Rrooach commented on issue #15178:
URL: https://github.com/apache/nuttx/issues/15178#issuecomment-2547542063
> @GuoyuYin Can you give the source code, build commands and NSH Commands
you used? So I can reproduce it on QEMU RISC-V. (32-bit or 64-bit?) Thanks!
Hi @lupyuen the source code is a bit complicated, Basically, we are fuzz
testing the NuttX. Our core idea is to predefine some functions (contain
certain Nuttx's API) and expose specific arguments; then, our fuzzing tool can
generate arguments for this function and test the NuttX for unknown bugs.
For this bug, the predefined function is:
```bash
static long syz_sem_timedwait(volatile long sem_ptr, volatile long
abstime_ptr)
{
sem_t *sem = (sem_t *)sem_ptr;
const struct timespec *abstime = (const struct timespec *)abstime_ptr;
return (long)sem_timedwait(sem, abstime);
}
```
and its triggering argument is:
```bash
syz_sem_timedwait(0x2, 0x0)
```
And during execution, we triggered this error:
```bash
riscv_exception: BUG: EXCEPTION: Load access fault. MCAUSE:
0000000000000005, EPC: 00000000800078da, MTVAL: 0000000000000002
```
According to the EPC value, it is something wrong within the function
```nxsem_trywait()```
To reproduce it, I believe you can simply add the predefined function with
its argument, this should trigger the error.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
