Invalid pxCurrentTCB

Kernel
1

Hi!
I have an application running on an STM32F411 with FreeRTOS v10.4.3.
Sometimes the application crashes. It can occur after 10 seconds or 10 minutes, sometimes longer. I have traced the cause of the crash to be an incorrect pxCurrentTCB value during a xTaskIncrementTick() call.
Here are the values in pxCurrentPCB read with Ozone:

Level,Expression,Value,Location,Type
0,pxCurrentTCB,0x20009110,0x20006284,volatile struct tskTaskControlBlock*
1,pxTopOfStack,0xA5A5A5A5,0x20009110,volatile unsigned long*
1,xStateListItem,0x20009114,struct xLIST_ITEM
1,xEventListItem,0x20009128,struct xLIST_ITEM
1,uxPriority,2779096485,0x2000913C,unsigned long
1,pxStack,0xA5A5A5A5,0x20009140,unsigned long*
1,pcTaskName,“\245\245\245\245\245\245\245\245\245\245\245\245\245\245\245\245…”,0x20009144,char[16]
1,uxBasePriority,2779096485,0x20009154,unsigned long
1,uxMutexesHeld,2779096485,0x20009158,unsigned long
1,ulNotifiedValue,0x2000915C,volatile unsigned long[1]
1,ucNotifyState,“\245…”,0x20009160,volatile unsigned char[1]
1,ucStaticallyAllocated,165 (‘¥’),0x20009161,unsigned char

Looking at the uxPriority or pcTaskName I can see that these values are invalid. Because of the invalid value of uxPriority, this line (tasks.c, line 2843):

if( listCURRENT_LIST_LENGTH( &( pxReadyTasksLists[ pxCurrentTCB->uxPriority ] ) ) > ( UBaseType_t ) 1 )

causes a hardfault.
I’ve read several similar topics on this forum, but they don’t seem relevant to me. I have checked my interrupt priorities configuration:
In FreeRTOSConfig.h I have:

#ifdef __NVIC_PRIO_BITS
#define configPRIO_BITS __NVIC_PRIO_BITS
#else
#define configPRIO_BITS 4
#endif

#define configLIBRARY_LOWEST_INTERRUPT_PRIORITY 15
#define configLIBRARY_MAX_SYSCALL_INTERRUPT_PRIORITY 4

In main(), I call NVIC_SetPriorityGrouping(NVIC_PRIORITYGROUP_4);.

I have only a few interrupts, and all of them have priority at either 4 or 5.
In these few interrupts, if I call a FreeRTOS-related function I use the FromISR() variant.

What may be interesting is that I only ever catch this crash when the SysTick occurs during a memcpy() call, but it’s possible that I just copy a lot of data :slight_smile:
To be sure, I implemented my own, super-simple memcpy() that just copies data byte-by-byte in a for loop and verified that my code is using it, but it didn’t change a thing.

What am I doing wrong? Thanks in advance.

2

your memcpy may be overtrampling data which can affect everything including system data structures. You may want to employ dwt breakpoints to ctch the case where illegal data is written to a reproducable location.

3

Yeah, that was unwise of me. I’d swear I double-checked all my memcpy calls, but it turns out I didn’t. The problem was exactly that. Thanks!