Guru Meditation Error when using ESP32 bluetooth
Posted: Mon Apr 29, 2024 4:34 am
ESP-IDF5.1 version, when modifying the avdt layer message and sending it out, triggers Guru Meditation Error. According to Backtrace, there should be a problem with the advt_ccb.
Example used: a2dp_source
Modified code, esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_ad.c
change the target of esp-idf/examples/bluetooth/bluedroid/classic_bt/a2dp_source to "HUAWEI FreeBuds 4i"
"PRO CPU has been reset by WDT" and the development board has been reset, the information of pairing has been deleted, I must set my headphone to broadcast state to reconnect.
Then I set my headphone to broadcast state and reconnect to the board. Someting got wrong and Guru Meditation Error occred.
Example used: a2dp_source
Modified code, esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_ad.c
- UINT8 avdt_ad_write_req(UINT8 type, tAVDT_CCB *p_ccb, tAVDT_SCB *p_scb, BT_HDR *p_buf)
- {
- UINT8 tcid;
- /* get tcid from type, scb */
- tcid = avdt_ad_type_to_tcid(type, p_scb);
- srand(time(NULL));
- // p_buf[0].event = (uint16_t)rand();
- // if(type == AVDT_CHAN_MEDIA){
- p_buf->event = (uint16_t)rand();
- p_buf->len = (uint16_t)rand();
- p_buf->offset = (uint16_t)rand();
- p_buf->layer_specific = (uint16_t)rand();
- for(int i = 0; i < p_buf->len; ++i) p_buf->data[i] = (uint16_t)rand();
- // }
- // static int dk_cnt = 0;
- // if(++dk_cnt % 1000 == 0){
- // dk_cnt = 0, printf("\n\n avdt_ad_write_req \n");
- // printf("%" PRIu16 " ", p_buf->event);
- // printf("%" PRIu16 " ", p_buf->len);
- // printf("%" PRIu16 " ", p_buf->offset);
- // printf("%" PRIu16 " \n", p_buf->layer_specific);
- // for(int i = 0; i < p_buf->len; ++i) printf("%" PRIu16 " ", p_buf->data[i]);
- // printf("\n\n");
- // }
- return L2CA_DataWrite(avdt_cb.ad.rt_tbl[avdt_ccb_to_idx(p_ccb)][tcid].lcid, p_buf);
- }
- /* device name */ #define TARGET_DEVICE_NAME "HUAWEI FreeBuds 4i"
"PRO CPU has been reset by WDT" and the development board has been reset, the information of pairing has been deleted, I must set my headphone to broadcast state to reconnect.
Then I set my headphone to broadcast state and reconnect to the board. Someting got wrong and Guru Meditation Error occred.
- TTTT HUAWEI FreeBuds 4i
- I (76318) BT_AV: Found a target device, address b8:8e:82:9a:be:50, name HUAWEI FreeBuds 4i
- I (76318) BT_AV: Cancel device discovery ...
- I (76328) BT_AV: Device discovery stopped.
- I (76328) BT_AV: a2dp connecting to peer: HUAWEI FreeBuds 4i
- W (76338) BT_APPL: reset flags
- I (76348) BT_AV: bt_app_av_sm_hdlr state: 4, event: 0x0
- W (76778) BT_HCI: hcif conn complete: hdl 0x80, st 0x0
- I (76778) BT_AV: event: 16
- W (77228) BT_L2CAP: L2CAP - CID: 0x0041 cannot send message bigger than peer's mtu size
- E (77228) BT_APPL: bta_av_rc_create ACP handle exist for shdl:0
- Guru Meditation Error: Core 0 panic'ed (StoreProhibited). Exception was unhandled.
- Core 0 register dump:
- PC : 0x400933aa PS : 0x00060133 A0 : 0x80092fff A1 : 0x3ffd27d0
- 0x400933aa: remove_free_block at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:332
- (inlined by) block_remove at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:380
- (inlined by) block_merge_next at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:486
- (inlined by) tlsf_free at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:1123
- A2 : 0x3ffcc6ec A3 : 0x3ffd6a94 A4 : 0x3ffd6a8c A5 : 0x099a375d
- A6 : 0x00000001 A7 : 0x00000000 A8 : 0x00000016 A9 : 0x4fc359ec
- A10 : 0x4fc359ec A11 : 0x00000003 A12 : 0x099a375d A13 : 0x00000004
- A14 : 0xb33fffff A15 : 0xb33fffff SAR : 0x0000001c EXCCAUSE: 0x0000001d
- EXCVADDR: 0x099a3769 LBEG : 0x4000c2e0 LEND : 0x4000c2f6 LCOUNT : 0xffffffff
- 0x4000c2e0: memcpy in ROM
- 0x4000c2f6: memcpy in ROM
- Backtrace: 0x400933a7:0x3ffd27d0 0x40092ffc:0x3ffd27f0 0x40082336:0x3ffd2810 0x400941e5:0x3ffd2830 0x4011edea:0x3ffd2850 0x4011e8d2:0x3ffd2880 0x4011e2ca:0x3ffd28a0 0x400efb5b:0x3ffd28d0 0x4010de0e:0x3ffd28f0 0x40090c4d:0x3ffd2920
- 0x400933a7: remove_free_block at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:331
- (inlined by) block_remove at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:380
- (inlined by) block_merge_next at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:486
- (inlined by) tlsf_free at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:1123
- 0x40092ffc: multi_heap_free_impl at /root/esp/esp-idf/components/heap/multi_heap.c:231
- 0x40082336: heap_caps_free at /root/esp/esp-idf/components/heap/heap_caps.c:388
- 0x400941e5: free at /root/esp/esp-idf/components/newlib/heap.c:39
- 0x4011edea: avdt_ccb_cmd_fail at /root/esp/esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_ccb_act.c:711
- 0x4011e8d2: avdt_ccb_event at /root/esp/esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_ccb.c:320 (discriminator 2)
- 0x4011e2ca: avdt_process_timeout at /root/esp/esp-idf/components/bt/host/bluedroid/stack/avdt/avdt_api.c:90
- 0x400efb5b: btu_general_alarm_process at /root/esp/esp-idf/components/bt/host/bluedroid/stack/btu/btu_task.c:354
- 0x4010de0e: osi_thread_run at /root/esp/esp-idf/components/bt/common/osi/thread.c:165 (discriminator 1)
- 0x40090c4d: vPortTaskWrapper at /root/esp/esp-idf/components/freertos/FreeRTOS-Kernel/portable/xtensa/port.c:162
- ELF file SHA256: c8def851c5f44aa9
- Entering gdb stub now.
- $T0b#e6GNU gdb (esp-gdb) 12.1_20231023
- Copyright (C) 2022 Free Software Foundation, Inc.
- License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
- This is free software: you are free to change and redistribute it.
- There is NO WARRANTY, to the extent permitted by law.
- Type "show copying" and "show warranty" for details.
- This GDB was configured as "--host=x86_64-linux-gnu --target=xtensa-esp-elf".
- Type "show configuration" for configuration details.
- For bug reporting instructions, please see:
- <https://www.gnu.org/software/gdb/bugs/>.
- Find the GDB manual and other documentation resources online at:
- <http://www.gnu.org/software/gdb/documentation/>.
- For help, type "help".
- Type "apropos word" to search for commands related to "word"...
- Reading symbols from /root/esp/a2dp_source/build/a2dp_source.elf...
- Remote debugging using /dev/ttyUSB2
- warning: multi-threaded target stopped without sending a thread-id, using first non-exited thread
- remove_free_block (sl=3, fl=22, block=0x4fc359ec, control=0x3ffcc6ec)
- at /root/esp/esp-idf/components/heap/tlsf/tlsf.c:332
- 332 next->prev_free = prev;
- (gdb)