mynewt-nimble: [controller] hardfault exception in ble_ll_scan_aux_data_unref

Exception occurs on following line:

https://github.com/apache/mynewt-nimble/blob/a586a56b4923b057ccff3f2f3900a7828db57e16//nimble/controller/src/ble_ll_scan.c#L1303

Suspect aux_data is pointing at garbage / out of range address, which when dereferenced leads to a memory access error and hardfault.

This crash has been very hard to repro on the bench, it has occurred very occasionally in a test environment. Test units are scanning, advertising and connecting. BLE_EXT_ADV is enabled. Also have the follow Link Layer sysconfigs disabled:

  BLE_LL_EXT_ADV_AUX_PTR_CNT: 0
  BLE_LL_CFG_FEAT_LE_2M_PHY: 0
  BLE_LL_CFG_FEAT_LE_CODED_PHY: 0
  BLE_LL_CFG_FEAT_LE_CSA2: 0
  BLE_LL_CFG_FEAT_LE_ENCRYPTION: 0
  BLE_LL_CFG_FEAT_LE_PING: 0
  BLE_LL_CFG_FEAT_LL_PRIVACY: 0

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 20 (10 by maintainers)

Most upvoted comments

@rymanluk good news since updating to NimBle top of.trunk (with #469) none of our test units have exhibited this exception. So I’ve closed this issue, thanks again for looking into this and for the fix.

+1
lance-proxy on Jun 12, 2019

I think I know what is happening. I should actually notice it when you said that g_ble_ll_conn_create_sm is NULL. I think there is a problem as we already have no connection (connsm is NULL) and connsm->scansm is already trash in ble_ll_init_rx_isr_end

I believe that https://github.com/apache/mynewt-nimble/pull/469 should fix it.

+1
rymanluk on Jun 8, 2019
Read more comments on GitHub
← mynewt-core: Error creating initial 'myproj' project
netbeans: ASCII/UNICODE BUG K=75 →