esp-idf: esp_ble_resolve_adv_data Trigger crash (IDFGH-11791)

Answers checklist.

I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
I have searched the issue tracker for a similar issue and not found a similar issue.

IDF version.

v4.3.1

Espressif SoC revision.

ESP32D-WROVE

Operating System used.

Linux

How did you build your project?

Command line with idf.py

If you are using Windows, please specify command line type.

None

Development Kit.

ESP32D-WROVE

Power Supply used.

USB

What is the expected behavior?

The scan adv is normal

What is the actual behavior?

Trigger crash

Steps to reproduce.

Run on standby for a period of time

Debug Logs.

16:22:56.292  Guru Meditation Error: Core  0 panic'ed (LoadStoreError). Exception was unhandled.
16:22:56.293  
16:22:56.295  Core  0 register dump:
16:22:56.302  PC      : 0x400ff194  PS      : 0x00060330  A0      : 0x800f6411  A1      : 0x3ffe22b0  
16:22:56.328  A2      : 0x3fffffcc  A3      : 0x000000ff  A4      : 0x3ffe233f  A5      : 0x3fffffe1  
16:22:56.329  A6      : 0x3ffe2380  A7      : 0x3ffe2340  A8      : 0x4000002d  A9      : 0x0000004c  
16:22:56.340  A10     : 0x000000ce  A11     : 0x0000003e  A12     : 0x00060523  A13     : 0x00060523  
16:22:56.341  A14     : 0x00000001  A15     : 0x0000001a  SAR     : 0x0000001d  EXCCAUSE: 0x00000003  
16:22:56.343  EXCVADDR: 0x4000002d  LBEG    : 0x4000c2e0  LEND    : 0x4000c2f6  LCOUNT  : 0xffffffff  
16:22:56.366  
16:22:56.367  Backtrace:0x400ff191:0x3ffe22b0 0x400f640e:0x3ffe22d0 0x400e94b6:0x3ffe2300 0x400e9dbe:0x3ffe23a0 0x4014bf2d:0x3ffe23c0 0x4013bd2b:0x3ffe23f0 0x4013d993:0x3ffe2410
16:22:56.409  
16:22:56.409  
16:22:56.409  ELF file SHA256: ff826356d3b860d2
16:22:56.410  
16:22:56.410  Rebooting...
0x400ff194: BTM_CheckAdvData at /home/mek/esp/esp-idf-v4-3-1/components/bt/host/bluedroid/stack/btm/btm_ble_gap.c:2081
0x400f640e: esp_ble_resolve_adv_data at /home/mek/esp/esp-idf-v4-3-1/components/bt/host/bluedroid/api/esp_gap_ble_api.c:420
0x400e94b6: mz_handle_scan_result at /home/mek/Music/Lipro/common/bt/mz_ble_central.c:552
0x400e9dbe: mz_central_ble_adv_callback at /home/mek/Music/Lipro/common/bt/mz_ble_central.c:1210
 (inlined by) mz_central_ble_adv_callback at /home/mek/Music/Lipro/common/bt/mz_ble_central.c:1207
0x4014bf2d: btc_ble_mesh_ble_cb_to_app at /home/mek/esp/esp-idf-v4-3-1/components/bt/esp_ble_mesh/btc/btc_ble_mesh_ble.c:179
 (inlined by) btc_ble_mesh_ble_cb_handler at /home/mek/esp/esp-idf-v4-3-1/components/bt/esp_ble_mesh/btc/btc_ble_mesh_ble.c:195
0x4013bd2b: btc_thread_handler at /home/mek/esp/esp-idf-v4-3-1/components/bt/common/btc/core/btc_task.c:184
0x4013d993: osi_thread_run at /home/mek/esp/esp-idf-v4-3-1/components/bt/common/osi/thread.c:68

More Information.

No response

About this issue

Original URL
State: closed
Created 6 months ago
Comments: 18

Most upvoted comments

@maenkai I am looking forward your feedback.

@maenkai With the added conditional statement, will there still be a possibility of a crash?

I need to test it for a long time and get back to you with the results

zhp0406 on Jan 3, 2024

@maenkai With the added conditional statement, will there still be a possibility of a crash?

I need to test it for a long time and get back to you with the results

maenkai on Jan 3, 2024

Can you print the adv data before the crash? #include “esp_log.h” esp_log_buffer_hex(“adv_rsp”, scan_result->scan_rst.ble_adv, scan_result->scan_rst.adv_data_len);

OK，I need time to recreate

maenkai on Jan 3, 2024

@maenkai ok, how to reproduce your issue?

Not 100% in the actual test. It’s code.

//handle
static void handle_scan_result(uint8_t *ble_data, uint16_t length, uint8_t addr[6], uint8_t addr_type, int8_t rssi, bool from_mesh) {
  uint16_t company_id = 0;
  uint32_t device_type = 0xffffffff;
  uint8_t *manuf_data = NULL;
  uint8_t manuf_data_len = 0;

  manuf_data = esp_ble_resolve_adv_data(ble_data,
                                        ESP_BLE_AD_MANUFACTURER_SPECIFIC_TYPE,
                                        &manuf_data_len);
  if (manuf_data == NULL) {
    return;
  }
  //doing..............
}

//from gap evetn
    case ESP_GAP_BLE_SCAN_RESULT_EVT: {
      esp_ble_gap_cb_param_t *scan_result = (esp_ble_gap_cb_param_t *)param;
      switch (scan_result->scan_rst.search_evt) {
        case ESP_GAP_SEARCH_INQ_RES_EVT:
          handle_scan_result(scan_result->scan_rst.ble_adv,
                                scan_result->scan_rst.adv_data_len,
                                scan_result->scan_rst.bda,
                                scan_result->scan_rst.ble_addr_type,
                                scan_result->scan_rst.rssi,
                                false);
          break;
        default:
          break;
      }
      break;
    }

//from mesh event
  switch (event) {
  case ESP_BLE_MESH_SCAN_BLE_ADVERTISING_PKT_EVT: {
    handle_scan_result(param->scan_ble_adv_pkt.data,
                          param->scan_ble_adv_pkt.length,
                          param->scan_ble_adv_pkt.addr,
                          param->scan_ble_adv_pkt.addr_type,
                          param->scan_ble_adv_pkt.rssi,
                          true);
    break;
  }

maenkai on Jan 3, 2024