bisecting fixing commit since 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60
building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7
testing commit 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 with gcc (GCC) 8.1.0
kernel signature: 2f552de0a9c8a49ec1d973dadc0317368516a0c0188d136468d5107f5eafb6f8
all runs: crashed: WARNING in corrupted
testing current HEAD 2d2791fce891fc20709232d49a6bae075b9a77f8
testing commit 2d2791fce891fc20709232d49a6bae075b9a77f8 with gcc (GCC) 8.1.0
kernel signature: 9567128ec47092f5d3d0f11cded3fa199138ed5cf84ff7839a5502630c48e522
run #0: crashed: WARNING in corrupted
run #1: crashed: WARNING in corrupted
run #2: crashed: WARNING in corrupted
run #3: crashed: WARNING in corrupted
run #4: crashed: WARNING in corrupted
run #5: crashed: WARNING in corrupted
run #6: crashed: WARNING in hci_conn_timeout
run #7: crashed: WARNING in corrupted
run #8: crashed: WARNING in corrupted
run #9: crashed: WARNING in corrupted
revisions tested: 2, total time: 25m59.837561794s (build: 16m15.047711917s, test: 9m11.183228796s)
the crash still happens on HEAD
commit msg: Linux 4.14.217
crash: WARNING in corrupted
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5874 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline]
WARNING: CPU: 0 PID: 5874 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline]
WARNING: CPU: 0 PID: 5874 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline]
WARNING: CPU: 0 PID: 5874 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 5874 Comm: kworker/u5:8 Not tainted 4.14.217-syzkaller #0
------------[ cut here ]------------
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci2 hci_conn_timeout
WARNING: CPU: 1 PID: 5873 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline]
WARNING: CPU: 1 PID: 5873 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline]
WARNING: CPU: 1 PID: 5873 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline]
WARNING: CPU: 1 PID: 5873 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419
Call Trace:
Modules linked in:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x14b/0x1e7 lib/dump_stack.c:58
CPU: 1 PID: 5873 Comm: kworker/u5:7 Not tainted 4.14.217-syzkaller #0
 panic+0x1b0/0x358 kernel/panic.c:183
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci1 hci_conn_timeout
task: ffff8881db3a2080 task.stack: ffff8881e5200000
 __warn.cold.7+0x25/0x25 kernel/panic.c:547
RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404
RSP: 0018:ffff8881e5207d48 EFLAGS: 00010286
 report_bug+0x1a4/0x200 lib/bug.c:186
RAX: 00000000ffffea00 RBX: ffff8881e8124ee0 RCX: ffffed103b674520
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 do_error_trap+0x1bd/0x310 arch/x86/kernel/traps.c:295
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881e8124dd0
RBP: ffff8881e5207d60 R08: 1ffff1103b674520 R09: ffffffff8954d290
R10: 0000000000000028 R11: ffff8881db3a2080 R12: ffff8881e8a01900
R13: ffff8881f24971c0 R14: ffff8881f2f17c00 R15: ffff8881e8124ee0
FS:  0000000000000000(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000118d001 CR3: 0000000007e6a004 CR4: 00000000001606e0
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404
Call Trace:
RSP: 0018:ffff8881d0f07d48 EFLAGS: 00010286
 process_one_work+0x74f/0x1620 kernel/workqueue.c:2116
RAX: 00000000ffffe9d2 RBX: ffff8881e5096660 RCX: ffffed103b4b4d28
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881e5096550
RBP: ffff8881d0f07d60 R08: 1ffff1103b4b4d28 R09: ffff8881d0f07a68
R10: ffff8881d0f079e0 R11: ffff8881da5a60c0 R12: ffff8881e8c64600
 worker_thread+0xcc/0xed0 kernel/workqueue.c:2250
R13: ffff8881f24971c0 R14: ffff8881f2f17400 R15: ffff8881e5096660
 kthread+0x338/0x400 kernel/kthread.c:232
 process_one_work+0x74f/0x1620 kernel/workqueue.c:2116
 worker_thread+0xcc/0xed0 kernel/workqueue.c:2250
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
 kthread+0x338/0x400 kernel/kthread.c:232
Code: 
df 
48 
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
8d 93 80 02 00 00 48 89 f9 48 c1 e9 03 80 3c 01 00 75 45 48 8b 35 b5 f8 03 03 bf 40 00 00 00 e8 db 1e 8b fb e9 38 ff ff ff <0f> 0b e9 a2 fe ff ff e8 aa f4 d2 fb e9 84 fe ff ff e8 60 f4 d2 
---[ end trace 02aa2af6b88eb21d ]---
Kernel Offset: disabled
Rebooting in 86400 seconds..