LinuxLists.cc - [Bug 212965] New: WARNING: possible circular locking dependency detected, bluetoothd/547 is trying to acquire lock: ffff9f6854610078 (&hdev->lock){+.+.}-{3:3}, at: hci_conn_get

2021-05-06 15:07:26

Subject: [Bug 212965] New: WARNING: possible circular locking dependency detected, bluetoothd/547 is trying to acquire lock: ffff9f6854610078 (&hdev->lock){+.+.}-{3:3}, at: hci_conn_get_phy+0x18/0x150 [bluetooth]

https://bugzilla.kernel.org/show_bug.cgi?id=212965

Bug ID: 212965
Summary: WARNING: possible circular locking dependency
detected, bluetoothd/547 is trying to acquire lock:
ffff9f6854610078 (&hdev->lock){+.+.}-{3:3}, at:
hci_conn_get_phy+0x18/0x150 [bluetooth]
Product: Drivers
Version: 2.5
Kernel Version: 5.12.1
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Bluetooth
Assignee: [email protected]
Reporter: [email protected]
Regression: No

Created attachment 296671
--> https://bugzilla.kernel.org/attachment.cgi?id=296671&action=edit
kernel dmesg (5.12.1, AMD FX-8370)

Got this while plugging in my USB bluetooth dongle (ASUS USB-BT500):

[...]
======================================================
WARNING: possible circular locking dependency detected
5.12.1-gentoo-bdver2 #2 Not tainted
------------------------------------------------------
bluetoothd/547 is trying to acquire lock:
ffff9f6854610078 (&hdev->lock){+.+.}-{3:3}, at: hci_conn_get_phy+0x18/0x150
[bluetooth]

but task is already holding lock:
ffff9f673830c920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at:
l2cap_sock_getsockopt+0x8e/0x6a0 [bluetooth]

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:
lock_sock_nested+0x58/0x80
l2cap_sock_new_connection_cb+0x14/0xa8 [bluetooth]
l2cap_connect+0x1be/0x5d8 [bluetooth]
l2cap_recv_frame+0xf6a/0x3288 [bluetooth]
process_pending_rx+0x26/0x40 [bluetooth]
process_one_work+0x26b/0x578
worker_thread+0x4d/0x3b0
kthread+0x132/0x150
ret_from_fork+0x22/0x30

-> #2 (&chan->lock/2){+.+.}-{3:3}:
__mutex_lock+0x6f/0x868
l2cap_connect_cfm+0x14d/0x420 [bluetooth]
hci_remote_ext_features_evt.isra.0+0x15a/0x2b8 [bluetooth]
hci_event_packet+0x10ad/0x2c08 [bluetooth]
hci_rx_work+0x267/0x620 [bluetooth]
process_one_work+0x26b/0x578
worker_thread+0x4d/0x3b0
kthread+0x132/0x150
ret_from_fork+0x22/0x30

-> #1 (hci_cb_list_lock){+.+.}-{3:3}:
__mutex_lock+0x6f/0x868
hci_event_packet+0xcd8/0x2c08 [bluetooth]
hci_rx_work+0x267/0x620 [bluetooth]
process_one_work+0x26b/0x578
worker_thread+0x4d/0x3b0
kthread+0x132/0x150
ret_from_fork+0x22/0x30

-> #0 (&hdev->lock){+.+.}-{3:3}:
__lock_acquire+0x146e/0x2628
lock_acquire+0xc4/0x390
__mutex_lock+0x6f/0x868
hci_conn_get_phy+0x18/0x150 [bluetooth]
l2cap_sock_getsockopt+0x4fd/0x6a0 [bluetooth]
__sys_getsockopt+0x88/0x1c0
__x64_sys_getsockopt+0x1c/0x20
do_syscall_64+0x33/0x48
entry_SYSCALL_64_after_hwframe+0x44/0xae

other info that might help us debug this:

Chain exists of:
&hdev->lock --> &chan->lock/2 --> sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP

Possible unsafe locking scenario:

CPU0 CPU1
---- ----
lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
lock(&chan->lock/2);
lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
lock(&hdev->lock);

*** DEADLOCK ***

1 lock held by bluetoothd/547:
#0: ffff9f673830c920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at:
l2cap_sock_getsockopt+0x8e/0x6a0 [bluetooth]

stack backtrace:
CPU: 3 PID: 547 Comm: bluetoothd Not tainted 5.12.1-gentoo-bdver2 #2
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./970-GAMING,
BIOS F2 04/06/2016
Call Trace:
dump_stack+0x7f/0xad
check_noncircular+0x106/0x120
__lock_acquire+0x146e/0x2628
lock_acquire+0xc4/0x390
? hci_conn_get_phy+0x18/0x150 [bluetooth]
__mutex_lock+0x6f/0x868
? hci_conn_get_phy+0x18/0x150 [bluetooth]
? hci_conn_get_phy+0x18/0x150 [bluetooth]
? l2cap_sock_getsockopt+0x8e/0x6a0 [bluetooth]
? mark_held_locks+0x4a/0x70
hci_conn_get_phy+0x18/0x150 [bluetooth]
l2cap_sock_getsockopt+0x4fd/0x6a0 [bluetooth]
__sys_getsockopt+0x88/0x1c0
__x64_sys_getsockopt+0x1c/0x20
do_syscall_64+0x33/0x48
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f4944d20d4a
Code: 48 8b 0d 21 a1 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00
00 00 00 0f 1f 44 00 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 8b 0d ee a0 0b 00 f7 d8 64 89 01 48
RSP: 002b:00007ffec0c06688 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 0000000000000031 RCX: 00007f4944d20d4a
RDX: 000000000000000e RSI: 0000000000000112 RDI: 0000000000000031
RBP: 0000000000000000 R08: 00007ffec0c06694 R09: 00007ffec0df8090
R10: 00007ffec0c066d4 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000019 R14: 0000000000000000 R15: 0000561dc8d35f0c
input: Teufel MOTIV GO (AVRCP) as /devices/virtual/input/input21
Bluetooth: hci0: SCO packet for unknown connection handle 3
Bluetooth: hci0: SCO packet for unknown connection handle 3
Bluetooth: hci0: SCO packet for unknown connection handle 3
Bluetooth: hci0: SCO packet for unknown connection handle 3
Bluetooth: hci0: urb 00000000dd0f7389 submission failed (90)
Bluetooth: hci0: sending frame failed (-90)
Bluetooth: hci0: urb 00000000dd0f7389 submission failed (90)
Bluetooth: hci0: sending frame failed (-90)
[...]

# lsusb -s 002:002 -vv

Bus 002 Device 002: ID 0b05:190e ASUSTek Computer, Inc. ASUS USB-BT500
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 224 Wireless
bDeviceSubClass 1 Radio Frequency
bDeviceProtocol 1 Bluetooth
bMaxPacketSize0 64
idVendor 0x0b05 ASUSTek Computer, Inc.
idProduct 0x190e
bcdDevice 2.00
iManufacturer 1 Realtek
iProduct 2 ASUS USB-BT500
iSerial 3 00E04C239987
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x00b1
bNumInterfaces 2
bConfigurationValue 1
iConfiguration 0
bmAttributes 0xe0
Self Powered
Remote Wakeup
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0010 1x 16 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0000 1x 0 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0000 1x 0 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 1
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0009 1x 9 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0009 1x 9 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 2
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0011 1x 17 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0011 1x 17 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 3
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0019 1x 25 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0019 1x 25 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 4
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0021 1x 33 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0021 1x 33 bytes
bInterval 1
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 5
bNumEndpoints 2
bInterfaceClass 224 Wireless
bInterfaceSubClass 1 Radio Frequency
bInterfaceProtocol 1 Bluetooth
iInterface 4 Bluetooth Radio
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0031 1x 49 bytes
bInterval 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 1
Transfer Type Isochronous
Synch Type None
Usage Type Data
wMaxPacketSize 0x0031 1x 49 bytes
bInterval 1
can't get debug descriptor: Resource temporarily unavailable
Device Status: 0x0001
Self Powered

--
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

2021-12-01 23:48:03

by bugzilla-daemon

[permalink] [raw]

Subject: [Bug 212965] WARNING: possible circular locking dependency detected, bluetoothd/547 is trying to acquire lock: ffff9f6854610078 (&hdev->lock){+.+.}-{3:3}, at: hci_conn_get_phy+0x18/0x150 [bluetooth]

https://bugzilla.kernel.org/show_bug.cgi?id=212965

Erhard F. ([email protected]) changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |OBSOLETE

--- Comment #2 from Erhard F. ([email protected]) ---
Have not seen this since quite some time. Kernel 5.15.5 and 5.16-rc3 are ok
too.

Closing as obsolete.

--
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.