rt-thread icon indicating copy to clipboard operation
rt-thread copied to clipboard
verified publisher icon RT-Thread

[Bug] Output error in rt_device_write function

Open LecterChu opened this issue 1 year ago • 0 comments

RT-Thread Version

5.2.0 commit 2f559906d6202c27142237ab4b1d893034a5b7c3

Hardware Type/Architectures

VEXPRESS_A9

Develop Toolchain

GCC

Describe the bug

Log output fails due to serial device busy or buffer overflow.

Steps to reproduce

1.Build RT-Thread 2.Use the following command to start the kernel with QEMU:

qemu-system-arm \
    -M vexpress-a9 \
    -smp 2 \
    -m 4096M \
    -kernel /path/to/rt-thread/bsp/qemu-vexpress-a9/rtthread.bin \
    -drive if=sd,file=/path/to/rt-thread/bsp/qemu-vexpress-a9/sd.bin,format=raw \
    -nographic \
    -semihosting \

Source code location

/root/rtthread/rt-thread/components/drivers/core/device.c : 396

    if (dev->ref_count == 0)
    {
        rt_set_errno(-RT_ERROR);
        return 0;
    }

    /* call device_write interface */
    if (device_write != RT_NULL)
    {
        return device_write(dev, pos, buffer, size);  //  396
    }

    /* set error code */
    rt_set_errno(-RT_ENOSYS);

Test case

syz_create_bind_socket (0xbc78, 0x0, 0x101, 0x0)

long syz_create_bind_socket(volatile long domain, volatile long type, volatile long protocol, volatile long sockaddr_ptr) {
    int sock = socket((int)domain, (int)type, (int)protocol);
    if (sock < 0) {
        return -1;
    }
    struct sockaddr_in addr;
    if (sockaddr_ptr != 0) {
        memcpy(&addr, (struct sockaddr_in *)sockaddr_ptr, sizeof(struct sockaddr_in));
    } else {
        memset(&addr, 0, sizeof(struct sockaddr_in));
        addr.sin_family = AF_INET;
        addr.sin_port = htons(12345);
        addr.sin_addr.s_addr = htonl(INADDR_ANY);
    }
    if (bind(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) < 0) {
        closesocket(sock);
        return -2;
    }
    return (long)sock;
}

Backtrace upon hitting the bug

#executing syz_create_bind_socket (0xbc78, 0x0, 0x101, 0x0)
2024/09/04 09:02:55 Syscall execution is ok
2024/09/04 09:02:56 qemu run inst merger err: execution timed out
2024/09/04 09:02:56 Received stop signal, requires feedback = true
2024/09/04 09:02:56 running diagnose
2024/09/04 09:02:56 VM-0 failed reading regs: dial tcp 127.0.0.1:14695: connect: connection refused
2024/09/04 09:02:56 VM-0 failed reading regs: dial tcp 127.0.0.1:14695: connect: connection refused
2024/09/04 09:02:56 Stack frames at BUG: unexpected stop:
2024/09/04 09:02:56 Level: 0: 1611238748, /root/kcov.c : __sanitizer_cov_trace_pc : 71 : 
2024/09/04 09:02:56 Level: 1: 1611348476, /root/rtthread/rt-thread/components/drivers/serial/serial.c : rt_serial_write : 917 : 
2024/09/04 09:02:56 Level: 2: 1611243408, /root/rtthread/rt-thread/components/drivers/core/device.c : rt_device_write : 396 : 
2024/09/04 09:02:56 Level: 3: 1611466872, /root/rtthread/rt-thread/src/kservice.c : _kputs : 298 : 
2024/09/04 09:02:56 Level: 4: 1611467092, /root/rtthread/rt-thread/src/kservice.c : rt_kprintf : 349 : 
2024/09/04 09:02:56 Level: 5: 1611175348, /root/rtthread/rt-thread/components/net/sal/src/sal_socket.c : sal_socket : 1059 : 
2024/09/04 09:02:56 Level: 6: 1611165780, /root/rtthread/rt-thread/components/net/sal/socket/net_sockets.c : socket : 244 : 
2024/09/04 09:02:56 Level: 7: 1611220832, /root/rtthread/rt-thread/bsp/qemu-vexpress-a9/applications/common_freertos.h : syz_create_bind_socket : 896 :

I would greatly appreciate it if you could kindly inform me of any mistakes in the previous issues.

Other additional context

No response

LecterChu avatar Sep 10 '24 09:09 LecterChu