[GitHub] [incubator-nuttx] btashton commented on issue #2663: kthread_create hangs waiting on semaphore while trying to copy file descriptors

[GitBox]

btashton commented on issue #2663:
URL: 
https://github.com/apache/incubator-nuttx/issues/2663#issuecomment-770651598


   @xiaoxiang781216 I just noticed something similar when trying to create a 
kernel thread off of a call in `sim_bringup()` (I'm add usbhost support via 
libusb).  I get a segfault because in `sched_dupfiles` `rtcb->group` is 0 which 
means parent and child are both invalid
   
   ```c
   Thread 1 "nuttx" received signal SIGSEGV, Segmentation fault.
                                                                sched_dupfiles 
(tcb=0x7ffff3e295d0) at group/group_setuptaskfiles.c:103
   103           if (parent[i].f_inode &&
   Missing separate debuginfos, use: dnf debuginfo-install 
libgcc-10.2.1-9.fc33.x86_64 libusbx-1.0.23-2.fc33.x86_64 
systemd-libs-246.7-2.fc33.x86_64 zlib-1.2.11-23.fc33.x86_64
   (gdb) p parent
   $1 = (struct file *) 0x78
   (gdb) list
   98            /* Check if this file is opened by the parent.  We can tell if
   99             * if the file is open because it contain a reference to a 
non-NULL
   100            * i-node structure.
   101            */
   102
   103           if (parent[i].f_inode &&
   104               (parent[i].f_oflags & O_CLOEXEC) == 0)
   105             {
   106               /* Yes... duplicate it for the child */
   107
   (gdb) p rtcb
   $2 = (struct tcb_s *) 0x7ffff3e27c90
   (gdb) p rtcb->group
   $3 = (struct task_group_s *) 0x0
   (gdb) p rtcb*
   A syntax error in expression, near `'.
   (gdb) p *rtcb
   $4 = {flink = 0x43f8a0 <g_idletcb>, blink = 0x7ffff7f38020 <_IO_strn_jumps>, 
group = 0x0, pid = 1, start = 0x402184 <nxtask_start>, entry = {pthread = 
0x408e78 <nsh_main>, main = 0x408e78 <nsh_main>}, sched_priority = 100 'd', 
     init_priority = 100 'd', task_state = 3 '\003', flags = 0, lockcount = 0, 
errcode = 0, waitdog = {next = 0x0, func = 0x85b82ce26aee8900, lag = 0, flags = 
0 '\000', arg = 9635500753727424768}, adj_stack_size = 140737285094944, 
     stack_alloc_ptr = 0x85b82ce26aee8900, adj_stack_ptr = 0x4412a0, waitsem = 
0x0, sigprocmask = 4091706928, sigwaitmask = 32767, sigpendactionq = {head = 
0x4412a0, tail = 0xffffffff}, sigpostedq = {head = 0x3, tail = 0x4441d0}, 
sigunbinfo = {
       si_signo = 5 '\005', si_code = 23 '\027', si_errno = 232 '\350', 
si_value = {sival_int = 48, sival_ptr = 0x3000000030}, si_pid = 32304, 
si_status = 32767}, msgwaitq = 0x7ffff3e27d60, mhead = 0x85b82ce26aee8900, xcp 
= {
       sigdeliver = 0x7ffff3e27e1c, regs = {4539616, 0, 0, 0, 140737353413158, 
4473296, 140737351999557, 140737351996080}}, name = 
"x\030\371\367\377\177\000\000\000\000\000\000\000\000\000\000 
\203\363\367\t\000\000\000\340DE\000\000\000\000"}
   (gdb) p rtcb->group
   $5 = (struct task_group_s *) 0x0
   ```


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org