Track may not have next track and thus this must be checked before
trying to match ID.
This was affecting following qualification test cases:
GMCS/SR/MCP/BV-38-C
GMCS/SR/MCP/BV-39-C
GMCS/SR/MCP/BV-40-C
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
When received the DLC disconnect request, after prime the DLC
disconnect response, the DLC will be cleared and the `dlc->session`
is cleared. If the no DLC is linked in current session, the idle
timer of the session will be scheduled.
In current implementation, the `dlc->session` is used to get the
session pointer, but it is invalid in this time. And the unexpected
fault occurs.
Fix the issue by getting the session pointer from parameter of the
function `rfcomm_handle_disc()` instead of `dlc->session`.
Fix issue #99035.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
We have two places defining cpu_load_get() and trying to the same thing,
one is a core kernel feature supported on all architecture, the other is
part of debug, requires tracing and supported only on a subset of
architectures. Both deliver different results and accuracy.
While we figure our how to merge those into one API and with the
advanatges of both, rename the API so there is no confusion about what
is being used.
Fixes#97845
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Only track the available buffer space, if
CONFIG_MODEM_CMUX_MSC_FC_THRESHOLD is configured.
When less than required amount fit into the ringbuffer,
indicate the RX buffer is full.
Otherwise, only mark RX buffer full when incoming data is being
dropped.
When RX buffer is detected to be full, send Modem Status Command
with flow-controll bit set.
Flow control is released once the incoming buffer has at least
MODEM_CMUX_MTU bytes free again.
Fixes#98644
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
As per OCPP 1.6, "State of charge of charging vehicle in percentage" is
"Soc", not "SoCState".
Fixes: zephyrproject-rtos/zephyr#98870
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Bluetooth 6.2 has version number 0x10 and was released in November 2025.
This commit ensures this version number is properly decoded.
Signed-off-by: Aleksandar Stanoev <aleksandar.stanoev@nordicsemi.no>
Fix incorrect format specifiers in lwm2m_read_cached_data() where
size_t variables were printed using %u and %d instead of %zu. This
caused CI failures on ARM64 platforms where size_t is long unsigned
int, triggering -Werror=format warnings.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Check the address family of the packet before passing it to a ICMP
handler, to avoid scenarios where ICMPv4 packet is paseed to a ICMPv6
handler and vice versa.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
pm_policy_priv_device_find_device_constraints() function
is available only when zephyr_power_state is defined.
Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
When building an observer-only build the check_pending_conn label would
result in CI warnings/errors due to this only being a C23 feature:
scan.c:692:1: error: label at end of compound statement is a C23 extension
Turns out the #ifdefs are completely unnecessary, and the code can simply
take advantage of IS_ENABLED(), which should get rid of the warning.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
In some cases, the host starts scanning internally for establishing
connections (BT_LE_SCAN_USER_CONN), such as host-based resolving or
auto-connection. In this situation, even if the application does not
start explicit scan, the host still needs to handle the advertising
reports to continue the connection process.
Previously, both bt_hci_le_adv_report() and bt_hci_le_adv_ext_report()
will break or discard all reports when explicit scan is not active.
This causes the connection to stay in SCAN_BEFORE_INITIATING and never
move forward.
This patch adds checking of BT_LE_SCAN_USER_CONN to allow advertising
reports to be processed during connection-purpose scanning. When the
scan is started explicitly by application, the behavior remains the
same, only small comments are updated to describe this behavior and keep
the original code style unchanged.
Signed-off-by: Zhijie Zhong <zhongzhijie1@xiaomi.com>
If verdict is NET_OK net_pkt may already be unreferenced and reutilized,
so that setting the `l2_processed` flag would be set on a different
packet, corrupting its state. Avoid this situation by only setting the
l2_processed flag for NET_CONTINUE.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
Fix a bug where the image's SHA would be interpreted as TLV headers due
to missing a data_off increment.
Signed-off-by: Stuart Alldritt <s.k.alldritt@gmail.com>
There is no guarantess enum will be packed so passing uint8_t as
node_id to bt_mesh_subnet_priv_node_id_get() could (and likely will)
result in writing past stack variable.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
The current code calls cpu_freq_policy_reset() once within
the SMP branch of the cpu_freq_timer_handler function, and
then calls it again at the beginning of cpu_freq_next_pstate().
This causes repeated resets of 'pstate_best' and
'num_unprocessed_cpus', which prevents the 'last core' from
being reached. The initiating core should perform a reset
before broadcasting, and other cores should not reset again.
Signed-off-by: Zhaoxiang Jin <Zhaoxiang.Jin_1@nxp.com>
In the current code, 'target_cpus ^= (1U << _current_cpu->id)'
is first used to remove the current core. Then, k_ipi_work_add
performs 'target_cpus ^ (1U << _current_cpu->id)' again when
passing parameters. This will add the current core to the mask
again, causing the current core to receive IPI and directly call
cpu_freq_next_pstate() at the end, which may lead to duplicate
execution.
This commit changed 'target_cpus ^ (1U << _current_cpu->id)' to
'target_cpus' in k_ipi_work_add to avoid the second XOR.
Signed-off-by: Zhaoxiang Jin <Zhaoxiang.Jin_1@nxp.com>
The net socket service implementation permanently opens a file
descriptor, which should be taken into account by the build system.
Signed-off-by: Jordan Yates <jordan@embeint.com>
If slots have equal version, but a secondary slot is the active one, the
next boot will switch to the primary slot.
Expose this through SMP commands by marking the primary slot as pending.
Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
As the net_pkt might have already been sent by net_if_try_send_data()
function, the pkt might already contain garbage data. So do not try
to access if after that send call but remember the used iface and family
and use them to update the statistics.
The issue was seen with qemu_x86_64 and qemu_cortex_a53 when CONFIG_SMP
was enabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
rootcause: The dynamic L2CAP channel rx.cid is not reset, it
will be intercepted by the judgment condition of the fixed channel,
directly using the last alloced cid may cause cid conflict.
Co-authored-by: zhenwei fang <fangzhenwei@bytedance.com>
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
If CONFIG_NET_STATISTICS_PER_INTERFACE is not set, then the
net_shell_print_statistics_all() function was not found and
the compilation was failing.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When limited advertising is enabled there is pending deleyable work
for timing it out. If in such case struct bt_le_ext_adv is cleared by
memset system will crash on next tick.
Fix this by ensuring work is cancelled before clearing struct
bt_le_ext_adv. Using bt_le_ext_adv_foreach() ensures that this will
be correctly handled with and without extended advertising enabled.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Fix IPC driver becoming non-operational after power management resume
due to stale tx_ack_pending state from before suspend.
After the IPC service backend refactor (commit cf7e2e63c1), the
intel_adsp_ipc_data structure contains function pointers for
suspend/resume handlers. This prevents using `memset` to clear the
entire structure during initialization, which was previously done in
intel_adsp_ipc_init.
Without clearing tx_ack_pending on resume, if the device enters D3 state
while still waiting for an IPC acknowledgment (e.g., from a previous
test iteration), the driver remains stuck in the waiting state after
resume. This prevents sending any new IPC messages, including the
FW_READY notification after D3 exit.
The fix explicitly clears tx_ack_pending during PM_DEVICE_ACTION_RESUME
to ensure the driver starts in a clean operational state after resume,
regardless of the state before suspend.
Fixes regression introduced in commit cf7e2e63c1
Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com>
The LwM2M SENML JSON/CBOR decoder expects a name entry for every
time-serialized record. While this was already the case for resources,
resource instances were missing their corresponding name entries. This
change ensures consistency by adding name entries for resource instances
as well.
Signed-off-by: Simon Walz <simon.walz@autosen.com>
Partially reverts commit 7d2fb6c013,
it was originally thought that this commit added a method of saving
one specific key using the value that the device already has set,
but has been found to actually save the value that the user has
provided, bypassing the current value that the device has, which is
not compliant with the settings mgmt protocol, therefore remove
this change and it will need to be reworked in future to function
properly by saving one specific value from the device's current
configuration, not a user-specified value
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Wrong printf format was using for size_t variable which caused
compiler warning and a failure.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When creating the audio connection, the SCO connection request will be
sent before the response "OK" to AT command "AT+BCS" is issued.
It causes the issue that the HFP HF cannot response the SCO connection
request with the correct codec. Then the SCO connection cannot be
established properly.
Put all processing into the same context, thus avoiding non-sequential
execution caused by the different priorities of different threads.
Add a flag `BT_HFP_AG_AT_PROCESS` to flag the AT command is being
processed.
When the flag `BT_HFP_AG_AT_PROCESS` is set, put the pending
executions into temp list `tx_submit_pending`. After the AT response
`OK` or `ERROR` has been sent, move the pending executions from
`tx_submit_pending` to `tx_pending`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
This commit fixes an issue introduced in #97531. Multicast routes added
by application are now set to have a prefix length of 16 bits instead of
128. This will allow multicast routing to all IPv6 addresses from those
groups.
For the OpenThread multicast listener callback, route length will be set
to 128 bits, as a MLD event is expected when an address is subscribed.
Route lookup has been removed since one will always be found as the
application registers multicast routes with same scope, but with a
smaller prefix length.
Fixed issue regarding packet forwarding and BBR state. Previously, code
was covering only the case wehn BBR was secondary and packet was
received from backbone interface. A secondary BBR should not forward a
multicast packet from OT interface to backbone interface and vice versa.
Improved unicast forwarding function to return from the beginning if the
packet has a multicast destination.
Signed-off-by: Cristian Bulacu <cristian.bulacu@nxp.com>
k_current_get is not valid pre-kernel. It will return an invalid dummy
thread or invalid memory. The invalid memory case can occur when
CURRENT_THREAD_USE_TLS is enabled.
Assert in k_current_get when called pre-kernel so offending code may be
identified.
k_is_pre_kernel is moved up in kernel.h to avoid needing a prototype for
k_is_pre_kernel.
Signed-off-by: Rob Barnes <robbarnes@google.com>
Previously, the bypass() function was called while the shell mutex
was still held, preventing the use of shell APIs (e.g. shell_print())
inside the bypass context.
This change unlocks the shell mutex before invoking bypass() and
locks it again afterwards, restoring proper shell context handling
and preventing potential deadlocks.
Issue fixed by: roni1234321
Fixes#97722
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@verkada.com>
The minimal libc does not include `fnmatch.h` in its default search path.
This causes an issue when running coverage in CI as shown here.
https://github.com/zephyrproject-rtos/zephyr/actions/runs/18839500380/\
job/53748166725
That would technically be fixed with #97855 as well.
Testing Done:
```
west twister -c -p qemu_x86/atom -s kernel.pending.minimallibc --coverage\
--coverage-tool gcovr
```
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Fix use-after-release in lll_scan/lll_scan_aux when using
mayfly_enqueue to defer execution of the offset calculation
using ull_sched_mfy_after_cen_offset_get().
Apply suggestion from @Copilot
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Zephyr's socklen_t was changed in
c546c1cad1
to be uint32_t instea of size_t.
Let's fix accordingly the prototypes which expect it.
Note this was already fixed in
37ff1b254f
But it was reverted in
d849ab1263
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
If the network interface goes down, close all TCP connections
that are bound to that interface. The reasoning here is that we
need a way to remove IP address from the interface and it might
not be possible if there is a TCP socket that is bound to that address.
If the interface comes back on, we might get the same IP address in
which case the socket closure was not really needed but it is not
possible to know in advance.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If the network interface goes down, then we do not have any time
to tear down TCP connection gracefully because there is no more
a connection to send data to. In this case the TCP connection is
forcefully closed without going into FIN_WAIT_1 state.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If the CIG and ACL overlap each other when the CIS is starting
zephyr will assert on negative time, so fit this special case.
Signed-off-by: Lars Segerlund <lrsu@demant.com>
When multiple relay adv sets are used, the bt_mesh_adv_send function
calls bt_mesh_adv_relay_ready which should distribute relayed
advertisements across all relay adv sets.
Until the submitted relay adv set work is started, the ADV_FLAG_ACTIVE
is not set. Therefore, next call to bt_mesh_adv_send will try to
re-submit the same relay adv set work, instead of picking up another
relay set which is actually free and ready to send an advertisement.
This commit adds a check that checks if the adv set work is already
pending to be executed. And if so, schedule_send returns false to make
bt_mesh_adv_relay_ready pick next relay adv set.
This shouldn't brake advertising because once adv set is done
transmitting advertisment, it will pick up a next one.
The ADV_FLAG_PROXY check is added to do re-submit for adv set which was
used for proxy advertisement since we need to prioritize mesh messages
over proxy advertisements when those are running on the same adv set.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
The `bt_le_ext_adv_update_param` will set new random address when option
not select `BT_LE_ADV_OPT_USE_IDENTITY`, But `bt_le_ext_adv_start` will
also set random address again.
This will be affect bluetooth mesh, after this change, will ensure address
only change once for every advertising.
Signed-off-by: Lingao Meng <menglingao@xiaomi.com>
Add bt_bap_unicast_client_unregister_cb to unregister BAP
unicast client callbacks. This is required for unittests
to clean up between runs.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
