syzbot


WARNING in sta_info_insert_rcu (3)

Status: fixed on 2023/10/12 12:48
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+2676771ed06a6df166ad@syzkaller.appspotmail.com
Fix commit: 5d4e04bf3a0f wifi: cfg80211: reject auth/assoc to AP with our address
First crash: 314d, last: 269d
Cause bisection: introduced by (bisect log) :
commit c579d60f0d0cd87552f64fdebe68b5d941d20309
Author: Hangyu Hua <hbh25y@gmail.com>
Date: Fri Jul 15 06:23:01 2022 +0000

  ipc: mqueue: fix possible memory leak in init_mqueue_fs()

Crash: WARNING in sta_info_insert_rcu (log)
Repro: C syz .config
  
Discussions (5)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 6.1 21/26] wifi: cfg80211: reject auth/assoc to AP with our address 1 (1) 2023/09/08 18:17
[PATCH AUTOSEL 6.4 31/41] wifi: cfg80211: reject auth/assoc to AP with our address 1 (1) 2023/09/08 18:15
[PATCH AUTOSEL 6.5 34/45] wifi: cfg80211: reject auth/assoc to AP with our address 1 (1) 2023/09/08 18:13
[PATCH] wifi: cfg80211: reject auth/assoc to AP with our address 1 (1) 2023/08/15 16:09
[syzbot] [wireless?] WARNING in sta_info_insert_rcu (3) 0 (1) 2023/07/15 16:59
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING in sta_info_insert_rcu C 1648 440d 1334d 0/1 upstream: reported C repro on 2020/09/24 11:41
linux-5.15 WARNING in sta_info_insert_rcu missing-backport origin:lts-only C inconclusive 2 125d 293d 0/3 upstream: reported C repro on 2023/07/31 21:20
linux-4.14 WARNING in sta_info_insert_rcu C 13 456d 1330d 0/1 upstream: reported C repro on 2020/09/27 22:10
linux-6.1 WARNING in sta_info_insert_rcu origin:upstream C done 1 281d 281d 3/3 fixed on 2023/10/05 17:16
upstream WARNING in sta_info_insert_rcu (2) wireless 1 690d 686d 0/26 auto-obsoleted due to no activity on 2022/10/28 19:30
upstream WARNING in sta_info_insert_rcu C done done 2533 897d 1334d 20/26 fixed on 2022/03/08 16:11
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/07/16 06:25 21m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3f01e9fed845 OK log
2023/07/16 02:03 35m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 3f01e9fed845 report log

Sample crash report:
wlan1: authenticate with 08:02:11:00:00:01
------------[ cut here ]------------
WARNING: CPU: 0 PID: 7 at net/mac80211/sta_info.c:728 sta_info_insert_check net/mac80211/sta_info.c:728 [inline]
WARNING: CPU: 0 PID: 7 at net/mac80211/sta_info.c:728 sta_info_insert_rcu+0x20d/0x1970 net/mac80211/sta_info.c:940
Modules linked in:
CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Workqueue: events cfg80211_conn_work
RIP: 0010:sta_info_insert_check net/mac80211/sta_info.c:728 [inline]
RIP: 0010:sta_info_insert_rcu+0x20d/0x1970 net/mac80211/sta_info.c:940
Code: f7 45 85 ff 74 1f e8 22 d2 df f7 45 89 e7 31 ff 41 83 e7 01 44 89 fe e8 41 cd df f7 45 84 ff 0f 84 f6 00 00 00 e8 03 d2 df f7 <0f> 0b c7 44 24 08 ea ff ff ff e8 f4 d1 df f7 48 8b 7c 24 20 4c 89
RSP: 0018:ffffc900000c71f0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880279c0c80 RCX: 0000000000000000
RDX: ffff888016643b80 RSI: ffffffff89a6369d RDI: 0000000000000005
RBP: 0000000000000100 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000000000f R12: 0000000000110208
R13: ffff88807ca0c048 R14: ffff88807ca0c000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f05d97c0270 CR3: 000000000c776000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 sta_info_insert+0x16/0xd0 net/mac80211/sta_info.c:953
 ieee80211_prep_connection+0xb51/0x14f0 net/mac80211/mlme.c:7047
 ieee80211_mgd_auth+0xa1a/0x1490 net/mac80211/mlme.c:7205
 rdev_auth net/wireless/rdev-ops.h:481 [inline]
 cfg80211_mlme_auth+0x3b3/0x710 net/wireless/mlme.c:284
 cfg80211_conn_do_work+0x64e/0xfe0 net/wireless/sme.c:181
 cfg80211_conn_work+0x29c/0x3f0 net/wireless/sme.c:273
 process_one_work+0xaa2/0x16f0 kernel/workqueue.c:2600
 worker_thread+0x687/0x1110 kernel/workqueue.c:2751
 kthread+0x33a/0x430 kernel/kthread.c:389
 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:145
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
 </TASK>

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/25 16:12 upstream 4f9e7fabf864 03d9c195 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in sta_info_insert_rcu
2023/07/17 05:59 upstream 20edcec23f92 35d9ecc5 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root WARNING in sta_info_insert_rcu
2023/07/11 17:32 upstream 3f01e9fed845 2f19aa4f .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in sta_info_insert_rcu
2023/07/13 05:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 86081196 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in sta_info_insert_rcu
2023/07/11 16:51 upstream 3f01e9fed845 2f19aa4f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in sta_info_insert_rcu
2023/07/20 09:01 upstream bfa3037d8280 d922ca7e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING in sta_info_insert_rcu
* Struck through repros no longer work on HEAD.