* [PATCH] Bluetooth: hci_sync: fix simultaneous discovery stuck in FINDING
@ 2026-06-01 1:26 Jiajia Liu
2026-06-01 2:13 ` bluez.test.bot
2026-06-01 13:32 ` [PATCH] " Luiz Augusto von Dentz
0 siblings, 2 replies; 4+ messages in thread
From: Jiajia Liu @ 2026-06-01 1:26 UTC (permalink / raw)
To: Marcel Holtmann, Luiz Augusto von Dentz, Brian Gix
Cc: linux-bluetooth, linux-kernel, Jiajia Liu
When hci_inquiry_complete_evt is called between le_scan_disable and
le_set_scan_enable_complete and no remote name needs to be resolved,
the interleaved discovery with SIMULTANEOUS quirk gets stuck in
DISCOVERY_FINDING. le_set_scan_enable_complete does not check inquiry
state. No one sets DISCOVERY_STOPPED in this process.
< HCI Command: LE Set Extended Scan Enable #1764 [hci0] 608.610392
Extended scan: Disabled (0x00)
Filter duplicates: Disabled (0x00)
Duration: 0 msec (0x0000)
Period: 0.00 sec (0x0000)
> HCI Event: Inquiry Complete (0x01) #1765 [hci0] 608.610548
Status: Success (0x00)
> HCI Event: Command Complete (0x0e) #1766 [hci0] 608.611589
LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
Status: Success (0x00)
Add scan_disable_complete to check state and stop discovery if stuck.
Tested with bluetooth AX201 (8087:0026) in Dell Vostro 13 laptop.
[4517.963204] hci0: state 0 -> 1
[4518.096858] hci0: state 1 -> 2
[4528.353765] hci0: state 2 -> 0
[4528.353776] hci0: state finding to stopped
[4533.966844] hci0: state 0 -> 1
[4534.097702] hci0: state 1 -> 2
[4544.478600] hci0: state 2 -> 0
Fixes: 8ffde2a73f2c ("Bluetooth: Convert le_scan_disable timeout to hci_sync")
Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
---
net/bluetooth/hci_sync.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index aff8562a8690..4cb1c82cc3f0 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -361,6 +361,28 @@ static int interleaved_inquiry_sync(struct hci_dev *hdev, void *data)
return hci_inquiry_sync(hdev, DISCOV_INTERLEAVED_INQUIRY_LEN, 0);
}
+static void scan_disable_complete(struct hci_dev *hdev, void *data, int err)
+{
+ if (err)
+ return;
+
+ hci_dev_lock(hdev);
+
+ if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
+ goto unlock;
+
+ if (hci_test_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY)) {
+ if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
+ hdev->discovery.state == DISCOVERY_FINDING) {
+ hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
+ bt_dev_dbg(hdev, "state finding to stopped");
+ }
+ }
+
+unlock:
+ hci_dev_unlock(hdev);
+}
+
static void le_scan_disable(struct work_struct *work)
{
struct hci_dev *hdev = container_of(work, struct hci_dev,
@@ -373,7 +395,8 @@ static void le_scan_disable(struct work_struct *work)
if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
goto _return;
- status = hci_cmd_sync_queue(hdev, scan_disable_sync, NULL, NULL);
+ status = hci_cmd_sync_queue(hdev, scan_disable_sync, NULL,
+ scan_disable_complete);
if (status) {
bt_dev_err(hdev, "failed to disable LE scan: %d", status);
goto _return;
--
2.53.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: Bluetooth: hci_sync: fix simultaneous discovery stuck in FINDING
2026-06-01 1:26 [PATCH] Bluetooth: hci_sync: fix simultaneous discovery stuck in FINDING Jiajia Liu
@ 2026-06-01 2:13 ` bluez.test.bot
2026-06-01 13:32 ` [PATCH] " Luiz Augusto von Dentz
1 sibling, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2026-06-01 2:13 UTC (permalink / raw)
To: linux-bluetooth, liujiajia
[-- Attachment #1: Type: text/plain, Size: 2204 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1103706
---Test result---
Test Summary:
CheckPatch PASS 0.74 seconds
VerifyFixes PASS 0.13 seconds
VerifySignedoff PASS 0.13 seconds
GitLint PASS 0.32 seconds
SubjectPrefix PASS 0.12 seconds
BuildKernel PASS 26.47 seconds
CheckAllWarning PASS 28.43 seconds
CheckSparse PASS 28.92 seconds
BuildKernel32 PASS 24.87 seconds
TestRunnerSetup PASS 535.30 seconds
TestRunner_l2cap-tester PASS 59.65 seconds
TestRunner_iso-tester PASS 77.77 seconds
TestRunner_bnep-tester PASS 19.01 seconds
TestRunner_mgmt-tester FAIL 210.17 seconds
TestRunner_rfcomm-tester PASS 25.71 seconds
TestRunner_sco-tester PASS 32.80 seconds
TestRunner_ioctl-tester PASS 26.19 seconds
TestRunner_mesh-tester FAIL 25.96 seconds
TestRunner_smp-tester PASS 23.25 seconds
TestRunner_userchan-tester PASS 20.24 seconds
TestRunner_6lowpan-tester PASS 22.78 seconds
IncrementalBuild PASS 24.64 seconds
Details
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4
Failed Test Cases
Read Exp Feature - Success Failed 0.247 seconds
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
Failed Test Cases
Mesh - Send cancel - 1 Timed out 2.344 seconds
Mesh - Send cancel - 2 Timed out 1.992 seconds
https://github.com/bluez/bluetooth-next/pull/262
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Bluetooth: hci_sync: fix simultaneous discovery stuck in FINDING
2026-06-01 1:26 [PATCH] Bluetooth: hci_sync: fix simultaneous discovery stuck in FINDING Jiajia Liu
2026-06-01 2:13 ` bluez.test.bot
@ 2026-06-01 13:32 ` Luiz Augusto von Dentz
2026-06-02 2:23 ` Jiajia Liu
1 sibling, 1 reply; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2026-06-01 13:32 UTC (permalink / raw)
To: Jiajia Liu; +Cc: Marcel Holtmann, Brian Gix, linux-bluetooth, linux-kernel
Hi Jiajia,
On Sun, May 31, 2026 at 9:26 PM Jiajia Liu <liujiajia@kylinos.cn> wrote:
>
> When hci_inquiry_complete_evt is called between le_scan_disable and
> le_set_scan_enable_complete and no remote name needs to be resolved,
> the interleaved discovery with SIMULTANEOUS quirk gets stuck in
> DISCOVERY_FINDING. le_set_scan_enable_complete does not check inquiry
> state. No one sets DISCOVERY_STOPPED in this process.
>
> < HCI Command: LE Set Extended Scan Enable #1764 [hci0] 608.610392
> Extended scan: Disabled (0x00)
> Filter duplicates: Disabled (0x00)
> Duration: 0 msec (0x0000)
> Period: 0.00 sec (0x0000)
> > HCI Event: Inquiry Complete (0x01) #1765 [hci0] 608.610548
> Status: Success (0x00)
> > HCI Event: Command Complete (0x0e) #1766 [hci0] 608.611589
> LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
> Status: Success (0x00)
This isn't enough, though, where are the MGMT commands?
> Add scan_disable_complete to check state and stop discovery if stuck.
> Tested with bluetooth AX201 (8087:0026) in Dell Vostro 13 laptop.
>
> [4517.963204] hci0: state 0 -> 1
> [4518.096858] hci0: state 1 -> 2
> [4528.353765] hci0: state 2 -> 0
> [4528.353776] hci0: state finding to stopped
> [4533.966844] hci0: state 0 -> 1
> [4534.097702] hci0: state 1 -> 2
> [4544.478600] hci0: state 2 -> 0
>
> Fixes: 8ffde2a73f2c ("Bluetooth: Convert le_scan_disable timeout to hci_sync")
> Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
> ---
> net/bluetooth/hci_sync.c | 25 ++++++++++++++++++++++++-
> 1 file changed, 24 insertions(+), 1 deletion(-)
>
> diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
> index aff8562a8690..4cb1c82cc3f0 100644
> --- a/net/bluetooth/hci_sync.c
> +++ b/net/bluetooth/hci_sync.c
> @@ -361,6 +361,28 @@ static int interleaved_inquiry_sync(struct hci_dev *hdev, void *data)
> return hci_inquiry_sync(hdev, DISCOV_INTERLEAVED_INQUIRY_LEN, 0);
> }
>
> +static void scan_disable_complete(struct hci_dev *hdev, void *data, int err)
> +{
> + if (err)
> + return;
> +
> + hci_dev_lock(hdev);
> +
> + if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
> + goto unlock;
> +
> + if (hci_test_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY)) {
> + if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
> + hdev->discovery.state == DISCOVERY_FINDING) {
> + hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
> + bt_dev_dbg(hdev, "state finding to stopped");
hci_discovery_set_state already prints the state so printing it again
is probably unnecessary. Also, this probably needs to be handled via
hci_event.c since it is not necessarily le_scan_disable that would
cause scan to be disabled, hci_scan_disable_sync can cause it as well.
> + }
> + }
> +
> +unlock:
> + hci_dev_unlock(hdev);
> +}
> +
> static void le_scan_disable(struct work_struct *work)
> {
> struct hci_dev *hdev = container_of(work, struct hci_dev,
> @@ -373,7 +395,8 @@ static void le_scan_disable(struct work_struct *work)
> if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
> goto _return;
>
> - status = hci_cmd_sync_queue(hdev, scan_disable_sync, NULL, NULL);
> + status = hci_cmd_sync_queue(hdev, scan_disable_sync, NULL,
> + scan_disable_complete);
> if (status) {
> bt_dev_err(hdev, "failed to disable LE scan: %d", status);
> goto _return;
> --
> 2.53.0
>
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Bluetooth: hci_sync: fix simultaneous discovery stuck in FINDING
2026-06-01 13:32 ` [PATCH] " Luiz Augusto von Dentz
@ 2026-06-02 2:23 ` Jiajia Liu
0 siblings, 0 replies; 4+ messages in thread
From: Jiajia Liu @ 2026-06-02 2:23 UTC (permalink / raw)
To: Luiz Augusto von Dentz
Cc: Marcel Holtmann, Brian Gix, linux-bluetooth, linux-kernel
On Mon, Jun 01, 2026 at 09:32:38AM -0400, Luiz Augusto von Dentz wrote:
> Hi Jiajia,
>
> On Sun, May 31, 2026 at 9:26 PM Jiajia Liu <liujiajia@kylinos.cn> wrote:
> >
> > When hci_inquiry_complete_evt is called between le_scan_disable and
> > le_set_scan_enable_complete and no remote name needs to be resolved,
> > the interleaved discovery with SIMULTANEOUS quirk gets stuck in
> > DISCOVERY_FINDING. le_set_scan_enable_complete does not check inquiry
> > state. No one sets DISCOVERY_STOPPED in this process.
> >
> > < HCI Command: LE Set Extended Scan Enable #1764 [hci0] 608.610392
> > Extended scan: Disabled (0x00)
> > Filter duplicates: Disabled (0x00)
> > Duration: 0 msec (0x0000)
> > Period: 0.00 sec (0x0000)
> > > HCI Event: Inquiry Complete (0x01) #1765 [hci0] 608.610548
> > Status: Success (0x00)
> > > HCI Event: Command Complete (0x0e) #1766 [hci0] 608.611589
> > LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
> > Status: Success (0x00)
>
> This isn't enough, though, where are the MGMT commands?
It was the last output where the scan was stuck in finding state during
scan test. No Discovering: Disabled MGMT Event report.
complete reproduction log is at
https://drive.google.com/file/d/1dsCtntVdh0zFK6QsbxW26UWjJQE_1xMS/view?usp=sharing
The summary of this last scan including Start Discovery.
@ MGMT Command: Start Discovery (0x0023) plen 1 {0x0001} [hci0] 598.347552
Address type: 0x07
BR/EDR
LE Public
LE Random
...
< HCI Command: LE Set Extended Scan Enable (0x08|0x0042) plen 6 #1741 [hci0] 598.357554
Extended scan: Enabled (0x01)
Filter duplicates: Enabled (0x01)
Duration: 0 msec (0x0000)
Period: 0.00 sec (0x0000)
> HCI Event: Command Complete (0x0e) plen 4 #1742 [hci0] 598.359436
LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
Status: Success (0x00)
@ MGMT Event: Discovering (0x0013) plen 2 {0x0001} [hci0] 598.359535
Address type: 0x07
BR/EDR
LE Public
LE Random
Discovery: Enabled (0x01)
< HCI Command: Inquiry (0x01|0x0001) plen 5 #1743 [hci0] 598.359568
Access code: 0x9e8b33 (General Inquiry)
Length: 10.24s (0x08)
Num responses: 0
> HCI Event: Command Status (0x0f) plen 4 #1744 [hci0] 598.361410
Inquiry (0x01|0x0001) ncmd 2
Status: Success (0x00)
...
>
> > Add scan_disable_complete to check state and stop discovery if stuck.
> > Tested with bluetooth AX201 (8087:0026) in Dell Vostro 13 laptop.
> >
> > [4517.963204] hci0: state 0 -> 1
> > [4518.096858] hci0: state 1 -> 2
> > [4528.353765] hci0: state 2 -> 0
> > [4528.353776] hci0: state finding to stopped
> > [4533.966844] hci0: state 0 -> 1
> > [4534.097702] hci0: state 1 -> 2
> > [4544.478600] hci0: state 2 -> 0
> >
> > Fixes: 8ffde2a73f2c ("Bluetooth: Convert le_scan_disable timeout to hci_sync")
> > Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
> > ---
> > net/bluetooth/hci_sync.c | 25 ++++++++++++++++++++++++-
> > 1 file changed, 24 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
> > index aff8562a8690..4cb1c82cc3f0 100644
> > --- a/net/bluetooth/hci_sync.c
> > +++ b/net/bluetooth/hci_sync.c
> > @@ -361,6 +361,28 @@ static int interleaved_inquiry_sync(struct hci_dev *hdev, void *data)
> > return hci_inquiry_sync(hdev, DISCOV_INTERLEAVED_INQUIRY_LEN, 0);
> > }
> >
> > +static void scan_disable_complete(struct hci_dev *hdev, void *data, int err)
> > +{
> > + if (err)
> > + return;
> > +
> > + hci_dev_lock(hdev);
> > +
> > + if (hdev->discovery.type != DISCOV_TYPE_INTERLEAVED)
> > + goto unlock;
> > +
> > + if (hci_test_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY)) {
> > + if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
> > + hdev->discovery.state == DISCOVERY_FINDING) {
> > + hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
> > + bt_dev_dbg(hdev, "state finding to stopped");
>
> hci_discovery_set_state already prints the state so printing it again
> is probably unnecessary. Also, this probably needs to be handled via
> hci_event.c since it is not necessarily le_scan_disable that would
> cause scan to be disabled, hci_scan_disable_sync can cause it as well.
will move to le_set_scan_enable_complete
>
> > + }
> > + }
> > +
> > +unlock:
> > + hci_dev_unlock(hdev);
> > +}
> > +
> > static void le_scan_disable(struct work_struct *work)
> > {
> > struct hci_dev *hdev = container_of(work, struct hci_dev,
> > @@ -373,7 +395,8 @@ static void le_scan_disable(struct work_struct *work)
> > if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
> > goto _return;
> >
> > - status = hci_cmd_sync_queue(hdev, scan_disable_sync, NULL, NULL);
> > + status = hci_cmd_sync_queue(hdev, scan_disable_sync, NULL,
> > + scan_disable_complete);
> > if (status) {
> > bt_dev_err(hdev, "failed to disable LE scan: %d", status);
> > goto _return;
> > --
> > 2.53.0
> >
>
>
> --
> Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-06-02 2:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-01 1:26 [PATCH] Bluetooth: hci_sync: fix simultaneous discovery stuck in FINDING Jiajia Liu
2026-06-01 2:13 ` bluez.test.bot
2026-06-01 13:32 ` [PATCH] " Luiz Augusto von Dentz
2026-06-02 2:23 ` Jiajia Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox