exception at 4000df2f (memcmp)

st0ff3r
Posts: 11
Joined: Sun Sep 13, 2015 11:52 pm

exception at 4000df2f (memcmp)

Postby st0ff3r » Sat Nov 17, 2018 8:49 pm

reason=2 exccause=28 epc1=0x4000df2f epc2=0x00000000 epc3=0x00000000 excvaddr=0x00000033 depc=0x00000000

anyone know why app.map contains both

PROVIDE (ets_memcmp, 0x400018d4)
and
PROVIDE (memcmp, 0x4000dea8)

are those not the same?

include/platform.h says
#define memcmp(a, b, c) os_memcmp(a, b, c)

my code is at https://github.com/nabovarme/MeterLogge ... pto.c#L109

YimingLi
Posts: 59
Joined: Sun May 03, 2015 5:36 pm

Re: exception at 4000df2f (memcmp)

Postby YimingLi » Thu Sep 26, 2019 6:45 pm

Hi,

First, memcmp() and os_memcmp()/est_memcmp() are de-facto the same from point of brom, since the implementation of ets_memcmp() is something like below:

int ets memcmp(void *addr1, void *addr2, size_t n)
{
memcmp(addr1, addr2, n);
}
#define os_memcmp ets_memcmp

Similar the case is memcpy() and os_memcpy()/ets_memcpy(). Therefore, if an exception occurs at an address inside/following memcpy(), it might be caused by a call of os_memcpy()/ets_memcpy().

Second, 0x4000df2f is a branch address neither by/inside memcmp() nor by/inside ets_memcmp(), But is an address related to memcpy() or ets_memcpy/os_memcpy() de-facto which is called.

1. 0x4000df2f is a branch address when the brom code memcpy(dest_addr, src_addr, length)/os_memcpy()/ets_memcpy() is called
2, Exception 28 caused at 0x4000df2f with excvaddr=0x00000033 indicates below:
(1) excvaddr=0x00000033 indicates that memcpy(dest_addr, src_addr, length) is called with src_addr=0x00000033, which is an address load prohibited.
(2) exception cause at 0x4000df2f indicates that memcpy(dest_addr, src_addr, length), or os_memcpy(), or ets_memcpy() is called with dest_addr of 2-byte aligned but not 4-byte aligned (e.g. dest_dest = 0x3fff2014), and the length >= 6.

So, please check your code with all memcpy() or os_memcpy() or ets_memcpy(), especially with those possible src_addr=0x33 and length>=6 (ignoring thoese calling with length=4 for an example), and dest_addr is 2-bytes aligned(ignore those calling with odd dest_addr or 4-byte aligned dest_addr).

Hope it would be helpful for you!

------------------------------
ALK8266WIFI Module Extends MCU Capabilities to Tranceive in an efective speed of 1+MBytes/s
English: https://www.ebay.com/itm/283536362871
中文: https://item.taobao.com/item.htm?id=576141575067

blubb
Posts: 115
Joined: Mon Jun 22, 2015 5:35 am

Re: exception at 4000df2f (memcmp)

Postby blubb » Thu Mar 19, 2020 10:08 pm

Any news on this exception?

I keep getting it, too, sometimes when rebooting after an OTA update. Is there a way to find out what is at address 0x33?

I noticed other people having the same issues, e.g.
https://bbs.espressif.com/viewtopic.php?t=2934
https://bbs.espressif.com/viewtopic.php?t=5784
https://www.esp8266.com/viewtopic.php?p=83491
It even happens in Arduino:
https://www.bountysource.com/issues/554 ... ot-esp8266
https://www.gitmemory.com/issue/esp8266 ... /491462561
https://groups.google.com/forum/#!topic ... Te2T-ZhF-U

st0ff3r
Posts: 11
Joined: Sun Sep 13, 2015 11:52 pm

Re: exception at 4000df2f (memcmp)

Postby st0ff3r » Tue Mar 24, 2020 2:00 am

I think I solved the problem by replacing the malloc()'ed variable with a static one, so I guess in some (low memory) circumstances malloc() returns an invalid pointer.

st0ff3r
Posts: 11
Joined: Sun Sep 13, 2015 11:52 pm

Re: exception at 4000df2f (memcmp)

Postby st0ff3r » Tue Mar 24, 2020 2:06 am

blubb wrote:Any news on this exception?

I keep getting it, too, sometimes when rebooting after an OTA update. Is there a way to find out what is at address 0x33?



does it only happens after reboot by system_restart() or also after power-on?

With sdk 3.0.3 I see some exceptions to after calling system_restart(), but I guess its normal? It does not happen randomly after power on at least.

blubb
Posts: 115
Joined: Mon Jun 22, 2015 5:35 am

Re: exception at 4000df2f (memcmp)

Postby blubb » Tue Mar 24, 2020 3:15 am

It happens only after calling system_upgrade_reboot() but just BEFORE the actual reset.

The reason in my case seems to be a timer which can fire during this short moment. I check for WiFi disconnection regularly and since system_upgrade_reboot() disconnects, the timer then tries to reconnect...
Root cause may be something inside wifi_station_connect() calling memcpy() with invalid parameters. That would be a task for Espressif...
https://github.com/espressif/ESP8266_NO ... -602231845

As for system_restart() I am not sure (did not try that often enough). But my guess is, it's exactly the same (since the disconnect happens there, too).

st0ff3r
Posts: 11
Joined: Sun Sep 13, 2015 11:52 pm

Re: exception at 4000df2f (memcmp)

Postby st0ff3r » Tue May 19, 2020 2:35 am

it was a missing NULL check in esp-open-lwip/lwip/netif/etharp.c, function etharp_raw()

fixed here https://github.com/nabovarme/esp-open-l ... ff35ce1ada

blubb
Posts: 115
Joined: Mon Jun 22, 2015 5:35 am

Re: exception at 4000df2f (memcmp)

Postby blubb » Thu May 21, 2020 3:03 pm

Is that the original code? I cannot use libmbedtls with this lwip version.

Who is online

Users browsing this forum: No registered users and 6 guests