bisecting fixing commit since 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144
building syzkaller on 7da2392541a49c3f17b2e7d24e04b84d72b965fb
testing commit 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144 with gcc (GCC) 8.1.0
kernel signature: 9e7e1159afe00c28e5ed736e1d687e85a40f5253bb0c06dda4d596d7a6c25431
run #0: crashed: KASAN: use-after-free Write in hci_sock_release
run #1: crashed: KASAN: use-after-free Write in hci_sock_release
run #2: crashed: WARNING in kernfs_get
run #3: crashed: WARNING: refcount bug in kobj_kset_leave
run #4: crashed: KASAN: use-after-free Read in put_device
run #5: crashed: KASAN: use-after-free Read in put_device
run #6: crashed: KASAN: use-after-free Read in put_device
run #7: crashed: KASAN: use-after-free Read in put_device
run #8: crashed: KASAN: use-after-free Write in hci_sock_release
run #9: crashed: KASAN: use-after-free Read in put_device
testing current HEAD fb33c6510d5595144d585aa194d377cf74d31911
testing commit fb33c6510d5595144d585aa194d377cf74d31911 with gcc (GCC) 8.1.0
kernel signature: c7d93a5fe28bfd2df210b5a10d0c91d25f723974ae833d5de205fca8075955ac
all runs: crashed: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!
revisions tested: 2, total time: 22m17.956134832s (build: 12m9.145605201s, test: 9m20.124726341s)
the crash still happens on HEAD
commit msg: Linux 5.6-rc6
crash: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!
turning off the locking correctness validator.
CPU: 1 PID: 1532 Comm: kworker/u5:0 Not tainted 5.6.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci3 hci_power_on
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x12d/0x187 lib/dump_stack.c:118
 add_chain_cache kernel/locking/lockdep.c:2840 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:2914 [inline]
 validate_chain kernel/locking/lockdep.c:2935 [inline]
 __lock_acquire.cold.65+0x18/0x385 kernel/locking/lockdep.c:3954
 lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4484
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x99/0xd0 kernel/locking/spinlock.c:159
 skb_dequeue+0x20/0x1f0 net/core/skbuff.c:3038
 skb_queue_purge+0x1a/0x30 net/core/skbuff.c:3076
 vhci_flush+0x36/0x50 include/linux/skbuff.h:1878
 hci_dev_do_close+0x4c8/0xe30 net/bluetooth/hci_core.c:1737
 hci_power_on+0x163/0x4d0 net/bluetooth/hci_core.c:2211
 process_one_work+0x891/0x1690 kernel/workqueue.c:2266
 worker_thread+0x85/0xb60 kernel/workqueue.c:2412
 kthread+0x334/0x3f0 kernel/kthread.c:255
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
device hsr_slave_0 left promiscuous mode
device hsr_slave_1 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves