esp-idf: IPv6 packet causes exception
I’m getting the following exception shortly (a few seconds) after connecting to WiFi:
ets Jun 8 2016 00:22:57
rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0x00
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3ffc0008,len:0
load:0x3ffc0008,len:1964
load:0x40078000,len:3668
load:0x40080000,len:260
entry 0x40080034
I (550) heap_alloc_caps: Initializing heap allocator:
I (550) heap_alloc_caps: Region 19: 3FFC0E9C len 0001F164 tag 0
I (552) heap_alloc_caps: Region 25: 3FFE8000 len 00018000 tag 1
I (561) cpu_start: Pro cpu up.
I (567) cpu_start: Single core mode
I (573) cpu_start: Pro cpu start user code
I (598) rtc: rtc v160 Nov 22 2016 19:00:05
I (609) rtc: XTAL 40M
W (696) cpu_start: failed to load RF calibration data, falling back to full calibration
I (2041) phy: phy_version: 258, Nov 29 2016, 15:51:07, 0, 2
I (2106) cpu_start: Starting scheduler on PRO CPU.
tcpip_task_hdlxxx : 3ffc4824, prio:18,stack:2048
I (2119) wifi: frc2_timer_task_hdl:3ffc635c, prio:22, stack:2048
I (2131) wifi: pp_task_hdl : 3ffc8bf4, prio:23, stack:8192
I (2132) wifi: mode : sta (24:0a:c4:00:2f:9a)
I (2133) foo: event: 2
I (3008) wifi: n:6 0, o:1 0, ap:255 255, sta:6 0, prof:1
I (3657) wifi: state: init -> auth (b0)
I (3658) foo: ping
I (3670) wifi: state: auth -> assoc (0)
I (3675) wifi: state: assoc -> run (10)
I (3686) wifi: connected with Cesanta, channel 6
I (3687) foo: event: 4
I (4658) foo: pong
I (5658) foo: ping
I (6658) foo: pong
I (6759) event: ip: 192.168.1.40, mask: 255.255.255.0, gw: 192.168.1.1
I (6759) foo: event: 7
I (7658) foo: ping
I (8658) foo: pong
I (9658) foo: ping
Guru Meditation Error of type InstrFetchProhibited occurred on core 0. Exception was unhandled.
Register dump:
PC : 00000001 PS : 00060e30 A0 : 800e9d8e A1 : 3ffc4700
A2 : 00000001 A3 : 3ffc9cc0 A4 : 00000001 A5 : 00000008
A6 : 00000000 A7 : 3ffbd594 A8 : 800e5a50 A9 : 00000002
A10 : 3ffc9cc0 A11 : 00000001 A12 : 3ffbf2a4 A13 : 00000000
A14 : 3ffc4008 A15 : 3ffbf07c SAR : 00000012 EXCCAUSE: 00000014
EXCVADDR: 00000000 LBEG : 4000c2e0 LEND : 4000c2f6 LCOUNT : ffffffff
Rebooting...
this is latest master esp-idf + esp-idf-template. i only changed ssid pass and later added a couple debug statements to log system event type and provide heartbeat to give an idea when the crash happens.
this only happens on successful wifi connection - if i specify nonexistent ssid or invalid pass, there’s no crash. our office AP is nothing special, ESP8266 works with it just fine. tried on 2 different devices, so it’s not a hardware fault.
let me know if you need any info to help debug this.
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 18 (14 by maintainers)
Commits related to this issue
- Zero-fill netif on alloc Fixes espressif/esp-idf#133 — committed to cesanta/esp-idf by deleted user 8 years ago
- Add backtrace to exception output. On Xtensa windowed ABI backtrace is easy to do, and it's immensely useful for debugging, so - do it by default. We try to be careful and not deref bogus pointers wh... — committed to cesanta/esp-idf by deleted user 8 years ago
- Add backtrace to exception output. On Xtensa windowed ABI backtrace is easy to do, and it's immensely useful for debugging, so - do it by default. We try to be careful and not deref bogus pointers wh... — committed to cesanta/esp-idf by deleted user 8 years ago
- Add backtrace to exception output. On Xtensa windowed ABI backtrace is easy to do, and it's immensely useful for debugging, so - do it by default. We try to be careful and not deref bogus pointers wh... — committed to cesanta/esp-idf by deleted user 8 years ago
- Merge branch 'bugfix/netif_zero_init' into 'master' Zero-fill netif on alloc LwIP's `struct netif` was not zero-initialized after allocation, so `ipv6_addr_cb ` function pointer contained garbag... — committed to espressif/esp-idf by igrr 8 years ago
I did some tcpdump (during my previous attempt, before finding the thread talking of DHCP requests triggering the problem, I only tried to capture the 802.11 frames and saw some corrupt ones but replaying them didn’t produce anything) and by elimination, I was left with only one packet: an ICMPv6 Router Solicitation. Each tcpreplay of this packet provoked a panic.
I’m not sure it is useful I post the pcap here, as I can simply reproduce the issue with the rdisc6 command (could not compile it under OS X so I installed it on a laptop with Debian as it is available in the main APT repository via the
ndisc6package).For the record, here is how to use it:
Where
$router_ip6may be found via:And
$interfaceis simply your Wi-Fi interface (that you should also see in theip’s command output).Unfortunately,
#define LWIP_IPV6 0inlwipopts.hwill break the build and I’m not sure I can disable IPv6 support on the ESP32 (I’m new with this board & SDK, sorry) to fully assert there is a problem with the IPv6 stack.Hope this helps.