bisecting cause commit starting from 6642d600b541b81931fb1ab0c041b0d68f77be7e
building syzkaller on fc9fd31ee7998c8b747752791000ea4eef07b5c6
testing commit 6642d600b541b81931fb1ab0c041b0d68f77be7e with gcc (GCC) 8.1.0
kernel signature: e9286f25651683c0e8d754fc55138abd031406caf7671369cce0a0160a0bbd32
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0
kernel signature: e508189465d39ffd8a9dcf9ccae50cef7d9bf7cb4686aa21cb801f2c95ce4704
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: b0669908e972d5961842171da3a8b0dc1740fd1cd57a3632345365e6d92d2536
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: ce3310a5b3e1c3295d73e0faafb06452de190f31f47c7d2c554179e95531b680
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: 7cd99adf0fef5b2dcb30a48a4dca138dc666a4d8d6b386418460f81c452b4dbc
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 2bb930b6a15dd564e179a871ba4f87042325a222665a423159f4869f66dfc247
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: feb8ac96d194eaf27977921b16703b1e9f94d516f821077d74d97ec7de18ffd2
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 1a755598e3356b5829349eb9e2273b28187c03794ec34d1877e657344a6ce3d3
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: dfc21b6003cefebc45d024e9a3f532861f725acd97bef72822173d75cdd63703
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: eb6e0dad6fe2f6bdf60bdec00d766b0b3c7fcc64d4af8c51c10eb77ec6940998
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: f8444d7f606701f2cba2c2b1e79ec64e2e00a9604951e8f29c97fd39394d2e63
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: d1de21bb044e544efe5b0b18676c1120101c7d2ac339371f47a9b257538ce7cb
all runs: OK
# git bisect start e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd 1c163f4c7b3f621efff9b28a47abb36f7378d783
Bisecting: 7074 revisions left to test after this (roughly 13 steps)
[b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew)

testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0
kernel signature: ff71be8b6a929c5f9467a645a985e46616690cd8b3d9361f868886897a2f2625
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
# git bisect bad b5dd0c658c31b469ccff1b637e5124851e7a4a1c
Bisecting: 3569 revisions left to test after this (roughly 12 steps)
[3478588b5136966c80c571cf0006f08e9e5b8f04] Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 3478588b5136966c80c571cf0006f08e9e5b8f04 with gcc (GCC) 8.1.0
kernel signature: e31846aff4809fc7cb30b33396eba37aca46a1cf3e08de881d0d6730dfa64b09
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
# git bisect bad 3478588b5136966c80c571cf0006f08e9e5b8f04
Bisecting: 1673 revisions left to test after this (roughly 11 steps)
[1a2566085650be593d464c4d73ac2d20ff67c058] Merge tag 'wireless-drivers-next-for-davem-2019-02-22' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next

testing commit 1a2566085650be593d464c4d73ac2d20ff67c058 with gcc (GCC) 8.1.0
kernel signature: dd4e3728419c93f53d6037030598435de888a99a94dcebcc6b3e5bc9e29463c5
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
# git bisect bad 1a2566085650be593d464c4d73ac2d20ff67c058
Bisecting: 920 revisions left to test after this (roughly 10 steps)
[deedf1feb255c7a390309f615e50de37cb82fb61] r8169: Avoid pointer aliasing

testing commit deedf1feb255c7a390309f615e50de37cb82fb61 with gcc (GCC) 8.1.0
kernel signature: bfc0f47b73d130aabef03d5ae4770fb960f7f99b626c742f77a540ff84aee7f1
all runs: OK
# git bisect good deedf1feb255c7a390309f615e50de37cb82fb61
Bisecting: 460 revisions left to test after this (roughly 9 steps)
[8b58d12f4ae1a10037b824b1fb409cf424d6aaac] net: sched: cgroup: verify that filter is not NULL during walk

testing commit 8b58d12f4ae1a10037b824b1fb409cf424d6aaac with gcc (GCC) 8.1.0
kernel signature: c83718da2109b0466e6b8edf031312dac4a8b8f095a878eb9f7ee2b3f6770fba
all runs: OK
# git bisect good 8b58d12f4ae1a10037b824b1fb409cf424d6aaac
Bisecting: 220 revisions left to test after this (roughly 8 steps)
[6c88e0ce5ebcbac8ac930c0149c217c6aa7ab0a3] Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git

testing commit 6c88e0ce5ebcbac8ac930c0149c217c6aa7ab0a3 with gcc (GCC) 8.1.0
kernel signature: 151cd65ed68754b152d672ffa1be3e806af9bb73448742c65ca970af9001438c
all runs: OK
# git bisect good 6c88e0ce5ebcbac8ac930c0149c217c6aa7ab0a3
Bisecting: 110 revisions left to test after this (roughly 7 steps)
[1103d3a5531ce60fa1f8ecaaa95d6f3558b77a29] net: stmmac: dwmac4: Also use TBU interrupt to clean TX path

testing commit 1103d3a5531ce60fa1f8ecaaa95d6f3558b77a29 with gcc (GCC) 8.1.0
kernel signature: 6d847a536c3d44ee10835744f8d2ea578bbad182943a1cf940e954e9edf5f4ca
all runs: OK
# git bisect good 1103d3a5531ce60fa1f8ecaaa95d6f3558b77a29
Bisecting: 45 revisions left to test after this (roughly 6 steps)
[b7b14ec1ebef35d22f3f4087816468f22c987f75] Merge remote-tracking branch 'net-next/master' into mac80211-next

testing commit b7b14ec1ebef35d22f3f4087816468f22c987f75 with gcc (GCC) 8.1.0
kernel signature: 577adba564f1df8f783685efd80b8da1d1522af0bdb48171677772c9aa748515
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
# git bisect bad b7b14ec1ebef35d22f3f4087816468f22c987f75
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[c15353be91902fa6cde08d4bf325d089895d65e8] mac80211: fix position of vendor_data read

testing commit c15353be91902fa6cde08d4bf325d089895d65e8 with gcc (GCC) 8.1.0
kernel signature: 27b5a8ff25c372e6335f83a5f73e4cb3c508da5a0c3cacccfe80eb7c598c78c6
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
# git bisect bad c15353be91902fa6cde08d4bf325d089895d65e8
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[caf56338c22f00098bf2acd646b0ddc691c80c24] mac80211: indicate support for multiple BSSID

testing commit caf56338c22f00098bf2acd646b0ddc691c80c24 with gcc (GCC) 8.1.0
kernel signature: d936f53b6f19edc7b8259c59cafbb8422399d70be213e9b4c45921615ee4fd1e
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
# git bisect bad caf56338c22f00098bf2acd646b0ddc691c80c24
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[0b8fb8235be8be99a197e8d948fc0a2df8dc261a] cfg80211: Parsing of Multiple BSSID information in scanning

testing commit 0b8fb8235be8be99a197e8d948fc0a2df8dc261a with gcc (GCC) 8.1.0
kernel signature: 7674d7ae5d80f48ba2637abf1c42498ec4e0f11fe8d7f56e672fd2b5569081d9
all runs: crashed: WARNING in cfg80211_inform_single_bss_frame_data
# git bisect bad 0b8fb8235be8be99a197e8d948fc0a2df8dc261a
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[49a68e0d88890060a2b9b6c6ad1ec53eb50abccf] cfg80211: add various struct element finding helpers

testing commit 49a68e0d88890060a2b9b6c6ad1ec53eb50abccf with gcc (GCC) 8.1.0
kernel signature: df14fa452f5a7b10688492acb092b1e37402e0bde4422b36870aa70998493b40
all runs: OK
# git bisect good 49a68e0d88890060a2b9b6c6ad1ec53eb50abccf
Bisecting: 1 revision left to test after this (roughly 1 step)
[4abb52a46e7336c1e568a53761c8b7a81bbaaeaf] mac80211: pass bssids to elements parsing function

testing commit 4abb52a46e7336c1e568a53761c8b7a81bbaaeaf with gcc (GCC) 8.1.0
kernel signature: 2db17c55826b5aa684ff64180c6840edd2164456ce938cc87cb54f99a14735bf
all runs: crashed: WARNING in cfg80211_inform_bss_frame_data
# git bisect bad 4abb52a46e7336c1e568a53761c8b7a81bbaaeaf
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[9f308616b6176b6dc470e6eb3569a09b100a823a] nl80211: use for_each_element() in validate_ie_attr()

testing commit 9f308616b6176b6dc470e6eb3569a09b100a823a with gcc (GCC) 8.1.0
kernel signature: 85e51e8c2dd121d33dc9dd54f4b439d376a3f006b60b782217c604abd52dd3a5
all runs: OK
# git bisect good 9f308616b6176b6dc470e6eb3569a09b100a823a
4abb52a46e7336c1e568a53761c8b7a81bbaaeaf is the first bad commit
commit 4abb52a46e7336c1e568a53761c8b7a81bbaaeaf
Author: Sara Sharon <sara.sharon@intel.com>
Date:   Wed Jan 16 12:14:41 2019 +0200

    mac80211: pass bssids to elements parsing function
    
    In multiple BSSID, we have nested IEs inside the multiple
    BSSID IE, that override the external ones for that specific
    BSS. As preparation for supporting that, pass 2 BSSIDs to the
    parse function, the transmitter, and the selected BSSID, so
    it can know which IEs to choose. If the selected BSSID is
    NULL, the outer ones will be applied.
    
    Change ieee80211_bss_info_update to parse elements itself,
    instead of receiving them parsed, so we have the relevant
    bss entry in hand.
    
    Signed-off-by: Sara Sharon <sara.sharon@intel.com>
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>

 net/mac80211/ibss.c        |  8 ++---
 net/mac80211/ieee80211_i.h | 13 ++++----
 net/mac80211/mesh.c        | 10 ++++---
 net/mac80211/mesh_hwmp.c   |  3 +-
 net/mac80211/mesh_plink.c  |  4 ++-
 net/mac80211/mlme.c        | 45 ++++++++++++++++------------
 net/mac80211/scan.c        | 75 ++++++++++++++++++++++++----------------------
 net/mac80211/tdls.c        |  6 ++--
 net/mac80211/util.c        |  3 +-
 9 files changed, 95 insertions(+), 72 deletions(-)

culprit signature: 2db17c55826b5aa684ff64180c6840edd2164456ce938cc87cb54f99a14735bf
parent  signature: 85e51e8c2dd121d33dc9dd54f4b439d376a3f006b60b782217c604abd52dd3a5
revisions tested: 26, total time: 5h4m6.007603083s (build: 2h18m40.28233317s, test: 2h42m6.330871527s)
first bad commit: 4abb52a46e7336c1e568a53761c8b7a81bbaaeaf mac80211: pass bssids to elements parsing function
recipients (to): ["davem@davemloft.net" "johannes.berg@intel.com" "johannes@sipsolutions.net" "linux-wireless@vger.kernel.org" "netdev@vger.kernel.org" "sara.sharon@intel.com"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: WARNING in cfg80211_inform_bss_frame_data
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
WARNING: CPU: 1 PID: 16 at net/wireless/scan.c:1242 cpu_max_bits_warn include/linux/cpumask.h:121 [inline]
WARNING: CPU: 1 PID: 16 at net/wireless/scan.c:1242 cpumask_check include/linux/cpumask.h:128 [inline]
WARNING: CPU: 1 PID: 16 at net/wireless/scan.c:1242 cpumask_test_cpu include/linux/cpumask.h:344 [inline]
WARNING: CPU: 1 PID: 16 at net/wireless/scan.c:1242 trace_cfg80211_inform_bss_frame net/wireless/trace.h:3171 [inline]
WARNING: CPU: 1 PID: 16 at net/wireless/scan.c:1242 cfg80211_inform_bss_frame_data+0xa7d/0xcd0 net/wireless/scan.c:1230
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.0.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x86/0xca lib/dump_stack.c:113
 panic+0x1e7/0x3ac kernel/panic.c:214
 __warn.cold.7+0x1b/0x37 kernel/panic.c:571
 report_bug+0x1a4/0x200 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x11b/0x1c0 arch/x86/kernel/traps.c:271
 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
RIP: 0010:cfg80211_inform_bss_frame_data+0xa7d/0xcd0 net/wireless/scan.c:1242
Code: 85 dc fc ff ff e8 46 d4 dd f9 e9 d2 fc ff ff 0f 0b 45 31 e4 e9 c8 fc ff ff 0f 0b 45 31 e4 e9 be fc ff ff 0f 0b e9 29 f6 ff ff <0f> 0b 45 31 e4 e9 ad fc ff ff 0f 0b e9 fb fc ff ff e8 ed 1a 2c fa
RSP: 0018:ffff8880b5aef720 EFLAGS: 00010246
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
RAX: ffff8880a505c540 RBX: ffff88809e973b80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880a505c58c
RBP: ffff8880b5aef880 R08: 1ffff11016b5b41f R09: ffffed101746595f
R10: ffffed101746595f R11: ffff8880ba32cafb R12: 0000000000000023
R13: ffff88809e973b80 R14: ffff8880a505cb40 R15: ffff8880b5aefa88
 ieee80211_bss_info_update+0x317/0x1500 net/mac80211/scan.c:108
 ieee80211_scan_rx+0x267/0x570 net/mac80211/scan.c:270
 __ieee80211_rx_handle_packet net/mac80211/rx.c:4397 [inline]
 ieee80211_rx_napi+0xfc1/0x2260 net/mac80211/rx.c:4594
 ieee80211_rx include/net/mac80211.h:4253 [inline]
 ieee80211_tasklet_handler+0xe9/0x100 net/mac80211/main.c:230
 tasklet_action_common.isra.3+0x120/0x230 kernel/softirq.c:523
 tasklet_action+0x4b/0x70 kernel/softirq.c:541
 __do_softirq+0x21d/0x8d2 kernel/softirq.c:292
 run_ksoftirqd+0x30/0x50 kernel/softirq.c:654
 smpboot_thread_fn+0x55f/0x860 kernel/smpboot.c:164
 kthread+0x324/0x3e0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..