Guru Meditation Error when using ESP32 bluetooth

Post Reply
u_ding
Posts: 6
Joined: Tue Apr 16, 2024 6:11 am

Guru Meditation Error when using ESP32 bluetooth

Postby u_ding » Mon Apr 29, 2024 4:34 am

ESP-IDF5.1 version, when modifying the avdt layer message and sending it out, triggers Guru Meditation Error. According to Backtrace, there should be a problem with the advt_ccb.

Example used: a2dp_source
Modified code, esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_ad.c
Code: [Select all] [Expand/Collapse]
  1. UINT8 avdt_ad_write_req(UINT8 type, tAVDT_CCB *p_ccb, tAVDT_SCB *p_scb, BT_HDR *p_buf)
  2. {
  3. UINT8 tcid;
  4.  
  5. /* get tcid from type, scb */
  6. tcid = avdt_ad_type_to_tcid(type, p_scb);
  7.  
  8. srand(time(NULL));
  9. // p_buf[0].event = (uint16_t)rand();
  10.  
  11. // if(type == AVDT_CHAN_MEDIA){
  12. p_buf->event = (uint16_t)rand();
  13. p_buf->len = (uint16_t)rand();
  14. p_buf->offset = (uint16_t)rand();
  15. p_buf->layer_specific = (uint16_t)rand();
  16. for(int i = 0; i < p_buf->len; ++i) p_buf->data[i] = (uint16_t)rand();
  17. // }
  18.  
  19. // static int dk_cnt = 0;
  20. // if(++dk_cnt % 1000 == 0){
  21. // dk_cnt = 0, printf("\n\n avdt_ad_write_req \n");
  22. // printf("%" PRIu16 " ", p_buf->event);
  23. // printf("%" PRIu16 " ", p_buf->len);
  24. // printf("%" PRIu16 " ", p_buf->offset);
  25. // printf("%" PRIu16 " \n", p_buf->layer_specific);
  26. // for(int i = 0; i < p_buf->len; ++i) printf("%" PRIu16 " ", p_buf->data[i]);
  27. // printf("\n\n");
  28. // }
  29.  
  30. return L2CA_DataWrite(avdt_cb.ad.rt_tbl[avdt_ccb_to_idx(p_ccb)][tcid].lcid, p_buf);
  31. }
GeSHi © Codebox Plus Extension
change the target of esp-idf/examples/bluetooth/bluedroid/classic_bt/a2dp_source to "HUAWEI FreeBuds 4i"
Code: [Select all] [Expand/Collapse]
  1. /* device name */ #define TARGET_DEVICE_NAME    "HUAWEI FreeBuds 4i"
GeSHi © Codebox Plus Extension

"PRO CPU has been reset by WDT" and the development board has been reset, the information of pairing has been deleted, I must set my headphone to broadcast state to reconnect.

Then I set my headphone to broadcast state and reconnect to the board. Someting got wrong and Guru Meditation Error occred.
Code: [Select all] [Expand/Collapse]
  1. TTTT  HUAWEI FreeBuds 4i
  2. I (76318) BT_AV: Found a target device, address b8:8e:82:9a:be:50, name HUAWEI FreeBuds 4i
  3. I (76318) BT_AV: Cancel device discovery ...
  4. I (76328) BT_AV: Device discovery stopped.
  5. I (76328) BT_AV: a2dp connecting to peer: HUAWEI FreeBuds 4i
  6. W (76338) BT_APPL: reset flags
  7. I (76348) BT_AV: bt_app_av_sm_hdlr state: 4, event: 0x0
  8. W (76778) BT_HCI: hcif conn complete: hdl 0x80, st 0x0
  9. I (76778) BT_AV: event: 16
  10. W (77228) BT_L2CAP: L2CAP - CID: 0x0041  cannot send message bigger than peer's mtu size
  11. E (77228) BT_APPL: bta_av_rc_create ACP handle exist for shdl:0
  12. Guru Meditation Error: Core  0 panic'ed (StoreProhibited). Exception was unhandled.
  13.  
  14. Core  0 register dump:
  15. PC      : 0x400933aa  PS      : 0x00060133  A0      : 0x80092fff  A1      : 0x3ffd27d0  
  16. 0x400933aa: remove_free_block at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:332
  17.  (inlined by) block_remove at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:380
  18.  (inlined by) block_merge_next at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:486
  19.  (inlined by) tlsf_free at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:1123
  20.  
  21. A2      : 0x3ffcc6ec  A3      : 0x3ffd6a94  A4      : 0x3ffd6a8c  A5      : 0x099a375d  
  22. A6      : 0x00000001  A7      : 0x00000000  A8      : 0x00000016  A9      : 0x4fc359ec  
  23. A10     : 0x4fc359ec  A11     : 0x00000003  A12     : 0x099a375d  A13     : 0x00000004  
  24. A14     : 0xb33fffff  A15     : 0xb33fffff  SAR     : 0x0000001c  EXCCAUSE: 0x0000001d  
  25. EXCVADDR: 0x099a3769  LBEG    : 0x4000c2e0  LEND    : 0x4000c2f6  LCOUNT  : 0xffffffff  
  26. 0x4000c2e0: memcpy in ROM
  27. 0x4000c2f6: memcpy in ROM
  28.  
  29.  
  30.  
  31. Backtrace: 0x400933a7:0x3ffd27d0 0x40092ffc:0x3ffd27f0 0x40082336:0x3ffd2810 0x400941e5:0x3ffd2830 0x4011edea:0x3ffd2850 0x4011e8d2:0x3ffd2880 0x4011e2ca:0x3ffd28a0 0x400efb5b:0x3ffd28d0 0x4010de0e:0x3ffd28f0 0x40090c4d:0x3ffd2920
  32. 0x400933a7: remove_free_block at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:331
  33.  (inlined by) block_remove at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:380
  34.  (inlined by) block_merge_next at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:486
  35.  (inlined by) tlsf_free at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:1123
  36. 0x40092ffc: multi_heap_free_impl at /root/esp/esp-idf/components/heap/multi_heap.c:231
  37. 0x40082336: heap_caps_free at /root/esp/esp-idf/components/heap/heap_caps.c:388
  38. 0x400941e5: free at /root/esp/esp-idf/components/newlib/heap.c:39
  39. 0x4011edea: avdt_ccb_cmd_fail at /root/esp/esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_ccb_act.c:711
  40. 0x4011e8d2: avdt_ccb_event at /root/esp/esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_ccb.c:320 (discriminator 2)
  41. 0x4011e2ca: avdt_process_timeout at /root/esp/esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_api.c:90
  42. 0x400efb5b: btu_general_alarm_process at /root/esp/esp-idf/components/bt/host/bluedroid/stack/btu/btu_task.c:354
  43. 0x4010de0e: osi_thread_run at /root/esp/esp-idf/components/bt/common/osi/thread.c:165 (discriminator 1)
  44. 0x40090c4d: vPortTaskWrapper at /root/esp/esp-idf/components/freertos/FreeRTOS-Kernel/portable/xtensa/port.c:162
  45.  
  46.  
  47.  
  48.  
  49.  
  50. ELF file SHA256: c8def851c5f44aa9
  51.  
  52. Entering gdb stub now.
  53. $T0b#e6GNU gdb (esp-gdb) 12.1_20231023
  54. Copyright (C) 2022 Free Software Foundation, Inc.
  55. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
  56. This is free software: you are free to change and redistribute it.
  57. There is NO WARRANTY, to the extent permitted by law.
  58. Type "show copying" and "show warranty" for details.
  59. This GDB was configured as "--host=x86_64-linux-gnu --target=xtensa-esp-elf".
  60. Type "show configuration" for configuration details.
  61. For bug reporting instructions, please see:
  62. <https://www.gnu.org/software/gdb/bugs/>.
  63. Find the GDB manual and other documentation resources online at:
  64.     <http://www.gnu.org/software/gdb/documentation/>.
  65.  
  66. For help, type "help".
  67. Type "apropos word" to search for commands related to "word"...
  68. Reading symbols from /root/esp/a2dp_source/build/a2dp_source.elf...
  69. Remote debugging using /dev/ttyUSB2
  70. warning: multi-threaded target stopped without sending a thread-id, using first non-exited thread
  71. remove_free_block (sl=3, fl=22, block=0x4fc359ec, control=0x3ffcc6ec)
  72.     at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:332
  73. 332     next->prev_free = prev;
  74. (gdb)
GeSHi © Codebox Plus Extension
Top
liaifat85
Posts: 200
Joined: Wed Dec 06, 2023 2:46 pm

Re: Guru Meditation Error when using ESP32 bluetooth

Postby liaifat85 » Mon Apr 29, 2024 2:36 pm

Use debugging tools like GDB to analyze the memory state at the time of the error. You can inspect the values of pointers, memory contents, and stack traces to identify any potential memory corruption issues.
Top
Post Reply

Return to “ESP-IDF”

Who is online

Users browsing this forum: Google [Bot], yorkwei and 56 guests