Bluetooth broken for some people with 6.8.2 [Was: [PATCH 6.8 308/715] Bluetooth: hci_core: Cancel request on command timeout]

From: Linux regression tracking (Thorsten Leemhuis)
Date: Sat Mar 30 2024 - 10:59:36 EST

Next message: Dmitry Baryshkov: "[PATCH v2 0/3] drm/panel: add support for LG SW43408 panel"
Previous message: Andrew Lunn: "Re: [PATCH net-next v1 5/9] net: dsa: microchip: add support for different DCB app configurations"
In reply to: Sasha Levin: "[PATCH 6.8 308/715] Bluetooth: hci_core: Cancel request on command timeout"
Next in thread: Greg KH: "Re: Bluetooth broken for some people with 6.8.2 [Was: [PATCH 6.8 308/715] Bluetooth: hci_core: Cancel request on command timeout]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 24.03.24 23:28, Sasha Levin wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
>
> [ Upstream commit 63298d6e752fc0ec7f5093860af8bc9f047b30c8 ]
>
> If command has timed out call __hci_cmd_sync_cancel to notify the
> hci_req since it will inevitably cause a timeout.
>
> This also rework the code around __hci_cmd_sync_cancel since it was
> wrongly assuming it needs to cancel timer as well, but sometimes the
> timers have not been started or in fact they already had timed out in
> which case they don't need to be cancel yet again.
>
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
> Stable-dep-of: 2615fd9a7c25 ("Bluetooth: hci_sync: Fix overwriting request callback")
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

Hey stable team, I wonder if it might be wise to pick up 1c3366abdbe884
("Bluetooth: hci_sync: Fix not checking error on
hci_cmd_sync_cancel_sync") from next
(https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=1c3366abdbe884)
for the next releases of all series that a few days ago received
63298d6e752fc0 ("Bluetooth: hci_core: Cancel request on command timeout").

The latter patch sadly on quite a few systems causes a Oops due to a
NULL pointer dereference and breaks Bluetooth. This was reported for
mainline here (yes, coincidentally it was reported by yours truly):
https://lore.kernel.org/all/08275279-7462-4f4a-a0ee-8aa015f829bc@xxxxxxxxxxxxx/

Now that the patch landed in 6.8.2 it seems to happen there as well
(guess in 6.7 and others, too), as can be seen from this bug report
where multiple people already joined:
https://bugzilla.kernel.org/show_bug.cgi?id=218651

The fix mentioned above is on the way to Linus, but due to unlucky
timing missed this weeks network pull, hence will likely only reach
mainline next Thursday. But the fix afaics has a stable commit id, so
might be worth picking up soon for the stable releases to fix the
regression quickly.

Ciao, Thorsten

Next message: Dmitry Baryshkov: "[PATCH v2 0/3] drm/panel: add support for LG SW43408 panel"
Previous message: Andrew Lunn: "Re: [PATCH net-next v1 5/9] net: dsa: microchip: add support for different DCB app configurations"
In reply to: Sasha Levin: "[PATCH 6.8 308/715] Bluetooth: hci_core: Cancel request on command timeout"
Next in thread: Greg KH: "Re: Bluetooth broken for some people with 6.8.2 [Was: [PATCH 6.8 308/715] Bluetooth: hci_core: Cancel request on command timeout]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]