bisecting fixing commit since d7e78d08fa77acdea351c8f628f49ca9a0e1029a
building syzkaller on 816e0689d7d9d8321f8bf360740f0e516aee15ca
testing commit d7e78d08fa77acdea351c8f628f49ca9a0e1029a with gcc (GCC) 8.1.0
kernel signature: a5365229109ced6c176ab31f3f9f573b2bf4dd8688327115cf6fe9be6b5811b7
run #0: crashed: WARNING: ODEBUG bug in bt_host_release
run #1: crashed: WARNING: ODEBUG bug in bt_host_release
run #2: crashed: KASAN: use-after-free Read in __queue_work
run #3: crashed: WARNING: ODEBUG bug in bt_host_release
run #4: crashed: INFO: task hung in hci_req_sync
run #5: crashed: WARNING: ODEBUG bug in bt_host_release
run #6: crashed: WARNING: ODEBUG bug in bt_host_release
run #7: OK
run #8: OK
run #9: OK
testing current HEAD ca87c82811906f4fc5e936705564ba8176ba497f
testing commit ca87c82811906f4fc5e936705564ba8176ba497f with gcc (GCC) 8.1.0
kernel signature: 39b86f524ed3b034929480e745468a0e169c4b5c7ec1db052219799adb23f560
run #0: crashed: KASAN: use-after-free Read in __queue_work
run #1: crashed: WARNING: ODEBUG bug in bt_host_release
run #2: crashed: WARNING: ODEBUG bug in bt_host_release
run #3: crashed: KASAN: use-after-free Read in __queue_work
run #4: crashed: KASAN: use-after-free Read in __queue_work
run #5: crashed: WARNING: ODEBUG bug in corrupted
run #6: OK
run #7: OK
run #8: OK
run #9: OK
revisions tested: 2, total time: 38m31.694940579s (build: 16m33.487671054s, test: 21m21.086443214s)
the crash still happens on HEAD
commit msg: Linux 4.14.199
crash: WARNING: ODEBUG bug in corrupted
Bluetooth: hci1 command 0x0401 tx timeout
Bluetooth: hci1 command 0x0401 tx timeout
Bluetooth: hci1 command 0x0401 tx timeout
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4852
------------[ cut here ]------------
WARNING: CPU: 1 PID: 28819 at lib/debugobjects.c:290 debug_print_object.cold.8+0xa7/0xdb lib/debugobjects.c:287
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 28819 Comm: syz-executor.4 Not tainted 4.14.199-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Ca