syzbot

 sign-in | mailing list | source | docs
🐞 Open [677]
🐞 Fixed [94]
🐞 Invalid [514]
Missing Backports [36]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING: bad unlock balance in l2cap_recv_frame

Status: fixed on 2023/06/26 14:47
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+63c07f4a7c391be5086a@syzkaller.appspotmail.com
Fix commit: fd269a0435f8 Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
First crash: 581d, last: 549d
Fix bisection: fixed by (bisect log) :
commit fd269a0435f8e9943b7a57c5a59688848d42d449
Author: Min Li <lm0963hack@gmail.com>
Date: Mon Apr 17 02:27:54 2023 +0000

  Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp

  
Bug presence (2)
Date Name Commit Repro Result
2023/05/10 linux-6.1.y (ToT) ca48fc16c493 C [report] WARNING: bad unlock balance in l2cap_recv_frame
2023/05/09 upstream (ToT) 16a8829130ca C Didn't crash
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: bad unlock balance in l2cap_recv_frame bluetooth 75 574d 586d 22/28 fixed on 2023/06/08 14:41
linux-5.15 WARNING: bad unlock balance in l2cap_recv_frame (2) origin:lts-only C error 187 16h24m 74d 0/3 upstream: reported C repro on 2024/09/08 08:19
linux-5.15 WARNING: bad unlock balance in l2cap_recv_frame origin:lts-only C done 5 547d 571d 3/3 fixed on 2023/06/26 14:47

Sample crash report:
Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
=====================================
WARNING: bad unlock balance detected!
6.1.26-syzkaller #0 Not tainted
-------------------------------------
kworker/u5:2/3548 is trying to release lock (&conn->chan_lock) at:
[<ffffffff89937f5c>] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:6426 [inline]
[<ffffffff89937f5c>] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:6464 [inline]
[<ffffffff89937f5c>] l2cap_recv_frame+0x1fcc/0x8890 net/bluetooth/l2cap_core.c:7796
but there are no more locks to release!

other info that might help us debug this:
2 locks held by kworker/u5:2/3548:
 #0: ffff8880764cb138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x77a/0x11f0
 #1: ffffc90003a7fd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7bd/0x11f0 kernel/workqueue.c:2264

stack backtrace:
CPU: 0 PID: 3548 Comm: kworker/u5:2 Not tainted 6.1.26-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 print_unlock_imbalance_bug+0x24e/0x2c0 kernel/locking/lockdep.c:5109
 __lock_release kernel/locking/lockdep.c:5346 [inline]
 lock_release+0x5ad/0xa20 kernel/locking/lockdep.c:5689
 __mutex_unlock_slowpath+0xde/0x750 kernel/locking/mutex.c:907
 l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:6426 [inline]
 l2cap_le_sig_channel net/bluetooth/l2cap_core.c:6464 [inline]
 l2cap_recv_frame+0x1fcc/0x8890 net/bluetooth/l2cap_core.c:7796
 hci_acldata_packet net/bluetooth/hci_core.c:3828 [inline]
 hci_rx_work+0x39b/0xa80 net/bluetooth/hci_core.c:4063
 process_one_work+0x8aa/0x11f0 kernel/workqueue.c:2289

Crashes (22):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/04/30 16:14 linux-6.1.y ca1c9012c941 62df2017 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/05/22 01:07 linux-6.1.y fa74641fb6b9 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/05/19 09:08 linux-6.1.y fa74641fb6b9 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/05/18 17:46 linux-6.1.y fa74641fb6b9 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/05/14 14:21 linux-6.1.y bf4ad6fa4e53 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/05/13 23:18 linux-6.1.y bf4ad6fa4e53 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/28 22:30 linux-6.1.y ca1c9012c941 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/28 13:14 linux-6.1.y ca1c9012c941 70a605de .config console log report info ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/28 07:59 linux-6.1.y ca1c9012c941 70a605de .config console log report info ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/27 15:48 linux-6.1.y ca1c9012c941 6f3d6fa7 .config console log report info ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/27 08:39 linux-6.1.y ca1c9012c941 19a3dabe .config console log report info ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/26 23:55 linux-6.1.y ca1c9012c941 19a3dabe .config console log report info ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/26 18:47 linux-6.1.y ca1c9012c941 8d843721 .config console log report info ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/26 01:05 linux-6.1.y f17b0ab65d17 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/25 07:43 linux-6.1.y f17b0ab65d17 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/25 04:47 linux-6.1.y f17b0ab65d17 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/24 19:51 linux-6.1.y f17b0ab65d17 fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/24 12:55 linux-6.1.y f17b0ab65d17 fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/21 17:54 linux-6.1.y f17b0ab65d17 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/21 13:49 linux-6.1.y f17b0ab65d17 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/21 00:32 linux-6.1.y f17b0ab65d17 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
2023/04/20 14:48 linux-6.1.y f17b0ab65d17 a219f34e .config console log report info ci2-linux-6-1-kasan WARNING: bad unlock balance in l2cap_recv_frame
* Struck through repros no longer work on HEAD.