2. change the target of esp-idf/examples/bluetooth/bluedroid/classic_bt/a2dp_source to "HUAWEI FreeBuds 4i"
`/* device name */ #define TARGET_DEVICE_NAME "HUAWEI FreeBuds 4i"`
3. use idf.py to build a2dp_source
4. flash it to ESP-WROVER-KIT and monitor it
5. "PRO CPU has been reset by WDT" and the development board has been reset, the information of pairing has been deleted, I must set my headphone to broadcast state to reconnect.
6. set my headphone to broadcast state and reconnect to the board.
7. someting got wrong and Guru Meditation Error occred.
...
### Debug Logs.
```plain
TTTT HUAWEI FreeBuds 4i
I (76318) BT_AV: Found a target device, address b8:8e:82:9a:be:50, name HUAWEI FreeBuds 4i
I (76318) BT_AV: Cancel device discovery ...
I (76328) BT_AV: Device discovery stopped.
I (76328) BT_AV: a2dp connecting to peer: HUAWEI FreeBuds 4i
W (76338) BT_APPL: reset flags
I (76348) BT_AV: bt_app_av_sm_hdlr state: 4, event: 0x0
W (76778) BT_HCI: hcif conn complete: hdl 0x80, st 0x0
I (76778) BT_AV: event: 16
W (77228) BT_L2CAP: L2CAP - CID: 0x0041 cannot send message bigger than peer's mtu size
E (77228) BT_APPL: bta_av_rc_create ACP handle exist for shdl:0
Guru Meditation Error: Core 0 panic'ed (StoreProhibited). Exception was unhandled.
Core 0 register dump:
PC : 0x400933aa PS : 0x00060133 A0 : 0x80092fff A1 : 0x3ffd27d0
0x400933aa: remove_free_block at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:332
(inlined by) block_remove at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:380
(inlined by) block_merge_next at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:486
(inlined by) tlsf_free at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:1123
A2 : 0x3ffcc6ec A3 : 0x3ffd6a94 A4 : 0x3ffd6a8c A5 : 0x099a375d
A6 : 0x00000001 A7 : 0x00000000 A8 : 0x00000016 A9 : 0x4fc359ec
A10 : 0x4fc359ec A11 : 0x00000003 A12 : 0x099a375d A13 : 0x00000004
A14 : 0xb33fffff A15 : 0xb33fffff SAR : 0x0000001c EXCCAUSE: 0x0000001d
EXCVADDR: 0x099a3769 LBEG : 0x4000c2e0 LEND : 0x4000c2f6 LCOUNT : 0xffffffff
0x4000c2e0: memcpy in ROM
0x4000c2f6: memcpy in ROM
Backtrace: 0x400933a7:0x3ffd27d0 0x40092ffc:0x3ffd27f0 0x40082336:0x3ffd2810 0x400941e5:0x3ffd2830 0x4011edea:0x3ffd2850 0x4011e8d2:0x3ffd2880 0x4011e2ca:0x3ffd28a0 0x400efb5b:0x3ffd28d0 0x4010de0e:0x3ffd28f0 0x40090c4d:0x3ffd2920
0x400933a7: remove_free_block at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:331
(inlined by) block_remove at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:380
(inlined by) block_merge_next at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:486
(inlined by) tlsf_free at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:1123
0x40092ffc: multi_heap_free_impl at /root/esp/esp-idf/components/heap/multi_heap.c:231
0x40082336: heap_caps_free at /root/esp/esp-idf/components/heap/heap_caps.c:388
0x400941e5: free at /root/esp/esp-idf/components/newlib/heap.c:39
0x4011edea: avdt_ccb_cmd_fail at /root/esp/esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_ccb_act.c:711
0x4011e8d2: avdt_ccb_event at /root/esp/esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_ccb.c:320 (discriminator 2)
0x4011e2ca: avdt_process_timeout at /root/esp/esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_api.c:90
0x400efb5b: btu_general_alarm_process at /root/esp/esp-idf/components/bt/host/bluedroid/stack/btu/btu_task.c:354
0x4010de0e: osi_thread_run at /root/esp/esp-idf/components/bt/common/osi/thread.c:165 (discriminator 1)
0x40090c4d: vPortTaskWrapper at /root/esp/esp-idf/components/freertos/FreeRTOS-Kernel/portable/xtensa/port.c:162
ELF file SHA256: c8def851c5f44aa9
Entering gdb stub now.
$T0b#e6GNU gdb (esp-gdb) 12.1_20231023
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "--host=x86_64-linux-gnu --target=xtensa-esp-elf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /root/esp/a2dp_source/build/a2dp_source.elf...
Remote debugging using /dev/ttyUSB2
warning: multi-threaded target stopped without sending a thread-id, using first non-exited thread
remove_free_block (sl=3, fl=22, block=0x4fc359ec, control=0x3ffcc6ec)
at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:332
332 next->prev_free = prev;
(gdb)
shangke1112
commented
2 weeks ago
Answers checklist.
IDF version.
v5.1.3-416-gd23b7a0361
Espressif SoC revision.
ESP32D0WDQ5(revision 3)
Operating System used.
Linux
How did you build your project?
Command line with idf.py
If you are using Windows, please specify command line type.
None
Development Kit.
ESP-WROVER-KIT
Power Supply used.
USB
What is the expected behavior?
send modified AVDTP packet to peer.
What is the actual behavior?
Guru Meditation Error happened and rebooting
Steps to reproduce.
/ get tcid from type, scb / tcid = avdt_ad_type_to_tcid(type, p_scb);
srand(time(NULL)); // p_buf[0].event = (uint16_t)rand();
// if(type == AVDT_CHAN_MEDIA){ p_buf->event = (uint16_t)rand(); p_buf->len = (uint16_t)rand(); p_buf->offset = (uint16_t)rand(); p_buf->layer_specific = (uint16_t)rand(); for(int i = 0; i < p_buf->len; ++i) p_buf->data[i] = (uint16_t)rand(); // }
// static int dk_cnt = 0; // if(++dk_cnt % 1000 == 0){ // dk_cnt = 0, printf("\n\n avdt_ad_write_req \n"); // printf("%" PRIu16 " ", p_buf->event); // printf("%" PRIu16 " ", p_buf->len); // printf("%" PRIu16 " ", p_buf->offset); // printf("%" PRIu16 " \n", p_buf->layer_specific); // for(int i = 0; i < p_buf->len; ++i) printf("%" PRIu16 " ", p_buf->data[i]); // printf("\n\n"); // }
return L2CA_DataWrite(avdt_cb.ad.rt_tbl[avdt_ccb_to_idx(p_ccb)][tcid].lcid, p_buf); }
More Information.
No response