bisecting fixing commit since d18b78abc0c6e7d3119367c931c583e02d466495
building syzkaller on 6436ce4bcd8e2c7dcca0b171ac91f51e96d973f8
testing commit d18b78abc0c6e7d3119367c931c583e02d466495 with gcc (GCC) 8.1.0
kernel signature: 33222b88e6e872b974498b31c28c4d82546c955c25f7d9ccede9e9f3accf173a
run #0: crashed: general protection fault in __queue_work
run #1: crashed: WARNING: ODEBUG bug in bt_host_release
run #2: crashed: WARNING: ODEBUG bug in bt_host_release
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
testing current HEAD 43d555d83c3f1fb8168367ca5b47c3a6570ca487
testing commit 43d555d83c3f1fb8168367ca5b47c3a6570ca487 with gcc (GCC) 8.1.0
kernel signature: 3b508c48306bd0fef2fb924cc6cb6e518bf7194d9b6eb590fe41b0d66848aed0
run #0: crashed: KASAN: use-after-free Read in __queue_work
run #1: crashed: general protection fault in __queue_work
run #2: crashed: KASAN: use-after-free Read in __queue_work
run #3: crashed: KASAN: use-after-free Read in __queue_work
run #4: crashed: WARNING: ODEBUG bug in bt_host_release
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: crashed: WARNING: ODEBUG bug in corrupted
Reproducer flagged being flaky
revisions tested: 2, total time: 35m7.193778705s (build: 17m35.204473793s, test: 16m53.903350041s)
the crash still happens on HEAD
commit msg: Linux 4.19.169
crash: WARNING: ODEBUG bug in corrupted
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
Bluetooth: hci0: command 0x0c1a tx timeout
Bluetooth: hci3: command 0x0419 tx timeout
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4950
WARNING: CPU: 0 PID: 18728 at lib/debugobjects.c:328 debug_print_object+0x168/0x210 lib/debugobjects.c:325
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 18728 Comm: syz-executor.5 Not tainted 4.19.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x17c/0x226 lib/dump_stack.c:118
 panic+0x1cd/0x375 kernel/panic.c:186
 __warn.cold.7+0x1b/0x36 kernel/panic.c:541
 report_bug+0x1a4/0x200 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x200/0x350 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:debug_print_object+0x168/0x210 lib/debugobjects.c:325
Code: 67 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd 60 96 67 87 4c 89 fe 48 c7 c7 e0 8b 67 87 e8 80 c9 96 03 <0f> 0b 83 05 3b f9 fa 05 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f