Obsolete
Status Update
No update yet.
Comments
am...@google.com
Can you provide the below requested information to better understand the issue:
Android build
Which Android build are you using? (e.g. KVT49L)
Device used
Which device did you use to reproduce this issue?
Steps to reproduce
What steps do others need to take in order to reproduce the issue themselves?
Frequency
How frequently does this issue occur? (e.g 100% of the time, 10% of the time)
Expected output
What do you expect to occur?
Current output
What do you see instead?
Android bug report:
After reproducing the issue, navigate to developer settings, ensure ‘USB debugging’ is enabled, then enable ‘Bug report shortcut’. To take bug report, hold the power button and select the ‘Take bug report’ option.
Note: Please upload the files to google drive and share the folder to android-bugreport@google.com, then share the link here.
Android build
Which Android build are you using? (e.g. KVT49L)
Device used
Which device did you use to reproduce this issue?
Steps to reproduce
What steps do others need to take in order to reproduce the issue themselves?
Frequency
How frequently does this issue occur? (e.g 100% of the time, 10% of the time)
Expected output
What do you expect to occur?
Current output
What do you see instead?
Android bug report:
After reproducing the issue, navigate to developer settings, ensure ‘USB debugging’ is enabled, then enable ‘Bug report shortcut’. To take bug report, hold the power button and select the ‘Take bug report’ option.
Note: Please upload the files to google drive and share the folder to android-bugreport@google.com, then share the link here.
em...@gmail.com
Sure! As I said, I have tried on three different devices (Sony Xperia Z3, Nexus 5X and Nexus 6). Now I followed the take bug report procedure with the Nexus 5X.
Android build:
NRD90S
Device used:
Nexus 5X
Steps to reproduce:
See description. Example with code:
1.
BluetoothGatt gatt = BluetoothAdapter.getDefaultAdapter().getRemoteDevice("80:E4:DA:70:84:2C").connectGatt(context, false, new BluetoothGattCallback(){});
try {Thread.sleep(2000);} catch (InterruptedException e) {}
gatt.close();
2. Now start advertising on that device.
The sleep time is there in order to workaroundhttps://code.google.com/p/android/issues/detail?id=223582
Frequency:
100%
Expected output / Current output:
See description
Android bug report:
https://drive.google.com/open?id=0B-kW5rSvtUYnOTR2Z1I0WTNCZVE
From the logcat there, I've extracted the interesting parts:
09-27 12:56:18.811 863 882 D BluetoothManagerService: Message: 20
09-27 12:56:18.811 863 882 D BluetoothManagerService: Added callback: android.bluetooth.IBluetoothManagerCallback$Stub$Proxy@c59d4d2:true
09-27 12:56:18.814 5480 5480 D BluetoothGatt: connect() - device: 80:E4:DA:70:84:2C, auto: false
09-27 12:56:18.814 5480 5480 D BluetoothGatt: registerApp()
09-27 12:56:18.814 5480 5480 D BluetoothGatt: registerApp() - UUID=60a9923c-effd-494d-9f22-815cf9128519
09-27 12:56:18.817 3167 3919 D BtGatt.GattService: registerClient() - UUID=60a9923c-effd-494d-9f22-815cf9128519
09-27 12:56:18.818 3167 3295 D BtGatt.GattService: onClientRegistered() - UUID=60a9923c-effd-494d-9f22-815cf9128519, clientIf=5
09-27 12:56:18.819 5480 5493 D BluetoothGatt: onClientRegistered() - status=0 clientIf=5
09-27 12:56:18.819 3167 3186 D BtGatt.GattService: clientConnect() - address=80:E4:DA:70:84:2C, isDirect=true
09-27 12:56:18.819 3167 3295 D bt_btif_config: btif_get_address_type: Device [80:e4:da:70:84:2c] address type 0
09-27 12:56:18.819 3167 3295 D bt_btif_config: btif_get_device_type: Device [80:e4:da:70:84:2c] type 2
09-27 12:56:20.818 5480 5480 D BluetoothGatt: close()
09-27 12:56:20.818 5480 5480 D BluetoothGatt: unregisterApp() - mClientIf=5
09-27 12:56:20.820 3167 3920 D BtGatt.GattService: unregisterClient() - clientIf=5
09-27 12:56:20.820 3167 3295 D BtGatt.GattService: onDisconnected() - clientIf=5, connId=0, address=80:E4:DA:70:84:2C
09-27 12:56:20.820 3167 3295 E BtGatt.ContextMap: Context not found for ID 5
I start advertising on the peripheral and it gets connected here even though I've closed:
09-27 12:56:24.898 3167 3860 W bt_smp : smp_br_connect_callback is called on unexpected transport 2
09-27 12:56:24.898 3167 3860 W bt_btif : bta_dm_acl_change info: 0x0
09-27 12:56:24.898 3167 3295 D bt_btif_dm: remote version info [80:e4:da:70:84:2c]: 0, 0, 0
09-27 12:56:24.913 3167 3295 E BluetoothRemoteDevices: state12newState0
Android build:
NRD90S
Device used:
Nexus 5X
Steps to reproduce:
See description. Example with code:
1.
BluetoothGatt gatt = BluetoothAdapter.getDefaultAdapter().getRemoteDevice("80:E4:DA:70:84:2C").connectGatt(context, false, new BluetoothGattCallback(){});
try {Thread.sleep(2000);} catch (InterruptedException e) {}
gatt.close();
2. Now start advertising on that device.
The sleep time is there in order to workaround
Frequency:
100%
Expected output / Current output:
See description
Android bug report:
From the logcat there, I've extracted the interesting parts:
09-27 12:56:18.811 863 882 D BluetoothManagerService: Message: 20
09-27 12:56:18.811 863 882 D BluetoothManagerService: Added callback: android.bluetooth.IBluetoothManagerCallback$Stub$Proxy@c59d4d2:true
09-27 12:56:18.814 5480 5480 D BluetoothGatt: connect() - device: 80:E4:DA:70:84:2C, auto: false
09-27 12:56:18.814 5480 5480 D BluetoothGatt: registerApp()
09-27 12:56:18.814 5480 5480 D BluetoothGatt: registerApp() - UUID=60a9923c-effd-494d-9f22-815cf9128519
09-27 12:56:18.817 3167 3919 D BtGatt.GattService: registerClient() - UUID=60a9923c-effd-494d-9f22-815cf9128519
09-27 12:56:18.818 3167 3295 D BtGatt.GattService: onClientRegistered() - UUID=60a9923c-effd-494d-9f22-815cf9128519, clientIf=5
09-27 12:56:18.819 5480 5493 D BluetoothGatt: onClientRegistered() - status=0 clientIf=5
09-27 12:56:18.819 3167 3186 D BtGatt.GattService: clientConnect() - address=80:E4:DA:70:84:2C, isDirect=true
09-27 12:56:18.819 3167 3295 D bt_btif_config: btif_get_address_type: Device [80:e4:da:70:84:2c] address type 0
09-27 12:56:18.819 3167 3295 D bt_btif_config: btif_get_device_type: Device [80:e4:da:70:84:2c] type 2
09-27 12:56:20.818 5480 5480 D BluetoothGatt: close()
09-27 12:56:20.818 5480 5480 D BluetoothGatt: unregisterApp() - mClientIf=5
09-27 12:56:20.820 3167 3920 D BtGatt.GattService: unregisterClient() - clientIf=5
09-27 12:56:20.820 3167 3295 D BtGatt.GattService: onDisconnected() - clientIf=5, connId=0, address=80:E4:DA:70:84:2C
09-27 12:56:20.820 3167 3295 E BtGatt.ContextMap: Context not found for ID 5
I start advertising on the peripheral and it gets connected here even though I've closed:
09-27 12:56:24.898 3167 3860 W bt_smp : smp_br_connect_callback is called on unexpected transport 2
09-27 12:56:24.898 3167 3860 W bt_btif : bta_dm_acl_change info: 0x0
09-27 12:56:24.898 3167 3295 D bt_btif_dm: remote version info [80:e4:da:70:84:2c]: 0, 0, 0
09-27 12:56:24.913 3167 3295 E BluetoothRemoteDevices: state12newState0
sa...@google.com
Can you please share an APK or sample source code with us to reproduce the issue from our end.
Description
If there already is a pending direct connect attempt and you try to establish another connection using the "direct connect" this request cannot start directly but the attempt to connect will start when the previous one has either connected successfully or the timeout has triggered or it is aborted. (They are basically queued up.)
However, there is a bug if you try to abort a pending direct connect that has not yet started but is still waiting in the queue. What happens is that as far as the app sees, the attempt is successfully aborted. However it's not really aborted. Once the previous request has finished it will start attempting to connect to the peripheral. If the peripheral connects, it remains connected to the Android device but can't be accessed anymore until either the peripheral disconnects or Bluetooth is restarted (app restart doesn't work). If you try to establish a new direct connect gatt connection to that device you immediately get an onConnectionStateChange callback with status GATT_ERROR (133). If you try to establish an auto connect gatt connection to that device no onConnectionStateChange is called at all (until the peripheral for some reason disconnects and reconnects).
Affected Android versions: Basically all I've tested on (Kitkat up to Nougat) for one exception. I've tested on Nexus 5, LG G3 Nexus 5X.
Samsung Note 4 (Android 4.4.2)
Samsung S5 (Android 6.0)
HTC One (Android 4.4.2)
LG G3 (Android 6.0 build MRA58K)
Nexus 5 (Android 6.0.1 build MOB30Y)
Nexus 6 (Android 7.0 build NPD90G)
Nexus 5X (Android 7.0 build NRD90S)
Nexus 5X (Android 7.0 build NPF26F developer preview)
Sony Xperia Z3 (Android 7.0 Preview)
Oppo X9009 (ColorOS V3.0.0i based on Android 5.1)
Devices where the bug is not triggered:
Xiaomi Redmi Note 3 (Android 5.x) (Maybe Mediatek has implemented some fix not merged into master?)
Steps to reproduce:
1. Have two BLE peripherals (device 1 and device 2). Turn them off so they don't advertise.
2. connectGatt with autoConnect=false to device 1.
(You sometimes may have to wait a bit between step 2 and 3 so the two operations are not reordered).
3. connectGatt with autoConnect=false to device 2.
4. Wait some time due to
5. Call disconnect() on the second gatt object (or close() if you are not affected by
6. Let device 1 start advertise so it becomes connected OR wait 30 seconds OR call disconnect() on the first gatt object.
7. Let device 2 start advertise.
Expected outcome:
Device 2 should NOT get connected.
What happens instead:
Device 2 becomes connected to the Android device. As written above, it's impossible to use this connection from Android.
Frequency: 100%
I think the whole thing about queuing up direct connects seems like a very bad idea, I don't actually see the reason at all for doing so. Why not just use the white list instead so that there can be multiple pending connections at once? Then the only difference between "direct connect" and "auto connect" would be that direct connect uses more active scan parameters and has the timeout of 30 seconds.
Example code to reproduce:
BluetoothGatt gatt0 = BluetoothAdapter.getDefaultAdapter().getRemoteDevice("80:E4:DA:70:54:14").connectGatt(this, false, cb3);
sleep(100);
BluetoothGatt gatt1 = BluetoothAdapter.getDefaultAdapter().getRemoteDevice("80:E4:DA:70:B2:30").connectGatt(this, false, cb1);
sleep(2000);
gatt1.disconnect();
sleep(100);
gatt0.disconnect();
Logcat (from Nexus 5X NPF26F, corresponding to the same HCI snooplog session):
11-25 15:43:55.680 16191 16191 D BluetoothGatt: connect() - device: 80:E4:DA:70:54:14, auto: false
11-25 15:43:55.680 16191 16191 D BluetoothGatt: registerApp()
11-25 15:43:55.680 16191 16191 D BluetoothGatt: registerApp() - UUID=9a0ba22a-592a-4e05-b1a0-c3fc8bbaa814
11-25 15:43:55.681 15744 15756 D BtGatt.GattService: registerClient() - UUID=9a0ba22a-592a-4e05-b1a0-c3fc8bbaa814
11-25 15:43:55.682 15744 15763 D BtGatt.GattService: onClientRegistered() - UUID=9a0ba22a-592a-4e05-b1a0-c3fc8bbaa814, clientIf=5
11-25 15:43:55.682 16191 16206 D BluetoothGatt: onClientRegistered() - status=0 clientIf=5
11-25 15:43:55.683 15744 15805 D BtGatt.GattService: clientConnect() - address=80:E4:DA:70:54:14, isDirect=true
11-25 15:43:55.683 15744 15763 D bt_btif_config: btif_get_address_type: Device [80:e4:da:70:54:14] address type 0
11-25 15:43:55.683 15744 15763 D bt_btif_config: btif_get_device_type: Device [80:e4:da:70:54:14] type 2
11-25 15:43:55.782 16191 16191 D BluetoothGatt: connect() - device: 80:E4:DA:70:B2:30, auto: false
11-25 15:43:55.782 16191 16191 D BluetoothGatt: registerApp()
11-25 15:43:55.783 16191 16191 D BluetoothGatt: registerApp() - UUID=c52b5b5e-dadb-4099-a0c6-fc53d72eb463
11-25 15:43:55.784 15744 15765 D BtGatt.GattService: registerClient() - UUID=c52b5b5e-dadb-4099-a0c6-fc53d72eb463
11-25 15:43:55.784 15744 15763 D BtGatt.GattService: onClientRegistered() - UUID=c52b5b5e-dadb-4099-a0c6-fc53d72eb463, clientIf=6
11-25 15:43:55.785 16191 16205 D BluetoothGatt: onClientRegistered() - status=0 clientIf=6
11-25 15:43:55.785 15744 15807 D BtGatt.GattService: clientConnect() - address=80:E4:DA:70:B2:30, isDirect=true
11-25 15:43:55.786 15744 15763 D bt_btif_config: btif_get_address_type: Device [80:e4:da:70:b2:30] address type 0
11-25 15:43:55.786 15744 15763 D bt_btif_config: btif_get_device_type: Device [80:e4:da:70:b2:30] type 2
11-25 15:43:55.786 15744 15786 W bt_l2cap: L2CAP - LE - cannot start new connection at conn st: 1
11-25 15:43:57.784 16191 16191 D BluetoothGatt: cancelOpen() - device: 80:E4:DA:70:B2:30
11-25 15:43:57.786 15744 15766 D BtGatt.GattService: clientDisconnect() - address=80:E4:DA:70:B2:30, connId=null
11-25 15:43:57.790 15744 15786 W bt_l2cap: L2CA_CancelBleConnectReq - different BDA Connecting: 80e4da705414 Cancel: 80e4da70b230
11-25 15:43:57.795 15744 15786 E bt_btif : bta_gattc_mark_bg_conn unable to find the bg connection mask for: 80:e4:da:70:b2:30
11-25 15:43:57.890 16191 16191 D BluetoothGatt: cancelOpen() - device: 80:E4:DA:70:54:14
11-25 15:43:57.892 15744 15755 D BtGatt.GattService: clientDisconnect() - address=80:E4:DA:70:54:14, connId=null
11-25 15:43:57.896 15744 15786 W bt_btif : bta_gattc_conn_cback() - cif=3 connected=0 conn_id=3 reason=0x0100
11-25 15:43:57.896 15744 15786 W bt_btif : bta_gattc_conn_cback() - cif=4 connected=0 conn_id=4 reason=0x0100
11-25 15:43:57.896 15744 15786 W bt_btif : bta_gattc_conn_cback() - cif=5 connected=0 conn_id=5 reason=0x0100
11-25 15:43:57.896 15744 15786 W bt_btif : bta_gattc_conn_cback() - cif=6 connected=0 conn_id=6 reason=0x0100
11-25 15:43:57.896 15744 15786 E bt_btif : bta_gattc_mark_bg_conn unable to find the bg connection mask for: 80:e4:da:70:54:14
11-25 15:44:10.610 15744 15786 W bt_btif : bta_dm_acl_change info: 0x0
11-25 15:44:10.610 15744 15763 D bt_btif_dm: remote version info [80:e4:da:70:b2:30]: 0, 0, 0
11-25 15:44:10.632 15744 15763 E BluetoothRemoteDevices: state12newState0
11-25 15:44:10.667 4494 4494 I TrustAgent.Tracker: [BluetoothConnectionTracker] Bluetooth connect broadast for f022cLIw 80:E4:DA:70:B2:30