SoftDevice with Zephyr : Scanning extended advertisement packets crash the application

Context

We are working on a project that implies advertising and scanning extended advertised packets.

details :

• NRF52840
• Zephyr SDK 17.0
• Zephyr 4.0.99
• NRF SDK v3.0.0-preview1

Issue description

Our application freeze after a few seconds of scanning. The logs show that the bt hci driver generates a large number of BT_HCI_EVT_LE_EXT_ADVERTISING_REPORT (0x0d) events (the number of events before the crash is not constant) and then we get an error, either mpsl_init: MPSL ASSERT: 112, 1984, or bt_sdc_hci_driver: SoftDevice Controller ASSERT: 50. Both cases it leads to an OS Hard fault. We are working in an office with a lot of devices advertising, so we tried to put the device in a Faraday box and observed that the bug happens immediately when we open the box and not before.

Theory

We think this might be a configuration issue and we spent some time trying to play with different buffer sizes but no relevant results.

More contexts:

BLE related configuration :

# Bluetooth Configuration
CONFIG_BT=y
CONFIG_BT_PERIPHERAL=y
CONFIG_BT_CTLR=n
CONFIG_BT_EXT_ADV=y
CONFIG_BT_EXT_ADV_MAX_ADV_SET=2
CONFIG_BT_BROADCASTER=y
CONFIG_BT_CTLR=y
CONFIG_BT_CTLR_ADV_EXT=y
CONFIG_BT_HCI=y
CONFIG_BT_LL_SOFTDEVICE=y
CONFIG_BT_CTLR_ADV_DATA_CHAIN=n
CONFIG_BT_CTLR_ADV_DATA_LEN_MAX=1500
CONFIG_BT_OBSERVER=y

Scan enable function (return 0, and bt_enable(NULL) has returned 0 before that)

static int ble_scan_start()
{
    struct bt_le_scan_param scan_param = {
        .type = BT_HCI_LE_SCAN_PASSIVE,
        .options = BT_LE_SCAN_OPT_NONE,
        .interval = 37 / 0.625,
        .window = 25 / 0.625,
    };

    int err = bt_le_scan_start(&scan_param, scan_cb);
    return r;
}

Our scan cb is empty, proving that the issue do directly come from the application but from on of the lower layer.

Captured logs: