bisecting fixing commit since 47ec5303d73ea344e84f46660fff693c57641386
building syzkaller on 1f122f880fe2064d038c0152fbdc763974580f15
testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0
kernel signature: cd0c8188e30f1d03b69686d63979325f22154f2c8e569d054e21bc21d6095241
run #0: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #1: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #2: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #3: crashed: WARNING: ODEBUG bug in hci_conn_del
run #4: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #5: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #6: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #7: crashed: WARNING: ODEBUG bug in hci_conn_del
run #8: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #9: crashed: WARNING: ODEBUG bug in cancel_delayed_work
testing current HEAD 583090b1b8232e6eae243a9009699666153a13a9
testing commit 583090b1b8232e6eae243a9009699666153a13a9 with gcc (GCC) 8.1.0
kernel signature: 841fc19cea8497145ddbdba00f57fbdea99be3227b20a2df8f7f760e02b41f6c
run #0: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #1: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #2: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #3: crashed: WARNING: ODEBUG bug in hci_conn_del
run #4: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #5: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #6: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #7: crashed: WARNING in hci_conn_timeout
run #8: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #9: crashed: WARNING: ODEBUG bug in hci_conn_del
revisions tested: 2, total time: 16m54.409253799s (build: 10m2.292022817s, test: 6m17.174097183s)
the crash still happens on HEAD
commit msg: Merge tag 'block5.9-2020-10-08' of git://git.kernel.dk/linux-block
crash: WARNING: ODEBUG bug in hci_conn_del
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: work_struct hint: hci_conn_timeout+0x0/0xc0 net/bluetooth/hci_conn.c:800
WARNING: CPU: 0 PID: 8235 at lib/debugobjects.c:488 debug_print_object+0x67/0x80 lib/debugobjects.c:485
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 8235 Comm: kworker/u5:1 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci1 hci_rx_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xcc lib/dump_stack.c:118
 panic+0x135/0x31a kernel/panic.c:231
 __warn.cold.13+0x20/0x25 kernel/panic.c:600
 report_bug+0xc0/0xf0 lib/bug.c:198
 handle_bug+0x35/0x90 arch/x86/kernel/traps.c:234
 exc_invalid_op+0x13/0x60 arch/x86/kernel/traps.c:254
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:debug_print_object+0x67/0x80 lib/debugobjects.c:485
Code: 8b 43 10 83 c2 01 4c 89 e6 48 c7 c7 08 54 f1 83 89 15 81 bd 21 04 8b 4b 14 4c 8b 45 00 48 8b 14 c5 40 1b 7a 83 e8 24 31 4e ff <0f> 0b 5b 83 05 8b 0e 95 02 01 5d 41 5c c3 83 05 80 0e 95 02 01 c3
RSP: 0018:ffffc90002b2fc38 EFLAGS: 00010082
RAX: 0000000000000000 RBX: ffff888110ac35c8 RCX: 0000000000000001
RDX: 0000000080000001 RSI: ffffffff8401b9b1 RDI: 00000000ffffffff
RBP: ffffffff842ec1c0 R08: 0000000000000000 R09: 0000000000000001
R10: ffff8881105800c0 R11: 1d327cb7d1b99e68 R12: ffffffff83ef3b9c
R13: ffff888110ac35c8 R14: 0000000000000000 R15: ffffffff842ec1c0
 __debug_check_no_obj_freed lib/debugobjects.c:967 [inline]
 debug_check_no_obj_freed+0x1bb/0x1dd lib/debugobjects.c:998
 kfree+0xf9/0x290 mm/slab.c:3759
 device_release+0x1f/0x70 drivers/base/core.c:1796
 kobject_cleanup lib/kobject.c:705 [inline]
 kobject_release lib/kobject.c:736 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x5f/0xc0 lib/kobject.c:753
 hci_conn_del+0xd6/0x170 net/bluetooth/hci_conn.c:645
 hci_phy_link_complete_evt net/bluetooth/hci_event.c:4940 [inline]
 hci_event_packet+0x1f9c/0x286d net/bluetooth/hci_event.c:6205
 hci_rx_work+0xbd/0x500 net/bluetooth/hci_core.c:4889
 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269
 worker_thread+0x38/0x380 kernel/workqueue.c:2415
 kthread+0x148/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Kernel Offset: disabled
Rebooting in 86400 seconds..