Esp-idf: Bluetooth Classic data curruption (IDFGH-418)

Environment

• Development Kit: [none]
• Core (if using chip or module): [ESP32]
• IDF version f11ac037c4958fc68e67a50134a0ce9a1634008c
• Development Env: [Make]
• Operating System: [Windows]
• Power Supply: [USB]

Problem Description

When running Bluetooth classic SPP we get currupt packets. Random data in packets are wrong, the correct amount of data is sent/received but some packets contain a few bytes which are changed.

In our application we see at least 1-2 packets with wrong data every 1-2GB duplex data. I did some investigation and I can very easily reproduce the problem if I introduce some dampening by using an attenuator between the two ESP32's. By setting the damping to a number which causes the throughput to go down by ~50% I see the packet error after just 1-5 minutes of data TX.

The issue is also reproduceable with the bt_spp_initiator and bt_spp_acceptor. We just added a checksum in the beginning of each packet and in that way we can easily see if the packet was received with an error.

I have tested using Enhanced Retransmission Mode using Bluekitchen stack, and still see the problem. ERTM should catch if there was an error in the air which the 16bit Bluetooth Classic CRC missed. Meaning (assuming ERTM works in Bluekitchen stack) that the error is somewhere in Espressif code. So either the packet is currupted before beeing sent (after leavinig the stack to the BT controller) or that it's currupted after it's received and before it's passed to the stack.

As I have reproduced the problem with two different stacks, it's not a stack issue. The data is already currupt when the stack on the receiving side gets it.

My guess from my finding is that there is some issue when there are retransmitions of packets, on receiving side.

Additionally I have placed a sniffer (see image at the end) between the master and the attenuator, meaning I can see exactly what data the master sends. When the slave receives a packet with currupt data I can see all sent packets by the master (including all retransmittions) and I can not see any packet which is invalid here. Which also suggests that the issue is on receiving side. (Assuming ERTM works)

Another issue I see is that the ESP32 does not change packet type when the link is bad. For example casusing a very bad link, the ESP32 still does use 3-DH3 packets, but I think it should switch down to DM packets when the link is really bad.

Expected Behavior

No currupted data received.

Actual Behavior

Currupted data received.

Steps to repropduce

Problem is reproduceable without intruducing damping, however much easier if you do. Also the environment in our office is pretty harsh, so possibly it's not possible for you to reproduce without damping (casing retransmitions). Maybe moving two units away from eachother far enough to affect the throughput -50% would also work. I have not tested.

1. Connect two ESP32 with damping between them which cause the max throughput to go down 50+%
2. Run modified bt_spp_initiator and bt_spp_acceptor which also checks for packet errors.
3. After a few minutes you should see that currupt data is received.

Setup looks like this with two ESP32 with external antenna connected to an attenuator:

Question to Espressif

Does Bluedroid support Enhanced Retransmission Mode? If so I could verify with another stack that this is not an issue in the air. By searching in Bluedroid code I find ERTM implementation, how do I enable it?

I'm doing some more investigation, so the issue may update.

Logs

Modified spp exampes including CRC check and printout of invalid packet:
Please ignore the first packet error received stright after start.
spp_error_examples.zip

Damped until throughput was ~900kbps.
Error received after about 2 minutes. I have highlighted the incorrect bytes (d2 97) below in bold.

Edit 1: I have added modifed spp example code and log of invalid packet above.