ESP32 Forum

ESP32 Official Forum
https://esp32.com/

Explain the decryption of the backtrace

https://esp32.com/viewtopic.php?t=43619

Page 1 of 1

Explain the decryption of the backtrace

Posted: Tue Dec 24, 2024 8:47 am
by mikl604
Hi everybody.
Can you help me understand what this backtrace is talking about?
My knowledge was only enough to get a transcript.

Guru Meditation Error: Core 0 panic'ed (LoadProhibited). Exception was unhandled.

Core 0 register dump:
PC : 0x400919e3 PS : 0x00060d33 A0 : 0x80091aa4 A1 : 0x3ffbcfe0
A2 : 0x3ffd5a50 A3 : 0x00000001 A4 : 0x3ffd5a6c A5 : 0x00000000
A6 : 0x3ffd5a5c A7 : 0x00000000 A8 : 0x00000000 A9 : 0x00000000
A10 : 0x00000000 A11 : 0x0000000b A12 : 0x00060d20 A13 : 0x00060d23
A14 : 0x3ffd5a50 A15 : 0x0000cdcd SAR : 0x00000000 EXCCAUSE: 0x0000001c
EXCVADDR: 0x00000004 LBEG : 0x4000c2e0 LEND : 0x4000c2f6 LCOUNT : 0x00000000

Backtrace: 0x400919e0:0x3ffbcfe0 0x40091aa1:0x3ffbd000 0x400915f6:0x3ffbd020 0x4009171b:0x3ffbd060 0x40090c39:0x3ffbd090

0x400919e0: xEventGroupSetBits at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/event_groups.c:584
0x40091aa1: vEventGroupSetBitsCallback at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/event_groups.c:752
0x400915f6: prvProcessReceivedCommands at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/timers.c:820
0x4009171b: prvTimerTask at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/timers.c:637 (discriminator 1)
0x40090c39: vPortTaskWrapper at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/portable/xtensa/port.c:134

Re: Explain the decryption of the backtrace

Posted: Tue Dec 24, 2024 11:15 am
by MicroController
Can you help me understand what this backtrace is talking about?
Sure :)

Code: Select all

Guru Meditation Error: Core  0 panic'ed (LoadProhibited). Exception was unhandled.
A load/read was attempted from a memory address which could not be read. Likely because of an invalid address being used; most commonly some null pointer being dereferenced.

Code: Select all

Core  0 register dump:
PC      : 0x400919e3  ...
...
EXCVADDR: 0x00000004  ...
The offending load instruction is at address (PC) 0x400919e3, and the (virtual) memory address it was trying to read from was
(EXCVADDR) 0x00000004. Almost certainly an attempt to access a struct member via a null pointer.

Code: Select all

0x400919e0: xEventGroupSetBits at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/event_groups.c:584
0x40091aa1: vEventGroupSetBitsCallback at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/event_groups.c:752
0x400915f6: prvProcessReceivedCommands at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/timers.c:820
0x4009171b: prvTimerTask at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/timers.c:637 (discriminator 1)
0x40090c39: vPortTaskWrapper at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/portable/xtensa/port.c:134
Call stack, most recent call at the top. I.e., leading to the exception the call hierarchy was vPortTaskWrapper->prvTimerTask->prvProcessReceivedCommands->vEventGroupSetBitsCallback->xEventGroupSetBits.

None of your application code was directly involved, but inside the system's timer task prvProcessReceivedCommands (...) called vEventGroupSetBitsCallback(...) with what must have been a null pointer to an event group object.

Can't tell though where that null pointer came from. Possibly a failed heap allocation which was not caught early, or some form of memory corruption, e.g. stack overflow, a write beyond the end of an array, or a use-after-free.

Re: Explain the decryption of the backtrace

Posted: Tue Dec 24, 2024 12:56 pm
by mikl604
Thanks! It became a little clearer. And what is meant by "use-after-free"?

Re: Explain the decryption of the backtrace

Posted: Tue Dec 24, 2024 2:55 pm
by MicroController
a.k.a. a dangling pointer.

Re: Explain the decryption of the backtrace

Posted: Wed Dec 25, 2024 9:45 am
by mikl604
Now it gives out this:

0x40091dc3: prvSelectHighestPriorityTaskSMP at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/tasks.c:3571 (discriminator 1)
0x40092726: vTaskSwitchContext at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/tasks.c:3675
0x40091118: _frxt_dispatch at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/portable/xtensa/portasm.S:451
0x400910ca: _frxt_int_exit at C:/Espressif/frameworks/esp-idf-v5.2.2/components/freertos/FreeRTOS-Kernel/portable/xtensa/portasm.S:246

As I understand it, there is an incorrect context switch in the timer interrupt handler. Is that right?
Here is the handler itself:

static uint64_t count_cycle = 0;
static bool IRAM_ATTR timer_isr_callback(void *args)
{
BaseType_t xHigherPriorityTaskWoken = pdFALSE;
xEventGroupSetBitsFromISR(WorkFlags,FLAG_TIMER_INTERRUPT,&xHigherPriorityTaskWoken);
portYIELD_FROM_ISR(xHigherPriorityTaskWoken);
count_cycle++;
return false;
}
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/