Skip to content

net_if_ipv6_addr_rm calls k_delayed_work_cancel() on uninitialized k_delayed_work object #3830

New issue
New issue
Closed
Bug
Closed
net_if_ipv6_addr_rm calls k_delayed_work_cancel() on uninitialized k_delayed_work object#3830
Bug
Assignees
jukkar
Labels
area: NetworkingbugThe issue is a bug, or the PR is fixing a bugpriority: mediumMedium impact/importance bug
Milestone
v1.9.0
@zephyrbot

Description

@zephyrbot
zephyrbot
opened on Jul 17, 2017

Reported by Andrew Boie:

Found while testing some new code which checks that all kernel API calls are on valid, initialized kernel objects.

This issue is in subsys/net/ip/net_if.c line 671. "lifetime" is a struct k_delayed_work that was never initialized with k_delayed_work_init().

Steps to reproduce:

  1. Clone https://github.com/andrewboie/zephyr/tree/kobject
  2. Enable CONFIG_KERNEL_OBJECT_VERIFY=y
  3. build and run any of:

tests/net/tcp
tests/net/mgmt
tests/net/ipv6

Example:

To exit from QEMU enter: 'CTRL+a, x'
[QEMU] CPU: qemu32
qemu-system-i386: warning: Unknown firmware file in legacy mode: genroms/multiboot.bin

***** BOOTING ZEPHYR OS v1.8.99 - BUILD: Jul 17 2017 21:33:06 *****
Starting Network Management API test
- Request Net MGMT
- Sending event 1 times, without a receiver
	Throwing event 0x97ab1234 1 times
- Sending event 2 times, without a receiver
	Throwing event 0x97ab1234 2 times
- Sending event 1 times, with a receiver
	Throwing event 0x97ab1234 1 times
		Received event 0x97ab1234
	Received 0x97ab1234 1 times
- Sending event 2 times, with a receiver
	Throwing event 0x97ab1234 2 times
		Received event 0x97ab1234
		Received event 0x97ab1234
	Received 0x97ab1234 2 times
- Triggering core event: 0xf0600000
		Received event 0xf0600000
- Triggering core event: 0xf0600001
0x00405228 is not a k_delayed_work
***** Kernel OOPS! *****
Current thread ID = 0x004057c0
Faulting segment:address = 0x0008:0x0000831c
eax: 0x00000023, ebx: 0x3d873a9a, ecx: 0x00412750, edx: 0x00009e60
esi: 0x00400008, edi: 0x00000080, ebp: 0x0041275c, esp: 0x00412754
eflags: 0x212
Fatal fault in essential thread! Spinning...
QEMU: Terminated

Remote debugging using :1234
0x0000fff0 in ?? ()
(gdb) b object_validate.c:193
Breakpoint 1 at 0x8318: file /projects/zephyr/kernel/object_validate.c, line 193.
(gdb) c
Continuing.

Breakpoint 1, _k_object_validate (obj=0x405228 <__net_if_net_event_test_0+200>, otype=K_OBJ_DELAYED_WORK) at /projects/zephyr/kernel/object_validate.c:193
193			k_oops();
(gdb) bt
<span>#</span>0  _k_object_validate (obj=0x405228 <__net_if_net_event_test_0+200>, otype=K_OBJ_DELAYED_WORK) at /projects/zephyr/kernel/object_validate.c:193
<span>#</span>1  0x00009583 in k_delayed_work_cancel (work=0x405228 <__net_if_net_event_test_0+200>) at /projects/zephyr/kernel/work_q.c:125
<span>#</span>2  0x00002c2e in net_if_ipv6_addr_rm (iface=0x405160 <__net_if_net_event_test_0>, addr=0x400008 <addr6>) at /projects/zephyr/subsys/net/ip/net_if.c:671
<span>#</span>3  0x00001248 in _iface_ip6_del () at /projects/zephyr/tests/net/mgmt/src/mgmt.c:260
<span>#</span>4  0x000012fa in test_core_event (event=event@entry=4032823297, func=func@entry=0x1235 <_iface_ip6_del>) at /projects/zephyr/tests/net/mgmt/src/mgmt.c:225
<span>#</span>5  0x0000165c in main () at /projects/zephyr/tests/net/mgmt/src/mgmt.c:300

(Imported from Jira ZEP-2397)

Metadata

Metadata

Assignees

Labels

area: NetworkingbugThe issue is a bug, or the PR is fixing a bugpriority: mediumMedium impact/importance bug

Type

Bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions