Public bug reported: The BlueZ stack may pass the overflown report ID to the Linux userspace HID driver (UHID). This operation would fail the following check at the UHID driver level
https://github.com/torvalds/linux/blob/master/drivers/hid/uhid.c#L219 resulting in the EIO error. The UHID layer assigns the packet identifier incrementally and sends the UHID_GET_REPORT/UHID_SET_REPORT event to the BlueZ. BlueZ is expected to provide the matching response to the received command and pass the same packet identifier with it to the UHID layer with the UHID_GET_REPORT_REPLY/UHID_SET_REPORT_REPLY event. However, BlueZ uses the u16_t variable for storing the report IDs, resulting in overflow after achieving UINT16_T_MAX (65535). The fix for this issue is already applied to the master branch of the BlueZ GitHub repository in the form of two related commits: https://github.com/bluez/bluez/commit/50487180813dfa7e7f106076e0cb9c5c0ad58bb3 https://github.com/bluez/bluez/commit/c2d072641aa9015fdfab196d095566fea364d4dc I kindly request you to patch the blueZ package for Ubuntu v24.04 LTS. In the case of Ubuntu v25.10, the bug is even more visible as the overflow happens when you exchange more than 255 packets (uint8_t overflow). This more serious regression is present in BlueZ v5.74 and newer versions (up to v5.84). Impact: Broken DFU transfer for HID products which use the HID feature report as a transport layer. Environment: 1. Description: Ubuntu 24.04.3 LTS Release: 24.04 2. bluetoothctl: 5.72 3. Please cherry-pick commits that are listed in the issue description and apply them as a fix for this issue. 4. N/A ** Affects: bluez (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130724 Title: HID feature report breaks after exchanging 65535 packets (UINT16_T_MAX) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/2130724/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
