Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- STM32 MCUs
- STM32 MCUs Wireless
- Usage fault in WBA6_LinkLayer_BLE_Basic_lib.a
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Usage fault in WBA6_LinkLayer_BLE_Basic_lib.a
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-09-15 12:30 AM
Hi,
I'm having an issue with the WBA6_LinkLayer_BLE_Basic_lib.a library on zephyr.
The library is found in zephyrproject/modules/hal/stm32/zephyr/blobs/stm32wba/lib directory in zephyr 4.2 (tag v4.2.0 in https://github.com/zephyrproject-rtos/zephyr/tags).
The issue is with function llhwc_conn_evnt_done in object llhwc.o inside the library:
On occasions, this function generates a Usage Fault (unaligned memory access) when run on nucleo_wba65ri board.
The offending instruction is 'ldrh r3, [r2, #0]' at address 0x0000359c (function assembly code below).
The registers at the time of the fault are:
R0: 0x00008F10
R1: 0x00008208
R2: 0x4802FFFF
R3: 0x0000FFFF
R4: 0x2000CBB0
R5: 0x4802000C
R6: 0x0000FFFF
R7: 0x48020000
R8: 0x2000DD34
R9: 0x0000923C
R10: 0x20005A48
R11: 0x48028238
R12: 0x00000000
R13: 0x20018318
R14: 0x0803C65C
R15: 0x0803D070
PSP: 0x200184A8
R2 holds the address 0x4802FFFF, which causes the hard fault.
My nucleo_wba65ri is running a central BLE application, sending data to another (different) board running as peripheral.
The stack at the time of the fault is as follows:
llhwc_conn_evnt_done llhwc.c (blob code)
llhwc_sm_done_isr llhwc.c (blob code)
llhwc_lw_isr llhwc.c (blob code)
ll_cmn_lw_isr (probably blob code)
radio_low_prio_isr linklayer_plat_adapt.c:130 (zephyr code)
z_arm_irq_dynamic_direct_isr_dispatch irq_manage.c:261:3 (zephyr code)
z_arm_irq_direct_dynamic_dispatch_reschedule_body irq_manage.c:267:2 (zephyr code)
z_arm_irq_direct_dynamic_dispatch_reschedule irq_manage.c:265:1 (zephyr code)
The error happens intermittently, to my understanding depending on BLE conditions, maybe during disconnection.
It may take 1 try to reproduce, or 10.
(I'm having also "Precise data bus error" Bus Faults in llhwc_evnt_done and llhwc_calc_num_rx_pkts, both with BFAR of 0x48030002, which are less frequent but may be related).
Please advise.
Thanks,
yo
Here is the function assembly dump:
$ ~/zephyr-sdk-0.17.2/arm-zephyr-eabi/bin/arm-zephyr-eabi-gdb llhwc.o
GNU gdb (Zephyr SDK 0.17.2) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "--host=x86_64-build_pc-linux-gnu --target=arm-zephyr-eabi".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://github.com/zephyrproject-rtos/sdk-ng/issues>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from llhwc.o...
(No debugging symbols found in llhwc.o)
(gdb) disassemble llhwc_conn_evnt_done
Dump of assembler code for function llhwc_conn_evnt_done:
0x0000343c <+0>: stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, r10, r11, lr}
0x00003440 <+4>: ldr.w r10, [pc, #-4] ; 0x3440 <llhwc_conn_evnt_done+4>
0x00003444 <+8>: ldr.w r0, [r10, #72] ; 0x48
0x00003448 <+12>: ldr.w r8, [r10, #16]
0x0000344c <+16>: bl 0x344c <llhwc_conn_evnt_done+16>
0x00003450 <+20>: mov r11, r0
0x00003452 <+22>: movs r0, #80 ; 0x50
0x00003454 <+24>: bl 0x3454 <llhwc_conn_evnt_done+24>
0x00003458 <+28>: ldr r0, [pc, #1020] ; (0x3858 <llhwc_calc_num_rx_pkts+44>)
0x0000345a <+30>: bl 0x345a <llhwc_conn_evnt_done+30>
0x0000345e <+34>: cmp r0, #0
0x00003460 <+36>: mov r4, r0
0x00003462 <+38>: it ne
0x00003464 <+40>: movne r0, #1
0x00003466 <+42>: movs r1, #1
0x00003468 <+44>: movs r5, #1
0x0000346a <+46>: bl 0x346a <llhwc_conn_evnt_done+46>
0x0000346e <+50>: ldr.w r1, [r10, #72] ; 0x48
0x00003472 <+54>: movs r0, #0
0x00003474 <+56>: movw r6, #65535 ; 0xffff
0x00003478 <+60>: ldr r7, [pc, #1020] ; (0x3878 <llhwc_calc_num_rx_pkts+76>)
0x0000347a <+62>: str r0, [r4, #20]
0x0000347c <+64>: strb.w r0, [r4, #46] ; 0x2e
0x00003480 <+68>: str r0, [r4, #8]
0x00003482 <+70>: str.w r0, [r10, #72] ; 0x48
0x00003486 <+74>: str r1, [r4, #24]
0x00003488 <+76>: ldr r1, [pc, #1020] ; (0x3888 <llhwc_calc_num_rx_pkts+92>)
0x0000348a <+78>: ldr r1, [r1, #0]
0x0000348c <+80>: and.w r1, r1, #31
0x00003490 <+84>: lsl.w r2, r5, r1
0x00003494 <+88>: str r2, [r4, #16]
0x00003496 <+90>: ldr.w r1, [r11, #32]
0x0000349a <+94>: lsrs r1, r1, #27
0x0000349c <+96>: strb r1, [r4, #30]
0x0000349e <+98>: strb r1, [r4, #29]
0x000034a0 <+100>: ldrh.w r1, [r11, #28]
0x000034a4 <+104>: ldrh.w r9, [r11, #30]
0x000034a8 <+108>: cmp r1, r6
0x000034aa <+110>: beq.n 0x34c8 <llhwc_conn_evnt_done+140>
0x000034ac <+112>: ldr r3, [pc, #1020] ; (0x38ac <llhwc_calc_num_rx_pkts+128>)
0x000034ae <+114>: ldr r3, [r3, #0]
0x000034b0 <+116>: cmp r3, r6
0x000034b2 <+118>: beq.n 0x34c8 <llhwc_conn_evnt_done+140>
0x000034b4 <+120>: add r3, r7
0x000034b6 <+122>: ldrb r5, [r3, #3]
0x000034b8 <+124>: lsls r5, r5, #30
0x000034ba <+126>: bne.n 0x34c8 <llhwc_conn_evnt_done+140>
0x000034bc <+128>: ldrb r0, [r3, #4]
0x000034be <+130>: orr.w r0, r0, #16
0x000034c2 <+134>: strb r0, [r3, #4]
0x000034c4 <+136>: ldrd r2, r0, [r4, #16]
0x000034c8 <+140>: eor.w r2, r2, #128 ; 0x80
0x000034cc <+144>: orrs r0, r2
0x000034ce <+146>: bne.n 0x34f6 <llhwc_conn_evnt_done+186>
0x000034d0 <+148>: cmp r1, r6
0x000034d2 <+150>: beq.n 0x34f0 <llhwc_conn_evnt_done+180>
0x000034d4 <+152>: orr.w r0, r1, r7
0x000034d8 <+156>: ldrb r1, [r0, #3]
0x000034da <+158>: ldrb r0, [r0, #5]
0x000034dc <+160>: and.w r1, r1, #3
0x000034e0 <+164>: subs r1, #1
0x000034e2 <+166>: it ne
0x000034e4 <+168>: movne r1, #1
0x000034e6 <+170>: cmp r0, #0
0x000034e8 <+172>: it ne
0x000034ea <+174>: movne r0, #1
0x000034ec <+176>: ands r0, r1
0x000034ee <+178>: b.n 0x34f2 <llhwc_conn_evnt_done+182>
0x000034f0 <+180>: movs r0, #1
0x000034f2 <+182>: strb.w r0, [r4, #47] ; 0x2f
0x000034f6 <+186>: add.w r1, r4, #42 ; 0x2a
0x000034fa <+190>: mov r0, r9
0x000034fc <+192>: mov r2, r4
0x000034fe <+194>: movs r3, #0
0x00003500 <+196>: movs r5, #0
0x00003502 <+198>: bl 0x3502 <llhwc_conn_evnt_done+198>
0x00003506 <+202>: strb.w r0, [r4, #32]
0x0000350a <+206>: clz r0, r0
0x0000350e <+210>: strb.w r5, [r4, #39] ; 0x27
0x00003512 <+214>: strb.w r5, [r4, #33] ; 0x21
0x00003516 <+218>: ldr r5, [pc, #1020] ; (0x3914 <llhwc_calc_num_rx_pkts+232>)
0x00003518 <+220>: lsrs r0, r0, #5
0x0000351a <+222>: ldr r1, [r5, #104] ; 0x68
0x0000351c <+224>: ldr r2, [r5, #104] ; 0x68
0x0000351e <+226>: ldr r3, [r5, #104] ; 0x68
0x00003520 <+228>: strb r0, [r4, #31]
0x00003522 <+230>: movs r0, #2
0x00003524 <+232>: and.w r0, r0, r1, lsr #6
0x00003528 <+236>: ubfx r1, r2, #8, #1
0x0000352c <+240>: add r0, r1
0x0000352e <+242>: and.w r1, r3, #16
0x00003532 <+246>: add r0, r1
0x00003534 <+248>: ldr r1, [pc, #1020] ; (0x3934 <llhwc_calc_num_rx_pkts+264>)
0x00003536 <+250>: ldrb r1, [r1, #0]
0x00003538 <+252>: subs r1, #1
0x0000353a <+254>: clz r1, r1
0x0000353e <+258>: lsrs r1, r1, #5
0x00003540 <+260>: orr.w r0, r0, r1, lsl #6
0x00003544 <+264>: ldr r1, [pc, #1020] ; (0x3944 <llhwc_calc_num_rx_pkts+280>)
0x00003546 <+266>: strb.w r0, [r4, #44] ; 0x2c
0x0000354a <+270>: ldr.w r0, [r11, #32]
0x0000354e <+274>: ubfx r0, r0, #25, #1
0x00003552 <+278>: strb.w r0, [r4, #36] ; 0x24
0x00003556 <+282>: ldrb.w r0, [r11, #35] ; 0x23
0x0000355a <+286>: and.w r0, r0, #1
0x0000355e <+290>: strb.w r0, [r4, #37] ; 0x25
0x00003562 <+294>: ldr r0, [r5, #4]
0x00003564 <+296>: and.w r0, r0, #63 ; 0x3f
0x00003568 <+300>: strb.w r0, [r4, #40] ; 0x28
0x0000356c <+304>: ldr r0, [r5, #12]
0x0000356e <+306>: ldrh r2, [r1, #24]
0x00003570 <+308>: ldr.w r3, [r7, #1120] ; 0x460
0x00003574 <+312>: ldrh r1, [r1, #16]
0x00003576 <+314>: subs r2, r3, r2
0x00003578 <+316>: add r2, r1
0x0000357a <+318>: ubfx r1, r0, #1, #3
0x0000357e <+322>: mov r0, r4
0x00003580 <+324>: bl 0x3580 <llhwc_conn_evnt_done+324>
0x00003584 <+328>: ldrb.w r0, [r10, #80] ; 0x50
0x00003588 <+332>: cmp r0, #1
0x0000358a <+334>: bne.n 0x35b4 <llhwc_conn_evnt_done+376>
0x0000358c <+336>: ldr.w r0, [r10, #20]
0x00003590 <+340>: cbz r0, 0x35b4 <llhwc_conn_evnt_done+376>
0x00003592 <+342>: ldr r1, [pc, #1020] ; (0x3990 <llhwc_calc_num_rx_pkts+356>)
0x00003594 <+344>: add.w r2, r1, #28
0x00003598 <+348>: ldrh.w r1, [r11, #28]
0x0000359c <+352>: ldrh r3, [r2, #0]
0x0000359e <+354>: cmp r3, r1
0x000035a0 <+356>: beq.n 0x35b4 <llhwc_conn_evnt_done+376>
0x000035a2 <+358>: orr.w r2, r3, r7
0x000035a6 <+362>: cmp r0, r3
0x000035a8 <+364>: bne.n 0x359c <llhwc_conn_evnt_done+352>
0x000035aa <+366>: movs r0, #0
0x000035ac <+368>: str.w r0, [r10, #20]
0x000035b0 <+372>: strb.w r0, [r10, #80] ; 0x50
0x000035b4 <+376>: ldrb.w r0, [r4, #32]
0x000035b8 <+380>: ldrb.w r1, [r4, #33] ; 0x21
0x000035bc <+384>: str.w r9, [sp]
0x000035c0 <+388>: mov.w r9, #0
0x000035c4 <+392>: mov.w r10, #1
0x000035c8 <+396>: add r0, r1
0x000035ca <+398>: ldrb.w r1, [r11, #3]
0x000035ce <+402>: and.w r7, r1, #31
0x000035d2 <+406>: subs r5, r7, r0
0x000035d4 <+408>: b.n 0x3624 <llhwc_conn_evnt_done+488>
0x000035d6 <+410>: lsls r1, r0, #24
0x000035d8 <+412>: bne.n 0x35f0 <llhwc_conn_evnt_done+436>
0x000035da <+414>: lsls r0, r5, #24
0x000035dc <+416>: beq.n 0x3618 <llhwc_conn_evnt_done+476>
0x000035de <+418>: ldr.w r6, [r8, #4]
0x000035e2 <+422>: mov r0, r8
0x000035e4 <+424>: bl 0x35e4 <llhwc_conn_evnt_done+424>
0x000035e8 <+428>: subs r5, #1
0x000035ea <+430>: movs r0, #0
0x000035ec <+432>: mov r8, r6
0x000035ee <+434>: b.n 0x3624 <llhwc_conn_evnt_done+488>
0x000035f0 <+436>: subs r0, #1
0x000035f2 <+438>: ldr.w r1, [r8, #4]
0x000035f6 <+442>: lsls r2, r0, #24
0x000035f8 <+444>: beq.n 0x361e <llhwc_conn_evnt_done+482>
0x000035fa <+446>: ldr.w r2, [r8]
0x000035fe <+450>: ldrb r3, [r2, #0]
0x00003600 <+452>: and.w r3, r3, #3
0x00003604 <+456>: cmp r3, #3
0x00003606 <+458>: bne.n 0x3620 <llhwc_conn_evnt_done+484>
0x00003608 <+460>: ldrb r2, [r2, #4]
0x0000360a <+462>: orr.w r2, r2, #32
0x0000360e <+466>: cmp r2, #34 ; 0x22
0x00003610 <+468>: it eq
0x00003612 <+470>: strbeq.w r10, [r4, #46] ; 0x2e
0x00003616 <+474>: b.n 0x3620 <llhwc_conn_evnt_done+484>
0x00003618 <+476>: movs r5, #0
0x0000361a <+478>: movs r0, #0
0x0000361c <+480>: b.n 0x3624 <llhwc_conn_evnt_done+488>
0x0000361e <+482>: movs r0, #0
0x00003620 <+484>: mov r9, r8
0x00003622 <+486>: mov r8, r1
0x00003624 <+488>: uxtb r1, r7
0x00003626 <+490>: add.w r7, r1, #255 ; 0xff
0x0000362a <+494>: uxtb r1, r7
0x0000362c <+496>: cmp r1, r7
0x0000362e <+498>: it ne
0x00003630 <+500>: cmpne.w r8, #0
0x00003634 <+504>: bne.n 0x35d6 <llhwc_conn_evnt_done+410>
0x00003636 <+506>: cmp.w r9, #0
0x0000363a <+510>: itt ne
0x0000363c <+512>: movne r0, #0
0x0000363e <+514>: strne.w r0, [r9, #4]
0x00003642 <+518>: movw r1, #65535 ; 0xffff
0x00003646 <+522>: ldrb r0, [r4, #29]
0x00003648 <+524>: cbz r0, 0x3656 <llhwc_conn_evnt_done+538>
0x0000364a <+526>: ldrb.w r0, [r4, #32]
0x0000364e <+530>: cbnz r0, 0x3656 <llhwc_conn_evnt_done+538>
0x00003650 <+532>: ldrb.w r0, [r4, #33] ; 0x21
0x00003654 <+536>: cbz r0, 0x3664 <llhwc_conn_evnt_done+552>
0x00003656 <+538>: ldrb.w r0, [r11, #34] ; 0x22
0x0000365a <+542>: lsls r0, r0, #30
0x0000365c <+544>: bpl.n 0x366a <llhwc_conn_evnt_done+558>
0x0000365e <+546>: ldr r0, [sp, #0]
0x00003660 <+548>: cmp r0, r1
0x00003662 <+550>: bne.n 0x366a <llhwc_conn_evnt_done+558>
0x00003664 <+552>: movs r0, #1
0x00003666 <+554>: strb.w r0, [r4, #33] ; 0x21
0x0000366a <+558>: movs r0, #0
0x0000366c <+560>: mov r1, r4
0x0000366e <+562>: bl 0x366e <llhwc_conn_evnt_done+562>
0x00003672 <+566>: bl 0x3672 <llhwc_conn_evnt_done+566>
0x00003676 <+570>: ldr r0, [pc, #1020] ; (0x3a74 <OUTLINED_FUNCTION_7>)
0x00003678 <+572>: ldrb.w r0, [r0, #80] ; 0x50
0x0000367c <+576>: cbnz r0, 0x3682 <llhwc_conn_evnt_done+582>
0x0000367e <+578>: bl 0x367e <llhwc_conn_evnt_done+578>
0x00003682 <+582>: ldr r0, [r4, #24]
0x00003684 <+584>: bl 0x3684 <llhwc_conn_evnt_done+584>
0x00003688 <+588>: ldr r1, [pc, #1020] ; (0x3a88 <OUTLINED_FUNCTION_8>)
0x0000368a <+590>: ldr.w r0, [r1, #136] ; 0x88
0x0000368e <+594>: bic.w r0, r0, #1073741824 ; 0x40000000
0x00003692 <+598>: str.w r0, [r1, #136] ; 0x88
0x00003696 <+602>: movs r0, #80 ; 0x50
0x00003698 <+604>: ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, r10, r11, lr}
0x0000369c <+608>: b.w 0x369c <llhwc_conn_evnt_done+608>
End of assembler dump.
Labels:
- Labels:
-
Bug-report
0 REPLIES 0
