Bus fault on nRF52840 peripheral in BLE HCI USB Raw mode with 251-byte packets

While running the BLE HCI USB (bluetooth_hci_usb) sample in Raw mode on an nRF52840 board, we observe a bus fault under specific conditions. The fault occurs when the device is acting as a peripheral and receiving data packets of maximum length 251 bytes. Reducing the maximum data length to 120 bytes prevents the fault.

Environment:

• Device: nRF52840

• Firmware: BLE HCI USB sample in Raw mode (Zephyr) (https://github.com/zephyrproject-rtos/zephyr/tree/main/samples/bluetooth/hci_usb)

• Host OS: Yocto-based Linux v6.6-scarthgap

• Bluetooth stack: BlueZ v5.72

• Connection parameters:

  • Connection interval: 7.5 ms

  • Supervision timeout: 5000 ms

  • Latency: 0

• Connection role: Peripheral

Following is the prj.conf file settings.

CONFIG_BT=y
CONFIG_BT_HCI_RAW=y
CONFIG_SERIAL=n
CONFIG_CONSOLE=n
CONFIG_UART_CONSOLE=n

CONFIG_USB_DEVICE_STACK_NEXT=y
CONFIG_CDC_ACM_SERIAL_INITIALIZE_AT_BOOT=n
CONFIG_SAMPLE_USBD_PID=0x000B
CONFIG_SAMPLE_USBD_PRODUCT="Zephyr USBD BT HCI"
CONFIG_USBD_BT_HCI=y

CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC=y
CONFIG_BT_DATA_LEN_UPDATE=y
CONFIG_BT_AUTO_DATA_LEN_UPDATE=y
CONFIG_BT_BUF_ACL_RX_SIZE=251
CONFIG_BT_BUF_ACL_TX_SIZE=251
CONFIG_BT_CTLR_DATA_LENGTH_MAX=251
CONFIG_BT_BUF_ACL_RX_COUNT=20
CONFIG_BT_BUF_ACL_TX_COUNT=12

Here is the initial log when the BLE HCI USB sample in Raw mode is started.

00> [00:00:00.000,396] <inf> udc_nrf: Preinit

00> *** Booting nRF Connect SDK v3.1.1-e2a97fe2578a ***
00> *** Using Zephyr OS v4.1.99-ff8f0c579eeb ***
00> [00:00:00.000,640] <inf> bt_sdc_hci_driver: SoftDevice Controller build revision:
00> fc de 41 eb a2 d1 42 24 00 b5 f8 57 9f ac 9d 9e |..A...B$ ...W....
00> aa c9 b4 34 |...4
00> [00:00:00.001,037] <inf> bt_hci_raw: Lower HCI transport: SDC
00> [00:00:00.001,037] <inf> bt_hci_raw: Bluetooth enabled in RAW mode
00> [00:00:00.001,220] <inf> udc_nrf: Initialized
00> [00:00:00.001,220] <inf> usbd_init: interface 0 alternate 0
00> [00:00:00.001,251] <inf> usbd_init: ep 0x81 mps 0x0010 interface ep-bm 0x00020000
00> [00:00:00.001,281] <inf> usbd_init: ep 0x82 mps 0x0040 interface ep-bm 0x00060000
00> [00:00:00.001,312] <inf> usbd_init: ep 0x01 mps 0x0040 interface ep-bm 0x00060002

When I used the CONFIG_BT_CTLR_DATA_LENGTH_MAX as 120 bytes, it works fine. But when the CONFIG_BT_CTLR_DATA_LENGTH_MAX is increased to 251, I see the following error.

00> [00:41:24.006,164] <err> os: ***** BUS FAULT *****
00> [00:41:24.006,164] <err> os: Precise data bus error
00> [00:41:24.006,195] <err> os: BFAR Address: 0x1e32160
00> [00:41:24.006,195] <err> os: r0/a1: 0xffffffff r1/a2: 0x88000000 r2/a3: 0x01e32100
00> [00:41:24.006,225] <err> os: r3/a4: 0x00000018 r12/ip: 0x00000001 r14/lr: 0x0002200d
00> [00:41:24.006,225] <err> os: xpsr: 0x81000037
00> [00:41:24.006,225] <err> os: Faulting instruction address (r15/pc): 0x0002ac1e
00> [00:41:24.006,256] <err> os: >>> ZEPHYR FATAL ERROR 25: Unknown error on CPU 0
00> [00:41:24.006,286] <err> os: Fault during interrupt handling
00>
00> [00:41:24.006,317] <err> os: Current thread: 0x20003708 (unknown)
00> [00:41:24.703,704] <err> os: Halting system

Could you advise why this Bus Fault is occurring and suggest how to resolve it?