bisecting fixing commit since 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60
building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7
testing commit 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 with gcc (GCC) 8.4.1 20210217
kernel signature: ea6baa1e0a5b8861d6fc49a57371b29d038676f8ac16287d6ea4d0ffb2b07f3c
run #0: crashed: WARNING in corrupted
run #1: crashed: WARNING in corrupted
run #2: crashed: WARNING in corrupted
run #3: crashed: WARNING in corrupted
run #4: crashed: WARNING in hci_conn_timeout
run #5: crashed: WARNING in corrupted
run #6: crashed: WARNING in corrupted
run #7: crashed: WARNING in corrupted
run #8: crashed: WARNING in corrupted
run #9: crashed: WARNING in corrupted
run #10: crashed: WARNING in corrupted
run #11: crashed: WARNING in corrupted
run #12: crashed: WARNING in hci_conn_timeout
run #13: crashed: WARNING in corrupted
run #14: crashed: WARNING in corrupted
run #15: crashed: WARNING in corrupted
run #16: crashed: WARNING in corrupted
run #17: crashed: WARNING in corrupted
run #18: crashed: WARNING in corrupted
run #19: crashed: WARNING in corrupted
testing current HEAD 3242aa3a635c0958671ee1e4b0958dcc7c4e5c79
testing commit 3242aa3a635c0958671ee1e4b0958dcc7c4e5c79 with gcc (GCC) 8.4.1 20210217
kernel signature: f16316372a42f5a1e6521f7d917f08f86e566911d597615067548790fa1e02c0
all runs: crashed: WARNING in corrupted
revisions tested: 2, total time: 25m52.096331576s (build: 15m9.514314703s, test: 9m47.099460438s)
the crash still happens on HEAD
commit msg: Linux 4.14.222
crash: WARNING in corrupted
------------[ cut here ]------------
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5830 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline]
WARNING: CPU: 1 PID: 5830 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline]
WARNING: CPU: 1 PID: 5830 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline]
WARNING: CPU: 1 PID: 5830 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419
WARNING: CPU: 0 PID: 5829 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline]
WARNING: CPU: 0 PID: 5829 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline]
WARNING: CPU: 0 PID: 5829 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline]
WARNING: CPU: 0 PID: 5829 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419
Kernel panic - not syncing: panic_on_warn set ...

Modules linked in:
CPU: 1 PID: 5830 Comm: kworker/u5:8 Not tainted 4.14.222-syzkaller #0
CPU: 0 PID: 5829 Comm: kworker/u5:7 Not tainted 4.14.222-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci5 hci_conn_timeout
Workqueue: hci2 hci_conn_timeout
task: ffff8881f034c440 task.stack: ffff8881e71e0000
Call Trace:
RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x14b/0x1e7 lib/dump_stack.c:58
RSP: 0018:ffff8881e71e7d48 EFLAGS: 00010286
 panic+0x1b0/0x358 kernel/panic.c:183
RAX: 00000000ffffeaf0 RBX: ffff8881e7656120 RCX: ffffed103e069998
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881e7656010
RBP: ffff8881e71e7d60 R08: 1ffff1103e069998 R09: ffffffff89569358
 __warn.cold.7+0x25/0x25 kernel/panic.c:547
R10: 0000000000000028 R11: ffff8881f034c440 R12: ffff8881e8cbdd00
R13: ffff8881f2464900 R14: ffff8881e8b9f800 R15: ffff8881e7656120
FS:  0000000000000000(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000
 report_bug+0x1a1/0x200 lib/bug.c:186
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000960004 CR3: 0000000007e6a002 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 fixup_bug arch/x86/kernel/traps.c:172 [inline]
 do_error_trap+0x1bd/0x310 arch/x86/kernel/traps.c:295
 process_one_work+0x74f/0x1620 kernel/workqueue.c:2116
 worker_thread+0xcc/0xee0 kernel/workqueue.c:2250
 kthread+0x338/0x400 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
Code: 
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
df 
RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404
48 
RSP: 0018:ffff8881dbd2fd48 EFLAGS: 00010286
8d 
RAX: 00000000ffffeb00 RBX: ffff8881e7f50420 RCX: ffffed103e10e1a0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881e7f50310
93 
RBP: ffff8881dbd2fd60 R08: 1ffff1103e10e1a0 R09: ffff8881dbd2fa68
80 
R10: ffff8881dbd2f9e0 R11: ffff8881f0870480 R12: ffff8881e89ed000
02 
R13: ffff8881f2464900 R14: ffff8881d9cbd000 R15: ffff8881e7f50420
00 
 process_one_work+0x74f/0x1620 kernel/workqueue.c:2116
00 
48 
 worker_thread+0xcc/0xee0 kernel/workqueue.c:2250
89 
 kthread+0x338/0x400 kernel/kthread.c:232
f9 
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
48 c1 e9 03 80 3c 01 00 75 45 48 8b 35 15 bd 03 03 bf 40 00 00 00 e8 bb e3 8a fb e9 38 ff ff ff <0f> 0b e9 a2 fe ff ff e8 3a be d2 fb e9 84 fe ff ff e8 f0 bd d2 
---[ end trace ef67709f21399864 ]---
Kernel Offset: disabled
Rebooting in 86400 seconds..