The free node is still in use after kasan_poison(), the node member
access will cause the assert report by kasan.
| (gdb) bt
| #0 kasan_report (addr=1743265406637584896, size=140737337053680, is_write=46) at kasan/kasan.c:97
| #1 0x0000555555607bdd in __asan_loadN_noabort (addr=140737272831420, size=4) at kasan/kasan.c:289
| #2 0x0000555555607cd7 in __asan_load4_noabort (addr=140737272831420) at kasan/kasan.c:323
| #3 0x00005555556061ef in gmtime_r (timep=0x7ffff3275dbc, result=0x7ffff3275e10) at time/lib_gmtimer.c:301
| #4 0x000055555560e507 in sim_rtc_rdtime (lower=0x55555576b780 <g_sim_rtc>, rtctime=0x7ffff3275e10) at sim/up_rtc.c:77
| #5 0x00005555555fcbdb in up_rtc_gettime (tp=0x7ffff3275ef0) at timers/arch_rtc.c:128
| #6 0x00005555555f08b4 in clock_systime_timespec (ts=0x7ffff3275ef0) at clock/clock_systime_timespec.c:72
| #7 0x00005555555ecc77 in note_common (tcb=0x7ffff31d2180, note=0x7ffff3275f80, length=21 '\025', type=18 '\022') at sched/sched_note.c:144
| #8 0x00005555555ed706 in sched_note_syscall_enter (nr=1, argc=0) at sched/sched_note.c:765
| #9 0x000055555560eb37 in __wrap_getpid () at wraps/WRAP_getpid.c:26
| #10 0x0000555555608d1c in mm_takesemaphore (heap=0x7ffff30ae000) at mm_heap/mm_sem.c:127
| #11 0x0000555555609477 in mm_free (heap=0x7ffff30ae000, mem=0x7ffff3265b80) at mm_heap/mm_free.c:89
| #12 0x00005555556070c5 in free (mem=0x7ffff3265b80) at umm_heap/umm_free.c:49
| #13 0x000055555560c3b0 in up_release_stack (dtcb=0x7ffff31e4b00, ttype=0 '\000') at sim/up_releasestack.c:67
| #14 0x00005555555f2515 in nxsched_release_tcb (tcb=0x7ffff31e4b00, ttype=0 '\000') at sched/sched_releasetcb.c:134
| #15 0x00005555556bdf0c in nxtask_terminate (pid=4, nonblocking=true) at task/task_terminate.c:184
| #16 0x00005555556bdb0f in nxtask_exit () at task/task_exit.c:168
| #17 0x000055555566e05f in up_exit (status=0) at sim/up_exit.c:64
| #18 0x000055555564f454 in _exit (status=0) at task/exit.c:78
| #19 0x000055555560ea89 in __wrap__exit (parm1=0) at wraps/WRAP__exit.c:27
| #20 0x00005555555eb288 in exit (status=0) at stdlib/lib_exit.c:54
| #21 0x00005555555fe2cc in nxtask_startup (entrypt=0x555555670c34 <critmon_start_main>, argc=1, argv=0x7ffff3265bb0) at sched/task_startup.c:70
| #22 0x00005555555f02a0 in nxtask_start () at task/task_start.c:134
| #23 0x0000000000000000 in ?? ()
Signed-off-by: chao.an <anchao@xiaomi.com>
This is a fix of:
0169a51220
This is caused by wrong memory sem operation in IDLE.
Fix:
Obey the original design, don't check the IDLE in mm_takesemaphore()
Signed-off-by: ligd <liguiding1@xiaomi.com>
1.Move all special process to mm_takesemaphore
2.Remove the support of recurive lock
3.Remove mm_trysemaphore function
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: Ie216a6294ab67c5d427f31b089beb15c532f08fe
it's more simple to make mm_heap_s opaque outside of mm
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I5c8e435f6baba6d22b10c5f7e8d9191104fb5af2
Root casue:
when do thread exit, need add free stack operation to mm_delaylist,
but in SMP mode, CPU0 thread1 exit, at this time, CPU1 call malloc
and free mm_delaylist.
Fix:
Divide mm_delaylist for per CPU in SMP mode.
Change-Id: Ibf7d04614ea2f99fb5b506356b7346a0d94f0590
Signed-off-by: ligd <liguiding1@xiaomi.com>
Pullreq libc libnx updates
* NuttX: make strerror() return 'Success' for 0
* NuttX: fix strrchr() so that it considers null terminator as part of string
From strrchr(3) man page:
"The terminating null byte is considered part of the string, so that if c
is specified as '\0', these functions return a pointer to the terminator."
* NuttX: mm_free(): Add DEBUGASSERT()'s to catch memory corruption early.
It's easier to find the source when asserts fail already when freeing
an overflowed buffer, than if the corruption is only detected on next
malloc().
* MM_FILL_ALLOCATIONS: Add debug option to fill all mallocs()
This is helpful for detecting uninitialized variables,
especially in C++ code. I seem to be forgetting to initialize
member variables and then they just get random values..
* NuttX: nxtk_bitmapwindow: Fix warning message when bitmap is fully off-screen.
* nxfonts_getfont: Avoid unnecessary warnings for other whitespace chars also.
* NuttX: Fix kerning of 'I' in Sans17x22 font
The I character was running together with some other
characters, e.g. in sequence "IMI".
* NXMU: Revalidate window pointer for mouse events.
NXMU caches the previous window pointer so that further mouse
events can be sent to the same window. However, if the window
is destroyed while mouse button is held down, the pointer may
become invalid and cause a crash. This patch revalidates the
pointer before using it.
Approved-by: GregoryN <gnutt@nuttx.org>
anjiahao