[REGRESSION] Bluetooth: MT7922 fails to initialize after "Bluetooth: btmtk: validate WMT event SKB length before struct access"
Thorsten Leemhuis
regressions at leemhuis.info
Mon May 18 22:04:58 PDT 2026
On 5/19/26 06:31, Baley Eccles wrote:
> Subject: [REGRESSION] Bluetooth: MT7922 fails to initialize after
> "Bluetooth: btmtk: validate WMT event SKB length before struct access"
>
> Hi all,
>
> I have experienced and looked into a regression on a MediaTek MT7922
> adapter. Bluetooth works on v6.18.29, fails on v6.18.30, and reverting
> the bisected commit fixes it.
Thx for the report, there are quite a few similar ones already; the
problem is known and the fix (see the link below) should be heading to
mainline this week and from there go to various stable series.
Ciao, Thorsten
#regzbot dup:
https://lore.kernel.org/linux-bluetooth/770d36b07311bf88210c187923f243fb9f126f04.1777058551.git.pav@iki.fi/
> Hardware:
> MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter [14c3:7922]
> Subsystem: AzureWave ASUS PCE-AXE59BT [1a3b:5300]
>
> Good kernel:
> 6.18.29-p2-gentoo-dist
> Upstream base: v6.18.29
>
> Bad kernel:
> 6.18.30-p1-gentoo-dist
> Upstream base: v6.18.30
>
> Failure:
> bluetoothctl list prints nothing / no default controller is available.
>
> Bad dmesg:
> Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448
> Bluetooth: hci0: Failed to send wmt func ctrl (-22)
> Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is
> advertised, but not supported.
>
> Good dmesg:
> Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448
> Bluetooth: hci0: Device setup in 129909 usecs
> Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is
> advertised, but not supported.
> Bluetooth: hci0: AOSP extensions version v1.00
> Bluetooth: hci0: AOSP quality report is supported
> Bluetooth: MGMT ver 1.23
>
> Firmware:
> /lib/firmware/mediatek/BT_RAM_CODE_MT7922_1_1_hdr.bin
> /lib/firmware/mediatek/WIFI_MT7922_patch_mcu_1_1_hdr.bin
> /lib/firmware/mediatek/WIFI_RAM_CODE_MT7922_1.bin
>
> Bisect result:
> 624fb79dadc1b65757986a9d0fdde5c0cf3fe179 is the first bad commit
>
> Bluetooth: btmtk: validate WMT event SKB length before struct access
>
> This is a stable backport of upstream commit:
> 634a4408c0615c523cf7531790f4f14a422b9206
>
> Reverting 624fb79dadc1b65757986a9d0fdde5c0cf3fe179 on top of v6.18.30
> fixes the issue and Bluetooth works again.
>
> Please let me know if there is any additional logging or testing I can provide.
>
> #regzbot introduced: 624fb79dadc1b65757986a9d0fdde5c0cf3fe179
>
> Cheers,
> Baley
More information about the Linux-mediatek
mailing list