Linux/WL1835MOD: kim_probe segmentation fault

Frank Vasquez

Part Number: WL1835MOD
Other Parts Discussed in Thread: AM5728

Tool/software: Linux

I have a custom AM5728 board with a WL1835MOD that I am trying to enable Bluetooth on. I am using a recent Linux 4.14.59 kernel from TI's git repo. When I modprobe st_drv I get the following kernel panic.

[   41.473886] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   41.482454] pgd = ecb7c000
[   41.485377] [00000000] *pgd=f70d4835
[   41.489240] Internal error: Oops: 17 [#1] SMP ARM
[   41.489245] Modules linked in: st_drv(+) cfg80211
[   41.489268] CPU: 1 PID: 208 Comm: modprobe Not tainted 4.14.59 #2
[   41.489272] Hardware name: Generic DRA74X (Flattened Device Tree)
[   41.489278] task: ecb2e3c0 task.stack: ecb30000
[   41.489296] PC is at kim_probe+0x78/0x220 [st_drv]
[   41.489301] LR is at 0xa
[   41.489306] pc : [<bf0cd2e8>]    lr : [<0000000a>]    psr: 60040013
[   41.489311] sp : ecb31d58  ip : 00000000  fp : c4ff6c04
[   41.489315] r10: 00000001  r9 : 00000000  r8 : bf0d039c
[   41.489320] r7 : 00000000  r6 : ee2ef400  r5 : ffffffed  r4 : ecad3f00
[   41.489325] r3 : ecae6400  r2 : bf0ccdcc  r1 : bf0ce838  r0 : 00000000
[   41.489331] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   41.489337] Control: 10c5387d  Table: acb7c06a  DAC: 00000051
[   41.489341] Process modprobe (pid: 208, stack limit = 0xecb30218)
[   41.489347] Stack: (0xecb31d58 to 0xecb32000)
[   41.489353] 1d40:                                                       c501a5bc bf0d0064
[   41.489361] 1d60: ee2ef410 ffffffed bf0d0064 fffffdfb bf0d0064 c05970c4 ee2ef410 c501a5bc
[   41.489368] 1d80: c501a5c0 00000000 bf0d0064 c0595324 ee2ef410 bf0d0064 ee2ef444 00000000
[   41.489376] 1da0: ecb18c70 00000001 c01df538 c05954a4 00000000 bf0d0064 c05953f8 c0593884
[   41.489384] 1dc0: ee0b20a4 ee2e47d0 bf0d0064 ecb94680 c48a6580 c0594894 bf0ce838 bf0d3000
[   41.489391] 1de0: ffffe000 bf0d0064 bf0d3000 ffffe000 bf0d0140 c05962cc 00000000 bf0d3000
[   41.489399] 1e00: ffffe000 c0101df4 60040013 c4807968 ee0000c0 c0192f10 c488b254 c48d009b
[   41.489407] 1e20: 014000c0 c01b1228 ecb95800 c02aa0fc 00000040 c0195994 0000000c c01e2ce4
[   41.489414] 1e40: ecb95800 bf0d0140 c48d1204 ecb18c40 bf0d0140 c48d1204 ecb95800 bf0d0140
[   41.489422] 1e60: ecb18c70 c01e3b84 c488b254 c48d1204 c48cfeb3 c48d1204 ecb18c40 c01e2d30
[   41.489430] 1e80: bf0d014c 00007fff bf0d0140 c01dfdf8 ffffe000 bf0d0188 00000028 c0906400
[   41.489437] 1ea0: bf0d0280 bf0d02b0 bf0d0294 00000000 bf0ceee4 c02c0001 00000003 00000000
[   41.489445] 1ec0: c02c5e7c 00000000 00000000 bf0ce024 00000002 00000000 00000000 00000000
[   41.489452] 1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   41.489460] 1f00: 7fffffff 00000000 00000003 000c5768 0000017b 7fffffff 00000000 00000000
[   41.489467] 1f20: 000c5bf0 c01e356c 7fffffff 00000000 00000003 ecad2000 c4807968 f1ca6000
[   41.489475] 1f40: 00007304 00000000 f1ca8eb3 f1ca6000 00007304 f1cacd14 f1cacb8c f1cab370
[   41.489482] 1f60: 00005000 00005a60 00000000 00000000 00000000 00002914 00000023 00000024
[   41.489490] 1f80: 0000001a 0000001e 00000016 00000000 000c5768 000c5730 000c5768 c0107ea4
[   41.489498] 1fa0: ecb30000 c0107ce0 000c5768 000c5730 00000003 000c5768 00000000 000c5788
[   41.489506] 1fc0: 000c5768 000c5730 000c5768 0000017b 000c5788 00000001 000c5788 000c5bf0
[   41.489514] 1fe0: beaefb58 beaefb48 00025de8 b6f33a82 80040030 00000003 00000000 00000000
[   41.489539] [<bf0cd2e8>] (kim_probe [st_drv]) from [<c05970c4>] (platform_drv_probe+0x50/0xac)
[   41.489552] [<c05970c4>] (platform_drv_probe) from [<c0595324>] (driver_probe_device+0x20c/0x2e0)
[   41.489565] [<c0595324>] (driver_probe_device) from [<c05954a4>] (__driver_attach+0xac/0xb0)
[   41.489576] [<c05954a4>] (__driver_attach) from [<c0593884>] (bus_for_each_dev+0x4c/0x9c)
[   41.489587] [<c0593884>] (bus_for_each_dev) from [<c0594894>] (bus_add_driver+0x174/0x208)
[   41.489598] [<c0594894>] (bus_add_driver) from [<c05962cc>] (driver_register+0x78/0xf4)
[   41.489610] [<c05962cc>] (driver_register) from [<c0101df4>] (do_one_initcall+0x3c/0x16c)
[   41.489620] [<c0101df4>] (do_one_initcall) from [<c01e3b84>] (do_init_module+0x5c/0x1e0)
[   41.489627] [<c01e3b84>] (do_init_module) from [<c01e2d30>] (load_module+0x1fc4/0x25d4)
[   41.489635] [<c01e2d30>] (load_module) from [<c01e356c>] (SyS_finit_module+0x98/0xb4)
[   41.489645] [<c01e356c>] (SyS_finit_module) from [<c0107ce0>] (ret_fast_syscall+0x0/0x28)
[   41.489654] Code: 1a00004f e5943094 e59f116c e58340ec (e5970000)
[   41.489662] ---[ end trace b91d7a3d0577d7bb ]---

I instrumented st_kim.c with some debug logging and determined that pdata is unexpectedly null at the start of kim_probe. Here is our relevant DTS.

	kim {
		compatible = "kim";
		nshutdown_gpio = <228>;  /* Bank 8, Pin 4 */
		dev_name = "/dev/ttyO5";
		flow_cntrl = <1>;
		baud_rate = <3000000>;
	};

A colleague then showed me a related patch TI submitted to the kernel which was merged back in January of 2015.

http://lkml.iu.edu/hypermail/linux/kernel/1501.1/00668.html

Unfortunately, this patch was reverted from the kernel six months later so the device tree binding is being ignored.

http://github.com/torvalds/linux/commit/c0bd1b9e58959c51a4c939505f89721dfbc73c44

Reapplying the patch to TI's 4.14.59 kernel fixed the seg fault. Since loading the btwilink kernel module also loads the broken st_drv kernel module I don't see how Bluetooth can be made to work on the WL1835MOD without this patch. Are there any plans to get a replacement patch upstream? Or should I apply the reverted patch to TI's kernel myself when building?

over 6 years ago

0 Vihang Parmar over 6 years ago

TI__Mastermind 29250 points

Hi Frank,

Are you using the Linux SDK for AM57x Sitara Processors (PROCESSOR-SDK-LINUX-AM57X)?

Best regards,
Vihang

0 Frank Vasquez over 6 years ago in reply to Vihang Parmar

Prodigy 160 points

Hi Vihang,

I am fetching the ti-linux-4.14.y branch of git://git.ti.com/ti-linux-kernel/ti-linux-kernel.git and compiling it with Buildroot.

Cheers,
Frank

0 Hari Nagalla over 6 years ago in reply to Frank Vasquez

TI__Mastermind 27080 points

Shared transport is not used/recommended for Bluetooth any more. Just enable HCI tty driver in the kernel.
Are, you using Bluez5?

Thanks

0 Frank Vasquez over 6 years ago in reply to Hari Nagalla

Prodigy 160 points

Hi Hari,

Yes. I am trying to use Bluez5. I have sysvinit scripts to start uim and bluetoothd. The reason I have shared transport in my kernel is because BT_WILINK depends on it.

  │ Symbol: BT_WILINK [=n]  
  │ Type  : tristate 
  │ Prompt: Texas Instruments WiLink7 driver 
  │   Location:  
  │     -> Networking support (NET [=y]) 
  │       -> Bluetooth subsystem support (BT [=m])  
  │ (1)     -> Bluetooth device drivers 
  │   Defined at drivers/bluetooth/Kconfig:356 
  │   Depends on: NET [=y] && BT [=m] && TI_ST [=n]

Don't I need the btwilink driver in order to get Bluetooth on the WL1835MOD? Or can I just have BT_HCIUART enabled in my kernel and Bluez5 will do the rest?

Cheers
Frank

0 Hari Nagalla over 6 years ago in reply to Frank Vasquez

TI__Mastermind 27080 points

Yes. Please use BT_HCIUART, BT_HCIUART_SERDEV, BT_HCIUART_H4, BT_HCIUART_LL options to get BT kernel modules built. Install the modules to the file system and it should then work.
You can use with TI processor SDK5.0 (based on 4.14 kernel) for the file system and kernel image.. But, you still need to build the modules as said above..

Thanks

0 Frank Vasquez over 6 years ago in reply to Hari Nagalla

Prodigy 160 points

Hari,

Thank you so much. I enabled those kernel modules instead of btwilink and bluez5 appears to still be working.

Cheers,
Frank

0 user3754727 over 6 years ago in reply to Hari Nagalla

Prodigy 235 points

Hi Hari,
without ti-st,how to attach uart port?

0 Hari Nagalla over 6 years ago in reply to user3754727

TI__Mastermind 27080 points

Use, Bluez's hciattach..

example:
hciattach <uart port> texas < baudrate>
hciattach /dev/ttyS3 texas 3000000

Ensure, todo a BT_EN toggle before 'hciattach'.

Thanks

0 user3754727 over 6 years ago in reply to Hari Nagalla

Prodigy 235 points

Thanks,
I enter the following command:

# hciattach /dev/ttyMAX1 texas 3000000

And I got this:

Found a Texas Instruments' chip!
Firmware file : /lib/firmware/TIInit_11.8.32.bts
Loaded BTS script version 1
texas: changing baud rate to 3000000, flow control to 1

Initialization timed out.

But I can see that there are 3000000 waveforms on Rx and Tx with the oscilloscope.
What is the reason for this?

0 Hari Nagalla over 6 years ago in reply to user3754727

TI__Mastermind 27080 points

0513.hci-testIt seems, the BT controller is detected, but after wards the initialization failed.. You configured the UART for hardware flow control right? Is the UART supporting the 3000000 baudrate?

If, you still have problems, i would suggest checking the basic UART connectivity with various baudrates with the attached test program.. The usage is as below:

hci-test <dev-name> <baud rate> <bt_en_gpio>

Thanks

Wi-Fi

Wi-Fi forum

Linux/WL1835MOD: kim_probe segmentation fault