bisecting fixing commit since caffb99b6929f41a69edbb5aef3a359bf45f3315
building syzkaller on bd28eb9d7873a6a3232f8c5011e3175e2c9e8319
testing commit caffb99b6929f41a69edbb5aef3a359bf45f3315 with gcc (GCC) 8.1.0
kernel signature: 0c92d325c22efedd71d938e777a398014e4a69033dab5ea2d6e2481549e17d6a
run #0: crashed: WARNING: locking bug in finish_task_switch
run #1: crashed: WARNING: locking bug in finish_task_switch
run #2: crashed: WARNING: locking bug in finish_task_switch
run #3: crashed: WARNING: locking bug in finish_task_switch
run #4: crashed: WARNING: locking bug in finish_task_switch
run #5: crashed: WARNING: locking bug in finish_task_switch
run #6: crashed: WARNING: locking bug in finish_task_switch
run #7: crashed: KASAN: use-after-free Write in hci_sock_bind
run #8: crashed: WARNING: locking bug in finish_task_switch
run #9: crashed: WARNING: locking bug in finish_task_switch
testing current HEAD aa0c9086b40c17a7ad94425b3b70dd1fdd7497bf
testing commit aa0c9086b40c17a7ad94425b3b70dd1fdd7497bf with gcc (GCC) 8.1.0
kernel signature: a135dd2a7987208676d29782f5cb7c9716e9ff60a0945fcfdfaa47d8b1fb6597
run #0: crashed: WARNING: locking bug in finish_task_switch
run #1: crashed: WARNING: locking bug in finish_task_switch
run #2: crashed: WARNING: locking bug in finish_task_switch
run #3: crashed: WARNING: locking bug in hci_dev_open
run #4: crashed: WARNING: locking bug in finish_task_switch
run #5: crashed: WARNING: locking bug in finish_task_switch
run #6: crashed: WARNING: locking bug in finish_task_switch
run #7: crashed: WARNING: locking bug in finish_task_switch
run #8: crashed: WARNING: locking bug in finish_task_switch
run #9: crashed: WARNING: locking bug in finish_task_switch
revisions tested: 2, total time: 20m59.492810855s (build: 11m54.479812826s, test: 7m55.863848254s)
the crash still happens on HEAD
commit msg: Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
crash: WARNING: locking bug in finish_task_switch
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 0 PID: 30315 at kernel/locking/lockdep.c:183 hlock_class kernel/locking/lockdep.c:183 [inline]
WARNING: CPU: 0 PID: 30315 at kernel/locking/lockdep.c:183 check_wait_context kernel/locking/lockdep.c:4079 [inline]
WARNING: CPU: 0 PID: 30315 at kernel/locking/lockdep.c:183 __lock_acquire+0x759/0x16e0 kernel/locking/lockdep.c:4330
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 30315 Comm: syz-executor.4 Not tainted 5.8.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xb3/0xec lib/dump_stack.c:118
 panic+0x115/0x2fa kernel/panic.c:231
 __warn.cold.13+0x20/0x25 kernel/panic.c:600
 report_bug+0xc0/0xf0 lib/bug.c:198
 handle_bug+0x35/0x90 arch/x86/kernel/traps.c:235
 exc_invalid_op+0x13/0x60 arch/x86/kernel/traps.c:255
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:542
RIP: 0010:hlock_class kernel/locking/lockdep.c:183 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4079 [inline]
RIP: 0010:__lock_acquire+0x759/0x16e0 kernel/locking/lockdep.c:4330
Code: 28 85 c0 0f 84 e4 fb ff ff 8b 05 f2 71 3e 03 85 c0 0f 85 d6 fb ff ff 48 c7 c6 38 4c e8 83 48 c7 c7 ea 56 e3 83 e8 22 42 f9 ff <0f> 0b 31 c0 8b 4c 24 28 e9 6c fb ff ff 41 8b 84 24 b4 08 00 00 85
RSP: 0018:ffffc9000a1b3a28 EFLAGS: 00010082
RAX: 0000000000000000 RBX: ffff88810b6b8910 RCX: 0000000000000003
RDX: ffff88810b6b8040 RSI: ffffffff81249491 RDI: ffffffff8124951b
RBP: ffffffff859c07c0 R08: 0000000000000000 R09: 0000000000000016
R10: 000000000000766b R11: ffffc9000a1b385a R12: ffff88810b6b8040
R13: 0000000000000001 R14: 0000000000000004 R15: 0000000000000001
 lock_acquire+0xd0/0x3f0 kernel/locking/lockdep.c:4959
 finish_lock_switch kernel/sched/core.c:3191 [inline]
 finish_task_switch+0x91/0x280 kernel/sched/core.c:3292
 context_switch kernel/sched/core.c:3456 [inline]
 __schedule+0x3cf/0x810 kernel/sched/core.c:4178
 preempt_schedule_irq+0x42/0x80 kernel/sched/core.c:4436
 idtentry_exit_cond_resched arch/x86/entry/common.c:663 [inline]
 idtentry_exit_cond_rcu+0xc0/0xf0 arch/x86/entry/common.c:710
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:587
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:765 [inline]
RIP: 0010:lock_acquire+0x108/0x3f0 kernel/locking/lockdep.c:4962
Code: 00 48 83 c4 20 83 e8 01 85 c0 89 82 cc 08 00 00 0f 85 4a 02 00 00 48 83 3d b4 ec 07 03 00 0f 84 3a 02 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 8b 44 24 38 65 48 33 04 25 28 00 00 00 0f 85 c7
RSP: 0018:ffffc9000a1b3cd0 EFLAGS: 00000282
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001
RDX: ffff88810b6b8040 RSI: ffffffff85a21990 RDI: 0000000000000282
RBP: 0000000000000000 R08: ffffffff85a21990 R09: ffffffff85a21990
R10: ffffffff84a730c0 R11: 1b07f28fa3bbc4c1 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88810b1d2938 R15: 0000000000000000
 flush_workqueue+0xa6/0x590 kernel/workqueue.c:2780
 hci_dev_open+0x3a/0xa0 net/bluetooth/hci_core.c:1658
 hci_sock_bind+0x38c/0x6b0 net/bluetooth/hci_sock.c:1200
 __sys_bind+0xc7/0xe0 net/socket.c:1657
 __do_sys_bind net/socket.c:1668 [inline]
 __se_sys_bind net/socket.c:1666 [inline]
 __x64_sys_bind+0x11/0x20 net/socket.c:1666
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45caa9
Code: Bad RIP value.
RSP: 002b:00007f4b786b9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 00000000004d99c0 RCX: 000000000045caa9
RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0000000000000005
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000002c R14: 00000000004c2f59 R15: 00007f4b786ba6d4
Shutting down cpus with NMI
Kernel Offset: disabled
Rebooting in 86400 seconds..