Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash after registering esp_zb_zcl_command_send_status_handler (TZ-511) #191

Closed
3 tasks done
simonborje opened this issue Dec 26, 2023 · 1 comment
Closed
3 tasks done

Crash after registering esp_zb_zcl_command_send_status_handler (TZ-511) #191

simonborje opened this issue Dec 26, 2023 · 1 comment
Labels
Bug

Comments

@simonborje
Copy link

Answers checklist.

  • I have read the documentation ESP Zigbee SDK Programming Guide and the issue is not addressed there.
  • I have updated my IDF branch (master or release) and ESP Zigbee libs (esp-zboss-lib and esp-zigbee-lib) to the latest version and checked that the issue is present there.
  • I have searched the issue tracker for a similar issue and not found a similar issue.

IDF version.

ESP-IDF v5.1.2

esp-zigbee-lib version.

1.0.7

esp-zboss-lib version.

1.0.7

Espressif SoC revision.

ESP32-C6

What is the expected behavior?

No crashes

What is the actual behavior?

After updating both zigbee libraries to version 1.0.7 and adding a call to esp_zb_zcl_command_send_status_handler_register the application crashes every time after about 21-22 read attribute requests have been sent with the backtrace shown below. It seems to happen when the transaction sequence number reaches ~21, and can be triggered by other types of requests as well such as esp_zb_zcl_on_off_cmd_req.
If I comment the esp_zb_zcl_command_send_status_handler_register line the crash will not occur. My command_send_status callback function is empty.

Example code for how I'm registering the callback and the mostly empty callback handler.

esp_zb_zcl_command_send_status_handler_register(send_status_handler);

static void send_status_handler(esp_zb_zcl_command_send_status_message_t message) {
  ESP_LOGI(TAG, "send_status_handler");
}

abort() was called at PC 0x4201f51d on core 0
0x4201f51d: zb_assert at ??:?

Core  0 register dump:
MEPC    : 0x40800626  RA      : 0x40807108  SP      : 0x4081c730  GP      : 0x4080db20
0x40800626: panic_abort at C:/Users/simon/esp-5.1.2/esp-idf/components/esp_system/panic.c:452

0x40807108: __ubsan_include at C:/Users/simon/esp-5.1.2/esp-idf/components/esp_system/ubsan.c:313

TP      : 0x40804e68  T0      : 0x37363534  T1      : 0x7271706f  T2      : 0x33323130
0x40804e68: clk_ll_xtal_load_freq_mhz at C:/Users/simon/esp-5.1.2/esp-idf/components/hal/esp32c6/include/hal/clk_tree_ll.h:774
 (inlined by) rtc_clk_xtal_freq_get at C:/Users/simon/esp-5.1.2/esp-idf/components/esp_hw_support/port/esp32c6/rtc_clk.c:354

S0/FP   : 0x4081c76c  S1      : 0x4081c750  A0      : 0x4081c76c  A1      : 0x4081c74e
A2      : 0x00000000  A3      : 0x4081c799  A4      : 0x00000001  A5      : 0x40818000
A6      : 0x00000000  A7      : 0x76757473  S2      : 0x42016764  S3      : 0x42016764
0x42016764: zb_zcl_cmd_send_status_handler at esp_zigbee_zcl_command.c.obj:?

0x42016764: zb_zcl_cmd_send_status_handler at esp_zigbee_zcl_command.c.obj:?

S4      : 0x00000002  S5      : 0x00000005  S6      : 0x00000000  S7      : 0x00000001
S8      : 0x00000002  S9      : 0x00000300  S10     : 0x00000001  S11     : 0x00000000
T3      : 0x6e6d6c6b  T4      : 0x6a696867  T5      : 0x66656463  T6      : 0x62613938
MSTATUS : 0x00001881  MTVEC   : 0x40800001  MCAUSE  : 0x00000007  MTVAL   : 0x00000000
0x40800001: _vector_table at ??:?

MHARTID : 0x00000000

Stack memory:
4081c730: 0x00131250 0x00000008 0x4081c74c 0x4080c27e 0x0000d91d 0x001f0024 0x00000000 0x01790030
0x4080c27e: __assert_func at C:/Users/simon/esp-5.1.2/esp-idf/components/newlib/assert.c:34

4081c750: 0x31303234 0x64313566 0x00006b00 0x4080e448 0x4081c750 0x4080e464 0x4081c74c 0x726f6261
4081c770: 0x20292874 0x20736177 0x6c6c6163 0x61206465 0x43502074 0x34783020 0x66313032 0x20643135
4081c790: 0x63206e6f 0x2065726f 0x00000030 0x00000000 0x00000000 0x00000000 0x4081eba4 0x4201f520
0x4201f520: zb_globals_init at ??:?

4081c7b0: 0x00000000 0x00000001 0x00000001 0x420457e8 0x4081a2c0 0x00000300 0x00000001 0x42016764
0x420457e8: zb_zcl_register_cb at ??:?

0x42016764: zb_zcl_cmd_send_status_handler at esp_zigbee_zcl_command.c.obj:?

4081c7d0: 0x4081a2c0 0x00000000 0x4081eba4 0x42046142 0x00000002 0x0000d91d 0x001f0024 0x00000005
0x42046142: zb_zcl_finish_and_send_packet_common at zcl_common.c.obj:?

4081c7f0: 0x00000050 0x00000001 0x00000003 0x0000c124 0x00000002 0x0000001f 0x00000010 0x4081c978
4081c810: 0x0000000f 0x00000002 0x4081c898 0x00000001 0x00000001 0x00000104 0x00000300 0x4081a2c5
4081c830: 0x00000000 0x00000002 0x4081eba4 0x4204631e 0x00000002 0x4081c898 0x420b3000 0x420c1e18
0x4204631e: zb_zcl_finish_and_send_packet at ??:?

4081c850: 0x4081c934 0x00000069 0x40818cd8 0x0000c124 0x00000000 0x4081c898 0x00000001 0x420168a4
0x420168a4: esp_zb_zcl_read_attr_cmd_req at ??:?

4081c870: 0x42016764 0x00000016 0x40818ca8 0x0000c7ef 0x00000002 0x0000c124 0x420b3000 0x420078a4
0x42016764: zb_zcl_cmd_send_status_handler at esp_zigbee_zcl_command.c.obj:?

0x420078a4: read_attribute(unsigned short, unsigned char, unsigned char, unsigned short, unsigned short) at C:/Users/simon/Documents/ESP-IDF/esp32-c6-c++/main/esp_zigbee_gateway.cpp:1200

4081c890: 0x00000101 0x00000004 0x4001c124 0x4081c884 0x00000101 0x00000002 0x00010300 0x4081c894
0x4001c124: tdefl_flush_output_buffer in ROM

4081c8b0: 0x00000001 0x4081c934 0x40818ca8 0x4200fa4c 0x3a594157 0x61657220 0x20332064 0x65747962
0x4200fa4c: handle_command(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) at C:/Users/simon/Documents/ESP-IDF/esp32-c6-c++/main/esp_zigbee_gateway.cpp:1469

4081c8d0: 0x305b1b73 0x00000a6d 0x420c1e2c 0x420c18b0 0x420c1f64 0x420c1e50 0x420c1e64 0x420c1dd4
4081c8f0: 0x0000000a 0x0000000d 0x00000001 0x4081874b 0x00000002 0x00000001 0x40818ca8 0x40818cd8
4081c910: 0x40818cd8 0x4081c91c 0x00000001 0x40800032 0x00000004 0x4087f453 0x4081c95f 0x4081c934
0x40800032: _vector_table at ??:?

4081c930: 0x00000001 0x00000069 0x40817340 0x00000001 0xffffffff 0x420c1e50 0x00000000 0x420c1dd4
4081c950: 0x4081c978 0x4081c97b 0x4081c97b 0x00000000 0x00000000 0x00000000 0x40817704 0x00000008
4081c970: 0x4081c978 0x00000003 0x00322069 0x408077ea 0x3fffffff 0x00000001 0x420c1e64 0x00000006
0x408077ea: xQueueGenericSend at C:/Users/simon/esp-5.1.2/esp-idf/components/freertos/FreeRTOS-Kernel/queue.c:908

4081c990: 0x00000000 0x00001002 0x00000000 0x00000006 0x00000000 0x00000000 0x00000000 0x00000000
4081c9b0: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
4081c9d0: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000008
4081c9f0: 0x4081c9ac 0x40817704 0x00000000 0x40800000 0x4081c94c 0x40817340 0x40817b5c 0x40817b64
0x40800000: _vector_table at ??:?

4081ca10: 0xd3d2d1d0 0xd7d6d5d4 0xdbdad9d8 0x00000000 0x00000000 0x00000000 0x420b4000 0x420b4000
4081ca30: 0x4200617e 0x40816000 0x420b4000 0x40817000 0x420b3000 0x40816888 0x40817340 0x4200fe22
0x4200617e: std::ctype<char>::do_widen(char) const at c:\users\simon\.espressif\tools\riscv32-esp-elf\esp-12.2.0_20230208\riscv32-esp-elf\riscv32-esp-elf\include\c++\12.2.0\bits/locale_facets.h:1093

0x4200fe22: std::basic_istream<char, std::char_traits<char> >& std::getline<char, std::char_traits<char>, std::allocator<char> >(std::basic_istream<char, std::char_traits<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) at c:\users\simon\.espressif\tools\riscv32-esp-elf\esp-12.2.0_20230208\riscv32-esp-elf\riscv32-esp-elf\include\c++\12.2.0\bits/basic_string.h:3925
 (inlined by) serial_task at C:/Users/simon/Documents/ESP-IDF/esp32-c6-c++/main/esp_zigbee_gateway.cpp:1557
 (inlined by) serial_task at C:/Users/simon/Documents/ESP-IDF/esp32-c6-c++/main/esp_zigbee_gateway.cpp:1486

4081ca50: 0x00000100 0x00000100 0x4081ca60 0x00000003 0x00322069 0x00000000 0x00000000 0x00000000
4081ca70: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
4081ca90: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
4081cab0: 0x00000000 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5 0xa5a5a5a5
4081cad0: 0x00000100 0x72657473 0x36373a22 0x61222c38 0x69727474 0x65747562 0x2c343a22 0x6c617622
4081caf0: 0x3a226575 0x36393332 0x0a0d7d35 0x736d227b 0x79745f67 0x3a226570 0x676f6c22 0x6c222c22
4081cb10: 0x3a22676f 0x305b1b22 0x6d32333b 0x34282049 0x33313939 0x53452029 0x425a5f50 0x5441475f



ELF file SHA256: aa16fe0477acfe0a

Rebooting...
ESP-ROM:esp32c6-20220919
Build:Sep 19 2022
rst:0xc (SW_CPU),boot:0xc (SPI_FAST_FLASH_BOOT)
Saved PC:0x4001975a
0x4001975a: software_reset_cpu in ROM

Steps to reproduce.

  1. Register command send callback using esp_zb_zcl_command_send_status_handler_register.
  2. Send ~21 commands such as read attribute request.
  3. When calling esp_zb_zcl_read_attr_cmd_req an additional time the application will crash.

More Information.

No response
@simonborje simonborje added the Bug label Dec 26, 2023
@github-actions github-actions bot changed the title Crash after registering esp_zb_zcl_command_send_status_handler Crash after registering esp_zb_zcl_command_send_status_handler (TZ-511) Dec 26, 2023
@xieqinan
Copy link
Contributor

@simonborje

Thanks for your testing; I will fix it as soon as possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simonborje @xieqinan