fd. [1] Because: * It casues assertion failures like [2]. * I don't understand what it attempted to fix. [1] ``` commit b88a1fd Author: chao.an <anchao@xiaomi.com> Date: Sat Jul 2 13:17:41 2022 +0800 net/tcp: discard connect reference before free connect reference should be set to 0 before free Signed-off-by: chao.an <anchao@xiaomi.com> ``` [2] ``` #0 up_assert (filename=0x5516d0 "tcp/tcp_conn.c", lineno=771) at sim/up_assert.c:75 #1 0x000000000040a4bb in _assert (filename=0x5516d0 "tcp/tcp_conn.c", linenum=771) at assert/lib_assert.c:36 #2 0x000000000042a2ad in tcp_free (conn=0x597fe0 <g_tcp_connections+384>) at tcp/tcp_conn.c:771 #3 0x000000000053bdc2 in tcp_close_disconnect (psock=0x7f58d1abbd80) at tcp/tcp_close.c:331 #4 0x000000000053bc69 in tcp_close (psock=0x7f58d1abbd80) at tcp/tcp_close.c:366 #5 0x000000000052eefe in inet_close (psock=0x7f58d1abbd80) at inet/inet_sockif.c:1689 #6 0x000000000052eb9b in psock_close (psock=0x7f58d1abbd80) at socket/net_close.c:102 #7 0x0000000000440495 in sock_file_close (filep=0x7f58d1b35f40) at socket/socket.c:115 #8 0x000000000043b8b6 in file_close (filep=0x7f58d1b35f40) at vfs/fs_close.c:74 #9 0x000000000043ab22 in nx_close (fd=9) at inode/fs_files.c:544 #10 0x000000000043ab7f in close (fd=9) at inode/fs_files.c:578 ```
PX4BuildBot
pushed a commit
that referenced
this pull request
Jul 9, 2022
When the free connection list is unenough to alloc a new instance, the TCP stack will reuse the currently closed connection, but if the handle is not released by the user via close(2), the reference count of the connection remains in a non-zero value, it will cause the assertion to fail, so when the handle is not released we should not use such a conn instance when being actively closed, and ensure that the reference count is assigned within the net lock protection |(gdb) bt |#0 up_assert (filename=0x565c78f7 "tcp/tcp_conn.c", lineno=771) at sim/up_assert.c:75 |#1 0x56566177 in _assert (filename=0x565c78f7 "tcp/tcp_conn.c", linenum=771) at assert/lib_assert.c:36 |#2 0x5657d620 in tcp_free (conn=0x565fb3e0 <g_tcp_connections>) at tcp/tcp_conn.c:771 |#3 0x5657d5a1 in tcp_alloc (domain=2 '\002') at tcp/tcp_conn.c:700 |#4 0x565b1f50 in inet_tcp_alloc (psock=0xf3dea150) at inet/inet_sockif.c:144 |#5 0x565b2082 in inet_setup (psock=0xf3dea150, protocol=0) at inet/inet_sockif.c:253 |#6 0x565b1bf0 in psock_socket (domain=2, type=1, protocol=0, psock=0xf3dea150) at socket/socket.c:121 |#7 0x56588f5f in socket (domain=2, type=1, protocol=0) at socket/socket.c:278 |#8 0x565b11c0 in hello_main (argc=1, argv=0xf3dfab10) at hello_main.c:35 |#9 0x56566631 in nxtask_startup (entrypt=0x565b10ef <hello_main>, argc=1, argv=0xf3dfab10) at sched/task_startup.c:70 |#10 0x565597fa in nxtask_start () at task/task_start.c:134 Signed-off-by: chao.an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Aug 1, 2022
| (gdb) bt | #0 up_assert (filename=0x7fffffffdc6c "\001", lineno=0) at sim/up_assert.c:75 | #1 0x00005555555e636b in _assert (filename=0x555555627225 "kasan/kasan.c", linenum=104) at assert/lib_assert.c:36 | #2 0x00005555555a388e in kasan_report (addr=140737284458088, size=1, is_write=true) at kasan/kasan.c:104 | #3 0x00005555555a40a1 in __asan_storeN_noabort (addr=140737284458088, size=1) at kasan/kasan.c:297 | #4 0x00005555555a4519 in __asan_store1_noabort (addr=140737284458088) at kasan/kasan.c:348 | #5 0x00005555555a26d7 in memset (s=0x7ffff3d8c668, c=0, n=63) at string/lib_memset.c:169 | #6 0x00005555555a46a4 in mm_addregion (heap=0x7ffff3d8c000, heapstart=0x7ffff3d8c648, heapsize=66058656) at mm_heap/mm_initialize.c:131 | #7 0x00005555555a4a00 in mm_initialize (name=0x555555627068 "Umem", heapstart=0x7ffff3d8c648, heapsize=67107256) at mm_heap/mm_initialize.c:231 | #8 0x00005555555a33b1 in umm_initialize (heap_start=0x7ffff3d8c000, heap_size=67108864) at umm_heap/umm_initialize.c:84 | #9 0x000055555558f17c in nx_start () at init/nx_start.c:469 | #10 0x0000555555589559 in main (argc=1, argv=0x7fffffffdf58, envp=0x7fffffffdf68) at sim/up_head.c:131 | (gdb) Signed-off-by: chao.an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Aug 1, 2022
The free node is still in use after kasan_poison(), the node member access will cause the assert report by kasan. | (gdb) bt | #0 kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97 | #1 0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289 | #2 0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323 | #3 0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301 | #4 0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77 | #5 0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128 | #6 0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72 | #7 0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144 | #8 0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765 | #9 0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26 | #10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127 | #11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89 | #12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49 | #13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67 | #14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134 | #15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184 | #16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168 | #17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64 | #18 0x000055555564f454 in _exit (status=0) at task/exit.c:78 | #19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27 | #20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54 | #21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70 | #22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134 | #23 0x0000000000000000 in ?? () Signed-off-by: chao.an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Aug 30, 2022
devif_conn_event() will be called recursively in the psock_send_eventhandler(),
if the tcp event tcp_close_eventhandler() is marked as "next" in first devif_conn_event()
and released from sencond recursive call, the "next" event in the first devif_conn_event()
will become a wild pointer.
479 uint16_t devif_conn_event(FAR struct net_driver_s *dev, uint16_t flags,
480 FAR struct devif_callback_s *list)
481 {
482 FAR struct devif_callback_s *next;
...
488 net_lock();
489 while (list && flags)
490 {
...
496 next = list->nxtconn; <------------------ event tcp_close_eventhandler() on next
...
500 if (list->event != NULL && devif_event_trigger(flags, list->flags))
501 {
...
507 flags = list->event(dev, list->priv, flags); <---------------- perform psock_send_eventhandler(), event tcp_close_eventhandler() will be remove from tcp_lost_connection()
508 }
...
512 list = next; <---------------- event tcp_close_eventhandler() has been released, wild pointer
513 }
514
515 net_unlock();
516 return flags;
517 }
The callstack as below:
Breakpoint 1, tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
(gdb) bt
| #0 tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
| #1 0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x56609498 <g_cbprealloc+312>) at devif/devif_callback.c:507
----------------> devif_conn_event() recursively
| #2 0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #3 0x565c55e4 in tcp_shutdown_monitor (conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_monitor.c:211
| #4 0x565c584b in tcp_lost_connection (conn=0x566084a0 <g_tcp_connections>, cb=0x566094b0 <g_cbprealloc+336>, flags=65) at tcp/tcp_monitor.c:391
| #5 0x565c028a in psock_send_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_send_buffered.c:544
----------------> call psock_send_eventhandler() before tcp_close_eventhandler()
| #6 0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x566094b0 <g_cbprealloc+336>) at devif/devif_callback.c:507
| #7 0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #8 0x5658e8cc in tcp_input (dev=0x56607d80 <g_sim_dev>, domain=2 '\002', iplen=20) at tcp/tcp_input.c:1059
| #9 0x5658ed77 in tcp_ipv4_input (dev=0x56607d80 <g_sim_dev>) at tcp/tcp_input.c:1355
| #10 0x5658c0a2 in ipv4_input (dev=0x56607d80 <g_sim_dev>) at devif/ipv4_input.c:358
| #11 0x56577017 in netdriver_recv_work (arg=0x56607d80 <g_sim_dev>) at sim/up_netdriver.c:182
| #12 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| #13 0x5655983f in nxtask_start () at task/task_start.c:129
(gdb) c
Continuing.
Breakpoint 1, tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
(gdb) bt
| #0 tcp_close_eventhandler (dev=0x56607d80 <g_sim_dev>, pvpriv=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_close.c:83
----------------------> "next" corrupted, invaild call tcp_close_eventhandler()
| #1 0x5658bb57 in devif_conn_event (dev=0x56607d80 <g_sim_dev>, flags=65, list=0x56609498 <g_cbprealloc+312>) at devif/devif_callback.c:507
| #2 0x56589f8c in tcp_callback (dev=0x56607d80 <g_sim_dev>, conn=0x566084a0 <g_tcp_connections>, flags=65) at tcp/tcp_callback.c:169
| #3 0x5658e8cc in tcp_input (dev=0x56607d80 <g_sim_dev>, domain=2 '\002', iplen=20) at tcp/tcp_input.c:1059
| #4 0x5658ed77 in tcp_ipv4_input (dev=0x56607d80 <g_sim_dev>) at tcp/tcp_input.c:1355
| #5 0x5658c0a2 in ipv4_input (dev=0x56607d80 <g_sim_dev>) at devif/ipv4_input.c:358
| #6 0x56577017 in netdriver_recv_work (arg=0x56607d80 <g_sim_dev>) at sim/up_netdriver.c:182
| #7 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178
| #8 0x5655983f in nxtask_start () at task/task_start.c:129
(gdb) c
Continuing.
[ 2.680000] up_assert: Assertion failed at file:devif/devif_callback.c line: 85 task: lpwork
Signed-off-by: chao.an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Sep 1, 2022
==2117790==ERROR: AddressSanitizer: global-buffer-overflow on address 0x64d9e3c0 at pc 0x59ac4e16 bp 0xcefe8058 sp 0xcefe8048
READ of size 1 at 0x64d9e3c0 thread T0
#0 0x59ac4e15 in up_nputs sim/up_nputs.c:54
#1 0x59a67e4c in syslog_default_write syslog/syslog_channel.c:220
#2 0x59a67823 in syslog_default_write syslog/syslog_write.c:101
#3 0x59a67f10 in syslog_write syslog/syslog_write.c:153
#4 0x59a651c3 in syslogstream_flush syslog/syslog_stream.c:60
#5 0x59a6564e in syslogstream_addchar syslog/syslog_stream.c:104
#6 0x59a6576f in syslogstream_putc syslog/syslog_stream.c:140
#7 0x5989fc4d in vsprintf_internal stdio/lib_libvsprintf.c:952
#8 0x598a1298 in lib_vsprintf stdio/lib_libvsprintf.c:1379
#9 0x59a64ea4 in nx_vsyslog syslog/vsyslog.c:223
#10 0x598a601a in vsyslog syslog/lib_syslog.c:68
#11 0x59b0e3dc in AIOTJS::logPrintf(int, char const*, ...) src/ajs_log.cpp:45
#12 0x59b03d56 in jse_dump_obj src/jse/quickjs/jse_quickjs.cpp:569
#13 0x59b03ea1 in jse_dump_error1(JSContext*, unsigned long long) src/jse/quickjs/jse_quickjs.cpp:602
#14 0x59b03dd9 in jse_dump_error(JSContext*) src/jse/quickjs/jse_quickjs.cpp:591
#15 0x59bed615 in ferry::DomComponent::callHook(char const*) src/framework/dom/component.cpp:65
#16 0x59bfe0ff in ferry::DomComponent::initialize() src/framework/dom/component.cpp:645
#17 0x59bb141d in dom_create_component(JSContext*, unsigned long long, unsigned long long, unsigned long long) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x365c41d)
#18 0x59b4c0d3 in AIOTJS::__createComponent(JSContext*, unsigned long long, int, unsigned long long*) (/home/wangbowen/project/central/vela_miot_bes_m0/bin/audio+0x35f70d3)
#19 0x5a56ec17 in js_call_c_function quickjs/quickjs.c:16108
Signed-off-by: wangbowen6 <wangbowen6@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Sep 1, 2022
apps/examples/usrsocktest/usrsocktest_basic_daemon.c:
321 static void basic_daemon_dup2(FAR struct usrsocktest_daemon_conf_s *dconf)
322 {
...
335 ret = dup2(sd2, sd);
352 }
Usrsocktest Task hold the file group lock and send the close request to usrsock deamon :
| #0 net_lockedwait_uninterruptible (sem=0x5555555f8ba2 <g_usrsockdev+34>) at utils/net_lock.c:427
| #1 0x000055555557489c in usrsockdev_do_request (conn=0x5555555f8800 <g_usrsock_connections>, iov=0x7ffff3f36040, iovcnt=1) at usrsock/usrsock_dev.c:1185
| --> send close request to usrsock deamon
|
| #2 0x00005555555d0439 in do_close_request (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:109
| #3 0x00005555555d04f5 in usrsock_close (conn=0x5555555f8800 <g_usrsock_connections>) at usrsock/usrsock_close.c:157
| #4 0x00005555555cf100 in usrsock_sockif_close (psock=0x7ffff3ea4a60) at usrsock/usrsock_sockif.c:234
| #5 0x00005555555c7b2f in psock_close (psock=0x7ffff3ea4a60) at socket/net_close.c:102
| #6 0x000055555557a518 in sock_file_close (filep=0x7ffff3f253d0) at socket/socket.c:115
| #7 0x000055555557678f in file_close (filep=0x7ffff3f253d0) at vfs/fs_close.c:74
| #8 0x000055555557694c in file_dup2 (filep1=0x7ffff3f253e8, filep2=0x7ffff3f253d0) at vfs/fs_dup2.c:129
| ---> hold group file list lock ( _files_semtake(list) )
|
| #9 0x0000555555575aab in nx_dup2 (fd1=7, fd2=6) at inode/fs_files.c:451
| #10 0x0000555555575af3 in dup2 (fd1=7, fd2=6) at inode/fs_files.c:473
| #11 0x000055555559d937 in basic_daemon_dup2 (dconf=0x5555555f8d80 <usrsocktest_daemon_config>) at usrsocktest_basic_daemon.c:335
| #12 0x000055555559ed80 in usrsocktest_test_basic_daemon_basic_daemon_dup2 () at usrsocktest_basic_daemon.c:612
| #13 0x000055555559f18d in usrsocktest_group_basic_daemon_run () at usrsocktest_basic_daemon.c:666
| #14 0x0000555555599f8d in run_tests (name=0x5555555dc8c3 "basic_daemon", test_fn=0x55555559ef50 <usrsocktest_group_basic_daemon_run>) at usrsocktest_main.c:117
| #15 0x000055555559a06c in run_all_tests () at usrsocktest_main.c:154
| #16 0x000055555559a3d1 in usrsocktest_main (argc=1, argv=0x7ffff3f25450) at usrsocktest_main.c:248
| #17 0x000055555555cad8 in nxtask_startup (entrypt=0x55555559a357 <usrsocktest_main>, argc=1, argv=0x7ffff3f25450) at sched/task_startup.c:70
| #18 0x0000555555559938 in nxtask_start () at task/task_start.c:134
Usrsock Deamon weakup and setup the poll want to perform close request, but locked on fs_getfilep():
| #0 _files_semtake (list=0x7ffff3f250b8) at inode/fs_files.c:51
| --> Request group lock but which hold by close request, deadlock
| #1 0x00005555555758b1 in fs_getfilep (fd=5, filep=0x7ffff3f47190) at inode/fs_files.c:375
| #2 0x00005555555d3064 in poll_fdsetup (fd=5, fds=0x7ffff3f47290, setup=true) at vfs/fs_poll.c:79
| #3 0x00005555555d3243 in poll_setup (fds=0x7ffff3f47290, nfds=2, sem=0x7ffff3f47206) at vfs/fs_poll.c:139
| #4 0x00005555555d39a6 in nx_poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:383
| #5 0x00005555555d3abd in poll (fds=0x7ffff3f47290, nfds=2, timeout=-1) at vfs/fs_poll.c:501
| --> daemon weak up
| #6 0x00005555555c62c7 in usrsocktest_daemon (param=0x5555555f5360 <g_ub_daemon>) at usrsocktest_daemon.c:1846
| #7 0x000055555559161e in pthread_startup (entry=0x5555555c60d3 <usrsocktest_daemon>, arg=0x5555555f5360 <g_ub_daemon>) at pthread/pthread_create.c:59
| #8 0x00005555555d45f0 in pthread_start () at pthread/pthread_create.c:175
| #9 0x0000000000000000 in ?? ()
Signed-off-by: chao an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Sep 22, 2022
I noticed that the conn instance will leak during stress test, The close work queued from tcp_close_eventhandler() will be canceled by tcp_timer() immediately: Breakpoint 1, tcp_close_eventhandler (dev=0x565cd338 <up_irq_restore+108>, pvpriv=0x5655e6ff <getpid+12>, flags=0) at tcp/tcp_close.c:71 (gdb) bt | #0 tcp_close_eventhandler (dev=0x565cd338 <up_irq_restore+108>, pvpriv=0x5655e6ff <getpid+12>, flags=0) at tcp/tcp_close.c:71 | #1 0x5658bf1e in devif_conn_event (dev=0x5660bd80 <g_sim_dev>, flags=512, list=0x5660d558 <g_cbprealloc+312>) at devif/devif_callback.c:508 | #2 0x5658a219 in tcp_callback (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>, flags=512) at tcp/tcp_callback.c:167 | #3 0x56589253 in tcp_timer (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:378 | #4 0x5658dd47 in tcp_poll (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_devpoll.c:95 | #5 0x5658b95f in devif_poll_tcp_connections (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:601 | #6 0x5658b9ea in devif_poll (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:722 | #7 0x56577230 in netdriver_txavail_work (arg=0x5660bd80 <g_sim_dev>) at sim/up_netdriver.c:308 | #8 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178 | #9 0x5655983f in nxtask_start () at task/task_start.c:129 (gdb) c Continuing. Breakpoint 2, tcp_update_timer (conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:178 (gdb) bt | #0 tcp_update_timer (conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:178 | #1 0x5658952a in tcp_timer (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_timer.c:708 | #2 0x5658dd47 in tcp_poll (dev=0x5660bd80 <g_sim_dev>, conn=0x5660c4a0 <g_tcp_connections>) at tcp/tcp_devpoll.c:95 | #3 0x5658b95f in devif_poll_tcp_connections (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:601 | #4 0x5658b9ea in devif_poll (dev=0x5660bd80 <g_sim_dev>, callback=0x565770f2 <netdriver_txpoll>) at devif/devif_poll.c:722 | #5 0x56577230 in netdriver_txavail_work (arg=0x5660bd80 <g_sim_dev>) at sim/up_netdriver.c:308 | #6 0x5655999e in work_thread (argc=2, argv=0xf3db5dd0) at wqueue/kwork_thread.c:178 | #7 0x5655983f in nxtask_start () at task/task_start.c:129 Since a separate work will add 24 bytes to each conn instance, but in order to support the feature of asynchronous close(), I can not find a better way than adding a separate work, for resource constraints, I recommend the developers to enable CONFIG_NET_ALLOC_CONNS, which will reduce the ram usage. Signed-off-by: chao an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Dec 1, 2022
…umb code
The option '-mthumb' is only valid for C source files and it is not passed to the assembler.
If 'thumb' is not considered in some assembly projects, the system will generate
'undefined instructions' when running incompatible instruction:
arm_undefinedinsn: Undefined instruction at 0x380cfc98
This assembly file should be compiled with .thumb but it doesn't:
380cfc90 <hobot_i8_i32_gemm_nn_m4_n8_neon>:
380cfc90: e92d4ff0 push {r4, r5, r6, r7, r8, r9, sl, fp, lr}
380cfc94: ed2d8b10 vpush {d8-d15}
380cfc98: e59d4064 ldr r4, [sp, #100] ; 0x64 <-- Undefined instruction
380cfc9c: e59d5068 ldr r5, [sp, #104] ; 0x68
380cfca0: e59d606c ldr r6, [sp, #108] ; 0x6c
380cfca4: e59d7070 ldr r7, [sp, #112] ; 0x70
380cfca8: e1a08120 lsr r8, r0, #2
380cfcac: e1a091a1 lsr r9, r1, #3
380cfcb0: e1a0a122 lsr sl, r2, #2
After enable thumb:
.syntax unified
.thumb
or
-Wa,-mthumb
.Lhobot_i8_i32_gemm_nn_m4_n8_neon:
38001100: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr}
38001104: ed2d 8b10 vpush {d8-d15}
38001108: 9c19 ldr r4, [sp, #100] ; 0x64
3800110a: 9d1a ldr r5, [sp, #104] ; 0x68
3800110c: 9e1b ldr r6, [sp, #108] ; 0x6c
3800110e: 9f1c ldr r7, [sp, #112] ; 0x70
38001110: ea4f 0890 mov.w r8, r0, lsr #2
38001114: ea4f 09d1 mov.w r9, r1, lsr #3
38001118: ea4f 0a92 mov.w sl, r2, lsr #2
This commit will enable the thumb option of the assembly file by default,
so that when compiling the assembly file, the machine code and the system will be in a consistent state.
----------------------------------------------------------------
https://gcc.gnu.org/onlinedocs/gcc-4.5.2/gcc/ARM-Options.html
GCC Manual:
-mthumb
Generate code for the Thumb instruction set. The default is to use the 32-bit ARM
instruction set. This option automatically enables either 16-bit Thumb-1 or mixed 16/32-bit
Thumb-2 instructions based on the -mcpu=name and -march=name options.
** This option is not passed to the assembler. **
** If you want to force assembler files to be interpreted as Thumb code,
either add a `.thumb' directive to the source or pass the -mthumb option
directly to the assembler by prefixing it with -Wa. **
Signed-off-by: chao an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
May 7, 2023
Redefine built-in command (info thread/thread/c) to compatible with developer habits Test board: ./tools/configure.sh -E lm3s6965-ek:qemu-flat 1. start qemu: qemu-system-arm -M lm3s6965evb -device loader,file=nuttx -serial mon:stdio -nographic -s 2. gdb attach: gdb-multiarch -ix tools/nuttx-gdbinit nuttx -ex "target extended-remote localhost:1234" 3. show thread info and callstack: | (gdb) info thread | * 0 Thread 0x20001548 (Name: Idle Task, State: Running, Priority: 0, Stack: 1000) PC: 0x9eee in up_idle() | 1 Thread 0x20005058 (Name: hpwork, State: Waiting,Semaphore, Priority: 224, Stack: 1992) PC: 0xa124 in up_switch_context() | 2 Thread 0x20005c20 (Name: nsh_main, State: Waiting,Semaphore, Priority: 100, Stack: 2000) PC: 0xa124 in up_switch_context() | 3 Thread 0x20006b30 (Name: NTP daemon, State: Waiting,Semaphore, Priority: 100, Stack: 1952) PC: 0xa124 in up_switch_context() | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 0x00009eee in up_idle () at chip/common/tiva_idle.c:62 | #1 0x00003dd2 in nx_start () at init/nx_start.c:698 | #2 0x00000190 in __start () at chip/common/lmxx_tm4c_start.c:177 | (gdb) thread 4 | 4 Thread 0x200086f0 (Name: telnetd, State: Waiting,Semaphore, Priority: 100, Stack: 2008) PC: 0xa124 in up_switch_context() | (gdb) bt | #0 up_switch_context (tcb=0x20001548 <g_idletcb>, rtcb=rtcb@entry=0x200086f0) at common/arm_switchcontext.c:95 | #1 0x0000453a in nxsem_wait (sem=sem@entry=0x2000916c) at semaphore/sem_wait.c:176 | #2 0x0000197e in _net_timedwait (sem=sem@entry=0x2000916c, interruptible=interruptible@entry=true, timeout=timeout@entry=4294967295) at utils/net_lock.c:101 | #3 0x0000198e in net_sem_timedwait (sem=sem@entry=0x2000916c, timeout=timeout@entry=4294967295) at utils/net_lock.c:242 | #4 0x00001996 in net_sem_wait (sem=sem@entry=0x2000916c) at utils/net_lock.c:330 | #5 0x00025f84 in psock_tcp_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newconn=newconn@entry=0x2000956c) at tcp/tcp_accept.c:274 | #6 0x00025432 in inet_accept (psock=<optimized out>, addr=<optimized out>, addrlen=<optimized out>, newsock=0x20009568, flags=0) at inet/inet_sockif.c:1443 | #7 0x00027a10 in psock_accept (psock=0x200044b8, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, newsock=newsock@entry=0x20009568, flags=flags@entry=0) at socket/accept.c:149 | #8 0x00027a8c in accept4 (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c, flags=flags@entry=0) at socket/accept.c:280 | #9 0x0002a256 in accept (sockfd=sockfd@entry=3, addr=addr@entry=0x2000921c, addrlen=addrlen@entry=0x2000920c) at net/lib_accept.c:50 | #10 0x0001efaa in telnetd_daemon (config=config@entry=0x20009290) at telnetd_daemon.c:200 | #11 0x0001e508 in telnetd_main (argc=1, argv=0x20008af8) at telnetd.c:98 | #12 0x00008486 in nxtask_startup (entrypt=0x1e4bd <telnetd_main>, entrypt@entry=0x1 <up_putc>, argc=1, argv=0x20008af8) at sched/task_startup.c:70 | #13 0x000056d2 in nxtask_start () at task/task_start.c:134 | #14 0x00000000 in ?? () | (gdb) c Signed-off-by: chao an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
May 8, 2023
…_pairs=2
=================================================================
==2920138==ERROR: AddressSanitizer: invalid-pointer-pair: 0x603000000130 0x000000000000
#0 0x5602d3c6a89d in qsort stdlib/lib_qsort.c:180
#1 0x5602d3c28928 in romfs_cachenode romfs/fs_romfsutil.c:503
#2 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486
#3 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777
#4 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111
#5 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427
#6 0x5602d3bf5796 in mount mount/fs_mount.c:539
#7 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110
#8 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127
#9 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69
#10 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70
#11 0x5602d3b5de89 in nxtask_start task/task_start.c:134
0x603000000130 is located 0 bytes inside of 32-byte region [0x603000000130,0x603000000150)
allocated by thread T0 here:
#0 0x7fcdac74793c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
#1 0x5602d3c9024e in host_memalign sim/posix/sim_hostmemory.c:180
#2 0x5602d3c907d2 in host_realloc sim/posix/sim_hostmemory.c:222
#3 0x5602d3b8aaff in mm_realloc sim/sim_heap.c:262
#4 0x5602d3b87a6a in realloc umm_heap/umm_realloc.c:91
#5 0x5602d3c280c4 in romfs_cachenode romfs/fs_romfsutil.c:466
#6 0x5602d3c2854d in romfs_cachenode romfs/fs_romfsutil.c:486
#7 0x5602d3c2b056 in romfs_fsconfigure romfs/fs_romfsutil.c:777
#8 0x5602d3c24856 in romfs_bind romfs/fs_romfs.c:1111
#9 0x5602d3bf5179 in nx_mount mount/fs_mount.c:427
#10 0x5602d3bf5796 in mount mount/fs_mount.c:539
#11 0x5602d3bc1154 in nsh_romfsetc apps/nshlib/nsh_romfsetc.c:110
#12 0x5602d3b8f38d in nsh_initialize apps/nshlib/nsh_init.c:127
#13 0x5602d3b8f2b7 in nsh_main apps/system/nsh/nsh_main.c:69
#14 0x5602d3b7a3a6 in nxtask_startup sched/task_startup.c:70
#15 0x5602d3b5de89 in nxtask_start task/task_start.c:134
Address 0x000000000000 is a wild pointer.
SUMMARY: AddressSanitizer: invalid-pointer-pair stdlib/lib_qsort.c:180 in qsort
==2920138==ABORTING
Aborted (core dumped)
Signed-off-by: chao an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
May 25, 2023
How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk #1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk #10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 #1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 #2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 #3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 #4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 #5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 #6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 #7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 #8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 #9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 #10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 #11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 #12 0x1080378c in nxtask_start () at task/task_start.c:134 #13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Jul 17, 2023
if client is a noblocking socket, user can do close when server has not yet
invoke accept interface, so we need remove this socket from server.lc_waiters.
avoid server socket access the freed memory.
==936564==ERROR: AddressSanitizer: heap-use-after-free on address 0xf23071c8 at pc 0x58eaac3b bp 0xf0b9e218 sp 0xf0b9e208
READ of size 4 at 0xf23071c8 thread T0
#0 0x58eaac3a in dq_remfirst queue/dq_remfirst.c:45
#1 0x58fd1efe in local_accept local/local_accept.c:141
#2 0x58f66df6 in psock_accept socket/accept.c:149
#3 0x58f672a4 in accept4 socket/accept.c:280
#4 0x5be9ee0c in accept net/lib_accept.c:50
#5 0x592d6a5d in uv__accept libuv/src/unix/core.c:502
#6 0x5930d83b in uv__server_io libuv/src/unix/stream.c:550
#7 0x592efbde in uv__io_poll libuv/src/unix/posix-poll.c:335
#8 0x592d649a in uv_run libuv/src/unix/core.c:387
#9 0x5a7180f7 in service_schedule_loop service/common/service_loop.c:146
#10 0x591f300b in pthread_startup pthread/pthread_create.c:59
#11 0x5be8134f in pthread_start pthread/pthread_create.c:139
#12 0x58ee2762 in pre_start sim/sim_initialstate.c:53
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Sep 24, 2023
==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148
READ of size 2 at 0xf0501d60 thread T0
#0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94
#1 0x3548cf5 in _net_timedwait utils/net_lock.c:97
#2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236
#3 0x3548f8c in net_sem_wait utils/net_lock.c:318
#4 0x350124d in local_accept local/local_accept.c:246
#5 0x3492719 in psock_accept socket/accept.c:149
#6 0x3492bcc in accept4 socket/accept.c:280
#7 0x662dc04 in accept net/lib_accept.c:50
#8 0x55c81ab in kvdb_loop kvdb/server.c:415
#9 0x55c860a in kvdbd_main kvdb/server.c:458
#10 0x33d968b in nxtask_startup sched/task_startup.c:70
#11 0x32ec039 in nxtask_start task/task_start.c:134
#12 0x34109be in pre_start sim/sim_initialstate.c:52
0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4)
freed by thread T0 here:
#0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192
#2 0x34131d6 in mm_free sim/sim_heap.c:230
#3 0x3409388 in free umm_heap/umm_free.c:49
#4 0x35631f3 in local_free local/local_conn.c:225
#5 0x3563f75 in local_release local/local_release.c:129
#6 0x34f5a32 in local_close local/local_sockif.c:785
#7 0x3496ee8 in psock_close socket/net_close.c:102
#8 0x36500bc in sock_file_close socket/socket.c:115
#9 0x3635f6c in file_close vfs/fs_close.c:74
#10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670
#11 0x36324f3 in nx_close inode/fs_files.c:697
#12 0x3632557 in close inode/fs_files.c:735
#13 0x55be289 in property_set_ kvdb/client.c:210
#14 0x55c0309 in property_set_int32_ kvdb/common.c:226
#15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236
Signed-off-by: ligd <liguiding1@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Nov 7, 2023
Race condition if the remote proc is stoped during initialization phase | #0 0x0249f959 in rpmsg_destroy_ept (ept=0xffffffc0) at open-amp/lib/rpmsg/rpmsg.c:376 | #1 0x024a938c in rpmsg_deinit_vdev (rvdev=0xf2303a48) at open-amp/lib/rpmsg/rpmsg_virtio.c:971 | #2 0x02117e33 in rptun_dev_stop (rproc=0xf2303a04, stop_ns=true) at rptun/rptun.c:891 | #3 0x021181d8 in rptun_do_ioctl (priv=0xf2303a00, cmd=11010, arg=0) at rptun/rptun.c:922 | #4 0x02119722 in rptun_ioctl_foreach (cpuname=0x0, cmd=11010, value=0) at rptun/rptun.c:1086 | #5 0x0211b9df in rptun_poweroff (cpuname=0x0) at rptun/rptun.c:1378 | #6 0x02053aa6 in board_power_off (status=0) at sim/sim_head.c:206 | #7 0x0253d65c in boardctl (cmd=65283, arg=0) at boardctl.c:400 | #8 0x021eb497 in cmd_poweroff (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_syscmds.c:356 | #9 0x021cdb4d in nsh_command (vtbl=0xef606280, argc=1, argv=0xef9b73e0) at nsh_command.c:1164 | #10 0x021baa72 in nsh_execute (vtbl=0xef606280, argc=1, argv=0xef9b73e0, redirfile=0x0, oflags=0) at nsh_parse.c:845 | #11 0x021c6b0a in nsh_parse_command (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2744 | #12 0x021c7166 in nsh_parse (vtbl=0xef606280, cmdline=0xef606708 "poweroff") at nsh_parse.c:2828 | #13 0x0221fa2f in nsh_session (pstate=0xef606280, login=1, argc=1, argv=0xef7a7860) at nsh_session.c:245 | #14 0x021f8c04 in nsh_consolemain (argc=1, argv=0xef7a7860) at nsh_consolemain.c:75 | #15 0x021b77eb in nsh_main (argc=1, argv=0xef7a7860) at nsh_main.c:74 | #16 0x02166ddf in nxtask_startup (entrypt=0x21b76ca <nsh_main>, argc=1, argv=0xef7a7860) at sched/task_startup.c:70 | #17 0x020b363c in nxtask_start () at task/task_start.c:134 Signed-off-by: chao an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Nov 7, 2023
| #0 0x2119bf1 in rpmsg_get_cpuname rptun/rptun.c:1157 | #1 0x24f97bd in uart_rpmsg_device_destroy serial/uart_rpmsg.c:342 | #2 0x2117d56 in rptun_dev_stop rptun/rptun.c:883 | #3 0x21181d7 in rptun_do_ioctl rptun/rptun.c:922 | #4 0x2119721 in rptun_ioctl_foreach rptun/rptun.c:1086 Signed-off-by: chao an <anchao@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Aug 19, 2024
…ling SIM_ASAN.
==263401==ERROR: AddressSanitizer: stack-use-after-return on address 0xf515f260 at pc 0x042434f0 bp 0x9ac24e78 sp 0x9ac24e68
WRITE of size 4 at 0xf515f260 thread T0
#0 0x42434ef in nxsem_get_value semaphore/sem_getvalue.c:65
#1 0x413110d in work_thread wqueue/kwork_thread.c:195
#2 0x412c4f6 in nxtask_start task/task_start.c:129
#3 0x427b1fc in pre_start sim/sim_initialstate.c:52
Address 0xf515f260 is located in stack of thread T0 at offset 32 in frame
#0 0x928c9e3 in host_settimer sim/posix/sim_hosttime.c:104
This frame has 1 object(s):
[32, 48) 'it' (line 105) <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
Signed-off-by: cuiziwei <cuiziwei@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Aug 29, 2024
Print shadow memory following asan format. ==3118004==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5618ac32a100 at pc 0x5618ac32727f bp 0x7ffe5f3e66f0 sp 0x7ffe5f3e66e0 WRITE of size 4 at 0x5618ac32a100 thread T0 #0 0x5618ac32727e in main /home/baerg/vela/x4b/asan_test.c:12 #1 0x7f221ce29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #2 0x7f221ce29e3f in __libc_start_main_impl ../csu/libc-start.c:392 #3 0x5618ac327144 in _start (/home/baerg/vela/x4b/asan_test+0x1144) 0x5618ac32a100 is located 0 bytes to the right of global variable 'buffer' defined in 'asan_test.c:5:6' (0x5618ac32a0e0) of size 32 SUMMARY: AddressSanitizer: global-buffer-overflow /home/baerg/vela/x4b/asan_test.c:12 in main Shadow bytes around the buggy address: 0x0ac39585d3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ac39585d3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ac39585d3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ac39585d400: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 0x0ac39585d410: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 =>0x0ac39585d420:[f9]f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x0ac39585d430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ac39585d440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ac39585d450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ac39585d460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ac39585d470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Sep 27, 2024
ap> cat pm
=================================================================
==30235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf436edd9 at pc 0x03338a48 bp 0x9d1b6ca8 sp 0x9d1b6c98
READ of size 1 at 0xf436edd9 thread T0
#0 0x3338a47 in strncmp string/lib_strncmp.c:42
#1 0x371af87 in pm_get_file_index power/pm/pm_procfs.c:174
#2 0x371b066 in pm_open power/pm/pm_procfs.c:207
#3 0x3640d20 in procfs_open procfs/fs_procfs.c:419
#4 0x359bce2 in file_vopen vfs/fs_open.c:240
#5 0x359c431 in nx_vopen vfs/fs_open.c:312
#6 0x359cb53 in open vfs/fs_open.c:465
#7 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
#8 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
#9 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
#10 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
#11 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
#12 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
#13 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
#14 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
#15 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
#16 0x332b6e6 in nxtask_startup sched/task_startup.c:70
#17 0x323ec3f in nxtask_start task/task_start.c:134
#18 0x33636ea in pre_start sim/sim_initialstate.c:52
ap> cat net
=================================================================
==30303==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4479a5a at pc 0x03338a48 bp 0x9d2b6ce8 sp 0x9d2b6cd8
READ of size 1 at 0xf4479a5a thread T0
#0 0x3338a47 in strncmp string/lib_strncmp.c:42
#1 0x5395d62 in netprocfs_open procfs/net_procfs.c:215
#2 0x3640d20 in procfs_open procfs/fs_procfs.c:419
#3 0x359bce2 in file_vopen vfs/fs_open.c:240
#4 0x359c431 in nx_vopen vfs/fs_open.c:312
#5 0x359cb53 in open vfs/fs_open.c:465
#6 0x33bccc9 in nsh_catfile /apps/nshlib/nsh_fsutils.c:140
#7 0x33b28cc in cmd_cat /apps/nshlib/nsh_fscmds.c:556
#8 0x33a434f in nsh_command /apps/nshlib/nsh_command.c:1164
#9 0x3381b8f in nsh_execute /apps/nshlib/nsh_parse.c:845
#10 0x338dc17 in nsh_parse_command /apps/nshlib/nsh_parse.c:2744
#11 0x338e273 in nsh_parse /apps/nshlib/nsh_parse.c:2828
#12 0x3390b47 in nsh_session /apps/nshlib/nsh_session.c:245
#13 0x337e90a in nsh_consolemain /apps/nshlib/nsh_consolemain.c:75
#14 0x337e7f7 in nsh_main /apps/system/nsh/nsh_main.c:74
#15 0x332b6e6 in nxtask_startup sched/task_startup.c:70
#16 0x323ec3f in nxtask_start task/task_start.c:134
#17 0x33636ea in pre_start sim/sim_initialstate.c:52
Signed-off-by: dulibo1 <dulibo1@xiaomi.com>
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Oct 11, 2024
set CONFIG_PRIORITY_INHERITANCE=y
set CONFIG_SEM_PREALLOCHOLDERS=0
semaphore/sem_holder.c:320:34: runtime error: member access within null pointer of type 'struct tcb_s'
#0 0xd8b540 in nxsem_boostholderprio semaphore/sem_holder.c:320
#1 0xd8c1cf in nxsem_boost_priority semaphore/sem_holder.c:703
#2 0xda5dfa in nxsem_wait semaphore/sem_wait.c:145
#3 0xda61d9 in nxsem_wait_uninterruptible semaphore/sem_wait.c:248
#4 0x12f2477 in media_service_thread0 /home/ligd/platform/dev/apps/examples/hello/hello_main.c:44
#5 0x1204154 in pthread_startup pthread/pthread_create.c:59
#6 0x1cd906f in pthread_start pthread/pthread_create.c:139
#7 0xe72fcb in pre_start sim/sim_initialstate.c:52
Signed-off-by: ligd <liguiding1@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Oct 13, 2024
note/note_driver.c:1405:11: runtime error: null pointer passed as argument 2, which is declared to never be null
#0 0x33bf5cc in sched_note_event_ip note/note_driver.c:1405
#1 0x33bfb57 in note_driver_instrument_enter note/note_initialize.c:55
#2 0x347b084 in __cyg_profile_func_enter misc/lib_instrument.c:68
#3 0x34179de in binder_initialize binder/binder.c:669
#4 0x339a936 in drivers_initialize /home/cuiziwei/vela/happy/nuttx/drivers/drivers_initialize.c:242
#5 0x335a179 in nx_start init/nx_start.c:632
#6 0x32f755c in main sim/sim_head.c:180
#7 0xf6821518 (/lib/i386-linux-gnu/libc.so.6+0x21518) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
#8 0xf68215f2 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x215f2) (BuildId: 7f64b917aaa97b9680d8e44931bf7611c5a1f036)
#9 0x32b401a in _start (/home/cuiziwei/vela/happy/nuttx/nuttx+0x32b401a) (BuildId: 33f8f7b361d44a008de87fea1bc970b22b48b700)
Signed-off-by: cuiziwei <cuiziwei@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Oct 15, 2024
stdio/lib_libvsprintf.c:1018:17: runtime error: negation of -9223372036854775808 cannot be
represented in type 'long long int'; cast to an unsigned type to negate this value to itself
#0 0x3326a86 in vsprintf_internal stdio/lib_libvsprintf.c:1018
#1 0x332926b in lib_vsprintf stdio/lib_libvsprintf.c:1363
#2 0x3777978 in vfprintf stdio/lib_vfprintf.c:52
#3 0x671b3a0 in printf stdio/lib_printf.c:44
#4 0x37abc0c in hello_main /data/project/code/vela-pt/apps/examples/hello/hello_main.c:38
#5 0x33201d3 in nxtask_startup sched/task_startup.c:70
#6 0x3208ecb in nxtask_start task/task_start.c:134
#7 0x3357a49 in pre_start sim/sim_initialstate.c:52
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Oct 16, 2024
sim/posix/sim_offload.c:369:18: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
#0 0x3a146c2 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a146c2)
#1 0x3a0ecb0 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a0ecb0)
#2 0x3a1193a (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a1193a)
#3 0x3a13141 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x3a13141)
#4 0x39fc3ef (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x39fc3ef)
#5 0x38ca7f2 (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x38ca7f2)
#6 0x39fc6cf (/home/qiaohj/disk1/work/vela/nuttx/nuttx+0x39fc6cf)
Signed-off-by: qiaohaijiao1 <qiaohaijiao1@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Oct 17, 2024
string/lib_strcpy.c:87:15: runtime error: signed integer overflow: -2132367969 - 16843009 cannot be represented in type 'long int'
#0 0x48e77096 in strcpy string/lib_strcpy.c:87
#1 0x535b6ea4 in libconfig_strbuf_append_string libconfig/lib/strbuf.c:60
#2 0x53ad7f52 in libconfig_yyparse /home/ygc/ssd/x4b-sim/external/libconfig/grammar.y:186
#3 0x5358d281 in __config_read libconfig/lib/libconfig.c:561
#4 0x5358dea0 in config_read_file libconfig/lib/libconfig.c:677
#5 0x52cdd0a5 in tts_vendor_list_get src/vendor.c:114
#6 0x52cde739 in default_tts_vendor_get src/vendor.c:356
#7 0x52a07e1d in vendorswitch_init src/vendorswitch/vendorswitch.c:501
#8 0x52444fb9 in mico_misc_main /home/ygc/ssd/x4b-sim/vendor/xiaomi/miai/mico_misc/instance/main.c:72
#9 0x48bee720 in nxtask_startup sched/task_startup.c:70
#10 0x48b41eb4 in nxtask_start task/task_start.c:112
#11 0x48c1ef3d in pre_start sim/sim_initialstate.c:52
Signed-off-by: yangguangcai <yangguangcai@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Oct 29, 2024
current sizeof(struct sockaddr_in) is 66
arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment
0xe5f134e6: note: pointer points here
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241
#1 0x5432a11f in arp_snapshot arp/arp_table.c:574
#2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547
#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715
#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743
#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382
#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625
#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96
#8 0x542bc94b in psock_sendto socket/sendto.c:134
#9 0x542bcb28 in sendto socket/sendto.c:247
#10 0x542bc5ea in send socket/send.c:163
#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152
#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197
#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263
#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718
#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619
#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706
#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245
#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75
#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74
#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70
#21 0x53f366c6 in nxtask_start task/task_start.c:116
#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
PX4BuildBot
pushed a commit
that referenced
this pull request
Dec 17, 2024
test code hello_main
int main(int argc, FAR char *argv[])
{
uint32_t *p = 0xdeedbeff;
*p = 0xffffff;
printf("%p\n %x\n", p, *p);
return 0;
}
qemu mps3-an547 hello_main :
Triggering an exception, and gdb backtrace is:
before:
(gdb) bt
/#0 0x0001168a in systick_getstatus (lower_=0x100010c <g_systick_lower>, status=0x1000a30 <g_intstackalloc+1600>)
at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_systick.c:142
/#1 0x000122f4 in current_usec () at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:105
/#2 0x0001234c in udelay_accurate (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:115
/#3 0x000124bc in up_udelay (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:463
/#4 0x0001249e in up_mdelay (milliseconds=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:446
/#5 0x0000920c in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:830
/#6 0x0000937c in _assert (filename=0x393f8 "/arch/arm/src/armv8-m/arm_busfault.c", linenum=113, msg=0x393f0 "panic", regs=0x1008500)
at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:940
/#7 0x00000e2c in arm_busfault (irq=3, context=0x1008500, arg=0x0 <up_ndelay>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_busfault.c:113
/#8 0x000012d2 in arm_hardfault (irq=3, context=0x1008500, arg=0x0 <up_ndelay>)
at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_hardfault.c:142
/#9 0x00008b20 in irq_dispatch (irq=3, context=0x1008500) at /home/ajh/work/vela_system/nuttx/sched/irq/irq_dispatch.c:145
/#10 0x0000041a in arm_doirq (irq=3, regs=0x1008500) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_doirq.c:103
/#11 0x0000034e in exception_common () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_exception.S:224
after:
(gdb) bt
/#0 systick_is_running () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_systick.c:106
/#1 0x000125c0 in systick_getstatus (lower_=0x1000114 <g_systick_lower>, status=0x1007a20)
at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_systick.c:141
/#2 0x0001323c in current_usec () at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:105
/#3 0x00013294 in udelay_accurate (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:115
/#4 0x00013404 in up_udelay (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:463
/#5 0x000133e6 in up_mdelay (milliseconds=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:446
/#6 0x00008c5c in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:816
/#7 0x00008e88 in _assert (filename=0x39408 "/arch/arm/src/armv8-m/arm_busfault.c", linenum=113, msg=0x39400 "panic", regs=0x1007cf0)
at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:915
/#8 0x00000ce4 in arm_busfault (irq=3, context=0x1007cf0, arg=0x0 <up_ndelay>)
at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_busfault.c:113
/#9 0x0000118a in arm_hardfault (irq=3, context=0x1007cf0, arg=0x0 <up_ndelay>)
at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_hardfault.c:142
/#10 0x000086cc in irq_dispatch (irq=3, context=0x1007cf0) at /home/ajh/work/vela_system/nuttx/sched/irq/irq_dispatch.c:145
/#11 0x0000041e in arm_doirq (irq=3, regs=0x1007cf0) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_doirq.c:99
/#12 0x00000360 in exception_common () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_exception.S:230
/#13 0x00027a8c in hello_main (argc=1, argv=0x1006e20) at /home/ajh/work/vela_system/apps/examples/hello/hello_main.c:39
/#14 0x00014968 in nxtask_startup (entrypt=0x27a7d <hello_main>, argc=1, argv=0x1006e20)
at /home/ajh/work/vela_system/nuttx/libs/libc/sched/task_startup.c:72
/#15 0x0000f450 in nxtask_start () at /home/ajh/work/vela_system/nuttx/sched/task/task_start.c:116
/#16 0x00000000 in ?? ()
(gdb)
qemu armv7a nsh, hello_main:
before:
(gdb) bt
/#0 udelay_coarse (microseconds=156000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:67
/#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:431
/#2 0x0060c630 in up_udelay (microseconds=microseconds@entry=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:416
/#3 0x0060c644 in up_mdelay (milliseconds=milliseconds@entry=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:401
/#4 0x006056bc in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:816
/#5 _assert (filename=filename@entry=0x63047f "/arch/arm/src/armv7-a/arm_dataabort.c", linenum=linenum@entry=157, msg=msg@entry=0x62f56d "panic",
regs=<optimized out>, regs@entry=0x4020af10) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:915
/#6 0x0060bd74 in arm_dataabort (regs=0x4020af10, dfar=<optimized out>, dfsr=<optimized out>)
at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_dataabort.c:157
/#7 0x0060bc04 in arm_vectordata () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_vectors.S:438
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)
after:
(gdb) bt
/#0 udelay_coarse (microseconds=192000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:67
/#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:431
/#2 0x0060c650 in up_udelay (microseconds=microseconds@entry=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:416
/#3 0x0060c664 in up_mdelay (milliseconds=milliseconds@entry=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:401
/#4 0x006056bc in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:816
/#5 _assert (filename=filename@entry=0x63047f "/arch/arm/src/armv7-a/arm_dataabort.c", linenum=linenum@entry=157, msg=msg@entry=0x62f56d "panic",
regs=<optimized out>, regs@entry=0x4020af10) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:915
/#6 0x0060bd94 in arm_dataabort (regs=0x4020af10, dfar=<optimized out>, dfsr=<optimized out>)
at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_dataabort.c:157
/#7 0x0060bc08 in arm_vectordata () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_vectors.S:453
/#8 0x00620cd4 in hello_main (argc=4999, argv=0x0) at /home/ajh/work/vela_system/apps/examples/hello/hello_main.c:41
/#9 0x0060d320 in nxtask_startup (entrypt=0x620cc4 <hello_main>, argc=1, argv=0x4020a088)
at /home/ajh/work/vela_system/nuttx/libs/libc/sched/task_startup.c:72
/#10 0x00609b50 in nxtask_start () at /home/ajh/work/vela_system/nuttx/sched/task/task_start.c:116
/#11 0x00000000 in ?? ()
qemu risc-v nsh
before:
(gdb) bt
/#0 udelay_coarse (microseconds=228000, microseconds@entry=891896832) at timers/arch_alarm.c:67
/#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at timers/arch_alarm.c:431
/#2 0x8000397e in up_udelay (microseconds=microseconds@entry=250000) at timers/arch_alarm.c:416
/#3 0x80003988 in up_mdelay (milliseconds=milliseconds@entry=250) at timers/arch_alarm.c:401
/#4 0x80011f1c in reset_board () at misc/assert.c:813
/#5 0x80011f7a in _assert (filename=filename@entry=0x0, linenum=linenum@entry=0, msg=msg@entry=0x8002114c "panic", regs=<optimized out>,
regs@entry=0x80030704) at misc/assert.c:915
/#6 0x80006ad6 in riscv_exception (mcause=<optimized out>, regs=0x80030704, args=<optimized out>) at common/riscv_exception.c:129
/#7 0x80000d9e in riscv_doirq (irq=7, regs=<optimized out>) at common/riscv_doirq.c:99
/#8 0x80000164 in exception_common () at common/riscv_exception_common.S:210
Backtrace stopped: frame did not save the PC
(gdb)
after
(gdb) bt
/#0 0x80003922 in udelay_coarse (microseconds=90000, microseconds@entry=891896832) at timers/arch_alarm.c:67
/#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at timers/arch_alarm.c:431
/#2 0x8000397e in up_udelay (microseconds=microseconds@entry=250000) at timers/arch_alarm.c:416
/#3 0x80003988 in up_mdelay (milliseconds=milliseconds@entry=250) at timers/arch_alarm.c:401
/#4 0x80011f2a in reset_board () at misc/assert.c:816
/#5 0x80011f7a in _assert (filename=filename@entry=0x0, linenum=linenum@entry=0, msg=msg@entry=0x8002114c "panic", regs=<optimized out>,
regs@entry=0x80030704) at misc/assert.c:915
/#6 0x80006ad6 in riscv_exception (mcause=<optimized out>, regs=0x80030704, args=<optimized out>) at common/riscv_exception.c:129
/#7 0x80000d9e in riscv_doirq (irq=7, regs=<optimized out>) at common/riscv_doirq.c:99
/#8 0x80000166 in exception_common () at common/riscv_exception_common.S:215
/#9 0x8001792a in hello_main (argc=<optimized out>, argv=<optimized out>) at hello_main.c:41
/#10 0x80004b52 in nxtask_startup (entrypt=0x80030704, argc=1, argv=0x800300e8) at sched/task_startup.c:72
/#11 0x80001e72 in nxtask_start () at task/task_start.c:116
/#12 0x00000000 in ?? ()
Backtrace stopped: frame did not save the PC
(gdb)
Signed-off-by: anjiahao <anjiahao@xiaomi.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With newer versions of GCC, new warnings are emitted and prevent building on PX4 master.