Hello,
syzbot found the following issue on:
HEAD commit: 3299fb36854f Linux 5.15.108
git tree: linux-5.15.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=17b78f00280000
kernel config:
https://syzkaller.appspot.com/x/.config?x=7da5cf0bf5f17e50
dashboard link:
https://syzkaller.appspot.com/bug?extid=c8c7fd79e80dadf0cb51
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/e9dec7cd5a48/disk-3299fb36.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/e054af719cf1/vmlinux-3299fb36.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/5ae902fb312f/Image-3299fb36.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+c8c7fd...@syzkaller.appspotmail.com
=====================================
WARNING: bad unlock balance detected!
5.15.108-syzkaller #0 Not tainted
-------------------------------------
kworker/u5:0/144 is trying to release lock (&conn->chan_lock) at:
[<ffff800010cd8d74>] l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
but there are no more locks to release!
other info that might help us debug this:
2 locks held by kworker/u5:0/144:
#0: ffff0000dc067138 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2279
#1: ffff80001a3f7c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 kernel/workqueue.c:2281
stack backtrace:
CPU: 1 PID: 144 Comm: kworker/u5:0 Not tainted 5.15.108-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: hci3 hci_rx_work
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_unlock_imbalance_bug+0x250/0x2a4 kernel/locking/lockdep.c:5064
lock_release+0x4b8/0xa1c kernel/locking/lockdep.c:5642
__mutex_unlock_slowpath+0xe0/0x6d4 kernel/locking/mutex.c:851
mutex_unlock+0x8c/0xe0 kernel/locking/mutex.c:536
l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
l2cap_bredr_sig_cmd+0x970/0x7f54 net/bluetooth/l2cap_core.c:5748
l2cap_sig_channel net/bluetooth/l2cap_core.c:6507 [inline]
l2cap_recv_frame+0x848/0x6a48 net/bluetooth/l2cap_core.c:7786
l2cap_recv_acldata+0x4f4/0x163c net/bluetooth/l2cap_core.c:8504
hci_acldata_packet net/bluetooth/hci_core.c:4967 [inline]
hci_rx_work+0x3b0/0x6d0 net/bluetooth/hci_core.c:5158
process_one_work+0x790/0x11b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.