bisecting cause commit starting from c6d8570e4d642a0c0bfbe7362ffa1b1433c72db1
building syzkaller on 98682e5e2aefc9aad61354f4f3ac93be96002a2a
testing commit c6d8570e4d642a0c0bfbe7362ffa1b1433c72db1 with gcc (GCC) 10.2.1 20210217
kernel signature: 5b41c6c1d248b0e11fcbb97732c096bdc828d0169b55ee4157acec7258e9996b
all runs: crashed: general protection fault in ieee80211_chanctx_num_assigned
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217
kernel signature: ab71b74ae43b8e01293cb6979afead33d9008edddcb466f6d56f0f23bb6fe207
all runs: crashed: general protection fault in ieee80211_chanctx_num_assigned
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217
kernel signature: a101d649bf0962eb896349f53f42525108b593f186d2cd8f9a781778a3990b4a
all runs: crashed: general protection fault in ieee80211_chanctx_num_assigned
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217
kernel signature: c3faff30c5f5505242b19b31fedfebb792b2b6db3ca15c5100cee4b3da2ac1e3
all runs: crashed: general protection fault in ieee80211_chanctx_num_assigned
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217
kernel signature: 3904fdeb990b0e70b8bda8efd10815e1863a3601695796bfbb63af277701bb1b
all runs: crashed: general protection fault in ieee80211_chanctx_num_assigned
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.4.1 20210217
kernel signature: 589b17bb836575ebde53035ba6933173a07823dbf21cd598cf3fcca3079e81a6
all runs: crashed: general protection fault in ieee80211_chanctx_num_assigned
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.4.1 20210217
kernel signature: bffa4480d6797812f3856d4c5267c180c0d1b2a36cbe2e4e7655785f988916d4
all runs: crashed: general protection fault in ieee80211_chanctx_num_assigned
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.4.1 20210217
kernel signature: 5990a270cce9c81faec881266cc65d1936a61f5e0651b36c7ec5a3ec8b43379d
all runs: crashed: general protection fault in ieee80211_chanctx_num_assigned
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.4.1 20210217
kernel signature: 5ddb139a897ab246638dd8d8c4fb8e49f5d59779b05ffc045372555b42d40702
all runs: boot failed: BUG: spinlock bad magic in nf_connlabels_get
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.4.1 20210217
kernel signature: dc6892aaf4def9037b74bf4632dc05024de897a85ae276de4d5b6956bc5f2f04
all runs: boot failed: can't ssh into the instance
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.4.1 20210217
kernel signature: 5de01a34558fd6fecab66c87b1983148f709c4c11f6bf9d11e7ddd56973e2358
all runs: boot failed: can't ssh into the instance
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.4.1 20210217
kernel signature: b448a70cff684391b1dae8ad450cd71da69806025d3ecdcf83a92b7a08ac0e5b
all runs: boot failed: can't ssh into the instance
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.4.1 20210217
kernel signature: 6d1c83262142372e1a055570aaa0904a725b0870e35db0accb443e81e7b2e270
all runs: boot failed: can't ssh into the instance
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.4.1 20210217
kernel signature: ec1dabf4e9264ce3a5bb97711f2a7ce4ee4d61a2108741909946c0b81804358a
all runs: boot failed: can't ssh into the instance
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.4.1 20210217
kernel signature: 17bf190e5e955aaabdad7fb3c23f003406563c480d7c4d26066127dcc54d40d1
all runs: boot failed: can't ssh into the instance
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.4.1 20210217
failed to run ["make" "-j" "64" "ARCH=x86_64" "CC=/syzkaller/shared/bisect_bin/gcc-8.1.0/bin/gcc" "bzImage"]: exit status 2
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.4.1 20210217
orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.4.1 20210217
orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.4.1 20210217
orc_dump.c:105:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:110:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:139:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.4.1 20210217
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:144:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:149:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.4.1 20210217
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.5.0
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:122:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:127:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.6
testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
revisions tested: 15, total time: 3h24m49.719892535s (build: 1h43m3.759329196s, test: 1h37m28.076204957s)
the crash already happened on the oldest tested release
commit msg: Linux 5.4
crash: general protection fault in ieee80211_chanctx_num_assigned
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 10783 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ieee80211_chanctx_num_assigned+0x98/0x110 net/mac80211/chan.c:21
Code: 98 40 f7 ff ff 48 39 c5 b8 00 00 00 00 74 35 49 bc 00 00 00 00 00 fc ff df 48 8d bb c0 08 00 00 83 c0 01 48 89 fa 48 c1 ea 03 <42> 80 3c 22 00 75 46 48 8b 93 c0 08 00 00 48 8d 9a 40 f7 ff ff 48
RSP: 0018:ffff888087cd73e8 EFLAGS: 00010a02
RAX: 0000000000000002 RBX: deacfffffffff840 RCX: 0000000000000000
RDX: 1bd5a00000000020 RSI: ffff8880ae4f2788 RDI: dead000000000100
RBP: ffff8880b4fdb120 R08: 1ffff11014194a81 R09: ffffed10173c6915
R10: ffffed10173c6914 R11: ffff8880b9e348a3 R12: dffffc0000000000
R13: ffff8880b4fdb100 R14: 0000000000000000 R15: ffff8880a0ca5bd0
FS:  00007ff3a8b6b700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1859259718 CR3: 00000000adee7000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ieee80211_assign_vif_chanctx+0x647/0x12a0 net/mac80211/chan.c:677
 __ieee80211_vif_release_channel+0x1b8/0x350 net/mac80211/chan.c:1544
 ieee80211_vif_release_channel+0xe9/0x1d0 net/mac80211/chan.c:1758
 ieee80211_ibss_disconnect+0x669/0xcf0 net/mac80211/ibss.c:742
 ieee80211_ibss_leave+0x11/0xd0 net/mac80211/ibss.c:1865
 rdev_leave_ibss net/wireless/rdev-ops.h:532 [inline]
 __cfg80211_leave_ibss+0x14c/0x630 net/wireless/ibss.c:212
 cfg80211_leave_ibss+0x51/0x70 net/wireless/ibss.c:230
 cfg80211_change_iface+0x914/0x1230 net/wireless/util.c:955
 nl80211_set_interface+0x437/0x810 net/wireless/nl80211.c:3551
 genl_family_rcv_msg+0x5ff/0xf40 net/netlink/genetlink.c:629
 genl_rcv_msg+0xb3/0x160 net/netlink/genetlink.c:654
 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2477
 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:665
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x3fc/0x5c0 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x71e/0xb70 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:657
 ___sys_sendmsg+0x653/0x950 net/socket.c:2311
 __sys_sendmsg+0xce/0x170 net/socket.c:2356
 do_syscall_64+0x8e/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x465d99
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff3a8b6b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465d99
RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000004
RBP: 00000000004bcf27 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0
R13: 00007ffe7ff35d4f R14: 00007ff3a8b6b300 R15: 0000000000022000
Modules linked in:
---[ end trace 6c18c452a2b40540 ]---
RIP: 0010:ieee80211_chanctx_num_assigned+0x98/0x110 net/mac80211/chan.c:21
Code: 98 40 f7 ff ff 48 39 c5 b8 00 00 00 00 74 35 49 bc 00 00 00 00 00 fc ff df 48 8d bb c0 08 00 00 83 c0 01 48 89 fa 48 c1 ea 03 <42> 80 3c 22 00 75 46 48 8b 93 c0 08 00 00 48 8d 9a 40 f7 ff ff 48
RSP: 0018:ffff888087cd73e8 EFLAGS: 00010a02
RAX: 0000000000000002 RBX: deacfffffffff840 RCX: 0000000000000000
RDX: 1bd5a00000000020 RSI: ffff8880ae4f2788 RDI: dead000000000100
RBP: ffff8880b4fdb120 R08: 1ffff11014194a81 R09: ffffed10173c6915
R10: ffffed10173c6914 R11: ffff8880b9e348a3 R12: dffffc0000000000
R13: ffff8880b4fdb100 R14: 0000000000000000 R15: ffff8880a0ca5bd0
FS:  00007ff3a8b6b700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005680c0 CR3: 00000000adee7000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400