Hi All,
We round a possible bug during 2 consecutive rounds of RFCOMM
connections in kernel 6.7.9:
(1) During the connection process, the host sends a HCI command
REMOTE_NAME_REQ to request the name of the remote device. Normally, the
controller responds to it with a HCI event
COMMAND_STATUS(REMOTE_NAME_REQ) and then sends a HCI event REMOTE_NAME
containing the remote device's name.
(2) Upon receiving COMMAND_STATUS(REMOTE_NAME_REQ), function
hci_cmd_status_evt(net/bluetooth/hci_event.c:4356) is called, which in
turn invokes function handle_cmd_cnt_and_timer to clear the timer.
(3) Since the timer has been clear, the host indefinitely waits for the
HCI event REMOTE_NAME. If the controller fails to send this packet, the
only recourse is for the user to manually terminate the connection process.
(4.1) Because the connection state is only set to CONNECTED upon
receiving the HCI event REMOTE_NAME (hci_remote_name_evt
->hci_check_pending_name->mgmt_device_connected), the remote device
remains unconnected in (3).
(4.2) We tried to reconnect for multiple times, but host is unable to
send the HCI command CREATE_CONNECTION, resulting in subsequent failures
to establish a connection with the device.
We believe it might be necessary to set a timeout while waiting for the
HCI event REMOTE_NAME.
Thank you for reading this. Appreciating for any possible reply.
Attachment 1: Log file containing HCI packet contents.
Attachment 2: ftrace records of bluetooth and rfcomm modules.
Best Wishes,
Yuxuan Hu