bisecting fixing commit since caffb99b6929f41a69edbb5aef3a359bf45f3315
building syzkaller on bd28eb9d7873a6a3232f8c5011e3175e2c9e8319
testing commit caffb99b6929f41a69edbb5aef3a359bf45f3315 with gcc (GCC) 8.4.1 20210217
kernel signature: 3112cb08c8a343220a10ed93da320f5b7b0809a07a92338ad2652c3d35a79923
run #0: crashed: KASAN: use-after-free Write in hci_sock_bind
run #1: crashed: WARNING: locking bug in finish_task_switch
run #2: crashed: WARNING: locking bug in finish_task_switch
run #3: crashed: WARNING: locking bug in finish_task_switch
run #4: crashed: WARNING: locking bug in finish_task_switch
run #5: crashed: WARNING: locking bug in finish_task_switch
run #6: crashed: WARNING: locking bug in finish_task_switch
run #7: crashed: WARNING: locking bug in finish_task_switch
run #8: crashed: WARNING: locking bug in finish_task_switch
run #9: crashed: WARNING: locking bug in finish_task_switch
run #10: crashed: WARNING: locking bug in finish_task_switch
run #11: crashed: WARNING: locking bug in finish_task_switch
run #12: crashed: WARNING: locking bug in finish_task_switch
run #13: crashed: WARNING: locking bug in finish_task_switch
run #14: crashed: WARNING: locking bug in finish_task_switch
run #15: crashed: KASAN: use-after-free Write in hci_sock_bind
run #16: crashed: KASAN: use-after-free Write in hci_sock_bind
run #17: crashed: WARNING: locking bug in finish_task_switch
run #18: crashed: WARNING: locking bug in finish_task_switch
run #19: crashed: WARNING: locking bug in finish_task_switch
testing current HEAD fe07bfda2fb9cdef8a4d4008a409bb02f35f1bd8
testing commit fe07bfda2fb9cdef8a4d4008a409bb02f35f1bd8 with gcc (GCC) 10.2.1 20210217
kernel signature: cfae40de293bb3ba05bca2dd2d285bb7d7631862429f20e0c232a084995080fd
run #0: crashed: KASAN: use-after-free Write in hci_sock_bind
run #1: crashed: WARNING: locking bug in finish_task_switch
run #2: crashed: WARNING: locking bug in finish_task_switch
run #3: crashed: WARNING: locking bug in finish_task_switch
run #4: crashed: WARNING: locking bug in finish_task_switch
run #5: crashed: WARNING: locking bug in finish_task_switch
run #6: crashed: WARNING: locking bug in finish_task_switch
run #7: crashed: WARNING: locking bug in finish_task_switch
run #8: crashed: WARNING: locking bug in finish_task_switch
run #9: crashed: WARNING: locking bug in finish_task_switch
revisions tested: 2, total time: 27m40.034514461s (build: 13m9.375744149s, test: 13m39.533135142s)
the crash still happens on HEAD
commit msg: Linux 5.12-rc1
crash: WARNING: locking bug in finish_task_switch
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 0 PID: 8884 at kernel/locking/lockdep.c:202 hlock_class kernel/locking/lockdep.c:202 [inline]
WARNING: CPU: 0 PID: 8884 at kernel/locking/lockdep.c:202 hlock_class kernel/locking/lockdep.c:191 [inline]
WARNING: CPU: 0 PID: 8884 at kernel/locking/lockdep.c:202 check_wait_context kernel/locking/lockdep.c:4598 [inline]
WARNING: CPU: 0 PID: 8884 at kernel/locking/lockdep.c:202 __lock_acquire+0xe97/0x5050 kernel/locking/lockdep.c:4850
Modules linked in:
CPU: 0 PID: 8884 Comm: syz-executor087 Not tainted 5.12.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:hlock_class kernel/locking/lockdep.c:202 [inline]
RIP: 0010:hlock_class kernel/locking/lockdep.c:191 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4598 [inline]
RIP: 0010:__lock_acquire+0xe97/0x5050 kernel/locking/lockdep.c:4850
Code: 68 14 44 8a e8 aa 86 50 00 8b 05 dc 98 f0 08 85 c0 0f 85 ab f8 ff ff 48 c7 c6 40 2d cb 87 48 c7 c7 60 27 cb 87 e8 16 f3 ef 05 <0f> 0b 31 c0 e9 a2 f7 ff ff 8b b4 24 30 01 00 00 85 f6 0f 84 b4 02
RSP: 0018:ffffc90004a37680 EFLAGS: 00010086
RAX: 0000000000000000 RBX: ffff88812cb6ecd0 RCX: 0000000000000000
RDX: 0000000000000003 RSI: 0000000000000004 RDI: fffff52000946ec2
RBP: ffff88812cb6e340 R08: 0000000000000001 R09: ffff8881f642095b
R10: ffffed103ec8412b R11: fffffffffffa0708 R12: 0000000000000001
R13: 0000000000000988 R14: 0000000000000004 R15: dffffc0000000000
FS:  00007f57c838d700(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffd4deb970 CR3: 000000012da14000 CR4: 0000000000350ef0
Call Trace:
 lock_acquire kernel/locking/lockdep.c:5510 [inline]
 lock_acquire+0x212/0x850 kernel/locking/lockdep.c:5475
 finish_lock_switch kernel/sched/core.c:4074 [inline]
 finish_task_switch.isra.0+0x13f/0x6f0 kernel/sched/core.c:4193
 context_switch kernel/sched/core.c:4327 [inline]
 __schedule+0xf8e/0x2180 kernel/sched/core.c:5075
 preempt_schedule_irq+0xbf/0x1b0 kernel/sched/core.c:5532
 irqentry_exit_cond_resched kernel/entry/common.c:392 [inline]
 irqentry_exit_cond_resched kernel/entry/common.c:384 [inline]
 irqentry_exit+0x7a/0xa0 kernel/entry/common.c:428
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
RIP: 0010:arch_local_irq_enable arch/x86/include/asm/paravirt.h:659 [inline]
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:145 [inline]
RIP: 0010:lock_acquire kernel/locking/lockdep.c:5513 [inline]
RIP: 0010:lock_acquire+0x639/0x850 kernel/locking/lockdep.c:5475
Code: 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 80 01 00 00 48 83 3d b0 20 e3 07 00 74 5b fb 66 0f 1f 44 00 00 <e9> 06 fc ff ff 0f 0b e9 53 fa ff ff 0f 0b 0f 0b 0f 0b e9 e0 fe ff
RSP: 0018:ffffc90004a37ac0 EFLAGS: 00000282
RAX: 1ffffffff126df20 RBX: 1ffff92000946f5a RCX: 1ffff92000946f41
RDX: dffffc0000000000 RSI: ffffffff87cb2e00 RDI: ffffffff88127ae0
RBP: 0000000000000001 R08: 0000000000107ef8 R09: 0000000000000001
R10: fffffbfff182753d R11: 0000000000000000 R12: 0000000000000000
R13: ffff88810f7c1138 R14: 0000000000000000 R15: 0000000000000000
 flush_workqueue+0xed/0x1250 kernel/workqueue.c:2786
 hci_dev_open+0x129/0x290 net/bluetooth/hci_core.c:1675
 hci_sock_bind+0x310/0xfb0 net/bluetooth/hci_sock.c:1199
 __sys_bind+0x16b/0x1d0 net/socket.c:1637
 __do_sys_bind net/socket.c:1648 [inline]
 __se_sys_bind net/socket.c:1646 [inline]
 __x64_sys_bind+0x6a/0xb0 net/socket.c:1646
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x445f99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f57c838d318 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 00000000004cb4e8 RCX: 0000000000445f99
RDX: 0000000000000006 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00000000004cb4e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 6368762f7665642f
R13: 00007fffd4d2c72f R14: 00007f57c838d400 R15: 0000000000022000