bisecting fixing commit since e49d033bddf5b565044e2abe4241353959bc9120
building syzkaller on 6a81331a1d4c744da9204d02ec88d558f7eea9c9
testing commit e49d033bddf5b565044e2abe4241353959bc9120 with gcc (GCC) 10.2.1 20210217
kernel signature: 13c46ff51ffa06c1de2f86a4412f4f54b56543c39766c98164c7825a1d343458
all runs: crashed: BUG: corrupted list in kobject_add_internal
testing current HEAD 9d32fa5d74b148b1cba262c0c24b9a27a910909b
testing commit 9d32fa5d74b148b1cba262c0c24b9a27a910909b with gcc (GCC) 10.2.1 20210217
kernel signature: 999da99e96ec9751567a879d6bd50b797788b661e1001ee445fd4d35c7e0f3f9
all runs: crashed: BUG: corrupted list in kobject_add_internal
revisions tested: 2, total time: 22m58.967682919s (build: 15m33.50158991s, test: 6m50.440430427s)
the crash still happens on HEAD
commit msg: Merge tag 'net-5.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
crash: BUG: corrupted list in kobject_add_internal
list_add double add: new=ffff888012be8420, prev=ffff888012be8420, next=ffff888010484000.
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:29!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8829 Comm: kworker/u5:7 Not tainted 5.13.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci1 hci_rx_work
RIP: 0010:__list_add_valid.cold+0x26/0x3c lib/list_debug.c:29
Code: 97 4f 67 fb 4c 89 e1 48 c7 c7 a0 04 fe 88 e8 c2 f7 f2 ff 0f 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 e0 05 fe 88 e8 ab f7 f2 ff <0f> 0b 48 89 f1 48 c7 c7 60 05 fe 88 4c 89 e6 e8 97 f7 f2 ff 0f 0b
RSP: 0018:ffffc90001caf7f0 EFLAGS: 00010286
RAX: 0000000000000058 RBX: ffff88802f555298 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff88fe03a0 RDI: fffff52000395ef1
RBP: ffff888012be8420 R08: 0000000000000058 R09: ffff8880ba02fec7
R10: ffffed1017405fd8 R11: 000000000000009b R12: ffff888010484000
R13: ffff888010484000 R14: ffff888012be8420 R15: ffff888012be8418
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000568000 CR3: 0000000027334000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __list_add include/linux/list.h:67 [inline]
 list_add_tail include/linux/list.h:100 [inline]
 kobj_kset_join lib/kobject.c:196 [inline]
 kobject_add_internal+0x15f/0x930 lib/kobject.c:246
 kobject_add_varg lib/kobject.c:390 [inline]
 kobject_add+0x120/0x190 lib/kobject.c:442
 device_add+0x2d8/0x1d60 drivers/base/core.c:3257
 hci_conn_add_sysfs+0x88/0x150 net/bluetooth/hci_sysfs.c:53
 hci_sync_conn_complete_evt.isra.0+0x496/0x720 net/bluetooth/hci_event.c:4381
 hci_event_packet+0xcb4/0x6e20 net/bluetooth/hci_event.c:6269
 hci_rx_work+0x3be/0xb60 net/bluetooth/hci_core.c:5098
 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2276
 worker_thread+0x598/0xf80 kernel/workqueue.c:2422
 kthread+0x36f/0x450 kernel/kthread.c:313
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Modules linked in:
---[ end trace c6d932ca3cdd63dc ]---
RIP: 0010:__list_add_valid.cold+0x26/0x3c lib/list_debug.c:29
Code: 97 4f 67 fb 4c 89 e1 48 c7 c7 a0 04 fe 88 e8 c2 f7 f2 ff 0f 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 e0 05 fe 88 e8 ab f7 f2 ff <0f> 0b 48 89 f1 48 c7 c7 60 05 fe 88 4c 89 e6 e8 97 f7 f2 ff 0f 0b
RSP: 0018:ffffc90001caf7f0 EFLAGS: 00010286
RAX: 0000000000000058 RBX: ffff88802f555298 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff88fe03a0 RDI: fffff52000395ef1
RBP: ffff888012be8420 R08: 0000000000000058 R09: ffff8880ba02fec7
R10: ffffed1017405fd8 R11: 000000000000009b R12: ffff888010484000
R13: ffff888010484000 R14: ffff888012be8420 R15: ffff888012be8418
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000568000 CR3: 000000000a68e000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400