WARNING in cfg80211_inform_single_bss_frame

WARNING in cfg80211_inform_single_bss_frame_data
Status: upstream: reported C repro on 2021/02/01 09:06
Reported-by: syzbot+405843667e93b9790fc1@syzkaller.appspotmail.com
Fix commit: e298aa358f0c mac80211: fix skb length check in ieee80211_scan_rx()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32]
First crash: 178d, last: 85d

Cause bisection: introduced by (bisect log) :
commit 4abb52a46e7336c1e568a53761c8b7a81bbaaeaf
Author: Sara Sharon <sara.sharon@intel.com>
Date: Wed Jan 16 10:14:41 2019 +0000

mac80211: pass bssids to elements parsing function

Crash: WARNING in cfg80211_inform_bss_frame_data (log)
Repro: C syz .config

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/05/10 03:27	15m	ducheng2@gmail.com	patch	upstream	OK
2021/05/10 03:27	15m	ducheng2@gmail.com	patch	upstream	OK
2021/05/10 02:50	16m	ducheng2@gmail.com	patch	upstream	OK

Sample crash report:

------------[ cut here ]------------
WARNING: CPU: 1 PID: 18 at net/wireless/scan.c:2337 cfg80211_inform_single_bss_frame_data+0xc7f/0xe90 net/wireless/scan.c:2337
Modules linked in:
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 5.11.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:cfg80211_inform_single_bss_frame_data+0xc7f/0xe90 net/wireless/scan.c:2337
Code: 0f 0b 45 31 e4 e9 37 fb ff ff e8 3c 4a 3c f9 0f 0b 45 31 e4 e9 28 fb ff ff e8 2d 4a 3c f9 0f 0b e9 58 f4 ff ff e8 21 4a 3c f9 <0f> 0b 45 31 e4 e9 0d fb ff ff e8 12 4a 3c f9 0f 0b e9 4f fd ff ff
RSP: 0018:ffffc90000d874c0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffc90000d87a38 RCX: 0000000000000100
RDX: ffff888010db3780 RSI: ffffffff8836717f RDI: 0000000000000003
RBP: ffff888011512c00 R08: 0000000000000023 R09: 0000000000000080
R10: ffffffff883666e3 R11: 000000000000001c R12: 0000000000000023
R13: ffff8880183b0580 R14: 0000000000000080 R15: 0000000000000080
FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000200 CR3: 000000000b08e000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 cfg80211_inform_bss_frame_data+0xa7/0xb10 net/wireless/scan.c:2433
 ieee80211_bss_info_update+0x3ce/0xb20 net/mac80211/scan.c:190
 ieee80211_scan_rx+0x45f/0x7c0 net/mac80211/scan.c:299
 __ieee80211_rx_handle_packet net/mac80211/rx.c:4558 [inline]
 ieee80211_rx_list+0x1faf/0x2430 net/mac80211/rx.c:4746
 ieee80211_rx_napi+0xf7/0x3d0 net/mac80211/rx.c:4769
 ieee80211_rx include/net/mac80211.h:4508 [inline]
 ieee80211_tasklet_handler+0xd4/0x130 net/mac80211/main.c:235
 tasklet_action_common.constprop.0+0x1d7/0x2d0 kernel/softirq.c:555
 __do_softirq+0x2bc/0xa29 kernel/softirq.c:343
 run_ksoftirqd kernel/softirq.c:650 [inline]
 run_ksoftirqd+0x2d/0x50 kernel/softirq.c:642
 smpboot_thread_fn+0x655/0x9e0 kernel/smpboot.c:165
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce	2021/05/04 15:50	upstream	5e321ded302d	fc9fd31e	.config	log	report	syz	C
ci-upstream-kasan-gce	2021/04/04 15:31	upstream	2023a53bdf41	fc9fd31e	.config	log	report	syz	C
ci-upstream-kasan-gce	2021/03/05 13:06	upstream	280d542f6ffa	fc9fd31e	.config	log	report	syz	C

Crashes (1):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce	2021/01/31 23:27	upstream	6642d600b541	fc9fd31e	.config	log	report	syz	C		WARNING in cfg80211_inform_single_bss_frame_data