[Bug] Memory allocation error in rt_malloc function

Open LecterChu opened this issue 1 year ago • 0 comments

RT-Thread Version

5.2.0 commit 2f559906d6202c27142237ab4b1d893034a5b7c3

Hardware Type/Architectures

VEXPRESS_A9

Develop Toolchain

GCC

Steps to reproduce

1.Build RT-Thread 2.Use the following command to start the kernel with QEMU:

qemu-system-arm \
    -M vexpress-a9 \
    -smp 2 \
    -m 4096M \
    -kernel /path/to/rt-thread/bsp/qemu-vexpress-a9/rtthread.bin \
    -drive if=sd,file=/path/to/rt-thread/bsp/qemu-vexpress-a9/sd.bin,format=raw \
    -nographic \
    -semihosting \

Source code location

/root/rtthread/rt-thread/src/kservice.c : 686

rt_weak void *rt_malloc(rt_size_t size)
{
    rt_base_t level;
    void *ptr;

    /* Enter critical zone */
    level = _heap_lock();
    /* allocate memory block from system heap */
    ptr = _MEM_MALLOC(size); // 686
    /* Exit critical zone */
    _heap_unlock(level);
    /* call 'rt_malloc' hook */
    RT_OBJECT_HOOK_CALL(rt_malloc_hook, (&ptr, size));
    return ptr;
}

Test case

syz_create_bind_socket (0x3, 0x0, 0x8001, 0x0)

long syz_create_bind_socket(volatile long domain, volatile long type, volatile long protocol, volatile long sockaddr_ptr) {
    int sock = socket((int)domain, (int)type, (int)protocol);
    if (sock < 0) {
        return -1;
    }
    struct sockaddr_in addr;
    if (sockaddr_ptr != 0) {
        memcpy(&addr, (struct sockaddr_in *)sockaddr_ptr, sizeof(struct sockaddr_in));
    } else {
        memset(&addr, 0, sizeof(struct sockaddr_in));
        addr.sin_family = AF_INET;
        addr.sin_port = htons(12345);
        addr.sin_addr.s_addr = htonl(INADDR_ANY); 
    }

    if (bind(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)) < 0) {
        closesocket(sock);
        return -2; 
    }

    return (long)sock;
}

Backtrace upon hitting the bug

#executing syz_create_bind_socket (0x3, 0x0, 0x8001, 0x0)
2024/09/04 10:54:03 Syscall execution is ok
2024/09/04 10:54:04 qemu run inst merger err: execution timed out
2024/09/04 10:54:04 Received stop signal, requires feedback = true
2024/09/04 10:54:04 running diagnose
2024/09/04 10:54:04 VM-0 failed reading regs: dial tcp 127.0.0.1:41077: connect: connection refused
2024/09/04 10:54:04 VM-0 failed reading regs: dial tcp 127.0.0.1:41077: connect: connection refused
2024/09/04 10:54:04 Stack frames at BUG: unexpected stop:
2024/09/04 10:54:04 Level: 0: 1611238748, /root/kcov.c : __sanitizer_cov_trace_pc : 71 : 
2024/09/04 10:54:04 Level: 1: 1611471932, /root/rtthread/rt-thread/src/mem.c : rt_smem_alloc : 282 : 
2024/09/04 10:54:04 Level: 2: 1611468880, /root/rtthread/rt-thread/src/kservice.c : rt_malloc : 686 : 
2024/09/04 10:54:04 Level: 3: 1611165704, /root/rtthread/rt-thread/components/net/sal/socket/net_sockets.c : socket : 234 : 
2024/09/04 10:54:04 Level: 4: 1611220832, /root/rtthread/rt-thread/bsp/qemu-vexpress-a9/applications/common_freertos.h : syz_create_bind_socket : 896 :

I would greatly appreciate it if you could kindly inform me of any mistakes in the previous issues.

Other additional context

No response

Other additional context

No response

Sep 10 '24 09:09 LecterChu