bisecting cause commit starting from 2cc3c4b3c2e9c99e90aaf19cd801ff2c160f283c
building syzkaller on 424dd8e7b52828cad44ce653a5d4ac30670f5e2c
testing commit 2cc3c4b3c2e9c99e90aaf19cd801ff2c160f283c with gcc (GCC) 8.1.0
kernel signature: 964d1774c2cc23b1d119dda096ca83664796bc370e6f4acb556300ca5281f5b1
run #0: crashed: inconsistent lock state in sco_conn_del
run #1: crashed: inconsistent lock state in sco_sock_timeout
run #2: crashed: inconsistent lock state in sco_sock_timeout
run #3: crashed: inconsistent lock state in sco_conn_del
run #4: crashed: inconsistent lock state in sco_conn_del
run #5: crashed: inconsistent lock state in sco_conn_del
run #6: crashed: inconsistent lock state in sco_conn_del
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: ab941e1062b5d28d79c1a9f5773270333315e0f8f4110f5d27fcc52922876fd4
run #0: crashed: inconsistent lock state in sco_sock_timeout
run #1: crashed: inconsistent lock state in sco_sock_timeout
run #2: crashed: inconsistent lock state in sco_conn_del
run #3: crashed: inconsistent lock state in sco_conn_del
run #4: crashed: inconsistent lock state in sco_conn_del
run #5: crashed: inconsistent lock state in sco_conn_del
run #6: crashed: inconsistent lock state in sco_conn_del
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: 55c725da090b4a24b2427c243b750fbb75fc9c6d84c54518de608e31df008b8c
run #0: crashed: inconsistent lock state in sco_conn_del
run #1: crashed: inconsistent lock state in sco_sock_timeout
run #2: crashed: inconsistent lock state in sco_conn_del
run #3: crashed: inconsistent lock state in sco_sock_timeout
run #4: crashed: inconsistent lock state in sco_conn_del
run #5: crashed: inconsistent lock state in sco_conn_del
run #6: crashed: inconsistent lock state in sco_conn_del
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 9fc7953ccb53540cbfe5de78e51d6bc8a159d8d26e998cb4aaad2bd92d86e22f
all runs: crashed: inconsistent lock state in sco_conn_del
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: 4c2506c65a436bba1c3833d5d0fd4291881c62693ba87f30ce8399b018351a8e
run #0: crashed: inconsistent lock state in sco_sock_timeout
run #1: crashed: inconsistent lock state in sco_conn_del
run #2: crashed: inconsistent lock state in sco_conn_del
run #3: crashed: inconsistent lock state in sco_conn_del
run #4: crashed: inconsistent lock state in sco_conn_del
run #5: crashed: inconsistent lock state in sco_conn_del
run #6: crashed: inconsistent lock state in sco_conn_del
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: OK
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: c508a0e24a83b65d9cc3aaa2372712d396a52ca92401e82198d5de52527a7665
run #0: crashed: inconsistent lock state in sco_sock_timeout
run #1: crashed: inconsistent lock state in sco_sock_timeout
run #2: crashed: inconsistent lock state in sco_conn_del
run #3: crashed: inconsistent lock state in sco_sock_timeout
run #4: crashed: inconsistent lock state in sco_conn_del
run #5: crashed: inconsistent lock state in sco_sock_timeout
run #6: crashed: inconsistent lock state in sco_sock_timeout
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 5b1aeeafa06919036df3f0c992da0b17c51eb2e4f56719728b36464396232a9e
all runs: OK
# git bisect start 219d54332a09e8d8741c1e1982f5eae56099de85 4d856f72c10ecb060868ed10ff1b1453943fc6c8
Bisecting: 7882 revisions left to test after this (roughly 13 steps)
[a9f8b38a071b468276a243ea3ea5a0636e848cf2] Merge tag 'for-linus-5.4-1' of git://github.com/cminyard/linux-ipmi
testing commit a9f8b38a071b468276a243ea3ea5a0636e848cf2 with gcc (GCC) 8.1.0
kernel signature: d72ed580e58b18e370a733d91599815febacb9a7e9a84272185b18678089db9d
run #0: crashed: inconsistent lock state in sco_sock_timeout
run #1: crashed: inconsistent lock state in sco_sock_timeout
run #2: crashed: inconsistent lock state in sco_sock_timeout
run #3: crashed: inconsistent lock state in sco_sock_timeout
run #4: crashed: inconsistent lock state in sco_conn_del
run #5: crashed: inconsistent lock state in sco_conn_del
run #6: crashed: inconsistent lock state in sco_conn_del
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
# git bisect bad a9f8b38a071b468276a243ea3ea5a0636e848cf2
Bisecting: 3920 revisions left to test after this (roughly 12 steps)
[fe38bd6862074c0a2b9be7f31f043aaa70b2af5f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
testing commit fe38bd6862074c0a2b9be7f31f043aaa70b2af5f with gcc (GCC) 8.1.0
kernel signature: 30606fbc5af6eee577ee10719364e86a083288ab13f66fcc9a29ab74017822b5
all runs: OK
# git bisect good fe38bd6862074c0a2b9be7f31f043aaa70b2af5f
Bisecting: 1962 revisions left to test after this (roughly 11 steps)
[069841ef8293697e951c34f9a45601b77fb541d7] Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue
testing commit 069841ef8293697e951c34f9a45601b77fb541d7 with gcc (GCC) 8.1.0
kernel signature: 1370778d4b197acd0a6901c150819669e1aa3ff455415d8923f1fad3673595f7
run #0: crashed: inconsistent lock state in sco_sock_timeout
run #1: crashed: inconsistent lock state in sco_conn_del
run #2: crashed: inconsistent lock state in sco_conn_del
run #3: crashed: inconsistent lock state in sco_sock_timeout
run #4: crashed: inconsistent lock state in sco_conn_del
run #5: crashed: inconsistent lock state in sco_sock_timeout
run #6: crashed: inconsistent lock state in sco_conn_del
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
# git bisect bad 069841ef8293697e951c34f9a45601b77fb541d7
Bisecting: 978 revisions left to test after this (roughly 10 steps)
[f33bf6b00f20c9d26c42dfdaf8b83c2b0c1e6f71] net: stmmac: dwmac-meson: use devm_platform_ioremap_resource() to simplify code
testing commit f33bf6b00f20c9d26c42dfdaf8b83c2b0c1e6f71 with gcc (GCC) 8.1.0
kernel signature: d1b456d44c0ed59abcbd189b0becffbf0471054821ce21a1c818f3ad4955bc6d
run #0: crashed: inconsistent lock state in sco_conn_del
run #1: crashed: inconsistent lock state in sco_sock_timeout
run #2: crashed: inconsistent lock state in sco_sock_timeout
run #3: crashed: inconsistent lock state in sco_conn_del
run #4: crashed: inconsistent lock state in sco_sock_timeout
run #5: crashed: inconsistent lock state in sco_sock_timeout
run #6: crashed: inconsistent lock state in sco_sock_timeout
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
# git bisect bad f33bf6b00f20c9d26c42dfdaf8b83c2b0c1e6f71
Bisecting: 489 revisions left to test after this (roughly 9 steps)
[16e9b481e988b1f7e6df2243bb510e1c9b581272] nfp: no need to check return value of debugfs_create functions
testing commit 16e9b481e988b1f7e6df2243bb510e1c9b581272 with gcc (GCC) 8.1.0
kernel signature: 039a95ed19ec925f50ff31bf77a2aec2b16a8644c2a882008f67fbdf173c3a83
all runs: OK
# git bisect good 16e9b481e988b1f7e6df2243bb510e1c9b581272
Bisecting: 244 revisions left to test after this (roughly 8 steps)
[a4d2113e46c1d2ded1bfed9a19fe17b5ab2d584c] ipvlan: set hw_enc_features like macvlan
testing commit a4d2113e46c1d2ded1bfed9a19fe17b5ab2d584c with gcc (GCC) 8.1.0
kernel signature: 6c025d0546de2016b20a64114769dacd21427f8910909187abeec5e7b6481b0c
run #0: crashed: inconsistent lock state in sco_conn_del
run #1: crashed: inconsistent lock state in sco_sock_timeout
run #2: crashed: inconsistent lock state in sco_conn_del
run #3: crashed: inconsistent lock state in sco_sock_timeout
run #4: crashed: inconsistent lock state in sco_conn_del
run #5: crashed: inconsistent lock state in sco_sock_timeout
run #6: crashed: inconsistent lock state in sco_conn_del
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
# git bisect bad a4d2113e46c1d2ded1bfed9a19fe17b5ab2d584c
Bisecting: 122 revisions left to test after this (roughly 7 steps)
[043b8413e8c0c0ffbf8be268eb73716e05a96064] net: devlink: remove redundant rtnl lock assert
testing commit 043b8413e8c0c0ffbf8be268eb73716e05a96064 with gcc (GCC) 8.1.0
kernel signature: a3fa4510128fab1a1da32848c5c0e25569d9de627fee06796d3daf1d09e4ceca
all runs: OK
# git bisect good 043b8413e8c0c0ffbf8be268eb73716e05a96064
Bisecting: 68 revisions left to test after this (roughly 6 steps)
[8d73f8f23e6b869b726cb01dd4747f56dc88660a] page_pool: fix logic in __page_pool_get_cached
testing commit 8d73f8f23e6b869b726cb01dd4747f56dc88660a with gcc (GCC) 8.1.0
kernel signature: 8b359b14bc0ae19b6c4be6118b48179e84fd49bb4dc8a61a72e2449bec5ff5bd
run #0: crashed: inconsistent lock state in sco_sock_timeout
run #1: crashed: inconsistent lock state in sco_conn_del
run #2: crashed: inconsistent lock state in sco_conn_del
run #3: crashed: inconsistent lock state in sco_sock_timeout
run #4: crashed: inconsistent lock state in sco_sock_timeout
run #5: crashed: inconsistent lock state in sco_conn_del
run #6: crashed: inconsistent lock state in sco_conn_del
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
# git bisect bad 8d73f8f23e6b869b726cb01dd4747f56dc88660a
Bisecting: 25 revisions left to test after this (roughly 5 steps)
[c162610c7db2e9611a7b3ec806f9c97fcfec0b0b] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
testing commit c162610c7db2e9611a7b3ec806f9c97fcfec0b0b with gcc (GCC) 8.1.0
kernel signature: e59bf9d5f2f45fce4cf620e92a32137bcc914db38714513c246ae433001b62f6
run #0: crashed: inconsistent lock state in sco_conn_del
run #1: crashed: inconsistent lock state in sco_sock_timeout
run #2: crashed: inconsistent lock state in sco_conn_del
run #3: crashed: inconsistent lock state in sco_conn_del
run #4: crashed: inconsistent lock state in sco_sock_timeout
run #5: crashed: inconsistent lock state in sco_sock_timeout
run #6: crashed: inconsistent lock state in sco_conn_del
run #7: crashed: inconsistent lock state in sco_conn_del
run #8: crashed: inconsistent lock state in sco_conn_del
run #9: crashed: inconsistent lock state in sco_conn_del
# git bisect bad c162610c7db2e9611a7b3ec806f9c97fcfec0b0b
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[2a475c409fe81a76fb26a6b023509d648237bbe6] kbuild: remove all netfilter headers from header-test blacklist.
testing commit 2a475c409fe81a76fb26a6b023509d648237bbe6 with gcc (GCC) 8.1.0
kernel signature: a6cea5ee69e2c5497562a388da3886dc00375596ef1813d68f7107f1fcd7fe04
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 2a475c409fe81a76fb26a6b023509d648237bbe6
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[65b27995a4ab8fc51b4adc6b4dcdca20f7a595bb] net: phy: let phy_speed_down/up support speeds >1Gbps
testing commit 65b27995a4ab8fc51b4adc6b4dcdca20f7a595bb with gcc (GCC) 8.1.0
kernel signature: 78bd7bc0bf095733e228c8b7bdbb2d14dd93256c95b0b9ebbb0485375145f690
run #0: crashed: general protection fault in __queue_work
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 65b27995a4ab8fc51b4adc6b4dcdca20f7a595bb
Bisecting: 0 revisions left to test after this (roughly 1 step)
[331c56ac73846fa267c04ee6aa9a00bb5fed9440] net: phy: add phy_speed_down_core and phy_resolve_min_speed
testing commit 331c56ac73846fa267c04ee6aa9a00bb5fed9440 with gcc (GCC) 8.1.0
kernel signature: a8bc441b03f04567bd4eb07864f3142e0b8f3e5d529f0c660bf5d316c9446d4a
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 331c56ac73846fa267c04ee6aa9a00bb5fed9440
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[7b261e0ef5f88087765df7f079a4bd0d285f7579] net: phy: add __set_linkmode_max_speed
testing commit 7b261e0ef5f88087765df7f079a4bd0d285f7579 with gcc (GCC) 8.1.0
kernel signature: 0b484f70f054cf3df38bdc92dc5d17955162ecef4a363ef62ff584f5d8494c04
all runs: OK
# git bisect good 7b261e0ef5f88087765df7f079a4bd0d285f7579
331c56ac73846fa267c04ee6aa9a00bb5fed9440 is the first bad commit
commit 331c56ac73846fa267c04ee6aa9a00bb5fed9440
Author: Heiner Kallweit <hkallweit1@gmail.com>
Date:   Mon Aug 12 23:51:27 2019 +0200

    net: phy: add phy_speed_down_core and phy_resolve_min_speed
    
    phy_speed_down_core provides most of the functionality for
    phy_speed_down. It makes use of new helper phy_resolve_min_speed that is
    based on the sorting of the settings[] array. In certain cases it may be
    helpful to be able to exclude legacy half duplex modes, therefore
    prepare phy_resolve_min_speed() for it.
    
    v2:
    - rename __phy_speed_down to phy_speed_down_core
    
    Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
    Reviewed-by: Andrew Lunn <andrew@lunn.ch>
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>

 drivers/net/phy/phy-core.c | 28 ++++++++++++++++++++++++++++
 include/linux/phy.h        |  1 +
 2 files changed, 29 insertions(+)
culprit signature: a8bc441b03f04567bd4eb07864f3142e0b8f3e5d529f0c660bf5d316c9446d4a
parent  signature: 0b484f70f054cf3df38bdc92dc5d17955162ecef4a363ef62ff584f5d8494c04
revisions tested: 20, total time: 5h15m7.944229909s (build: 2h6m3.053697131s, test: 3h6m55.735700203s)
first bad commit: 331c56ac73846fa267c04ee6aa9a00bb5fed9440 net: phy: add phy_speed_down_core and phy_resolve_min_speed
recipients (to): ["andrew@lunn.ch" "hkallweit1@gmail.com" "jakub.kicinski@netronome.com"]
recipients (cc): []
crash: general protection fault in batadv_iv_ogm_queue_add
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 186 Comm: kworker/u4:3 Not tainted 5.3.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:599
Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00
RSP: 0018:ffff8880a95f7ac0 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff8880680fa800 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffff8880a95f7bd8 R08: ffff888092a5a000 R09: 0000000000000001
R10: ffffed10152bef8f R11: 0000000000000003 R12: ffff888092a5a000
R13: dffffc0000000000 R14: ffffed101254b40e R15: 000000000000003c
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056427f089ed8 CR3: 000000009a871000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 batadv_iv_ogm_schedule+0xb47/0xe80 net/batman-adv/bat_iv_ogm.c:807
 batadv_iv_send_outstanding_bat_ogm_packet+0x54c/0x780 net/batman-adv/bat_iv_ogm.c:1669
 process_one_work+0x7d2/0x1560 kernel/workqueue.c:2269
 worker_thread+0x85/0xb60 kernel/workqueue.c:2415
 kthread+0x331/0x3f0 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace ce0b48b1bf31d43d ]---
RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:599
Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00
RSP: 0018:ffff8880a95f7ac0 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff8880680fa800 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffff8880a95f7bd8 R08: ffff888092a5a000 R09: 0000000000000001
R10: ffffed10152bef8f R11: 0000000000000003 R12: ffff888092a5a000
R13: dffffc0000000000 R14: ffffed101254b40e R15: 000000000000003c
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056427f13cc77 CR3: 000000009a871000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400