rt-thread icon indicating copy to clipboard operation
rt-thread copied to clipboard
verified publisher icon RT-Thread

[Bug]Memory error in rt_malloc function

Open LecterChu opened this issue 1 year ago • 1 comments

RT-Thread Version

5.2.0 commit 2f559906d6202c27142237ab4b1d893034a5b7c3

Hardware Type/Architectures

VEXPRESS_A9

Develop Toolchain

GCC

Describe the bug

Steps to reproduce:

1.Build RT-Thread 2.Use the following command to start the kernel with QEMU:

qemu-system-arm \
    -M vexpress-a9 \
    -smp 2 \
    -m 4096M \
    -kernel /path/to/rt-thread/bsp/qemu-vexpress-a9/rtthread.bin \
    -drive if=sd,file=/path/to/rt-thread/bsp/qemu-vexpress-a9/sd.bin,format=raw \
    -nographic \
    -semihosting \

source code location

/root/rtthread/rt-thread/src/mem.c : 108

103    rt_inline void rt_smem_setname(struct rt_small_mem_item *mem, const char *name)
104    {
105        int index;
106        for (index = 0; index < sizeof(mem->thread); index ++)
107        {
108           if (name[index] == '\0') break;
109           mem->thread[index] = name[index];
110       }
111
112       for (; index < sizeof(mem->thread); index ++)
113       {
114           mem->thread[index] = ' ';
115       }
116    }

/root/rtthread/rt-thread/src/mem.c : 331

325                    /* create mem2 struct */
326                    mem2       = (struct rt_small_mem_item *)&small_mem->heap_ptr[ptr2];
327                    mem2->pool_ptr = MEM_FREED(small_mem);
328                    mem2->next = mem->next;
329                    mem2->prev = ptr;
330    #ifdef RT_USING_MEMTRACE
331                    rt_smem_setname(mem2, "    ");
332    #endif /* RT_USING_MEMTRACE */
333    
334                    /* and insert it between mem and mem->next */
335                    mem->next = ptr2;

Test case

syz_create_and_start_soft_timer (0x200003c0, 0x0)
long syz_create_and_start_soft_timer(volatile int name, volatile int time) {
    rt_timer_t timer = rt_timer_create((const char *)name, timeout_handler, RT_NULL, (rt_tick_t)time, RT_TIMER_FLAG_SOFT_TIMER);
    rt_timer_start(timer);
    return 0;
}

Backtrace upon hitting the breakpoint

#executing syz_create_and_start_soft_timer (0x200003c0, 0x0)
2024/09/04 15:52:45 Syscall execution is ok
2024/09/04 15:52:45 qemu run inst merger err: execution timed out
2024/09/04 15:52:45 Received stop signal, requires feedback = true
2024/09/04 15:52:45 running diagnose
2024/09/04 15:52:45 VM-0 failed reading regs: dial tcp 127.0.0.1:45143: connect: connection refused
2024/09/04 15:52:45 VM-0 failed reading regs: dial tcp 127.0.0.1:45143: connect: connection refused
2024/09/04 15:52:45 Stack frames at BUG: unexpected stop:
2024/09/04 15:52:45 Level: 0: 1611238884, /root/kcov.c : write_comp_data : 111 : 
2024/09/04 15:52:45 Level: 1: 1611239238, /root/kcov.c : __sanitizer_cov_trace_const_cmp1 : 167 : 
2024/09/04 15:52:45 Level: 2: 1611470216, /root/rtthread/rt-thread/src/mem.c : rt_smem_setname : 108 : 
2024/09/04 15:52:45 Level: 3: 1611472404, /root/rtthread/rt-thread/src/mem.c : rt_smem_alloc : 331 : 
2024/09/04 15:52:45 Level: 4: 1611468880, /root/rtthread/rt-thread/src/kservice.c : rt_malloc : 686 : 
2024/09/04 15:52:45 Level: 5: 1611489848, /root/rtthread/rt-thread/src/object.c : rt_object_allocate : 460 : 
2024/09/04 15:52:45 Level: 6: 1611505236, /root/rtthread/rt-thread/src/timer.c : rt_timer_create : 348 :

It appears that there is an illegal memory block name setting operation or 'mem2' initialization error. Do you have any idea what might cause this error?

Other additional context

No response

LecterChu avatar Sep 08 '24 10:09 LecterChu

Welcome to submit your PR.

BernardXiong avatar Sep 09 '24 10:09 BernardXiong