[v6.1] INFO: trying to register non-static key in l2cap_unregister_user
0 views
Skip to first unread message
syzbot
Jan 14, 2026, 3:17:22 AMJan 14
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bec0e10ee67e Linux 6.1.160
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17baec94580000
kernel config: https://syzkaller.appspot.com/x/.config?x=31ea1cecaf34f0db
dashboard link: https://syzkaller.appspot.com/bug?extid=5e13e02a225fdf8241b0
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c7c6a53ac77/disk-bec0e10e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38567d4ccc5b/vmlinux-bec0e10e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5f0a7945f428/Image-bec0e10e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5e13e0...@syzkaller.appspotmail.com
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 PID: 5404 Comm: khidpd_10cf05df Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
assign_lock_key+0x224/0x258 kernel/locking/lockdep.c:974
register_lock_class+0x1ac/0x694 kernel/locking/lockdep.c:1287
__lock_acquire+0x150/0x6544 kernel/locking/lockdep.c:4928
lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
__mutex_lock_common+0xc6c/0x1f38 kernel/locking/mutex.c:701
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
l2cap_unregister_user+0x70/0x18c net/bluetooth/l2cap_core.c:1895
hidp_session_thread+0x3d0/0x46c net/bluetooth/hidp/core.c:1305
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
list_del corruption. prev->next should be ffff8000216d7c00, but was 0000000000000000. (prev=ffff0000dc3d0060)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:61!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 5404 Comm: khidpd_10cf05df Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __list_del_entry_valid+0x13c/0x158 lib/list_debug.c:59
lr : __list_del_entry_valid+0x13c/0x158 lib/list_debug.c:59
sp : ffff8000216d7b10
x29: ffff8000216d7b10 x28: dfff800000000000 x27: ffff7000042daf7c
x26: 1ffff00003849b0c x25: ffff80001c24d000 x24: 0000000000000000
x23: ffff0000de5d0000 x22: dfff800000000000 x21: ffff0000dc3d0060
x20: ffff0000dc3d0060 x19: ffff8000216d7c00 x18: ffff800011a6bd40
x17: 20747562202c3030 x16: ffff800008042d90 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
x11: ff0080000830c768 x10: 0000000000000000 x9 : f7dcce724972b000
x8 : f7dcce724972b000 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000216d75d8 x4 : ffff800015134e80 x3 : ffff8000083144a8
x2 : 0000000000000001 x1 : 0000000000000002 x0 : 000000000000006d
Call trace:
__list_del_entry_valid+0x13c/0x158 lib/list_debug.c:59
__list_del_entry include/linux/list.h:134 [inline]
list_del include/linux/list.h:148 [inline]
__mutex_remove_waiter kernel/locking/mutex.c:218 [inline]
__mutex_lock_common+0xd04/0x1f38 kernel/locking/mutex.c:715
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
l2cap_unregister_user+0x70/0x18c net/bluetooth/l2cap_core.c:1895
hidp_session_thread+0x3d0/0x46c net/bluetooth/hidp/core.c:1305
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 91178000 aa1303e1 aa1503e3 95be5661 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: bec0e10ee67e Linux 6.1.160
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17baec94580000
kernel config: https://syzkaller.appspot.com/x/.config?x=31ea1cecaf34f0db
dashboard link: https://syzkaller.appspot.com/bug?extid=5e13e02a225fdf8241b0
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0c7c6a53ac77/disk-bec0e10e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/38567d4ccc5b/vmlinux-bec0e10e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5f0a7945f428/Image-bec0e10e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5e13e0...@syzkaller.appspotmail.com
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 PID: 5404 Comm: khidpd_10cf05df Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack+0x30/0x40 lib/dump_stack.c:88
dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
assign_lock_key+0x224/0x258 kernel/locking/lockdep.c:974
register_lock_class+0x1ac/0x694 kernel/locking/lockdep.c:1287
__lock_acquire+0x150/0x6544 kernel/locking/lockdep.c:4928
lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
__mutex_lock_common+0xc6c/0x1f38 kernel/locking/mutex.c:701
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
l2cap_unregister_user+0x70/0x18c net/bluetooth/l2cap_core.c:1895
hidp_session_thread+0x3d0/0x46c net/bluetooth/hidp/core.c:1305
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
list_del corruption. prev->next should be ffff8000216d7c00, but was 0000000000000000. (prev=ffff0000dc3d0060)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:61!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 5404 Comm: khidpd_10cf05df Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __list_del_entry_valid+0x13c/0x158 lib/list_debug.c:59
lr : __list_del_entry_valid+0x13c/0x158 lib/list_debug.c:59
sp : ffff8000216d7b10
x29: ffff8000216d7b10 x28: dfff800000000000 x27: ffff7000042daf7c
x26: 1ffff00003849b0c x25: ffff80001c24d000 x24: 0000000000000000
x23: ffff0000de5d0000 x22: dfff800000000000 x21: ffff0000dc3d0060
x20: ffff0000dc3d0060 x19: ffff8000216d7c00 x18: ffff800011a6bd40
x17: 20747562202c3030 x16: ffff800008042d90 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
x11: ff0080000830c768 x10: 0000000000000000 x9 : f7dcce724972b000
x8 : f7dcce724972b000 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000216d75d8 x4 : ffff800015134e80 x3 : ffff8000083144a8
x2 : 0000000000000001 x1 : 0000000000000002 x0 : 000000000000006d
Call trace:
__list_del_entry_valid+0x13c/0x158 lib/list_debug.c:59
__list_del_entry include/linux/list.h:134 [inline]
list_del include/linux/list.h:148 [inline]
__mutex_remove_waiter kernel/locking/mutex.c:218 [inline]
__mutex_lock_common+0xd04/0x1f38 kernel/locking/mutex.c:715
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
l2cap_unregister_user+0x70/0x18c net/bluetooth/l2cap_core.c:1895
hidp_session_thread+0x3d0/0x46c net/bluetooth/hidp/core.c:1305
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 91178000 aa1303e1 aa1503e3 95be5661 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages