Panic error using bluedroid at l2c_api.c:1850 (IDFGH-7293)

[rimai-azena]

Environment

• Module or chip used: ESP32 chip rev 3
• IDF version (run git describe --tags to find it): v4.4.1
• Build System: idf.py
• Compiler version (run xtensa-esp32-elf-gcc --version to find it): xtensa-esp32-elf-gcc (crosstool-NG esp-2021r2-patch3) 8.4.0
• Operating System: Windows
• (Windows only) environment type: PowerShell
• Using an IDE?: VSCode
• Power Supply: external 3.3V

Problem Description

I am using bluedroid and started seeing this error after I updated my IDF to v4.4.1 Previously I was using 4.2 This issue does not happen all the time. It is very random. My connection is a bonded BLE connection. The device scans for suitable bonded peripherals and if found, it starts a connection. This connection gets elevated to secure with bonding. If bonding keys match, the connection is established and a notification is enabled. The issue seems to present itself after the connection is established, because I do see the "open success" on my log, and before it is able to compare the keys.

Expected Behavior

I (360313) BLE: ESP_GATTC_CONNECT_EVT conn_id 0, if 3 I (360323) BLE: REMOTE BDA: I (360323) BLE: bc 33 ac 75 a0 b1 I (360323) BLE: open success I (360403) BLE: remote BD_ADDR: bc33ac75a0b1 I (360413) BLE: address type = 0 I (360413) BLE: pair status = success I (360413) BLE: auth mode = ESP_LE_AUTH_REQ_SC_BOND

Actual Behavior

I (17634) BLE: ESP_GATTC_CONNECT_EVT conn_id 0, if 3 I (17634) BLE: REMOTE BDA: I (17634) BLE: bc 33 ac 75 a0 b1 I (17634) BLE: open success Guru Meditation Error: Core 0 panic'ed (LoadProhibited). Exception was unhandled.

Steps to reproduce

Initiate a BLE connection to a bonded peripheral You may need to do this multiple times. It happens very randomly. It appears that connecting and disconnecting repeateadly very fast makes the issue happen easier, but I can't tell if it is due to just having more samples or because it is indeed inducing the issue to show up.

Debug Logs

I (17634) BLE: ESP_GATTC_CONNECT_EVT conn_id 0, if 3 I (17634) BLE: REMOTE BDA: I (17634) BLE: bc 33 ac 75 a0 b1 I (17634) BLE: open success Guru Meditation Error: Core 0 panic'ed (LoadProhibited). Exception was unhandled.

Core 0 register dump: PC : 0x4011b0ea PS : 0x00060930 A0 : 0x80120ab4 A1 : 0x3ffd0720
0x4011b0ea: L2CA_SendFixedChnlData at C:/esp/esp-idf/components/bt/host/bluedroid/stack/l2cap/l2c_api.c:1850

A2 : 0x00000000 A3 : 0x3fff22d8 A4 : 0x3f82e280 A5 : 0x00000000 A6 : 0x3fff2390 A7 : 0x00000001 A8 : 0x8011b0e0 A9 : 0x3ffd0700 A10 : 0x3fff22d8 A11 : 0x00000004 A12 : 0x00000001 A13 : 0x00000000 A14 : 0x007e2240 A15 : 0x003fffff SAR : 0x0000001f EXCCAUSE: 0x0000001c EXCVADDR: 0x000000e8 LBEG : 0x4009357e LEND : 0x40093589 LCOUNT : 0x00000000
0x4009357e: memset at /builds/idf/crosstool-NG/.build/HOST-x86_64-w64-mingw32/xtensa-esp32-elf/src/newlib/newlib/libc/machine/xtensa/memset.S:150

0x40093589: memset at /builds/idf/crosstool-NG/.build/HOST-x86_64-w64-mingw32/xtensa-esp32-elf/src/newlib/newlib/libc/machine/xtensa/memset.S:160

Backtrace:0x4011b0e7:0x3ffd07200x40120ab1:0x3ffd0740 0x40120b06:0x3ffd0760 0x40130a96:0x3ffd0790 0x401203c5:0x3ffd07b0 0x40130bfd:0x3ffd07d0 0x401203c5:0x3ffd07f0 0x4011eae5:0x3ffd0810 0x4012b2db:0x3ffd0840 0x40134510:0x3ffd0860 0x401241cf:0x3ffd0880 0x40128265:0x3ffd08a0 0x40122f65:0x3ffd08c0 0x40099b09:0x3ffd08e0 0x4011b0e7: L2CA_SendFixedChnlData at C:/esp/esp-idf/components/bt/host/bluedroid/stack/l2cap/l2c_api.c:1850

0x40120ab1: smp_send_msg_to_L2CAP at C:/esp/esp-idf/components/bt/host/bluedroid/stack/smp/smp_utils.c:332

0x40120b06: smp_send_cmd at C:/esp/esp-idf/components/bt/host/bluedroid/stack/smp/smp_utils.c:360 (discriminator 1)

0x40130a96: smp_send_pair_fail at C:/esp/esp-idf/components/bt/host/bluedroid/stack/smp/smp_act.c:241

0x401203c5: smp_sm_event at C:/esp/esp-idf/components/bt/host/bluedroid/stack/smp/smp_main.c:774 (discriminator 2)

0x40130bfd: smp_proc_sec_grant at C:/esp/esp-idf/components/bt/host/bluedroid/stack/smp/smp_act.c:508

0x401203c5: smp_sm_event at C:/esp/esp-idf/components/bt/host/bluedroid/stack/smp/smp_main.c:774 (discriminator 2)

0x4011eae5: SMP_SecurityGrant at C:/esp/esp-idf/components/bt/host/bluedroid/stack/smp/smp_api.c:287

0x4012b2db: BTM_SecurityGrant at C:/esp/esp-idf/components/bt/host/bluedroid/stack/btm/btm_ble.c:385 (discriminator 4)

0x40134510: bta_dm_security_grant at C:/esp/esp-idf/components/bt/host/bluedroid/bta/dm/bta_dm_act.c:4879

0x401241cf: bta_dm_sm_execute at C:/esp/esp-idf/components/bt/host/bluedroid/bta/dm/bta_dm_main.c:435

0x40128265: bta_sys_event at C:/esp/esp-idf/components/bt/host/bluedroid/bta/sys/bta_sys_main.c:499

0x40122f65: osi_thread_run at C:/esp/esp-idf/components/bt/common/osi/thread.c:68

0x40099b09: vPortTaskWrapper at C:/esp/esp-idf/components/freertos/port/xtensa/port.c:131

ELF file SHA256: 59ac18e3036b72f3

Other items if possible

Core dump and elf file attached. issue.zip

[esp-cjh]

@rimai-azena Does this problem still exist with the latest IDF branch?