bisecting cause commit starting from 678cdd4967081b3035027b346d10f6f38bf367d2 building syzkaller on 2653fa43f8cced3279808d74e5f712bf45ef7551 testing commit 678cdd4967081b3035027b346d10f6f38bf367d2 with gcc (GCC) 8.1.0 kernel signature: 6daf450b78964b79da27550108f2affa57641d176637654e828cceb441f4af6c all runs: crashed: WARNING in ieee80211_s1g_channel_width testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: ea86b6ad8400c4b1748752694aec8f1b08cd80e2794c345407869587dadd95a5 all runs: OK # git bisect start 678cdd4967081b3035027b346d10f6f38bf367d2 bcf876870b95592b52519ed4aafcf9d95999bc9c Bisecting: 8873 revisions left to test after this (roughly 13 steps) [3f9df56480fc8ce492fc9e988d67bdea884ed15c] Merge tag 'sound-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 3f9df56480fc8ce492fc9e988d67bdea884ed15c with gcc (GCC) 8.1.0 kernel signature: 6557486b979d2c6902acc31a396afcb89d085be8b2afaaada5e20288cd8f2a58 all runs: OK # git bisect good 3f9df56480fc8ce492fc9e988d67bdea884ed15c Bisecting: 4453 revisions left to test after this (roughly 12 steps) [6ffdcde4ee9a20beda096dec664da89002610d7d] Merge tag 'edac_updates_for_5.9_pt2' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras testing commit 6ffdcde4ee9a20beda096dec664da89002610d7d with gcc (GCC) 8.1.0 kernel signature: fdfb3b5edce884ade7118a58462270d6b3e79505ee86d4b94887fb690191674f all runs: OK # git bisect good 6ffdcde4ee9a20beda096dec664da89002610d7d Bisecting: 2226 revisions left to test after this (roughly 11 steps) [b574bf0c6a8da461dcbe1c266ddd7e5ee10584a1] net: ethernet: ti: ale: add cpsw_ale_get_num_entries api testing commit b574bf0c6a8da461dcbe1c266ddd7e5ee10584a1 with gcc (GCC) 8.1.0 kernel signature: f68e13c1b67f87d9284831c030a2ee401bd2d62e42a168c564e53add22cac2de all runs: OK # git bisect good b574bf0c6a8da461dcbe1c266ddd7e5ee10584a1 Bisecting: 1050 revisions left to test after this (roughly 10 steps) [3ab0a7a0c349a1d7beb2bb371a62669d1528269d] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 3ab0a7a0c349a1d7beb2bb371a62669d1528269d with gcc (GCC) 8.1.0 kernel signature: 49ae825f405a1b35850d4bdd7caa9655a4c0bc4cf2a5ed672009d571b6b499ea all runs: crashed: WARNING in ieee80211_s1g_channel_width # git bisect bad 3ab0a7a0c349a1d7beb2bb371a62669d1528269d Bisecting: 591 revisions left to test after this (roughly 9 steps) [0baca070068c58b95e342881d9da4840d5cf3bd1] Merge tag 'io_uring-5.9-2020-09-22' of git://git.kernel.dk/linux-block testing commit 0baca070068c58b95e342881d9da4840d5cf3bd1 with gcc (GCC) 8.1.0 kernel signature: d43de2458b30159df7acce70479420abb770215f1adf718eac320c2e7df8f444 all runs: OK # git bisect good 0baca070068c58b95e342881d9da4840d5cf3bd1 Bisecting: 295 revisions left to test after this (roughly 8 steps) [8350129930d2d74426b03d2d59d121156c204531] net: dsa: deny enslaving 802.1Q upper to VLAN-aware bridge from PRECHANGEUPPER testing commit 8350129930d2d74426b03d2d59d121156c204531 with gcc (GCC) 8.1.0 kernel signature: 6af72da8cba4149e70bb3dc43824bf71d0bbfaff4af8f3a465418d6e9ab904d0 all runs: OK # git bisect good 8350129930d2d74426b03d2d59d121156c204531 Bisecting: 147 revisions left to test after this (roughly 7 steps) [fe81d9f6182d1160e625894eecb3d7ff0222cac5] net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant testing commit fe81d9f6182d1160e625894eecb3d7ff0222cac5 with gcc (GCC) 8.1.0 kernel signature: 91f79172a0f904da9805ba8f32067c33562b6dc33b70029b0ce8a50182fb436b all runs: OK # git bisect good fe81d9f6182d1160e625894eecb3d7ff0222cac5 Bisecting: 86 revisions left to test after this (roughly 6 steps) [ae4dd9a8c21790b3a5eea81f8a56b3743c6d74cc] Merge tag 'mac80211-next-for-net-next-2020-09-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next testing commit ae4dd9a8c21790b3a5eea81f8a56b3743c6d74cc with gcc (GCC) 8.1.0 kernel signature: 36c5a866345788fb89f616bff40029fafb07866dd5ad1891b336c4a7d9f4b6c7 all runs: crashed: WARNING in ieee80211_s1g_channel_width # git bisect bad ae4dd9a8c21790b3a5eea81f8a56b3743c6d74cc Bisecting: 30 revisions left to test after this (roughly 5 steps) [66e22932eb795f12cc78c7592581673049d85a8c] net: phy: realtek: enable ALDPS to save power for RTL8211F testing commit 66e22932eb795f12cc78c7592581673049d85a8c with gcc (GCC) 8.1.0 kernel signature: 0a3e879697555361feeecca154ade90795ecdfb52bc2bbddf3a1d1a55826b6bf all runs: OK # git bisect good 66e22932eb795f12cc78c7592581673049d85a8c Bisecting: 15 revisions left to test after this (roughly 4 steps) [f02dff93e26bef46f5511f1e8229061bd23c3074] mac80211: extend ieee80211_tx_status_ext to support bulk free testing commit f02dff93e26bef46f5511f1e8229061bd23c3074 with gcc (GCC) 8.1.0 kernel signature: a69ccae151821843871dfe3716700b49a48ee29132fb6ba1275124324797d3f6 all runs: OK # git bisect good f02dff93e26bef46f5511f1e8229061bd23c3074 Bisecting: 7 revisions left to test after this (roughly 3 steps) [291c49ded2fda1fd0d7bd6056de99fe47d2332e6] nl80211: Add FILS discovery support testing commit 291c49ded2fda1fd0d7bd6056de99fe47d2332e6 with gcc (GCC) 8.1.0 kernel signature: d57b70108f50c6cd8b4c7175578f992eb0b4d784d9728340996ca9d182213d99 all runs: crashed: WARNING in ieee80211_s1g_channel_width # git bisect bad 291c49ded2fda1fd0d7bd6056de99fe47d2332e6 Bisecting: 3 revisions left to test after this (roughly 2 steps) [68dbad8c656960292142832c3b44c63db9831d67] cfg80211: regulatory: handle S1G channels testing commit 68dbad8c656960292142832c3b44c63db9831d67 with gcc (GCC) 8.1.0 kernel signature: fc01ce1b36797b5f2bc749e670e865fde7b7f80faf6da8ac05cd98eb4354ad53 all runs: OK # git bisect good 68dbad8c656960292142832c3b44c63db9831d67 Bisecting: 1 revision left to test after this (roughly 1 step) [11b34737b18a70c74d5cf13ee58d36e95879013c] nl80211: support setting S1G channels testing commit 11b34737b18a70c74d5cf13ee58d36e95879013c with gcc (GCC) 8.1.0 kernel signature: 2efc4fd442cca9d1484ca218dd589ac67e8ebf91391c50ca27124399b67dceb9 all runs: crashed: WARNING in ieee80211_s1g_channel_width # git bisect bad 11b34737b18a70c74d5cf13ee58d36e95879013c Bisecting: 0 revisions left to test after this (roughly 0 steps) [1d47f1198d58117735edc6b8b1a687db47883f1e] nl80211: correctly validate S1G beacon head testing commit 1d47f1198d58117735edc6b8b1a687db47883f1e with gcc (GCC) 8.1.0 kernel signature: 8e67f977a76f5b3a9031e881dd49865c60eea676e575b9c2623f74ab6b988924 all runs: OK # git bisect good 1d47f1198d58117735edc6b8b1a687db47883f1e 11b34737b18a70c74d5cf13ee58d36e95879013c is the first bad commit commit 11b34737b18a70c74d5cf13ee58d36e95879013c Author: Thomas Pedersen Date: Tue Sep 8 12:03:06 2020 -0700 nl80211: support setting S1G channels S1G channels have a single width defined per frequency, so derive it from the channel flags with ieee80211_s1g_channel_width(). Also support setting an S1G channel where control frequency may differ from operating, and add some basic validation to ensure the control channel is with the operating. Signed-off-by: Thomas Pedersen Link: https://lore.kernel.org/r/20200908190323.15814-6-thomas@adapt-ip.com Signed-off-by: Johannes Berg include/net/cfg80211.h | 10 ++++ net/wireless/chan.c | 130 +++++++++++++++++++++++++++++-------------------- net/wireless/util.c | 27 ++++++++++ 3 files changed, 115 insertions(+), 52 deletions(-) culprit signature: 2efc4fd442cca9d1484ca218dd589ac67e8ebf91391c50ca27124399b67dceb9 parent signature: 8e67f977a76f5b3a9031e881dd49865c60eea676e575b9c2623f74ab6b988924 revisions tested: 16, total time: 3h27m4.327702572s (build: 1h22m15.101810962s, test: 2h3m11.047184133s) first bad commit: 11b34737b18a70c74d5cf13ee58d36e95879013c nl80211: support setting S1G channels recipients (to): ["davem@davemloft.net" "johannes.berg@intel.com" "kuba@kernel.org" "netdev@vger.kernel.org" "thomas@adapt-ip.com"] recipients (cc): ["johannes@sipsolutions.net" "linux-kernel@vger.kernel.org" "linux-wireless@vger.kernel.org"] crash: WARNING in ieee80211_s1g_channel_width ------------[ cut here ]------------ WARNING: CPU: 1 PID: 8327 at net/wireless/util.c:117 ieee80211_s1g_channel_width+0xa/0x60 net/wireless/util.c:117 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 8327 Comm: syz-executor.2 Not tainted 5.9.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xa3/0xcc lib/dump_stack.c:118 panic+0x16e/0x353 kernel/panic.c:231 __warn.cold.13+0x20/0x2c kernel/panic.c:600 report_bug+0xc0/0xf0 lib/bug.c:198 handle_bug+0x35/0x90 arch/x86/kernel/traps.c:234 exc_invalid_op+0x13/0x60 arch/x86/kernel/traps.c:254 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536 RIP: 0010:ieee80211_s1g_channel_width+0xa/0x60 net/wireless/util.c:117 Code: ac 83 fa 03 75 a7 43 8d 04 00 c3 0f 0b 31 c0 c3 44 89 c0 d1 e8 c3 c3 66 0f 1f 84 00 00 00 00 00 48 85 ff 74 05 83 3f 04 74 05 <0f> 0b 31 c0 c3 8b 57 0c b8 08 00 00 00 f6 c6 40 75 36 f6 c6 80 b8 RSP: 0018:ffffc9000295f9a0 EFLAGS: 00010293 RAX: ffff88810eb3b7d0 RBX: ffffc9000295fa20 RCX: 00000000005042e0 RDX: 000000000000000b RSI: ffff88810eb3b7d0 RDI: ffff88810eb3b7d0 RBP: 0000000000000000 R08: ffff88810ea15000 R09: 0000000000000000 R10: ffffc9000295faf8 R11: 963beab4bb8bb401 R12: 000000000000148c R13: 000000000000148c R14: 0000000000000000 R15: 0000000000000000 cfg80211_chandef_valid+0x1f0/0x330 net/wireless/chan.c:227 nl80211_parse_chandef+0x14e/0x310 net/wireless/nl80211.c:2934 __nl80211_set_channel+0x9b/0x2b0 net/wireless/nl80211.c:2971 nl80211_set_wiphy+0x2f6/0xb20 net/wireless/nl80211.c:3144 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline] genl_family_rcv_msg net/netlink/genetlink.c:714 [inline] genl_rcv_msg+0x1d0/0x2ef net/netlink/genetlink.c:731 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:742 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x1ed/0x230 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmsg+0x52/0xa0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45dea9 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd42e9d5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000002af80 RCX: 000000000045dea9 RDX: 0000000000000000 RSI: 0000000020001f40 RDI: 0000000000000003 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffc009452af R14: 00007fd42e9d69c0 R15: 000000000118bf2c Kernel Offset: disabled Rebooting in 86400 seconds..