* [PATCH v2 2/7] wifi: ath11k: enable support for WCN6851
From: Dmitry Baryshkov @ 2026-06-08 6:59 UTC (permalink / raw)
To: Manivannan Sadhasivam, Lorenzo Pieralisi,
Krzysztof Wilczyński, Rob Herring, Bjorn Helgaas,
Konrad Dybcio, Qiang Yu, Jeff Johnson, Liam Girdwood, Mark Brown,
Krzysztof Kozlowski, Conor Dooley, Bartosz Golaszewski,
Marcel Holtmann, Luiz Augusto von Dentz, Balakrishna Godavarthi,
Rocky Liao, Bjorn Andersson, Konrad Dybcio
Cc: linux-arm-msm, linux-pci, linux-kernel, linux-wireless, ath11k,
devicetree, Bartosz Golaszewski, linux-bluetooth,
Bartosz Golaszewski
In-Reply-To: <20260608-sm8350-wifi-v2-0-efb68f1ff04c@oss.qualcomm.com>
The WCN6851, found e.g. on SM8350 platforms, is an earlier version of
WCN6855 platform. It identifies itself as hw1.1. Copy WCN6855 hw 2.0
configuration to support hw1.1 version.
Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
---
drivers/net/wireless/ath/ath11k/core.c | 92 ++++++++++++++++++++++++++++++++++
drivers/net/wireless/ath/ath11k/core.h | 1 +
drivers/net/wireless/ath/ath11k/mhi.c | 1 +
drivers/net/wireless/ath/ath11k/pci.c | 9 ++++
drivers/net/wireless/ath/ath11k/pcic.c | 11 ++++
5 files changed, 114 insertions(+)
diff --git a/drivers/net/wireless/ath/ath11k/core.c b/drivers/net/wireless/ath/ath11k/core.c
index 8dacc878c006..78a226ca081c 100644
--- a/drivers/net/wireless/ath/ath11k/core.c
+++ b/drivers/net/wireless/ath/ath11k/core.c
@@ -393,6 +393,98 @@ static const struct ath11k_hw_params ath11k_hw_params[] = {
.cfr_num_stream_bufs = 0,
.cfr_stream_buf_size = 0,
},
+ {
+ .name = "wcn6855 hw1.1",
+ .hw_rev = ATH11K_HW_WCN6855_HW11,
+ .fw = {
+ .dir = "WCN6855/hw1.1",
+ .board_size = 256 * 1024,
+ .cal_offset = 128 * 1024,
+ },
+ .max_radios = 3,
+ .bdf_addr = 0x4B0C0000,
+ .hw_ops = &wcn6855_ops,
+ .ring_mask = &ath11k_hw_ring_mask_qca6390,
+ .internal_sleep_clock = true,
+ .regs = &wcn6855_regs,
+ .qmi_service_ins_id = ATH11K_QMI_WLFW_SERVICE_INS_ID_V01_QCA6390,
+ .host_ce_config = ath11k_host_ce_config_qca6390,
+ .ce_count = 9,
+ .target_ce_config = ath11k_target_ce_config_wlan_qca6390,
+ .target_ce_count = 9,
+ .svc_to_ce_map = ath11k_target_service_to_ce_map_wlan_qca6390,
+ .svc_to_ce_map_len = 14,
+ .ce_ie_addr = &ath11k_ce_ie_addr_ipq8074,
+ .single_pdev_only = true,
+ .rxdma1_enable = false,
+ .num_rxdma_per_pdev = 2,
+ .rx_mac_buf_ring = true,
+ .vdev_start_delay = true,
+ .htt_peer_map_v2 = false,
+
+ .spectral = {
+ .fft_sz = 0,
+ .fft_pad_sz = 0,
+ .summary_pad_sz = 0,
+ .fft_hdr_len = 0,
+ .max_fft_bins = 0,
+ .fragment_160mhz = false,
+ },
+
+ .interface_modes = BIT(NL80211_IFTYPE_STATION) |
+ BIT(NL80211_IFTYPE_AP) |
+ BIT(NL80211_IFTYPE_P2P_DEVICE) |
+ BIT(NL80211_IFTYPE_P2P_CLIENT) |
+ BIT(NL80211_IFTYPE_P2P_GO),
+ .supports_monitor = false,
+ .full_monitor_mode = false,
+ .supports_shadow_regs = true,
+ .idle_ps = true,
+ .supports_sta_ps = true,
+ .coldboot_cal_mm = false,
+ .coldboot_cal_ftm = false,
+ .cbcal_restart_fw = false,
+ .fw_mem_mode = 0,
+ .num_vdevs = 4,
+ .num_peers = 512,
+ .supports_suspend = true,
+ .hal_desc_sz = sizeof(struct hal_rx_desc_wcn6855),
+ .supports_regdb = true,
+ .fix_l1ss = false,
+ .credit_flow = true,
+ .hal_params = &ath11k_hw_hal_params_qca6390,
+ .supports_dynamic_smps_6ghz = false,
+ .alloc_cacheable_memory = false,
+ .supports_rssi_stats = true,
+ .fw_wmi_diag_event = true,
+ .current_cc_support = true,
+ .dbr_debug_support = false,
+ .global_reset = true,
+ .bios_sar_capa = &ath11k_hw_sar_capa_wcn6855,
+ .m3_fw_support = true,
+ .fixed_bdf_addr = false,
+ .fixed_mem_region = false,
+ .static_window_map = false,
+ .hybrid_bus_type = false,
+ .fixed_fw_mem = false,
+ .support_off_channel_tx = true,
+ .supports_multi_bssid = true,
+
+ .sram_dump = {
+ .start = 0x01400000,
+ .end = 0x0177ffff,
+ },
+
+ .tcl_ring_retry = true,
+ .tx_ring_size = DP_TCL_DATA_RING_SIZE,
+ .smp2p_wow_exit = false,
+ .support_fw_mac_sequence = true,
+ .support_dual_stations = true,
+ .pdev_suspend = false,
+ .cfr_support = false,
+ .cfr_num_stream_bufs = 0,
+ .cfr_stream_buf_size = 0,
+ },
{
.name = "wcn6855 hw2.0",
.hw_rev = ATH11K_HW_WCN6855_HW20,
diff --git a/drivers/net/wireless/ath/ath11k/core.h b/drivers/net/wireless/ath/ath11k/core.h
index a0d725923ef2..29727ee94bfc 100644
--- a/drivers/net/wireless/ath/ath11k/core.h
+++ b/drivers/net/wireless/ath/ath11k/core.h
@@ -147,6 +147,7 @@ enum ath11k_hw_rev {
ATH11K_HW_QCA6390_HW20,
ATH11K_HW_IPQ6018_HW10,
ATH11K_HW_QCN9074_HW10,
+ ATH11K_HW_WCN6855_HW11,
ATH11K_HW_WCN6855_HW20,
ATH11K_HW_WCN6855_HW21,
ATH11K_HW_WCN6750_HW10,
diff --git a/drivers/net/wireless/ath/ath11k/mhi.c b/drivers/net/wireless/ath/ath11k/mhi.c
index a6c9ff112c68..c94546c367a7 100644
--- a/drivers/net/wireless/ath/ath11k/mhi.c
+++ b/drivers/net/wireless/ath/ath11k/mhi.c
@@ -393,6 +393,7 @@ int ath11k_mhi_register(struct ath11k_pci *ab_pci)
ath11k_mhi_config = &ath11k_mhi_config_qcn9074;
break;
case ATH11K_HW_QCA6390_HW20:
+ case ATH11K_HW_WCN6855_HW11:
case ATH11K_HW_WCN6855_HW20:
case ATH11K_HW_WCN6855_HW21:
case ATH11K_HW_QCA2066_HW21:
diff --git a/drivers/net/wireless/ath/ath11k/pci.c b/drivers/net/wireless/ath/ath11k/pci.c
index 35bb9e7a63a2..dc1dfd219d88 100644
--- a/drivers/net/wireless/ath/ath11k/pci.c
+++ b/drivers/net/wireless/ath/ath11k/pci.c
@@ -1031,6 +1031,15 @@ static int ath11k_pci_probe(struct pci_dev *pdev,
ath11k_pci_read_hw_version(ab, &soc_hw_version_major,
&soc_hw_version_minor);
switch (soc_hw_version_major) {
+ case 1:
+ switch (soc_hw_version_minor) {
+ case 0x10:
+ ab->hw_rev = ATH11K_HW_WCN6855_HW11;
+ break;
+ default:
+ goto unsupported_wcn6855_soc;
+ }
+ break;
case 2:
switch (soc_hw_version_minor) {
case 0x00:
diff --git a/drivers/net/wireless/ath/ath11k/pcic.c b/drivers/net/wireless/ath/ath11k/pcic.c
index fc6e7da05c60..0f4dc05cc5b5 100644
--- a/drivers/net/wireless/ath/ath11k/pcic.c
+++ b/drivers/net/wireless/ath/ath11k/pcic.c
@@ -86,6 +86,17 @@ static const struct ath11k_msi_config ath11k_msi_config[] = {
},
.hw_rev = ATH11K_HW_QCN9074_HW10,
},
+ {
+ .total_vectors = 32,
+ .total_users = 4,
+ .users = (struct ath11k_msi_user[]) {
+ { .name = "MHI", .num_vectors = 3, .base_vector = 0 },
+ { .name = "CE", .num_vectors = 10, .base_vector = 3 },
+ { .name = "WAKE", .num_vectors = 1, .base_vector = 13 },
+ { .name = "DP", .num_vectors = 18, .base_vector = 14 },
+ },
+ .hw_rev = ATH11K_HW_WCN6855_HW11,
+ },
{
.total_vectors = 32,
.total_users = 4,
--
2.47.3
^ permalink raw reply related
* [PATCH v2 1/7] PCI: qcom: fix parsing of PERST# in the legacy case
From: Dmitry Baryshkov @ 2026-06-08 6:59 UTC (permalink / raw)
To: Manivannan Sadhasivam, Lorenzo Pieralisi,
Krzysztof Wilczyński, Rob Herring, Bjorn Helgaas,
Konrad Dybcio, Qiang Yu, Jeff Johnson, Liam Girdwood, Mark Brown,
Krzysztof Kozlowski, Conor Dooley, Bartosz Golaszewski,
Marcel Holtmann, Luiz Augusto von Dentz, Balakrishna Godavarthi,
Rocky Liao, Bjorn Andersson, Konrad Dybcio
Cc: linux-arm-msm, linux-pci, linux-kernel, linux-wireless, ath11k,
devicetree, Bartosz Golaszewski, linux-bluetooth
In-Reply-To: <20260608-sm8350-wifi-v2-0-efb68f1ff04c@oss.qualcomm.com>
Commit deed8aec62dc ("PCI: qcom: Handle mixed PERST#/PHY DT
configuration") fixed support for the "mixed" platforms which declare
PERST# pin the RC node and the PHY in the RP node, however it also broke
support for a majority of existing platforms, which declare both PERST#
and PHY in the RC node, because now PERST# is first acquired in
qcom_pcie_parse_ports(), which then returns -ENODEV (as there are no
PHYs in the RP nodes). Later qcom_pcie_parse_legacy_binding() tries to
acquire the PERST# GPIO again and fails with -EBUSY (as the GPIO has
already been requested).
Move parsing of RC's perst-gpios to qcom_pcie_probe(), making it obvious
that it's shared for both cases and skip parsing it in both functions.
Fixes: deed8aec62dc ("PCI: qcom: Handle mixed PERST#/PHY DT configuration")
Closes: https://lore.kernel.org/r/gieaybsg2ckxpctvqj77nlwu7utama2yeyvebkonmexsxrra3v@v3fobqasxnmy/
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
---
drivers/pci/controller/dwc/pcie-qcom.c | 25 ++++++++++---------------
1 file changed, 10 insertions(+), 15 deletions(-)
diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c
index 11fc60489892..7664c7c28c0e 100644
--- a/drivers/pci/controller/dwc/pcie-qcom.c
+++ b/drivers/pci/controller/dwc/pcie-qcom.c
@@ -1907,15 +1907,6 @@ static int qcom_pcie_parse_ports(struct qcom_pcie *pcie)
struct device *dev = pcie->pci->dev;
int ret = -ENODEV;
- if (of_find_property(dev->of_node, "perst-gpios", NULL)) {
- pcie->reset = devm_gpiod_get_optional(dev, "perst",
- GPIOD_OUT_HIGH);
- if (IS_ERR(pcie->reset))
- return PTR_ERR(pcie->reset);
-
- dev_warn(dev, "Reusing PERST# from Root Complex node. DT needs to be fixed!\n");
- }
-
for_each_available_child_of_node_scoped(dev->of_node, of_port) {
if (!of_node_is_type(of_port, "pci"))
continue;
@@ -1942,7 +1933,6 @@ static int qcom_pcie_parse_legacy_binding(struct qcom_pcie *pcie)
struct device *dev = pcie->pci->dev;
struct qcom_pcie_perst *perst;
struct qcom_pcie_port *port;
- struct gpio_desc *reset;
struct phy *phy;
int ret;
@@ -1950,10 +1940,6 @@ static int qcom_pcie_parse_legacy_binding(struct qcom_pcie *pcie)
if (IS_ERR(phy))
return PTR_ERR(phy);
- reset = devm_gpiod_get_optional(dev, "perst", GPIOD_OUT_HIGH);
- if (IS_ERR(reset))
- return PTR_ERR(reset);
-
ret = phy_init(phy);
if (ret)
return ret;
@@ -1970,7 +1956,7 @@ static int qcom_pcie_parse_legacy_binding(struct qcom_pcie *pcie)
INIT_LIST_HEAD(&port->list);
list_add_tail(&port->list, &pcie->ports);
- perst->desc = reset;
+ perst->desc = pcie->reset;
INIT_LIST_HEAD(&port->perst);
INIT_LIST_HEAD(&perst->list);
list_add_tail(&perst->list, &port->perst);
@@ -2107,6 +2093,15 @@ static int qcom_pcie_probe(struct platform_device *pdev)
pp->ops = &qcom_pcie_dw_ops;
+ if (of_find_property(dev->of_node, "perst-gpios", NULL)) {
+ pcie->reset = devm_gpiod_get_optional(dev, "perst",
+ GPIOD_OUT_HIGH);
+ if (IS_ERR(pcie->reset))
+ return PTR_ERR(pcie->reset);
+
+ dev_warn(dev, "Reusing PERST# from Root Complex node. DT needs to be updated!\n");
+ }
+
ret = qcom_pcie_parse_ports(pcie);
if (ret) {
if (ret != -ENODEV) {
--
2.47.3
^ permalink raw reply related
* [PATCH v2 0/7] arm64: dts: qcom: enable WiFi/BT on SM8350 HDK
From: Dmitry Baryshkov @ 2026-06-08 6:59 UTC (permalink / raw)
To: Manivannan Sadhasivam, Lorenzo Pieralisi,
Krzysztof Wilczyński, Rob Herring, Bjorn Helgaas,
Konrad Dybcio, Qiang Yu, Jeff Johnson, Liam Girdwood, Mark Brown,
Krzysztof Kozlowski, Conor Dooley, Bartosz Golaszewski,
Marcel Holtmann, Luiz Augusto von Dentz, Balakrishna Godavarthi,
Rocky Liao, Bjorn Andersson, Konrad Dybcio
Cc: linux-arm-msm, linux-pci, linux-kernel, linux-wireless, ath11k,
devicetree, Bartosz Golaszewski, linux-bluetooth,
Bartosz Golaszewski
The SM8350 HDK has an onboard WCN6851 WiFi/BT chip, which for a long
time was not supported. Bring up different pieces required to enable
this SoC.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com>
---
Changes in v2:
- Bumped num_vdevs to 4 to follow other similar devices (Jeff)
- Link to v1: https://patch.msgid.link/20260601-sm8350-wifi-v1-0-242917d88031@oss.qualcomm.com
---
Dmitry Baryshkov (7):
PCI: qcom: fix parsing of PERST# in the legacy case
wifi: ath11k: enable support for WCN6851
regulator: dt-bindings: qcom,qca6390-pmu: document WCN6851
dt-bindings: bluetooth: qcom,wcn6855-bt: document WCN6851
arm64: dts: qcom: sm8350: expand UART18 to 4 pins config
arm64: dts: qcom: sm8350: modernize PCIe entries
arm64: dts: qcom: sm8350-hdk: describe WiFi/BT chip
.../bindings/net/bluetooth/qcom,wcn6855-bt.yaml | 8 +-
.../bindings/regulator/qcom,qca6390-pmu.yaml | 4 +
arch/arm64/boot/dts/qcom/sm8350-hdk.dts | 142 ++++++++++++++++++++-
arch/arm64/boot/dts/qcom/sm8350.dtsi | 14 +-
drivers/net/wireless/ath/ath11k/core.c | 92 +++++++++++++
drivers/net/wireless/ath/ath11k/core.h | 1 +
drivers/net/wireless/ath/ath11k/mhi.c | 1 +
drivers/net/wireless/ath/ath11k/pci.c | 9 ++
drivers/net/wireless/ath/ath11k/pcic.c | 11 ++
drivers/pci/controller/dwc/pcie-qcom.c | 25 ++--
10 files changed, 275 insertions(+), 32 deletions(-)
---
base-commit: 6e845bcb78c95af935094040bd4edc3c2b6dd784
change-id: 20260531-sm8350-wifi-3b0659bc183a
Best regards,
--
With best wishes
Dmitry
^ permalink raw reply
* [bluez/bluez]
From: BluezTestBot @ 2026-06-08 1:59 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1091848
Home: https://github.com/bluez/bluez
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* Re: [PATCH] Bluetooth: btmtk: Fix MT7925 WMT command timeout due to sleep protection
From: Danny Messina @ 2026-06-07 14:46 UTC (permalink / raw)
To: Chris Lu (陸稚泓)
Cc: luiz.dentz@gmail.com, SS Wu (巫憲欣),
marcel@holtmann.org, linux-bluetooth@vger.kernel.org,
Peter Tsao (曹珆彰)
In-Reply-To: <d5e35fb7ea067f1e66ade131db0f64d1021499f2.camel@mediatek.com>
Hi Chris,
Thanks -- I retested on v7.1-rc and the WMT command timeout no longer
reproduces.
Test setup:
- Kernel: 7.1.0-rc6 (Fedora, 7.1.0-0.rc6.260604g...fc45)
- HW: MT7925 (RZ717), BT iface USB 0e8d:0717
- Firmware build time: 20260414
- BlueZ: 5.86
Previously (6.18.7) setup failed with -110 on the wmt patch download
and "Execution of wmt command timed out". On 7.1.0-rc6 none of those
appear; hci0 completes setup (AOSP v1.00, MGMT 1.23), bluetoothd runs,
and an MX Ergo S Plus paired and works as a BT HID device. mt7925e
Wi-Fi associates and scans on the same boot.
Your change resolves the timeout. Your change resolves the timeout, so
I'll withdraw my patch as superseded.
Thanks,
Danny
^ permalink raw reply
* RE: [v1] Bluetooth: btintel_pcie: Load IOSF debug regs by controller variant
From: bluez.test.bot @ 2026-06-07 6:40 UTC (permalink / raw)
To: linux-bluetooth, kiran.k
In-Reply-To: <20260607062117.110893-1-kiran.k@intel.com>
[-- Attachment #1: Type: text/plain, Size: 988 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1107196
---Test result---
Test Summary:
CheckPatch PASS 0.99 seconds
VerifyFixes PASS 0.07 seconds
VerifySignedoff PASS 0.07 seconds
GitLint PASS 0.21 seconds
SubjectPrefix PASS 0.07 seconds
BuildKernel PASS 26.37 seconds
CheckAllWarning PASS 28.88 seconds
CheckSparse PASS 27.39 seconds
BuildKernel32 PASS 25.69 seconds
TestRunnerSetup PASS 572.88 seconds
IncrementalBuild PASS 24.74 seconds
https://github.com/bluez/bluetooth-next/pull/291
---
Regards,
Linux Bluetooth
^ permalink raw reply
* [PATCH v1] Bluetooth: btintel_pcie: Load IOSF debug regs by controller variant
From: Kiran K @ 2026-06-07 6:21 UTC (permalink / raw)
To: linux-bluetooth
Cc: ravishankar.srivatsa, chethan.tumkur.narayan,
chandrashekar.devegowda, aluvala.sai.teja, Kiran K
From: Sai Teja Aluvala <aluvala.sai.teja@intel.com>
Load the IOSF DBGC base address based on the controller hardware
variant when reading DRAM buffers during a trace dump. Scorpius
Peak family controllers (SCP/SCP2/SCP2F) use a different DBGC base
address (0xf0d5d500) than Blazar family controllers (BZRI/BZRIW,
0xf3800300).
Fixes: 07e6bddb54b4 ("Bluetooth: btintel_pcie: Add support for device coredump")
Signed-off-by: Sai Teja Aluvala <aluvala.sai.teja@intel.com>
Signed-off-by: Kiran K <kiran.k@intel.com>
---
drivers/bluetooth/btintel.h | 1 +
drivers/bluetooth/btintel_pcie.c | 30 ++++++++++++++++++++++++------
drivers/bluetooth/btintel_pcie.h | 4 ++++
3 files changed, 29 insertions(+), 6 deletions(-)
diff --git a/drivers/bluetooth/btintel.h b/drivers/bluetooth/btintel.h
index 7cce1bdebae0..37d93abdd5a3 100644
--- a/drivers/bluetooth/btintel.h
+++ b/drivers/bluetooth/btintel.h
@@ -78,6 +78,7 @@ struct intel_tlv {
#define BTINTEL_HWID_BZRU 0x1d /* BlazarU - Meteor Lake */
#define BTINTEL_HWID_SCP 0x1f /* Scorpius Peak - Panther Lake */
#define BTINTEL_HWID_SCP2 0x20 /* Scorpius Peak2 - Nova Lake */
+#define BTINTEL_HWID_SCP2F 0x21 /* Scorpius Peak2-F - Nova Lake */
#define BTINTEL_HWID_BZRIW 0x22 /* BlazarIW - Wildcat Lake */
extern const guid_t btintel_guid_dsm;
diff --git a/drivers/bluetooth/btintel_pcie.c b/drivers/bluetooth/btintel_pcie.c
index 2baef130d101..845cfacd9294 100644
--- a/drivers/bluetooth/btintel_pcie.c
+++ b/drivers/bluetooth/btintel_pcie.c
@@ -654,9 +654,10 @@ static void *btintel_pcie_copy_tlv(void *dest, enum btintel_pcie_tlv_type type,
static int btintel_pcie_read_dram_buffers(struct btintel_pcie_data *data)
{
u32 offset, prev_size, wr_ptr_status, dump_size, data_len;
+ u32 status_reg, wrap_reg;
struct btintel_pcie_dbgc *dbgc = &data->dbgc;
struct hci_dev *hdev = data->hdev;
- u8 *pdata, *p, buf_idx;
+ u8 *pdata, *p, buf_idx, hw_variant;
struct intel_tlv *tlv;
struct timespec64 now;
struct tm tm_now;
@@ -669,7 +670,28 @@ static int btintel_pcie_read_dram_buffers(struct btintel_pcie_data *data)
return -EOPNOTSUPP;
- wr_ptr_status = btintel_pcie_rd_dev_mem(data, BTINTEL_PCIE_DBGC_CUR_DBGBUFF_STATUS);
+ hw_variant = INTEL_HW_VARIANT(data->cnvi);
+ switch (hw_variant) {
+ case BTINTEL_HWID_BZRI:
+ case BTINTEL_HWID_BZRIW:
+ status_reg = BTINTEL_PCIE_DBGC_CUR_DBGBUFF_STATUS;
+ wrap_reg = BTINTEL_PCIE_DBGC_DBGBUFF_WRAP_ARND;
+ break;
+ case BTINTEL_HWID_SCP:
+ case BTINTEL_HWID_SCP2:
+ case BTINTEL_HWID_SCP2F:
+ status_reg = BTINTEL_PCIE_DBGC_CUR_DBGBUFF_STATUS_SCP;
+ wrap_reg = BTINTEL_PCIE_DBGC_DBGBUFF_WRAP_ARND_SCP;
+ break;
+ default:
+ bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%2.2x)",
+ hw_variant);
+ return -EINVAL;
+ }
+
+ wr_ptr_status = btintel_pcie_rd_dev_mem(data, status_reg);
+ data->dmp_hdr.wrap_ctr = btintel_pcie_rd_dev_mem(data, wrap_reg);
+
offset = wr_ptr_status & BTINTEL_PCIE_DBG_OFFSET_BIT_MASK;
buf_idx = BTINTEL_PCIE_DBGC_DBG_BUF_IDX(wr_ptr_status);
@@ -751,10 +773,6 @@ static int btintel_pcie_read_dram_buffers(struct btintel_pcie_data *data)
sizeof(data->dmp_hdr.write_ptr));
p = btintel_pcie_copy_tlv(p, BTINTEL_WRAP_CTR, &data->dmp_hdr.wrap_ctr,
sizeof(data->dmp_hdr.wrap_ctr));
-
- data->dmp_hdr.wrap_ctr = btintel_pcie_rd_dev_mem(data,
- BTINTEL_PCIE_DBGC_DBGBUFF_WRAP_ARND);
-
p = btintel_pcie_copy_tlv(p, BTINTEL_TRIGGER_REASON, &data->dmp_hdr.trigger_reason,
sizeof(data->dmp_hdr.trigger_reason));
p = btintel_pcie_copy_tlv(p, BTINTEL_FW_SHA, &data->dmp_hdr.fw_git_sha1,
diff --git a/drivers/bluetooth/btintel_pcie.h b/drivers/bluetooth/btintel_pcie.h
index cae84b00a700..e4a8fa479188 100644
--- a/drivers/bluetooth/btintel_pcie.h
+++ b/drivers/bluetooth/btintel_pcie.h
@@ -68,6 +68,10 @@
#define BTINTEL_PCIE_DBGC_CUR_DBGBUFF_STATUS (BTINTEL_PCIE_DBGC_BASE_ADDR + 0x1C)
#define BTINTEL_PCIE_DBGC_DBGBUFF_WRAP_ARND (BTINTEL_PCIE_DBGC_BASE_ADDR + 0x2C)
+#define BTINTEL_PCIE_DBGC_BASE_ADDR_SCP (0xf0d5d500)
+#define BTINTEL_PCIE_DBGC_CUR_DBGBUFF_STATUS_SCP (BTINTEL_PCIE_DBGC_BASE_ADDR_SCP + 0x1C)
+#define BTINTEL_PCIE_DBGC_DBGBUFF_WRAP_ARND_SCP (BTINTEL_PCIE_DBGC_BASE_ADDR_SCP + 0x2C)
+
#define BTINTEL_PCIE_DBG_IDX_BIT_MASK 0x0F
#define BTINTEL_PCIE_DBGC_DBG_BUF_IDX(data) (((data) >> 24) & BTINTEL_PCIE_DBG_IDX_BIT_MASK)
#define BTINTEL_PCIE_DBG_OFFSET_BIT_MASK 0xFFFFFF
--
2.54.0
^ permalink raw reply related
* [bluetooth-next:master] BUILD SUCCESS ae283ad45b1d1a906b3b1701ce2c28716379f056
From: kernel test robot @ 2026-06-07 0:57 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
tree/branch: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master
branch HEAD: ae283ad45b1d1a906b3b1701ce2c28716379f056 Bluetooth: Add SPDX id lines to some source files
elapsed time: 3091m
configs tested: 193
configs skipped: 4
The following configs have been built successfully.
More configs may be tested in the coming days.
tested configs:
alpha allnoconfig gcc-15.2.0
alpha allyesconfig gcc-15.2.0
alpha defconfig gcc-16.1.0
arc allmodconfig clang-17
arc allnoconfig gcc-15.2.0
arc defconfig gcc-16.1.0
arc randconfig-001-20260606 clang-23
arc randconfig-002-20260606 clang-23
arm allnoconfig gcc-15.2.0
arm allyesconfig clang-17
arm defconfig gcc-16.1.0
arm randconfig-001-20260606 clang-23
arm randconfig-002-20260606 clang-23
arm randconfig-003-20260606 clang-23
arm randconfig-004-20260606 clang-23
arm64 allnoconfig gcc-15.2.0
arm64 defconfig gcc-16.1.0
arm64 randconfig-001 clang-23
arm64 randconfig-001-20260606 clang-23
arm64 randconfig-002 clang-23
arm64 randconfig-002-20260606 clang-23
arm64 randconfig-003 clang-23
arm64 randconfig-003-20260606 clang-23
arm64 randconfig-004 clang-23
arm64 randconfig-004-20260606 clang-23
csky allmodconfig gcc-15.2.0
csky allnoconfig gcc-15.2.0
csky defconfig gcc-16.1.0
csky randconfig-001 clang-23
csky randconfig-001-20260606 clang-23
csky randconfig-002 clang-23
csky randconfig-002-20260606 clang-23
hexagon allmodconfig gcc-15.2.0
hexagon allnoconfig gcc-15.2.0
hexagon defconfig gcc-16.1.0
hexagon randconfig-001 gcc-11.5.0
hexagon randconfig-001-20260606 gcc-11.5.0
hexagon randconfig-002 gcc-11.5.0
hexagon randconfig-002-20260606 gcc-11.5.0
i386 allmodconfig clang-20
i386 allmodconfig gcc-14
i386 allnoconfig gcc-15.2.0
i386 allyesconfig clang-20
i386 allyesconfig gcc-14
i386 buildonly-randconfig-001-20260606 gcc-13
i386 buildonly-randconfig-002-20260606 gcc-13
i386 buildonly-randconfig-003-20260606 gcc-13
i386 buildonly-randconfig-004-20260606 gcc-13
i386 buildonly-randconfig-005-20260606 gcc-13
i386 buildonly-randconfig-006-20260606 gcc-13
i386 defconfig gcc-16.1.0
i386 randconfig-001-20260606 clang-20
i386 randconfig-002-20260606 clang-20
i386 randconfig-003-20260606 clang-20
i386 randconfig-004-20260606 clang-20
i386 randconfig-005-20260606 clang-20
i386 randconfig-006-20260606 clang-20
i386 randconfig-007-20260606 clang-20
i386 randconfig-011 clang-20
i386 randconfig-011-20260606 clang-20
i386 randconfig-012 clang-20
i386 randconfig-012-20260606 clang-20
i386 randconfig-013 clang-20
i386 randconfig-013-20260606 clang-20
i386 randconfig-014 clang-20
i386 randconfig-014-20260606 clang-20
i386 randconfig-015 clang-20
i386 randconfig-015-20260606 clang-20
i386 randconfig-016 clang-20
i386 randconfig-016-20260606 clang-20
i386 randconfig-017 clang-20
i386 randconfig-017-20260606 clang-20
loongarch allmodconfig clang-23
loongarch allnoconfig gcc-15.2.0
loongarch defconfig clang-23
loongarch randconfig-001 gcc-11.5.0
loongarch randconfig-001-20260606 gcc-11.5.0
loongarch randconfig-002 gcc-11.5.0
loongarch randconfig-002-20260606 gcc-11.5.0
m68k allmodconfig gcc-15.2.0
m68k allnoconfig gcc-15.2.0
m68k allyesconfig clang-17
m68k defconfig clang-23
microblaze allnoconfig gcc-15.2.0
microblaze allyesconfig gcc-15.2.0
microblaze defconfig clang-23
mips allmodconfig gcc-15.2.0
mips allnoconfig gcc-15.2.0
mips allyesconfig gcc-15.2.0
mips malta_kvm_defconfig gcc-16.1.0
nios2 allmodconfig clang-23
nios2 allnoconfig clang-17
nios2 defconfig clang-23
nios2 randconfig-001 gcc-11.5.0
nios2 randconfig-001-20260606 gcc-11.5.0
nios2 randconfig-002 gcc-11.5.0
nios2 randconfig-002-20260606 gcc-11.5.0
openrisc allmodconfig clang-23
openrisc allnoconfig clang-17
openrisc defconfig gcc-16.1.0
parisc allmodconfig gcc-15.2.0
parisc allnoconfig clang-17
parisc allyesconfig clang-19
parisc defconfig gcc-16.1.0
parisc randconfig-001-20260606 gcc-8.5.0
parisc randconfig-002-20260606 gcc-8.5.0
parisc64 defconfig clang-23
powerpc allmodconfig gcc-15.2.0
powerpc allnoconfig clang-17
powerpc randconfig-001-20260606 gcc-8.5.0
powerpc randconfig-002-20260606 gcc-8.5.0
powerpc64 randconfig-001-20260606 gcc-8.5.0
powerpc64 randconfig-002-20260606 gcc-8.5.0
riscv allmodconfig clang-23
riscv allnoconfig clang-17
riscv allyesconfig clang-17
riscv defconfig gcc-16.1.0
riscv randconfig-001 gcc-8.5.0
riscv randconfig-001-20260606 gcc-8.5.0
riscv randconfig-002 gcc-8.5.0
riscv randconfig-002-20260606 gcc-8.5.0
s390 allmodconfig clang-19
s390 allnoconfig clang-17
s390 allyesconfig gcc-15.2.0
s390 defconfig gcc-16.1.0
s390 randconfig-001 gcc-8.5.0
s390 randconfig-001-20260606 gcc-8.5.0
s390 randconfig-002 gcc-8.5.0
s390 randconfig-002-20260606 gcc-8.5.0
sh allmodconfig gcc-15.2.0
sh allnoconfig clang-17
sh allyesconfig clang-19
sh defconfig gcc-14
sh randconfig-001 gcc-8.5.0
sh randconfig-001-20260606 gcc-8.5.0
sh randconfig-002 gcc-8.5.0
sh randconfig-002-20260606 gcc-8.5.0
sparc allnoconfig clang-17
sparc defconfig gcc-16.1.0
sparc randconfig-001-20260606 gcc-11.5.0
sparc randconfig-002-20260606 gcc-11.5.0
sparc64 allmodconfig clang-23
sparc64 defconfig gcc-14
sparc64 randconfig-001-20260606 gcc-11.5.0
sparc64 randconfig-002-20260606 gcc-11.5.0
um allmodconfig clang-19
um allnoconfig clang-17
um allyesconfig gcc-15.2.0
um defconfig gcc-14
um i386_defconfig gcc-14
um randconfig-001-20260606 gcc-11.5.0
um randconfig-002-20260606 gcc-11.5.0
um x86_64_defconfig gcc-14
x86_64 allmodconfig clang-20
x86_64 allnoconfig clang-17
x86_64 allyesconfig clang-20
x86_64 buildonly-randconfig-001-20260606 gcc-14
x86_64 buildonly-randconfig-002-20260606 gcc-14
x86_64 buildonly-randconfig-003-20260606 gcc-14
x86_64 buildonly-randconfig-004-20260606 gcc-14
x86_64 buildonly-randconfig-005-20260606 gcc-14
x86_64 buildonly-randconfig-006-20260606 gcc-14
x86_64 defconfig gcc-14
x86_64 kexec clang-22
x86_64 randconfig-001-20260606 gcc-14
x86_64 randconfig-002-20260606 gcc-14
x86_64 randconfig-003-20260606 gcc-14
x86_64 randconfig-004-20260606 gcc-14
x86_64 randconfig-005-20260606 gcc-14
x86_64 randconfig-006-20260606 gcc-14
x86_64 randconfig-011-20260606 gcc-14
x86_64 randconfig-012-20260606 gcc-14
x86_64 randconfig-013-20260606 gcc-14
x86_64 randconfig-014-20260606 gcc-14
x86_64 randconfig-015-20260606 gcc-14
x86_64 randconfig-016-20260606 gcc-14
x86_64 randconfig-071-20260607 clang-22
x86_64 randconfig-072-20260607 clang-22
x86_64 randconfig-073-20260607 clang-22
x86_64 randconfig-074-20260607 clang-22
x86_64 randconfig-075-20260607 clang-22
x86_64 randconfig-076-20260607 clang-22
x86_64 rhel-9.4 clang-22
x86_64 rhel-9.4-bpf gcc-14
x86_64 rhel-9.4-func clang-22
x86_64 rhel-9.4-kselftests clang-22
x86_64 rhel-9.4-kunit gcc-14
x86_64 rhel-9.4-ltp gcc-14
x86_64 rhel-9.4-rust clang-20
xtensa allnoconfig clang-17
xtensa allyesconfig clang-23
xtensa randconfig-001-20260606 gcc-11.5.0
xtensa randconfig-002-20260606 gcc-11.5.0
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply
* [BUG] KASAN: slab-use-after-free in rfcomm_security_cfm
From: Bai, Shuangpeng @ 2026-06-07 0:56 UTC (permalink / raw)
To: marcel@holtmann.org, luiz.dentz@gmail.com
Cc: linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org
Hi Kernel Maintainers,
I hit the following KASAN report while testing current upstream kernel:
KASAN: slab-use-after-free in rfcomm_security_cfm
on commit: e8c2f9fdadee7cbc75134dc463c1e0d856d6e5c7 (May 25 2026)
To help trigger the bug more reliably, we applied a minimal diagnostic patch
that only adds delays and print statements.
The reproducer and .config files are here.
https://gist.github.com/shuangpengbai/ab3bd255f7f73a6b2bcf64de5c834c10
I’m happy to test debug patches or provide additional information.
Reported-by: Shuangpeng Bai <shuangpeng.kernel@gmail.com>
[ 102.584461][ T4448] ==================================================================
[ 102.585392][ T4448] BUG: KASAN: slab-use-after-free in rfcomm_security_cfm (./include/linux/instrumented.h:112 ./include/asm-generic/bitops/instrumented-atomic.h:85 net/bluetooth/rfcomm/core.c:2161)
[ 102.586293][ T4448] Write of size 8 at addr ffff88811b6b4678 by task kworker/u11:1/4448
[ 102.587178][ T4448]
[ 102.587488][ T4448] Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 102.587493][ T4448] Workqueue: hci0 hci_rx_work
[ 102.587527][ T4448] Call Trace:
[ 102.587536][ T4448] <TASK>
[ 102.587542][ T4448] dump_stack_lvl (lib/dump_stack.c:94 lib/dump_stack.c:120)
[ 102.587559][ T4448] print_report (mm/kasan/report.c:378 mm/kasan/report.c:482)
[ 102.587589][ T4448] kasan_report (mm/kasan/report.c:595)
[ 102.587599][ T4448] kasan_check_range (mm/kasan/generic.c:? mm/kasan/generic.c:200)
[ 102.587604][ T4448] rfcomm_security_cfm (./include/linux/instrumented.h:112 ./include/asm-generic/bitops/instrumented-atomic.h:85 net/bluetooth/rfcomm/core.c:2161)
[ 102.587660][ T4448] hci_encrypt_cfm (./include/net/bluetooth/hci_core.h:2215)
[ 102.587671][ T4448] hci_encrypt_change_evt (net/bluetooth/hci_event.c:3689)
[ 102.587679][ T4448] hci_event_packet (net/bluetooth/hci_event.c:7796 net/bluetooth/hci_event.c:7847)
[ 102.587716][ T4448] hci_rx_work (net/bluetooth/hci_core.c:4077)
[ 102.587721][ T4448] process_scheduled_works (kernel/workqueue.c:3314 kernel/workqueue.c:3397)
[ 102.587734][ T4448] worker_thread (kernel/workqueue.c:3478)
[ 102.587745][ T4448] kthread (kernel/kthread.c:436)
[ 102.587767][ T4448] ret_from_fork (arch/x86/kernel/process.c:158)
[ 102.587789][ T4448] ret_from_fork_asm (arch/x86/entry/entry_64.S:245)
[ 102.587795][ T4448] </TASK>
[ 102.587797][ T4448]
[ 102.610751][ T4448] Freed by task 2678 on cpu 1 at 102.524678s:
[ 102.611389][ T4448] kasan_save_track (mm/kasan/common.c:57 mm/kasan/common.c:78)
[ 102.611908][ T4448] kasan_save_free_info (mm/kasan/generic.c:584)
[ 102.612458][ T4448] __kasan_slab_free (mm/kasan/common.c:253 mm/kasan/common.c:285)
[ 102.612968][ T4448] kfree (./include/linux/kasan.h:235 mm/slub.c:2689 mm/slub.c:6251 mm/slub.c:6566)
[ 102.613403][ T4448] __rfcomm_dlc_close (net/bluetooth/rfcomm/core.c:329 ./include/net/bluetooth/rfcomm.h:257 net/bluetooth/rfcomm/core.c:350 net/bluetooth/rfcomm/core.c:498)
[ 102.613919][ T4448] rfcomm_run (net/bluetooth/rfcomm/core.c:? net/bluetooth/rfcomm/core.c:2048 net/bluetooth/rfcomm/core.c:2131)
[ 102.614395][ T4448] kthread (kernel/kthread.c:436)
[ 102.614402][ T4448] ret_from_fork (arch/x86/kernel/process.c:158)
[ 102.614407][ T4448] ret_from_fork_asm (arch/x86/entry/entry_64.S:245)
[ 102.614412][ T4448]
[ 102.614414][ T4448] The buggy address belongs to the object at ffff88811b6b4600
[ 102.614414][ T4448] which belongs to the cache kmalloc-256 of size 256
[ 102.617515][ T4448] The buggy address is located 120 bytes inside of
[ 102.617515][ T4448] freed 256-byte region [ffff88811b6b4600, ffff88811b6b4700)
Best,
Shuangpeng
^ permalink raw reply
* [Bug 221521] Bluetooth: btusb/mt7921 - Failed to send wmt func ctrl (-22) on MediaTek MT7921 combo adapter
From: bugzilla-daemon @ 2026-06-06 23:29 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <bug-221521-62941@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=221521
--- Comment #16 from Solarized (p@atiq.xyz) ---
* pertinent kernel module on this device is 'mt7925e'
```plain
$ modinfo mt7925e
filename:
/lib/modules/6.18.7-76061807-generic/kernel/drivers/net/wireless/mediatek/mt76/mt7925/mt7925e.ko.zst
license: Dual BSD/GPL
description: MediaTek MT7925E (PCIe) wireless driver
author: Lorenzo Bianconi <lorenzo@kernel.org>
author: Deren Wu <deren.wu@mediatek.com>
firmware: mediatek/mt7925/WIFI_MT7925_PATCH_MCU_1_1_hdr.bin
firmware: mediatek/mt7925/WIFI_RAM_CODE_MT7925_1_1.bin
srcversion: A85F45784A6D298A162C62A
alias: pci:v000014C3d00000717sv*sd*bc*sc*i*
alias: pci:v000014C3d00007925sv*sd*bc*sc*i*
depends: mt792x-lib,mt76-connac-lib,mt76,mt7925-common
intree: Y
name: mt7925e
retpoline: Y
vermagic: 6.18.7-76061807-generic SMP preempt mod_unload modversions
```
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply
* [Bug 221521] Bluetooth: btusb/mt7921 - Failed to send wmt func ctrl (-22) on MediaTek MT7921 combo adapter
From: bugzilla-daemon @ 2026-06-06 23:25 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <bug-221521-62941@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=221521
Solarized (p@atiq.xyz) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |p@atiq.xyz
--- Comment #15 from Solarized (p@atiq.xyz) ---
repros on kernel 7.0.9 on Asus ProArt 7606WV (has mediatek wireless chip)
if you peak into kernel log using `journalctl` you will find this:
```plain
Jun 06 13:19:30 kernel: cs35l56-hda i2c-CSC3556:00-cs35l56-hda.0: DSP1:
cirrus/cs35l56-b0-dsp1-misc-10431e63-spkid1-amp1.bin (v1): v3.11.16
Jun 06 13:19:30 kernel: cs35l56-hda i2c-CSC3556:00-cs35l56-hda.0: DSP1: misc:
C:\Users\gchen\Desktop\Asus_proj\CY24\MP\H7606W\240830\init\10431E63_240830_V1_A0-init.bin
Jun 06 13:19:30 kernel: Bluetooth: hci0: Failed to send wmt func ctrl (-22)
Jun 06 13:19:30 kernel: Bluetooth: hci0: HCI Enhanced Setup Synchronous
Connection command is advertised, but not supported.
Jun 06 13:19:30 kernel: zram0: detected capacity change from 0 to 33554432
Jun 06 13:19:30 kernel: cs35l56-hda i2c-CSC3556:00-cs35l56-hda.1: Calibration
applied
Jun 06 13:19:30 kernel: cs35l56-hda i2c-CSC3556:00-cs35l56-hda.0: Calibration
applied
Jun 06 13:19:30 kernel: cs35l56-hda i2c-CSC3556:00-cs35l56-hda.1: Tuning PID:
0x531116, SID: 0x201104, TID: 0x3c8830
Jun 06 13:19:30 kernel: cs35l56-hda i2c-CSC3556:00-cs35l56-hda.0: Tuning PID:
0x531116, SID: 0x201004, TID: 0x3c8830
Jun 06 13:19:31 kernel: NVRM: testIfDsmSubFunctionEnabled: GPS ACPI DSM called
before _acpiDsmSupportedFuncCacheInit subfunction = 10.
Jun 06 13:19:31 kernel: NVRM: testIfDsmSubFunctionEnabled: GPS ACPI DSM called
before _acpiDsmSupportedFuncCacheInit subfunction = 11.
Jun 06 13:19:31 kernel: [drm] Initialized nvidia-drm 0.0.0 for 0000:64:00.0 on
minor 1
```
which indicates broken bluetooth mediatek driver.
And, service log, shows following
```plain
$ journalctl --boot --unit bluetooth.service
Jun 06 13:19:29 systemd[1]: Starting bluetooth.service - Bluetooth service...
Jun 06 13:19:29 (uetoothd)[1329]: bluetooth.service: ConfigurationDirectory
'bluetooth' already exists but the mode is different. (File system: 755
ConfigurationDirectoryMode: 555)
Jun 06 13:19:29 bluetoothd[1329]: Bluetooth daemon 5.72
Jun 06 13:19:29 bluetoothd[1329]: Starting SDP server
Jun 06 13:19:29 bluetoothd[1329]: src/plugin.c:plugin_init() System does not
support csip plugin
Jun 06 13:19:29 bluetoothd[1329]: profiles/audio/micp.c:micp_init() D-Bus
experimental not enabled
Jun 06 13:19:29 bluetoothd[1329]: src/plugin.c:plugin_init() System does not
support micp plugin
Jun 06 13:19:29 bluetoothd[1329]: src/plugin.c:plugin_init() System does not
support vcp plugin
Jun 06 13:19:29 bluetoothd[1329]: src/plugin.c:plugin_init() System does not
support mcp plugin
Jun 06 13:19:29 bluetoothd[1329]: src/plugin.c:plugin_init() System does not
support bass plugin
Jun 06 13:19:29 bluetoothd[1329]: src/plugin.c:plugin_init() System does not
support bap plugin
Jun 06 13:19:29 bluetoothd[1329]: Bluetooth management interface 1.23
initialized
Jun 06 13:19:29 systemd[1]: Started bluetooth.service - Bluetooth service.
```
Related:
-
https://lore.kernel.org/all/81bcf9fd-2f07-4fc6-be90-da4e448379e4@leemhuis.info/
-
https://www.reddit.com/r/linuxhardware/comments/1tfn5ev/mediatek_mt7921_bluetooth_not_initializing/
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply
* RE: [net-next] net/bluetooth/bnep: Use strscpy() to copy device name
From: bluez.test.bot @ 2026-06-06 21:21 UTC (permalink / raw)
To: linux-bluetooth, david.laight.linux
In-Reply-To: <20260606202633.5018-26-david.laight.linux@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 552 bytes --]
This is an automated email and please do not reply to this email.
Dear Submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
While preparing the CI tests, the patches you submitted couldn't be applied to the current HEAD of the repository.
----- Output -----
error: patch failed: net/bluetooth/bnep/core.c:639
error: net/bluetooth/bnep/core.c: patch does not apply
hint: Use 'git am --show-current-patch' to see the failed patch
Please resolve the issue and submit the patches again.
---
Regards,
Linux Bluetooth
^ permalink raw reply
* [PATCH net-next] net/bluetooth/bnep: Use strscpy() to copy device name
From: david.laight.linux @ 2026-06-06 20:26 UTC (permalink / raw)
To: Kees Cook, linux-hardening, Arnd Bergmann, linux-bluetooth,
linux-kernel
Cc: Luiz Augusto von Dentz, Marcel Holtmann, David Laight
From: David Laight <david.laight.linux@gmail.com>
Signed-off-by: David Laight <david.laight.linux@gmail.com>
---
This is one of a group of patches that remove potentially unbounded
strcpy() calls.
They are mostly replaced by strscpy() or, when strlen() has just been
called, with memcpy() (usually including the '\0').
Calls with copy string literals into arrays are left unchanged.
They are safe and easily detected as such.
The changes were made by getting the compiler to detect the calls and
then fixing the code by hand.
Note that all the changes are only compile tested.
Some Makefiles were changed to allow files to contain strcpy().
As well as 'difficult to fix' files, this included 'show' functions
as they really need to use sysfs_emit() or seq_printf().
All the patches are being sent individually to avoid very long cc lists.
Apologies for the terse commit messages and likely unexpected tags.
(There are about 100 patches in total.)
net/bluetooth/bnep/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index d44987d4515c..1e14fa1e886a 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -639,7 +639,7 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
}
up_write(&bnep_session_sem);
- strcpy(req->device, dev->name);
+ strscpy(req->device, dev->name);
return 0;
failed:
@@ -678,7 +678,7 @@ static void __bnep_copy_ci(struct bnep_conninfo *ci, struct bnep_session *s)
memset(ci, 0, sizeof(*ci));
memcpy(ci->dst, s->eh.h_source, ETH_ALEN);
- strcpy(ci->device, s->dev->name);
+ strscpy(ci->device, s->dev->name);
ci->flags = s->flags & valid_flags;
ci->state = s->state;
ci->role = s->role;
--
2.39.5
^ permalink raw reply related
* Re: [syzbot] [mm?] upstream test error: WARNING in call_timer_fn
From: Andrew Morton @ 2026-06-06 20:06 UTC (permalink / raw)
To: syzbot
Cc: jannh, liam, linux-kernel, linux-mm, ljs, pfalcato,
syzkaller-bugs, vbabka, Marcel Holtmann, Luiz Augusto von Dentz,
linux-bluetooth
In-Reply-To: <6a246fb8.c25708ab.1b19ef.0009.GAE@google.com>
On Sat, 06 Jun 2026 12:06:32 -0700 syzbot <syzbot+8b331cede7bfea7c674c@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: ba3e43a9e601 Merge tag 'soc-fixes-7.1-2' of git://git.kern..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=12180f2e580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=b4166e8ea5fbf7e3
> dashboard link: https://syzkaller.appspot.com/bug?extid=8b331cede7bfea7c674c
> compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Thanks.
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-ba3e43a9.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/721f1d5136ec/vmlinux-ba3e43a9.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/ff33eef1aaee/bzImage-ba3e43a9.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+8b331cede7bfea7c674c@syzkaller.appspotmail.com
>
> ------------[ cut here ]------------
> workqueue: cannot queue hci_cmd_timeout on wq hci0
Looks like a bluetooth thing. Cc's added.
> WARNING: kernel/workqueue.c:2298 at __queue_work+0xd3f/0x1040 kernel/workqueue.c:2296, CPU#0: syz-executor/5425
> Modules linked in:
> CPU: 0 UID: 0 PID: 5425 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> RIP: 0010:__queue_work+0xd67/0x1040 kernel/workqueue.c:2296
> Code: a6 0e 49 8d 7d 18 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 7a 7b a5 00 49 8b 75 18 49 81 c7 70 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef
> RSP: 0000:ffffc90000007bd8 EFLAGS: 00010082
> RAX: 1ffff1100259b94e RBX: 0000000000000008 RCX: ffff8880336a2540
> RDX: ffff888041425170 RSI: ffffffff8a9c7e10 RDI: ffffffff90334eb0
> RBP: 0000000000000100 R08: ffffffff90304ff7 R09: 1ffffffff20609fe
> R10: dffffc0000000000 R11: ffffffff818d37e0 R12: dffffc0000000000
> R13: ffff888012cdca58 R14: ffffffff90334eb0 R15: ffff888041425170
> FS: 0000000000000000(0000) GS:ffff88808c891000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000001b2fa63fff CR3: 0000000012c0c000 CR4: 0000000000352ef0
> Call Trace:
> <IRQ>
> call_timer_fn+0x192/0x5e0 kernel/time/timer.c:1748
> expire_timers kernel/time/timer.c:1794 [inline]
> __run_timers kernel/time/timer.c:2374 [inline]
> __run_timer_base+0x67e/0x8b0 kernel/time/timer.c:2386
> run_timer_base kernel/time/timer.c:2395 [inline]
> run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2405
> handle_softirqs+0x22a/0x840 kernel/softirq.c:622
> __do_softirq kernel/softirq.c:656 [inline]
> invoke_softirq kernel/softirq.c:496 [inline]
> __irq_exit_rcu+0xca/0x220 kernel/softirq.c:735
> irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
> instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
> sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1061
> </IRQ>
> <TASK>
> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
> RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:97 [inline]
> RIP: 0010:memory_is_nonzero mm/kasan/generic.c:115 [inline]
> RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:140 [inline]
> RIP: 0010:memory_is_poisoned mm/kasan/generic.c:172 [inline]
> RIP: 0010:check_region_inline mm/kasan/generic.c:191 [inline]
> RIP: 0010:kasan_check_range+0x90/0x2c0 mm/kasan/generic.c:200
> Code: 03 48 bb 01 00 00 00 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 3d 01 00 00 4c 89 cb 48 f7 d3 <4c> 01 fb 41 80 3b 00 0f 85 9e 01 00 00 49 ff c3 48 ff c3 75 ee e9
> RSP: 0000:ffffc9000e2bf240 EFLAGS: 00000202
> RAX: 1ffff92001c57e01 RBX: e00006dffe3a8187 RCX: ffffffff8176f0e3
> RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffc9000e2bf3b8
> RBP: 0000000000000000 R08: ffffc9000e2bf3c7 R09: 1ffff92001c57e78
> R10: dffffc0000000000 R11: fffff52001c57e77 R12: 0000000000000002
> R13: 1ffff92001c57e6f R14: fffff52001c57e79 R15: 1ffff92001c57e77
> __asan_memset+0x22/0x50 mm/kasan/shadow.c:84
> unwind_next_frame+0xf33/0x2550 arch/x86/kernel/unwind_orc.c:621
> arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
> stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
> kasan_save_stack+0x3e/0x60 mm/kasan/common.c:57
> kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:556
> __call_rcu_common kernel/rcu/tree.c:3131 [inline]
> call_rcu+0xee/0x890 kernel/rcu/tree.c:3251
> slab_free_hook mm/slub.c:2653 [inline]
> slab_free mm/slub.c:6251 [inline]
> kmem_cache_free+0x462/0x650 mm/slub.c:6378
> tear_down_vmas+0x312/0x520 mm/mmap.c:1262
> exit_mmap+0x4b6/0x9e0 mm/mmap.c:1320
> __mmput+0x118/0x430 kernel/fork.c:1178
> exit_mm+0x1f6/0x2d0 kernel/exit.c:582
> do_exit+0x6a2/0x22c0 kernel/exit.c:964
> do_group_exit+0x21b/0x2d0 kernel/exit.c:1119
> get_signal+0x1284/0x1330 kernel/signal.c:3037
> arch_do_signal_or_restart+0xbc/0x840 arch/x86/kernel/signal.c:337
> __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
> exit_to_user_mode_loop+0xa9/0x680 kernel/entry/common.c:98
> __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
> syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
> syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
> do_syscall_64+0x353/0x580 arch/x86/entry/syscall_64.c:100
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f328ef57fd7
> Code: Unable to access opcode bytes at 0x7f328ef57fad.
> RSP: 002b:00007ffd7ad34110 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
> RAX: fffffffffffffe00 RBX: 0000555594d02500 RCX: 00007f328ef57fd7
> RDX: 0000000040000000 RSI: 00007ffd7ad3416c RDI: ffffffffffffffff
> RBP: 00007ffd7ad3416c R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffd7ad341e8
> R13: 0000000000000002 R14: 00007ffd7ad343c8 R15: 0000000000000000
> </TASK>
> ----------------
> Code disassembly (best guess), 2 bytes skipped:
> 0: 49 8d 7d 18 lea 0x18(%r13),%rdi
> 4: 48 89 f8 mov %rdi,%rax
> 7: 48 c1 e8 03 shr $0x3,%rax
> b: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1)
> 10: 74 05 je 0x17
> 12: e8 7a 7b a5 00 call 0xa57b91
> 17: 49 8b 75 18 mov 0x18(%r13),%rsi
> 1b: 49 81 c7 70 01 00 00 add $0x170,%r15
> 22: 4c 89 f7 mov %r14,%rdi
> 25: 4c 89 fa mov %r15,%rdx
> * 28: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction
> 2d: 4c 89 e8 mov %r13,%rax
> 30: 48 c1 e8 03 shr $0x3,%rax
> 34: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1)
> 39: 74 08 je 0x43
> 3b: 4c 89 ef mov %r13,%rdi
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
^ permalink raw reply
* [bluez/bluez]
From: BluezTestBot @ 2026-06-06 20:02 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1091217
Home: https://github.com/bluez/bluez
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [bluez/bluez]
From: BluezTestBot @ 2026-06-06 18:55 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1091197
Home: https://github.com/bluez/bluez
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [bluez/bluez]
From: BluezTestBot @ 2026-06-06 17:46 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1091167
Home: https://github.com/bluez/bluez
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* RE: btio: handle error from broadcast ISO socket
From: bluez.test.bot @ 2026-06-06 8:48 UTC (permalink / raw)
To: linux-bluetooth, michal.dzik
In-Reply-To: <20260606060348.2240980-2-michal.dzik@streamunlimited.com>
[-- Attachment #1: Type: text/plain, Size: 989 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1106927
---Test result---
Test Summary:
CheckPatch PASS 0.96 seconds
GitLint PASS 0.66 seconds
BuildEll PASS 20.29 seconds
BluezMake PASS 604.91 seconds
MakeCheck PASS 18.76 seconds
MakeDistcheck PASS 232.77 seconds
CheckValgrind PASS 274.45 seconds
CheckSmatch PASS 323.78 seconds
bluezmakeextell PASS 166.77 seconds
IncrementalBuild PASS 609.87 seconds
ScanBuild PASS 923.71 seconds
https://github.com/bluez/bluez/pull/2182
---
Regards,
Linux Bluetooth
^ permalink raw reply
* [bluez/bluez] 1f6555: btio: handle error from broadcast ISO socket
From: mdzik-sue @ 2026-06-06 7:54 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1106927
Home: https://github.com/bluez/bluez
Commit: 1f6555cda23c7e438bb3374f6a3669c396497b0e
https://github.com/bluez/bluez/commit/1f6555cda23c7e438bb3374f6a3669c396497b0e
Author: Michal Dzik <michal.dzik@streamunlimited.com>
Date: 2026-06-06 (Sat, 06 Jun 2026)
Changed paths:
M btio/btio.c
Log Message:
-----------
btio: handle error from broadcast ISO socket
If not handled, server_cb() will be stuck in endless loop of calling
accept() on the socket.
Commit: 71d8d36535836f3bfd01736f3fca81d0c703b26a
https://github.com/bluez/bluez/commit/71d8d36535836f3bfd01736f3fca81d0c703b26a
Author: Michal Dzik <michal.dzik@streamunlimited.com>
Date: 2026-06-06 (Sat, 06 Jun 2026)
Changed paths:
M profiles/audio/bap.c
Log Message:
-----------
bap: log errors in BIG sync
Compare: https://github.com/bluez/bluez/compare/1f6555cda23c%5E...71d8d3653583
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [PATCH BlueZ 1/2] btio: handle error from broadcast ISO socket
From: Michal Dzik @ 2026-06-06 6:03 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Michal Dzik
In-Reply-To: <20260606060348.2240980-1-michal.dzik@streamunlimited.com>
If not handled, server_cb() will be stuck in endless loop of calling
accept() on the socket.
---
btio/btio.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/btio/btio.c b/btio/btio.c
index cfaa9392d..39d4411f7 100644
--- a/btio/btio.c
+++ b/btio/btio.c
@@ -252,6 +252,26 @@ static gboolean server_cb(GIOChannel *io, GIOCondition cond,
srv_sock = g_io_channel_unix_get_fd(io);
+ if (cond & G_IO_ERR) {
+ int err, sk_err;
+ socklen_t len = sizeof(sk_err);
+
+ if (getsockopt(srv_sock, SOL_SOCKET, SO_ERROR, &sk_err, &len)
+ < 0)
+ err = errno;
+ else
+ err = sk_err;
+
+ if (server->connect) {
+ GError *gerr = NULL;
+
+ ERROR_FAILED(&gerr, "ERR on socket", err);
+ server->connect(io, gerr, server->user_data);
+ g_clear_error(&gerr);
+ }
+ return FALSE;
+ }
+
cli_sock = accept(srv_sock, NULL, NULL);
if (cli_sock < 0) {
if (errno == EBADFD)
--
2.43.0
^ permalink raw reply related
* [PATCH BlueZ 2/2] bap: log errors in BIG sync
From: Michal Dzik @ 2026-06-06 6:03 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Michal Dzik
In-Reply-To: <20260606060348.2240980-1-michal.dzik@streamunlimited.com>
---
profiles/audio/bap.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c
index b35542488..dd4b3c8ff 100644
--- a/profiles/audio/bap.c
+++ b/profiles/audio/bap.c
@@ -1474,7 +1474,10 @@ static void iso_bcast_confirm_cb(GIOChannel *io, GError *err, void *user_data)
int fd;
struct bap_data *bap_data = setup->data;
- DBG("BIG Sync completed");
+ if (err)
+ error("BIG Sync failed: %s", err->message);
+ else
+ DBG("BIG Sync completed");
/* The order of the BIS fds notified from kernel corresponds
* to the order of the BISes that were enqueued before
--
2.43.0
^ permalink raw reply related
* [PATCH BlueZ 0/2] btio: handle error from broadcast ISO socket
From: Michal Dzik @ 2026-06-06 6:03 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Michal Dzik
If not handled, server_cb() will be stuck in endless loop of calling
accept() on the socket.
Michal Dzik (2):
btio: handle error from broadcast ISO socket
bap: log errors in BIG sync
btio/btio.c | 20 ++++++++++++++++++++
profiles/audio/bap.c | 5 ++++-
2 files changed, 24 insertions(+), 1 deletion(-)
--
2.43.0
^ permalink raw reply
* RE: [v1] Bluetooth: btintel_pcie: Add 50 ms delay before MAC init on BlazarIW
From: bluez.test.bot @ 2026-06-06 0:44 UTC (permalink / raw)
To: linux-bluetooth, kiran.k
In-Reply-To: <20260606003637.94628-1-kiran.k@intel.com>
[-- Attachment #1: Type: text/plain, Size: 988 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1106883
---Test result---
Test Summary:
CheckPatch PASS 0.74 seconds
VerifyFixes PASS 0.14 seconds
VerifySignedoff PASS 0.14 seconds
GitLint PASS 0.34 seconds
SubjectPrefix PASS 0.13 seconds
BuildKernel PASS 26.07 seconds
CheckAllWarning PASS 28.22 seconds
CheckSparse PASS 26.85 seconds
BuildKernel32 PASS 25.06 seconds
TestRunnerSetup PASS 531.09 seconds
IncrementalBuild PASS 25.20 seconds
https://github.com/bluez/bluetooth-next/pull/290
---
Regards,
Linux Bluetooth
^ permalink raw reply
* [PATCH v1] Bluetooth: btintel_pcie: Add 50 ms delay before MAC init on BlazarIW
From: Kiran K @ 2026-06-06 0:36 UTC (permalink / raw)
To: linux-bluetooth
Cc: ravishankar.srivatsa, chethan.tumkur.narayan,
chandrashekar.devegowda, Kiran K
On BlazarIW, fast restart cycles fail because the D0 entry to MAC
init does not complete in time. As a result, MAC initialization
does not proceed and the controller fails to transition past the
ROM boot stage.
Add a 50 ms delay (worst case as per HW analysis) before doing MAC
init in btintel_pcie_enable_bt() so the shared hardware reset flow
has time to complete. The delay is gated on the BlazarIW PCI device
id 0x4D76 so other Intel BT PCIe controllers are unaffected.
Signed-off-by: Kiran K <kiran.k@intel.com>
---
drivers/bluetooth/btintel_pcie.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/bluetooth/btintel_pcie.c b/drivers/bluetooth/btintel_pcie.c
index 2baef130d101..b09878d71025 100644
--- a/drivers/bluetooth/btintel_pcie.c
+++ b/drivers/bluetooth/btintel_pcie.c
@@ -799,6 +799,11 @@ static void btintel_pcie_dump_traces(struct hci_dev *hdev)
bt_dev_err(hdev, "Failed to dump traces: (%d)", ret);
}
+static bool btintel_pcie_is_blazariw(struct pci_dev *pdev)
+{
+ return pdev->device == 0x4D76;
+}
+
/* This function enables BT function by setting BTINTEL_PCIE_CSR_FUNC_CTRL_MAC_INIT bit in
* BTINTEL_PCIE_CSR_FUNC_CTRL_REG register and wait for MSI-X with
* BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0.
@@ -818,6 +823,14 @@ static int btintel_pcie_enable_bt(struct btintel_pcie_data *data)
btintel_pcie_wr_reg32(data, BTINTEL_PCIE_CSR_CI_ADDR_MSB_REG,
(u64)data->ci_p_addr >> 32);
+ /* On BlazarIW, the D0 entry to MAC init does not complete in
+ * time. Wait 50 ms (worst case as per HW analysis) for the
+ * shared hardware reset flow to complete before proceeding with
+ * MAC init.
+ */
+ if (btintel_pcie_is_blazariw(data->pdev))
+ msleep(50);
+
/* Reset the cached value of boot stage. it is updated by the MSI-X
* gp0 interrupt handler.
*/
--
2.54.0
^ permalink raw reply related
* RE: [v2] Bluetooth: L2CAP: Fix UAF in channel timeout by holding conn ref
From: bluez.test.bot @ 2026-06-05 20:33 UTC (permalink / raw)
To: linux-bluetooth, elver
In-Reply-To: <20260605142351.2306664-1-elver@google.com>
[-- Attachment #1: Type: text/plain, Size: 3450 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1106678
---Test result---
Test Summary:
CheckPatch FAIL 0.98 seconds
VerifyFixes PASS 0.14 seconds
VerifySignedoff PASS 0.14 seconds
GitLint FAIL 0.35 seconds
SubjectPrefix PASS 0.13 seconds
BuildKernel PASS 25.50 seconds
CheckAllWarning PASS 28.24 seconds
CheckSparse PASS 26.60 seconds
BuildKernel32 PASS 24.91 seconds
TestRunnerSetup PASS 524.91 seconds
TestRunner_l2cap-tester PASS 58.70 seconds
IncrementalBuild PASS 23.81 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[v2] Bluetooth: L2CAP: Fix UAF in channel timeout by holding conn ref
WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?)
#98:
| BUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:112 [inline]
ERROR: Unrecognized email address: 'https://sashiko.dev/#/patchset/20260521021249.3258069-1-oss%40fourdim.xyz'
#218:
Reported-by: https://sashiko.dev/#/patchset/20260521021249.3258069-1-oss%40fourdim.xyz
WARNING: Reported-by: should be immediately followed by Closes: with a URL to the report
#218:
Reported-by: https://sashiko.dev/#/patchset/20260521021249.3258069-1-oss%40fourdim.xyz
Signed-off-by: Marco Elver <elver@google.com>
total: 1 errors, 2 warnings, 0 checks, 60 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/patch/14613573.patch has style problems, please review.
NOTE: Ignored message types: UNKNOWN_COMMIT_ID
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[v2] Bluetooth: L2CAP: Fix UAF in channel timeout by holding conn ref
8: B1 Line exceeds max length (107>80): "| BUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:112 [inline]"
9: B1 Line exceeds max length (125>80): "| BUG: KASAN: slab-use-after-free in atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:4456 [inline]"
10: B1 Line exceeds max length (93>80): "| BUG: KASAN: slab-use-after-free in __mutex_trylock_fast kernel/locking/mutex.c:161 [inline]"
11: B1 Line exceeds max length (84>80): "| BUG: KASAN: slab-use-after-free in mutex_lock+0x4f/0xa0 kernel/locking/mutex.c:318"
14: B1 Line exceeds max length (100>80): "| CPU: 2 UID: 0 PID: 83 Comm: kworker/2:1 Not tainted 7.1.0-rc6-next-20260601-dirty #6 PREEMPT(full)"
15: B1 Line exceeds max length (95>80): "| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014"
20: B1 Line exceeds max length (91>80): "| atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:4456 [inline]"
https://github.com/bluez/bluetooth-next/pull/289
---
Regards,
Linux Bluetooth
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox