Crash while WiFi STA is connected and sniffing

Dav_FR
Posts: 6
Joined: Mon Mar 27, 2017 8:14 am

Crash while WiFi STA is connected and sniffing

Postby Dav_FR » Fri May 26, 2017 10:06 am

Hi guys,

Maybe this is not the best site but I'm not sure if is a stack problem or a problem with my code.

My first question is: It's compatible use promiscuous mode after the WiFi configured as STA connects an AP? I did not find anything saying no.

Context:
- I'm using the last commit from master esp-idf.
- WiFi + BLE coexistence is active.
- BLE has been configured just to advertise an Eddystone message.
- WiFi is configured as STA and connected to an AP with WPA.
- WiFi promiscuous mode is been enabled after connect to the AP and get IP.
- Device was sending a UDP packet via WiFi using the udp.h api.
- This ocurred after a couple of hours of work.
- Show two different errors differing in the last method

Best regards and sorry for the inconvenience


Crash report 1:

Code: Select all

Guru Meditation Error: Core  0 panic'ed (Interrupt wdt timeout on CPU0)
Register dump:
PC      : 0x40087a3a  PS      : 0x00060a34  A0      : 0x80085993  A1      : 0x3ffd7b10
A2      : 0x3ffde9f4  A3      : 0x3ffd7e20  A4      : 0x00060a23  A5      : 0x3ffd7b00
A6      : 0x24221f1c  A7      : 0x2e2c2927  A8      : 0x3ffd7e20  A9      : 0x3ffd7e20
A10     : 0x00000002  A11     : 0x00000002  A12     : 0x00060a23  A13     : 0x3ffc9700
A14     : 0x3ffc961c  A15     : 0x60033084  SAR     : 0x00000000  EXCCAUSE: 0x00000005
EXCVADDR: 0x00000000  LBEG    : 0x4000c2e0  LEND    : 0x4000c2f6  LCOUNT  : 0x00000000

Backtrace: 0x40087a3a:0x3ffd7b10 0x40085993:0x3ffd7b30 0x4008697b:0x3ffd7b50 0x40107ed1:0x3ffd7b90 0x400f9e31:0x3ffd7bc0 0x400ff54c:0x3ffd7bf0 0x400fa8b4:0x3ffd7cb0 0x400fb284:0x3ffd7cf0 0x400fb3a6:0x3ffd7d20 0x400ff8a5:0x3ffd7d50

Entering gdb stub now.

$ xtensa-esp32-elf-gdb ./build/tfgproject-esp32.elf -b 115200 -ex 'target remote COM5'
GNU gdb (crosstool-NG crosstool-ng-1.22.0-61-gab8375a) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=i686-host_pc-mingw32 --target=xtensa-esp32-elf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./build/tfgproject-esp32.elf...done.
Remote debugging using COM5
0x40087a3a in vListInsert (pxList=0x3ffde9f4, pxNewListItem=0x3ffd7e20)
    at C:/ESP32/github/esp-idf/components/freertos/list.c:188
188                     for( pxIterator = ( ListItem_t * ) &( pxList->xListEnd ); pxIterator->pxNext->xItemValue <= xValueOfInsertion; pxIterator = pxIterator->pxNext ) /*lint !e826 !e740 The mini list structure is used as the list end to save RAM.  This is checked and valid. */
(gdb) bt
#0  0x40087a3a in vListInsert (pxList=0x3ffde9f4, pxNewListItem=0x3ffd7e20)
    at C:/ESP32/github/esp-idf/components/freertos/list.c:188
#1  0x40085993 in vTaskPlaceOnEventList (pxEventList=0x3ffde9f4,
    xTicksToWait=100)
    at C:/ESP32/github/esp-idf/components/freertos/tasks.c:2852
#2  0x4008697b in xQueueGenericReceive (xQueue=0x3ffde9d0, pvBuffer=0x0,
    xTicksToWait=100, xJustPeeking=0)
    at C:/ESP32/github/esp-idf/components/freertos/queue.c:1586
#3  0x40107ed1 in wpa_parse_kde_ies ()
#4  0x400f9e31 in lmacProcessTxopStartData ()
#5  0x400ff54c in ppResortTxAMPDU ()
#6  0x400fa8b4 in ?? ()
#7  0x400fb284 in lmacProcessAckTimeout ()
#8  0x400fb3a6 in lmacProcessTxSuccess ()
#9  0x400ff8a5 in ppTask ()
(gdb)


Crash report 2:

Code: Select all

Guru Meditation Error of type LoadProhibited occurred on core  0. Exception was unhandled.
Register dump:
PC      : 0x40087a69  PS      : 0x00060433  A0      : 0x80084f25  A1      : 0x3ffd7b10
A2      : 0x3ffce89c  A3      : 0x00060423  A4      : 0x00000000  A5      : 0x3ffc0560
A6      : 0x00000003  A7      : 0x00060323  A8      : 0x00000000  A9      : 0x3ffce89c
A10     : 0x3ffce89c  A11     : 0x00060423  A12     : 0x00060423  A13     : 0x3ffc0530
A14     : 0x3ff000e0  A15     : 0x00000001  SAR     : 0x00000000  EXCCAUSE: 0x0000001c
EXCVADDR: 0x00000004  LBEG    : 0x4000c2e0  LEND    : 0x4000c2f6  LCOUNT  : 0x00000000

Backtrace: 0x40087a69:0x3ffd7b10 0x40084f25:0x3ffd7b30 0x400865b8:0x3ffd7b50 0x40107f18:0x3ffd7b90 0x400f9e31:0x3ffd7bc0 0x400ff54c:0x3ffd7bf0 0x400fa8b4:0x3ffd7cb0 0x400fb284:0x3ffd7cf0 0x400fb3a6:0x3ffd7d20 0x400ff8a5:0x3ffd7d50

Entering gdb stub now.

$ xtensa-esp32-elf-gdb ./build/tfgproject-esp32.elf -b 115200 -ex 'target remote COM5'
GNU gdb (crosstool-NG crosstool-ng-1.22.0-61-gab8375a) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=i686-host_pc-mingw32 --target=xtensa-esp32-elf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./build/tfgproject-esp32.elf...done.
Remote debugging using COM5
uxListRemove (pxItemToRemove=0x3ffce89c)
    at C:/ESP32/github/esp-idf/components/freertos/list.c:218
218             if( pxList->pxIndex == pxItemToRemove )
(gdb) bt
#0  uxListRemove (pxItemToRemove=0x3ffce89c)
    at C:/ESP32/github/esp-idf/components/freertos/list.c:218
#1  0x40084f25 in xTaskRemoveFromEventList (pxEventList=<optimized out>)
    at C:/ESP32/github/esp-idf/components/freertos/tasks.c:3040
#2  0x400865b8 in xQueueGenericSend (xQueue=0x3ffde9b4,
    pvItemToQueue=<optimized out>, xTicksToWait=0, xCopyPosition=0)
    at C:/ESP32/github/esp-idf/components/freertos/queue.c:763
#3  0x40107f18 in wpa_parse_kde_ies ()
#4  0x400f9e31 in lmacProcessTxopStartData ()
#5  0x400ff54c in ppResortTxAMPDU ()
#6  0x400fa8b4 in ?? ()
#7  0x400fb284 in lmacProcessAckTimeout ()
#8  0x400fb3a6 in lmacProcessTxSuccess ()
#9  0x400ff8a5 in ppTask ()

f.h-f.s.
Posts: 178
Joined: Thu Dec 08, 2016 2:53 pm

Re: Crash while WiFi STA is connected and sniffing

Postby f.h-f.s. » Fri May 26, 2017 6:12 pm

https://www.esp32.com/viewtopic.php?t=263
http://esp-idf.readthedocs.io/en/latest/get-started/idf-monitor.html
Try attaching gdb to the serial port, with the elf loaded. (make monitor can do that automatically)

malaimo
Posts: 3
Joined: Mon Sep 25, 2017 6:28 am

Re: Crash while WiFi STA is connected and sniffing

Postby malaimo » Mon Sep 25, 2017 6:36 am

Hello ,Have you solved this problem? I come to the same issue.
but my issue is a little different.My code is:

1. enable promiscuous, register the promiscuous callback
2. enable ble .

the code was:

Code: Select all

// wifi sniffer init----------
    esp_err_t ret;
    // Initialize NVS
    ret = nvs_flash_init();
    if (ret == ESP_ERR_NVS_NO_FREE_PAGES)
    {
        ESP_ERROR_CHECK(nvs_flash_erase());
        ret = nvs_flash_init();
    }
    ESP_ERROR_CHECK(ret);

   
    tcpip_adapter_init();
    ESP_ERROR_CHECK(esp_event_loop_init(event_handler, NULL));

    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
    ESP_ERROR_CHECK(esp_wifi_set_storage(WIFI_STORAGE_RAM));
    ESP_ERROR_CHECK(esp_wifi_set_promiscuous_rx_cb(wifi_promiscuous_cb));
 
    ESP_ERROR_CHECK(esp_wifi_set_promiscuous(true));
   
    // bt init----------
   
        esp_bt_controller_config_t bt_cfg = BT_CONTROLLER_INIT_CONFIG_DEFAULT();
    ret = esp_bt_controller_init(&bt_cfg);
    if (ret) {
        ESP_LOGE(GATTS_TAG, "%s initialize controller failed\n", __func__);
        return;
    }

    ret = esp_bt_controller_enable(ESP_BT_MODE_BTDM);
    if (ret) {
        ESP_LOGE(GATTS_TAG, "%s enable controller failed\n", __func__);
        return;
    }
    ret = esp_bluedroid_init();
    if (ret) {
        ESP_LOGE(GATTS_TAG, "%s init bluetooth failed\n", __func__);
        return;
    }
    ret = esp_bluedroid_enable();
    if (ret) {
        ESP_LOGE(GATTS_TAG, "%s enable bluetooth failed\n", __func__);
        return;
    }

    ret = esp_ble_gatts_register_callback(gatts_event_handler);
    if (ret){
        ESP_LOGE(GATTS_TAG, "gatts register error, error code = %x", ret);
        return;
    }
    ret = esp_ble_gap_register_callback(gap_event_handler);
    if (ret){
        ESP_LOGE(GATTS_TAG, "gap register error, error code = %x", ret);
        return;
    }
    ret = esp_ble_gatts_app_register(PROFILE_A_APP_ID);
    if (ret){
        ESP_LOGE(GATTS_TAG, "gatts app register error, error code = %x", ret);
        return;
    }
   
    // ret = esp_ble_gatts_app_register(PROFILE_B_APP_ID);
    // if (ret){
    //     ESP_LOGE(GATTS_TAG, "gatts app register error, error code = %x", ret);
    //     return;
    // }

    esp_err_t local_mtu_ret = esp_ble_gatt_set_local_mtu(500);
    if (local_mtu_ret){
        ESP_LOGE(GATTS_TAG, "set local  MTU failed, error code = %x", local_mtu_ret);
    }
   
   



the crash was:

Code: Select all


I (1370) cpu_start: App cpu up.
I (1383) heap_init: Initializing. RAM available for dynamic allocation:
I (1404) heap_init: At 3FFAFF10 len 000000F0 (0 KiB): DRAM
I (1423) heap_init: At 3FFD9270 len 00006D90 (27 KiB): DRAM
I (1442) heap_init: At 3FFE0440 len 00003BC0 (14 KiB): D/IRAM
I (1462) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (1482) heap_init: At 400923CC len 0000DC34 (55 KiB): IRAM
I (1501) cpu_start: Pro cpu start user code
assertion "res == pdTRUE" failed: file "/Users/wiki/esp/esp-idf/components/esp32/./dport_access.c", line 184, function: esp_dport_access_int_init
abort() was called at PC 0x40100c8b on core 0
0x40100c8b: __assert_func at /Users/ivan/e/newlib_xtensa-2.2.0-bin/newlib_xtensa-2.2.0/xtensa-esp32-elf/newlib/libc/stdlib/../../../.././newlib/libc/stdlib/assert.c:63 (discriminator 8)


Backtrace: 0x400892e4:0x3ffe3b50 0x400893e3:0x3ffe3b70 0x40100c8b:0x3ffe3b90 0x400d0e9a:0x3ffe3bc0 0x40080e3c:0x3ffe3bf0 0x4008107d:0x3ffe3c20 0x40078c12:0x3ffe3c40 0x40078cc5:0x3ffe3c70 0x40078f2e:0x3ffe3cb0 0x40079073:0x3ffe3e70 0x40007c31:0x3ffe3eb0 0x4000073d:0x3ffe3f20
0x400892e4: invoke_abort at /Users/wiki/esp/esp-idf/components/esp32/./panic.c:553

0x400893e3: abort at /Users/wiki/esp/esp-idf/components/esp32/./panic.c:553

0x40100c8b: __assert_func at /Users/ivan/e/newlib_xtensa-2.2.0-bin/newlib_xtensa-2.2.0/xtensa-esp32-elf/newlib/libc/stdlib/../../../.././newlib/libc/stdlib/assert.c:63 (discriminator 8)

0x400d0e9a: esp_dport_access_int_init at /Users/wiki/esp/esp-idf/components/esp32/./dport_access.c:184 (discriminator 1)

0x40080e3c: start_cpu0_default at /Users/wiki/esp/esp-idf/components/esp32/./cpu_start.c:324

0x4008107d: call_start_cpu0 at /Users/wiki/esp/esp-idf/components/esp32/./cpu_start.c:207


could someone give me some suggestion? thank a lot.

BlackEdder
Posts: 4
Joined: Sun Oct 29, 2017 2:20 pm

Re: Crash while WiFi STA is connected and sniffing

Postby BlackEdder » Sun Oct 29, 2017 2:21 pm

Were you ever able to solve this issue? I seem to be running into the same bug.

Who is online

Users browsing this forum: No registered users and 2 guests