bisecting fixing commit since 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144 building syzkaller on 7da2392541a49c3f17b2e7d24e04b84d72b965fb testing commit 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144 with gcc (GCC) 8.1.0 kernel signature: 61753821cee20bdc7dea5fd588869a9f7dfb8e276704762b56fc405f41877e15 run #0: crashed: KASAN: use-after-free Read in put_device run #1: crashed: KASAN: use-after-free Read in put_device run #2: crashed: KASAN: use-after-free Write in hci_sock_release run #3: crashed: KASAN: use-after-free Write in hci_sock_release run #4: crashed: KASAN: use-after-free Read in put_device run #5: crashed: KASAN: use-after-free Read in put_device run #6: crashed: KASAN: use-after-free Read in put_device run #7: crashed: WARNING in kernfs_get run #8: crashed: KASAN: use-after-free Read in put_device run #9: crashed: KASAN: use-after-free Read in put_device testing current HEAD 00086336a8d96a04aa960f912287692a258f6cf5 testing commit 00086336a8d96a04aa960f912287692a258f6cf5 with gcc (GCC) 8.1.0 kernel signature: 9ac771303142641a75104f2e83169d5495e136aa00f675457cd8297e3c101528 run #0: crashed: WARNING: locking bug in hci_sock_dev_event run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK revisions tested: 2, total time: 27m25.404428513s (build: 11m22.558194245s, test: 15m17.220143143s) the crash still happens on HEAD commit msg: Merge tag 'efi-urgent-2020-04-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip crash: WARNING: locking bug in hci_sock_dev_event bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): Released all slaves ------------[ cut here ]------------ WARNING: CPU: 0 PID: 17719 at kernel/locking/lockdep.c:873 look_up_lock_class kernel/locking/lockdep.c:872 [inline] WARNING: CPU: 0 PID: 17719 at kernel/locking/lockdep.c:873 register_lock_class+0x260/0x2080 kernel/locking/lockdep.c:1220 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 17719 Comm: syz-executor167 Not tainted 5.7.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x12d/0x187 lib/dump_stack.c:118 panic+0x22a/0x4f5 kernel/panic.c:221 __warn.cold.10+0x25/0x28 kernel/panic.c:582 report_bug+0x1b0/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:175 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:look_up_lock_class kernel/locking/lockdep.c:872 [inline] RIP: 0010:register_lock_class+0x260/0x2080 kernel/locking/lockdep.c:1220 Code: 3b 75 18 74 27 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 7c 14 00 00 49 81 7d 00 40 bc 7b 89 74 02 <0f> 0b 45 85 c0 0f 84 cd 02 00 00 41 83 e1 01 0f 85 c3 02 00 00 41 RSP: 0018:ffff888065067a30 EFLAGS: 00010002 RAX: dffffc0000000000 RBX: ffffffff89f3b2d0 RCX: 1ffff1100ca0cf50 RDX: 1ffff110120e3614 RSI: ffffffff89ecb398 RDI: ffff88809071b0b8 RBP: ffff888065067b08 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: fffffbfff128c018 R12: ffffffff8a24f8a0 R13: ffff88809071b0a0 R14: ffffffff87e88c40 R15: ffff888065067ae0 __lock_acquire+0xfd/0x3bf0 kernel/locking/lockdep.c:4234 lock_acquire+0x209/0x9e0 kernel/locking/lockdep.c:4934 _raw_spin_lock_nested+0x33/0x50 kernel/locking/spinlock.c:361 hci_sock_dev_event+0x385/0x530 net/bluetooth/hci_sock.c:766 hci_unregister_dev+0x206/0x7f0 net/bluetooth/hci_core.c:3611 vhci_release+0x6b/0xe0 drivers/bluetooth/hci_vhci.c:340 __fput+0x2aa/0x790 fs/file_table.c:280 ____fput+0x9/0x10 fs/file_table.c:313 task_work_run+0xd4/0x170 kernel/task_work.c:123 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x1be/0x210 arch/x86/entry/common.c:165 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:279 [inline] do_syscall_64+0x53d/0x630 arch/x86/entry/common.c:305 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x405521 Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 18 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007ffef48dfc60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000405521 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 0000000000081eff R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffef48dfc70 R11: 0000000000000293 R12: 000000000000002d R13: 20c49ba5e353f7cf R14: 0000000000000006 R15: 0000000000000001 Kernel Offset: disabled Rebooting in 86400 seconds..