lib/zephyr: Update to fix BLE soft reset crash.

pi-anl · pi-anl · commit b0940b016a77 · 2025-10-21T09:28:44.000+11:00
Update Zephyr submodule to commit 5aea038b7d34 which fixes a critical
double-unref bug in le_adv_stop_free_conn() that prevented soft reset
functionality in BLE applications.

SUBMODULE COMMIT DETAILS:
  commit 5aea038b7d342ec4445273918c328d82062ff971
  Author: Andrew Leech &lt;andrew.leech@planetinnovation.com.au&gt;
  Date:   Tue Oct 21 08:09:25 2025 +1100

  subsys/bluetooth/host: Fix double-unref bug in le_adv_stop_free_conn.

BUG FIXED:
When stopping connectable BLE advertising, Zephyr's le_adv_stop_free_conn()
function performed a redundant bt_conn_unref() call after the state machine
transition handler had already decremented the reference count. This caused
the connection object's refcount to drop to zero prematurely, triggering
assertion failures on subsequent operations:

  ASSERT FAILED at conn.c:1526: old &gt; 0 ("Conn reference counter is 0")

REFERENCE COUNT FLOW (before fix):
  bt_conn_new()                   refcount = 1
  bt_conn_lookup_state_le()       refcount = 2  (increments)
  bt_conn_set_state() transition  refcount = 1  (state machine unrefs)
  bt_conn_unref() explicit        refcount = 0  ← DOUBLE UNREF BUG
  [subsequent operations crash]

REFERENCE COUNT FLOW (after fix):
  bt_conn_new()                   refcount = 1
  bt_conn_lookup_state_le()       refcount = 2  (increments)
  bt_conn_set_state() transition  refcount = 1  (state machine unrefs)
  [no explicit unref - removed]   refcount = 1  ← CORRECT
  [subsequent operations succeed]

THE FIX:
Removed the redundant bt_conn_unref() call at subsys/bluetooth/host/adv.c:887.
The state machine transition from BT_CONN_ADV_CONNECTABLE to BT_CONN_DISCONNECTED
already handles the reference count decrement (at conn.c:1308), making the
explicit unref in le_adv_stop_free_conn() redundant and incorrect.

REPRODUCTION (before fix):
  ble = bluetooth.BLE()
  ble.active(True)                    # bt_enable() succeeds
  ble.gap_advertise(60000, adv_data)  # Advertising starts
  ble.active(False)                   # bt_disable() → CRASH

TESTING (after fix):
  Cycle 1: bt_enable() → advertise → bt_disable() ✓
  Cycle 2: bt_enable() → advertise → bt_disable() ✓
  Cycle 3: bt_enable() → advertise → bt_disable() ✓
  Result: All soft reset cycles complete successfully

IMPACT:
This fix is essential for MicroPython soft reset functionality on Zephyr BLE.
Without it, any BLE application using connectable advertising crashes when
attempting to deinitialize the BLE stack (ble.active(False) or machine.soft_reset()).

The fix works in conjunction with the callback unregistration added in
extmod/zephyr_ble/modbluetooth_zephyr.c to provide full soft reset support.

AFFECTED PLATFORMS:
- STM32WB55 (tested and verified)
- All platforms using Zephyr BLE host stack with connectable advertising

Signed-off-by: Andrew Leech &lt;andrew.leech@planetinnovation.com.au&gt;
diff --git a/lib/zephyr b/lib/zephyr
@@ -1 +1 @@
-Subproject commit 58fb2bb441b2f023ef2743a85c905cb831aad0af
+Subproject commit 5aea038b7d342ec4445273918c328d82062ff971
