WARNING in ieee80211_start_next

WARNING in ieee80211_start_next_roc
Status: upstream: reported C repro on 2020/12/09 02:03
Reported-by: syzbot+c3a167b5615df4ccd7fb@syzkaller.appspotmail.com
First crash: 92d, last: 11h46m

Cause bisection: introduced by (bisect log) [no-op commit]:
commit 6ad8c632ee48ae099aa13704ef18a641220fe211
Author: Sudarsana Reddy Kalluru <sudarsana.kalluru@qlogic.com>
Date: Wed Jun 8 10:22:10 2016 +0000

qed: Add support for query/config dcbx.

Crash: KASAN: null-ptr-deref Read (log)
Repro: C syz .config

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	WARNING in ieee80211_start_next_roc	C			5	10d	57d	0/1	upstream: reported C repro on 2021/01/09 02:54
linux-4.14	WARNING in ieee80211_start_next_roc	C			1	14d	119d	0/1	upstream: reported C repro on 2020/11/08 18:11

Sample crash report:

------------[ cut here ]------------
WARNING: CPU: 1 PID: 25 at net/mac80211/offchannel.c:401 ieee80211_start_next_roc+0x1f4/0x240 net/mac80211/offchannel.c:401
Modules linked in:
CPU: 0 PID: 25 Comm: kworker/u4:1 Not tainted 5.12.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy4 ieee80211_scan_work
RIP: 0010:ieee80211_start_next_roc+0x1f4/0x240 net/mac80211/offchannel.c:401
Code: 18 22 00 00 48 89 ef 48 89 c2 e8 27 a5 0b 00 5b 5d e9 a0 d7 1c f9 e8 9b d7 1c f9 48 89 ef e8 c3 73 ff ff eb 8d e8 8c d7 1c f9 <0f> 0b eb 84 48 c7 c7 4c 71 c5 8d e8 4c db 60 f9 e9 2f fe ff ff e8
RSP: 0018:ffffc90000dffb80 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff88801121d340 RSI: ffffffff8856c864 RDI: 0000000000000003
RBP: ffff8880154e8d00 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff8856c77d R11: 0000000000000000 R12: 0000000000000001
R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880154ea680
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000200 CR3: 000000000bc8e000 CR4: 0000000000350ef0
Call Trace:
 __ieee80211_scan_completed+0x602/0xed0 net/mac80211/scan.c:477
 ieee80211_scan_work+0x3dd/0x1a90 net/mac80211/scan.c:1119
 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce	2021/01/04 02:10	upstream	e71ba945	20366b87	.config	log	report	syz	C

Crashes (11):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-root	2021/03/07 10:53	upstream	a38fd874	e4b4d570	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2020/12/05 01:54	upstream	e87297fa	20366b87	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/02/17 10:59	upstream	f40ddce8	052f8d9f	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/02/15 03:42	upstream	f40ddce8	98682e5e	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/02/13 01:00	upstream	dcc0b490	98682e5e	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/01/24 00:39	upstream	e1ae4b0b	52e37319	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/01/19 05:12	upstream	1e2a199f	63631df1	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/01/17 16:19	upstream	0da0a8a0	813be542	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-386	2021/02/03 12:54	upstream	3aaf0a27	624dad51	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-386	2021/01/19 03:32	upstream	1e2a199f	63631df1	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/02/12 15:41	net-next	3c5a2fd0	a5f86b15	.config	log	report			info	WARNING in ieee80211_start_next_roc