search

nccgroup / Sniffle

A sniffer for Bluetooth 5 and 4.x LE
https://www.nccgroup.trust/us/our-research/sniffle-a-sniffer-for-bluetooth-5/?research=Public+tools
GNU General Public License v3.0
843 stars 127 forks source link

Extended advertising capture failing after a while with multiple advertisers #91

Closed sultanqasim closed 1 month ago

sultanqasim commented 1 month ago

After a while of sniffing multiple extended advertisers, the sniffer stops following auxiliary pointers for any of the devices. This may take several minutes to happen. I reproduced this issue (originally reported to me by @alphafox02) by running multiple smartphones as long range extended advertisers with long-ish (100+ byte) auxiliary advertisements. After around 12 minutes, it stopped following extended advertising.

I still need to find the root cause. I'm guessing it's a bug in the auxiliary advertising scheduler, and it may or may not involve wraparound of the 32-bit radio timer.

sultanqasim commented 1 month ago

I triggered the bug again, this time in less than a minute, and the 32-bit radio timer was nowhere near wraparound, so it's probably unrelated to wraparound of that.

sultanqasim commented 1 month ago

Last few ads where this happened:

raw ts 0x755da8b
Timestamp: 57.527382  Length:  9  RSSI: -58  Channel: 37  PHY: Coded (S=8)  CRC: 0x94E31B
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 15 PHY: Coded Delay: 4980 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0x8c2 SID: 0x0
0x0000:  47 07 06 18 c2 08 0f a6  40                       G.......@

raw ts 0x755ee14
Timestamp: 57.532383  Length: 124  RSSI: -58  Channel: 15  PHY: Coded (S=8)  CRC: 0x25E7C7
Ad Type: AUX_ADV_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 122
AdvMode: Non-connectable, non-scannable
AdvA: 58:F5:18:5C:D2:97 (RPA) AdvDataInfo DID: 0x8c2 SID: 0x0
Complete Local Name: Pixel 6
Tx Power Level: -7 dBm
Complete List of 16-bit Service Class UUIDs
    0x1901
Service Data - 16-bit UUID
    Service: 0x1234
    Data Length: 92
    Data: b'\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef'
0x0000:  47 7a 09 09 97 d2 5c 18  f5 58 c2 08 08 09 50 69  Gz....\..X....Pi
0x0010:  78 65 6c 20 36 02 0a f9  03 03 01 19 5f 16 34 12  xel 6......._.4.
0x0020:  f0 0d fa ce ca fe ba be  da db ee ff 00 df ac ec  ................
0x0030:  af eb ab ed ad be ef f0  0d fa ce ca fe ba be da  ................
0x0040:  db ee ff 00 df ac ec af  eb ab ed ad be ef f0 0d  ................
0x0050:  fa ce ca fe ba be da db  ee ff 00 df ac ec af eb  ................
0x0060:  ab ed ad be ef f0 0d fa  ce ca fe ba be da db ee  ................
0x0070:  ff 00 df ac ec af eb ab  ed ad be ef              ............

raw ts 0x7574093
Timestamp: 57.619038  Length:  9  RSSI: -36  Channel: 37  PHY: Coded (S=2)  CRC: 0xA1E025
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 24 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xc31 SID: 0x1
0x0000:  47 07 06 18 31 1c 18 4d  41                       G...1..MA

raw ts 0x7574da5
Timestamp: 57.622384  Length:  9  RSSI: -58  Channel: 37  PHY: Coded (S=2)  CRC: 0x2E29C7
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 15 PHY: Coded Delay: 11250 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xbc2 SID: 0x1
0x0000:  47 07 06 18 c2 1b 0f 77  41                       G......wA

raw ts 0x75767a5
Timestamp: 57.629040  Length: 178  RSSI: -39  Channel: 24  PHY: Coded (S=2)  CRC: 0x8DF1D0
Ad Type: AUX_ADV_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 176
AdvMode: Non-connectable, non-scannable
AdvA: 4C:96:AA:56:6E:21 (RPA) AdvDataInfo DID: 0xc31 SID: 0x1
Complete Local Name: Pixel 8
Manufacturer Specific Data
    Company: 0x1234
    Data Length: 64
    Data: b'\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd'
Tx Power Level: -7 dBm
Complete List of 16-bit Service Class UUIDs
    0x1802 (Immediate Alert)
Service Data - 16-bit UUID
    Service: 0x183B (Binary Sensor)
    Data Length: 78
    Data: b'\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcd\xdd\xdd\xdd'
0x0000:  47 b0 09 09 21 6e 56 aa  96 4c 31 1c 08 09 50 69  G...!nV..L1...Pi
0x0010:  78 65 6c 20 38 43 ff 34  12 aa aa aa aa bb bb bb  xel 8C.4........
0x0020:  bb cc cc cc cc dd dd dd  dd aa aa aa aa bb bb bb  ................
*
0x0050:  bb cc cc cc cc dd dd dd  dd 02 0a f9 03 03 02 18  ................
0x0060:  51 16 3b 18 aa aa aa aa  aa aa aa aa aa aa aa aa  Q.;.............
0x0070:  aa aa aa aa aa aa aa aa  aa aa aa aa bb bb bb bb  ................
0x0080:  bb bb bb bb bb bb bb bb  bb bb bb bb bb bb bb bb  ................
0x0090:  bb bb bb bb bb bb bb bb  bb bb bb bb cc cc cc cc  ................
0x00a0:  cc cc cc cc cc cc cc cc  cc cc cc cc cc cc cd dd  ................
0x00b0:  dd dd                                             ..

raw ts 0x7577997
Timestamp: 57.633634  Length: 124  RSSI: -58  Channel: 15  PHY: Coded (S=8)  CRC: 0x8B4D83
Ad Type: AUX_ADV_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 122
AdvMode: Non-connectable, non-scannable
AdvA: 46:FC:43:20:12:2A (RPA) AdvDataInfo DID: 0xbc2 SID: 0x1
Complete Local Name: Pixel 6
Tx Power Level: -7 dBm
Complete List of 16-bit Service Class UUIDs
    0x1902
Service Data - 16-bit UUID
    Service: 0x1234
    Data Length: 92
    Data: b'\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef'
0x0000:  47 7a 09 09 2a 12 20 43  fc 46 c2 1b 08 09 50 69  Gz..*. C.F....Pi
0x0010:  78 65 6c 20 36 02 0a f9  03 03 02 19 5f 16 34 12  xel 6......._.4.
0x0020:  f0 0d fa ce ca fe ba be  da db ee ff 00 df ac ec  ................
0x0030:  af eb ab ed ad be ef f0  0d fa ce ca fe ba be da  ................
0x0040:  db ee ff 00 df ac ec af  eb ab ed ad be ef f0 0d  ................
0x0050:  fa ce ca fe ba be da db  ee ff 00 df ac ec af eb  ................
0x0060:  ab ed ad be ef f0 0d fa  ce ca fe ba be da db ee  ................
0x0070:  ff 00 df ac ec af eb ab  ed ad be ef              ............

raw ts 0x7580da7
Timestamp: 57.671538  Length:  9  RSSI: -36  Channel: 37  PHY: Coded (S=2)  CRC: 0x5728E7
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 30 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xad1 SID: 0x0
0x0000:  47 07 06 18 d1 0a 1e 4d  41                       G......MA

raw ts 0x75834b9
Timestamp: 57.681540  Length: 178  RSSI: -35  Channel: 30  PHY: Coded (S=2)  CRC: 0xEBC439
Ad Type: AUX_ADV_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 176
AdvMode: Non-connectable, non-scannable
AdvA: 46:65:CB:55:8A:B1 (RPA) AdvDataInfo DID: 0xad1 SID: 0x0
Complete Local Name: Pixel 8
Manufacturer Specific Data
    Company: 0x1234
    Data Length: 64
    Data: b'\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd'
Tx Power Level: -7 dBm
Complete List of 16-bit Service Class UUIDs
    0x1801 (GATT)
Service Data - 16-bit UUID
    Service: 0x183B (Binary Sensor)
    Data Length: 78
    Data: b'\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcd\xdd\xdd\xdd'
0x0000:  47 b0 09 09 b1 8a 55 cb  65 46 d1 0a 08 09 50 69  G.....U.eF....Pi
0x0010:  78 65 6c 20 38 43 ff 34  12 aa aa aa aa bb bb bb  xel 8C.4........
0x0020:  bb cc cc cc cc dd dd dd  dd aa aa aa aa bb bb bb  ................
*
0x0050:  bb cc cc cc cc dd dd dd  dd 02 0a f9 03 03 01 18  ................
0x0060:  51 16 3b 18 aa aa aa aa  aa aa aa aa aa aa aa aa  Q.;.............
0x0070:  aa aa aa aa aa aa aa aa  aa aa aa aa bb bb bb bb  ................
0x0080:  bb bb bb bb bb bb bb bb  bb bb bb bb bb bb bb bb  ................
0x0090:  bb bb bb bb bb bb bb bb  bb bb bb bb cc cc cc cc  ................
0x00a0:  cc cc cc cc cc cc cc cc  cc cc cc cc cc cc cd dd  ................
0x00b0:  dd dd                                             ..

raw ts 0x7592266
Timestamp: 57.742385  Length:  9  RSSI: -58  Channel: 37  PHY: Coded (S=8)  CRC: 0x6A4726
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 16 PHY: Coded Delay: 11250 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xbc2 SID: 0x1
0x0000:  47 07 06 18 c2 1b 10 77  41                       G......wA

raw ts 0x7594145
Timestamp: 57.750288  Length:  9  RSSI: -36  Channel: 37  PHY: Coded (S=2)  CRC: 0x2BEBAA
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 25 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xc31 SID: 0x1
0x0000:  47 07 06 18 31 1c 19 4d  41                       G...1..MA

raw ts 0x7594e58
Timestamp: 57.753635  Length: 124  RSSI: -58  Channel: 16  PHY: Coded (S=8)  CRC: 0x8B4D83
Ad Type: AUX_ADV_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 122
AdvMode: Non-connectable, non-scannable
AdvA: 46:FC:43:20:12:2A (RPA) AdvDataInfo DID: 0xbc2 SID: 0x1
Complete Local Name: Pixel 6
Tx Power Level: -7 dBm
Complete List of 16-bit Service Class UUIDs
    0x1902
Service Data - 16-bit UUID
    Service: 0x1234
    Data Length: 92
    Data: b'\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef'
0x0000:  47 7a 09 09 2a 12 20 43  fc 46 c2 1b 08 09 50 69  Gz..*. C.F....Pi
0x0010:  78 65 6c 20 36 02 0a f9  03 03 02 19 5f 16 34 12  xel 6......._.4.
0x0020:  f0 0d fa ce ca fe ba be  da db ee ff 00 df ac ec  ................
0x0030:  af eb ab ed ad be ef f0  0d fa ce ca fe ba be da  ................
0x0040:  db ee ff 00 df ac ec af  eb ab ed ad be ef f0 0d  ................
0x0050:  fa ce ca fe ba be da db  ee ff 00 df ac ec af eb  ................
0x0060:  ab ed ad be ef f0 0d fa  ce ca fe ba be da db ee  ................
0x0070:  ff 00 df ac ec af eb ab  ed ad be ef              ............

raw ts 0x75a2ba5
Timestamp: 57.810288  Length:  9  RSSI: -37  Channel: 37  PHY: Coded (S=2)  CRC: 0xDD2368
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 31 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xad1 SID: 0x0
0x0000:  47 07 06 18 d1 0a 1f 4d  41                       G......MA

raw ts 0x75a52b5
Timestamp: 57.820288  Length: 178  RSSI: -35  Channel: 31  PHY: Coded (S=2)  CRC: 0xEBC439
Ad Type: AUX_ADV_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 176
AdvMode: Non-connectable, non-scannable
AdvA: 46:65:CB:55:8A:B1 (RPA) AdvDataInfo DID: 0xad1 SID: 0x0
Complete Local Name: Pixel 8
Manufacturer Specific Data
    Company: 0x1234
    Data Length: 64
    Data: b'\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd'
Tx Power Level: -7 dBm
Complete List of 16-bit Service Class UUIDs
    0x1801 (GATT)
Service Data - 16-bit UUID
    Service: 0x183B (Binary Sensor)
    Data Length: 78
    Data: b'\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcd\xdd\xdd\xdd'
0x0000:  47 b0 09 09 b1 8a 55 cb  65 46 d1 0a 08 09 50 69  G.....U.eF....Pi
0x0010:  78 65 6c 20 38 43 ff 34  12 aa aa aa aa bb bb bb  xel 8C.4........
0x0020:  bb cc cc cc cc dd dd dd  dd aa aa aa aa bb bb bb  ................
*
0x0050:  bb cc cc cc cc dd dd dd  dd 02 0a f9 03 03 01 18  ................
0x0060:  51 16 3b 18 aa aa aa aa  aa aa aa aa aa aa aa aa  Q.;.............
0x0070:  aa aa aa aa aa aa aa aa  aa aa aa aa bb bb bb bb  ................
0x0080:  bb bb bb bb bb bb bb bb  bb bb bb bb bb bb bb bb  ................
0x0090:  bb bb bb bb bb bb bb bb  bb bb bb bb cc cc cc cc  ................
0x00a0:  cc cc cc cc cc cc cc cc  cc cc cc cc cc cc cd dd  ................
0x00b0:  dd dd                                             ..

raw ts 0x75b1955
Timestamp: 57.871136  Length:  9  RSSI: -58  Channel: 37  PHY: Coded (S=8)  CRC: 0x2C4FB9
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 17 PHY: Coded Delay: 122490 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xbc2 SID: 0x1
0x0000:  47 07 06 18 c2 1b 11 f3  4f                       G.......O

raw ts 0x75b5580
Timestamp: 57.886539  Length:  9  RSSI: -37  Channel: 37  PHY: Coded (S=2)  CRC: 0x64E6CF
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 26 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xc31 SID: 0x1
0x0000:  47 07 06 18 31 1c 1a 4d  41                       G...1..MA

raw ts 0x75b5db2
Timestamp: 57.888637  Length:  9  RSSI: -58  Channel: 37  PHY: Coded (S=2)  CRC: 0x36444C
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 16 PHY: Coded Delay: 3750 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0x8c2 SID: 0x0
0x0000:  47 07 06 18 c2 08 10 7d  40                       G......}@

raw ts 0x75c44c2
Timestamp: 57.947789  Length:  9  RSSI: -36  Channel: 37  PHY: Coded (S=2)  CRC: 0xF51CBA
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 32 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xad1 SID: 0x0
0x0000:  47 07 06 18 d1 0a 20 4d  41                       G..... MA

raw ts 0x75cf7dc
Timestamp: 57.993639  Length: 124  RSSI: -58  Channel: 17  PHY: Coded (S=8)  CRC: 0x8B4D83
Ad Type: AUX_ADV_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 122
AdvMode: Non-connectable, non-scannable
AdvA: 46:FC:43:20:12:2A (RPA) AdvDataInfo DID: 0xbc2 SID: 0x1
Complete Local Name: Pixel 6
Tx Power Level: -7 dBm
Complete List of 16-bit Service Class UUIDs
    0x1902
Service Data - 16-bit UUID
    Service: 0x1234
    Data Length: 92
    Data: b'\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef\xf0\r\xfa\xce\xca\xfe\xba\xbe\xda\xdb\xee\xff\x00\xdf\xac\xec\xaf\xeb\xab\xed\xad\xbe\xef'
0x0000:  47 7a 09 09 2a 12 20 43  fc 46 c2 1b 08 09 50 69  Gz..*. C.F....Pi
0x0010:  78 65 6c 20 36 02 0a f9  03 03 02 19 5f 16 34 12  xel 6......._.4.
0x0020:  f0 0d fa ce ca fe ba be  da db ee ff 00 df ac ec  ................
0x0030:  af eb ab ed ad be ef f0  0d fa ce ca fe ba be da  ................
0x0040:  db ee ff 00 df ac ec af  eb ab ed ad be ef f0 0d  ................
0x0050:  fa ce ca fe ba be da db  ee ff 00 df ac ec af eb  ................
0x0060:  ab ed ad be ef f0 0d fa  ce ca fe ba be da db ee  ................
0x0070:  ff 00 df ac ec af eb ab  ed ad be ef              ............

raw ts 0x75d7d42
Timestamp: 58.027789  Length:  9  RSSI: -36  Channel: 37  PHY: Coded (S=2)  CRC: 0xEEED40
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 27 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xc31 SID: 0x1
0x0000:  47 07 06 18 31 1c 1b 4d  41                       G...1..MA

raw ts 0x75e4574
Timestamp: 58.079039  Length:  9  RSSI: -36  Channel: 37  PHY: Coded (S=2)  CRC: 0x7F1735
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 33 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xad1 SID: 0x0
0x0000:  47 07 06 18 d1 0a 21 4d  41                       G.....!MA

raw ts 0x75f0c18
Timestamp: 58.129891  Length:  9  RSSI: -58  Channel: 37  PHY: Coded (S=2)  CRC: 0xE2577E
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 19 PHY: Coded Delay: 103740 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xbc2 SID: 0x1
0x0000:  47 07 06 18 c2 1b 13 82  4d                       G.......M

raw ts 0x75f7df4
Timestamp: 58.159039  Length:  9  RSSI: -36  Channel: 37  PHY: Coded (S=2)  CRC: 0xC36350
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 28 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xc31 SID: 0x1
0x0000:  47 07 06 18 31 1c 1c 4d  41                       G...1..MA

raw ts 0x7606372
Timestamp: 58.217789  Length:  9  RSSI: -36  Channel: 37  PHY: Coded (S=2)  CRC: 0x301A50
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 34 PHY: Coded Delay: 9990 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xad1 SID: 0x0
0x0000:  47 07 06 18 d1 0a 22 4d  41                       G....."MA

raw ts 0x76111b0
Timestamp: 58.262395  Length:  9  RSSI: -58  Channel: 37  PHY: Coded (S=2)  CRC: 0x601278
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 20 PHY: Coded Delay: 91230 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0xbc2 SID: 0x1
0x0000:  47 07 06 18 c2 1b 14 e1  4b                       G.......K

raw ts 0x7612538
Timestamp: 58.267395  Length:  9  RSSI: -58  Channel: 37  PHY: Coded (S=2)  CRC: 0xAA737E
Ad Type: ADV_EXT_IND
ChSel: 0 TxAdd: 1 RxAdd: 0 Ad Length: 7
AuxPtr Chan: 17 PHY: Coded Delay: 105000 us
AdvMode: Non-connectable, non-scannable
AdvDataInfo DID: 0x8c2 SID: 0x0
0x0000:  47 07 06 18 c2 08 11 ac  4d                       G.......M
sultanqasim commented 1 month ago

I figured out the root cause. The bug is in DelayStopTrrigger and its usage of timers. The timer always counts up, and it only gets loaded to zero on initialization or on match. Calling Timer_stop() or Timer_start() does not reload the timer's counter. Consequently, if the timer was set to count up to some value, then we need to move the trigger point to some time sooner, we might end up setting the timer match value to something below the current time value. In that case, the timer will only trigger after the counter wraps around.

According to https://e2e.ti.com/support/wireless-connectivity/sub-1-ghz-group/sub-1-ghz/f/sub-1-ghz-forum/710802/launchxl-cc1352r1-gptimercc26xx---resetting-running-load-value-to-zero there is no API to manually reload timers, and TI recommends using the ClockP API instead.

alphafox02 commented 1 month ago

With the changes and a new firmware built I’ve so far been unable to reproduce the bug. I turn on two bt5 long range extended transmitters and both devices are tracked and decoded. I’ll continue to run for longer periods of time and try to introduce more of the same type of transmitters. Thank you for addressing this, seems to work great now!

sultanqasim commented 1 month ago

Fixed in 30cfe09