From: Jiajia Liu <liujiajia@kylinos.cn>
To: Paul Menzel <pmenzel@molgen.mpg.de>
Cc: Luiz Augusto von Dentz <luiz.dentz@gmail.com>,
Marcel Holtmann <marcel@holtmann.org>,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
Jiajia Liu <liujia6264@gmail.com>
Subject: Re: [PATCH v2] Bluetooth: hci_event: fix simultaneous discovery stuck in FINDING
Date: Wed, 3 Jun 2026 10:45:52 +0800 [thread overview]
Message-ID: <ah-VYK0LqpG8ft7g@nature> (raw)
In-Reply-To: <95453e74-636d-4a9f-91c0-189366423180@molgen.mpg.de>
On Tue, Jun 02, 2026 at 11:53:29PM +0200, Paul Menzel wrote:
> [Cc: -brian.gix@intel.com (bouncing)]
>
> Dear Luiz,
>
>
> Am 02.06.26 um 18:43 schrieb Luiz Augusto von Dentz:
>
> > On Tue, Jun 2, 2026 at 10:41 AM Paul Menzel <pmenzel@molgen.mpg.de> wrote:
>
> > > Am 02.06.26 um 09:00 schrieb Jiajia Liu:
> > > > When hci_inquiry_complete_evt is called between le_scan_disable and
> > > > le_set_scan_enable_complete and no remote name needs to be resolved,
> > > > the interleaved discovery with SIMULTANEOUS quirk gets stuck in
> > > > DISCOVERY_FINDING. le_set_scan_enable_complete does not check inquiry
> > > > state. No one sets DISCOVERY_STOPPED in this process.
> > > >
> > > > Add state check in le_set_scan_enable_complete and change state if
> > > > the state is DISCOVERY_FINDING. Tested with AX201 (8087:0026) in Dell
> > >
> > > … change state to DISCOVERY_STOPPED …
> > >
> > > I’d add a new paragraph for the Tested part.
> > >
> > > > Vostro 13. Discovering disabled MGMT Event below is reported when
> > > > running into the above condition.
> > >
> > > Thank you for sharing the test device. Could you please document how to
> > > get into this state exactly? Some Xiaomi device?
> >
> > What are you talking about here by saying Xiaomi device? He literally
> > said Dell Vostro 13, a laptop, and this is a local only procedure,
> > there is no remote device involved here.
>
> In the trace below a Xiaomi device shows up, if I am not mistaken.
There should be no requirements for Bluetooth devices. To keep the serial
number of packet continuous, I didn't remove the Device Found MGMT Event.
It looks like someone's TV device.
The producer is Open the bluetooth panel of gnome-control-center and wait.
If the device list on the pannel is not flushed again and becomes empty,
it probably gets into this state. btmon or dynamic debug of
hci_discovery_set_state can confirm the state.
It think it depends on the timing of Inquiry Complete Event. There is a
very small time slot between disabling LE scan and disabling completion.
If Inquiry Complete Event arrives in the slot, there is a chance to hit
the state.
>
> > > > @ MGMT Command: Start Discovery (0x0023) {0x0001} [hci0] 10885.970873
> > > > Address type: 0x07
> > > > BR/EDR
> > > > LE Public
> > > > LE Random
> > > > ...
> > > > < HCI Command: LE Set Extended Scan Enable #38205 [hci0] 10886.131438
> > > > Extended scan: Enabled (0x01)
> > > > Filter duplicates: Enabled (0x01)
> > > > Duration: 0 msec (0x0000)
> > > > Period: 0.00 sec (0x0000)
> > > > > HCI Event: Command Complete (0x0e) plen 4 #38206 [hci0] 10886.133295
> > > > LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
> > > > Status: Success (0x00)
> > > > @ MGMT Event: Discovering (0x0013) plen 2 {0x0001} [hci0] 10886.133414
> > > > Address type: 0x07
> > > > BR/EDR
> > > > LE Public
> > > > LE Random
> > > > Discovery: Enabled (0x01)
> > > > < HCI Command: Inquiry (0x01|0x0001) plen 5 #38207 [hci0] 10886.133528
> > > > Access code: 0x9e8b33 (General Inquiry)
> > > > Length: 10.24s (0x08)
> > > > Num responses: 0
> > > > > HCI Event: Command Status (0x0f) plen 4 #38208 [hci0] 10886.141333
> > > > Inquiry (0x01|0x0001) ncmd 2
> > > > Status: Success (0x00)
> > > > ...
> > > > < HCI Command: LE Set Extended Scan Enable #38242 [hci0] 10896.381802
> > > > Extended scan: Disabled (0x00)
> > > > Filter duplicates: Disabled (0x00)
> > > > Duration: 0 msec (0x0000)
> > > > Period: 0.00 sec (0x0000)
> > > > > HCI Event: Inquiry Complete (0x01) plen 1 #38243 [hci0] 10896.383419
> > > > Status: Success (0x00)
> > > > > HCI Event: Command Complete (0x0e) plen 4 #38244 [hci0] 10896.394378
> > > > LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
> > > > Status: Success (0x00)
> > > > @ MGMT Event: Device Found (0x0012) plen 22 {0x0001} [hci0] 10896.394497
> > > > LE Address: 88:12:AC:92:43:69
> > > > RSSI: -101 dBm (0x9b)
> > > > Flags: 0x00000004
> > > > Not Connectable
> > > > Data length: 8
> > > > Company: Xiaomi Inc. (911)
> > > > Data[0]:
> > > > 16-bit Service UUIDs (complete): 1 entry
> > > > Xiaomi Inc. (0xfdaa)
> > > > @ MGMT Event: Discovering (0x0013) plen 2 {0x0001} [hci0] 10896.394506
> > > > Address type: 0x07
> > > > BR/EDR
> > > > LE Public
> > > > LE Random
> > > > Discovery: Disabled (0x00)
> > > >
> > > > Fixes: 8ffde2a73f2c ("Bluetooth: Convert le_scan_disable timeout to hci_sync")
> > > > Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
> > > > ---
> > > >
> > > > Changes in v2:
> > > > - move the handler to hci_event.c
> > > > - remove unnecessary bt_dev_dbg
> > > > - update commit message
> > > >
> > > > ---
> > > > net/bluetooth/hci_event.c | 7 +++++++
> > > > 1 file changed, 7 insertions(+)
> > > >
> > > > diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> > > > index eea2f810aafa..1cd5f97daafe 100644
> > > > --- a/net/bluetooth/hci_event.c
> > > > +++ b/net/bluetooth/hci_event.c
> > > > @@ -1769,6 +1769,13 @@ static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
> > > >
> > > > hci_dev_clear_flag(hdev, HCI_LE_SCAN);
> > > >
> > > > + if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
> > > > + hci_test_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY) &&
> > > > + !test_bit(HCI_INQUIRY, &hdev->flags) &&
> > > > + hdev->discovery.state == DISCOVERY_FINDING) {
> > > > + hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
> > > > + }
> > > > +
> > > > /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
> > > > * interrupted scanning due to a connect request. Mark
> > > > * therefore discovery as stopped.
>
>
> Kind regards,
>
> Paul
next prev parent reply other threads:[~2026-06-03 2:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-02 7:00 [PATCH v2] Bluetooth: hci_event: fix simultaneous discovery stuck in FINDING Jiajia Liu
2026-06-02 14:40 ` Paul Menzel
2026-06-02 16:43 ` Luiz Augusto von Dentz
2026-06-02 21:53 ` Paul Menzel
2026-06-03 2:45 ` Jiajia Liu [this message]
2026-06-03 17:50 ` patchwork-bot+bluetooth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ah-VYK0LqpG8ft7g@nature \
--to=liujiajia@kylinos.cn \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=liujia6264@gmail.com \
--cc=luiz.dentz@gmail.com \
--cc=marcel@holtmann.org \
--cc=pmenzel@molgen.mpg.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox