Guru Meditation Error: Core 0 panic'ed (Store access fault). Exception was unhandled. (IDFGH-10033) #11310

aggaddam · 2023-05-02T07:40:28Z

Answers checklist.

I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
I have searched the issue tracker for a similar issue and not found a similar issue.

IDF version.

release/v5.1

Operating System used.

Linux

How did you build your project?

Command line with Idf.py

If you are using Windows, please specify command line type.

None

Development Kit.

ESP32C3-DEVKIT

Power Supply used.

USB

What is the expected behavior?

I am getting crash with esp IDF v5.1Guru Meditation Error: Core 0 panic'ed (Store access fault). Exception was unhandled while downloading firmware binary from https server having chunked transfer encoded data.

This issue was not observed with v4.x.x idf version

What is the actual behavior?

The crash should not happen during firmware image binary download from server

Steps to reproduce.

Download the firmware ota image binary from any https server with chunked transfer encoded data.

Debug Logs.

D (78340) HTTP_CLIENT: data_process=132625, content_length=-1
Guru Meditation Error: Core  0 panic'ed (Store access fault). Exception was unhandled.

Core  0 register dump:
MEPC    : 0x40389b4e  RA      : 0x40389b24  SP      : 0x3fc9bcd0  GP      : 0x3fc8e000  
TP      : 0x3fc67434  T0      : 0x40389a6c  T1      : 0xfffffff0  T2      : 0x1e621639  
S0/FP   : 0xff800000  S1      : 0x0000005c  A0      : 0x00000019  A1      : 0x0000005c  
A2      : 0x00000280  A3      : 0x00000004  A4      : 0x3fcae915  A5      : 0x00000000  
A6      : 0x00000a18  A7      : 0x0000055a  S2      : 0x00000000  S3      : 0x3fcb1190  
S4      : 0xc05813ed  S5      : 0x3fc942f8  S6      : 0x3fc942d4  S7      : 0x3fc9432c  
S8      : 0x00000060  S9      : 0x00000000  S10     : 0x3fc942c0  S11     : 0x3fc91120  
T3      : 0x3fcaa530  T4      : 0xafe1a8c0  T5      : 0x00000000  T6      : 0x00000006  
MSTATUS : 0x00001881  MTVEC   : 0x40380001  MCAUSE  : 0x00000007  MTVAL   : 0x00000008  
MHARTID : 0x00000000  

Stack memory:
3fc9bcd0: 0x3fc942c0 0x00000000 0x00000060 0x00060000 0xc0380000 0x00000000 0x3fc94000 0x00000000
3fc9bcf0: 0x3fc949b0 0x0000005c 0x3fc942c0 0x403896d0 0x3fc9d168 0x3fcb1134 0x3fc9d0e4 0x0000005c
3fc9bd10: 0x3fc949b0 0x0000005c 0x00001800 0x403809fe 0x3fc94000 0x3fc94000 0x3fc91000 0x0000c22e
3fc9bd30: 0x000001bb 0x3fc94000 0x54664ad3 0x00000010 0x00001800 0x0000005c 0x00000036 0x40380a10
3fc9bd50: 0x00000014 0x11afda30 0x00000036 0x40380a40 0x00000014 0x11afda30 0x00000036 0x4202e98c
3fc9bd70: 0x00000014 0x11afda30 0x00000036 0x4202f7c0 0x000001bb 0x3fc94000 0x54664ad3 0x00000010
3fc9bd90: 0x00000a18 0x11afda30 0x3fcaa530 0x4203356c 0x3fc94000 0x3fc94000 0x3fc91000 0x3fc91000
3fc9bdb0: 0x0000136f 0x3fc94000 0x3fc94000 0x3fc94000 0x00007110 0x00000000 0x3fcaa530 0x42033632
3fc9bdd0: 0x00007110 0x00000000 0x3fcaa530 0x42033d9c 0x00007110 0x00000000 0x3fcaa530 0x42033e08
3fc9bdf0: 0x3fc94000 0x3fc94000 0x3fc94000 0x3fc91120 0x3fc94000 0x3fc94000 0x3fc91000 0x3fc91000
3fc9be10: 0x3fc94000 0x3fc94000 0x3fc94000 0x3fc94000 0x3fc94000 0x3fc94000 0x3fcaa530 0x42033342
3fc9be30: 0x3fcaa530 0xafe1a8c0 0x00000018 0x00000000 0x3fc9becc 0x00000000 0x3fc9b044 0x00000000
3fc9be50: 0x00000000 0x00000000 0x00000000 0x00000001 0x00000000 0x00000014 0x3fc9d168 0x3fc9d168
3fc9be70: 0x3fcb1230 0x3fcb38ea 0x3fc90fe0 0x42037e04 0x00000000 0x00000000 0x00000000 0x00000000
3fc9be90: 0x00000004 0x00000003 0x00000000 0x00000002 0x00000008 0x3fc9d168 0x3fcb1230 0x4203c2c8
3fc9beb0: 0x3fc94000 0xffffffff 0x3fcb1250 0x4202d480 0x00000000 0x00000000 0x00000000 0x3fcb1250
3fc9bed0: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fc9bef0: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5
3fc9bf10: 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5 0x00000154 0x3fc9bdc0 0x0001328b 0x3fc8fc9c 0x3fc8fc9c
3fc9bf30: 0x3fc9bf20 0x3fc8fc94 0x00000007 0x3fc9b070 0x3fc9b070 0x3fc9bf20 0x00000000 0x00000012
3fc9bf50: 0x3fc9b11c 0x00546974 0x0a69a495 0x0d22800e 0x0012256f 0x00000000 0x3fc9bf10 0x00000012
3fc9bf70: 0x00000000 0x00000000 0x00000000 0x00000000 0x3fc94a74 0x3fc94adc 0x3fc94b44 0x00000000
3fc9bf90: 0x00000000 0x00000001 0x00000000 0x00000000 0x00000000 0x420a34be 0x00000000 0x00000000
3fc9bfb0: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fc9bfd0: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fc9bff0: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fc9c010: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fc9c030: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fc9c050: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fc9c070: 0x3f000000 0x00000054 0x3fc9c078 0x3fc9c078 0x3fc9c078 0x3fc9c078 0x00000000 0x3fc9c090
3fc9c090: 0xffffffff 0x3fc9c090 0x3fc9c090 0x00000000 0x3fc9c0a4 0xffffffff 0x3fc9c0a4 0x3fc9c0a4
3fc9c0b0: 0x00000001 0x00000001 0x00000000 0x3700ffff 0x00000000 0xb33fffff 0x00000000 0x00000018

More Information.

Here is the backtrace after analysis PC address 0x40389b4e

riscv32-esp-elf-addr2line -pfiaC -e build/ac.elf 0x40389b4e
0x40389b4e: remove_free_block at /home/agaddam/Documents/ws_ac_li_ac_matter_fw/targets/simplifi/AC/li_esp32matter_sdk/esp-idf/components/heap/tlsf/tlsf.c:333
(inlined by) block_locate_free at /home/agaddam/Documents/ws_ac_li_ac_matter_fw/targets/simplifi/AC/li_esp32matter_sdk/esp-idf/components/heap/tlsf/tlsf.c:567
(inlined by) tlsf_malloc at /home/agaddam/Documents/ws_ac_li_ac_matter_fw/targets/simplifi/AC/li_esp32matter_sdk/esp-idf/components/heap/tlsf/tlsf.c:1004

No response

The text was updated successfully, but these errors were encountered:

ESP-Marius · 2023-05-04T03:47:21Z

These kind of errors from the heap component are usually caused by memory corruption, some suggestions:

See heap memory debugging for how to enable some more debugging options.
It seems like you are running with asserts disabled? Try enabling them and see if they can catch the error at an earlier stage.

If you are able to provide a minimal example which I could run to reproduce this issue?

aggaddam · 2023-05-04T09:30:47Z

@ESP-Marius Here is the sample code you can use to replicate the problem.
Make sure the OTA binary image downloaded from the HTTPS server supports the configuration Transfer-Encoding: chunked for file download

You should see this https server response

Transfer-Encoding: chunked

static esp_err_t ota_event_handler(esp_http_client_event_t *evt)
{
	int32_t ret = ESP_OK;
	static int32_t output_len = 0;

	if (NULL != evt)
	{
		switch (evt->event_id)
		{
			case HTTP_EVENT_ERROR:
				ESP_LOGD(TAG, "HTTP_EVENT_ERROR");
				break;

			case HTTP_EVENT_ON_CONNECTED:
				ESP_LOGD(TAG, "HTTP_EVENT_ON_CONNECTED");
				break;

			case HTTP_EVENT_HEADER_SENT:
				ESP_LOGD(TAG, "HTTP_EVENT_HEADER_SENT");
				break;

			case HTTP_EVENT_ON_HEADER:
				ESP_LOGD(TAG, "HTTP_EVENT_ON_HEADER, key=%s, value=%s", evt->header_key, evt->header_value);
				update_len = 0;
				break;

			case HTTP_EVENT_ON_DATA:
				if (!esp_http_client_is_chunked_response(evt->client))
				{
				 		// If user_data buffer is configured, copy the response into the buffer
					output_len += evt->data_len;
					ESP_LOGD(TAG, "No chunk data:[%d, %d, %lld]",
						     evt->data_len, output_len, esp_http_client_get_content_length(evt->client));
				}
				else
				{
					output_len += evt->data_len;
					ESP_LOGD(TAG, "chunk data:[%d, %d, %lld]",
						     evt->data_len, output_len, esp_http_client_get_content_length(evt->client));
				}

				break;

			case HTTP_EVENT_ON_FINISH:
				ESP_LOGD(TAG, "HTTP_EVENT_ON_FINISH");
				break;

			case HTTP_EVENT_DISCONNECTED:
				ESP_LOGD(TAG, "HTTP_EVENT_DISCONNECTED");
				break;

			default:
				ESP_LOGD(TAG, "Default case, %d", evt->event_id);
				break;
		}
	}

	return ESP_OK;
}



void esp_http_client_image_download(void)
{
    esp_http_client_config_t config =   {   .url = "url for .bin image",
                                            .event_handler = ota_event_handler,
                                            .transport_type = HTTP_TRANSPORT_OVER_SSL,
                                            .cert_pem = server_root_ca_cert,
                                            .buffer_size = 256,
                                        };
                                        
	esp_http_client_handle_t client = esp_http_client_init(&config);
	if (NULL != client)
	{
		// GET
		esp_err = esp_http_client_perform(client);
		if (ESP_OK == esp_err)
		{
			int32_t rsp_code = esp_http_client_get_status_code(client);
			ESP_LOGI(TAG, "HTTP GET Status = %d, content_length = %d",
				rsp_code, esp_http_client_get_content_length(client));

			if (200 == rsp_code)
			{
				ESP_LOGI(TAG, "OTA IMAGE RECEIVED SUCCESSFULLY");
			}
			else
			{
				esp_err = ESP_FAIL;
				ESP_LOGI(TAG, "OTA IMAGE RECEIVED FAILED");
			}
		}
		else
		{
			esp_err = ESP_FAIL;
			ESP_LOGE(TAG, "HTTP GET request failed: %d", esp_err);
		}

		esp_http_client_cleanup(client);
	}
	else
	{
		esp_err = ESP_FAIL;
		ESP_LOGE(TAG, "client handle is null");
	}
}

AxelLin · 2023-05-04T09:49:24Z

@aggaddam
I think you should use esp_http_client_get_chunk_length() for chunk data?

aggaddam · 2023-05-05T01:40:14Z

I am getting chunk len from evt->data_len. I am just printing the value of esp_http_client_get_content_length(evt->client) which is -1 in the case of chunk data transfer mode.

mahavirj · 2023-05-05T05:11:03Z

@aggaddam

Can you please try native_ota_example and see if you could recreate this issue?
We do have chunked encoding scenario covered in our tests, please see here.

aggaddam · 2023-05-12T11:35:50Z

@mahavirj I tried with native example code as well but the same issue is happening with example code as well.

I just replaced the URL for image download SDK config and associated certificate. After downloading few chunks of data device is crashing assert msg heap mem fail.

The same error was observed with our project application as well

Here is the log

D (13723) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:4 posted to loop 0x3fc9d200
D (13743) native_ota_example: Read Data, len = 1024, total bytes rcvd = 6144
D (13753) HTTP_CLIENT: is_data_remain=1, is_chunked=1hhd, content_length=-1
D (13753) transport_base: remain data in cache, need to read again
D (13763) HTTP_CLIENT: need_read=1024, byte_to_read=512, rlen=512, ridx=0
D (13763) HTTP_CLIENT: http_on_body 512
D (13773) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:4 posted to loop 0x3fc9d200
D (13783) HTTP_CLIENT: is_data_remain=1, is_chunked=1hhd, content_length=-1
D (13783) transport_base: remain data in cache, need to read again
D (13793) HTTP_CLIENT: need_read=512, byte_to_read=512, rlen=512, ridx=512
D (13803) HTTP_CLIENT: http_on_body 512
D (13803) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:4 posted to loop 0x3fc9d200
D (13813) native_ota_example: Read Data, len = 1024, total bytes rcvd = 7168
D (13833) HTTP_CLIENT: is_data_remain=1, is_chunked=1hhd, content_length=-1
D (13833) transport_base: remain data in cache, need to read again
D (13833) HTTP_CLIENT: need_read=1024, byte_to_read=512, rlen=427, ridx=0
D (13843) HTTP_CLIENT: http_on_body 425
D (13843) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:4 posted to loop 0x3fc9d200
D (13853) HTTP_CLIENT: http_on_chunk_complete
D (13863) HTTP_CLIENT: is_data_remain=1, is_chunked=1hhd, content_length=-1

assert failed: remove_free_block tlsf.c:330 (prev && "prev_free field can not be null")
Core  0 register dump:
MEPC    : 0x403806c0  RA      : 0x40387036  SP      : 0x3fca0460  GP      : 0x3fc91200  
TP      : 0x3fc73f3c  T0      : 0x37363534  T1      : 0x7271706f  T2      : 0x33323130  
S0/FP   : 0x00000070  S1      : 0x00000001  A0      : 0x3fca049c  A1      : 0x3fc92441  
A2      : 0x00000001  A3      : 0x00000029  A4      : 0x00000001  A5      : 0x3fc98000  
A6      : 0x7a797877  A7      : 0x76757473  S2      : 0x00000009  S3      : 0x3fca05c7  
S4      : 0x3fc92440  S5      : 0x3fca6260  S6      : 0x000005fe  S7      : 0x3fca6c70  
S8      : 0x0000001a  S9      : 0x00000000  S10     : 0x3fcb25d2  S11     : 0x3fcb25c8  
T3      : 0x6e6d6c6b  T4      : 0x6a696867  T5      : 0x66656463  T6      : 0x62613938  
MSTATUS : 0x00001881  MTVEC   : 0x40380001  MCAUSE  : 0x00000007  MTVAL   : 0x00000000  
MHARTID : 0x00000000  

Stack memory:
3fca0460: 0x00000dc6 0x0000080c 0x3c0b1cdc 0x4038dc62 0x3fc927e8 0x3c0b1cdc 0x3fc92b64 0x3c0b15d7
3fca0480: 0x3fc927f8 0x3fca0494 0x3fc927fc 0x3c0b1894 0x3fc92440 0x00303333 0x0000240d 0x65737361
3fca04a0: 0x66207472 0x656c6961 0x72203a64 0x766f6d65 0x72665f65 0x625f6565 0x6b636f6c 0x736c7420
3fca04c0: 0x3a632e66 0x20303333 0x65727028 0x26262076 0x72702220 0x665f7665 0x20656572 0x6c656966
3fca04e0: 0x61632064 0x6f6e206e 0x65622074 0x6c756e20 0x0029226c 0x3fcb2e08 0xffffffd6 0x00000000
3fca0500: 0x00000001 0x00000000 0x00000000 0x40382206 0x00000000 0x01348daa 0x3fca6abc 0x40381f3e
3fca0520: 0xffffffff 0x00000000 0x3fca6abc 0x40382048 0x3fca6278 0x00000000 0x3fca6abc 0x005b8d80
3fca0540: 0x00000000 0x3fca6278 0x00000000 0x40383b80 0x3fcb25d2 0x00000000 0x3fca6278 0x3fca6260
3fca0560: 0x3fca6278 0x00000000 0x00000000 0x40000000 0x00000000 0x3fc95008 0x0000001c 0x00000000
3fca0580: 0x3fc97d54 0x3fcb1d1c 0x0000001c 0x4038c538 0x00000002 0x3fce0000 0x3fca5e90 0x0000001c
3fca05a0: 0x00000000 0x0000001c 0x3fc97d40 0x4038bb3a 0x3fca5f14 0x00001800 0x3fc98430 0x40380b56
3fca05c0: 0x00640100 0x00000032 0x3fca5e90 0x3fcb2538 0x00001800 0x0000001c 0x3fca5f14 0x40380bee
3fca05e0: 0x3fcb25e4 0x0000001c 0x3fca5f14 0x40380c4a 0x00000000 0x000005d6 0x3fca5f14 0x4038dc6c
3fca0600: 0x4038d740 0x4203873c 0x3fca0680 0x42053d1c 0x3fc73f3c 0x7b78e756 0x3fca5f14 0x4206b680
3fca0620: 0x3fcb2538 0x00000008 0x00000080 0x3fca5e90 0x3fc95008 0x3fcb2538 0x3fca5f14 0x4206b56e
3fca0640: 0x3fcb2bd8 0xdeadbeef 0x3fc95008 0x3fc94000 0x3fc95008 0x3fce0000 0x3fcb2538 0x420147fe
3fca0660: 0x9fccd7f6 0x0260462d 0x3fca0000 0x420174d8 0x3fc95008 0x00000000 0x3fcb2538 0x4038d9b4
3fca0680: 0x00000011 0x00000000 0x420178e2 0x420178f6 0xffffffd7 0x00000000 0x3fc943d4 0x00000001
3fca06a0: 0x3fce0000 0x3fce0000 0x3fce0000 0x00000000 0x3fcdf934 0x3fce0000 0x3ff1b000 0x3fce0000
3fca06c0: 0x3fce0000 0x3fce0000 0x000000f5 0x3fce0000 0x3fcb2598 0x3fce0000 0x3fcb2538 0x400415ba
3fca06e0: 0x00000000 0x3fce0000 0x3fce0000 0x3ff1b5a8 0x00000000 0x3fcdf918 0x3fce0000 0x40040902
3fca0700: 0x00000000 0x00000000 0x00000011 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fca0720: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x403897ac
3fca0740: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fca0760: 0x00000000 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5 0x00000154 0x3fca0600
3fca0780: 0x3fc97d54 0x3fc93650 0x3fc93650 0x3fca077c 0x3fc93648 0x00000002 0x3fc9e6b4 0x3fc9e6b4
3fca07a0: 0x3fca077c 0x00000000 0x00000017 0x3fc9ed78 0x69666977 0x1c846e00 0x70b1a958 0x00c5870a
3fca07c0: 0x00000000 0x3fca0770 0x00000017 0x00000000 0x00000000 0x00000000 0x00000000 0x3fc98740
3fca07e0: 0x3fc987a8 0x3fc98810 0x00000000 0x00000000 0x00000001 0x00000000 0x00000000 0x00000000
3fca0800: 0x4209fe26 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fca0820: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
3fca0840: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000

mahavirj · 2023-05-12T12:10:57Z

@aggaddam Can you please share the patch that you created on top of native_ota_example?

aggaddam · 2023-05-13T04:42:35Z

@mahavirj Attached source code file. (Remove .txt extension after you downloaded the file)

native_ota_example.c.txt

aggaddam · 2023-05-16T07:11:43Z

@mahavirj Did you get a chance to look into this issue? Are you able to recreate it?

hmalpani · 2023-05-17T09:13:55Z

Hello @aggaddam
I tried out native_ota_example with the patch you shared above. I didn't observe any crashes. The application successfully downloaded the new firmware.

aggaddam · 2023-05-17T09:43:47Z

@hmalpani Have you tried with esp-idf version from branch release/v5.1 ?

hmalpani · 2023-05-17T09:45:33Z

@aggaddam
Yes I tried it on branch release/v5.1

AxelLin · 2023-05-17T09:52:29Z

@hmalpani
Did you test https server with chunked transfer encoded data?

aggaddam · 2023-05-17T09:53:27Z

@hmalpani Could you please share the commit of idf v5.1 used for testing ? I will try with the same commit id.

hmalpani · 2023-05-17T10:16:05Z

@AxelLin @aggaddam

Did you test https server with chunked transfer encoded data?

Yes I used chunked server for testing.

@hmalpani Could you please share the commit of idf v5.1 used for testing ? I will try with the same commit id.

I am on the latest commit present on release/v5.1 branch: 6cfc6f5

aggaddam · 2023-05-18T05:45:37Z

@hmalpani
I tested the native example code with release/v5.1 branch commit - 6cfc6f5. I am still seeing the same issue with https server with chunked transfer encoded data. I also tried downloading the file from the local host with HTTP, it works fine. The issue is happening with chunk transfer encoded data with https server

I got the same assert error after receiving a few chunks of data.

assert failed: remove_free_block tlsf.c:330 (prev && "prev_free field can not be null")

Core  0 register dump:
MEPC    : 0x403806f2  RA      : 0x40386c5c  SP      : 0x3fca0210  GP      : 0x3fc90e00  
TP      : 0x3fc745e0  T0      : 0x37363534  T1      : 0x7271706f  T2      : 0x33323130  
S0/FP   : 0x00000070  S1      : 0x00000001  A0      : 0x3fca024c  A1      : 0x3fc92051  
A2      : 0x00000001  A3      : 0x00000029  A4      : 0x00000001  A5      : 0x3fc97000  
A6      : 0x7a797877  A7      : 0x76757473  S2      : 0x00000009  S3      : 0x3fca0377  
S4      : 0x3fc92050  S5      : 0x3fca6004  S6      : 0x000005fe  S7      : 0x3fca6b18  
S8      : 0x0000001a  S9      : 0x00000000  S10     : 0x3fcb44fa  S11     : 0x3fcb44f0  
T3      : 0x6e6d6c6b  T4      : 0x6a696867  T5      : 0x66656463  T6      : 0x62613938  
MSTATUS : 0x00001881  MTVEC   : 0x40380001  MCAUSE  : 0x00000007  MTVAL   : 0x00000000  
MHARTID : 0x0000000

Here is the server configuration that I received while fetching headers. Hope it will be useful

D (22580) intr_alloc: Connected src 48 to int 11 (cpu 0)
D (22580) HTTP_CLIENT: on_message_begin
D (22580) HTTP_CLIENT: HEADER=Date:Thu, 18 May 2023 05:39:35 GMT
D (22590) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22600) HTTP_CLIENT: HEADER=Content-Type:application/octet-stream
D (22600) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22610) HTTP_CLIENT: HEADER=Transfer-Encoding:chunked
D (22620) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22630) HTTP_CLIENT: HEADER=Connection:keep-alive
D (22630) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22640) HTTP_CLIENT: HEADER=Server:MirAIe
D (22650) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22660) HTTP_CLIENT: HEADER=Strict-Transport-Security:max-age=31536000 ; includeSubDomains
D (22670) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22680) HTTP_CLIENT: HEADER=Content-Security-Policy:script-src 'self'; object-src 'self'
D (22680) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22690) HTTP_CLIENT: HEADER=X-Content-Type-Options:nosniff
D (22700) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22710) HTTP_CLIENT: HEADER=X-Frame-Options:DENY
D (22710) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22730) HTTP_CLIENT: HEADER=X-XSS-Protection:1; mode=block
D (22730) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22740) HTTP_CLIENT: HEADER=Vary:Origin
D (22740) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22750) HTTP_CLIENT: HEADER=Vary:Access-Control-Request-Method
D (22760) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22770) HTTP_CLIENT: HEADER=Vary:Access-Control-Request-Headers
D (22780) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22790) transport_base: remain data in cache, need to read again
D (22790) HTTP_CLIENT: HEADER=Content-Disposition:attachment; filename="ac.ota.bin"
D (22800) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22810) HTTP_CLIENT: HEADER=Cache-Control:no-cache, no-store, max-age=0, must-revalidate
D (22820) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22830) HTTP_CLIENT: HEADER=Pragma:no-cache
D (22830) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22840) HTTP_CLIENT: HEADER=Expires:0
D (22850) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:3 posted to loop 0x3fc9cfe0
D (22860) HTTP_CLIENT: http_on_headers_complete, status=200, offset=618, nread=618
D (22870) HTTP_CLIENT: http_on_chunk_header, chunk_length
D (22870) HTTP_CLIENT: http_on_body 401
D (22870) HTTP_CLIENT: Body received in fetch header state, 0x3fca95d7, 401
D (22880) event: no handlers have been registered for event ESP_HTTP_CLIENT_EVENT:4 posted to loop 0x3fc9cfe0
D (22890) HTTP_CLIENT: content_length = -1
D (22920) HTTP_CLIENT: is_data_remain=1, is_chunked=1hhd, content_length=-1

Jacques-Zhao · 2023-05-22T01:29:40Z

Hi @aggaddam are you still concerned about this problem? tslf assert usually occurs when a pointer oversteps one byte. I am very interested in debugging this problem. Could you please send me a demo that can reproduce the problem

hmalpani · 2023-05-22T04:39:52Z

Hello @aggaddam
I am unable to reproduce this issue. Can you please use https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/heap_debug.html?highlight=heap%20tracing to enable heap debugging to trace the heap corruption?
Can you also share the full logs here?

aggaddam · 2023-05-22T09:02:10Z

@Jacques-Zhao @hmalpani Attached is the log for your reference and the native ota example code used.
Please ensure the server configuration is https with the transfer type as encoded chunked data

ota_example_https_chunk_data_log.txt
native_ota_example.c.txt

aggaddam · 2023-05-26T04:48:52Z

@Jacques-Zhao Are you able to recreate the problem that I mentioned?

Jacques-Zhao · 2023-05-29T02:58:33Z

@aggaddam I'm sorry that I can't repeat the problem you mentioned, but I was dealing with a similar problem last week, and I haven't found the root cause yet, but there is a workaround you can try. Just disable hardware AES acceleration(MBEDTLS_HARDWARE_AES) in the menuconfig. Please test with this configuration item and let me know the results.

hmalpani · 2023-05-29T04:57:34Z

Hello @aggaddam
Can you also share sdkconfig file? It might help in reproducing the issue.

aggaddam · 2023-05-29T06:41:31Z

@hmalpani Here is the SDK config file

sdkconfig.txt

Jacques-Zhao · 2023-05-29T06:49:26Z

@aggaddam Have you tested the method I'm talking about? I have found the root cause of this problem, if you disable AES hardware acceleration can fix the problem, you can try to modiy lldesc_setup_link_constrained change LLDESC_MAX_NUM_PER_DESC_16B_ALIGNED to LLDESC_MAX_NUM_PER_DESC and open AES hardware acceleration test again.

mahavirj · 2023-05-29T10:05:56Z

@aggaddam

Just to extend on the @Jacques-Zhao comment, please try following patch and see if it can help to fix your issue:

diff --git components/mbedtls/port/aes/dma/esp_aes.c components/mbedtls/port/aes/dma/esp_aes.c
index efc531a55a..ec4f3ae739 100644
--- components/mbedtls/port/aes/dma/esp_aes.c
+++ components/mbedtls/port/aes/dma/esp_aes.c
@@ -371,8 +371,8 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
             return esp_aes_process_dma_ext_ram(ctx, input, output, len, stream_out, input_needs_realloc, output_needs_realloc);
         }
 
-        /* Set up dma descriptors for input and output */
-        lldesc_num = lldesc_get_required_num(block_bytes);
+        /* Set up dma descriptors for input and output considering the 16 byte alignment requirement for EDMA */
+        lldesc_num = lldesc_get_required_num_constrained(block_bytes, LLDESC_MAX_NUM_PER_DESC_16B_ALIGNED);
 
         /* Allocate both in and out descriptors to save a malloc/free per function call */
         block_desc = heap_caps_calloc(lldesc_num * 2, sizeof(lldesc_t), MALLOC_CAP_DMA);

hmalpani · 2023-06-02T06:12:45Z

Hello @aggaddam
Does the above patch help you solve the issue?

aggaddam · 2023-06-02T06:15:19Z

@hmalpani I didn't get a chance to test this out this week. I will test this change next week and let you know the feedback.

zjykymt · 2023-06-02T13:36:08Z

HI, i also got this error when downloading the bin file using HHTPS.

My network test environment is a Chinese network, connected to an Amazon server in Europe, and downloaded 128K bin files 13 times in a row using HTTPS GET.

Then this error happens sporadically, here is the error log:

assert failed: remove_free_block tlsf.c:330 (prev && "prev_free field can not be null")


Backtrace: 0x4037637a:0x3fccd5d0 0x40383489:0x3fccd5f0 0x4038b1bd:0x3fccd610 0x4038a0f6:0x3fccd730 0x40389aca:0x3fccd750 0x4037665d:0x3fccd770 0x403766bd:0x3fccd790 0x4037b86b:0x3fccd7b0 0x4037bbc9:0x3fccd7d0 0x4037bca0:0x3fccd800 0x420b09ad:0x3fccd820 0x420b0a5b:0x3fccd880 0x420b145f:0x3fccd8b0 0x420af87a:0x3fccd8f0 0x421113bf:0x3fccd920 0x420ac1c1:0x3fccd940 0x420a7aa5:0x3fccd960 0x420a1b16:0x3fccd980 0x420a1e11:0x3fccd9a0 0x420a2cf9:0x3fccd9d0 0x420a2d51:0x3fccda10 0x420a2d79:0x3fccda40 0x4209dcfd:0x3fccda70 0x4209e661:0x3fccdaa0 0x4209e6dd:0x3fccdac0 0x4209af25:0x3fccdaf0 0x4209b47f:0x3fccdb10 0x4209ed83:0x3fccdb30 0x4209ee41:0x3fccdb50 0x420960d6:0x3fccdb70 0x42096192:0x3fccdb90 0x403871fd:0x3fccdbc0
0x4037637a: panic_abort at C:/esp/esp-idf-v5.0.2/components/esp_system/panic.c:423

0x40383489: esp_system_abort at C:/esp/esp-idf-v5.0.2/components/esp_system/esp_system.c:153

0x4038b1bd: __assert_func at C:/esp/esp-idf-v5.0.2/components/newlib/assert.c:78

0x4038a0f6: remove_free_block at C:/esp/esp-idf-v5.0.2/components/heap/tlsf/tlsf.c:330
 (inlined by) block_locate_free at C:/esp/esp-idf-v5.0.2/components/heap/tlsf/tlsf.c:567
 (inlined by) tlsf_malloc at C:/esp/esp-idf-v5.0.2/components/heap/tlsf/tlsf.c:1004

0x40389aca: multi_heap_malloc_impl at C:/esp/esp-idf-v5.0.2/components/heap/multi_heap.c:207

0x4037665d: heap_caps_malloc_base at C:/esp/esp-idf-v5.0.2/components/heap/heap_caps.c:167

0x403766bd: heap_caps_malloc at C:/esp/esp-idf-v5.0.2/components/heap/heap_caps.c:187

0x4037b86b: setup_priv_desc at C:/esp/esp-idf-v5.0.2/components/driver/spi_master.c:781 (discriminator 15)

0x4037bbc9: spi_device_polling_start at C:/esp/esp-idf-v5.0.2/components/driver/spi_master.c:967

0x4037bca0: spi_device_polling_transmit at C:/esp/esp-idf-v5.0.2/components/driver/spi_master.c:1016

0x420b09ad: w5500_write at C:/esp/esp-idf-v5.0.2/components/esp_eth/src/esp_eth_mac_w5500.c:74

0x420b0a5b: w5500_write_buffer at C:/esp/esp-idf-v5.0.2/components/esp_eth/src/esp_eth_mac_w5500.c:174

0x420b145f: emac_w5500_transmit at C:/esp/esp-idf-v5.0.2/components/esp_eth/src/esp_eth_mac_w5500.c:478 (discriminator 2)

0x420af87a: esp_eth_transmit at C:/esp/esp-idf-v5.0.2/components/esp_eth/src/esp_eth.c:355 (discriminator 2)

0x421113bf: esp_netif_transmit at C:/esp/esp-idf-v5.0.2/components/esp_netif/lwip/esp_netif_lwip.c:1161

0x420ac1c1: ethernet_low_level_output at C:/esp/esp-idf-v5.0.2/components/esp_netif/lwip/netif/ethernetif.c:83

0x420a7aa5: ethernet_output at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/netif/ethernet.c:312 (discriminator 2)

0x420a1b16: etharp_output_to_arp_index at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/ipv4/etharp.c:769

0x420a1e11: etharp_output at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/ipv4/etharp.c:868

0x420a2cf9: ip4_output_if_opt_src at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/ipv4/ip4.c:1054

0x420a2d51: ip4_output_if_opt at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/ipv4/ip4.c:855

0x420a2d79: ip4_output_if at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/ipv4/ip4.c:832

0x4209dcfd: tcp_output_control_segment at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/tcp_out.c:1952 (discriminator 4)

0x4209e661: tcp_send_empty_ack at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/tcp_out.c:2058

0x4209e6dd: tcp_output at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/tcp_out.c:1278

0x4209af25: tcp_fasttmr at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/tcp.c:1503

0x4209b47f: tcp_tmr at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/tcp.c:237

0x4209ed83: tcpip_tcp_timer at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/timeouts.c:151

0x4209ee41: sys_check_timeouts at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/core/timeouts.c:401

0x420960d6: tcpip_timeouts_mbox_fetch at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/api/tcpip.c:109

0x42096192: tcpip_thread at C:/esp/esp-idf-v5.0.2/components/lwip/lwip/src/api/tcpip.c:142

0x403871fd: vPortTaskWrapper at C:/esp/esp-idf-v5.0.2/components/freertos/FreeRTOS-Kernel/portable/xtensa/port.c:154





ELF file SHA256: 9820f88834de0fbb

Rebooting...

zjykymt · 2023-06-02T14:01:57Z

@aggaddam

Just to extend on the @Jacques-Zhao comment, please try following patch and see if it can help to fix your issue:

diff --git components/mbedtls/port/aes/dma/esp_aes.c components/mbedtls/port/aes/dma/esp_aes.c
index efc531a55a..ec4f3ae739 100644
--- components/mbedtls/port/aes/dma/esp_aes.c
+++ components/mbedtls/port/aes/dma/esp_aes.c
@@ -371,8 +371,8 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
             return esp_aes_process_dma_ext_ram(ctx, input, output, len, stream_out, input_needs_realloc, output_needs_realloc);
         }
 
-        /* Set up dma descriptors for input and output */
-        lldesc_num = lldesc_get_required_num(block_bytes);
+        /* Set up dma descriptors for input and output considering the 16 byte alignment requirement for EDMA */
+        lldesc_num = lldesc_get_required_num_constrained(block_bytes, LLDESC_MAX_NUM_PER_DESC_16B_ALIGNED);
 
         /* Allocate both in and out descriptors to save a malloc/free per function call */
         block_desc = heap_caps_calloc(lldesc_num * 2, sizeof(lldesc_t), MALLOC_CAP_DMA);

After applying this fix, a new error appeared, the log is as follows:

E (315169) AES: Timed out waiting for completion of AES Interrupt

abort() was called at PC 0x420c1ec2 on core 1
0x420c1ec2: esp_aes_dma_wait_complete at C:/esp/esp-idf-v5.0.2/components/mbedtls/port/aes/dma/esp_aes.c:219 (discriminator 3)



Backtrace: 0x4037637a:0x3fcc8490 0x40383489:0x3fcc84b0 0x4038b0c2:0x3fcc84d0 0x420c1ec2:0x3fcc8540 0x420c2143:0x3fcc8560 0x420c26fe:0x3fcc85b0 0x420c3dae:0x3fcc85e0 0x420c3ec0:0x3fcc8640 0x420c3f07:0x3fcc8670 0x420c3f3f:0x3fcc86b0 0x420b80c9:0x3fcc8710 0x420b87ae:0x3fcc8740 0x420b2a19:0x3fcc8780 0x420b2d56:0x3fcc8860 0x420b343a:0x3fcc8880 0x420b34b0:0x3fcc88c0 0x420b35e2:0x3fcc88e0 0x420ae8b9:0x3fcc8900 0x4211162a:0x3fcc8920 0x4203586b:0x3fcc8940 0x42036836:0x3fcc8970 0x4203740c:0x3fcc8990 0x403871fd:0x3fcc89c0
0x4037637a: panic_abort at C:/esp/esp-idf-v5.0.2/components/esp_system/panic.c:423

0x40383489: esp_system_abort at C:/esp/esp-idf-v5.0.2/components/esp_system/esp_system.c:153

0x4038b0c2: abort at C:/esp/esp-idf-v5.0.2/components/newlib/abort.c:38

0x420c1ec2: esp_aes_dma_wait_complete at C:/esp/esp-idf-v5.0.2/components/mbedtls/port/aes/dma/esp_aes.c:219 (discriminator 3)

0x420c2143: esp_aes_process_dma at C:/esp/esp-idf-v5.0.2/components/mbedtls/port/aes/dma/esp_aes.c:439

0x420c26fe: esp_aes_crypt_ctr at C:/esp/esp-idf-v5.0.2/components/mbedtls/port/aes/dma/esp_aes.c:1036

0x420c3dae: esp_aes_gcm_update at C:/esp/esp-idf-v5.0.2/components/mbedtls/port/aes/esp_aes_gcm.c:478

0x420c3ec0: esp_aes_gcm_crypt_and_tag_partial_hw at C:/esp/esp-idf-v5.0.2/components/mbedtls/port/aes/esp_aes_gcm.c:574

0x420c3f07: esp_aes_gcm_crypt_and_tag at C:/esp/esp-idf-v5.0.2/components/mbedtls/port/aes/esp_aes_gcm.c:697

0x420c3f3f: esp_aes_gcm_auth_decrypt at C:/esp/esp-idf-v5.0.2/components/mbedtls/port/aes/esp_aes_gcm.c:718

0x420b80c9: mbedtls_cipher_aead_decrypt at C:/esp/esp-idf-v5.0.2/components/mbedtls/mbedtls/library/cipher.c:1440

0x420b87ae: mbedtls_cipher_auth_decrypt_ext at C:/esp/esp-idf-v5.0.2/components/mbedtls/mbedtls/library/cipher.c:1582

0x420b2a19: mbedtls_ssl_decrypt_buf at C:/esp/esp-idf-v5.0.2/components/mbedtls/mbedtls/library/ssl_msg.c:1439

0x420b2d56: ssl_prepare_record_content at C:/esp/esp-idf-v5.0.2/components/mbedtls/mbedtls/library/ssl_msg.c:3864

0x420b343a: ssl_get_next_record at C:/esp/esp-idf-v5.0.2/components/mbedtls/mbedtls/library/ssl_msg.c:4791

0x420b34b0: mbedtls_ssl_read_record at C:/esp/esp-idf-v5.0.2/components/mbedtls/mbedtls/library/ssl_msg.c:4029

0x420b35e2: mbedtls_ssl_read at C:/esp/esp-idf-v5.0.2/components/mbedtls/mbedtls/library/ssl_msg.c:5692

0x420ae8b9: esp_mbedtls_read at C:/esp/esp-idf-v5.0.2/components/esp-tls/esp_tls_mbedtls.c:222

0x4211162a: esp_tls_conn_read at C:/esp/esp-idf-v5.0.2/components/esp-tls/esp_tls.c:100

0x4203586b: nfp_task_ssl_recv_process at C:/Users/YMT/Documents/GitHub/HW-S3-Project/eFG/1_APP/main/netif/u_netif_poll.c:2518

0x42036836: nfp_task_socket_recv_loop at C:/Users/YMT/Documents/GitHub/HW-S3-Project/eFG/1_APP/main/netif/u_netif_poll.c:2554

0x4203740c: vTaskNetifPoll at C:/Users/YMT/Documents/GitHub/HW-S3-Project/eFG/1_APP/main/netif/u_netif_poll.c:2723

0x403871fd: vPortTaskWrapper at C:/esp/esp-idf-v5.0.2/components/freertos/FreeRTOS-Kernel/portable/xtensa/port.c:154





ELF file SHA256: fd64b9b46b3e7840

Rebooting...

zjykymt · 2023-06-03T03:31:28Z

@aggaddam I'm sorry that I can't repeat the problem you mentioned, but I was dealing with a similar problem last week, and I haven't found the root cause yet, but there is a workaround you can try. Just disable hardware AES acceleration(MBEDTLS_HARDWARE_AES) in the menuconfig. Please test with this configuration item and let me know the results.

My test method is to use HTTPS GET to download the bin file (128K bytes * 13) multiple times in a row. It seems that "Just disable hardware AES acceleration (MBEDTLS_HARDWARE_AES)" can solve my problem ( assert failed: remove_free_block tlsf.c:330 (prev && "prev_free field can not be null") ). The conclusion of this test is for reference.

Thanks.

AxelLin · 2023-06-05T09:21:32Z

@mahavirj

Your change in #11310 (comment) is different from #11310 (comment).

I'm not sure which one is correct.
Could you clarify if both places need change?

i.e. The diff would be below if apply both changes.

diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c
index efc531a55a..a57cb7a4ae 100644
--- a/components/mbedtls/port/aes/dma/esp_aes.c
+++ b/components/mbedtls/port/aes/dma/esp_aes.c
@@ -371,8 +371,8 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
             return esp_aes_process_dma_ext_ram(ctx, input, output, len, stream_out, input_needs_realloc, output_needs_realloc);
         }
 
-        /* Set up dma descriptors for input and output */
-        lldesc_num = lldesc_get_required_num(block_bytes);
+        /* Set up dma descriptors for input and output considering the 16 byte alignment requirement for EDMA */
+        lldesc_num = lldesc_get_required_num_constrained(block_bytes, LLDESC_MAX_NUM_PER_DESC_16B_ALIGNED);
 
         /* Allocate both in and out descriptors to save a malloc/free per function call */
         block_desc = heap_caps_calloc(lldesc_num * 2, sizeof(lldesc_t), MALLOC_CAP_DMA);
@@ -387,7 +387,7 @@ static int esp_aes_process_dma(esp_aes_context *ctx, const unsigned char *input,
 
         lldesc_setup_link(block_in_desc, input, block_bytes, 0);
         //Limit max inlink descriptor length to be 16 byte aligned, require for EDMA
-        lldesc_setup_link_constrained(block_out_desc, output, block_bytes, LLDESC_MAX_NUM_PER_DESC_16B_ALIGNED, 0);
+        lldesc_setup_link_constrained(block_out_desc, output, block_bytes, LLDESC_MAX_NUM_PER_DESC, 0);
 
         out_desc_tail = &block_out_desc[lldesc_num - 1];
     }

mahavirj · 2023-06-05T13:44:28Z

@AxelLin

The version of the patch I had posted in my comment was correct. I am also attaching the full version of the fix here which includes a test case that can easily recreate the failure aes_fix_for_DMA_descriptors_calculations.tar.gz

Command to apply the patch:

git am -p0 0001-aes-fix-DMA-descriptor-calculation-for-the-alignment.patch

@zjykymt

After applying this fix, a new error appeared, the log is as follows:
E (315169) AES: Timed out waiting for completion of AES Interrupt

Can you please share your application, sdkconfig and other details? It is quite possible that your issue is entirely different than one reported here, maybe you can file a new issue and share all details.

AxelLin · 2023-06-06T06:47:23Z

@AxelLin

The version of the patch I had posted in my comment was correct. I am also attaching the full version of the fix here which includes a test case that can easily recreate the failure aes_fix_for_DMA_descriptors_calculations.tar.gz

Confirm the patch fixes the panic on ESP32C3.
Thanks, @mahavirj

The number of the DMA descriptors allocated for certain length (e.g., 8176) were not sufficient (off by 1 error). This used to result in the dynamic memory corruption as the region was modified beyond the allocated range. This change fixes the DMA descriptor calculation part and allocates sufficient DMA descriptors based on the data length alignment considerations. Test has also been added to cover the specific scenario in the CI. Closes #11310

aggaddam · 2023-06-28T16:53:37Z

@mahavirj I applied the patch in esp32c3 target, and now the device is not crashing while downloading the image from the https server but there is still a problem while downloading the image from the HTTPS server with chunked transfer encoded data. The issue is after downloading a few packets, I am not seeing a callback event for HTTP_EVENT_ON_DATA and finally ended up receiving partial data instead of full data

I tried with the native ota example and HTTP streaming example. Same behavior observed

Attached log file for your reference
ota_log.txt

Do you want me to open a new issue for the download issue with https or can we track the issue here?

The number of the DMA descriptors allocated for certain length (e.g., 8176) were not sufficient (off by 1 error). This used to result in the dynamic memory corruption as the region was modified beyond the allocated range. This change fixes the DMA descriptor calculation part and allocates sufficient DMA descriptors based on the data length alignment considerations. Test has also been added to cover the specific scenario in the CI. Closes #11310

fpgax · 2023-11-02T08:31:14Z

Is this a security vulnerability?

aggaddam added the Type: Bug bugs in IDF label May 2, 2023

aggaddam changed the title ~~uru Meditation Error: Core 0 panic'ed (Store access fault). Exception was unhandled.~~ Guru Meditation Error: Core 0 panic'ed (Store access fault). Exception was unhandled. May 2, 2023

github-actions bot changed the title ~~Guru Meditation Error: Core 0 panic'ed (Store access fault). Exception was unhandled.~~ Guru Meditation Error: Core 0 panic'ed (Store access fault). Exception was unhandled. (IDFGH-10033) May 2, 2023

espressif-bot added the Status: Opened Issue is new label May 2, 2023

espressif-bot assigned hmalpani May 5, 2023

espressif-bot added Status: In Progress Work is in progress and removed Status: Opened Issue is new labels May 8, 2023

espressif-bot added the Awaiting Response awaiting a response from the author label May 22, 2023

espressif-bot added Status: Done Issue is done internally Resolution: NA Issue resolution is unavailable and removed Status: In Progress Work is in progress labels Jun 6, 2023

espressif-bot closed this as completed in f7a01d8 Jun 8, 2023

plin2 mentioned this issue Apr 13, 2024

[Build] Add ESP32-C6 MAX builds (preliminary) letscontrolit/ESPEasy#4997

Merged

1 task

Guru Meditation Error: Core 0 panic'ed (Store access fault). Exception was unhandled. (IDFGH-10033) #11310

Guru Meditation Error: Core 0 panic'ed (Store access fault). Exception was unhandled. (IDFGH-10033) #11310

Comments

aggaddam commented May 2, 2023 • edited Loading

Answers checklist.

IDF version.

Operating System used.

How did you build your project?

If you are using Windows, please specify command line type.

Development Kit.

Power Supply used.

What is the expected behavior?

What is the actual behavior?

Steps to reproduce.

Debug Logs.

More Information.

ESP-Marius commented May 4, 2023

aggaddam commented May 4, 2023 • edited Loading

AxelLin commented May 4, 2023 • edited Loading

aggaddam commented May 5, 2023

mahavirj commented May 5, 2023

aggaddam commented May 12, 2023 • edited Loading

mahavirj commented May 12, 2023

aggaddam commented May 13, 2023 • edited Loading

aggaddam commented May 16, 2023

hmalpani commented May 17, 2023

aggaddam commented May 17, 2023

hmalpani commented May 17, 2023

AxelLin commented May 17, 2023

aggaddam commented May 17, 2023

hmalpani commented May 17, 2023

aggaddam commented May 18, 2023 • edited Loading

Jacques-Zhao commented May 22, 2023

hmalpani commented May 22, 2023

aggaddam commented May 22, 2023

aggaddam commented May 26, 2023

Jacques-Zhao commented May 29, 2023

hmalpani commented May 29, 2023

aggaddam commented May 29, 2023

Jacques-Zhao commented May 29, 2023

mahavirj commented May 29, 2023

hmalpani commented Jun 2, 2023

aggaddam commented Jun 2, 2023

zjykymt commented Jun 2, 2023 • edited Loading

zjykymt commented Jun 2, 2023

zjykymt commented Jun 3, 2023

AxelLin commented Jun 5, 2023

mahavirj commented Jun 5, 2023 • edited Loading

AxelLin commented Jun 6, 2023

aggaddam commented Jun 28, 2023 • edited Loading

fpgax commented Nov 2, 2023

aggaddam commented May 2, 2023 •

edited

Loading

aggaddam commented May 4, 2023 •

edited

Loading

AxelLin commented May 4, 2023 •

edited

Loading

aggaddam commented May 12, 2023 •

edited

Loading

aggaddam commented May 13, 2023 •

edited

Loading

aggaddam commented May 18, 2023 •

edited

Loading

zjykymt commented Jun 2, 2023 •

edited

Loading

mahavirj commented Jun 5, 2023 •

edited

Loading

aggaddam commented Jun 28, 2023 •

edited

Loading