[v5.15] WARNING: bad unlock balance in l2cap_disconnect_rsp
6 views
Skip to first unread message
syzbot
Apr 20, 2023, 10:14:39 AM4/20/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3299fb36854f Linux 5.15.108
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17b78f00280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7da5cf0bf5f17e50
dashboard link: https://syzkaller.appspot.com/bug?extid=c8c7fd79e80dadf0cb51
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e9dec7cd5a48/disk-3299fb36.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e054af719cf1/vmlinux-3299fb36.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5ae902fb312f/Image-3299fb36.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c8c7fd...@syzkaller.appspotmail.com
=====================================
WARNING: bad unlock balance detected!
5.15.108-syzkaller #0 Not tainted
-------------------------------------
kworker/u5:0/144 is trying to release lock (&conn->chan_lock) at:
[<ffff800010cd8d74>] l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
but there are no more locks to release!
other info that might help us debug this:
2 locks held by kworker/u5:0/144:
#0: ffff0000dc067138 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2279
#1: ffff80001a3f7c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 kernel/workqueue.c:2281
stack backtrace:
CPU: 1 PID: 144 Comm: kworker/u5:0 Not tainted 5.15.108-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: hci3 hci_rx_work
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_unlock_imbalance_bug+0x250/0x2a4 kernel/locking/lockdep.c:5064
lock_release+0x4b8/0xa1c kernel/locking/lockdep.c:5642
__mutex_unlock_slowpath+0xe0/0x6d4 kernel/locking/mutex.c:851
mutex_unlock+0x8c/0xe0 kernel/locking/mutex.c:536
l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
l2cap_bredr_sig_cmd+0x970/0x7f54 net/bluetooth/l2cap_core.c:5748
l2cap_sig_channel net/bluetooth/l2cap_core.c:6507 [inline]
l2cap_recv_frame+0x848/0x6a48 net/bluetooth/l2cap_core.c:7786
l2cap_recv_acldata+0x4f4/0x163c net/bluetooth/l2cap_core.c:8504
hci_acldata_packet net/bluetooth/hci_core.c:4967 [inline]
hci_rx_work+0x3b0/0x6d0 net/bluetooth/hci_core.c:5158
process_one_work+0x790/0x11b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3299fb36854f Linux 5.15.108
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17b78f00280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7da5cf0bf5f17e50
dashboard link: https://syzkaller.appspot.com/bug?extid=c8c7fd79e80dadf0cb51
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e9dec7cd5a48/disk-3299fb36.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e054af719cf1/vmlinux-3299fb36.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5ae902fb312f/Image-3299fb36.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c8c7fd...@syzkaller.appspotmail.com
=====================================
WARNING: bad unlock balance detected!
5.15.108-syzkaller #0 Not tainted
-------------------------------------
kworker/u5:0/144 is trying to release lock (&conn->chan_lock) at:
[<ffff800010cd8d74>] l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
but there are no more locks to release!
other info that might help us debug this:
2 locks held by kworker/u5:0/144:
#0: ffff0000dc067138 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2279
#1: ffff80001a3f7c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 kernel/workqueue.c:2281
stack backtrace:
CPU: 1 PID: 144 Comm: kworker/u5:0 Not tainted 5.15.108-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: hci3 hci_rx_work
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_unlock_imbalance_bug+0x250/0x2a4 kernel/locking/lockdep.c:5064
lock_release+0x4b8/0xa1c kernel/locking/lockdep.c:5642
__mutex_unlock_slowpath+0xe0/0x6d4 kernel/locking/mutex.c:851
mutex_unlock+0x8c/0xe0 kernel/locking/mutex.c:536
l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
l2cap_bredr_sig_cmd+0x970/0x7f54 net/bluetooth/l2cap_core.c:5748
l2cap_sig_channel net/bluetooth/l2cap_core.c:6507 [inline]
l2cap_recv_frame+0x848/0x6a48 net/bluetooth/l2cap_core.c:7786
l2cap_recv_acldata+0x4f4/0x163c net/bluetooth/l2cap_core.c:8504
hci_acldata_packet net/bluetooth/hci_core.c:4967 [inline]
hci_rx_work+0x3b0/0x6d0 net/bluetooth/hci_core.c:5158
process_one_work+0x790/0x11b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 20, 2023, 11:49:44 AM4/20/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f17b0ab65d17 Linux 6.1.25
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1632b248280000
kernel config: https://syzkaller.appspot.com/x/.config?x=73f7ee8e484b74b7
dashboard link: https://syzkaller.appspot.com/bug?extid=7ce948317c9c0bbfa811
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/553994c02131/disk-f17b0ab6.raw.xz
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/c88e4d2795a5/vmlinux-f17b0ab6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d788d429a3a9/Image-f17b0ab6.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
=====================================
WARNING: bad unlock balance detected!
-------------------------------------
kworker/u5:2/4345 is trying to release lock (&conn->chan_lock) at:
[<ffff800011385c74>] l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
but there are no more locks to release!
other info that might help us debug this:
2 locks held by kworker/u5:2/4345:
other info that might help us debug this:
#0: ffff0000d32a6138 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2262
#1: ffff80001dc37c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2264
stack backtrace:
CPU: 1 PID: 4345 Comm: kworker/u5:2 Not tainted 6.1.25-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: hci1 hci_rx_work
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_unlock_imbalance_bug+0x250/0x2a4 kernel/locking/lockdep.c:5109
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
lock_release+0x4dc/0xa50 kernel/locking/lockdep.c:5689
__mutex_unlock_slowpath+0xe0/0x6cc kernel/locking/mutex.c:907
mutex_unlock+0x24/0x30 kernel/locking/mutex.c:543
l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:6426 [inline]
l2cap_le_sig_channel net/bluetooth/l2cap_core.c:6464 [inline]
l2cap_recv_frame+0x18b4/0x6a14 net/bluetooth/l2cap_core.c:7796
l2cap_recv_acldata+0x4f4/0x163c net/bluetooth/l2cap_core.c:8504
hci_acldata_packet net/bluetooth/hci_core.c:3828 [inline]
hci_rx_work+0x2cc/0x8b8 net/bluetooth/hci_core.c:4063
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2289
worker_thread+0x8e4/0xfec kernel/workqueue.c:2436
kthread+0x24c/0x2d4 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
syzbot
Apr 29, 2023, 1:32:38 PM4/29/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: ca1c9012c941 Linux 6.1.26
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1146c0dfc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f95cba4715d63af9
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=144b28f8280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b6b74e769ec1/disk-ca1c9012.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/31fce9ce6f18/vmlinux-ca1c9012.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cd73b5bb5ef4/Image-ca1c9012.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7ce948...@syzkaller.appspotmail.com
Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
-------------------------------------
kworker/u5:2/4223 is trying to release lock (&conn->chan_lock) at:
[<ffff80001138a084>] l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
#0: ffff0000d5524938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2262
#1: ffff80001d9f7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2264
stack backtrace:
CPU: 0 PID: 4223 Comm: kworker/u5:2 Not tainted 6.1.26-syzkaller #0
l2cap_sig_channel net/bluetooth/l2cap_core.c:6507 [inline]
l2cap_recv_frame+0x83c/0x6a14 net/bluetooth/l2cap_core.c:7786
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: ca1c9012c941 Linux 6.1.26
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1146c0dfc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f95cba4715d63af9
dashboard link: https://syzkaller.appspot.com/bug?extid=7ce948317c9c0bbfa811
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c92b1c280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=144b28f8280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b6b74e769ec1/disk-ca1c9012.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/31fce9ce6f18/vmlinux-ca1c9012.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cd73b5bb5ef4/Image-ca1c9012.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7ce948...@syzkaller.appspotmail.com
Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
=====================================
WARNING: bad unlock balance detected!
6.1.26-syzkaller #0 Not tainted
WARNING: bad unlock balance detected!
-------------------------------------
kworker/u5:2/4223 is trying to release lock (&conn->chan_lock) at:
[<ffff80001138a084>] l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
but there are no more locks to release!
other info that might help us debug this:
2 locks held by kworker/u5:2/4223:
other info that might help us debug this:
#0: ffff0000d5524938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2262
#1: ffff80001d9f7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2264
stack backtrace:
CPU: 0 PID: 4223 Comm: kworker/u5:2 Not tainted 6.1.26-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: hci0 hci_rx_work
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_unlock_imbalance_bug+0x250/0x2a4 kernel/locking/lockdep.c:5109
lock_release+0x4dc/0xa50 kernel/locking/lockdep.c:5689
__mutex_unlock_slowpath+0xe0/0x6cc kernel/locking/mutex.c:907
mutex_unlock+0x24/0x30 kernel/locking/mutex.c:543
l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
l2cap_bredr_sig_cmd+0x974/0x7e94 net/bluetooth/l2cap_core.c:5748
lock_release+0x4dc/0xa50 kernel/locking/lockdep.c:5689
__mutex_unlock_slowpath+0xe0/0x6cc kernel/locking/mutex.c:907
mutex_unlock+0x24/0x30 kernel/locking/mutex.c:543
l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
l2cap_sig_channel net/bluetooth/l2cap_core.c:6507 [inline]
l2cap_recv_frame+0x83c/0x6a14 net/bluetooth/l2cap_core.c:7786
l2cap_recv_acldata+0x4f4/0x163c net/bluetooth/l2cap_core.c:8504
hci_acldata_packet net/bluetooth/hci_core.c:3828 [inline]
hci_rx_work+0x2cc/0x8b8 net/bluetooth/hci_core.c:4063
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2289
worker_thread+0x8e4/0xfec kernel/workqueue.c:2436
kthread+0x250/0x2d8 kernel/kthread.c:376
hci_acldata_packet net/bluetooth/hci_core.c:3828 [inline]
hci_rx_work+0x2cc/0x8b8 net/bluetooth/hci_core.c:4063
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2289
worker_thread+0x8e4/0xfec kernel/workqueue.c:2436
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Apr 29, 2023, 6:22:45 PM4/29/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: f48aeeaaa64c Linux 5.15.109
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=125048dfc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=bef326567911c94a
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=143bdcf8280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/df269bfa2931/disk-f48aeeaa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e64d9fc93268/vmlinux-f48aeeaa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/93441fa4b823/Image-f48aeeaa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c8c7fd...@syzkaller.appspotmail.com
=====================================
WARNING: bad unlock balance detected!
5.15.109-syzkaller #0 Not tainted
-------------------------------------
kworker/u5:1/3965 is trying to release lock (&conn->chan_lock) at:
[<ffff800010cd6498>] l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
#0: ffff0000dd1cb138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2279
#1: ffff80001af77c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 kernel/workqueue.c:2281
stack backtrace:
CPU: 0 PID: 3965 Comm: kworker/u5:1 Not tainted 5.15.109-syzkaller #0
HEAD commit: f48aeeaaa64c Linux 5.15.109
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=125048dfc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=bef326567911c94a
dashboard link: https://syzkaller.appspot.com/bug?extid=c8c7fd79e80dadf0cb51
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=152b28f8280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=143bdcf8280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/df269bfa2931/disk-f48aeeaa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e64d9fc93268/vmlinux-f48aeeaa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/93441fa4b823/Image-f48aeeaa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c8c7fd...@syzkaller.appspotmail.com
=====================================
WARNING: bad unlock balance detected!
-------------------------------------
kworker/u5:1/3965 is trying to release lock (&conn->chan_lock) at:
[<ffff800010cd6498>] l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
but there are no more locks to release!
other info that might help us debug this:
2 locks held by kworker/u5:1/3965:
other info that might help us debug this:
#0: ffff0000dd1cb138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2279
#1: ffff80001af77c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 kernel/workqueue.c:2281
stack backtrace:
CPU: 0 PID: 3965 Comm: kworker/u5:1 Not tainted 5.15.109-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: hci0 hci_rx_work
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_unlock_imbalance_bug+0x250/0x2a4 kernel/locking/lockdep.c:5064
lock_release+0x4b8/0xa1c kernel/locking/lockdep.c:5642
__mutex_unlock_slowpath+0xe0/0x6d4 kernel/locking/mutex.c:851
mutex_unlock+0x8c/0xe0 kernel/locking/mutex.c:536
l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
l2cap_bredr_sig_cmd+0x970/0x7f54 net/bluetooth/l2cap_core.c:5748
l2cap_sig_channel net/bluetooth/l2cap_core.c:6507 [inline]
l2cap_recv_frame+0x848/0x6a48 net/bluetooth/l2cap_core.c:7786
l2cap_recv_acldata+0x4f4/0x163c net/bluetooth/l2cap_core.c:8504
hci_acldata_packet net/bluetooth/hci_core.c:4967 [inline]
hci_rx_work+0x3b0/0x6d0 net/bluetooth/hci_core.c:5158
process_one_work+0x790/0x11b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_unlock_imbalance_bug+0x250/0x2a4 kernel/locking/lockdep.c:5064
lock_release+0x4b8/0xa1c kernel/locking/lockdep.c:5642
__mutex_unlock_slowpath+0xe0/0x6d4 kernel/locking/mutex.c:851
mutex_unlock+0x8c/0xe0 kernel/locking/mutex.c:536
l2cap_disconnect_rsp+0x210/0x30c net/bluetooth/l2cap_core.c:4697
l2cap_bredr_sig_cmd+0x970/0x7f54 net/bluetooth/l2cap_core.c:5748
l2cap_sig_channel net/bluetooth/l2cap_core.c:6507 [inline]
l2cap_recv_frame+0x848/0x6a48 net/bluetooth/l2cap_core.c:7786
l2cap_recv_acldata+0x4f4/0x163c net/bluetooth/l2cap_core.c:8504
hci_acldata_packet net/bluetooth/hci_core.c:4967 [inline]
hci_rx_work+0x3b0/0x6d0 net/bluetooth/hci_core.c:5158
process_one_work+0x790/0x11b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
syzbot
Jun 26, 2023, 10:43:26 AM6/26/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit fd269a0435f8e9943b7a57c5a59688848d42d449
Author: Min Li <lm096...@gmail.com>
Date: Mon Apr 17 02:27:54 2023 +0000
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14db8c8f280000
start commit: ca1c9012c941 Linux 6.1.26
git tree: linux-6.1.y
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1064fdf0280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16dd0010280000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit fd269a0435f8e9943b7a57c5a59688848d42d449
Author: Min Li <lm096...@gmail.com>
Date: Mon Apr 17 02:27:54 2023 +0000
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14db8c8f280000
start commit: ca1c9012c941 Linux 6.1.26
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=f95cba4715d63af9
dashboard link: https://syzkaller.appspot.com/bug?extid=7ce948317c9c0bbfa811
userspace arch: arm64
dashboard link: https://syzkaller.appspot.com/bug?extid=7ce948317c9c0bbfa811
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1064fdf0280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16dd0010280000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages