BL653 crashes when working with CONFIG_MCUMGR_SMP_BT & CONFIG_ESB

Just adding some code to help.

main.c

/*
 * Copyright (c) 2018 Nordic Semiconductor ASA
 *
 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 */

#include <zephyr/types.h>
#include <stddef.h>
#include <string.h>
#include <errno.h>
#include <sys/printk.h>
#include <sys/byteorder.h>
#include <zephyr.h>
#include <drivers/gpio.h>
#include <soc.h>
#include <esb.h>
#include <sys_clock.h>
#include <drivers/clock_control.h>
#include <drivers/clock_control/nrf_clock_control.h>
#include <bluetooth/bluetooth.h>
#include <bluetooth/hci.h>
#include <bluetooth/conn.h>
#include <bluetooth/uuid.h>
#include <bluetooth/gatt.h>

#include <bluetooth/services/lbs.h>

#include <settings/settings.h>

//#include <dk_buttons_and_leds.h>

//LOG_MODULE_REGISTER(esb_ptx, CONFIG_ESB_PTX_APP_LOG_LEVEL);

// ***************** //
// Time measurements //
// ***************** //
#if !defined(NRF_RTC1) && defined(CONFIG_SOC_FAMILY_NRF)
#include <soc.h>
#endif
static double timestamp_get(void)
{
#ifdef CONFIG_SOC_FAMILY_NRF
	return NRF_RTC1->COUNTER / 32768.0;
#else
	return k_cycle_get_32() / 32768.0;
#endif
}

static long long Timestamp_us(void)
{
#ifdef CONFIG_SOC_FAMILY_NRF
	return timestamp_get() * 1000000ll;
#else
	return timestamp_get() * 1000000ll;
#endif
}
// ***************** //

struct esb_config config = ESB_DEFAULT_CONFIG;
static struct esb_payload rx_payload;
static struct esb_payload tx_payload = ESB_CREATE_PAYLOAD(0,
	0x01, 0x00, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08);

#define _RADIO_SHORTS_COMMON                                                   \
	(RADIO_SHORTS_READY_START_Msk | RADIO_SHORTS_END_DISABLE_Msk |         \
	 RADIO_SHORTS_ADDRESS_RSSISTART_Msk |                                  \
	 RADIO_SHORTS_DISABLED_RSSISTOP_Msk)


#define DEVICE_NAME             CONFIG_BT_DEVICE_NAME
#define DEVICE_NAME_LEN         (sizeof(DEVICE_NAME) - 1)


#define RUN_STATUS_LED          DK_LED1
#define CON_STATUS_LED          DK_LED2
#define RUN_LED_BLINK_INTERVAL  1000

#define USER_LED                DK_LED3

//#define USER_BUTTON             DK_BTN1_MSK

static bool app_button_state;

static const struct bt_data ad[] = {
	BT_DATA_BYTES(BT_DATA_FLAGS, (BT_LE_AD_GENERAL | BT_LE_AD_NO_BREDR)),
	BT_DATA(BT_DATA_NAME_COMPLETE, DEVICE_NAME, DEVICE_NAME_LEN),
};

static const struct bt_data sd[] = {
	//BT_DATA_BYTES(BT_DATA_UUID128_ALL, BT_UUID_LBS_VAL),
	// this string is the same as defined in the mcumgr default key (check it from the end to the start)
	// https://github.com/NordicSemiconductor/Android-nRF-Connect-Device-Manager/blob/main/mcumgr-ble/src/main/java/io/runtime/mcumgr/ble/DefaultMcuMgrUuidConfig.java
	// 	public final static UUID SMP_SERVICE_UUID = UUID.fromString("8D53DC1D-1DB7-4CD3-868B-8A527460AA84");
	BT_DATA_BYTES(BT_DATA_UUID128_ALL,
		      0x84, 0xaa, 0x60, 0x74, 0x52, 0x8a, 0x8b, 0x86,
		      0xd3, 0x4c, 0xb7, 0x1d, 0x1d, 0xdc, 0x53, 0x8d),
};

static void connected(struct bt_conn *conn, uint8_t err)
{
	if (err) {
		printk("Connection failed (err %u)\n", err);
		return;
	}

	printk("Connected\n");

	//dk_set_led_on(CON_STATUS_LED);
}

static void disconnected(struct bt_conn *conn, uint8_t reason)
{
	printk("Disconnected (reason %u)\n", reason);

	//dk_set_led_off(CON_STATUS_LED);
}

#ifdef CONFIG_BT_LBS_SECURITY_ENABLED
static void security_changed(struct bt_conn *conn, bt_security_t level,
			     enum bt_security_err err)
{
	char addr[BT_ADDR_LE_STR_LEN];

	bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

	if (!err) {
		printk("Security changed: %s level %u\n", addr, level);
	} else {
		printk("Security failed: %s level %u err %d\n", addr, level,
			err);
	}
}
#endif

static struct bt_conn_cb conn_callbacks = {
	.connected        = connected,
	.disconnected     = disconnected,
#ifdef CONFIG_BT_LBS_SECURITY_ENABLED
	.security_changed = security_changed,
#endif
};

#if defined(CONFIG_BT_LBS_SECURITY_ENABLED)
static void auth_passkey_display(struct bt_conn *conn, unsigned int passkey)
{
	char addr[BT_ADDR_LE_STR_LEN];

	bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

	printk("Passkey for %s: %06u\n", addr, passkey);
}

static void auth_cancel(struct bt_conn *conn)
{
	char addr[BT_ADDR_LE_STR_LEN];

	bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

	printk("Pairing cancelled: %s\n", addr);
}

static void pairing_complete(struct bt_conn *conn, bool bonded)
{
	char addr[BT_ADDR_LE_STR_LEN];

	bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

	printk("Pairing completed: %s, bonded: %d\n", addr, bonded);
}

static void pairing_failed(struct bt_conn *conn, enum bt_security_err reason)
{
	char addr[BT_ADDR_LE_STR_LEN];

	bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

	printk("Pairing failed conn: %s, reason %d\n", addr, reason);
}

static struct bt_conn_auth_cb conn_auth_callbacks = {
	.passkey_display = auth_passkey_display,
	.cancel = auth_cancel,
	.pairing_complete = pairing_complete,
	.pairing_failed = pairing_failed
};
#else
static struct bt_conn_auth_cb conn_auth_callbacks;
#endif

static void app_led_cb(bool led_state)
{
	//dk_set_led(USER_LED, led_state);
}

static bool app_button_cb(void)
{
	return app_button_state;
}

static struct bt_lbs_cb lbs_callbacs = {
	.led_cb    = app_led_cb,
	.button_cb = app_button_cb,
};

// static void button_changed(uint32_t button_state, uint32_t has_changed)
// {
// 	if (has_changed & USER_BUTTON) {
// 		uint32_t user_button_state = button_state & USER_BUTTON;

// 		bt_lbs_send_button_state(user_button_state);
// 		app_button_state = user_button_state ? true : false;
// 	}
// }

static int init_button(void)
{
	int err = 0;

	//err = dk_buttons_init(button_changed);
	if (err) {
		printk("Cannot init buttons (err: %d)\n", err);
	}

	return err;
}

void event_handler(struct esb_evt const *event)
{
	printk("packet\n\r");
	switch (event->evt_id) {
	case ESB_EVENT_TX_SUCCESS:
		break;
	case ESB_EVENT_TX_FAILED:
		break;
	case ESB_EVENT_RX_RECEIVED:
		while (esb_read_rx_payload(&rx_payload) == 0) 
		{			
			printk("Got pkt %d %d\n\r", (uint8_t)rx_payload.data[2], rx_payload.length);
		}
		break;
	}
}

int clocks_start(void)
{
	int err;
	int res;
	struct onoff_manager *clk_mgr;
	struct onoff_client clk_cli;

	clk_mgr = z_nrf_clock_control_get_onoff(CLOCK_CONTROL_NRF_SUBSYS_HF);
	if (!clk_mgr) {
		//LOG_ERR("Unable to get the Clock manager");
		return -ENXIO;
	}

	sys_notify_init_spinwait(&clk_cli.notify);

	err = onoff_request(clk_mgr, &clk_cli);
	if (err < 0) {
		//LOG_ERR("Clock request failed: %d", err);
		return err;
	}

	do {
		err = sys_notify_fetch_result(&clk_cli.notify, &res);
		if (!err && res) {
			//LOG_ERR("Clock could not be started: %d", res);
			return res;
		}
	} while (err);

	//LOG_DBG("HF clock started");
	return 0;
}


int esb_initialize(void)
{
	int err;
	/* These are arbitrary default addresses. In end user products
	 * different addresses should be used for each set of devices.
	 */
	uint8_t base_addr_0[4] = {0xE7, 0xE7, 0xE7, 0xE7};
	uint8_t base_addr_1[4] = {0xC2, 0xC2, 0xC2, 0xC2};
	uint8_t addr_prefix[8] = {0xE7, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8};	

	config.protocol = ESB_PROTOCOL_ESB_DPL;
	config.retransmit_delay = 300;
	config.tx_output_power = ESB_TX_POWER_4DBM;
	config.retransmit_count = 0;
	config.bitrate = ESB_BITRATE_2MBPS_BLE;
	config.crc = ESB_CRC_16BIT;
	config.event_handler = event_handler;
	config.mode = ESB_MODE_PRX;
	config.selective_auto_ack = false;

	err = esb_init(&config);

	if (err) {
		return err;
	}

	err = esb_set_base_address_0(base_addr_0);
	if (err) {
		return err;
	}

	err = esb_set_base_address_1(base_addr_1);
	if (err) {
		return err;
	}

	err = esb_set_prefixes(addr_prefix, ARRAY_SIZE(addr_prefix));
	if (err) {
		return err;
	}

	err = esb_set_rf_channel(22);
	if (err) {
		return err;
	}

	esb_start_rx();

	return 0;
}


void main(void)
{
	int blink_status = 0;
	int err = 0;

	err = clocks_start();
	if (err) {
		return;
	}

	err = esb_initialize();
	if (err) {
		return;
	}
	for (;;) {
		//dk_set_led(RUN_STATUS_LED, (++blink_status) % 2);
		k_sleep(K_MSEC(RUN_LED_BLINK_INTERVAL));
	}

	printk(" Starting Bluetooth Peripheral LBS example\n");

	//err = dk_leds_init();
	if (err) {
		printk("LEDs init failed (err %d)\n", err);
		return;
	}

	err = init_button();
	if (err) {
		printk("Button init failed (err %d)\n", err);
		return;
	}
	printk("build time: " __DATE__ " " __TIME__ "\n");
	os_mgmt_register_group();
	img_mgmt_register_group();
	smp_bt_register();
	bt_conn_cb_register(&conn_callbacks);
	if (IS_ENABLED(CONFIG_BT_LBS_SECURITY_ENABLED)) {
		bt_conn_auth_cb_register(&conn_auth_callbacks);
	}

	err = bt_enable(NULL);
	if (err) {
		printk("Bluetooth init failed (err %d)\n", err);
		return;
	}

	printk("Bluetooth initialized\n");

	printk("\n\rVagner was here\n\r");

	if (IS_ENABLED(CONFIG_SETTINGS)) {
		settings_load();
	}

	//err = bt_lbs_init(&lbs_callbacs);
	if (err) {
		printk("Failed to init LBS (err:%d)\n", err);
		return;
	}

	err = bt_le_adv_start(BT_LE_ADV_CONN, ad, ARRAY_SIZE(ad),
			      sd, ARRAY_SIZE(sd));
	if (err) {
		printk("Advertising failed to start (err %d)\n", err);
		return;
	}

	printk("Advertising successfully started\n");

	for (;;) {
		//dk_set_led(RUN_STATUS_LED, (++blink_status) % 2);
		k_sleep(K_MSEC(RUN_LED_BLINK_INTERVAL));
	}
}

prj.conf

#
# Copyright (c) 2019 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
CONFIG_NCS_SAMPLES_DEFAULTS=y
CONFIG_ESB=y
CONFIG_CONSOLE=y
CONFIG_UART_CONSOLE=y
CONFIG_SERIAL=y
CONFIG_LOG=y
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_UART_LINE_CTRL=y
CONFIG_USB_DEVICE_STACK=y
CONFIG_USB_DEVICE_PRODUCT="Zephyr CDC ACM sample"
CONFIG_MCUBOOT_SIGNATURE_KEY_FILE="root-rsa-2048.pem"
CONFIG_BOOTLOADER_MCUBOOT=y
# Enable mcumgr.
CONFIG_MCUMGR=y
# Enable most core commands.
CONFIG_MCUMGR_CMD_IMG_MGMT=y
CONFIG_MCUMGR_CMD_OS_MGMT=y
# Ensure an MCUboot-compatible binary is generated.
CONFIG_BOOTLOADER_MCUBOOT=y

# Allow for large Bluetooth data packets.
CONFIG_BT_L2CAP_TX_MTU=252
CONFIG_BT_BUF_ACL_RX_SIZE=256

# Enable the Bluetooth (unauthenticated) and shell mcumgr transports.
CONFIG_MCUMGR_SMP_BT=y
CONFIG_MCUMGR_SMP_BT_AUTHEN=n

# Some command handlers require a large stack.
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096

CONFIG_MCUBOOT_IMAGE_VERSION="0.0.1"
CONFIG_ESB=y
# 32kHz clock source 
#CONFIG_CLOCK_CONTROL_NRF_K32SRC_XTAL=y 
#CONFIG_CLOCK_CONTROL_NRF_K32SRC_20PPM=y 

If you have another application that sends a packet on channel 22, this application will crash with the following error message:

*** Booting Zephyr OS build v2.7.99-ncs1-1  ***
E: MPSL ASSERT: 112, 2236
E: ***** HARD FAULT *****
E:   Fault escalation (see below)
E: ARCH_EXCEPT with reason 3

E: r0/a1:  0x00000003  r1/a2:  0x0000000a  r2/a3:  0x00000000
E: r3/a4:  0x2000645e r12/ip:  0x00000000 r14/lr:  0x00028597
E:  xpsr:  0x61000011
E: Faulting instruction address (r15/pc): 0x000285a2
E: >>> ZEPHYR FATAL ERROR 3: Kernel oops on CPU 0
E: Fault during interrupt handling

E: Current thread: 0x20001d58 (idle 00)
E: Resetting system

Hi Vagner,

Application starts and automatically starts to listen for ESB packets(PRX).

As soon as it gets a packet,

How do you send the SMP packets to the device?
Aka: "What is the SMP Client?"

Regards,
Sigurd Hellesvik

Hi Sigurd, 

just clarifying a bit this scenario. This BL653 (nRF52833) exchange data with another device BL654 (nRF52840).
Periodically, BL654 broadcasts a packet (4-bytes length on RF channel 22) containing the operation for this cycle.

My goal is to have the application on BL653 device working as usual, but if BL654 sends a special value to BL653 I must stop all ESB tasks (esb_stop_rx()) and immediately call this sequence of commands so I can interface using the iOS/Android app Device Manager (Nordic) using my phone in order to upload a new image, test or confirm:

    os_mgmt_register_group();
	img_mgmt_register_group();
	smp_bt_register();
	bt_conn_cb_register(&conn_callbacks);
	if (IS_ENABLED(CONFIG_BT_LBS_SECURITY_ENABLED)) {
		bt_conn_auth_cb_register(&conn_auth_callbacks);
	}

	err = bt_enable(NULL);

	if (IS_ENABLED(CONFIG_SETTINGS)) {
		settings_load();
	}
	err = bt_le_adv_start(BT_LE_ADV_CONN, ad, ARRAY_SIZE(ad),
			      sd, ARRAY_SIZE(sd));

But what I've found out is that in case I compile my project using prj.conf CONFIG_MCUMGR_SMP_BT=y, even if bt_enable() was never called, every ESB packet that I collect leads to a crash.

I'm open to an alternative solution for this issue as well...

Hi Vagner,

From CONFIG_MCUMGR_SMP_BT, we can see that it selects CONFIG_BT.

I guess that the root issue here is that the nRF52 can not run ESB and Bluetooth Low Energy simultaneously.

In that case you will need to use our Multiprotocol Service Layer to switch between these.

See  Updating to the MPSL Timeslot interface .

Regards,
Sigurd Hellesvik

I see, thanks for the reply Sigurd.

To be honest, I feel like I'm over-complicating this. 
What I really need is a way to upload my application, over-the-air.

My original plan is to have Slot: 0 containing smp_svr (https://github.com/zephyrproject-rtos/zephyr/tree/main/samples/subsys/mgmt/mcumgr/smp_svr).

Now we use "Device Manager" to upload our product's image on Slot 1 - test and confirm.

If any time in the future I want to upload a new image, then my application "swap" Slots again using boot_request_upgrade() and I get smp_svr running once again (and upload a new image instead of my previous one).

But I couldn't make it work so far.

Is there an example of this simple DFU procedure?

My setup: nRF52833, Zephyr OS, using ncs 1.9.1.

Thanks in advance!