ESP32 Wifi driver call NULL callback when request scanning

[phb98]

Describe the bug

ESP32 Wifi driver call NULL callback after done scanning on STA interface and Enable CONFIG_ESP32_WIFI_AP_STA_MODE.
The issue happened in function: scan_done_handler(void) in esp_wifi_drv.c
This functions used the callback stored in its private data instead of the correct callback passed from struct device from upper layer.

out:
	/* report end of scan event */
	esp32_data.scan_cb(esp32_wifi_iface, 0, NULL);
	esp32_data.scan_cb = NULL;

To Reproduce
This is my example code, if changing to interface from net_if_get_wifi_sap(), this issue won't happen

	struct net_if *iface = net_if_get_wifi_sta();
	struct wifi_scan_params params = {
		0
	};
	params.max_bss_cnt = 10;
	params.bands = WIFI_FREQ_BAND_2_4_GHZ;
	params.scan_type = WIFI_SCAN_TYPE_ACTIVE;
	params.dwell_time_active = 10000;
	params.band_chan[0] = (struct wifi_band_channel){
							.band = WIFI_FREQ_BAND_2_4_GHZ, 
							.channel= 6
                               };
	printk("Request wifi scan:%d\n",net_mgmt(NET_REQUEST_WIFI_SCAN, iface, &params, sizeof(params)));

Expected behavior
Code runs without error

Impact

Logs and console output
This is the log output when it tries to call NULL callback

[00:00:06.000,000] <err> os: 
[00:00:06.003,000] <err> os:  mcause: 1, Instruction Access fault
[00:00:06.010,000] <err> os:   mtval: 0
[00:00:06.015,000] <err> os:      a0: 4082d810    t0: 40030dca
[00:00:06.021,000] <err> os:      a1: 00000000    t1: 00000000
[00:00:06.028,000] <err> os:      a2: 00000000    t2: 00000000
[00:00:06.034,000] <err> os:      a3: 60000000    t3: 00000000
[00:00:06.041,000] <err> os:      a4: 40839000    t4: aaaaaaaa
[00:00:06.047,000] <err> os:      a5: 00000000    t5: aaaaaaaa
[00:00:06.054,000] <err> os:      a6: 00000001    t6: aaaaaaaa
[00:00:06.060,000] <err> os:      a7: 00000010
[00:00:06.065,000] <err> os:      sp: 40833fd0
[00:00:06.070,000] <err> os:      ra: 4201c19a
[00:00:06.076,000] <err> os:    mepc: 00000000
[00:00:06.081,000] <err> os: mstatus: 00001880
[00:00:06.086,000] <err> os: 
[00:00:06.089,000] <err> os: call trace:
[00:00:06.094,000] <err> os:       0: sp: 40834040 ra: 4201d268
[00:00:06.101,000] <err> os:       1: sp: 40834060 ra: 420080ec
[00:00:06.107,000] <err> os:       2: sp: 40834070 ra: 4201e9fc
[00:00:06.114,000] <err> os:       3: sp: 40834080 ra: 42032302
[00:00:06.120,000] <err> os:       4: sp: 408340a0 ra: 42018013
[00:00:06.127,000] <err> os:       5: sp: 408340d0 ra: 42032592
[00:00:06.134,000] <err> os:       6: sp: 408340e0 ra: 420325b4
[00:00:06.140,000] <err> os:       7: sp: 40834110 ra: 42037914
[00:00:06.147,000] <err> os: 
[00:00:06.151,000] <err> os: >>> ZEPHYR FATAL ERROR 0: CPU exception on CPU 0
[00:00:06.158,000] <err> os: Current thread: 0x4083a2a0 (wifi)
0x4083a2a0: ?? at ~/zephyrproject/modules/hal/espressif/zephyr/esp32c6/src/wifi/esp_wifi_adapter.c:70

Environment (please complete the following information):
Latest commit on main
ESP32C6 dev kit

Additional context

[github-actions]

Hi @phb98! We appreciate you submitting your first issue for our open-source project. 🌟

Even though I'm a bot, I can assure you that the whole community is genuinely grateful for your time and effort. 🤖💙

[skryjapetr]

I am also facing this issue. The problem can be that the esp32_wifi_init() function expects the first device (interface) in CONFIG_ESP32_WIFI_AP_STA_MODE=y to be an AP, which is set-up accordingly (this happens during the first call of the esp32_wifi_init() when the esp32_wifi_iface_ap is NULL, in the second call of the esp32_wifi_iface_ap the STA is set-up).

However, the macros for the driver definition (at the bottom of the esp_wifi_drv.c file)

expect the first device to be an STA. The data is then assigned incorrectly. In addition, this driver requires ensuring the correct order of AP and STA node declarations in the resulting device tree. This should probably be resolved as well, or at least commented in the code.

FYI @M-Haziq94