bluetooth controller not detected with 4.15 kernel

Bug #1810797 reported by Paul Larson on 2019-01-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
linux-snapdragon (Ubuntu)

Bug Description


Upon boot, no hci device is available to userspace, thus bluetooth communication is not possible.

Defect analysis:

The root of the problem lies in these two patches:

$ git log --online drivers/bluetooth/btqcomsmd.c

766154b Bluetooth: btqcomsmd: retrieve BD address from DT property
6e51811 Bluetooth: btqcomsmd: Add support for BD address setup

Qualcomm engineer found that btqcomsmd had no BD address burned in (nor via ROM, neither internally) and it was always coming up with the same address, probably derived from manufacturer ID and / or chip ID.

To fix this, they pushed the burden of generating a unique per-board BD address to the Qualcomm bootloader and make it pass down via DTB to the live kernel - and if no address was present in the DTB, the hci was left unconfigured.


So *technically* speaking, the kernel is correct in this case, it's our dragonboard image (e.g. Ubuntu Core) that doesn't extract the generated BD address from the Qualcomm bootloader and pass it down to the kernel.

On the other hand, having Bluetooth working out of the box (even with a dummy address), is a nice feature to have, so i slightly modified Qualcomm's code introduced in the two above patches, and made the lack of BD address in DTB non fatal:

if BD_is_present_in_DTB()
end if

And surrounded the modification in #ifdef...#endif brackets to keep it local.

How to test:

By default, on a patched kernel, the hci device will have a default address:

ubuntu@dragon410c:~$ hcitool dev
        hci0 00:00:00:00:5A:AD

the address " 00:00:00:00:5A:AD" might vary, but will be consistent after every reboot.

The other option is to specify a custom BD address, e.g. using uboot to manipulate the dtb - we assume the dtb was loaded in memory at ${fdt_addr}:

dragonboard410c => fdt addr ${fdt_addr}

dragonboard410c => fdt print /soc/wcnss/smd-edge/wcnss/bt/
bt {
        compatible = "qcom,wcnss-bt";

dragonboard410c => fdt resize

dragonboard410c => fdt set /soc/wcnss/smd-edge/wcnss/bt/ local-bd-address [ 55 44 33 22 11 00 ]

dragonboard410c => fdt print /soc/wcnss/smd-edge/wcnss/bt/
bt {
        local-bd-address = [55 44 33 22 11 00];
        compatible = "qcom,wcnss-bt";

then proceed with the rest of the boot process and check hci:

$ hcitool dev
        hci0 00:11:22:33:44:55

In both cases, blueooth work afterward, and can be used to communicate with other devices:

ubuntu@dragon410c:~$ hcitool scan
Scanning ...
        C0:BD:54:12:4E:D1 My dummy device

Regression potential:

None, the fix is surronded with #ifdef...#endif thus it doesn't exist outside of it.


Using the core18 image from
Kernel snap: 4.15.0-39.42 (72)

rfkill shows there is an hci0 device:
$ rfkill list
0: hci0: Bluetooth
 Soft blocked: no
 Hard blocked: no
1: phy0: Wireless LAN
 Soft blocked: no
 Hard blocked: no

But bluetoothctl does not detect any controller:
$ sudo bluetoothctl
08:58 Agent registered
08:58 [bluetooth]# list
[ output...]

If you revert to the 4.4 kernel [4.4.0-1106.111 (76)] it works:
$ sudo bluetoothctl
[NEW] Controller 00:00:00:00:5A:AD BlueZ 5.47 [default]
Agent registered
[bluetooth]# list
Controller 00:00:00:00:5A:AD BlueZ 5.47 [default]
[bluetooth]# show
Controller 00:00:00:00:5A:AD
 Name: BlueZ 5.47
 Alias: BlueZ 5.47
 Class: 0x00000000
 Powered: no
 Discoverable: no
 Pairable: yes
 UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
 UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb)
 UUID: OBEX File Transfer (00001106-0000-1000-8000-00805f9b34fb)
 UUID: Generic Access Profile (00001800-0000-1000-8000-00805f9b34fb)
 UUID: OBEX Object Push (00001105-0000-1000-8000-00805f9b34fb)
 UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb)
 UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
 UUID: IrMC Sync (00001104-0000-1000-8000-00805f9b34fb)
 UUID: Vendor specific (00005005-0000-1000-8000-0002ee000001)
 UUID: Message Notification Se.. (00001133-0000-1000-8000-00805f9b34fb)
 UUID: Phonebook Access Server (0000112f-0000-1000-8000-00805f9b34fb)
 UUID: Message Access Server (00001132-0000-1000-8000-00805f9b34fb)
 Modalias: usb:v1D6Bp0246d052F
 Discovering: no

Paolo Pisati (p-pisati) on 2019-01-16
description: updated
tags: added: patch
Paolo Pisati (p-pisati) on 2019-01-16
Changed in linux-snapdragon (Ubuntu):
status: New → Invalid

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1810797

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Paolo Pisati (p-pisati) wrote :
description: updated
description: updated
description: updated
description: updated
Paolo Pisati (p-pisati) wrote :

And here is a kernel snap for testing:

hcitool has a problem accessing hci0 on Ubuntu core (at least, in my tests), use bluetoothctl instead:

p-pisati@localhost:~$ sudo bluetoothctl
[NEW] Controller 00:00:00:00:5A:AD localhost.localdomain [default]
Agent registered
[bluetooth]# default-agent
Default agent request successful
[bluetooth]# power on
[CHG] Controller 00:00:00:00:5A:AD Class: 0x00100000
Changing power on succeeded
[CHG] Controller 00:00:00:00:5A:AD Powered: yes
[bluetooth]# scan on
Discovery started
[CHG] Controller 00:00:00:00:5A:AD Discovering: yes

Chris Wayne (cwayne18) wrote :


Is it possible to push this to edge or some other track? I'm having trouble sideloading a kernel snap with --dangerous. I get the following error:

ubuntu@localhost:~$ sudo snap install ./dragonboard-kernel_4.15.0-43.46_lp1810797_arm64.snap --dangerous
error: cannot perform the following tasks:
- Mount snap "dragonboard-kernel" (unset) (cannot replace signed kernel snap with an unasserted one)

Stefan Bader (smb) on 2019-01-21
Changed in linux-snapdragon (Ubuntu Bionic):
status: New → Invalid
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
Paul Larson (pwlars) wrote :

I built an image with this kernel snap added to extra-snaps, and it seems to find it now:

ubuntu@localhost:~$ sudo bluetoothctl
[NEW] Controller 00:00:00:00:5A:AD BlueZ 5.47 [default]
Agent registered

Seth Forshee (sforshee) on 2019-01-22
Changed in linux (Ubuntu):
status: Incomplete → Fix Committed
Changed in linux (Ubuntu Bionic):
status: New → Fix Committed
Stefan Bader (smb) on 2019-01-28
Changed in linux (Ubuntu Cosmic):
importance: Undecided → Medium
status: New → Fix Committed
Changed in linux-snapdragon (Ubuntu Cosmic):
status: New → Invalid
Launchpad Janitor (janitor) wrote :
Download full text (14.1 KiB)

This bug was fixed in the package linux - 4.19.0-12.13

linux (4.19.0-12.13) disco; urgency=medium

  * linux: 4.19.0-12.13 -proposed tracker (LP: #1813664)

  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation

  * Disco update: 4.19.18 upstream stable release (LP: #1813611)
    - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
    - mlxsw: spectrum: Disable lag port TX before removing it
    - mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion
    - net: dsa: mv88x6xxx: mv88e6390 errata
    - net, skbuff: do not prefer skb allocation fails early
    - qmi_wwan: add MTU default to qmap network interface
    - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
    - net: clear skb->tstamp in bridge forwarding path
    - netfilter: ipset: Allow matching on destination MAC address for mac and
      ipmac sets
    - gpio: pl061: Move irq_chip definition inside struct pl061
    - drm/amd/display: Guard against null stream_state in set_crc_source
    - drm/amdkfd: fix interrupt spin lock
    - ixgbe: allow IPsec Tx offload in VEPA mode
    - platform/x86: asus-wmi: Tell the EC the OS will handle the display off
    - e1000e: allow non-monotonic SYSTIM readings
    - usb: typec: tcpm: Do not disconnect link for self powered devices
    - selftests/bpf: enable (uncomment) all tests in
    - of: overlay: add missing of_node_put() after add new node to changeset
    - writeback: don't decrement wb->refcnt if !wb->bdi
    - serial: set suppress_bind_attrs flag only if builtin
    - bpf: Allow narrow loads with offset > 0
    - ALSA: oxfw: add support for APOGEE duet FireWire
    - x86/mce: Fix -Wmissing-prototypes warnings
    - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
    - crypto: ecc - regularize scalar for scalar multiplication
    - arm64: perf: set suppress_bind_attrs flag to true
    - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
    - clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table
    - samples: bpf: fix: error handling regarding kprobe_events
    - usb: gadget: udc: renesas_usb3: add a safety connection way for
    - fpga: altera-cvp: fix probing for multiple FPGAs on the bus
    - selinux: always allow mounting submounts
    - ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined
    - scsi: qedi: Check for session online before getting iSCSI TLV data.
    - drm/amdgpu: Reorder uvd ring init before uvd resume
    - rxe: IB_WR_REG_MR does not capture MR's iova field
    - efi/libstub: Disable some warnings for x86{,_64}
    - jffs2: Fix use of uninitialized delayed_work, lockdep breakage
    - clk: imx: make mux parent strings const
    - pstore/ram: Do not treat empty buffers as valid
    - media: uvcvideo: Refactor teardown of uvc on USB disconnect
    - powerpc/xmon: Fix invocation inside lock region
    - powerpc/pseries/cpuidle: Fix preempt warning
    - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
    - ASoC: use dma_ops of parent device for acp_audio_dma
    - media: ve...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Paul Larson (pwlars) wrote :

I think we're waiting on a snap of this for testing. We already tested and confirmed it worked on a snap that ppisati built (see comment #6 and comment #8).

Paul Larson (pwlars) wrote :

This passes for me on 4.15.0-46.49 - (rev 82) kernel snap that is currently in candidate

tags: added: verification-done-bionic
removed: verification-needed-bionic
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers