bisecting fixing commit since 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144
building syzkaller on 7da2392541a49c3f17b2e7d24e04b84d72b965fb
testing commit 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144 with gcc (GCC) 8.1.0
kernel signature: a27fde2e72fde194af152d2851b98c21e90041fb84faff515b8ccbf998327b81
run #0: crashed: KASAN: use-after-free Read in put_device
run #1: crashed: KASAN: use-after-free Read in put_device
run #2: crashed: KASAN: use-after-free Read in put_device
run #3: crashed: KASAN: use-after-free Read in put_device
run #4: crashed: KASAN: use-after-free Read in put_device
run #5: crashed: KASAN: use-after-free Write in hci_sock_release
run #6: crashed: WARNING: refcount bug in hci_register_dev
run #7: crashed: KASAN: use-after-free Read in put_device
run #8: crashed: KASAN: use-after-free Read in put_device
run #9: crashed: KASAN: use-after-free Write in hci_sock_release
testing current HEAD 359c92c02bfae1a6f1e8e37c298e518fd256642c
testing commit 359c92c02bfae1a6f1e8e37c298e518fd256642c with gcc (GCC) 8.1.0
kernel signature: 5730213372e009bd152f2bd452f4b696130bd3eb66f4e1edd31332f2f8725dfc
all runs: crashed: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!
revisions tested: 2, total time: 22m0.403487185s (build: 12m16.692808625s, test: 8m52.676722202s)
the crash still happens on HEAD
commit msg: Merge tag 'dax-fixes-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
crash: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!
turning off the locking correctness validator.
CPU: 0 PID: 8403 Comm: kworker/u5:2 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci5 hci_power_on
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x12d/0x187 lib/dump_stack.c:118
 add_chain_cache kernel/locking/lockdep.c:2840 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:2914 [inline]
 validate_chain kernel/locking/lockdep.c:2935 [inline]
 __lock_acquire.cold.65+0x18/0x385 kernel/locking/lockdep.c:3954
 lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4484
 __flush_work+0x587/0x8b0 kernel/workqueue.c:3036
 flush_work+0xb/0x10 kernel/workqueue.c:3062
 hci_dev_do_close+0x572/0xe30 net/bluetooth/hci_core.c:1750
 hci_power_on+0x163/0x4d0 net/bluetooth/hci_core.c:2211
 process_one_work+0x891/0x1690 kernel/workqueue.c:2264
 worker_thread+0x85/0xb60 kernel/workqueue.c:2410
 kthread+0x334/0x3f0 kernel/kthread.c:255
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
device hsr_slave_0 left promiscuous mode
device hsr_slave_1 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves