A recent commit removed explicit null handle validation before TEE_FreeOperation() calls, causing TA panics with code 0x0 when running in Global Platform TEE Internal Core API v1.1 compatibility mode. When sess->op_handle is NULL or TEE_HANDLE_NULL, the system will panic during the operation. The removal was likely done assuming the internal null checks were sufficient, but GP 1.1 compatibility mode has different behavior.

The code is going into panic state at this point.
https://github.com/linaro-swg/optee_examples/blob/master/aes/ta/aes_ta.c#L136

Below is the panic logs.

D/TA:  __GP11_TA_OpenSessionEntryPoint:476 Session 0x4003ae60: newly allocated
Prepare encode operation
D/TA:  alloc_resources:109 Session 0x4003ae60: get ciphering resources
E/TC:? 0
E/TC:? 0 TA panicked with code 0x0
optee_example_aes: TEEC_InvokeCommand(PREPARE) failed 0xffff3024 origin 0x3

Root Cause Analysis

When sess->op_handle is NULL or TEE_HANDLE_NULL and GP 1.1 compatibility mode uses a different wrapper for TEE_FreeOperation(), the TA panics.

Below is the wrapper it is using:

https://github.com/OP-TEE/optee_os/blob/master/lib/libutee/tee_api_operations.c#L438C1-L443C2