rt-thread icon indicating copy to clipboard operation
rt-thread copied to clipboard
verified publisher icon RT-Thread

[Bug] Interrupt error in rt_hw_timer_isr function or return error in rt_interrupt_get_nest() function

Open LecterChu opened this issue 1 year ago • 0 comments

RT-Thread Version

5.2.0 commit 2f559906d6202c27142237ab4b1d893034a5b7c3

Hardware Type/Architectures

VEXPRESS_A9

Develop Toolchain

GCC

Describe the bug

Describe the bug

The rt_hw_timer_isr interrupt handler did not correctly enter the interrupt context, or rt_interrupt_get_nest() returned an incorrect value.

Steps to reproduce

1.Build RT-Thread 2.Use the following command to start the kernel with QEMU:

qemu-system-arm \
    -M vexpress-a9 \
    -smp 2 \
    -m 4096M \
    -kernel /path/to/rt-thread/bsp/qemu-vexpress-a9/rtthread.bin \
    -drive if=sd,file=/path/to/rt-thread/bsp/qemu-vexpress-a9/sd.bin,format=raw \
    -nographic \
    -semihosting \

3.Use the functions and parameters provided in the ’Test case‘ section for testing

Source code location

/root/rtthread/rt-thread/src/clock.c : rt_tick_increase : 88 : 
void rt_tick_increase(void)
{
    RT_ASSERT(rt_interrupt_get_nest() > 0);  //  88

    RT_OBJECT_HOOK_CALL(rt_tick_hook, ());
    /* increase the global tick */
#ifdef RT_USING_SMP
    /* get percpu and increase the tick */
    rt_atomic_add(&(rt_cpu_self()->tick), 1);
#else
    rt_atomic_add(&(rt_tick), 1);
#endif /* RT_USING_SMP */

    /* check time slice */
    rt_sched_tick_increase();

    /* check timer */
#ifdef RT_USING_SMP
    if (rt_cpu_get_id() != 0)
    {
        return;
    }
#endif
    rt_timer_check();
}

/root/rtthread/rt-thread/bsp/qemu-vexpress-a9/drivers/drv_timer.c : rt_hw_timer_isr : 68 : 
static void rt_hw_timer_isr(int vector, void *param)
{
    rt_tick_increase();  //  68
    /* clear interrupt */
    TIMER_INTCLR(TIMER_HW_BASE) = 0x01;
}

Test case

syz_thread_get_info(volatile int thread_id, volatile int packed_info_struct)

long syz_thread_get_info(volatile int thread_id, volatile int packed_info_struct) {
    rt_thread_t thread = (rt_thread_t)thread_id;
    
    // Ensure the pointer is valid and points to allocated memory
    info_struct* info = (info_struct*) malloc(sizeof(info_struct));
    if (info == NULL) {
        rt_kprintf("Memory allocation failed.\n");
        return -2;  // Memory allocation failure
    }

    if (!rt_thread_find(thread)) {
        free(info);
        rt_kprintf("Thread does not exist.\n");
        return -1;  // Thread does not exist
    }

    rt_err_t result = rt_thread_control(thread, RT_THREAD_CTRL_INFO, info);
    if (result == RT_EOK) {
        // Copy or process the info as needed
        rt_kprintf("Thread info retrieved successfully.\n");
        free(info);
        return 0;  // Success
    } else {
        rt_kprintf("Failed to retrieve thread info, error: %d\n", result);
        free(info);
        return -3;  // Error retrieving thread info
    }
}

Backtrace upon hitting the bug

#executing syz_thread_get_info (0x0, 0x0)
...
#executing syz_thread_get_info (0x0, 0x0)
2024/09/04 12:17:55 Syscall execution is ok
2024/09/04 12:17:55 qemu run inst merger err: execution timed out
2024/09/04 12:17:55 Received stop signal, requires feedback = true
2024/09/04 12:17:55 running diagnose
2024/09/04 12:17:55 VM-0 failed reading regs: dial tcp 127.0.0.1:33906: connect: connection refused
2024/09/04 12:17:55 VM-0 failed reading regs: dial tcp 127.0.0.1:33906: connect: connection refused
2024/09/04 12:17:55 Stack frames at BUG: unexpected stop:
2024/09/04 12:17:55 Level: 0: 1611238884, /root/kcov.c : write_comp_data : 111 : 
2024/09/04 12:17:55 Level: 1: 1611239332, /root/kcov.c : __sanitizer_cov_trace_const_cmp4 : 183 : 
2024/09/04 12:17:55 Level: 2: 1611187656, /root/rtthread/rt-thread/libcpu/arm/common/atomic_arm.c : rt_hw_atomic_load : 83 : 
2024/09/04 12:17:55 Level: 3: 1611454864, /root/rtthread/rt-thread/src/irq.c : rt_interrupt_get_nest : 122 : 
2024/09/04 12:17:55 Level: 4: 1611420692, /root/rtthread/rt-thread/src/clock.c : rt_tick_increase : 88 : 
2024/09/04 12:17:55 Level: 5: 1611236508, /root/rtthread/rt-thread/bsp/qemu-vexpress-a9/drivers/drv_timer.c : rt_hw_timer_isr : 68 : 
2024/09/04 12:17:55 Level: 6: 1611211748, /root/rtthread/rt-thread/libcpu/arm/cortex-a/trap.c : rt_hw_trap_irq : 363 : 
2024/09/04 12:17:55 Level: 7: 1611546348, /root/rtthread/rt-thread/libcpu/arm/cortex-a/start_gcc.S : vector_irq : 385 : 
2024/09/04 12:17:55 Level: 8: 1611238770, /root/kcov.c : __sanitizer_cov_trace_pc : 74 : 
2024/09/04 12:17:55 Level: 9: 1611435028, /root/rtthread/rt-thread/src/ipc.c : rt_mutex_release : 1588 : 
2024/09/04 12:17:55 Level: 10: 1611468424, /root/rtthread/rt-thread/src/kservice.c : _heap_unlock : 560 : 
2024/09/04 12:17:55 Level: 11: 1611469432, /root/rtthread/rt-thread/src/kservice.c : rt_free : 769 : 
2024/09/04 12:17:55 Level: 12: 1610767840, /root/rtthread/rt-thread/components/libc/compilers/newlib/syscalls.c : _free_r : 77 : 
2024/09/04 12:17:55 Level: 13: 1611213724, /root/rtthread/rt-thread/bsp/qemu-vexpress-a9/applications/common_freertos.h : syz_thread_get_info : 163 :

I would greatly appreciate it if you could kindly inform me of any mistakes in the previous issues.

Other additional context

No response

LecterChu avatar Sep 13 '24 04:09 LecterChu