bisecting fixing commit since b94de4d19498b454645b72d08a05d32fa9074fb5 building syzkaller on cba33199be220cbf61f7c0c8223d88a25a913d6f testing commit b94de4d19498b454645b72d08a05d32fa9074fb5 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: db41174c1f4b6f42e3d7342713fc8cd1c3503d49a6e116874ade7f919578cadf run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #4: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #10: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #11: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #12: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #13: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #14: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #15: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #16: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #17: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #18: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #19: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp testing current HEAD b172b44fcb1771e083aad806fa96f3f60e2ddfac testing commit b172b44fcb1771e083aad806fa96f3f60e2ddfac compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: aa36ff60886b7c480b935ccd4412be4740d70535da0e67467992c4b5ccbe61db run #0: crashed: WARNING in ieee80211_recalc_min_chandef run #1: OK run #2: OK run #3: crashed: WARNING in __cfg80211_ibss_joined run #4: crashed: WARNING in __cfg80211_ibss_joined run #5: crashed: WARNING in __cfg80211_ibss_joined run #6: crashed: WARNING in __cfg80211_ibss_joined run #7: crashed: WARNING in __cfg80211_ibss_joined run #8: OK run #9: OK revisions tested: 2, total time: 34m0.760212919s (build: 16m38.205581583s, test: 16m50.888157683s) the crash still happens on HEAD commit msg: Linux 4.19.206 crash: WARNING in __cfg80211_ibss_joined IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready ------------[ cut here ]------------ WARNING: CPU: 0 PID: 257 at net/wireless/ibss.c:36 __cfg80211_ibss_joined.cold.2+0x32/0x39 net/wireless/ibss.c:36 Modules linked in: CPU: 0 PID: 257 Comm: kworker/u4:3 Not tainted 4.19.206-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: cfg80211 cfg80211_event_work RIP: 0010:__cfg80211_ibss_joined.cold.2+0x32/0x39 net/wireless/ibss.c:36 Code: 17 1e e2 ff 0f 0b e9 9c 3f 7f ff 48 c7 c7 80 c6 f5 88 e8 04 1e e2 ff 0f 0b e9 67 40 7f ff 48 c7 c7 80 c6 f5 88 e8 f1 1d e2 ff <0f> 0b e9 76 3f 7f ff 48 c7 c7 80 c6 f5 88 e8 de 1d e2 ff 0f 0b 48 RSP: 0018:ffff8881f48d7c00 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881e81551d0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff885021e0 RDI: ffffffff8bad8720 RBP: ffff8881f48d7ca0 R08: ffffed103ec84ea9 R09: ffffed103ec84ea8 R10: ffffed103ec84ea8 R11: ffff8881f6427547 R12: 1ffff1103e91af82 R13: ffff8881e81546c0 R14: ffff8881dcb0d618 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffdd8853e18 CR3: 000000000986d001 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: cfg80211_process_wdev_events+0x35d/0x510 net/wireless/util.c:886 cfg80211_process_rdev_events+0x55/0xc0 net/wireless/util.c:912 cfg80211_event_work+0x19/0x30 net/wireless/core.c:305 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 248917788 hardirqs last enabled at (248917787): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (248917787): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (248917788): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (248917782): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last disabled at (248917763): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (248917763): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 ---[ end trace 315605c8e4497219 ]--- IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready