You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@mynewt.apache.org by "Michał Narajowski (JIRA)" <ji...@apache.org> on 2017/05/23 13:27:04 UTC

[jira] [Created] (MYNEWT-765) os_mbuf memory corruption on native platform

Michał Narajowski created MYNEWT-765:
----------------------------------------

             Summary: os_mbuf memory corruption on native platform
                 Key: MYNEWT-765
                 URL: https://issues.apache.org/jira/browse/MYNEWT-765
             Project: Mynewt
          Issue Type: Bug
         Environment: bsncent app on native 32-bit Ubuntu 17.04
            Reporter: Michał Narajowski
            Priority: Minor


h4. General description:
There is a segmentation fault error in function {{ble_hs_log_mbuf}} in file {{net/nimble/host/src/ble_hs_log.c}} when receiving notifications at high rate. Tested using *bsncent* app from https://github.com/rymanluk/incubator-mynewt-core/tree/bsn and *bsnprph* also from https://github.com/apache/incubator-mynewt-core/tree/bsnbranch

Data from HCI command overwrites the os_mbuf struct instead of being written to {{om->om_data}}. I tried to catch that memory violation earlier in code, but somehow it is only triggered in the {{ble_hs_log_mbuf}} function.

h4. How to reproduce:
1. Build and flash *bsnprph* app from https://github.com/apache/incubator-mynewt-core/tree/bsnbranch with the following configuration:
{quote}
app=@apache-mynewt-core/apps/bsnprph
bsp=@apache-mynewt-core/hw/bsp/nrf52dk
build_profile=optimized
{quote}

2. Build *bsncent* app from https://github.com/rymanluk/incubator-mynewt-core/tree/bsn with the following configuration:
{quote}
app=@apache-mynewt-core/apps/bsncent
bsp=@apache-mynewt-core/hw/bsp/native
build_profile=debug
syscfg=BLE_HS_DEBUG=1:BLE_MAX_CONNECTIONS=5:BLE_SM_BONDING=1:BLE_SM_IO_CAP=BLE_HS_IO_KEYBOARD_DISPLAY:BLE_SM_LEGACY=1:BLE_SM_MITM=1:BLE_SM_OUR_KEY_DIST=7:BLE_SM_SC=1:BLE_SOCK_LINUX_DEV=0:BLE_SOCK_USE_LINUX_BLUE=1:BLE_SOCK_USE_TCP=0:LOG_LEVEL=0:MCU_NATIVE_USE_SIGNALS=1:OS_MAIN_STACK_SIZE=512:SHELL_TASK=1
{quote}

3. It is possible to reproduce it using Mynewt controller (but then another issue shows up sometimes, described below) or some other controller like PTS with some hacks in ble_hs_startup.c to start controller.

4. Run *bsncent* app from 32bit Ubuntu

Here is the backtrace from GDB:
{quote}
Program received signal SIGSEGV, Segmentation fault.
__memcpy_sse2_unaligned () at ../sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S:651
651     ../sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: No such file or directory.
(gdb) bt
#0  __memcpy_sse2_unaligned () at ../sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S:651
#1  0x80009fc0 in os_mbuf_copydata (m=0x8008fb6c, off=0, len=1, 
    dst=0x800746c7 <os_main_stack+32199>) at repos/apache-mynewt-core/kernel/os/src/os_mbuf.c:722
#2  0x8001fb5a in ble_hs_log_mbuf (om=0x8008fb6c)
    at repos/apache-mynewt-core/net/nimble/host/src/ble_hs_log.c:32
#3  0x8001f18c in ble_hs_hci_evt_acl_process (om=0x8008fb6c)
    at repos/apache-mynewt-core/net/nimble/host/src/ble_hs_hci_evt.c:631
#4  0x80018c1f in ble_hs_process_rx_data_queue ()
    at repos/apache-mynewt-core/net/nimble/host/src/ble_hs.c:195
#5  0x80019020 in ble_hs_event_data (ev=0x80075aec <ble_hs_rx_q+8>)
    at repos/apache-mynewt-core/net/nimble/host/src/ble_hs.c:379
#6  0x80007009 in os_eventq_run (evq=0x80074908 <os_eventq_main>)
    at repos/apache-mynewt-core/kernel/os/src/os_eventq.c:172
#7  0x80002308 in main (argc=0, argv=0x0) at repos/apache-mynewt-core/apps/bsncent/src/main.c:457
{quote}

h4. Another issue
Actually, there is also a second problem. When using *blehci* as the controller the communication between central and peripheral freezes somewhere around GATT discovery most of the time. It happens quiet randomly. 

To reproduce it:

1. Build and flash *blehci* app from https://github.com/apache/incubator-mynewt-core/tree/bsnbranch with the following configuration:
{quote}
app=@apache-mynewt-core/apps/blehci
bsp=@apache-mynewt-core/hw/bsp/nrf51dk
build_profile=optimized  syscfg=BLE_HCI_UART_FLOW_CTL=0:BLE_LL_STRICT_CONN_SCHEDULING=0:BLE_MAX_CONNECTIONS=5:BLE_PUBLIC_DEV_ADDR=(uint8_t\[6\])\{0x0a, 0x0b, 0x09, 0x09, 0x09, 0x00\}
{quote}
It happens on both nrf51 and ntf52.

2. From 32bit Ubuntu use btattach to attach *blehci* controller
{quote}
sudo tools/btattach -N -B /dev/ttyUSB0 -S 1000000
{quote}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)