bisecting fixing commit since c37da90efff5f183bea6ae4c2af33571f61fe317 building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7 testing commit c37da90efff5f183bea6ae4c2af33571f61fe317 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 531d3f942523289fa58fa0a6fe07f273be3dffc366390f207de2ab17fd181459 run #0: crashed: WARNING in hci_conn_timeout run #1: crashed: WARNING in corrupted run #2: crashed: WARNING in hci_conn_timeout run #3: crashed: WARNING in corrupted run #4: crashed: WARNING in corrupted run #5: crashed: WARNING in hci_conn_timeout run #6: crashed: WARNING in hci_conn_timeout run #7: crashed: WARNING in hci_conn_timeout run #8: crashed: WARNING in hci_conn_timeout run #9: crashed: WARNING in corrupted run #10: crashed: WARNING in hci_conn_timeout run #11: crashed: WARNING in hci_conn_timeout run #12: crashed: WARNING in corrupted run #13: crashed: WARNING in hci_conn_timeout run #14: crashed: WARNING in hci_conn_timeout run #15: crashed: WARNING in hci_conn_timeout run #16: crashed: WARNING in hci_conn_timeout run #17: crashed: WARNING in hci_conn_timeout run #18: crashed: WARNING in hci_conn_timeout run #19: crashed: WARNING in hci_conn_timeout testing current HEAD c2276d585654e8d573366c29c565043ec36adf63 testing commit c2276d585654e8d573366c29c565043ec36adf63 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: cfff04e8ad0ed682e212b8930df0069fb7edf8d4211ed62c4e3d329ae48ae2e1 run #0: crashed: WARNING in corrupted run #1: crashed: WARNING in corrupted run #2: crashed: WARNING in corrupted run #3: crashed: WARNING in hci_conn_timeout run #4: crashed: WARNING in corrupted run #5: crashed: WARNING in hci_conn_timeout run #6: crashed: WARNING in hci_conn_timeout run #7: crashed: WARNING in hci_conn_timeout run #8: crashed: WARNING in hci_conn_timeout run #9: crashed: WARNING in corrupted revisions tested: 2, total time: 32m50.840546659s (build: 21m22.196921019s, test: 10m52.357981548s) the crash still happens on HEAD commit msg: Linux 4.19.208 crash: WARNING in corrupted ------------[ cut here ]------------ ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5951 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 WARNING: CPU: 0 PID: 5949 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Modules linked in: Modules linked in: CPU: 1 PID: 5951 Comm: kworker/u5:8 Not tainted 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 CPU: 0 PID: 5949 Comm: kworker/u5:6 Not tainted 4.19.208-syzkaller #0 Workqueue: hci0 hci_conn_timeout Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Workqueue: hci1 hci_conn_timeout Code: 87 e8 e0 a8 eb ff 0f 0b e9 e3 a9 35 ff e8 f4 af b7 fa 48 c7 c7 e0 c0 cd 87 e8 f5 a7 02 00 48 c7 c7 a0 c4 cd 87 e8 bc a8 eb ff <0f> 0b e9 ae 55 37 ff e8 d0 af b7 fa 48 c7 c7 60 ca cd 87 e8 d1 a7 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 RSP: 0018:ffff8881d3b37d40 EFLAGS: 00010286 Code: 87 e8 e0 a8 eb ff 0f 0b e9 e3 a9 35 ff e8 f4 af b7 fa 48 c7 c7 e0 c0 cd 87 e8 f5 a7 02 00 48 c7 c7 a0 c4 cd 87 e8 bc a8 eb ff <0f> 0b e9 ae 55 37 ff e8 d0 af b7 fa 48 c7 c7 60 ca cd 87 e8 d1 a7 RAX: 0000000000000024 RBX: ffff8881f0d96de0 RCX: 0000000000000000 RSP: 0018:ffff8881d3e87d40 EFLAGS: 00010286 RDX: 0000000000000000 RSI: ffffffff8767a520 RDI: ffffffff8a19faa0 RAX: 0000000000000024 RBX: ffff8881db3bc1e0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767a520 RDI: ffffffff8a19faa0 RBP: ffff8881d3b37d58 R08: ffffed103ed25091 R09: ffffed103ed25090 RBP: ffff8881d3e87d58 R08: ffffed103ed05091 R09: ffffed103ed05090 R10: ffffed103ed05090 R11: ffff8881f6828487 R12: ffff8881db3bc0c0 R10: ffffed103ed25090 R11: ffff8881f6928487 R12: ffff8881f0d96cc0 R13: ffff8881f28ea940 R14: ffff8881d682ec00 R15: ffff8881db3bc1e0 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 R13: ffff8881f28ea940 R14: ffff8881f3702c00 R15: ffff8881f0d96de0 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000533198 CR3: 000000000846d003 CR4: 00000000003606e0 CR2: 0000000000533198 CR3: 000000000846d004 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Call Trace: process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x347/0x410 kernel/kthread.c:259 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 458472 irq event stamp: 428432 hardirqs last enabled at (458471): [] console_trylock_spinning kernel/printk/printk.c:1713 [inline] hardirqs last enabled at (458471): [] vprintk_emit+0x415/0x540 kernel/printk/printk.c:1964 hardirqs last enabled at (428431): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (428432): [] trace_hardirqs_off_thunk+0x1a/0x1c hardirqs last disabled at (458472): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (426930): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last enabled at (443266): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last disabled at (426899): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (426899): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 ---[ end trace a40dab8d140aa562 ]--- softirqs last disabled at (442987): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (442987): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 ------------[ cut here ]------------ ---[ end trace a40dab8d140aa563 ]--- ------------[ cut here ]------------ ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1231 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 ------------[ cut here ]------------ Modules linked in: CPU: 1 PID: 1231 Comm: kworker/u5:0 Tainted: G W 4.19.208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci4 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Code: 87 e8 e0 a8 eb ff 0f 0b e9 e3 a9 35 ff e8 f4 af b7 fa 48 c7 c7 e0 c0 cd 87 e8 f5 a7 02 00 48 c7 c7 a0 c4 cd 87 e8 bc a8 eb ff <0f> 0b e9 ae 55 37 ff e8 d0 af b7 fa 48 c7 c7 60 ca cd 87 e8 d1 a7 WARNING: CPU: 0 PID: 5947 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 RSP: 0018:ffff8881f28bfd40 EFLAGS: 00010286 Modules linked in: RAX: 0000000000000024 RBX: ffff8881f29f82a0 RCX: 0000000000000000 CPU: 0 PID: 5947 Comm: kworker/u5:4 Tainted: G W 4.19.208-syzkaller #0 RDX: 0000000000000000 RSI: ffffffff8767a520 RDI: ffffffff8a19faa0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RBP: ffff8881f28bfd58 R08: ffffed103ed25091 R09: ffffed103ed25090 Workqueue: hci3 hci_conn_timeout R10: ffffed103ed25090 R11: ffff8881f6928487 R12: ffff8881f29f8180 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 R13: ffff8881f28ea940 R14: ffff8881eeeff400 R15: ffff8881f29f82a0 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 Code: 87 e8 e0 a8 eb ff 0f 0b e9 e3 a9 35 ff e8 f4 af b7 fa 48 c7 c7 e0 c0 cd 87 e8 f5 a7 02 00 48 c7 c7 a0 c4 cd 87 e8 bc a8 eb ff <0f> 0b e9 ae 55 37 ff e8 d0 af b7 fa 48 c7 c7 60 ca cd 87 e8 d1 a7 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000533198 CR3: 000000000846d003 CR4: 00000000003606e0 RSP: 0018:ffff8881da1d7d40 EFLAGS: 00010286 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RAX: 0000000000000024 RBX: ffff8881f0d34c20 RCX: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: RDX: 0000000000000000 RSI: ffffffff8767a520 RDI: ffffffff8a19faa0 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 RBP: ffff8881da1d7d58 R08: ffffed103ed05091 R09: ffffed103ed05090 R10: ffffed103ed05090 R11: ffff8881f6828487 R12: ffff8881f0d34b00 R13: ffff8881f28ea940 R14: ffff8881eeeffc00 R15: ffff8881f0d34c20 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 CR2: 00007ff6d7413000 CR3: 000000000846d004 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kthread+0x347/0x410 kernel/kthread.c:259 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 518 hardirqs last enabled at (517): [] console_unlock+0xb9e/0xe20 kernel/printk/printk.c:2464 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 hardirqs last disabled at (518): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (0): [] copy_process.part.2+0x176b/0x7960 kernel/fork.c:1856 kthread+0x347/0x410 kernel/kthread.c:259 softirqs last disabled at (0): [<0000000000000000>] (null) ---[ end trace a40dab8d140aa564 ]--- WARNING: CPU: 1 PID: 5946 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Modules linked in: irq event stamp: 34040 CPU: 1 PID: 5946 Comm: kworker/u5:3 Tainted: G W 4.19.208-syzkaller #0 hardirqs last enabled at (34039): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (34039): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 hardirqs last disabled at (34040): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (31878): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 Workqueue: hci2 hci_conn_timeout softirqs last disabled at (31845): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (31845): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 ---[ end trace a40dab8d140aa565 ]--- Code: 87 e8 e0 a8 eb ff 0f 0b e9 e3 a9 35 ff e8 f4 af b7 fa 48 c7 c7 e0 c0 cd 87 e8 f5 a7 02 00 48 c7 c7 a0 c4 cd 87 e8 bc a8 eb ff <0f> 0b e9 ae 55 37 ff e8 d0 af b7 fa 48 c7 c7 60 ca cd 87 e8 d1 a7 WARNING: CPU: 0 PID: 5945 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 RSP: 0018:ffff8881d94dfd40 EFLAGS: 00010286 Modules linked in: RAX: 0000000000000024 RBX: ffff8881f0fcaba0 RCX: 0000000000000000 CPU: 0 PID: 5945 Comm: kworker/u5:2 Tainted: G W 4.19.208-syzkaller #0 RDX: 0000000000000000 RSI: ffffffff8767a520 RDI: ffffffff8a19faa0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RBP: ffff8881d94dfd58 R08: ffffed103ed25091 R09: ffffed103ed25090 Workqueue: hci5 hci_conn_timeout R10: ffffed103ed25090 R11: ffff8881f6928487 R12: ffff8881f0fcaa80 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 R13: ffff8881f28ea940 R14: ffff8881f3702400 R15: ffff8881f0fcaba0 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 Code: 87 e8 e0 a8 eb ff 0f 0b e9 e3 a9 35 ff e8 f4 af b7 fa 48 c7 c7 e0 c0 cd 87 e8 f5 a7 02 00 48 c7 c7 a0 c4 cd 87 e8 bc a8 eb ff <0f> 0b e9 ae 55 37 ff e8 d0 af b7 fa 48 c7 c7 60 ca cd 87 e8 d1 a7 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RSP: 0018:ffff8881f3a67d40 EFLAGS: 00010286 CR2: 00007ffba8d4d010 CR3: 000000000846d005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RAX: 0000000000000024 RBX: ffff8881f0fd4b60 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767a520 RDI: ffffffff8a19faa0 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 RBP: ffff8881f3a67d58 R08: ffffed103ed05091 R09: ffffed103ed05090 Call Trace: R10: ffffed103ed05090 R11: ffff8881f6828487 R12: ffff8881f0fd4a40 R13: ffff8881f28ea940 R14: ffff8881d682e400 R15: ffff8881f0fd4b60 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff6d7413000 CR3: 000000000846d004 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 Call Trace: process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 838 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 hardirqs last enabled at (837): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (837): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (838): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (0): [] copy_process.part.2+0x176b/0x7960 kernel/fork.c:1856 kthread+0x347/0x410 kernel/kthread.c:259 softirqs last disabled at (0): [<0000000000000000>] (null) ---[ end trace a40dab8d140aa566 ]--- ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 460 hardirqs last enabled at (459): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (459): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (460): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (0): [] copy_process.part.2+0x176b/0x7960 kernel/fork.c:1856 softirqs last disabled at (0): [<0000000000000000>] (null) ---[ end trace a40dab8d140aa567 ]--- Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci0: command 0x0406 tx timeout Bluetooth: hci3: command 0x0406 tx timeout Bluetooth: hci2: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout