bisecting fixing commit since 47ec5303d73ea344e84f46660fff693c57641386
building syzkaller on 1f122f880fe2064d038c0152fbdc763974580f15
testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0
kernel signature: 26438a9bd22751b78161fba2312e358f04f7f9371960ea14c51d43ae3d8231f4
run #0: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #1: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #2: crashed: WARNING: ODEBUG bug in hci_conn_del
run #3: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #4: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #5: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #6: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #7: crashed: WARNING in hci_conn_timeout
run #8: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #9: crashed: WARNING: ODEBUG bug in hci_conn_del
testing current HEAD 4429f14aeea979b63bcafdcf9f09677fcf8fd475
testing commit 4429f14aeea979b63bcafdcf9f09677fcf8fd475 with gcc (GCC) 8.1.0
kernel signature: fcde2e870e264f77141ce213a9fbdbfe428fbed524ffec2c10a618a7a4247097
run #0: crashed: WARNING: ODEBUG bug in hci_conn_del
run #1: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #2: crashed: WARNING: ODEBUG bug in hci_conn_del
run #3: crashed: WARNING: ODEBUG bug in hci_conn_del
run #4: crashed: WARNING: ODEBUG bug in hci_conn_del
run #5: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #6: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #7: crashed: WARNING: ODEBUG bug in cancel_delayed_work
run #8: crashed: WARNING in hci_conn_timeout
run #9: crashed: WARNING: ODEBUG bug in cancel_delayed_work
revisions tested: 2, total time: 16m35.528613112s (build: 9m33.987498647s, test: 6m24.029666272s)
the crash still happens on HEAD
commit msg: Merge tag 'block-5.10-2020-11-07' of git://git.kernel.dk/linux-block
crash: WARNING: ODEBUG bug in cancel_delayed_work
------------[ cut here ]------------
ODEBUG: assert_init not available (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x10 arch/x86/include/asm/paravirt.h:653
WARNING: CPU: 0 PID: 13986 at lib/debugobjects.c:508 debug_print_object+0x67/0x80 lib/debugobjects.c:505
Modules linked in:
CPU: 0 PID: 13986 Comm: syz-executor.1 Not tainted 5.10.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:debug_print_object+0x67/0x80 lib/debugobjects.c:505
Code: 8b 43 10 83 c2 01 4c 89 e6 48 c7 c7 20 ca f6 83 89 15 11 b9 3a 04 8b 4b 14 4c 8b 45 00 48 8b 14 c5 20 53 7a 83 e8 8d 3a 2f 01 <0f> 0b 5b 83 05 db 7c a6 02 01 5d 41 5c c3 83 05 d0 7c a6 02 01 c3
RSP: 0018:ffffc90004a4fc30 EFLAGS: 00010086
RAX: 0000000000000000 RBX: ffffc90004a4fc50 RCX: 0000000000000001
RDX: 0000000080000001 RSI: ffffffff840738c1 RDI: 00000000ffffffff
RBP: ffffffff8362dc80 R08: 0000000000001538 R09: 0000000000000000
R10: 0000000000000001 R11: ffffc90004a4f99f R12: ffffffff83f6cc12
R13: 00000000000299b8 R14: ffffffff860b6ba0 R15: 0000000000000000
FS:  00007f33661a8700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3366165db8 CR3: 000000011c99c000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 debug_object_assert_init+0x147/0x180 lib/debugobjects.c:890
 debug_timer_assert_init kernel/time/timer.c:737 [inline]
 debug_assert_init kernel/time/timer.c:782 [inline]
 del_timer+0x29/0x80 kernel/time/timer.c:1202
 try_to_grab_pending+0x168/0x300 kernel/workqueue.c:1252
 __cancel_work kernel/workqueue.c:3224 [inline]
 cancel_delayed_work+0x29/0xd0 kernel/workqueue.c:3253
 hci_conn_drop include/net/bluetooth/hci_core.h:1144 [inline]
 sco_chan_del+0x72/0xe0 net/bluetooth/sco.c:149
 sco_sock_close+0x22/0x40 net/bluetooth/sco.c:448
 sco_sock_release+0x18/0xb0 net/bluetooth/sco.c:1059
 __sock_release+0x32/0xa0 net/socket.c:596
 sock_close+0xf/0x20 net/socket.c:1277
 __fput+0xaa/0x250 fs/file_table.c:281
 task_work_run+0x68/0xb0 kernel/task_work.c:151
 get_signal+0x600/0xc70 kernel/signal.c:2562
 arch_do_signal+0x2b/0x900 arch/x86/kernel/signal.c:811
 exit_to_user_mode_loop kernel/entry/common.c:161 [inline]
 exit_to_user_mode_prepare+0x1a2/0x220 kernel/entry/common.c:191
 syscall_exit_to_user_mode+0x7a/0x2c0 kernel/entry/common.c:266
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45ccd9
Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f33661a7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: fffffffffffffffc RBX: 0000000000002140 RCX: 000000000045ccd9
RDX: 0000000000000008 RSI: 00000000200000c0 RDI: 0000000000000004
RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
R13: 00007ffe341e7d1f R14: 00007f33661a89c0 R15: 000000000078bf0c