bisecting fixing commit since caffb99b6929f41a69edbb5aef3a359bf45f3315 building syzkaller on bd28eb9d7873a6a3232f8c5011e3175e2c9e8319 testing commit caffb99b6929f41a69edbb5aef3a359bf45f3315 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 3112cb08c8a343220a10ed93da320f5b7b0809a07a92338ad2652c3d35a79923 run #0: crashed: WARNING: locking bug in finish_task_switch run #1: crashed: WARNING: locking bug in finish_task_switch run #2: crashed: WARNING: locking bug in finish_task_switch run #3: crashed: WARNING: locking bug in finish_task_switch run #4: crashed: WARNING: locking bug in finish_task_switch run #5: crashed: KASAN: use-after-free Write in hci_sock_bind run #6: crashed: WARNING: locking bug in finish_task_switch run #7: crashed: WARNING: locking bug in finish_task_switch run #8: crashed: WARNING: locking bug in finish_task_switch run #9: crashed: WARNING: locking bug in finish_task_switch run #10: crashed: WARNING: locking bug in finish_task_switch run #11: crashed: KASAN: use-after-free Write in hci_sock_bind run #12: crashed: WARNING: locking bug in finish_task_switch run #13: crashed: KASAN: use-after-free Write in hci_sock_bind run #14: crashed: WARNING: locking bug in finish_task_switch run #15: crashed: WARNING: locking bug in finish_task_switch run #16: crashed: WARNING: locking bug in finish_task_switch run #17: crashed: WARNING: locking bug in finish_task_switch run #18: crashed: WARNING: locking bug in finish_task_switch run #19: crashed: WARNING: locking bug in finish_task_switch testing current HEAD c500bee1c5b2f1d59b1081ac879d73268ab0ff17 testing commit c500bee1c5b2f1d59b1081ac879d73268ab0ff17 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 565e132dda7614497d9be14206f106f576cece42611104f141b6d9e06ffae6c2 all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested revisions tested: 2, total time: 18m46.769858668s (build: 11m25.598232872s, test: 6m35.654484853s) the crash still happens on HEAD commit msg: Linux 5.14-rc4 crash: BUG: sleeping function called from invalid context in lock_sock_nested BUG: sleeping function called from invalid context at net/core/sock.c:3161 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 7419, name: syz-executor.0 1 lock held by syz-executor.0/7419: #0: ffffffff8a4485e0 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x344/0x530 net/bluetooth/hci_sock.c:763 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 PID: 7419 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xbd/0xe2 lib/dump_stack.c:105 ___might_sleep.cold+0x1f8/0x23e kernel/sched/core.c:9154 lock_sock_nested+0x1e/0xf0 net/core/sock.c:3161 lock_sock include/net/sock.h:1613 [inline] hci_sock_dev_event+0x3a9/0x530 net/bluetooth/hci_sock.c:765 hci_unregister_dev+0x28a/0xe60 net/bluetooth/hci_core.c:4033 vhci_release+0x62/0xd0 drivers/bluetooth/hci_vhci.c:340 __fput+0x209/0x870 fs/file_table.c:280 task_work_run+0xc0/0x160 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:175 [inline] exit_to_user_mode_prepare+0x278/0x280 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x40/0x70 kernel/entry/common.c:302 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x41760b Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:00007fffd0ff2b80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 000000000041760b RDX: 0000000000000000 RSI: 00000000005602a8 RDI: 0000000000000003 RBP: 0000000000000004 R08: 0000000000000000 R09: 0000001b33420070 R10: 00007fffd0ff2c50 R11: 0000000000000293 R12: 00000000000003e8 R13: 000000000055bf0c R14: 000000000055bf00 R15: 000000000055bf00 ======================================================