Coredump: Debug Exception 0x41

Post Reply
top_of_the_stack
Posts: 2
Joined: Tue May 14, 2024 10:50 am

Coredump: Debug Exception 0x41

Postby top_of_the_stack » Tue May 14, 2024 11:05 am

Hiya,

I am working on a project with an ESP32 WROVER device on IDF v4.4 (I cannot upgrade to v5 for various reasons).

I am having an issue with esp_ping_new_session. During the memset in prvInitialiseNewTask, my device is crashing.

I cannot access the output logs of my device but I have access to coredumps.

All the coredumps report an EXCCAUSE of 0x41 which according to the xtensa instruction manual is a reserved value. How can my device be reporting this?

Code: Select all

espcoredump.py v0.4-dev
===============================================================
==================== ESP32 CORE DUMP START ====================

Crashed task handle: 0x3ffefd94, name: 'internet_checke', GDB name: 'process 1073675668'

================== CURRENT THREAD REGISTERS ===================
exccause       0x41 (DebugException)
excvaddr       0x0
epc1           0x4009443c
epc2           0x0
epc3           0x0
epc4           0x0
epc5           0x0
epc6           0x4000c470
eps2           0x0
eps3           0x0
eps4           0x0
eps5           0x0
eps6           0x60520
pc             0x4000c470          0x4000c470

Furthermore, the final entry on the traceback of the crashing thread is always ?? - does this mean that the program counter cannot retrieve an instruction from this address? Could this be why my device is crashing?

Code: Select all

==================== CURRENT THREAD STACK =====================
#0  0x4000c470 in ?? ()
#1  0x40096e20 in prvInitialiseNewTask (pxTaskCode=0x40180f70 <esp_ping_thread>, pcName=<optimized out>, ulStackDepth=2560, pvParameters=0x3f825984, uxPriority=2, pxCreatedTask=0x3f8259a4, pxNewTCB=pxNewTCB@entry=0x3ffbb70c, xRegions=xRegions@entry=0x0, xCoreID=xCoreID@entry=2147483647) at /__w/1/s/esp-idf/components/freertos/tasks.c:904
#2  0x40097318 in xTaskCreatePinnedToCore (pvTaskCode=0x40180f70 <esp_ping_thread>, pcName=0x3f43c32f \"ping\", usStackDepth=2560, pvParameters=0x3f825984, uxPriority=2, pvCreatedTask=0x3f8259a4, xCoreID=xCoreID@entry=2147483647) at /__w/1/s/esp-idf/components/freertos/tasks.c:854
#3  0x401812d1 in xTaskCreate (pvTaskCode=0x40180f70 <esp_ping_thread>, pcName=0x3f43c32f \"ping\", pvCreatedTask=0x3f8259a4, uxPriority=<optimized out>, pvParameters=0x3f825984, usStackDepth=<optimized out>) at /__w/1/s/esp-idf/components/freertos/include/freertos/task.h:390
#4  esp_ping_new_session (config=0x3ffefc40, cbs=0x3ffefcb4, hdl_out=0x3ffc576c <ping>) at /__w/1/s/esp-idf/components/lwip/apps/ping/ping_sock.c:231
#5  0x400db3c9 in conman_PingOnInterface (interface=<optimized out>, ping_uri_index=<optimized out>) at /__w/1/s/components/bace-main/conman.c:424
#6  0x400db47b in conman_InternetCheckerTask (pvParameter=<optimized out>) at /__w/1/s/components/bace-main/conman.c:493ugException)
excvaddr       0x0
Top
ESP_Sprite
Posts: 9727
Joined: Thu Nov 26, 2015 4:08 am

Re: Coredump: Debug Exception 0x41

Postby ESP_Sprite » Wed May 15, 2024 12:38 am

0x4000c470 is somewhere within `memset`, it's in ROM so gdb doesn't decode it properly. I'm not entirely sure why the exccause is 0x41; could be an artifact of the core dump process given we sometimes throw a DebugException (which seemingly is 0x41) to get a JTAG debugger to catch the error when attached.

Your error is an odd one. Reading the core dump, it seems like somehow the task creation process couldn't allocate the stack, so the memset tried to dereference a NULL pointer. However, reading the code, a NULL pointer should never make it to that point in the code.

Only thing I can think of is that somehow you have some memory corruption going on, which caused the heap allocator to return a bad (but not NULL) pointer to the task creation process, causing memset() to crash. That explanation doesn't really feel satisfactory, though.
Top
top_of_the_stack
Posts: 2
Joined: Tue May 14, 2024 10:50 am

Re: Coredump: Debug Exception 0x41

Postby top_of_the_stack » Wed May 15, 2024 10:50 am

Yes, I initially thought a NULL pointer too, but I also couldn't find a way for a NULL pointer to get to that point. Do you have any ideas on what would cause a memory corruption and any way to reduce it?

Thanks for the pointer to ROM - I decoded the coredump with the ROM elf file (I ended up installing ESP-IDF v5.4 and using the espcoredump included there). The ?? was decoded successfully. Now the program counter also indicated that the address is memset+36.

Code: Select all

===============================================================
==================== ESP32 CORE DUMP START ====================

Crashed task handle: 0x3ffefd94, name: 'internet_checke', GDB name: 'process 1073675668'

================== CURRENT THREAD REGISTERS ===================
exccause       0x41 (DebugException)
excvaddr       0x0
epc1           0x4009443c
epc2           0x0
epc3           0x0
epc4           0x0
epc5           0x0
epc6           0x4000c470
eps2           0x0
eps3           0x0
eps4           0x0
eps5           0x0
eps6           0x60520
pc             0x4000c470          0x4000c470 <memset+36>
lbeg           0x4000c46c          1073792108
lend           0x4000c477          1073792119
lcount         0x9e                158
sar            0x1e                30
ps             0x60526             394534
threadptr      <unavailable>
br             <unavailable>
scompare1      <unavailable>
acclo          <unavailable>
acchi          <unavailable>
m0             <unavailable>
m1             <unavailable>
m2             <unavailable>
m3             <unavailable>
expstate       <unavailable>
f64r_lo        <unavailable>
f64r_hi        <unavailable>
f64s           <unavailable>
fcr            <unavailable>
fsr            <unavailable>
a0             0x80096e20          -2146865632
a1             0x3ffefb80          1073675136
a2             0x3ffbad08          1073458440
a3             0xa5a5a5a5          -1515870811
a4             0xa00               2560
a5             0x3ffbad18          1073458456
a6             0x0                 0
a7             0xa0                160
a8             0x80083ae9          -2146944279
a9             0x3ffefb50          1073675088
a10            0x3ffbb70c          1073461004
a11            0x3ffbb70c          1073461004
a12            0x78                120
a13            0x3f8259fc          1065507324
a14            0x3f812b3c          1065429820
a15            0x7                 7

==================== CURRENT THREAD STACK =====================
#0  0x4000c470 in memset ()
#1  0x40096e20 in prvInitialiseNewTask (pxTaskCode=0x40180f70 <esp_ping_thread>, pcName=<optimized out>, ulStackDepth=2560, pvParameters=0x3f825984, uxPriority=2, pxCreatedTask=0x3f8259a4, pxNewTCB=pxNewTCB@entry=0x3ffbb70c <rwip_heap_msg+7404>, xRegions=xRegions@entry=0x0, xCoreID=xCoreID@entry=2147483647) at /__w/1/s/esp-idf/components/freertos/tasks.c:904
#2  0x40097318 in xTaskCreatePinnedToCore (pvTaskCode=0x40180f70 <esp_ping_thread>, pcName=0x3f43c32f "ping", usStackDepth=2560, pvParameters=0x3f825984, uxPriority=2, pvCreatedTask=0x3f8259a4, xCoreID=xCoreID@entry=2147483647) at /__w/1/s/esp-idf/components/freertos/tasks.c:854
#3  0x401812d1 in xTaskCreate (pvTaskCode=0x40180f70 <esp_ping_thread>, pcName=0x3f43c32f "ping", pvCreatedTask=0x3f8259a4, uxPriority=<optimized out>, pvParameters=0x3f825984, usStackDepth=<optimized out>) at /__w/1/s/esp-idf/components/freertos/include/freertos/task.h:390
#4  esp_ping_new_session (config=0x3ffefc40, cbs=0x3ffefcb4, hdl_out=0x3ffc576c <ping>) at /__w/1/s/esp-idf/components/lwip/apps/ping/ping_sock.c:231
#5  0x400db3c9 in conman_PingOnInterface (interface=<optimized out>, ping_uri_index=<optimized out>) at /__w/1/s/components/bace-main/conman.c:424
#6  0x400db47b in conman_InternetCheckerTask (pvParameter=<optimized out>) at /__w/1/s/components/bace-main/conman.c:493
Top
Post Reply

Return to “ESP-IDF”

Who is online

Users browsing this forum: No registered users and 103 guests