WARNING in ieee80211_check_rate

WARNING in ieee80211_check_rate_mask
Status: upstream: reported C repro on 2020/10/06 08:08
Reported-by: syzbot+be0e03ca215b06199629@syzkaller.appspotmail.com
First crash: 147d, last: 11d

Cause bisection: introduced by (bisect log) :
commit 983e1a6c95abf8058d26149a928578b720c77bce
Author: Nelson Chang <nelson.chang@mediatek.com>
Date: Thu Oct 6 11:44:02 2016 +0000

net: ethernet: mediatek: get hw lro capability by the chip id instead of by the dtsi

Crash: WARNING in nf_unregister_net_hook (log)
Repro: C syz .config

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.14	WARNING in ieee80211_check_rate_mask	C			1	5d16h	125d	0/1	upstream: reported C repro on 2020/10/27 07:51
linux-4.19	WARNING in ieee80211_check_rate_mask	C			2	12d	116d	0/1	upstream: reported C repro on 2020/11/06 04:49

Sample crash report:

netlink: 20 bytes leftover after parsing attributes in process `syz-executor401'.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8428 at net/mac80211/rate.c:282 ieee80211_check_rate_mask+0x18f/0x3a0 net/mac80211/rate.c:282
Modules linked in:
CPU: 1 PID: 8428 Comm: syz-executor401 Not tainted 5.11.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ieee80211_check_rate_mask+0x18f/0x3a0 net/mac80211/rate.c:282
Code: 44 89 e8 44 21 e0 74 26 e8 9e 02 96 f8 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 8a 02 96 f8 0f 0b eb e8 e8 81 02 96 f8 <0f> 0b eb df 0f 1f 44 00 00 e8 73 02 96 f8 48 81 c3 60 06 00 00 48
RSP: 0018:ffffc90000ec7860 EFLAGS: 00010293
RAX: ffffffff88e1c47f RBX: ffff8880136c4bc0 RCX: ffff88801f281bc0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff888028b53390 R08: ffffffff88e1c3b7 R09: ffffffff88e387cc
R10: 0000000000000002 R11: ffff88801f281bc0 R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888028b50c80
FS:  0000000001d71300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000200 CR3: 0000000021654000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ieee80211_change_bss+0x420/0x8c0 net/mac80211/cfg.c:2317
 rdev_change_bss net/wireless/rdev-ops.h:394 [inline]
 nl80211_set_bss+0x765/0xa50 net/wireless/nl80211.c:7091
 genl_family_rcv_msg_doit net/netlink/genetlink.c:739 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
 genl_rcv_msg+0xe4e/0x1280 net/netlink/genetlink.c:800
 netlink_rcv_skb+0x190/0x3a0 net/netlink/af_netlink.c:2494
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x786/0x940 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x9ae/0xd50 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x519/0x800 net/socket.c:2345
 ___sys_sendmsg net/socket.c:2399 [inline]
 __sys_sendmsg+0x2bf/0x370 net/socket.c:2432
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440939
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe308428d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000031 RCX: 0000000000440939
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004
RBP: 0000000000000003 R08: 0000000000000000 R09: 00007ffe30842908
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe30842930
R13: 00007ffe30842922 R14: 00000000004b7430 R15: 00000000004b73c0

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-net-this-kasan-gce	2021/01/15 23:51	net	b7ba6cfa	d81b165e	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/12/16 09:02	net	3db1a3fa	d81b165e	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/11/08 23:25	net	4e0396c5	d81b165e	.config	log	report	syz	C

Crashes (6):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-smack-root	2021/02/02 02:22	upstream	1048ba83	e6b95f32	.config	log	report	syz	C		WARNING in ieee80211_check_rate_mask
ci-upstream-kasan-gce-root	2021/01/24 14:01	upstream	e1ae4b0b	52e37319	.config	log	report	syz	C		WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce	2020/10/09 19:28	net	3fdd47c3	d81b165e	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/10/06 02:46	net-next	c2568c8c	1880b4a9	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2021/02/11 11:35	net	1bcc51ac	a52ee10a	.config	log	report			info	WARNING in ieee80211_check_rate_mask
ci-upstream-net-kasan-gce	2021/02/18 09:53	net-next	38b5133a	14052202	.config	log	report			info	WARNING in ieee80211_check_rate_mask