bisecting fixing commit since 97a8651cadce7c2b7c4d8f108b392eff31fe2c08
building syzkaller on 77e2b66864e69c17416614228723a1ebd3581ddc
testing commit 97a8651cadce7c2b7c4d8f108b392eff31fe2c08 with gcc (GCC) 8.4.1 20210217
kernel signature: ad469ef68f6ce3e0ac541b1335feeba078649385b29c771d298f2c75c0c52a63
all runs: crashed: WARNING: ODEBUG bug in cancel_delayed_work
testing current HEAD eb575cd5d7f60241d016fdd13a9e86d962093c9b
testing commit eb575cd5d7f60241d016fdd13a9e86d962093c9b with gcc (GCC) 8.4.1 20210217
kernel signature: 8f3d56a5281f069fd17106ed924e49e6df945d901b1269fe590cd917d38c30f9
all runs: OK
# git bisect start eb575cd5d7f60241d016fdd13a9e86d962093c9b 97a8651cadce7c2b7c4d8f108b392eff31fe2c08
Bisecting: 365 revisions left to test after this (roughly 9 steps)
[cd9e673501592f0bd8f5dfc5a1f90ffc5e38bf46] drm/radeon: Avoid power table parsing memory leaks

testing commit cd9e673501592f0bd8f5dfc5a1f90ffc5e38bf46 with gcc (GCC) 8.4.1 20210217
kernel signature: 8b3de6a5f794d876bf02171026f22721bd23050a12c150f3daafd14cbdb03364
all runs: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free
# git bisect skip cd9e673501592f0bd8f5dfc5a1f90ffc5e38bf46
Bisecting: 365 revisions left to test after this (roughly 9 steps)
[691062feb4ed8303be75ab07c5c1e09311bd8c80] PCI: Release OF node in pci_scan_device()'s error path

testing commit 691062feb4ed8303be75ab07c5c1e09311bd8c80 with gcc (GCC) 8.4.1 20210217
kernel signature: b1336b533968b56e17e717dcbc14133d8e4f497d61eea2e91e84a103e3cde29e
all runs: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free
# git bisect skip 691062feb4ed8303be75ab07c5c1e09311bd8c80
Bisecting: 365 revisions left to test after this (roughly 9 steps)
[21bc01d55245654cecc85d8b11ad779ebaf0b90b] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()

testing commit 21bc01d55245654cecc85d8b11ad779ebaf0b90b with gcc (GCC) 8.4.1 20210217
kernel signature: 22302b2dd0b70509f9416917c55cf4f652cec5f5b2a62648ae45e9d750244b97
all runs: crashed: WARNING: ODEBUG bug in cancel_delayed_work
# git bisect good 21bc01d55245654cecc85d8b11ad779ebaf0b90b
Bisecting: 268 revisions left to test after this (roughly 8 steps)
[1ff004c41c8205d7677f7b9d7da238a5d9a29274] dm snapshot: fix crash with transient storage and zero chunk size

testing commit 1ff004c41c8205d7677f7b9d7da238a5d9a29274 with gcc (GCC) 8.4.1 20210217
kernel signature: 14eff867e713aebecbcae1f204a4acdfdcec0feedf9a11890e0c7cdac1ca7092
all runs: OK
# git bisect bad 1ff004c41c8205d7677f7b9d7da238a5d9a29274
Bisecting: 134 revisions left to test after this (roughly 7 steps)
[742572a5f658b367eadd604d446284b4ea2b17b8] Bluetooth: check for zapped sk before connecting

testing commit 742572a5f658b367eadd604d446284b4ea2b17b8 with gcc (GCC) 8.4.1 20210217
kernel signature: 33b9a33351d8ef982788ff79c037a3f24f85c6f1153b88301aec2368db7774ab
all runs: OK
# git bisect bad 742572a5f658b367eadd604d446284b4ea2b17b8
Bisecting: 66 revisions left to test after this (roughly 6 steps)
[302d674cfacd2a89ba16beb973c757cb977e32a0] sched/debug: Fix cgroup_path[] serialization

testing commit 302d674cfacd2a89ba16beb973c757cb977e32a0 with gcc (GCC) 8.4.1 20210217
kernel signature: 15e7130f5c91f73558401c39bec343d0660781011183d637bae50c2a6532071d
all runs: crashed: WARNING: ODEBUG bug in cancel_delayed_work
# git bisect good 302d674cfacd2a89ba16beb973c757cb977e32a0
Bisecting: 33 revisions left to test after this (roughly 5 steps)
[236b355dce28085db806cc1a544acd85a7360427] RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails

testing commit 236b355dce28085db806cc1a544acd85a7360427 with gcc (GCC) 8.4.1 20210217
kernel signature: bfdb185f1d49661e2ab1ec1bcc8add9e06e802fb5b1a7999a24641b71fcdb266
all runs: crashed: WARNING: ODEBUG bug in cancel_delayed_work
# git bisect good 236b355dce28085db806cc1a544acd85a7360427
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[db0517ac659e0ac61b916cffc29564cf3ab58b0d] smp: Fix smp_call_function_single_async prototype

testing commit db0517ac659e0ac61b916cffc29564cf3ab58b0d with gcc (GCC) 8.4.1 20210217
kernel signature: 16338f550f56871db1636c3e45d458adca2d905c49bf9f40745f131c34d8cc4e
all runs: crashed: WARNING: ODEBUG bug in cancel_delayed_work
# git bisect good db0517ac659e0ac61b916cffc29564cf3ab58b0d
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[9bb628ef37f817c8ec1db1b6844d9b2a0cab4f73] net: stmmac: Set FIFO sizes for ipq806x

testing commit 9bb628ef37f817c8ec1db1b6844d9b2a0cab4f73 with gcc (GCC) 8.4.1 20210217
kernel signature: 4263af640bb303b74b6f853f75832c0763d5f3353417fef17bd0e052efce3e3b
all runs: crashed: WARNING: ODEBUG bug in cancel_delayed_work
# git bisect good 9bb628ef37f817c8ec1db1b6844d9b2a0cab4f73
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[40655c682fe2caf1c9eb57b31fff70f0f7c890a5] ALSA: rme9652: don't disable if not enabled

testing commit 40655c682fe2caf1c9eb57b31fff70f0f7c890a5 with gcc (GCC) 8.4.1 20210217
kernel signature: ddbe059d296a935cee7c4faef37863fcbe03ef51a2f229673f3a0c5e8b25cf3e
all runs: crashed: WARNING: ODEBUG bug in cancel_delayed_work
# git bisect good 40655c682fe2caf1c9eb57b31fff70f0f7c890a5
Bisecting: 1 revision left to test after this (roughly 1 step)
[3d638a0fff1a5ee15bbc20ffee0cddb652f35574] Bluetooth: initialize skb_queue_head at l2cap_chan_create()

testing commit 3d638a0fff1a5ee15bbc20ffee0cddb652f35574 with gcc (GCC) 8.4.1 20210217
kernel signature: 19b6de21bc44c4ee58a8a31fd0c44796cdeef64ae56da8a16a3460e7090366bc
all runs: OK
# git bisect bad 3d638a0fff1a5ee15bbc20ffee0cddb652f35574
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[02f681a5e827f34dc165e1afd341a5897bc535fe] Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default

testing commit 02f681a5e827f34dc165e1afd341a5897bc535fe with gcc (GCC) 8.4.1 20210217
kernel signature: 770e79c2c3300553ebb0208826ec8437e99cfa44d576bb64c4797efa35f51d4a
all runs: OK
# git bisect bad 02f681a5e827f34dc165e1afd341a5897bc535fe
02f681a5e827f34dc165e1afd341a5897bc535fe is the first bad commit
commit 02f681a5e827f34dc165e1afd341a5897bc535fe
Author: Archie Pusaka <apusaka@chromium.org>
Date:   Mon Mar 22 14:02:15 2021 +0800

    Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
    
    [ Upstream commit 3a9d54b1947ecea8eea9a902c0b7eb58a98add8a ]
    
    Currently l2cap_chan_set_defaults() reset chan->conf_state to zero.
    However, there is a flag CONF_NOT_COMPLETE which is set when
    creating the l2cap_chan. It is suggested that the flag should be
    cleared when l2cap_chan is ready, but when l2cap_chan_set_defaults()
    is called, l2cap_chan is not yet ready. Therefore, we must set this
    flag as the default.
    
    Example crash call trace:
    __dump_stack lib/dump_stack.c:15 [inline]
    dump_stack+0xc4/0x118 lib/dump_stack.c:56
    panic+0x1c6/0x38b kernel/panic.c:117
    __warn+0x170/0x1b9 kernel/panic.c:471
    warn_slowpath_fmt+0xc7/0xf8 kernel/panic.c:494
    debug_print_object+0x175/0x193 lib/debugobjects.c:260
    debug_object_assert_init+0x171/0x1bf lib/debugobjects.c:614
    debug_timer_assert_init kernel/time/timer.c:629 [inline]
    debug_assert_init kernel/time/timer.c:677 [inline]
    del_timer+0x7c/0x179 kernel/time/timer.c:1034
    try_to_grab_pending+0x81/0x2e5 kernel/workqueue.c:1230
    cancel_delayed_work+0x7c/0x1c4 kernel/workqueue.c:2929
    l2cap_clear_timer+0x1e/0x41 include/net/bluetooth/l2cap.h:834
    l2cap_chan_del+0x2d8/0x37e net/bluetooth/l2cap_core.c:640
    l2cap_chan_close+0x532/0x5d8 net/bluetooth/l2cap_core.c:756
    l2cap_sock_shutdown+0x806/0x969 net/bluetooth/l2cap_sock.c:1174
    l2cap_sock_release+0x64/0x14d net/bluetooth/l2cap_sock.c:1217
    __sock_release+0xda/0x217 net/socket.c:580
    sock_close+0x1b/0x1f net/socket.c:1039
    __fput+0x322/0x55c fs/file_table.c:208
    ____fput+0x17/0x19 fs/file_table.c:244
    task_work_run+0x19b/0x1d3 kernel/task_work.c:115
    exit_task_work include/linux/task_work.h:21 [inline]
    do_exit+0xe4c/0x204a kernel/exit.c:766
    do_group_exit+0x291/0x291 kernel/exit.c:891
    get_signal+0x749/0x1093 kernel/signal.c:2396
    do_signal+0xa5/0xcdb arch/x86/kernel/signal.c:737
    exit_to_usermode_loop arch/x86/entry/common.c:243 [inline]
    prepare_exit_to_usermode+0xed/0x235 arch/x86/entry/common.c:277
    syscall_return_slowpath+0x3a7/0x3b3 arch/x86/entry/common.c:348
    int_ret_from_sys_call+0x25/0xa3
    
    Signed-off-by: Archie Pusaka <apusaka@chromium.org>
    Reported-by: syzbot+338f014a98367a08a114@syzkaller.appspotmail.com
    Reviewed-by: Alain Michaud <alainm@chromium.org>
    Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
    Reviewed-by: Guenter Roeck <groeck@chromium.org>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 net/bluetooth/l2cap_core.c | 2 ++
 1 file changed, 2 insertions(+)

culprit signature: 770e79c2c3300553ebb0208826ec8437e99cfa44d576bb64c4797efa35f51d4a
parent  signature: ddbe059d296a935cee7c4faef37863fcbe03ef51a2f229673f3a0c5e8b25cf3e
revisions tested: 14, total time: 3h39m41.307678248s (build: 2h13m26.771550763s, test: 1h24m59.892113024s)
first good commit: 02f681a5e827f34dc165e1afd341a5897bc535fe Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
recipients (to): ["abhishekpandit@chromium.org" "alainm@chromium.org" "apusaka@chromium.org" "groeck@chromium.org" "marcel@holtmann.org" "sashal@kernel.org"]
recipients (cc): []