Crashing on MESSAGE: EVENT_STA_DISCONNECTED
Azmatron opened this issue · comments
Prerequisites
- I have written a descriptive issue title
- I have verified that I am using the latest version of esp32-wifi-manager
- I have searched open and closed issues to ensure it has not already been reported
Description
Using esp32-wifi-manager, it works flawlessly until the ESP32 cannot connect to the wireless router. As soon as the wifi connection is not seen the ESP crashes. It seems to be some form of heap corruption and occurs when the disconnect message is added to the queue. I have tried on multiple devices and multiple applications, including stripped down application and even the examples app provided. All have the same behavior.
Is this reproducible or am I doing something stupid?
Below are logs from running the "default_demo" example
Rebooting...
ets Jun 8 2016 00:22:57
rst:0xc (SW_CPU_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0030,len:4
load:0x3fff0034,len:7008
ho 0 tail 12 room 4
load:0x40078000,len:13860
load:0x40080400,len:3952
0x40080400: _init at ??:?
entry 0x40080678
I (31) boot: ESP-IDF v4.3-dev-907-g6c17e3a64-dirty 2nd stage bootloader
I (31) boot: compile time 20:49:49
I (32) boot: chip revision: 1
I (36) boot_comm: chip revision: 1, min. bootloader chip revision: 0
I (43) boot.esp32: SPI Speed : 40MHz
I (47) boot.esp32: SPI Mode : DIO
I (52) boot.esp32: SPI Flash Size : 4MB
I (56) boot: Enabling RNG early entropy source...
I (65) boot: ## Label Usage Type ST Offset Length
I (73) boot: 0 nvs WiFi data 01 02 00009000 00006000
I (80) boot: 1 phy_init RF data 01 01 0000f000 00001000
I (88) boot: 2 factory factory app 00 00 00010000 00100000
I (95) boot: End of partition table
I (99) boot_comm: chip revision: 1, min. application chip revision: 0
I (106) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x1ecd0 (126160) map
I (164) esp_image: segment 1: paddr=0x0002ecf8 vaddr=0x3ffb0000 size=0x01320 ( 4896) load
I (166) esp_image: segment 2: paddr=0x00030020 vaddr=0x400d0020 size=0x7b970 (506224) map
0x400d0020: _stext at ??:?
I (363) esp_image: segment 3: paddr=0x000ab998 vaddr=0x3ffb1320 size=0x027d8 ( 10200) load
I (367) esp_image: segment 4: paddr=0x000ae178 vaddr=0x40080000 size=0x00404 ( 1028) load
0x40080000: _WindowOverflow4 at X:/esp-idf/components/freertos/xtensa/xtensa_vectors.S:1730
I (370) esp_image: segment 5: paddr=0x000ae584 vaddr=0x40080404 size=0x15828 ( 88104) load
I (428) boot: Loaded app from partition at offset 0x10000
I (429) boot: Disabling RNG early entropy source...
I (440) cpu_start: cpu freq: 160
I (440) cpu_start: Pro cpu up.
I (440) cpu_start: Starting app cpu, entry point is 0x400813d4
0x400813d4: call_start_cpu1 at X:/esp-idf/components/esp_system/port/cpu_start.c:112
I (428) cpu_start: App cpu up.
I (458) cpu_start: Pro cpu start user code
I (459) cpu_start: Application information:
I (459) cpu_start: Project name: wifi_manager
I (464) cpu_start: App version: 5e8b4c6-dirty
I (469) cpu_start: Compile time: Sep 16 2020 20:47:24
I (476) cpu_start: ELF file SHA256: 2fa8800e99479cd5...
I (482) cpu_start: ESP-IDF: v4.3-dev-907-g6c17e3a64-dirty
I (489) heap_init: Initializing. RAM available for dynamic allocation:
I (496) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (502) heap_init: At 3FFB80C0 len 00027F40 (159 KiB): DRAM
I (508) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
I (514) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (521) heap_init: At 40095C2C len 0000A3D4 (40 KiB): IRAM
I (528) spi_flash: detected chip: generic
I (532) spi_flash: flash io: dio
I (537) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
I (629) wifi_manager: Set STA IP String to: 0.0.0.0
I (639) main: free heap: 251892
I (649) system_api: Base MAC address is not set
I (649) system_api: read default base MAC address from EFUSE
I (669) wifi_init: rx ba win: 6
I (669) wifi_init: tcpip mbox: 32
I (669) wifi_init: udp mbox: 6
I (669) wifi_init: tcp mbox: 6
I (669) wifi_init: tcp tx win: 5744
I (679) wifi_init: tcp rx win: 5744
I (679) wifi_init: tcp mss: 1440
I (689) wifi_init: WiFi IRAM OP enabled
I (689) wifi_init: WiFi RX IRAM OP enabled
I (1559) phy: phy_version: 4370, 4e803b3, Aug 11 2020, 14:18:07, 0, 0
I (1569) wifi_manager:
I (1569) http_server: Registering URI handlers
I (1579) wifi_manager: wifi_manager_fetch_wifi_sta_config: ssid:AzCOM_MICRO password:xxxxxxxx
I (1579) wifi_manager: Saved wifi found on startup. Will attempt to connect.
I (1589) wifi_manager: MESSAGE: ORDER_CONNECT_STA
I (3649) wifi_manager: WIFI_EVENT_STA_DISCONNECTED
Guru Meditation Error: Core 0 panic'ed (LoadProhibited). Exception was unhandled.
Core 0 register dump:
PC : 0x4008aecb PS : 0x00060233 A0 : 0x8008b42c A1 : 0x3ffbf420
0x4008aecb: is_free at X:/esp-idf/components/heap/multi_heap.c:138
(inlined by) get_prev_free_block at X:/esp-idf/components/heap/multi_heap.c:194
A2 : 0x004f5243 A3 : 0x3ffc926c A4 : 0x3ffbc178 A5 : 0x00000000
A6 : 0x00000000 A7 : 0x00000001 A8 : 0x00000001 A9 : 0x00000001
A10 : 0xfffffffc A11 : 0x00000000 A12 : 0x3ffc9238 A13 : 0x00060223
A14 : 0x00000001 A15 : 0xfffffffc SAR : 0x00000004 EXCCAUSE: 0x0000001c
EXCVADDR: 0x004f5243 LBEG : 0x4000c2e0 LEND : 0x4000c2f6 LCOUNT : 0xffffffff
Backtrace:0x4008aec8:0x3ffbf420 0x4008b429:0x3ffbf440 0x40081986:0x3ffbf460 0x4008e8a5:0x3ffbf480 0x4014ad5e:0x3ffbf4a0 0x4014add5:0x3ffbf4e0 0x40087a51:0x3ffbf500
0x4008aec8: get_prev_free_block at X:/esp-idf/components/heap/multi_heap.c:191 (discriminator 1)
0x4008b429: multi_heap_free_impl at X:/esp-idf/components/heap/multi_heap.c:547
0x40081986: heap_caps_free at X:/esp-idf/components/heap/heap_caps.c:305
0x4008e8a5: free at X:/esp-idf/components/newlib/heap.c:47
0x4014ad5e: post_instance_delete at X:/esp-idf/components/esp_event/esp_event.c:436
(inlined by) esp_event_loop_run at X:/esp-idf/components/esp_event/esp_event.c:604
0x4014add5: esp_event_loop_run_task at X:/esp-idf/components/esp_event/esp_event.c:115
0x40087a51: vPortTaskWrapper at X:/esp-idf/components/freertos/xtensa/port.c:169
Steps to Reproduce
- Load default_demo
- Connect to AP using and configure local wifi
- Remove power from Wifi router to simulate a WIFI_EVENT_STA_DISCONNECTED
- ESP crashes with "Guru Meditation Error: Core 0 panic'ed (LoadProhibited). Exception was unhandled."
System Configuration
Building on Windows 10
Latest esp-idf (ESP-IDF v4.3-dev-907)
Lastest esp32-wifi-manager
As a further note. I tried reverting back to ESP-IDF 4.2 with the same result
Thank you for the detailed report. Hopefully it should be an easy one to reproduce on my end. I’ll check this weekend.
Hi thank you for the quick response (and sharing this really cool app). I think that I have found the issue.
In the wifi_manager_event_handler function at the WIFI_EVENT_STA_DISCONNECTED case, the code is allocating memory for the disconnected param but it is using the variable rather than type to determine size.
wifi_event_sta_disconnected_t*
wifi_event_sta_disconnected = (wifi_event_sta_disconnected_t*)malloc(sizeof(wifi_event_sta_disconnected));`
I believe rather it should be
wifi_event_sta_disconnected_t*
wifi_event_sta_disconnected = (wifi_event_sta_disconnected_t*)malloc(sizeof(wifi_event_sta_disconnected**_t**));`
I have added this change locally and it seems to now be behaving correctly with no heap corruption.
Please let me know your thoughts
Yeah that's a big oops. I have checked the code and the rest of the params are ok.
eg
wifi_event_sta_scan_done_t* event_sta_scan_done = (wifi_event_sta_scan_done_t*)malloc(sizeof(wifi_event_sta_scan_done_t));
and
ip_event_got_ip_t* ip_event_got_ip = (ip_event_got_ip_t*)malloc(sizeof(ip_event_got_ip_t));