After I compiled the CORTEX_LM3S811_GCC version of FreeRTOS, and fuzz the generated FreeRTOSDemo.bin through afl-unicorn, I got a SIGSEGV error in task.c:2813.
it seems that a malformed pxTCB cause the prvAddTaskToReadyList in function xTaskIncrementTick crash from Segmentation fault, here are the crash data and core dump information https://www.dropbox.com/s/ftilmilloeof310/crash.tar.gz?dl=0
For reproduction, run gdb RTOSDemo.axf coredump
Thanks for your post although I’m not sure if you are reporting a specific bug or not. Is that the intention? In general, if you corrupt any of the data structures, I would expect the system to crash. We do fuzz testing on the kernel, especially when it is running the TCP/IP stack, and are not aware of any issues under normal use - although that of course doesn’t mean there aren’t any issues, just that we are not aware of any. If the TCB is corrupted then it would seem the error occurred prior to your crash, so the crash is just a symptom of something that has already gone wrong.
The attachment you have does not contain RTOSDemo.bin or RTOSDemo.axf. Are you calling just our public APIs while fuzzing or altering the internal data structures?
Thanks.