Hi All, We round a possible bug during 2 consecutive rounds of RFCOMM connections in kernel 6.7.9: (1) During the connection process, the host sends a HCI command REMOTE_NAME_REQ to request the name of the remote device. Normally, the controller responds to it with a HCI event COMMAND_STATUS(REMOTE_NAME_REQ) and then sends a HCI event REMOTE_NAME containing the remote device's name. (2) Upon receiving COMMAND_STATUS(REMOTE_NAME_REQ), function hci_cmd_status_evt(net/bluetooth/hci_event.c:4356) is called, which in turn invokes function handle_cmd_cnt_and_timer to clear the timer. (3) Since the timer has been clear, the host indefinitely waits for the HCI event REMOTE_NAME. If the controller fails to send this packet, the only recourse is for the user to manually terminate the connection process. (4.1) Because the connection state is only set to CONNECTED upon receiving the HCI event REMOTE_NAME (hci_remote_name_evt ->hci_check_pending_name->mgmt_device_connected), the remote device remains unconnected in (3). (4.2) We tried to reconnect for multiple times, but host is unable to send the HCI command CREATE_CONNECTION, resulting in subsequent failures to establish a connection with the device. We believe it might be necessary to set a timeout while waiting for the HCI event REMOTE_NAME. Thank you for reading this. Appreciating for any possible reply. Attachment 1 [details]: Log file containing HCI packet contents. Attachment 2 [details]: ftrace records of bluetooth and rfcomm modules. Best Wishes, Yuxuan Hu
Created attachment 306373 [details] Attachment 1 [details]: Log file containing HCI packet contents.
Created attachment 306374 [details] Attachment 2 [details]: ftrace records of bluetooth and rfcomm modules.