* Re: [REGRESSION] RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
From: Rafael Passos @ 2026-06-02 12:39 UTC (permalink / raw)
To: regressions; +Cc: linux-input, linux-kernel, linux-bluetooth, Rafael Passos
In-Reply-To: <b84a408c-b12c-40e5-b44b-62aa072cb285@leemhuis.info>
I'm really happy it helped!
Cheers!
Rafael Passos,
Software Engineer
São Paulo, Brasil
^ permalink raw reply
* RE: shared/bap: add ASE Control Point error responses
From: bluez.test.bot @ 2026-06-02 11:51 UTC (permalink / raw)
To: linux-bluetooth, raghavendra.rao
In-Reply-To: <20260602082925.7061-2-raghavendra.rao@collabora.com>
[-- Attachment #1: Type: text/plain, Size: 1600 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1104482
---Test result---
Test Summary:
CheckPatch PASS 0.39 seconds
GitLint PASS 0.41 seconds
BuildEll PASS 20.94 seconds
BluezMake PASS 623.38 seconds
MakeCheck PASS 12.76 seconds
MakeDistcheck PASS 238.26 seconds
CheckValgrind PASS 259.12 seconds
CheckSmatch WARNING 327.43 seconds
bluezmakeextell PASS 166.33 seconds
IncrementalBuild PASS 617.45 seconds
ScanBuild PASS 933.99 seconds
Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
src/shared/bap.c:312:25: warning: array of flexible structuressrc/shared/bap.c: note: in included file:./src/shared/ascs.h:88:25: warning: array of flexible structuressrc/shared/bap.c:312:25: warning: array of flexible structuressrc/shared/bap.c: note: in included file:./src/shared/ascs.h:88:25: warning: array of flexible structuressrc/shared/bap.c:312:25: warning: array of flexible structuressrc/shared/bap.c: note: in included file:./src/shared/ascs.h:88:25: warning: array of flexible structures
https://github.com/bluez/bluez/pull/2166
---
Regards,
Linux Bluetooth
^ permalink raw reply
* RE: [v2] Bluetooth: hci_event: fix simultaneous discovery stuck in FINDING
From: bluez.test.bot @ 2026-06-02 11:36 UTC (permalink / raw)
To: linux-bluetooth, liujiajia
In-Reply-To: <20260602070032.51248-1-liujiajia@kylinos.cn>
[-- Attachment #1: Type: text/plain, Size: 2204 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1104423
---Test result---
Test Summary:
CheckPatch PASS 0.76 seconds
VerifyFixes PASS 0.14 seconds
VerifySignedoff PASS 0.14 seconds
GitLint PASS 0.37 seconds
SubjectPrefix PASS 0.13 seconds
BuildKernel PASS 26.13 seconds
CheckAllWarning PASS 27.92 seconds
CheckSparse PASS 27.22 seconds
BuildKernel32 PASS 25.43 seconds
TestRunnerSetup PASS 522.36 seconds
TestRunner_l2cap-tester PASS 57.70 seconds
TestRunner_iso-tester PASS 76.39 seconds
TestRunner_bnep-tester PASS 19.10 seconds
TestRunner_mgmt-tester FAIL 208.55 seconds
TestRunner_rfcomm-tester PASS 25.54 seconds
TestRunner_sco-tester PASS 32.18 seconds
TestRunner_ioctl-tester PASS 25.97 seconds
TestRunner_mesh-tester FAIL 26.03 seconds
TestRunner_smp-tester PASS 23.19 seconds
TestRunner_userchan-tester PASS 20.07 seconds
TestRunner_6lowpan-tester PASS 22.58 seconds
IncrementalBuild PASS 24.00 seconds
Details
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4
Failed Test Cases
Read Exp Feature - Success Failed 0.237 seconds
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
Failed Test Cases
Mesh - Send cancel - 1 Timed out 2.593 seconds
Mesh - Send cancel - 2 Timed out 1.993 seconds
https://github.com/bluez/bluetooth-next/pull/272
---
Regards,
Linux Bluetooth
^ permalink raw reply
* Re: [REGRESSION] RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
From: Tj @ 2026-06-02 11:25 UTC (permalink / raw)
To: Thorsten Leemhuis, regressions
Cc: linux-input, linux-kernel, linux-bluetooth, Rafael Passos
In-Reply-To: <b84a408c-b12c-40e5-b44b-62aa072cb285@leemhuis.info>
v7.1-rc6 + "HID: Input: Add battery list cleanup with devm action"
confirmed fixes the hidinput/bluetooth issues. Thank-you.
On 02/06/2026 10:54, Thorsten Leemhuis wrote:
> On 6/2/26 12:24, Tj wrote:
>> Hitting this repeatedly with v7.1-rc6. Do not have time right now to
>> bisect it (and there are two other regressions at the same time).
> Again, not my area of expertise, but this looks somewhat similar (but
> also somewhat different!) to this recent regression report from Rafael:
> https://lore.kernel.org/all/20260602011949.2825852-1-rafael@rcpassos.me/
>
> Rafael (CCed) sent a fix for it already applied:
> HID: Input: Add battery list cleanup with devm action
> https://lore.kernel.org/all/20260602030519.3097058-1-rafael@rcpassos.me/
^ permalink raw reply
* Re: [REGRESSION] RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
From: Tj @ 2026-06-02 11:07 UTC (permalink / raw)
To: Thorsten Leemhuis, regressions
Cc: linux-input, linux-kernel, linux-bluetooth, Rafael Passos
In-Reply-To: <b84a408c-b12c-40e5-b44b-62aa072cb285@leemhuis.info>
Thanks once again! That does look likely. Added this and the amdgpu
patch and doing a build now. Will report back for both if any progress,
On 02/06/2026 10:54, Thorsten Leemhuis wrote:
> On 6/2/26 12:24, Tj wrote:
>> Hitting this repeatedly with v7.1-rc6. Do not have time right now to
>> bisect it (and there are two other regressions at the same time).
> Again, not my area of expertise, but this looks somewhat similar (but
> also somewhat different!) to this recent regression report from Rafael:
> https://lore.kernel.org/all/20260602011949.2825852-1-rafael@rcpassos.me/
>
> Rafael (CCed) sent a fix for it already applied:
> HID: Input: Add battery list cleanup with devm action
> https://lore.kernel.org/all/20260602030519.3097058-1-rafael@rcpassos.me/
>
> Might be worth trying.
>
> Ciao, Thorsten
>
>> Symptom is unable to use the Bluetooth keyboard.
>>
>> It *seems* to be related to the Bluetooth keyboard - trying to shutdown
>> hangs for 6 minutes whilst systemd tries to kill bluetooth.service but fails
>> and then fails to power-off (see end of log extracts).
>>
>> I'm not sure why I see 'samsung_probe' in the call trace since neither the Bluetooth host
>> adapter nor the keyboard are Samsung but maybe some change related to
>> that is causing this.
>>
>> Jun 02 09:25:54 sunny kernel: BUG: unable to handle page fault for address: ffffffffffffffe4
>> Jun 02 09:25:54 sunny kernel: #PF: supervisor read access in kernel mode
>> Jun 02 09:25:54 sunny kernel: #PF: error_code(0x0000) - not-present page
>> Jun 02 09:25:54 sunny kernel: Oops: Oops: 0000 [#1] SMP NOPTI
>> Jun 02 09:25:54 sunny kernel: CPU: 11 UID: 0 PID: 4009 Comm: (udev-worker) Tainted: G W OE 7.1.0-rc6+debian+tj #446 PREEMPT(lazy)
>> Jun 02 09:25:54 sunny kernel: Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
>> Jun 02 09:25:54 sunny kernel: Hardware name: System manufacturer System Product Name/PRIME X370-PRO, BIOS 6254 01/05/2026
>> Jun 02 09:25:54 sunny kernel: RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
>> Jun 02 09:25:54 sunny kernel: Code: 48 ab 48 8b 42 68 48 8b 95 18 1c 00 00 8b 48 30 48 39 d3 74 45 48 8d 42 c8 eb 0f 66 90 48 8b 50 38 48 8d 42 c8 48 39 d3 74 30 <3b> 48 1c 75 ee 48 85 c0 74 26>
>> Jun 02 09:25:54 sunny kernel: RSP: 0018:ffffceacce2c7628 EFLAGS: 00010286
>> Jun 02 09:25:54 sunny kernel: RAX: ffffffffffffffc8 RBX: ffff8b4856a83c18 RCX: 0000000000000003
>> Jun 02 09:25:54 sunny kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffceacce2c7680
>> Jun 02 09:25:54 sunny kernel: RBP: ffff8b4856a82000 R08: ffffceacce2c7730 R09: ffffceacce2c772c
>> Jun 02 09:25:54 sunny kernel: R10: ffff8b488f290488 R11: ffff8b478bec9000 R12: ffffceacce2c7650
>> Jun 02 09:25:54 sunny kernel: R13: 0000000000000000 R14: 0000000000000000 R15: ffff8b47e6307b00
>> Jun 02 09:25:54 sunny kernel: FS: 00007f6ee16439c0(0000) GS:ffff8b4ed8fd0000(0000) knlGS:0000000000000000
>> Jun 02 09:25:54 sunny kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> Jun 02 09:25:54 sunny kernel: CR2: ffffffffffffffe4 CR3: 000000010b1c1000 CR4: 0000000000350ef0
>> Jun 02 09:25:54 sunny kernel: Call Trace:
>> Jun 02 09:25:54 sunny kernel: <TASK>
>> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
>> Jun 02 09:25:54 sunny kernel: ? dev_set_name+0x5c/0x80
>> Jun 02 09:25:54 sunny kernel: hidinput_connect+0x935/0x5fb0 [hid]
>> Jun 02 09:25:54 sunny kernel: hid_connect+0x3d5/0x6a0 [hid]
>> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
>> Jun 02 09:25:54 sunny kernel: ? __wake_up_common+0x78/0xa0
>> Jun 02 09:25:54 sunny kernel: hid_hw_start+0x40/0x70 [hid]
>> Jun 02 09:25:54 sunny kernel: samsung_probe+0x31/0x70 [hid_samsung]
>> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
>> Jun 02 09:25:54 sunny kernel: hid_device_probe+0x18d/0x220 [hid]
>> Jun 02 09:25:54 sunny kernel: ? __pfx___device_attach_driver+0x10/0x10
>> Jun 02 09:25:54 sunny kernel: really_probe+0xde/0x380
>> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
>> Jun 02 09:25:54 sunny kernel: __driver_probe_device+0x84/0x150
>> Jun 02 09:25:54 sunny kernel: driver_probe_device+0x1f/0xa0
>> Jun 02 09:25:54 sunny kernel: __device_attach_driver+0x89/0x130
>> Jun 02 09:25:54 sunny kernel: bus_for_each_drv+0x97/0xf0
>> Jun 02 09:25:54 sunny kernel: __device_attach+0xaf/0x1c0
>> Jun 02 09:25:54 sunny kernel: ? __pfx___hid_bus_reprobe_drivers+0x10/0x10 [hid]
>> Jun 02 09:25:54 sunny kernel: device_reprobe+0x4e/0x90
>> Jun 02 09:25:54 sunny kernel: ? __hid_bus_reprobe_drivers+0x3c/0x60 [hid]
>> Jun 02 09:25:54 sunny kernel: bus_for_each_dev+0x8e/0xe0
>> Jun 02 09:25:54 sunny kernel: ? __pfx___hid_bus_driver_added+0x10/0x10 [hid]
>> Jun 02 09:25:54 sunny kernel: __hid_bus_driver_added+0x2f/0x40 [hid]
>> Jun 02 09:25:54 sunny kernel: bus_for_each_drv+0x97/0xf0
>> Jun 02 09:25:54 sunny kernel: __hid_register_driver+0x74/0x80 [hid]
>> Jun 02 09:25:54 sunny kernel: ? __pfx_samsung_driver_init+0x10/0x10 [hid_samsung]
>> Jun 02 09:25:54 sunny kernel: do_one_initcall+0x5c/0x320
>> Jun 02 09:25:54 sunny kernel: do_init_module+0x60/0x250
>> Jun 02 09:25:54 sunny kernel: init_module_from_file+0xd6/0x130
>> Jun 02 09:25:54 sunny kernel: idempotent_init_module+0x114/0x310
>> Jun 02 09:25:54 sunny kernel: __x64_sys_finit_module+0x71/0xe0
>> Jun 02 09:25:54 sunny kernel: do_syscall_64+0xea/0x640
>> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
>> Jun 02 09:25:54 sunny kernel: ? do_fault+0x341/0x530
>> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
>> Jun 02 09:25:54 sunny kernel: ? __handle_mm_fault+0x977/0xf80
>> Jun 02 09:25:54 sunny kernel: ? __memcg_slab_free_hook+0x16d/0x1c0
>> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
>> Jun 02 09:25:54 sunny kernel: ? count_memcg_events+0xe5/0x1b0
>> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
>> Jun 02 09:25:54 sunny kernel: ? __seccomp_filter+0x42/0x5d0
>> Jun 02 09:25:54 sunny kernel: ? handle_mm_fault+0x1e2/0x2e0
>> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
>> Jun 02 09:25:54 sunny kernel: ? do_syscall_64+0x9f/0x640
>> Jun 02 09:25:54 sunny kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
>>
>> Jun 02 09:25:54 sunny kernel: RIP: 0033:0x7f6ee111a7b9
>> Jun 02 09:25:54 sunny kernel: Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48>
>> Jun 02 09:25:54 sunny kernel: RSP: 002b:00007ffe6dd96398 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
>> Jun 02 09:25:54 sunny kernel: RAX: ffffffffffffffda RBX: 0000556830869b90 RCX: 00007f6ee111a7b9
>> Jun 02 09:25:54 sunny kernel: RDX: 0000000000000004 RSI: 00007f6ee16ed44d RDI: 0000000000000012
>> Jun 02 09:25:54 sunny kernel: RBP: 0000000000000004 R08: 0000000000000000 R09: 0000556830667bd0
>> Jun 02 09:25:54 sunny kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ee16ed44d
>> Jun 02 09:25:54 sunny kernel: R13: 0000000000020000 R14: 00005568307db670 R15: 0000000000000000
>> Jun 02 09:25:54 sunny kernel: </TASK>
>> Jun 02 09:25:54 sunny kernel: Modules linked in: hid_samsung(+) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device uinput rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rdma_ucm ib_uverbs rdma_cm i>
>> Jun 02 09:25:54 sunny kernel: uvcvideo wmi_bmof watchdog snd_timer igb rfkill uas mii pcspkr mxm_wmi videobuf2_vmalloc snd ccp k10temp uvc i2c_piix4 dca videobuf2_memops soundcore videobuf2_v4>
>> Jun 02 09:25:54 sunny kernel: CR2: ffffffffffffffe4
>> Jun 02 09:25:54 sunny kernel: ---[ end trace 0000000000000000 ]---
>> Jun 02 09:25:54 sunny kernel: RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
>> Jun 02 09:25:54 sunny kernel: Code: 48 ab 48 8b 42 68 48 8b 95 18 1c 00 00 8b 48 30 48 39 d3 74 45 48 8d 42 c8 eb 0f 66 90 48 8b 50 38 48 8d 42 c8 48 39 d3 74 30 <3b> 48 1c 75 ee 48 85 c0 74 26>
>> Jun 02 09:25:54 sunny kernel: RSP: 0018:ffffceacce2c7628 EFLAGS: 00010286
>> Jun 02 09:25:54 sunny kernel: RAX: ffffffffffffffc8 RBX: ffff8b4856a83c18 RCX: 0000000000000003
>> Jun 02 09:25:54 sunny kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffceacce2c7680
>> Jun 02 09:25:54 sunny kernel: RBP: ffff8b4856a82000 R08: ffffceacce2c7730 R09: ffffceacce2c772c
>> Jun 02 09:25:54 sunny kernel: R10: ffff8b488f290488 R11: ffff8b478bec9000 R12: ffffceacce2c7650
>> Jun 02 09:25:54 sunny kernel: R13: 0000000000000000 R14: 0000000000000000 R15: ffff8b47e6307b00
>> Jun 02 09:25:54 sunny kernel: FS: 00007f6ee16439c0(0000) GS:ffff8b4ed8fd0000(0000) knlGS:0000000000000000
>> Jun 02 09:25:54 sunny kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> Jun 02 09:25:54 sunny kernel: CR2: ffffffffffffffe4 CR3: 000000010b1c1000 CR4: 0000000000350ef0
>> Jun 02 09:25:54 sunny systemd-udevd[1703]: 0005:04E8:7021.0006: Worker [4009] terminated by signal 9 (KILL).
>>
>> Jun 02 09:29:16 sunny rpc.idmapd[3093]: exiting on signal 15
>> Jun 02 09:30:45 sunny systemd[1]: bluetooth.service: State 'stop-sigterm' timed out. Killing.
>> Jun 02 09:32:15 sunny systemd[1]: bluetooth.service: Processes still around after SIGKILL. Ignoring.
>> Jun 02 09:33:45 sunny systemd[1]: bluetooth.service: State 'final-sigterm' timed out. Killing.
>> Jun 02 09:35:15 sunny systemd[1]: bluetooth.service: Processes still around after final SIGKILL. Entering failed mode.
>> Jun 02 09:35:15 sunny systemd[1]: bluetooth.service: Failed with result 'timeout'.
>>
>>
^ permalink raw reply
* [bluez/bluez]
From: BluezTestBot @ 2026-06-02 10:57 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1092724
Home: https://github.com/bluez/bluez
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [bluez/bluez] 6dc162: shared/bap: add ASE Control Point error responses
From: raghava447 @ 2026-06-02 10:56 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1104482
Home: https://github.com/bluez/bluez
Commit: 6dc1625914e43d0f37a3771576afde5a77e7387b
https://github.com/bluez/bluez/commit/6dc1625914e43d0f37a3771576afde5a77e7387b
Author: raghavendra <raghavendra.rao@collabora.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M src/shared/bap.c
Log Message:
-----------
shared/bap: add ASE Control Point error responses
These changes are required to Pass BAP/USR/SPE/BI-01[5]-C tests.
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* Re: [REGRESSION] RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
From: Thorsten Leemhuis @ 2026-06-02 10:54 UTC (permalink / raw)
To: Tj, regressions; +Cc: linux-input, linux-kernel, linux-bluetooth, Rafael Passos
In-Reply-To: <ah6vRH9J9LSvnKWW@mail.iam.tj>
On 6/2/26 12:24, Tj wrote:
> Hitting this repeatedly with v7.1-rc6. Do not have time right now to
> bisect it (and there are two other regressions at the same time).
Again, not my area of expertise, but this looks somewhat similar (but
also somewhat different!) to this recent regression report from Rafael:
https://lore.kernel.org/all/20260602011949.2825852-1-rafael@rcpassos.me/
Rafael (CCed) sent a fix for it already applied:
HID: Input: Add battery list cleanup with devm action
https://lore.kernel.org/all/20260602030519.3097058-1-rafael@rcpassos.me/
Might be worth trying.
Ciao, Thorsten
> Symptom is unable to use the Bluetooth keyboard.
>
> It *seems* to be related to the Bluetooth keyboard - trying to shutdown
> hangs for 6 minutes whilst systemd tries to kill bluetooth.service but fails
> and then fails to power-off (see end of log extracts).
>
> I'm not sure why I see 'samsung_probe' in the call trace since neither the Bluetooth host
> adapter nor the keyboard are Samsung but maybe some change related to
> that is causing this.
>
> Jun 02 09:25:54 sunny kernel: BUG: unable to handle page fault for address: ffffffffffffffe4
> Jun 02 09:25:54 sunny kernel: #PF: supervisor read access in kernel mode
> Jun 02 09:25:54 sunny kernel: #PF: error_code(0x0000) - not-present page
> Jun 02 09:25:54 sunny kernel: Oops: Oops: 0000 [#1] SMP NOPTI
> Jun 02 09:25:54 sunny kernel: CPU: 11 UID: 0 PID: 4009 Comm: (udev-worker) Tainted: G W OE 7.1.0-rc6+debian+tj #446 PREEMPT(lazy)
> Jun 02 09:25:54 sunny kernel: Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
> Jun 02 09:25:54 sunny kernel: Hardware name: System manufacturer System Product Name/PRIME X370-PRO, BIOS 6254 01/05/2026
> Jun 02 09:25:54 sunny kernel: RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
> Jun 02 09:25:54 sunny kernel: Code: 48 ab 48 8b 42 68 48 8b 95 18 1c 00 00 8b 48 30 48 39 d3 74 45 48 8d 42 c8 eb 0f 66 90 48 8b 50 38 48 8d 42 c8 48 39 d3 74 30 <3b> 48 1c 75 ee 48 85 c0 74 26>
> Jun 02 09:25:54 sunny kernel: RSP: 0018:ffffceacce2c7628 EFLAGS: 00010286
> Jun 02 09:25:54 sunny kernel: RAX: ffffffffffffffc8 RBX: ffff8b4856a83c18 RCX: 0000000000000003
> Jun 02 09:25:54 sunny kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffceacce2c7680
> Jun 02 09:25:54 sunny kernel: RBP: ffff8b4856a82000 R08: ffffceacce2c7730 R09: ffffceacce2c772c
> Jun 02 09:25:54 sunny kernel: R10: ffff8b488f290488 R11: ffff8b478bec9000 R12: ffffceacce2c7650
> Jun 02 09:25:54 sunny kernel: R13: 0000000000000000 R14: 0000000000000000 R15: ffff8b47e6307b00
> Jun 02 09:25:54 sunny kernel: FS: 00007f6ee16439c0(0000) GS:ffff8b4ed8fd0000(0000) knlGS:0000000000000000
> Jun 02 09:25:54 sunny kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Jun 02 09:25:54 sunny kernel: CR2: ffffffffffffffe4 CR3: 000000010b1c1000 CR4: 0000000000350ef0
> Jun 02 09:25:54 sunny kernel: Call Trace:
> Jun 02 09:25:54 sunny kernel: <TASK>
> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
> Jun 02 09:25:54 sunny kernel: ? dev_set_name+0x5c/0x80
> Jun 02 09:25:54 sunny kernel: hidinput_connect+0x935/0x5fb0 [hid]
> Jun 02 09:25:54 sunny kernel: hid_connect+0x3d5/0x6a0 [hid]
> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
> Jun 02 09:25:54 sunny kernel: ? __wake_up_common+0x78/0xa0
> Jun 02 09:25:54 sunny kernel: hid_hw_start+0x40/0x70 [hid]
> Jun 02 09:25:54 sunny kernel: samsung_probe+0x31/0x70 [hid_samsung]
> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
> Jun 02 09:25:54 sunny kernel: hid_device_probe+0x18d/0x220 [hid]
> Jun 02 09:25:54 sunny kernel: ? __pfx___device_attach_driver+0x10/0x10
> Jun 02 09:25:54 sunny kernel: really_probe+0xde/0x380
> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
> Jun 02 09:25:54 sunny kernel: __driver_probe_device+0x84/0x150
> Jun 02 09:25:54 sunny kernel: driver_probe_device+0x1f/0xa0
> Jun 02 09:25:54 sunny kernel: __device_attach_driver+0x89/0x130
> Jun 02 09:25:54 sunny kernel: bus_for_each_drv+0x97/0xf0
> Jun 02 09:25:54 sunny kernel: __device_attach+0xaf/0x1c0
> Jun 02 09:25:54 sunny kernel: ? __pfx___hid_bus_reprobe_drivers+0x10/0x10 [hid]
> Jun 02 09:25:54 sunny kernel: device_reprobe+0x4e/0x90
> Jun 02 09:25:54 sunny kernel: ? __hid_bus_reprobe_drivers+0x3c/0x60 [hid]
> Jun 02 09:25:54 sunny kernel: bus_for_each_dev+0x8e/0xe0
> Jun 02 09:25:54 sunny kernel: ? __pfx___hid_bus_driver_added+0x10/0x10 [hid]
> Jun 02 09:25:54 sunny kernel: __hid_bus_driver_added+0x2f/0x40 [hid]
> Jun 02 09:25:54 sunny kernel: bus_for_each_drv+0x97/0xf0
> Jun 02 09:25:54 sunny kernel: __hid_register_driver+0x74/0x80 [hid]
> Jun 02 09:25:54 sunny kernel: ? __pfx_samsung_driver_init+0x10/0x10 [hid_samsung]
> Jun 02 09:25:54 sunny kernel: do_one_initcall+0x5c/0x320
> Jun 02 09:25:54 sunny kernel: do_init_module+0x60/0x250
> Jun 02 09:25:54 sunny kernel: init_module_from_file+0xd6/0x130
> Jun 02 09:25:54 sunny kernel: idempotent_init_module+0x114/0x310
> Jun 02 09:25:54 sunny kernel: __x64_sys_finit_module+0x71/0xe0
> Jun 02 09:25:54 sunny kernel: do_syscall_64+0xea/0x640
> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
> Jun 02 09:25:54 sunny kernel: ? do_fault+0x341/0x530
> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
> Jun 02 09:25:54 sunny kernel: ? __handle_mm_fault+0x977/0xf80
> Jun 02 09:25:54 sunny kernel: ? __memcg_slab_free_hook+0x16d/0x1c0
> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
> Jun 02 09:25:54 sunny kernel: ? count_memcg_events+0xe5/0x1b0
> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
> Jun 02 09:25:54 sunny kernel: ? __seccomp_filter+0x42/0x5d0
> Jun 02 09:25:54 sunny kernel: ? handle_mm_fault+0x1e2/0x2e0
> Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
> Jun 02 09:25:54 sunny kernel: ? do_syscall_64+0x9f/0x640
> Jun 02 09:25:54 sunny kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
>
> Jun 02 09:25:54 sunny kernel: RIP: 0033:0x7f6ee111a7b9
> Jun 02 09:25:54 sunny kernel: Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48>
> Jun 02 09:25:54 sunny kernel: RSP: 002b:00007ffe6dd96398 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> Jun 02 09:25:54 sunny kernel: RAX: ffffffffffffffda RBX: 0000556830869b90 RCX: 00007f6ee111a7b9
> Jun 02 09:25:54 sunny kernel: RDX: 0000000000000004 RSI: 00007f6ee16ed44d RDI: 0000000000000012
> Jun 02 09:25:54 sunny kernel: RBP: 0000000000000004 R08: 0000000000000000 R09: 0000556830667bd0
> Jun 02 09:25:54 sunny kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ee16ed44d
> Jun 02 09:25:54 sunny kernel: R13: 0000000000020000 R14: 00005568307db670 R15: 0000000000000000
> Jun 02 09:25:54 sunny kernel: </TASK>
> Jun 02 09:25:54 sunny kernel: Modules linked in: hid_samsung(+) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device uinput rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rdma_ucm ib_uverbs rdma_cm i>
> Jun 02 09:25:54 sunny kernel: uvcvideo wmi_bmof watchdog snd_timer igb rfkill uas mii pcspkr mxm_wmi videobuf2_vmalloc snd ccp k10temp uvc i2c_piix4 dca videobuf2_memops soundcore videobuf2_v4>
> Jun 02 09:25:54 sunny kernel: CR2: ffffffffffffffe4
> Jun 02 09:25:54 sunny kernel: ---[ end trace 0000000000000000 ]---
> Jun 02 09:25:54 sunny kernel: RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
> Jun 02 09:25:54 sunny kernel: Code: 48 ab 48 8b 42 68 48 8b 95 18 1c 00 00 8b 48 30 48 39 d3 74 45 48 8d 42 c8 eb 0f 66 90 48 8b 50 38 48 8d 42 c8 48 39 d3 74 30 <3b> 48 1c 75 ee 48 85 c0 74 26>
> Jun 02 09:25:54 sunny kernel: RSP: 0018:ffffceacce2c7628 EFLAGS: 00010286
> Jun 02 09:25:54 sunny kernel: RAX: ffffffffffffffc8 RBX: ffff8b4856a83c18 RCX: 0000000000000003
> Jun 02 09:25:54 sunny kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffceacce2c7680
> Jun 02 09:25:54 sunny kernel: RBP: ffff8b4856a82000 R08: ffffceacce2c7730 R09: ffffceacce2c772c
> Jun 02 09:25:54 sunny kernel: R10: ffff8b488f290488 R11: ffff8b478bec9000 R12: ffffceacce2c7650
> Jun 02 09:25:54 sunny kernel: R13: 0000000000000000 R14: 0000000000000000 R15: ffff8b47e6307b00
> Jun 02 09:25:54 sunny kernel: FS: 00007f6ee16439c0(0000) GS:ffff8b4ed8fd0000(0000) knlGS:0000000000000000
> Jun 02 09:25:54 sunny kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Jun 02 09:25:54 sunny kernel: CR2: ffffffffffffffe4 CR3: 000000010b1c1000 CR4: 0000000000350ef0
> Jun 02 09:25:54 sunny systemd-udevd[1703]: 0005:04E8:7021.0006: Worker [4009] terminated by signal 9 (KILL).
>
> Jun 02 09:29:16 sunny rpc.idmapd[3093]: exiting on signal 15
> Jun 02 09:30:45 sunny systemd[1]: bluetooth.service: State 'stop-sigterm' timed out. Killing.
> Jun 02 09:32:15 sunny systemd[1]: bluetooth.service: Processes still around after SIGKILL. Ignoring.
> Jun 02 09:33:45 sunny systemd[1]: bluetooth.service: State 'final-sigterm' timed out. Killing.
> Jun 02 09:35:15 sunny systemd[1]: bluetooth.service: Processes still around after final SIGKILL. Entering failed mode.
> Jun 02 09:35:15 sunny systemd[1]: bluetooth.service: Failed with result 'timeout'.
>
>
^ permalink raw reply
* Re: [BlueZ v2 1/2] mpris-proxy: Fix possible crash
From: Bastien Nocera @ 2026-06-02 10:40 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <20260505104847.2550550-1-hadess@hadess.net>
On Tue, 2026-05-05 at 12:48 +0200, Bastien Nocera wrote:
> find_player_by_obex() doesn't check whether session->obex is a valid
> pointer before dereferecing it, but all code paths that assign it use
There's a small typo here, any other comments on those 2 patches?
Any OBEX experts?
> create_obex_session() to assign it, a function that can fail.
>
> Check whether session->obex is null before dereferencing it.
>
> #0 find_player_by_obex at tools/mpris-proxy.c:2819
> #1 obex_property_changed at tools/mpris-proxy.c:2929
> #2 add_property at gdbus/client.c:373
> #3 update_properties at gdbus/client.c:399
> #5 properties_changed at gdbus/client.c:537
> #6 signal_filter at gdbus/watch.c:416
> #7 message_filter at gdbus/watch.c:566
> #10 message_dispatch at gdbus/mainloop.c:59
> #13 g_main_context_dispatch_unlocked at ../glib/gmain.c:4451
> #14 g_main_context_iterate_unlocked at ../glib/gmain.c:4516
>
> Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2466640
> ---
> Changes since v1:
> - Fix missing space before = sign
>
> tools/mpris-proxy.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/tools/mpris-proxy.c b/tools/mpris-proxy.c
> index 1d7a421e9278..eb607347aa32 100644
> --- a/tools/mpris-proxy.c
> +++ b/tools/mpris-proxy.c
> @@ -2816,8 +2816,12 @@ static struct player
> *find_player_by_obex(const char *path)
> for (l = players; l; l = l->next) {
> struct player *player = l->data;
> struct obex_session *session = player->obex;
> - const char *obex_path =
> g_dbus_proxy_get_path(session->obex);
> + const char *obex_path = NULL;
>
> + if (session == NULL)
> + continue;
> +
> + obex_path = g_dbus_proxy_get_path(session->obex);
> if (g_str_has_prefix(path, obex_path))
> return player;
> }
^ permalink raw reply
* Re: [RFC BlueZ] media: Fix possible crash on exit/adapter removal
From: Bastien Nocera @ 2026-06-02 10:37 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <20260512101431.2017966-1-hadess@hadess.net>
Hey,
Anyone with more knowledge of that audio profile code who could review
this patch?
Cheers
On Tue, 2026-05-12 at 12:14 +0200, Bastien Nocera wrote:
> Nothing protects media_endpoint_remove() from being called multiple
> times for the same structure. Before a g_free() call is made on
> endpoint->capabilities, there are NULL checks, and NULL setting,
> for every variable that might get modified, so a second call to the
> same
> function, even though it's still using-after-free, is only
> reading-after-free, and might crash at the first attempt at modifying
> that freed memory.
>
> The reason why this function might be called multiple times is
> because
> in some circumstances, another signal might be received that the
> endpoint is getting removed while we're already in the process of
> removing that endpoint.
>
> For example, release_endpoint() (which should appear in between
> path_free() and media_endpoint_remove() in the below backtrace, as
> that's the function called at profiles/audio/media.c:3651), will send
> a
> D-Bus message which it then waits for the answer to, meaning that
> other
> D-Bus message could be received while we're waiting for the answer,
> and
> then destroying the endpoint.
>
> #11 media_endpoint_destroy at profiles/audio/media.c:231
> #12 media_endpoint_remove at profiles/audio/media.c:314
> #13 path_free at profiles/audio/media.c:3651
> #14 remove_interface at gdbus/object.c:742
> #15 g_dbus_unregister_interface at gdbus/object.c:1499
> #16 g_slist_foreach at ../glib/gslist.c:837
> #17 unload_drivers at src/adapter.c:5932
> #18 adapter_remove at src/adapter.c:7088
> #19 adapter_unregister at src/adapter.c:9504
> #20 index_removed at src/adapter.c:10693
> #21 queue_foreach at src/shared/queue.c:207
> #23 process_notify at src/shared/mgmt.c:349
> #24 can_read_data at src/shared/mgmt.c:409
> #25 watch_callback at src/shared/io-glib.c:173
> #27 g_main_context_dispatch_unlocked at ../glib/gmain.c:4451
> #28 g_main_context_iterate_unlocked at ../glib/gmain.c:4516
> #30 mainloop_run at src/shared/mainloop-glib.c:65
> #31 mainloop_run_with_signal at src/shared/mainloop-notify.c:196
>
> in profiles/audio/media.c:
> 231 g_free(endpoint->capabilities);
>
> See https://bugzilla.redhat.com/show_bug.cgi?id=2467980
> ---
> profiles/audio/media.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/profiles/audio/media.c b/profiles/audio/media.c
> index cdaafb04e38c..ad31872c6431 100644
> --- a/profiles/audio/media.c
> +++ b/profiles/audio/media.c
> @@ -611,6 +611,7 @@ static gboolean set_configuration(struct
> media_endpoint *endpoint,
> static void release_endpoint(struct media_endpoint *endpoint)
> {
> DBusMessage *msg;
> + struct media_adapter *adapter = endpoint->adapter;
>
> DBG("sender=%s path=%s", endpoint->sender, endpoint->path);
>
> @@ -631,7 +632,9 @@ static void release_endpoint(struct
> media_endpoint *endpoint)
> g_dbus_send_message(btd_get_dbus_connection(), msg);
>
> done:
> - media_endpoint_remove(endpoint);
> + /* Make sure endpoint didn't already get removed */
> + if (g_slist_find(adapter->endpoints, endpoint))
> + media_endpoint_remove(endpoint);
> }
>
> static const char *get_name(struct a2dp_sep *sep, void *user_data)
^ permalink raw reply
* [REGRESSION] RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
From: Tj @ 2026-06-02 10:24 UTC (permalink / raw)
To: regressions; +Cc: linux-input, linux-kernel, linux-bluetooth
Hitting this repeatedly with v7.1-rc6. Do not have time right now to
bisect it (and there are two other regressions at the same time).
Symptom is unable to use the Bluetooth keyboard.
It *seems* to be related to the Bluetooth keyboard - trying to shutdown
hangs for 6 minutes whilst systemd tries to kill bluetooth.service but fails
and then fails to power-off (see end of log extracts).
I'm not sure why I see 'samsung_probe' in the call trace since neither the Bluetooth host
adapter nor the keyboard are Samsung but maybe some change related to
that is causing this.
Jun 02 09:25:54 sunny kernel: BUG: unable to handle page fault for address: ffffffffffffffe4
Jun 02 09:25:54 sunny kernel: #PF: supervisor read access in kernel mode
Jun 02 09:25:54 sunny kernel: #PF: error_code(0x0000) - not-present page
Jun 02 09:25:54 sunny kernel: Oops: Oops: 0000 [#1] SMP NOPTI
Jun 02 09:25:54 sunny kernel: CPU: 11 UID: 0 PID: 4009 Comm: (udev-worker) Tainted: G W OE 7.1.0-rc6+debian+tj #446 PREEMPT(lazy)
Jun 02 09:25:54 sunny kernel: Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Jun 02 09:25:54 sunny kernel: Hardware name: System manufacturer System Product Name/PRIME X370-PRO, BIOS 6254 01/05/2026
Jun 02 09:25:54 sunny kernel: RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
Jun 02 09:25:54 sunny kernel: Code: 48 ab 48 8b 42 68 48 8b 95 18 1c 00 00 8b 48 30 48 39 d3 74 45 48 8d 42 c8 eb 0f 66 90 48 8b 50 38 48 8d 42 c8 48 39 d3 74 30 <3b> 48 1c 75 ee 48 85 c0 74 26>
Jun 02 09:25:54 sunny kernel: RSP: 0018:ffffceacce2c7628 EFLAGS: 00010286
Jun 02 09:25:54 sunny kernel: RAX: ffffffffffffffc8 RBX: ffff8b4856a83c18 RCX: 0000000000000003
Jun 02 09:25:54 sunny kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffceacce2c7680
Jun 02 09:25:54 sunny kernel: RBP: ffff8b4856a82000 R08: ffffceacce2c7730 R09: ffffceacce2c772c
Jun 02 09:25:54 sunny kernel: R10: ffff8b488f290488 R11: ffff8b478bec9000 R12: ffffceacce2c7650
Jun 02 09:25:54 sunny kernel: R13: 0000000000000000 R14: 0000000000000000 R15: ffff8b47e6307b00
Jun 02 09:25:54 sunny kernel: FS: 00007f6ee16439c0(0000) GS:ffff8b4ed8fd0000(0000) knlGS:0000000000000000
Jun 02 09:25:54 sunny kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 02 09:25:54 sunny kernel: CR2: ffffffffffffffe4 CR3: 000000010b1c1000 CR4: 0000000000350ef0
Jun 02 09:25:54 sunny kernel: Call Trace:
Jun 02 09:25:54 sunny kernel: <TASK>
Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
Jun 02 09:25:54 sunny kernel: ? dev_set_name+0x5c/0x80
Jun 02 09:25:54 sunny kernel: hidinput_connect+0x935/0x5fb0 [hid]
Jun 02 09:25:54 sunny kernel: hid_connect+0x3d5/0x6a0 [hid]
Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
Jun 02 09:25:54 sunny kernel: ? __wake_up_common+0x78/0xa0
Jun 02 09:25:54 sunny kernel: hid_hw_start+0x40/0x70 [hid]
Jun 02 09:25:54 sunny kernel: samsung_probe+0x31/0x70 [hid_samsung]
Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
Jun 02 09:25:54 sunny kernel: hid_device_probe+0x18d/0x220 [hid]
Jun 02 09:25:54 sunny kernel: ? __pfx___device_attach_driver+0x10/0x10
Jun 02 09:25:54 sunny kernel: really_probe+0xde/0x380
Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
Jun 02 09:25:54 sunny kernel: __driver_probe_device+0x84/0x150
Jun 02 09:25:54 sunny kernel: driver_probe_device+0x1f/0xa0
Jun 02 09:25:54 sunny kernel: __device_attach_driver+0x89/0x130
Jun 02 09:25:54 sunny kernel: bus_for_each_drv+0x97/0xf0
Jun 02 09:25:54 sunny kernel: __device_attach+0xaf/0x1c0
Jun 02 09:25:54 sunny kernel: ? __pfx___hid_bus_reprobe_drivers+0x10/0x10 [hid]
Jun 02 09:25:54 sunny kernel: device_reprobe+0x4e/0x90
Jun 02 09:25:54 sunny kernel: ? __hid_bus_reprobe_drivers+0x3c/0x60 [hid]
Jun 02 09:25:54 sunny kernel: bus_for_each_dev+0x8e/0xe0
Jun 02 09:25:54 sunny kernel: ? __pfx___hid_bus_driver_added+0x10/0x10 [hid]
Jun 02 09:25:54 sunny kernel: __hid_bus_driver_added+0x2f/0x40 [hid]
Jun 02 09:25:54 sunny kernel: bus_for_each_drv+0x97/0xf0
Jun 02 09:25:54 sunny kernel: __hid_register_driver+0x74/0x80 [hid]
Jun 02 09:25:54 sunny kernel: ? __pfx_samsung_driver_init+0x10/0x10 [hid_samsung]
Jun 02 09:25:54 sunny kernel: do_one_initcall+0x5c/0x320
Jun 02 09:25:54 sunny kernel: do_init_module+0x60/0x250
Jun 02 09:25:54 sunny kernel: init_module_from_file+0xd6/0x130
Jun 02 09:25:54 sunny kernel: idempotent_init_module+0x114/0x310
Jun 02 09:25:54 sunny kernel: __x64_sys_finit_module+0x71/0xe0
Jun 02 09:25:54 sunny kernel: do_syscall_64+0xea/0x640
Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
Jun 02 09:25:54 sunny kernel: ? do_fault+0x341/0x530
Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
Jun 02 09:25:54 sunny kernel: ? __handle_mm_fault+0x977/0xf80
Jun 02 09:25:54 sunny kernel: ? __memcg_slab_free_hook+0x16d/0x1c0
Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
Jun 02 09:25:54 sunny kernel: ? count_memcg_events+0xe5/0x1b0
Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
Jun 02 09:25:54 sunny kernel: ? __seccomp_filter+0x42/0x5d0
Jun 02 09:25:54 sunny kernel: ? handle_mm_fault+0x1e2/0x2e0
Jun 02 09:25:54 sunny kernel: ? srso_return_thunk+0x5/0x5f
Jun 02 09:25:54 sunny kernel: ? do_syscall_64+0x9f/0x640
Jun 02 09:25:54 sunny kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
Jun 02 09:25:54 sunny kernel: RIP: 0033:0x7f6ee111a7b9
Jun 02 09:25:54 sunny kernel: Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48>
Jun 02 09:25:54 sunny kernel: RSP: 002b:00007ffe6dd96398 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
Jun 02 09:25:54 sunny kernel: RAX: ffffffffffffffda RBX: 0000556830869b90 RCX: 00007f6ee111a7b9
Jun 02 09:25:54 sunny kernel: RDX: 0000000000000004 RSI: 00007f6ee16ed44d RDI: 0000000000000012
Jun 02 09:25:54 sunny kernel: RBP: 0000000000000004 R08: 0000000000000000 R09: 0000556830667bd0
Jun 02 09:25:54 sunny kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6ee16ed44d
Jun 02 09:25:54 sunny kernel: R13: 0000000000020000 R14: 00005568307db670 R15: 0000000000000000
Jun 02 09:25:54 sunny kernel: </TASK>
Jun 02 09:25:54 sunny kernel: Modules linked in: hid_samsung(+) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device uinput rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rdma_ucm ib_uverbs rdma_cm i>
Jun 02 09:25:54 sunny kernel: uvcvideo wmi_bmof watchdog snd_timer igb rfkill uas mii pcspkr mxm_wmi videobuf2_vmalloc snd ccp k10temp uvc i2c_piix4 dca videobuf2_memops soundcore videobuf2_v4>
Jun 02 09:25:54 sunny kernel: CR2: ffffffffffffffe4
Jun 02 09:25:54 sunny kernel: ---[ end trace 0000000000000000 ]---
Jun 02 09:25:54 sunny kernel: RIP: 0010:hidinput_setup_battery.isra.0+0x6d/0x370 [hid]
Jun 02 09:25:54 sunny kernel: Code: 48 ab 48 8b 42 68 48 8b 95 18 1c 00 00 8b 48 30 48 39 d3 74 45 48 8d 42 c8 eb 0f 66 90 48 8b 50 38 48 8d 42 c8 48 39 d3 74 30 <3b> 48 1c 75 ee 48 85 c0 74 26>
Jun 02 09:25:54 sunny kernel: RSP: 0018:ffffceacce2c7628 EFLAGS: 00010286
Jun 02 09:25:54 sunny kernel: RAX: ffffffffffffffc8 RBX: ffff8b4856a83c18 RCX: 0000000000000003
Jun 02 09:25:54 sunny kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffceacce2c7680
Jun 02 09:25:54 sunny kernel: RBP: ffff8b4856a82000 R08: ffffceacce2c7730 R09: ffffceacce2c772c
Jun 02 09:25:54 sunny kernel: R10: ffff8b488f290488 R11: ffff8b478bec9000 R12: ffffceacce2c7650
Jun 02 09:25:54 sunny kernel: R13: 0000000000000000 R14: 0000000000000000 R15: ffff8b47e6307b00
Jun 02 09:25:54 sunny kernel: FS: 00007f6ee16439c0(0000) GS:ffff8b4ed8fd0000(0000) knlGS:0000000000000000
Jun 02 09:25:54 sunny kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 02 09:25:54 sunny kernel: CR2: ffffffffffffffe4 CR3: 000000010b1c1000 CR4: 0000000000350ef0
Jun 02 09:25:54 sunny systemd-udevd[1703]: 0005:04E8:7021.0006: Worker [4009] terminated by signal 9 (KILL).
Jun 02 09:29:16 sunny rpc.idmapd[3093]: exiting on signal 15
Jun 02 09:30:45 sunny systemd[1]: bluetooth.service: State 'stop-sigterm' timed out. Killing.
Jun 02 09:32:15 sunny systemd[1]: bluetooth.service: Processes still around after SIGKILL. Ignoring.
Jun 02 09:33:45 sunny systemd[1]: bluetooth.service: State 'final-sigterm' timed out. Killing.
Jun 02 09:35:15 sunny systemd[1]: bluetooth.service: Processes still around after final SIGKILL. Entering failed mode.
Jun 02 09:35:15 sunny systemd[1]: bluetooth.service: Failed with result 'timeout'.
^ permalink raw reply
* [BlueZ PATCH 1/1] shared/bap: add ASE Control Point error responses
From: raghu447 @ 2026-06-02 8:29 UTC (permalink / raw)
To: linux-bluetooth; +Cc: raghavendra
In-Reply-To: <20260602082925.7061-1-raghavendra.rao@collabora.com>
From: raghavendra <raghavendra.rao@collabora.com>
These changes are required to Pass BAP/USR/SPE/BI-01[5]-C tests.
---
src/shared/bap.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 76 insertions(+), 2 deletions(-)
diff --git a/src/shared/bap.c b/src/shared/bap.c
index 8fc2fb14d..ce56efbb2 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -3304,6 +3304,33 @@ static uint8_t stream_enable(struct bt_bap_stream *stream, struct iovec *meta,
return 0;
}
+static bool ascs_metadata_rsp(struct bt_bap_endpoint *ep, struct iovec *meta,
+ struct iovec *rsp)
+{
+ struct bt_ltv *ltv;
+ uint16_t context;
+
+ ltv = meta->iov_base;
+ if (meta->iov_len >= sizeof(*ltv) && ltv->type == 0xfc) {
+ ascs_ase_rsp_add(rsp, ep->id,
+ BT_ASCS_RSP_METADATA_UNSUPPORTED, ltv->type);
+ return true;
+ }
+
+ if (meta->iov_len >= sizeof(*ltv) + sizeof(context) &&
+ ltv->type == 0x02 && ltv->len == 0x03) {
+ context = get_le16(ltv->value);
+ if (!context || (context & 0xf000)) {
+ ascs_ase_rsp_add(rsp, ep->id,
+ BT_ASCS_RSP_METADATA_INVALID,
+ ltv->type);
+ return true;
+ }
+ }
+
+ return false;
+}
+
static uint8_t ep_enable(struct bt_bap_endpoint *ep, struct bt_bap *bap,
struct bt_ascs_enable *req, struct iovec *iov,
struct iovec *rsp)
@@ -3335,6 +3362,9 @@ static uint8_t ep_enable(struct bt_bap_endpoint *ep, struct bt_bap *bap,
return 0;
}
+ if (ascs_metadata_rsp(ep, &meta, rsp))
+ return 0;
+
if (!ep->stream) {
DBG(bap, "No stream found");
ascs_ase_rsp_add(rsp, ep->id,
@@ -3568,6 +3598,9 @@ static uint8_t ep_metadata(struct bt_bap_endpoint *ep,
meta.iov_base = util_iov_pull_mem(iov, req->len);
meta.iov_len = req->len;
+ if (ascs_metadata_rsp(ep, &meta, rsp))
+ return 0;
+
return stream_metadata(ep->stream, &meta, rsp);
}
@@ -3673,6 +3706,23 @@ static struct iovec *ascs_ase_cp_rsp_new(uint8_t op)
return iov;
}
+static void ascs_ase_cp_rsp_add_truncated(struct iovec *rsp)
+{
+ ascs_ase_rsp_add_errno(rsp, 0x00, -ENOMSG);
+}
+
+static bool ascs_ase_cp_rsp_invalid_len(uint8_t op, size_t len, uint8_t num)
+{
+ switch (op) {
+ case BT_ASCS_METADATA:
+ return len == num;
+ case BT_ASCS_RELEASE:
+ return true;
+ default:
+ return false;
+ }
+}
+
static void ascs_ase_cp_write(struct gatt_db_attribute *attrib,
unsigned int id, uint16_t offset,
const uint8_t *value, size_t len,
@@ -3697,7 +3747,7 @@ static void ascs_ase_cp_write(struct gatt_db_attribute *attrib,
return;
}
- if (len < sizeof(*hdr)) {
+ if (!len) {
DBG(bap, "invalid len %u < %u sizeof(*hdr)", len,
sizeof(*hdr));
gatt_db_attribute_write_result(attrib, id,
@@ -3705,9 +3755,26 @@ static void ascs_ase_cp_write(struct gatt_db_attribute *attrib,
return;
}
+ if (len < sizeof(*hdr)) {
+ DBG(bap, "invalid len %u < %u sizeof(*hdr)", len,
+ sizeof(*hdr));
+
+ rsp = ascs_ase_cp_rsp_new(value[0]);
+ ascs_ase_cp_rsp_add_truncated(rsp);
+ ret = 0;
+ goto respond;
+ }
+
hdr = util_iov_pull_mem(&iov, sizeof(*hdr));
rsp = ascs_ase_cp_rsp_new(hdr->op);
+ if (!hdr->num) {
+ DBG(bap, "invalid Number_of_ASEs 0");
+ ascs_ase_cp_rsp_add_truncated(rsp);
+ ret = 0;
+ goto respond;
+ }
+
for (handler = handlers; handler && handler->str; handler++) {
if (handler->op != hdr->op)
continue;
@@ -3716,7 +3783,14 @@ static void ascs_ase_cp_write(struct gatt_db_attribute *attrib,
DBG(bap, "invalid len %u < %u "
"hdr->num * handler->size", len,
hdr->num * handler->size);
- ret = BT_ATT_ERROR_INVALID_ATTRIBUTE_VALUE_LEN;
+
+ if (ascs_ase_cp_rsp_invalid_len(hdr->op, iov.iov_len,
+ hdr->num)) {
+ ascs_ase_cp_rsp_add_truncated(rsp);
+ ret = 0;
+ } else
+ ret = BT_ATT_ERROR_INVALID_ATTRIBUTE_VALUE_LEN;
+
goto respond;
}
^ permalink raw reply related
* [BlueZ PATCH 0/1] shared/bap: add ASE Control Point error responses
From: raghu447 @ 2026-06-02 8:29 UTC (permalink / raw)
To: linux-bluetooth; +Cc: raghu447
This patch adds the responses that are expected by PTS.
These changes are requited to Pass PTS tests BAP/USR/SPE/BI-01[5]-C.
raghavendra (1):
shared/bap: add ASE Control Point error responses
src/shared/bap.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 76 insertions(+), 2 deletions(-)
^ permalink raw reply
* Re: [PATCH 7/7] arm64: dts: qcom: sm8350-hdk: describe WiFi/BT chip
From: Bartosz Golaszewski @ 2026-06-02 8:00 UTC (permalink / raw)
To: Dmitry Baryshkov
Cc: linux-arm-msm, linux-pci, linux-kernel, linux-wireless, ath11k,
devicetree, Bartosz Golaszewski, linux-bluetooth,
Manivannan Sadhasivam, Lorenzo Pieralisi,
Krzysztof Wilczyński, Rob Herring, Bjorn Helgaas,
Konrad Dybcio, Qiang Yu, Jeff Johnson, Liam Girdwood, Mark Brown,
Krzysztof Kozlowski, Conor Dooley, Bartosz Golaszewski,
Marcel Holtmann, Luiz Augusto von Dentz, Balakrishna Godavarthi,
Rocky Liao, Bjorn Andersson, Konrad Dybcio
In-Reply-To: <20260601-sm8350-wifi-v1-7-242917d88031@oss.qualcomm.com>
On Mon, 1 Jun 2026 11:46:55 +0200, Dmitry Baryshkov
<dmitry.baryshkov@oss.qualcomm.com> said:
> The SM8350 HDK has onboard WiFi/BT chip, WCN6851. It is an earlier
> version of well-known WCN6855 WiFI/BT SoC. Describe the PMU, BT and WiFI
> parts of the device.
>
> The firmware isn't (yet) available as a part of linux-firmware, so it
> was verified with the firmware files from the vendor-supplied package
> (wcn prefix was applied to Bluetooth firmware files to make them follow
> upstream driver changes, vendor provided hpbtfw10.tlv and hpnv10.b06).
>
> Bluetooth: hci0: QCA Product ID :0x00000013
> Bluetooth: hci0: QCA SOC Version :0x400c0110
> Bluetooth: hci0: QCA ROM Version :0x00000100
> Bluetooth: hci0: QCA Patch Version:0x00001017
> Bluetooth: hci0: QCA controller version 0x01100100
> Bluetooth: hci0: QCA Downloading qca/wcnhpbtfw10.tlv
> Bluetooth: hci0: QCA Downloading qca/wcnhpnv10.b06
> Bluetooth: hci0: QCA setup on UART is completed
> Bluetooth: hci0: HFP non-HCI data transport is supported
>
> ath11k_pci 0000:01:00.0: BAR 0 [mem 0x60400000-0x605fffff 64bit]: assigned
> ath11k_pci 0000:01:00.0: MSI vectors: 32
> ath11k_pci 0000:01:00.0: wcn6855 hw1.1
> mhi mhi0: Requested to power ON
> mhi mhi0: Power on setup success
> mhi mhi0: Wait for device to enter SBL or Mission mode
> ath11k_pci 0000:01:00.0: chip_id 0x0 chip_family 0xb board_id 0x6 soc_id 0x400c0110
> ath11k_pci 0000:01:00.0: fw_version 0x110c80c8 fw_build_timestamp 2021-05-25 21:43 fw_build_id WLAN.HSP.1.1.c3-00200-QCAHSPSWPL_V1_V2_SILICONZ-1
> ath11k_pci 0000:01:00.0 wlp1s0: renamed from wlan0
>
> For the reference, the driver looks for the board data for
> bus=pci,vendor=17cb,device=1103,subsystem-vendor=17cb,subsystem-device=0108,qmi-chip-id=0,qmi-board-id=6,variant=QC_8350_HDK
>
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
> ---
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
^ permalink raw reply
* Re: [PATCH 6/7] arm64: dts: qcom: sm8350: modernize PCIe entries
From: Bartosz Golaszewski @ 2026-06-02 7:59 UTC (permalink / raw)
To: Dmitry Baryshkov
Cc: linux-arm-msm, linux-pci, linux-kernel, linux-wireless, ath11k,
devicetree, Bartosz Golaszewski, linux-bluetooth,
Manivannan Sadhasivam, Lorenzo Pieralisi,
Krzysztof Wilczyński, Rob Herring, Bjorn Helgaas,
Konrad Dybcio, Qiang Yu, Jeff Johnson, Liam Girdwood, Mark Brown,
Krzysztof Kozlowski, Conor Dooley, Bartosz Golaszewski,
Marcel Holtmann, Luiz Augusto von Dentz, Balakrishna Godavarthi,
Rocky Liao, Bjorn Andersson, Konrad Dybcio
In-Reply-To: <20260601-sm8350-wifi-v1-6-242917d88031@oss.qualcomm.com>
On Mon, 1 Jun 2026 11:46:54 +0200, Dmitry Baryshkov
<dmitry.baryshkov@oss.qualcomm.com> said:
> The recent suggestion is to have PERST# / WAKE pins and PHYs in the PCIe
> port rather than RC device. The kernel recently started warning about
> the older style of DT. Modernize DT for SM8350 platform by moving the
> entries under the root port device node.
>
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
> ---
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
^ permalink raw reply
* Re: [PATCH 5/7] arm64: dts: qcom: sm8350: expand UART18 to 4 pins config
From: Bartosz Golaszewski @ 2026-06-02 7:58 UTC (permalink / raw)
To: Dmitry Baryshkov
Cc: linux-arm-msm, linux-pci, linux-kernel, linux-wireless, ath11k,
devicetree, Bartosz Golaszewski, linux-bluetooth,
Manivannan Sadhasivam, Lorenzo Pieralisi,
Krzysztof Wilczyński, Rob Herring, Bjorn Helgaas,
Konrad Dybcio, Qiang Yu, Jeff Johnson, Liam Girdwood, Mark Brown,
Krzysztof Kozlowski, Conor Dooley, Bartosz Golaszewski,
Marcel Holtmann, Luiz Augusto von Dentz, Balakrishna Godavarthi,
Rocky Liao, Bjorn Andersson, Konrad Dybcio
In-Reply-To: <20260601-sm8350-wifi-v1-5-242917d88031@oss.qualcomm.com>
On Mon, 1 Jun 2026 11:46:53 +0200, Dmitry Baryshkov
<dmitry.baryshkov@oss.qualcomm.com> said:
> On SM8350 platforms the primary use of UART18 is a 4-pin UART (targeting
> Bluetooth or other similar applications). Add all 4 pins to the default
> pinctrl entry for the UART.
>
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
> ---
> arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm64/boot/dts/qcom/sm8350.dtsi b/arch/arm64/boot/dts/qcom/sm8350.dtsi
> index c830953156ec..eb2a795d8edb 100644
> --- a/arch/arm64/boot/dts/qcom/sm8350.dtsi
> +++ b/arch/arm64/boot/dts/qcom/sm8350.dtsi
> @@ -3309,7 +3309,7 @@ qup_uart6_default: qup-uart6-default-state {
> };
>
> qup_uart18_default: qup-uart18-default-state {
> - pins = "gpio68", "gpio69";
> + pins = "gpio68", "gpio69", "gpio70", "gpio71";
> function = "qup18";
> drive-strength = <2>;
> bias-disable;
>
> --
> 2.47.3
>
>
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
^ permalink raw reply
* Re: [PATCH 4/7] dt-bindings: bluetooth: qcom,wcn6855-bt: document WCN6851
From: Bartosz Golaszewski @ 2026-06-02 7:56 UTC (permalink / raw)
To: Dmitry Baryshkov
Cc: Manivannan Sadhasivam, Lorenzo Pieralisi,
Krzysztof Wilczyński, Rob Herring, Bjorn Helgaas,
Konrad Dybcio, Qiang Yu, Jeff Johnson, Liam Girdwood, Mark Brown,
Krzysztof Kozlowski, Conor Dooley, Bartosz Golaszewski,
Marcel Holtmann, Luiz Augusto von Dentz, Balakrishna Godavarthi,
Rocky Liao, Bjorn Andersson, Konrad Dybcio, linux-arm-msm,
linux-pci, linux-kernel, linux-wireless, ath11k, devicetree,
Bartosz Golaszewski, linux-bluetooth
In-Reply-To: <20260601-sm8350-wifi-v1-4-242917d88031@oss.qualcomm.com>
On Mon, 1 Jun 2026 11:46:52 +0200, Dmitry Baryshkov
<dmitry.baryshkov@oss.qualcomm.com> said:
> WCN6851 is an earlier version of WCN6855 WiFi/BT chip, compatible with
> it. Add a device-specific compat string with the fallback to WCN6855
> one.
>
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
> ---
> .../devicetree/bindings/net/bluetooth/qcom,wcn6855-bt.yaml | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/devicetree/bindings/net/bluetooth/qcom,wcn6855-bt.yaml b/Documentation/devicetree/bindings/net/bluetooth/qcom,wcn6855-bt.yaml
> index 0beda26ae8bb..ec766f40a042 100644
> --- a/Documentation/devicetree/bindings/net/bluetooth/qcom,wcn6855-bt.yaml
> +++ b/Documentation/devicetree/bindings/net/bluetooth/qcom,wcn6855-bt.yaml
> @@ -13,8 +13,12 @@ maintainers:
>
> properties:
> compatible:
> - enum:
> - - qcom,wcn6855-bt
> + oneOf:
> + - items:
> + - const: qcom,wcn6851-bt
> + - const: qcom,wcn6855-bt
> + - enum:
> + - qcom,wcn6855-bt
>
> enable-gpios:
> maxItems: 1
>
> --
> 2.47.3
>
>
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
^ permalink raw reply
* Re: [PATCH 3/7] regulator: dt-bindings: qcom,qca6390-pmu: document WCN6851
From: Bartosz Golaszewski @ 2026-06-02 7:54 UTC (permalink / raw)
To: Dmitry Baryshkov
Cc: linux-arm-msm, linux-pci, linux-kernel, linux-wireless, ath11k,
devicetree, Bartosz Golaszewski, linux-bluetooth,
Manivannan Sadhasivam, Lorenzo Pieralisi,
Krzysztof Wilczyński, Rob Herring, Bjorn Helgaas,
Konrad Dybcio, Qiang Yu, Jeff Johnson, Liam Girdwood, Mark Brown,
Krzysztof Kozlowski, Conor Dooley, Bartosz Golaszewski,
Marcel Holtmann, Luiz Augusto von Dentz, Balakrishna Godavarthi,
Rocky Liao, Bjorn Andersson, Konrad Dybcio
In-Reply-To: <20260601-sm8350-wifi-v1-3-242917d88031@oss.qualcomm.com>
On Mon, 1 Jun 2026 11:46:51 +0200, Dmitry Baryshkov
<dmitry.baryshkov@oss.qualcomm.com> said:
> WCN6851 is an earlier version of WCN6855 WiFi/BT chip, compatible with
> it. Add a device-specific compat string with the fallback to WCN6855
> one.
>
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
> ---
> Documentation/devicetree/bindings/regulator/qcom,qca6390-pmu.yaml | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/Documentation/devicetree/bindings/regulator/qcom,qca6390-pmu.yaml b/Documentation/devicetree/bindings/regulator/qcom,qca6390-pmu.yaml
> index 105174df7df2..3d3c6fa7ecbc 100644
> --- a/Documentation/devicetree/bindings/regulator/qcom,qca6390-pmu.yaml
> +++ b/Documentation/devicetree/bindings/regulator/qcom,qca6390-pmu.yaml
> @@ -21,6 +21,10 @@ properties:
> - enum:
> - qcom,wcn6755-pmu
> - const: qcom,wcn6750-pmu
> + - items:
> + - enum:
> + - qcom,wcn6851-pmu
> + - const: qcom,wcn6855-pmu
>
> - enum:
> - qcom,qca6390-pmu
>
> --
> 2.47.3
>
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
^ permalink raw reply
* Re: [PATCH 2/7] wifi: ath11k: enable support for WCN6851
From: Bartosz Golaszewski @ 2026-06-02 7:53 UTC (permalink / raw)
To: Dmitry Baryshkov
Cc: linux-arm-msm, linux-pci, linux-kernel, linux-wireless, ath11k,
devicetree, Bartosz Golaszewski, linux-bluetooth,
Manivannan Sadhasivam, Lorenzo Pieralisi,
Krzysztof Wilczyński, Rob Herring, Bjorn Helgaas,
Konrad Dybcio, Qiang Yu, Jeff Johnson, Liam Girdwood, Mark Brown,
Krzysztof Kozlowski, Conor Dooley, Bartosz Golaszewski,
Marcel Holtmann, Luiz Augusto von Dentz, Balakrishna Godavarthi,
Rocky Liao, Bjorn Andersson, Konrad Dybcio
In-Reply-To: <20260601-sm8350-wifi-v1-2-242917d88031@oss.qualcomm.com>
On Mon, 1 Jun 2026 11:46:50 +0200, Dmitry Baryshkov
<dmitry.baryshkov@oss.qualcomm.com> said:
> The WCN6851, found e.g. on SM8350 platforms, is an earlier version of
> WCN6855 platform. It identifies itself as hw1.1. Copy WCN6855 hw 2.0
> configuration to support hw1.1 version.
>
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
> ---
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
^ permalink raw reply
* RE: [v2] profile: Set L2CAP IMTU for external profile listeners
From: bluez.test.bot @ 2026-06-02 7:08 UTC (permalink / raw)
To: linux-bluetooth, wei.deng
In-Reply-To: <20260602031719.679979-1-wei.deng@oss.qualcomm.com>
[-- Attachment #1: Type: text/plain, Size: 826 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1104327
---Test result---
Test Summary:
CheckPatch PASS 0.42 seconds
GitLint PASS 1.32 seconds
BuildEll PASS 20.60 seconds
BluezMake PASS 666.26 seconds
CheckSmatch PASS 365.80 seconds
bluezmakeextell PASS 187.14 seconds
IncrementalBuild PASS 659.47 seconds
ScanBuild PASS 1050.72 seconds
https://github.com/bluez/bluez/pull/2164
---
Regards,
Linux Bluetooth
^ permalink raw reply
* [PATCH v2] Bluetooth: hci_event: fix simultaneous discovery stuck in FINDING
From: Jiajia Liu @ 2026-06-02 7:00 UTC (permalink / raw)
To: Marcel Holtmann, Luiz Augusto von Dentz, Brian Gix
Cc: linux-bluetooth, linux-kernel, Jiajia Liu, Jiajia Liu
When hci_inquiry_complete_evt is called between le_scan_disable and
le_set_scan_enable_complete and no remote name needs to be resolved,
the interleaved discovery with SIMULTANEOUS quirk gets stuck in
DISCOVERY_FINDING. le_set_scan_enable_complete does not check inquiry
state. No one sets DISCOVERY_STOPPED in this process.
Add state check in le_set_scan_enable_complete and change state if
the state is DISCOVERY_FINDING. Tested with AX201 (8087:0026) in Dell
Vostro 13. Discovering disabled MGMT Event below is reported when
running into the above condition.
@ MGMT Command: Start Discovery (0x0023) {0x0001} [hci0] 10885.970873
Address type: 0x07
BR/EDR
LE Public
LE Random
...
< HCI Command: LE Set Extended Scan Enable #38205 [hci0] 10886.131438
Extended scan: Enabled (0x01)
Filter duplicates: Enabled (0x01)
Duration: 0 msec (0x0000)
Period: 0.00 sec (0x0000)
> HCI Event: Command Complete (0x0e) plen 4 #38206 [hci0] 10886.133295
LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
Status: Success (0x00)
@ MGMT Event: Discovering (0x0013) plen 2 {0x0001} [hci0] 10886.133414
Address type: 0x07
BR/EDR
LE Public
LE Random
Discovery: Enabled (0x01)
< HCI Command: Inquiry (0x01|0x0001) plen 5 #38207 [hci0] 10886.133528
Access code: 0x9e8b33 (General Inquiry)
Length: 10.24s (0x08)
Num responses: 0
> HCI Event: Command Status (0x0f) plen 4 #38208 [hci0] 10886.141333
Inquiry (0x01|0x0001) ncmd 2
Status: Success (0x00)
...
< HCI Command: LE Set Extended Scan Enable #38242 [hci0] 10896.381802
Extended scan: Disabled (0x00)
Filter duplicates: Disabled (0x00)
Duration: 0 msec (0x0000)
Period: 0.00 sec (0x0000)
> HCI Event: Inquiry Complete (0x01) plen 1 #38243 [hci0] 10896.383419
Status: Success (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #38244 [hci0] 10896.394378
LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
Status: Success (0x00)
@ MGMT Event: Device Found (0x0012) plen 22 {0x0001} [hci0] 10896.394497
LE Address: 88:12:AC:92:43:69
RSSI: -101 dBm (0x9b)
Flags: 0x00000004
Not Connectable
Data length: 8
Company: Xiaomi Inc. (911)
Data[0]:
16-bit Service UUIDs (complete): 1 entry
Xiaomi Inc. (0xfdaa)
@ MGMT Event: Discovering (0x0013) plen 2 {0x0001} [hci0] 10896.394506
Address type: 0x07
BR/EDR
LE Public
LE Random
Discovery: Disabled (0x00)
Fixes: 8ffde2a73f2c ("Bluetooth: Convert le_scan_disable timeout to hci_sync")
Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
---
Changes in v2:
- move the handler to hci_event.c
- remove unnecessary bt_dev_dbg
- update commit message
---
net/bluetooth/hci_event.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index eea2f810aafa..1cd5f97daafe 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1769,6 +1769,13 @@ static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
hci_dev_clear_flag(hdev, HCI_LE_SCAN);
+ if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
+ hci_test_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY) &&
+ !test_bit(HCI_INQUIRY, &hdev->flags) &&
+ hdev->discovery.state == DISCOVERY_FINDING) {
+ hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
+ }
+
/* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
* interrupted scanning due to a connect request. Mark
* therefore discovery as stopped.
--
2.53.0
^ permalink raw reply related
* [bluez/bluez]
From: BluezTestBot @ 2026-06-02 6:18 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1099144
Home: https://github.com/bluez/bluez
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [bluez/bluez] 1b39ef: profile: Set L2CAP IMTU for external profile liste...
From: github-actions[bot] @ 2026-06-02 6:18 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1104327
Home: https://github.com/bluez/bluez
Commit: 1b39efe9c30d37330412342b59bce41297d68799
https://github.com/bluez/bluez/commit/1b39efe9c30d37330412342b59bce41297d68799
Author: Wei Deng <wei.deng@oss.qualcomm.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M src/profile.c
Log Message:
-----------
profile: Set L2CAP IMTU for external profile listeners
bt_io_listen() in ext_start_servers() creates the L2CAP listening
socket for external profiles without an explicit IMTU. This causes
the socket to use the L2CAP minimum of 672 bytes, which is advertised
to the peer in L2CAP_CONFIGURATION_RSP.
As a result, when acting as a server (receiver), the peer limits its
outgoing PDU size to our advertised 672 bytes. This leads to small
OBEX body chunks (~669 bytes) and severely degraded Rx throughput,
while Tx throughput is unaffected since the peer's IMTU is not
constrained by our setting.
The obexd client side (obexd/client/bluetooth.c) already sets IMTU to
BT_RX_MTU (32767) for outgoing connections. Mirror that on the server
side by setting BT_IO_OPT_IMTU to BT_RX_MTU in ext_start_servers(),
so incoming connections advertise the same maximum receive capability.
Signed-off-by: Wei Deng <wei.deng@oss.qualcomm.com>
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [PATCH v2] profile: Set L2CAP IMTU for external profile listeners
From: Wei Deng @ 2026-06-02 3:17 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <20260522054015.431152-1-wei.deng@oss.qualcomm.com>
bt_io_listen() in ext_start_servers() creates the L2CAP listening
socket for external profiles without an explicit IMTU. This causes
the socket to use the L2CAP minimum of 672 bytes, which is advertised
to the peer in L2CAP_CONFIGURATION_RSP.
As a result, when acting as a server (receiver), the peer limits its
outgoing PDU size to our advertised 672 bytes. This leads to small
OBEX body chunks (~669 bytes) and severely degraded Rx throughput,
while Tx throughput is unaffected since the peer's IMTU is not
constrained by our setting.
The obexd client side (obexd/client/bluetooth.c) already sets IMTU to
BT_RX_MTU (32767) for outgoing connections. Mirror that on the server
side by setting BT_IO_OPT_IMTU to BT_RX_MTU in ext_start_servers(),
so incoming connections advertise the same maximum receive capability.
Signed-off-by: Wei Deng <wei.deng@oss.qualcomm.com>
---
src/profile.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/profile.c b/src/profile.c
index dfc5f7161..297959f3c 100644
--- a/src/profile.c
+++ b/src/profile.c
@@ -55,6 +55,8 @@
#define MAS_DEFAULT_CHANNEL 16
#define MNS_DEFAULT_CHANNEL 17
+#define BT_RX_MTU 32767
+
#define BTD_PROFILE_PSM_AUTO -1
#define BTD_PROFILE_CHAN_AUTO -1
@@ -1411,6 +1413,7 @@ static uint32_t ext_start_servers(struct ext_profile *ext,
BT_IO_OPT_MODE, ext->mode,
BT_IO_OPT_PSM, psm,
BT_IO_OPT_SEC_LEVEL, ext->sec_level,
+ BT_IO_OPT_IMTU, BT_RX_MTU,
BT_IO_OPT_INVALID);
if (err != NULL) {
error("L2CAP server failed for %s: %s",
--
2.34.1
^ permalink raw reply related
* Re: [PATCH net] 6lowpan: fix off-by-one in multicast context address compression
From: patchwork-bot+netdevbpf @ 2026-06-02 2:30 UTC (permalink / raw)
To: Yizhou Zhao
Cc: netdev, alex.aring, davem, edumazet, kuba, pabeni, horms,
linux-bluetooth, linux-wpan, linux-kernel, yangyx22, wangao,
fengxw06, qli01, xuke
In-Reply-To: <20260527081806.42747-1-zhaoyz24@mails.tsinghua.edu.cn>
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Wed, 27 May 2026 16:18:01 +0800 you wrote:
> The second memcpy in lowpan_iphc_mcast_ctx_addr_compress() uses
> &data[1] as destination and &ipaddr->s6_addr[11] as source, but
> both should be offset by one: &data[2] and &ipaddr->s6_addr[12]
> respectively.
>
> This off-by-one has two consequences:
> 1. data[1] is overwritten with s6_addr[11], corrupting the RIID
> field in the compressed multicast address
> 2. data[5] is never written, so uninitialized kernel stack memory
> is transmitted over the network via lowpan_push_hc_data(),
> leaking kernel stack contents
>
> [...]
Here is the summary with links:
- [net] 6lowpan: fix off-by-one in multicast context address compression
https://git.kernel.org/netdev/net/c/2a58899d1100
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox