esp-idf: NIMBLE crashes after reading characteristics as a client (IDFGH-2854)

Environment

  • Development Kit: ESP32 DOIT (ESP32 WROOM 4MB)

  • Kit version: DevKit: v1

  • Module or chip used: ESP32-WROOM-32

  • IDF version : v4.0-beta2-71-gac74ca653

  • Build System: [CMake|idf.py]

  • Compiler version: xtensa-esp32-elf-gcc (crosstool-NG esp32-2019r1) 8.2.0

  • Operating System: [Windows 10]

  • (Windows only) environment type: [ESP Command Prompt].

  • Using an IDE?: [Yes (vs code)]

  • Power Supply: [USB]

Problem Description

calling ble_gattc_disc_all_chrs() causes a guru meditation application crash after the characteristic is correctly read

Expected Behavior

application program counter continues normally

Actual Behavior

Guru Meditation Error: Core 0 panic’ed (LoadProhibited). Exception was unhandled.

Steps to reproduce

  1. In my GAP call back I scan for a device
  2. After locating the device I want I Connect to it successfully
  3. My GAP connection calls ble_gattc_disc_all_svcs() which works successfully
  4. In my discover service callback I call ble_gattc_disc_all_chrs()
  5. This throws an exception once it completes running

I have checked heap and stack there appears to be enough memory available

Code to reproduce this issue

below is pseudo code summery click me for full file gist


static int get_val(uint16_t conn_handle,  const struct ble_gatt_error *error,   const struct ble_gatt_chr *chr, void *arg)
{
    ...
    return 0;
    // crash here
}


static int findPrimaryServices(uint16_t conn_handle, const struct ble_gatt_error *error, const struct ble_gatt_svc *service, void *arg)
{
    if (error->status == 0)
    {
        char buffer[80];
        memset(buffer, 0, sizeof(buffer));
        ble_uuid_to_str(&service->uuid.u, buffer);
        ESP_LOGI("CONNECT", "SERVICE %s found", buffer);
        if (strcmp(buffer, "0x180a") == 0)
        {
            ESP_LOGI("CONNECT", "Found DEVICE_INFO_SERVICE!!!");
            int res = ble_gattc_disc_all_chrs(conn_handle, service->start_handle, service->end_handle, get_val, "NULL");
            ESP_LOGI("deb", "res= %d", res);
        }
    } 
    return 0;
}


static int ble_gap_event(struct ble_gap_event *event, void *arg)
{
    struct ble_hs_adv_fields fields;

    switch (event->type)
    {
    case BLE_GAP_EVENT_DISC:
        ble_hs_adv_parse_fields(&fields, event->disc.data, event->disc.length_data);
     
      if (... found what we were looking for)
        {
            ble_gap_disc_cancel();
            ble_gap_connect(BLE_OWN_ADDR_PUBLIC, &event->disc.addr, 10000, NULL, ble_gap_event, NULL);
        }

        break;

    case BLE_GAP_EVENT_CONNECT:
        if (event->connect.status == 0)
        {
            ble_gap_conn_find(event->connect.conn_handle, NULL);
            ble_gattc_disc_all_svcs(event->connect.conn_handle, findPrimaryServices, NULL);
        }
        break;
       ......
    }
    return 0;
}

Debug Logs

GAP procedure initiated: stop advertising.
GAP procedure initiated: discovery; own_addr_type=0 filter_policy=0 passive=1 limited=0 filter_duplicates
Discovered device with name: "Blank" Looking for device with name "Blank"
FOUND BLE Device
GAP procedure initiated: connect; peer_addr_type=1 peer_addr=4c:24:bc:85:99:dc scan_itvl=16 scan_window=1n=16 max_ce_len=768 own_addr_type=0
I (957) GAP: BLE_GAP_EVENT_CONNECT OK
I (957) CONNECT: Finding Device
GATT procedure initiated: discover all services
I (1117) CONNECT: SERVICE 0x1800 found
I (1117) CONNECT: SERVICE 0x1801 found
I (1217) CONNECT: SERVICE d0611e78-bbb4-4591-a5f8-487910ae4366 found
I (1367) CONNECT: SERVICE 9fa480e0-4967-4542-9390-d343dc5d04ae found
I (1467) CONNECT: SERVICE 0x180f found
I (1467) CONNECT: SERVICE 0x1805 found
I (1467) CONNECT: SERVICE 0x180a found
I (1467) CONNECT: Found DEVICE_INFO_SERVICE!!!
GATT procedure initiated: discover all characteristics; start_handle=79 end_handle=83
I (1477) deb: res= 0
I (1567) CONNECT: char 0x2a29 found
Guru Meditation Error: Core  0 panic'ed (LoadProhibited). Exception was unhandled.
Core 0 register dump:
PC      : 0x400d8156  PS      : 0x00060930  A0      : 0x800d8a5d  A1      : 0x3ffc73e0  
0x400d8156: ble_gattc_rx_read_type_adata at C:/esp/esp-idf/components/bt/host/nimble/nimble/nimble/host/s

A2      : 0x3ffc0aac  A3      : 0x3ffc7420  A4      : 0x3f400e98  A5      : 0x0000001f  
A6      : 0x00000001  A7      : 0x00000003  A8      : 0x00000000  A9      : 0x3ffc73b0  
A10     : 0x3ffc0aac  A11     : 0x3f403d54  A12     : 0x00000004  A13     : 0x3ffc73e0  
A14     : 0x00000000  A15     : 0x00000003  SAR     : 0x00000004  EXCCAUSE: 0x0000001c  
EXCVADDR: 0x00000004  LBEG    : 0x4000c2e0  LEND    : 0x4000c2f6  LCOUNT  : 0x00000000  

ELF file SHA256: 30ed0dad09291d7a79ee56179fbd51af34019136bd214536c4e48b2b022b71e3

Backtrace: 0x400d8153:0x3ffc73e0 0x400d8a5a:0x3ffc7410 0x400d6a6d:0x3ffc7450 0x400d606a:0x3ffc7480 0x400db:0x3ffc7510 0x4008fc41:0x3ffc7530
0x400d8153: ble_gattc_rx_read_type_adata at C:/esp/esp-idf/components/bt/host/nimble/nimble/nimble/host/s

0x400d8a5a: ble_att_clt_rx_read_type at C:/esp/esp-idf/components/bt/host/nimble/nimble/nimble/host/src/b

0x400d6a6d: ble_att_rx at C:/esp/esp-idf/components/bt/host/nimble/nimble/nimble/host/src/ble_att.c:503

0x400d606a: ble_hs_hci_evt_acl_process at C:/esp/esp-idf/components/bt/host/nimble/nimble/nimble/host/src

0x400d5611: ble_hs_process_rx_data_queue at C:/esp/esp-idf/components/bt/host/nimble/nimble/nimble/host/s

0x400d5623: ble_hs_event_rx_data at C:/esp/esp-idf/components/bt/host/nimble/nimble/nimble/host/src/ble_h

0x400dd602: ble_npl_event_run at C:/esp/esp-idf/components/bt/host/nimble/nimble/porting/npl/freertos/inc
 (inlined by) nimble_port_run at C:/esp/esp-idf/components/bt/host/nimble/nimble/porting/nimble/src/nimbl

0x400d4ebb: host_task at c:\_esp32\esp32-course\_19_bluetooth\_19_6_gapp_client\build/../main/main.c:129

0x4008fc41: vPortTaskWrapper at C:/esp/esp-idf/components/freertos/port.c:143


Rebooting...

Other items if possible

  • [x ] sdkconfig file (attach the sdkconfig file from your project folder)
  • [ x] elf file in the build folder (note this may contain all the code details and symbols of your project.)
  • [ x] coredump debug.zip (This provides stacks of tasks.)

Any help or advice is high;y appreciated

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 19

Most upvoted comments

@dhrishi hm, quickly checked, both are not available from MicroPython as of now. But since those are rather straight forward APIs of the standard Nimble API and seem like really useful/sensible, I can try adding them. Thanks for the hint!

+1
agners on Apr 22, 2020

Hi @agners We plan to do that, but that’s not on priority list. I would suggest that, in this case, you complete the service/characteristic discovery and save the details of attributes of your interest. Once done, you can use the same for GATT read/write operations

+1
dhrishi on Apr 13, 2020
Read more comments on GitHub
← esp-idf: NimBLE: Build fails with only Observer role enabled (IDFGH-8308)
esp-idf: NimBLE scan stops generating results, then crashes when resumed. (IDFGH-2001) →