INFO: trying to register non-static key in l2cap_unregister

Title	Replies (including bot)	Last reply
[syzbot] [bluetooth?] INFO: trying to register non-static key in l2cap_unregister_user	0 (1)	2025/10/16 15:35
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 UID: 0 PID: 6046 Comm: khidpd_04580058 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
 register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299
 __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline]
 _raw_spin_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:170
 rt_mutex_slowlock_block+0x5c2/0x6d0 kernel/locking/rtmutex.c:1650
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 l2cap_unregister_user+0x6a/0x1b0 net/bluetooth/l2cap_core.c:1728
 hidp_session_thread+0x3c9/0x410 net/bluetooth/hidp/core.c:1304
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 0 UID: 0 PID: 6046 Comm: khidpd_04580058 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:rt_waiter_node_less kernel/locking/rtmutex.c:397 [inline]
RIP: 0010:rt_mutex_steal kernel/locking/rtmutex.c:433 [inline]
RIP: 0010:try_to_take_rt_mutex+0x179/0xac0 kernel/locking/rtmutex.c:1129
Code: dc 74 3d 4d 8d 6c 24 18 4c 89 e8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 f1 07 00 00 45 8b 75 00 4c 8d 6b 18 4c 89 e8 48 c1 e8 03 <0f> b6 04 10 84 c0 0f 85 fe 07 00 00 45 3b 75 00 0f 8d 85 05 00 00
RSP: 0018:ffffc90005e7f8c0 EFLAGS: 00010006
RAX: 0000000000000003 RBX: 0000000000000000 RCX: ffffffff8ac83bc4
RDX: dffffc0000000000 RSI: ffff8880257ebc00 RDI: ffff8880328f4050
RBP: 0000000000000000 R08: ffff8880257ebc1b R09: 1ffff11004afd783
R10: dffffc0000000000 R11: ffffed1004afd784 R12: ffffc90005e7fa80
R13: 0000000000000018 R14: 0000000000000078 R15: ffff8880257ebc00
FS:  0000000000000000(0000) GS:ffff888126bc8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c37013a CR3: 0000000036ca4000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 rt_mutex_slowlock_block+0x61d/0x6d0 kernel/locking/rtmutex.c:1619
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 l2cap_unregister_user+0x6a/0x1b0 net/bluetooth/l2cap_core.c:1728
 hidp_session_thread+0x3c9/0x410 net/bluetooth/hidp/core.c:1304
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rt_waiter_node_less kernel/locking/rtmutex.c:397 [inline]
RIP: 0010:rt_mutex_steal kernel/locking/rtmutex.c:433 [inline]
RIP: 0010:try_to_take_rt_mutex+0x179/0xac0 kernel/locking/rtmutex.c:1129
Code: dc 74 3d 4d 8d 6c 24 18 4c 89 e8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 f1 07 00 00 45 8b 75 00 4c 8d 6b 18 4c 89 e8 48 c1 e8 03 <0f> b6 04 10 84 c0 0f 85 fe 07 00 00 45 3b 75 00 0f 8d 85 05 00 00
RSP: 0018:ffffc90005e7f8c0 EFLAGS: 00010006
RAX: 0000000000000003 RBX: 0000000000000000 RCX: ffffffff8ac83bc4
RDX: dffffc0000000000 RSI: ffff8880257ebc00 RDI: ffff8880328f4050
RBP: 0000000000000000 R08: ffff8880257ebc1b R09: 1ffff11004afd783
R10: dffffc0000000000 R11: ffffed1004afd784 R12: ffffc90005e7fa80
R13: 0000000000000018 R14: 0000000000000078 R15: ffff8880257ebc00
FS:  0000000000000000(0000) GS:ffff888126bc8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c37013a CR3: 0000000036ca4000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	dc 74 3d 4d          	fdivl  0x4d(%rbp,%rdi,1)
   4:	8d 6c 24 18          	lea    0x18(%rsp),%ebp
   8:	4c 89 e8             	mov    %r13,%rax
   b:	48 c1 e8 03          	shr    $0x3,%rax
   f:	0f b6 04 10          	movzbl (%rax,%rdx,1),%eax
  13:	84 c0                	test   %al,%al
  15:	0f 85 f1 07 00 00    	jne    0x80c
  1b:	45 8b 75 00          	mov    0x0(%r13),%r14d
  1f:	4c 8d 6b 18          	lea    0x18(%rbx),%r13
  23:	4c 89 e8             	mov    %r13,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	0f b6 04 10          	movzbl (%rax,%rdx,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	0f 85 fe 07 00 00    	jne    0x834
  36:	45 3b 75 00          	cmp    0x0(%r13),%r14d
  3a:	0f 8d 85 05 00 00    	jge    0x5c5