bisecting cause commit starting from 33dc9614dc208291d0c4bcdeb5d30d481dcd2c4c building syzkaller on ba24ffcde7219e5374bb0b093368a58009c85d1d testing commit 33dc9614dc208291d0c4bcdeb5d30d481dcd2c4c with gcc (GCC) 8.1.0 kernel signature: bf5fd28425d1f3027406201279001c8e5c3c5b126066e8b87ba4235fa5197eb1 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: ae997c81c8480492441e712d3c127e3da959156d4e937c464609e101fa84e28c run #0: crashed: BUG: corrupted list in kobject_add_internal run #1: crashed: BUG: corrupted list in kobject_add_internal run #2: crashed: BUG: corrupted list in kobject_add_internal run #3: crashed: BUG: corrupted list in kobject_add_internal run #4: crashed: BUG: corrupted list in kobject_add_internal run #5: crashed: BUG: corrupted list in kobject_add_internal run #6: crashed: BUG: corrupted list in kobject_add_internal run #7: crashed: BUG: corrupted list in kobj_kset_leave run #8: crashed: BUG: corrupted list in kobject_add_internal run #9: crashed: BUG: corrupted list in kobject_add_internal testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 564d400b258121a59fd078dbf7c8b7f09da4cfb1512f654dcb1a9f98d3676daf all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 03e471e8cd8d84e16a9ff6a3dbcec09c579b68cfa125584dcae4b629d7261e28 run #0: crashed: BUG: corrupted list in kobject_add_internal run #1: crashed: BUG: corrupted list in kobject_add_internal run #2: crashed: BUG: corrupted list in kobject_add_internal run #3: crashed: BUG: corrupted list in kobject_add_internal run #4: crashed: BUG: corrupted list in kobject_add_internal run #5: crashed: BUG: corrupted list in kobject_add_internal run #6: crashed: BUG: corrupted list in kobject_add_internal run #7: crashed: BUG: corrupted list in kobject_add_internal run #8: crashed: KASAN: use-after-free Read in hci_conn_add_sysfs run #9: crashed: BUG: corrupted list in kobject_add_internal testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 5593ee453513c7b19de6d8c0de3a01d6226d3129b2cf07a7d02882efb811b071 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 65eea13ddc652e79a312f327f6a0e75a302d95d85fc94e5f2fa6b02cb225f2be all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 8c05250c5f3378271bc4a038b521dee136b4ac7982c41a849b91d0eb16099fa4 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 20ba57603f6377c5e073ce6a66b762e7782253146a352daa80104ec2b5a98d86 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 671d4b1d247e018930d04001b74feca42e2262a7ea06aaa729f3b7bbc46790d8 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: c713242be38d96e897ea468e01561f06506deeaf2302297b1273b9d24d8d5bc6 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 1e87b48aacdcb9ed6e0241257d28f1c16157b62d35c1755795f115d7e6331864 run #0: crashed: BUG: corrupted list in kobject_add_internal run #1: crashed: BUG: corrupted list in kobject_add_internal run #2: crashed: BUG: corrupted list in kobject_add_internal run #3: crashed: BUG: corrupted list in kobject_add_internal run #4: crashed: BUG: corrupted list in kobject_add_internal run #5: crashed: BUG: corrupted list in kobject_add_internal run #6: crashed: BUG: corrupted list in kobject_add_internal run #7: crashed: BUG: corrupted list in kobject_add_internal run #8: crashed: BUG: corrupted list in corrupted run #9: crashed: BUG: corrupted list in kobject_add_internal testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 7f95db7c3a1df39a37c72c9fe5710453368c857a4b1e7eb3a1d1d106076e07fe all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: f1ab3cd8496995162dbc0cbedba474888ca297243f8590ab15079e1e6b0dfd26 run #0: crashed: BUG: corrupted list in kobject_add_internal run #1: crashed: BUG: corrupted list in kobject_add_internal run #2: crashed: BUG: corrupted list in kobject_add_internal run #3: crashed: BUG: corrupted list in kobject_add_internal run #4: crashed: BUG: corrupted list in kobject_add_internal run #5: crashed: BUG: corrupted list in kobject_add_internal run #6: crashed: BUG: corrupted list in kobject_add_internal run #7: crashed: BUG: corrupted list in kobject_add_internal run #8: crashed: BUG: corrupted list in sysfs_warn_dup run #9: crashed: BUG: corrupted list in kobject_add_internal testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 8721e48a2308690b994a2084b01a0a0cc7459cfef9b660ea5a9dca76a079a503 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: fd3470d4e1fa8ec8cbaabd5493d8c4af05652eca06da5c59ebe3c177a8bec08a all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 27efb43a5f3e3740938faafb54e2f8bfbb54e5b36f53d734a6e7f5ceebdaeec5 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 2d0ececfdf06fbacaf067bb4fda1739cc480d9c21490ee8287073fa748d0c0d2 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: f134d52c360cc82465dabb48fbd9fd9c8e52ffa37a333463f79673ca6fdcde6e all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: 0a670b9b1434d8bf6cc0a0e0d4e7d05986196fa507e5107d2fac3f4388a5dd79 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: d759c57fcb89601e1d05047e0bde105e6e47f45c88e358fa3ebb21468f439187 all runs: basic kernel testing failed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: 4af9efcd4e5b978e14ecf0ba3994728d5e3a82fe60459bc7d04520c493dcde7d all runs: basic kernel testing failed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: f6f824a57a07118bb228da633579a478a8739ca5bbfb522b210554e2943f9734 all runs: crashed: BUG: corrupted list in kobject_add_internal testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: f207b2be035d69de4c85eefc0b312330bfe44ca0147301636ce94dbc436cc0e1 run #0: OK run #1: OK run #2: OK run #3: OK run #4: crashed: WARNING in nf_unregister_net_hook run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 kernel signature: ec6be81d1f51e758d739a919ffb0a18af3f3e98656096b09553bfda4e374d1a8 all runs: OK # git bisect start 69973b830859bc6529a7a0468ba0d80ee5117826 c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 Bisecting: 8695 revisions left to test after this (roughly 13 steps) [a5af7e1fc69a46f29b977fd4b570e0ac414c2338] rxrpc: Fix loss of PING RESPONSE ACK production due to PING ACKs testing commit a5af7e1fc69a46f29b977fd4b570e0ac414c2338 with gcc (GCC) 5.5.0 kernel signature: 823a7076573c4d78c4baa572c33bfc8727076fca879e9281aa86301529b50051 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad a5af7e1fc69a46f29b977fd4b570e0ac414c2338 Bisecting: 4346 revisions left to test after this (roughly 12 steps) [d268dbe76a53d72cc41316eb59e7968db60e77ad] Merge tag 'pinctrl-v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit d268dbe76a53d72cc41316eb59e7968db60e77ad with gcc (GCC) 5.5.0 kernel signature: e77203db371ec8b8b94321e337a42d613842e0ea210091b603a00066a3cad4f6 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-execprog" "root@10.128.0.242:./syz-execprog"]: exit status 1 Connection timed out during banner exchange lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: general protection fault in nf_unregister_net_hook # git bisect bad d268dbe76a53d72cc41316eb59e7968db60e77ad Bisecting: 2170 revisions left to test after this (roughly 11 steps) [02bafd96f3a5d8e610b19033ffec55b92459aaae] Merge tag 'docs-4.9' of git://git.lwn.net/linux testing commit 02bafd96f3a5d8e610b19033ffec55b92459aaae with gcc (GCC) 5.5.0 kernel signature: 73729fe69ff046e0e90e974beccba702500c39e600624c09a1053b9d3a7c0b37 all runs: OK # git bisect good 02bafd96f3a5d8e610b19033ffec55b92459aaae Bisecting: 1051 revisions left to test after this (roughly 10 steps) [e812bd905a5cf00fea95da9df4889dad63d4a36a] Merge tag 'wireless-drivers-next-for-davem-2016-09-15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit e812bd905a5cf00fea95da9df4889dad63d4a36a with gcc (GCC) 5.5.0 kernel signature: 04272db22a0b713683ddba8025e20b2f0c0e1941ed02e0ac28f5335e810a7bcf run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: general protection fault in batadv_iv_ogm_queue_add # git bisect bad e812bd905a5cf00fea95da9df4889dad63d4a36a Bisecting: 559 revisions left to test after this (roughly 9 steps) [ccbd3dbe85e1445231a7e0da2dada130cedce9d0] rxrpc: Fix a potential NULL-pointer deref in rxrpc_abort_calls testing commit ccbd3dbe85e1445231a7e0da2dada130cedce9d0 with gcc (GCC) 5.5.0 kernel signature: 3f49adefe360137040cf285aae8f046b115f263ad48c6d9c3444b4a9733f825b all runs: OK # git bisect good ccbd3dbe85e1445231a7e0da2dada130cedce9d0 Bisecting: 279 revisions left to test after this (roughly 8 steps) [aebf5de07aabd44db740c9d33b6daa1abd19fa56] sctp: use IS_ENABLED() instead of checking for built-in or module testing commit aebf5de07aabd44db740c9d33b6daa1abd19fa56 with gcc (GCC) 5.5.0 kernel signature: cca89759b08e1e433853db864494d2c990bcbcf9bbf7407f15e70a7af13675a0 all runs: OK # git bisect good aebf5de07aabd44db740c9d33b6daa1abd19fa56 Bisecting: 139 revisions left to test after this (roughly 7 steps) [ae1799a1cb130170c3ba3370793cea5b0d9d2aa8] mwifiex: correction in Rx STBC field of htcapinfo testing commit ae1799a1cb130170c3ba3370793cea5b0d9d2aa8 with gcc (GCC) 5.5.0 kernel signature: cf9da3845f0b922a8d891c400ee9f907b9b56f7e262004a2af4bfa23e4789a06 all runs: OK # git bisect good ae1799a1cb130170c3ba3370793cea5b0d9d2aa8 Bisecting: 69 revisions left to test after this (roughly 6 steps) [bc4abfcf51835420d61440b2b7aa18181bc1f273] rxrpc: Add missing wakeup on Tx window rotation testing commit bc4abfcf51835420d61440b2b7aa18181bc1f273 with gcc (GCC) 5.5.0 kernel signature: f545e83dcfa64ed561462fc08be7c1bedd8e7c8120f9b09fc9109bd47072ef29 all runs: OK # git bisect good bc4abfcf51835420d61440b2b7aa18181bc1f273 Bisecting: 34 revisions left to test after this (roughly 5 steps) [39caa8bf6d5fec6a954e76fdb14c9740b8e5d526] Merge tag 'rxrpc-rewrite-20160913-1' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs testing commit 39caa8bf6d5fec6a954e76fdb14c9740b8e5d526 with gcc (GCC) 5.5.0 kernel signature: 7ee1dbad448d08b1a7994fa4e039191fad6f3deaded31883dfdb75f6b3951b59 all runs: OK # git bisect good 39caa8bf6d5fec6a954e76fdb14c9740b8e5d526 Bisecting: 17 revisions left to test after this (roughly 4 steps) [7e5eded5c189abaea77556da41af1195af841b0a] net: emac: remove unnecessary dev_set_drvdata() testing commit 7e5eded5c189abaea77556da41af1195af841b0a with gcc (GCC) 5.5.0 kernel signature: 4f8b71dd88023ad2afcb7ee02a66b315fde2f42aa7d93f35a935537aa8e25183 all runs: OK # git bisect good 7e5eded5c189abaea77556da41af1195af841b0a Bisecting: 8 revisions left to test after this (roughly 3 steps) [4415a0319f92ea0d624fe11c917faf9114f89187] net/mlx5e: Implement RX mapped page cache for page recycle testing commit 4415a0319f92ea0d624fe11c917faf9114f89187 with gcc (GCC) 5.5.0 kernel signature: f875be93ecfa736d822b5d5bb4537ea2b1b31f9c0a5091ac5ea43bd09c84f0d7 all runs: OK # git bisect good 4415a0319f92ea0d624fe11c917faf9114f89187 Bisecting: 4 revisions left to test after this (roughly 2 steps) [1dc80798a8caab8b5788da96ab220c91a03d7d29] iwlegacy: constify local structures testing commit 1dc80798a8caab8b5788da96ab220c91a03d7d29 with gcc (GCC) 5.5.0 kernel signature: cf9da3845f0b922a8d891c400ee9f907b9b56f7e262004a2af4bfa23e4789a06 all runs: OK # git bisect good 1dc80798a8caab8b5788da96ab220c91a03d7d29 Bisecting: 2 revisions left to test after this (roughly 1 step) [787764676f94114980d17e627b21937f4245c866] mwifiex: Command 7 handling for USB chipsets testing commit 787764676f94114980d17e627b21937f4245c866 with gcc (GCC) 5.5.0 kernel signature: cf9da3845f0b922a8d891c400ee9f907b9b56f7e262004a2af4bfa23e4789a06 all runs: OK # git bisect good 787764676f94114980d17e627b21937f4245c866 Bisecting: 1 revision left to test after this (roughly 1 step) [b7450e248d71067e0c1a09614cf3d7571f7e10fa] mwifiex: firmware name correction for usb8997 chipset testing commit b7450e248d71067e0c1a09614cf3d7571f7e10fa with gcc (GCC) 5.5.0 kernel signature: cf9da3845f0b922a8d891c400ee9f907b9b56f7e262004a2af4bfa23e4789a06 all runs: OK # git bisect good b7450e248d71067e0c1a09614cf3d7571f7e10fa Bisecting: 0 revisions left to test after this (roughly 0 steps) [31b9662193be6ed111db42dca20222a5282ab616] Merge branch 'mlx5e-order-0' testing commit 31b9662193be6ed111db42dca20222a5282ab616 with gcc (GCC) 5.5.0 kernel signature: f875be93ecfa736d822b5d5bb4537ea2b1b31f9c0a5091ac5ea43bd09c84f0d7 all runs: OK # git bisect good 31b9662193be6ed111db42dca20222a5282ab616 e812bd905a5cf00fea95da9df4889dad63d4a36a is the first bad commit commit e812bd905a5cf00fea95da9df4889dad63d4a36a Merge: 31b9662193be b7450e248d71 Author: David S. Miller Date: Sat Sep 17 09:53:29 2016 -0400 Merge tag 'wireless-drivers-next-for-davem-2016-09-15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: ==================== wireless-drivers-next patches for 4.9 Major changes: iwlwifi * preparation for new a000 HW continues * some DQA improvements * add support for GMAC * add support for 9460, 9270 and 9170 series mwifiex * support random MAC address for scanning * add HT aggregation support for adhoc mode * add custom regulatory domain support * add manufacturing mode support via nl80211 testmode interface bcma * support BCM53573 series of wireless SoCs bitfield.h * add FIELD_PREP() and FIELD_GET() macros mt7601u * convert to use the new bitfield.h macros brcmfmac * add support for bcm4339 chip with modalias sdio:c00v02D0d4339 ath10k * add nl80211 testmode support for 10.4 firmware * hide kernel addresses from logs using %pK format specifier * implement NAPI support * enable peer stats by default ath9k * use ieee80211_tx_status_noskb where possible wil6210 * extract firmware capabilities from the firmware file ath6kl * enable firmware crash dumps on the AR6004 ath-current is also merged to fix a conflict in ath10k. ==================== Signed-off-by: David S. Miller drivers/bcma/driver_chipcommon.c | 32 +- drivers/bcma/main.c | 6 +- drivers/net/wireless/ath/ath10k/ahb.c | 12 +- drivers/net/wireless/ath/ath10k/bmi.c | 4 +- drivers/net/wireless/ath/ath10k/ce.c | 4 +- drivers/net/wireless/ath/ath10k/core.c | 125 ++- drivers/net/wireless/ath/ath10k/core.h | 79 +- drivers/net/wireless/ath/ath10k/debug.c | 11 +- drivers/net/wireless/ath/ath10k/htc.c | 6 +- drivers/net/wireless/ath/ath10k/htt.h | 2 +- drivers/net/wireless/ath/ath10k/htt_rx.c | 194 +++-- drivers/net/wireless/ath/ath10k/htt_tx.c | 2 - drivers/net/wireless/ath/ath10k/hw.c | 13 + drivers/net/wireless/ath/ath10k/hw.h | 76 +- drivers/net/wireless/ath/ath10k/mac.c | 70 +- drivers/net/wireless/ath/ath10k/pci.c | 77 +- drivers/net/wireless/ath/ath10k/pci.h | 6 +- drivers/net/wireless/ath/ath10k/swap.c | 26 +- drivers/net/wireless/ath/ath10k/swap.h | 11 +- drivers/net/wireless/ath/ath10k/testmode.c | 27 +- drivers/net/wireless/ath/ath10k/thermal.c | 2 +- drivers/net/wireless/ath/ath10k/txrx.c | 4 +- drivers/net/wireless/ath/ath10k/wmi-ops.h | 33 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 59 +- drivers/net/wireless/ath/ath10k/wmi.c | 186 +++- drivers/net/wireless/ath/ath10k/wmi.h | 24 + drivers/net/wireless/ath/ath5k/debug.c | 6 +- drivers/net/wireless/ath/ath6kl/cfg80211.c | 4 +- drivers/net/wireless/ath/ath6kl/hif.c | 11 +- drivers/net/wireless/ath/ath9k/ar5008_phy.c | 9 +- drivers/net/wireless/ath/ath9k/ar9003_eeprom.c | 6 +- drivers/net/wireless/ath/ath9k/gpio.c | 2 +- drivers/net/wireless/ath/ath9k/main.c | 2 +- drivers/net/wireless/ath/ath9k/xmit.c | 104 ++- drivers/net/wireless/ath/carl9170/usb.c | 6 +- drivers/net/wireless/ath/dfs_pattern_detector.c | 2 +- drivers/net/wireless/ath/wil6210/cfg80211.c | 151 ++-- drivers/net/wireless/ath/wil6210/debugfs.c | 53 +- drivers/net/wireless/ath/wil6210/fw.h | 14 +- drivers/net/wireless/ath/wil6210/fw_inc.c | 92 +- drivers/net/wireless/ath/wil6210/interrupt.c | 15 +- drivers/net/wireless/ath/wil6210/main.c | 63 +- drivers/net/wireless/ath/wil6210/netdev.c | 34 +- drivers/net/wireless/ath/wil6210/p2p.c | 46 + drivers/net/wireless/ath/wil6210/pcie_bus.c | 9 +- drivers/net/wireless/ath/wil6210/txrx.c | 9 +- drivers/net/wireless/ath/wil6210/wil6210.h | 11 +- drivers/net/wireless/ath/wil6210/wmi.c | 12 +- drivers/net/wireless/ath/wil6210/wmi.h | 932 +++++++++++++++++++-- .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 1 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 14 +- .../broadcom/brcm80211/brcmfmac/tracepoint.c | 1 + .../net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 4 + .../broadcom/brcm80211/include/brcm_hw_ids.h | 2 + drivers/net/wireless/intel/iwlegacy/3945.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-9000.c | 83 +- drivers/net/wireless/intel/iwlwifi/iwl-config.h | 6 +- drivers/net/wireless/intel/iwlwifi/iwl-fh.h | 15 +- drivers/net/wireless/intel/iwlwifi/iwl-prph.h | 19 +- .../net/wireless/intel/iwlwifi/mvm/fw-api-sta.h | 31 +- drivers/net/wireless/intel/iwlwifi/mvm/fw-api-tx.h | 12 +- drivers/net/wireless/intel/iwlwifi/mvm/fw-api.h | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 28 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 18 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 26 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 6 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 342 +++++++- drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 4 + drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 38 +- drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 24 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 41 +- drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 45 +- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 13 +- .../net/wireless/intersil/hostap/hostap_ioctl.c | 20 +- drivers/net/wireless/marvell/mwifiex/11h.c | 27 +- drivers/net/wireless/marvell/mwifiex/11n.h | 7 +- .../net/wireless/marvell/mwifiex/11n_rxreorder.c | 78 +- .../net/wireless/marvell/mwifiex/11n_rxreorder.h | 3 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 143 +++- drivers/net/wireless/marvell/mwifiex/cmdevt.c | 26 +- drivers/net/wireless/marvell/mwifiex/debugfs.c | 2 + drivers/net/wireless/marvell/mwifiex/fw.h | 73 +- drivers/net/wireless/marvell/mwifiex/init.c | 22 +- drivers/net/wireless/marvell/mwifiex/join.c | 3 +- drivers/net/wireless/marvell/mwifiex/main.c | 270 +++++- drivers/net/wireless/marvell/mwifiex/main.h | 7 + drivers/net/wireless/marvell/mwifiex/pcie.c | 182 +++- drivers/net/wireless/marvell/mwifiex/pcie.h | 13 +- drivers/net/wireless/marvell/mwifiex/scan.c | 28 +- drivers/net/wireless/marvell/mwifiex/sdio.c | 6 +- drivers/net/wireless/marvell/mwifiex/sta_cmd.c | 61 +- drivers/net/wireless/marvell/mwifiex/sta_cmdresp.c | 134 ++- drivers/net/wireless/marvell/mwifiex/sta_event.c | 144 +++- drivers/net/wireless/marvell/mwifiex/sta_ioctl.c | 6 +- drivers/net/wireless/marvell/mwifiex/uap_event.c | 7 +- drivers/net/wireless/marvell/mwifiex/usb.c | 6 +- drivers/net/wireless/marvell/mwifiex/usb.h | 3 +- drivers/net/wireless/marvell/mwifiex/util.c | 1 + drivers/net/wireless/mediatek/mt7601u/dma.c | 2 +- drivers/net/wireless/mediatek/mt7601u/dma.h | 10 +- drivers/net/wireless/mediatek/mt7601u/eeprom.c | 12 +- drivers/net/wireless/mediatek/mt7601u/init.c | 10 +- drivers/net/wireless/mediatek/mt7601u/mac.c | 38 +- drivers/net/wireless/mediatek/mt7601u/main.c | 1 - drivers/net/wireless/mediatek/mt7601u/mcu.c | 20 +- drivers/net/wireless/mediatek/mt7601u/mt7601u.h | 4 +- drivers/net/wireless/mediatek/mt7601u/phy.c | 44 +- drivers/net/wireless/mediatek/mt7601u/regs.h | 4 - drivers/net/wireless/mediatek/mt7601u/tx.c | 19 +- drivers/net/wireless/mediatek/mt7601u/util.h | 77 -- drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 4 +- drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 22 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192c.c | 5 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c | 2 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_8723a.c | 5 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_8723b.c | 7 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 328 ++++---- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_regs.h | 60 ++ drivers/net/wireless/realtek/rtlwifi/core.c | 2 +- drivers/net/wireless/realtek/rtlwifi/regd.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8188ee/sw.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192ce/sw.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192de/hw.c | 3 +- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8192de/sw.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192ee/sw.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8723ae/hw.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8723ae/sw.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8723be/sw.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/sw.c | 2 +- drivers/net/wireless/ti/wl18xx/acx.c | 29 + drivers/net/wireless/ti/wl18xx/acx.h | 13 + drivers/net/wireless/ti/wl18xx/event.c | 1 + drivers/net/wireless/ti/wlcore/main.c | 1 - drivers/net/wireless/ti/wlcore/spi.c | 2 +- drivers/net/wireless/ti/wlcore/wlcore.h | 3 + drivers/net/wireless/ti/wlcore/wlcore_i.h | 1 - drivers/net/wireless/wl3501_cs.c | 7 +- drivers/net/wireless/zydas/zd1211rw/zd_usb.c | 2 +- include/linux/bitfield.h | 93 ++ include/linux/bug.h | 3 + include/linux/mmc/sdio_ids.h | 1 + 144 files changed, 4390 insertions(+), 1218 deletions(-) delete mode 100644 drivers/net/wireless/mediatek/mt7601u/util.h create mode 100644 include/linux/bitfield.h Reproducer flagged being flaky revisions tested: 39, total time: 6h34m55.0561271s (build: 2h46m16.142530027s, test: 3h44m6.069875211s) first bad commit: e812bd905a5cf00fea95da9df4889dad63d4a36a Merge tag 'wireless-drivers-next-for-davem-2016-09-15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next recipients (to): ["davem@davemloft.net"] recipients (cc): [] crash: general protection fault in batadv_iv_ogm_queue_add batman_adv: batadv0: Removing interface: batadv_slave_1 kasan: CONFIG_KASAN_INLINE enabled device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 365 Comm: kworker/u4:3 Not tainted 4.8.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet task: ffff88013a67e000 task.stack: ffff88013a668000 RIP: 0010:[] [] batadv_iv_ogm_queue_add+0x2f/0xf50 net/batman-adv/bat_iv_ogm.c:780 RSP: 0018:ffff88013a66fa78 EFLAGS: 00010296 RAX: dffffc0000000000 RBX: ffff88012f0c6f00 RCX: ffff88012f0c6f00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff88013a66fb18 R08: ffff88012f0c6f00 R09: 0000000000000001 R10: ffff88013a67e860 R11: ffff88013a67e000 R12: 000000000000003c R13: 0000000000000000 R14: ffff88012f0c6f00 R15: ffff8801269eccc0 FS: 0000000000000000(0000) GS:ffff88013bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000560d286773d8 CR3: 000000012c7dd000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 0000000000000000 0000000000000000 0000000000000002 0000000000000000 ffff88013a66fb18 0000000000000282 0000000000000000 ffffffff866195ed ffff880100000000 00000000000003d4 00000001000044ac ffff8801269ec200 Call Trace: [] batadv_iv_ogm_schedule+0x95e/0xcc0 net/batman-adv/bat_iv_ogm.c:984 [] batadv_iv_send_outstanding_bat_ogm_packet+0x4fa/0x8b0 net/batman-adv/bat_iv_ogm.c:1810 [] process_one_work+0x67d/0x14f0 kernel/workqueue.c:2096 [] worker_thread+0xda/0xf10 kernel/workqueue.c:2230 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 Code: 00 00 00 fc ff df 55 48 89 e5 41 57 49 89 ff 48 8d 7e 03 41 56 41 55 49 89 f5 41 54 41 89 d4 48 89 fa 48 c1 ea 03 53 48 83 ec 78 <0f> b6 04 02 48 89 fa 48 89 4d a8 83 e2 07 4c 89 45 b8 44 89 4d RIP [] batadv_iv_ogm_queue_add+0x2f/0xf50 net/batman-adv/bat_iv_ogm.c:769 RSP ---[ end trace e8ab247d7524c470 ]---