WARNING: bad unlock balance in l2cap_recv

Date	Name	Commit	Repro	Result
2023/05/14	linux-5.15.y (ToT)	b0ece631f84a	C	[report] WARNING: bad unlock balance in l2cap_recv_frame
2023/05/14	upstream (ToT)	bb7c241fae62	C	Didn't crash

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.1	WARNING: bad unlock balance in l2cap_recv_frame origin:lts-only	C		done	22	351d	382d	3/3	fixed on 2023/06/26 14:47
upstream	WARNING: bad unlock balance in l2cap_recv_frame bluetooth				75	376d	387d	22/26	fixed on 2023/06/08 14:41

linux-6.1

WARNING: bad unlock balance in l2cap_recv_frame origin:lts-only

done

351d

382d

3/3

fixed on 2023/06/26 14:47

upstream

WARNING: bad unlock balance in l2cap_recv_frame bluetooth

376d

387d

22/26

fixed on 2023/06/08 14:41

===================================== WARNING: bad unlock balance detected! 5.15.109-syzkaller #0 Not tainted ------------------------------------- kworker/u5:2/3505 is trying to release lock (&conn->chan_lock) at: [<ffffffff89428093>] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:6426 [inline] [<ffffffff89428093>] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:6464 [inline] [<ffffffff89428093>] l2cap_recv_frame+0x1fc3/0x8870 net/bluetooth/l2cap_core.c:7796 but there are no more locks to release! other info that might help us debug this: 2 locks held by kworker/u5:2/3505: #0: ffff888024804138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2279 #1: ffffc9000235fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2281 stack backtrace: CPU: 0 PID: 3505 Comm: kworker/u5:2 Not tainted 5.15.109-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 Workqueue: hci0 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 print_unlock_imbalance_bug+0x248/0x2b0 kernel/locking/lockdep.c:5064 __lock_release kernel/locking/lockdep.c:5301 [inline] lock_release+0x596/0x9a0 kernel/locking/lockdep.c:5642 __mutex_unlock_slowpath+0xde/0x750 kernel/locking/mutex.c:851 l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:6426 [inline] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:6464 [inline] l2cap_recv_frame+0x1fc3/0x8870 net/bluetooth/l2cap_core.c:7796 hci_acldata_packet net/bluetooth/hci_core.c:4967 [inline] hci_rx_work+0x489/0x7d0 net/bluetooth/hci_core.c:5158 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2306

Crashes (5):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2023/04/30 11:46	linux-5.15.y	f48aeeaaa64c	62df2017	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	WARNING: bad unlock balance in l2cap_recv_frame
2023/05/24 08:09	linux-5.15.y	9d6bde853685	4bce1a3e	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	WARNING: bad unlock balance in l2cap_recv_frame
2023/05/22 01:18	linux-5.15.y	9d6bde853685	4bce1a3e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	WARNING: bad unlock balance in l2cap_recv_frame
2023/05/13 18:46	linux-5.15.y	b0ece631f84a	2b9ba477	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	WARNING: bad unlock balance in l2cap_recv_frame
2023/04/30 11:33	linux-5.15.y	f48aeeaaa64c	62df2017	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	WARNING: bad unlock balance in l2cap_recv_frame

Crashes (5):

Assets (help?)