Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Interrupt error in rt_hw_timer_isr function or return error in rt_interrupt_get_nest() function #9435

Open
LecterChu opened this issue Sep 13, 2024 · 0 comments
Open

[Bug] Interrupt error in rt_hw_timer_isr function or return error in rt_interrupt_get_nest() function #9435

LecterChu opened this issue Sep 13, 2024 · 0 comments

Comments

@LecterChu
Copy link

RT-Thread Version

5.2.0 commit 2f55990

Hardware Type/Architectures

VEXPRESS_A9

Develop Toolchain

GCC

Describe the bug

Describe the bug

The rt_hw_timer_isr interrupt handler did not correctly enter the interrupt context, or rt_interrupt_get_nest() returned an incorrect value.

Steps to reproduce

1.Build RT-Thread
2.Use the following command to start the kernel with QEMU:

qemu-system-arm \
    -M vexpress-a9 \
    -smp 2 \
    -m 4096M \
    -kernel /path/to/rt-thread/bsp/qemu-vexpress-a9/rtthread.bin \
    -drive if=sd,file=/path/to/rt-thread/bsp/qemu-vexpress-a9/sd.bin,format=raw \
    -nographic \
    -semihosting \

3.Use the functions and parameters provided in the ’Test case‘ section for testing

Source code location

/root/rtthread/rt-thread/src/clock.c : rt_tick_increase : 88 : 
void rt_tick_increase(void)
{
    RT_ASSERT(rt_interrupt_get_nest() > 0);  //  88

    RT_OBJECT_HOOK_CALL(rt_tick_hook, ());
    /* increase the global tick */
#ifdef RT_USING_SMP
    /* get percpu and increase the tick */
    rt_atomic_add(&(rt_cpu_self()->tick), 1);
#else
    rt_atomic_add(&(rt_tick), 1);
#endif /* RT_USING_SMP */

    /* check time slice */
    rt_sched_tick_increase();

    /* check timer */
#ifdef RT_USING_SMP
    if (rt_cpu_get_id() != 0)
    {
        return;
    }
#endif
    rt_timer_check();
}

/root/rtthread/rt-thread/bsp/qemu-vexpress-a9/drivers/drv_timer.c : rt_hw_timer_isr : 68 : 
static void rt_hw_timer_isr(int vector, void *param)
{
    rt_tick_increase();  //  68
    /* clear interrupt */
    TIMER_INTCLR(TIMER_HW_BASE) = 0x01;
}

Test case

syz_thread_get_info(volatile int thread_id, volatile int packed_info_struct)

long syz_thread_get_info(volatile int thread_id, volatile int packed_info_struct) {
    rt_thread_t thread = (rt_thread_t)thread_id;
    
    // Ensure the pointer is valid and points to allocated memory
    info_struct* info = (info_struct*) malloc(sizeof(info_struct));
    if (info == NULL) {
        rt_kprintf("Memory allocation failed.\n");
        return -2;  // Memory allocation failure
    }

    if (!rt_thread_find(thread)) {
        free(info);
        rt_kprintf("Thread does not exist.\n");
        return -1;  // Thread does not exist
    }

    rt_err_t result = rt_thread_control(thread, RT_THREAD_CTRL_INFO, info);
    if (result == RT_EOK) {
        // Copy or process the info as needed
        rt_kprintf("Thread info retrieved successfully.\n");
        free(info);
        return 0;  // Success
    } else {
        rt_kprintf("Failed to retrieve thread info, error: %d\n", result);
        free(info);
        return -3;  // Error retrieving thread info
    }
}

Backtrace upon hitting the bug

#executing syz_thread_get_info (0x0, 0x0)
...
#executing syz_thread_get_info (0x0, 0x0)
2024/09/04 12:17:55 Syscall execution is ok
2024/09/04 12:17:55 qemu run inst merger err: execution timed out
2024/09/04 12:17:55 Received stop signal, requires feedback = true
2024/09/04 12:17:55 running diagnose
2024/09/04 12:17:55 VM-0 failed reading regs: dial tcp 127.0.0.1:33906: connect: connection refused
2024/09/04 12:17:55 VM-0 failed reading regs: dial tcp 127.0.0.1:33906: connect: connection refused
2024/09/04 12:17:55 Stack frames at BUG: unexpected stop:
2024/09/04 12:17:55 Level: 0: 1611238884, /root/kcov.c : write_comp_data : 111 : 
2024/09/04 12:17:55 Level: 1: 1611239332, /root/kcov.c : __sanitizer_cov_trace_const_cmp4 : 183 : 
2024/09/04 12:17:55 Level: 2: 1611187656, /root/rtthread/rt-thread/libcpu/arm/common/atomic_arm.c : rt_hw_atomic_load : 83 : 
2024/09/04 12:17:55 Level: 3: 1611454864, /root/rtthread/rt-thread/src/irq.c : rt_interrupt_get_nest : 122 : 
2024/09/04 12:17:55 Level: 4: 1611420692, /root/rtthread/rt-thread/src/clock.c : rt_tick_increase : 88 : 
2024/09/04 12:17:55 Level: 5: 1611236508, /root/rtthread/rt-thread/bsp/qemu-vexpress-a9/drivers/drv_timer.c : rt_hw_timer_isr : 68 : 
2024/09/04 12:17:55 Level: 6: 1611211748, /root/rtthread/rt-thread/libcpu/arm/cortex-a/trap.c : rt_hw_trap_irq : 363 : 
2024/09/04 12:17:55 Level: 7: 1611546348, /root/rtthread/rt-thread/libcpu/arm/cortex-a/start_gcc.S : vector_irq : 385 : 
2024/09/04 12:17:55 Level: 8: 1611238770, /root/kcov.c : __sanitizer_cov_trace_pc : 74 : 
2024/09/04 12:17:55 Level: 9: 1611435028, /root/rtthread/rt-thread/src/ipc.c : rt_mutex_release : 1588 : 
2024/09/04 12:17:55 Level: 10: 1611468424, /root/rtthread/rt-thread/src/kservice.c : _heap_unlock : 560 : 
2024/09/04 12:17:55 Level: 11: 1611469432, /root/rtthread/rt-thread/src/kservice.c : rt_free : 769 : 
2024/09/04 12:17:55 Level: 12: 1610767840, /root/rtthread/rt-thread/components/libc/compilers/newlib/syscalls.c : _free_r : 77 : 
2024/09/04 12:17:55 Level: 13: 1611213724, /root/rtthread/rt-thread/bsp/qemu-vexpress-a9/applications/common_freertos.h : syz_thread_get_info : 163 :

I would greatly appreciate it if you could kindly inform me of any mistakes in the previous issues.

Other additional context

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@LecterChu