Re: [PATCH v2] Bluetooth: hci_event: fix simultaneous discovery stuck in FINDING

[Luiz Augusto von Dentz]

Hi Paul,

On Tue, Jun 2, 2026 at 10:41 AM Paul Menzel <pmenzel@xxxxxxxxxxxxx> wrote:
>
> Dear Jiajia,
>
>
> Thank you for your patch.
>
> Am 02.06.26 um 09:00 schrieb Jiajia Liu:
> > When hci_inquiry_complete_evt is called between le_scan_disable and
> > le_set_scan_enable_complete and no remote name needs to be resolved,
> > the interleaved discovery with SIMULTANEOUS quirk gets stuck in
> > DISCOVERY_FINDING. le_set_scan_enable_complete does not check inquiry
> > state. No one sets DISCOVERY_STOPPED in this process.
> >
> > Add state check in le_set_scan_enable_complete and change state if
> > the state is DISCOVERY_FINDING. Tested with AX201 (8087:0026) in Dell
>
> … change state to DISCOVERY_STOPPED …
>
> I’d add a new paragraph for the Tested part.
>
> > Vostro 13. Discovering disabled MGMT Event below is reported when
> > running into the above condition.
>
> Thank you for sharing the test device. Could you please document how to
> get into this state exactly? Some Xiaomi device?

What are you talking about here by saying Xiaom devicei? He literally
said Dell Vostro 13, a laptop, and this is a local only procedure,
there is no remote device involved here.

> >   @ MGMT Command: Start Discovery (0x0023)    {0x0001} [hci0] 10885.970873
> >           Address type: 0x07
> >             BR/EDR
> >             LE Public
> >             LE Random
> >   ...
> >   < HCI Command: LE Set Extended Scan Enable    #38205 [hci0] 10886.131438
> >           Extended scan: Enabled (0x01)
> >           Filter duplicates: Enabled (0x01)
> >           Duration: 0 msec (0x0000)
> >           Period: 0.00 sec (0x0000)
> >   > HCI Event: Command Complete (0x0e) plen 4   #38206 [hci0] 10886.133295
> >         LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
> >           Status: Success (0x00)
> >   @ MGMT Event: Discovering (0x0013) plen 2   {0x0001} [hci0] 10886.133414
> >           Address type: 0x07
> >             BR/EDR
> >             LE Public
> >             LE Random
> >           Discovery: Enabled (0x01)
> >   < HCI Command: Inquiry (0x01|0x0001) plen 5   #38207 [hci0] 10886.133528
> >           Access code: 0x9e8b33 (General Inquiry)
> >           Length: 10.24s (0x08)
> >           Num responses: 0
> >   > HCI Event: Command Status (0x0f) plen 4     #38208 [hci0] 10886.141333
> >         Inquiry (0x01|0x0001) ncmd 2
> >           Status: Success (0x00)
> >   ...
> >   < HCI Command: LE Set Extended Scan Enable    #38242 [hci0] 10896.381802
> >           Extended scan: Disabled (0x00)
> >           Filter duplicates: Disabled (0x00)
> >           Duration: 0 msec (0x0000)
> >           Period: 0.00 sec (0x0000)
> >   > HCI Event: Inquiry Complete (0x01) plen 1   #38243 [hci0] 10896.383419
> >           Status: Success (0x00)
> >   > HCI Event: Command Complete (0x0e) plen 4   #38244 [hci0] 10896.394378
> >         LE Set Extended Scan Enable (0x08|0x0042) ncmd 2
> >           Status: Success (0x00)
> >   @ MGMT Event: Device Found (0x0012) plen 22 {0x0001} [hci0] 10896.394497
> >           LE Address: 88:12:AC:92:43:69
> >           RSSI: -101 dBm (0x9b)
> >           Flags: 0x00000004
> >             Not Connectable
> >           Data length: 8
> >           Company: Xiaomi Inc. (911)
> >             Data[0]:
> >           16-bit Service UUIDs (complete): 1 entry
> >             Xiaomi Inc. (0xfdaa)
> >   @ MGMT Event: Discovering (0x0013) plen 2   {0x0001} [hci0] 10896.394506
> >           Address type: 0x07
> >             BR/EDR
> >             LE Public
> >             LE Random
> >           Discovery: Disabled (0x00)
> >
> > Fixes: 8ffde2a73f2c ("Bluetooth: Convert le_scan_disable timeout to hci_sync")
> > Signed-off-by: Jiajia Liu <liujiajia@xxxxxxxxxx>
> > ---
> >
> > Changes in v2:
> > - move the handler to hci_event.c
> > - remove unnecessary bt_dev_dbg
> > - update commit message
> >
> > ---
> >   net/bluetooth/hci_event.c | 7 +++++++
> >   1 file changed, 7 insertions(+)
> >
> > diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> > index eea2f810aafa..1cd5f97daafe 100644
> > --- a/net/bluetooth/hci_event.c
> > +++ b/net/bluetooth/hci_event.c
> > @@ -1769,6 +1769,13 @@ static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
> >
> >               hci_dev_clear_flag(hdev, HCI_LE_SCAN);
> >
> > +             if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
> > +                 hci_test_quirk(hdev, HCI_QUIRK_SIMULTANEOUS_DISCOVERY) &&
> > +                 !test_bit(HCI_INQUIRY, &hdev->flags) &&
> > +                 hdev->discovery.state == DISCOVERY_FINDING) {
> > +                     hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
> > +             }
> > +
> >               /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
> >                * interrupted scanning due to a connect request. Mark
> >                * therefore discovery as stopped.
>
>
> Kind regards,
>
> Paul



-- 
Luiz Augusto von Dentz