Disabling advertising gets stuck

[zephyrbot]

Reported by Johan Hedberg:

Trying to disable connectable advertising while doing continuous passive scanning caused the controller to get stuck:

(gdb) bt full
#0 __SEV () at /home/jh/src/zephyr/ext/hal/cmsis/Include/cmsis_gcc.h:406
No locals.
#1 cpu_sleep () at /home/jh/src/zephyr/subsys/bluetooth/controller/hal/cpu.h:14
No locals.
#2 0x00011ed2 in role_disable (ticker_id_primary=ticker_id_primary@entry=5 '\005',
ticker_id_stop=ticker_id_stop@entry=3 '\003') at /home/jh/src/zephyr/subsys/bluetooth/controller/ll_sw/ctrl.c:8089
ret_cb = 2
ticks_active_to_start = 0
ticks_xtal_to_start = 39
ret =
func = "role_disable"
#3 0x0001651e in radio_adv_disable () at /home/jh/src/zephyr/subsys/bluetooth/controller/ll_sw/ctrl.c:8394
status =
#4 0x00016e12 in ll_adv_enable (enable=)
at /home/jh/src/zephyr/subsys/bluetooth/controller/ll_sw/ll_adv.c:345
radio_scan_data =
radio_adv_data =
pdu_scan = 0x200037cc <_net_buf_hci_cmd_pool>
pdu_adv = 0xa <crc16+10>
#5 0x0000f95a in le_set_adv_enable (buf=0x200037cc <_net_buf_hci_cmd_pool>, evt=0x20003014 <tx_thread_stack+824>)
at /home/jh/src/zephyr/subsys/bluetooth/controller/hci/hci.c:724
cmd =
ccst = 0x2 <crc16+2>
status = 536885196
#6 controller_cmd_handle (evt=0x20003014 <tx_thread_stack+824>, cmd=0x200037cc <_net_buf_hci_cmd_pool>, ocf=10)
at /home/jh/src/zephyr/subsys/bluetooth/controller/hci/hci.c:1242
No locals.
#7 hci_cmd_handle (cmd=cmd@entry=0x200037cc <_net_buf_hci_cmd_pool>)
at /home/jh/src/zephyr/subsys/bluetooth/controller/hci/hci.c:1413
ccst =
chdr =
evt = 0x0
ocf = 10
err =
func = "hci_cmd_handle"
#8 0x000101c8 in cmd_handle (buf=0x200037cc <_net_buf_hci_cmd_pool>)
at /home/jh/src/zephyr/subsys/bluetooth/controller/hci/hci_driver.c:340
evt =
#9 hci_driver_send (buf=0x200037cc <_net_buf_hci_cmd_pool>)
at /home/jh/src/zephyr/subsys/bluetooth/controller/hci/hci_driver.c:369
err =
#10 0x00002d76 in bt_hci_ecc_send (buf=buf@entry=0x200037cc <_net_buf_hci_cmd_pool>)
at /home/jh/src/zephyr/subsys/bluetooth/host/hci_ecc.c:306
No locals.
#11 0x00003a00 in bt_send (buf=buf@entry=0x200037cc <_net_buf_hci_cmd_pool>)
---Type to continue, or q to quit---
ci_core.c:3839
No locals.
#12 0x00003c02 in send_cmd () at /home/jh/src/zephyr/subsys/bluetooth/host/hci_core.c:2937
buf = 0x200037cc <_net_buf_hci_cmd_pool>
err =
#13 process_events (ev=0x20000248 , count=2) at /home/jh/src/zephyr/subsys/bluetooth/host/hci_core.c:2961
No locals.
#14 hci_tx_thread (p1=, p2=, p3=)
at /home/jh/src/zephyr/subsys/bluetooth/host/hci_core.c:3021
ev_count =
err =
events = {{poller = 0x0 , tag = 0, type = 4, state = 8, mode = 0, unused = 0, {obj = 0x2000022c <bt_dev+196>,
signal = 0x2000022c <bt_dev+196>, sem = 0x2000022c <bt_dev+196>, fifo = 0x2000022c <bt_dev+196>,
queue = 0x2000022c <bt_dev+196>}}, {poller = 0x0 , tag = 0, type = 1, state = 0, mode = 0, unused = 0, {
obj = 0x20001280 <conn_change>, signal = 0x20001280 <conn_change>, sem = 0x20001280 <conn_change>,
fifo = 0x20001280 <conn_change>, queue = 0x20001280 <conn_change>}}, {poller = 0x0 , tag = 2, type = 4,
state = 0, mode = 0, unused = 0, {obj = 0x200012c8 <conns+44>, signal = 0x200012c8 <conns+44>,
sem = 0x200012c8 <conns+44>, fifo = 0x200012c8 <conns+44>, queue = 0x200012c8 <conns+44>}}, {
poller = 0x0 , tag = 1, type = 4, state = 8, mode = 0, unused = 0, {obj = 0x200012b4 <conns+24>,
signal = 0x200012b4 <conns+24>, sem = 0x200012b4 <conns+24>, fifo = 0x200012b4 <conns+24>,
queue = 0x200012b4 <conns+24>}}}
func = "hci_tx_thread"
#15 0x0001893c in _thread_entry (entry=0x3b49 <hci_tx_thread>, p1=, p2=, p3=)
at /home/jh/src/zephyr/kernel/thread.c:186
No locals.
#16 0xaaaaaaaa in ?? ()
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)

(Imported from Jira ZEP-2340)

[zephyrbot]

by Vinayak Kariappa Chettimada:

#648