WARNING in ieee80211_start_next

WARNING in ieee80211_start_next_roc
Status: upstream: reported C repro on 2020/12/09 02:03
Reported-by: syzbot+c3a167b5615df4ccd7fb@syzkaller.appspotmail.com
First crash: 409d, last: 12h21m

Cause bisection: introduced by (bisect log) [no-op commit]:
commit 6ad8c632ee48ae099aa13704ef18a641220fe211
Author: Sudarsana Reddy Kalluru <sudarsana.kalluru@qlogic.com>
Date: Wed Jun 8 10:22:10 2016 +0000

qed: Add support for query/config dcbx.

Crash: KASAN: null-ptr-deref Read (log)
Repro: C syz .config

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	WARNING in ieee80211_start_next_roc	C			40	28d	374d	0/1	upstream: reported C repro on 2021/01/09 02:54
linux-4.14	WARNING in ieee80211_start_next_roc	C			1	29d	435d	0/1	upstream: reported C repro on 2020/11/08 18:11

Sample crash report:

------------[ cut here ]------------
WARNING: CPU: 0 PID: 6621 at net/mac80211/offchannel.c:401 ieee80211_start_next_roc+0x1f4/0x240 net/mac80211/offchannel.c:401
Modules linked in:
CPU: 0 PID: 6621 Comm: syz-executor222 Not tainted 5.15.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ieee80211_start_next_roc+0x1f4/0x240 net/mac80211/offchannel.c:401
Code: 18 23 00 00 48 89 ef 48 89 c2 e8 57 24 0c 00 5b 5d e9 20 3c f0 f8 e8 1b 3c f0 f8 48 89 ef e8 93 75 ff ff eb 8d e8 0c 3c f0 f8 <0f> 0b eb 84 48 c7 c7 4c b2 6e 8d e8 cc 92 37 f9 e9 2f fe ff ff e8
RSP: 0018:ffffc9000311f428 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff888077f33900 RSI: ffffffff88869c04 RDI: 0000000000000003
RBP: ffff888146a78d60 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff88869b1d R11: 0000000000000000 R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000001 R15: ffff888146a7a7e0
FS:  0000555556cc3300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3b8a1cc000 CR3: 0000000071268000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __ieee80211_scan_completed+0x592/0xef0 net/mac80211/scan.c:488
 ieee80211_scan_cancel+0x165/0x9b0 net/mac80211/scan.c:1277
 ieee80211_do_stop+0x187b/0x2060 net/mac80211/iface.c:384
 ieee80211_runtime_change_iftype net/mac80211/iface.c:1699 [inline]
 ieee80211_if_change_type+0x383/0x840 net/mac80211/iface.c:1737
 ieee80211_change_iface+0x57/0x3d0 net/mac80211/cfg.c:159
 rdev_change_virtual_intf net/wireless/rdev-ops.h:69 [inline]
 cfg80211_change_iface+0x335/0xf60 net/wireless/util.c:1073
 nl80211_set_interface+0x65c/0x8d0 net/wireless/nl80211.c:3930
 genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:731
 genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
 genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:792
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2510
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1935
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:724
 __sys_sendto+0x21c/0x320 net/socket.c:2036
 __do_sys_sendto net/socket.c:2048 [inline]
 __se_sys_sendto net/socket.c:2044 [inline]
 __x64_sys_sendto+0xdd/0x1b0 net/socket.c:2044
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f88f3623ef6
Code: 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89
RSP: 002b:00007ffe776bf258 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ffe776bf330 RCX: 00007f88f3623ef6
RDX: 0000000000000024 RSI: 00007ffe776bf380 RDI: 0000000000000005
RBP: 0000000000000001 R08: 00007ffe776bf274 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe776bf380 R14: 0000000000000005 R15: 0000000000000000

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce	2021/06/13 15:45	upstream	8ecfa36cd4db	805b5003	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2021/04/06 11:14	upstream	0a50438c8436	e4b4d570	.config	log	report	syz	C
ci-upstream-kasan-gce	2021/01/04 02:10	upstream	e71ba9452f0b	20366b87	.config	log	report	syz	C

Crashes (134):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce	2021/10/18 21:55	upstream	cf52ad5ff16c	0c5d9412	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/09/09 13:05	upstream	2d338201d531	e2776ee4	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/08/29 02:33	upstream	3f5ad13cb012	be2c130d	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-root	2021/08/27 15:05	upstream	77dd11439b86	b318694d	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-root	2021/08/20 11:19	upstream	d992fe5318d8	b599f2fc	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/04/28 09:58	upstream	57fa2369ab17	805b5003	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/04/20 07:12	upstream	7af08140979a	4285c989	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/04/16 09:27	upstream	7e25f40eab52	c59079a6	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-root	2021/03/07 10:53	upstream	a38fd8748464	e4b4d570	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-linux-next-kasan-gce-root	2021/10/06 01:48	linux-next	29616f67fcbd	0a63fd36	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2020/12/05 01:54	upstream	e87297fa080a	20366b87	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/10/08 05:40	upstream	4a16df549d23	efe0f24d	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/09/11 16:40	upstream	926de8c4326c	5ae8508a	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-qemu-upstream-386	2021/12/16 21:35	upstream	fa36bbe6d43f	8dd6a5e3	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-qemu-upstream-386	2021/12/15 23:14	upstream	2b14864acbaa	572bcb40	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-386	2021/08/07 06:07	upstream	894d6f401b21	6972b106	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-this-kasan-gce	2021/12/04 10:09	net	badd7857f5c9	a617004c	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2022/01/17 20:48	net-next	fe8152b38d3a	731a2d23	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2022/01/15 10:17	net-next	fe8152b38d3a	723cfaf0	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/12/11 21:28	net-next	77ab714f0070	49ca1f59	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/12/09 07:49	net-next	3a262c71d3e8	a4a2a501	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/12/08 14:22	net-next	150791442e7c	a4a2a501	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/12/08 05:39	net-next	1c5526968e27	0230ba3e	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/12/05 05:35	net-next	ce83278f313c	a617004c	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/12/04 13:50	net-next	ce83278f313c	a617004c	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/12/02 19:08	net-next	ce8299b6f76f	61f86278	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/12/02 11:18	net-next	ce8299b6f76f	61f86278	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/12/01 15:47	net-next	23ea630f86c7	5fa3eacc	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/30 21:33	net-next	72a2ff567fc3	80270552	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/30 15:15	net-next	72a2ff567fc3	80270552	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/30 12:22	net-next	72a2ff567fc3	80270552	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/29 12:38	net-next	2f7ed29f2c54	63eeac02	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/26 10:28	net-next	a0341b73d843	63eeac02	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/26 00:51	net-next	305e95bb893c	63eeac02	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/25 18:26	net-next	305e95bb893c	63eeac02	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/25 14:01	net-next	305e95bb893c	545ab074	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/25 06:38	net-next	d156250018ab	545ab074	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/24 21:03	net-next	91eddd309c67	545ab074	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/24 06:15	net-next	91eddd309c67	545ab074	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/23 05:09	net-next	3b0e04140bc3	545ab074	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/22 13:40	net-next	6d872df3e3b9	545ab074	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/20 11:42	net-next	520fbdf7fb19	3a9d0024	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/19 12:39	net-next	3b1abcf12894	31a30fc0	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/19 01:35	net-next	bb8cecf8ba12	31a30fc0	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/18 19:31	net-next	bb8cecf8ba12	31a30fc0	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/18 11:01	net-next	75082e7f4680	cafff8b6	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/18 00:41	net-next	75082e7f4680	cafff8b6	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/17 15:24	net-next	b9241f54138c	cafff8b6	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/17 11:56	net-next	b9241f54138c	cafff8b6	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/16 15:22	net-next	3ad4b7c81a99	600426bd	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/16 12:06	net-next	3ad4b7c81a99	600426bd	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/16 03:30	net-next	3ad4b7c81a99	83f5c9b5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/15 18:05	net-next	cb3ef7b00042	83f5c9b5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/14 17:57	net-next	1274a4eb318d	83f5c9b5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/14 13:25	net-next	1274a4eb318d	83f5c9b5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/14 05:40	net-next	66f4beaa6c1d	83f5c9b5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/13 23:50	net-next	66f4beaa6c1d	83f5c9b5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/13 21:45	net-next	66f4beaa6c1d	83f5c9b5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/13 13:46	net-next	66f4beaa6c1d	83f5c9b5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/11/12 23:08	net-next	5833291ab6de	83f5c9b5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-linux-next-kasan-gce-root	2021/12/17 03:04	linux-next	fbf252e09678	44068e19	.config	log	report			info	WARNING in ieee80211_start_next_roc