WARNING in ieee80211_start_next

WARNING in ieee80211_start_next_roc
Status: upstream: reported C repro on 2020/12/09 02:03
Reported-by: syzbot+c3a167b5615df4ccd7fb@syzkaller.appspotmail.com
First crash: 287d, last: 1d03h

Cause bisection: introduced by (bisect log) [no-op commit]:
commit 6ad8c632ee48ae099aa13704ef18a641220fe211
Author: Sudarsana Reddy Kalluru <sudarsana.kalluru@qlogic.com>
Date: Wed Jun 8 10:22:10 2016 +0000

qed: Add support for query/config dcbx.

Crash: KASAN: null-ptr-deref Read (log)
Repro: C syz .config

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	WARNING in ieee80211_start_next_roc	C			25	2d03h	252d	0/1	upstream: reported C repro on 2021/01/09 02:54
linux-4.14	WARNING in ieee80211_start_next_roc	C			1	28d	313d	0/1	upstream: reported C repro on 2020/11/08 18:11

Sample crash report:

------------[ cut here ]------------
WARNING: CPU: 0 PID: 7535 at net/mac80211/offchannel.c:401 ieee80211_start_next_roc+0x1bb/0x220 net/mac80211/offchannel.c:401
Modules linked in:
CPU: 0 PID: 7535 Comm: syz-executor752 Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ieee80211_start_next_roc+0x1bb/0x220 net/mac80211/offchannel.c:401
Code: be ec f7 4c 89 f7 48 89 de 48 89 c2 5b 41 5c 41 5e 41 5f 5d e9 46 51 0d 00 e8 b1 8d fe f7 0f 0b e9 be fe ff ff e8 a5 8d fe f7 <0f> 0b e9 0a ff ff ff 48 c7 c1 94 2a dc 8d 80 e1 07 80 c1 03 38 c1
RSP: 0018:ffffc90005a0f230 EFLAGS: 00010293
RAX: ffffffff8983ea5b RBX: 0000000000000001 RCX: ffff88801b1ed580
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 1ffff11028d18624 R08: ffffffff8983e9c0 R09: ffffed1003b1fa5c
R10: ffffed1003b1fa5c R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8881468c0d60 R14: ffff8881468c0d60 R15: 0000000000000000
FS:  0000000001f89300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004b9e50 CR3: 000000001d9f6000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ieee80211_scan_cancel+0x143/0x3b0 net/mac80211/scan.c:1277
 ieee80211_do_stop+0x15d/0x1d00 net/mac80211/iface.c:384
 ieee80211_runtime_change_iftype net/mac80211/iface.c:1699 [inline]
 ieee80211_if_change_type+0x448/0xa00 net/mac80211/iface.c:1737
 ieee80211_change_iface+0x5c/0x630 net/mac80211/cfg.c:159
 rdev_change_virtual_intf net/wireless/rdev-ops.h:69 [inline]
 cfg80211_change_iface+0x696/0xb60 net/wireless/util.c:1073
 nl80211_set_interface+0x500/0x890 net/wireless/nl80211.c:3930
 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
 genl_rcv_msg+0x1032/0x1480 net/netlink/genetlink.c:792
 netlink_rcv_skb+0x200/0x470 net/netlink/af_netlink.c:2504
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
 netlink_unicast+0x814/0x9f0 net/netlink/af_netlink.c:1340
 netlink_sendmsg+0xa29/0xe50 net/netlink/af_netlink.c:1929
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 __sys_sendto+0x560/0x720 net/socket.c:2036
 __do_sys_sendto net/socket.c:2048 [inline]
 __se_sys_sendto net/socket.c:2044 [inline]
 __x64_sys_sendto+0xda/0xf0 net/socket.c:2044
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4031a6
Code: 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89
RSP: 002b:00007ffea9a483d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ffea9a484b0 RCX: 00000000004031a6
RDX: 0000000000000024 RSI: 00007ffea9a48500 RDI: 0000000000000007
RBP: 0000000000000001 R08: 00007ffea9a483f4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffea9a48500 R14: 0000000000000007 R15: 0000000000000000

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce	2021/06/13 15:45	upstream	8ecfa36cd4db	805b5003	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2021/04/06 11:14	upstream	0a50438c8436	e4b4d570	.config	log	report	syz	C
ci-upstream-kasan-gce	2021/01/04 02:10	upstream	e71ba9452f0b	20366b87	.config	log	report	syz	C

Crashes (65):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-smack-root	2021/09/09 13:05	upstream	2d338201d531	e2776ee4	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/08/29 02:33	upstream	3f5ad13cb012	be2c130d	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-root	2021/08/27 15:05	upstream	77dd11439b86	b318694d	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-root	2021/08/20 11:19	upstream	d992fe5318d8	b599f2fc	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/04/28 09:58	upstream	57fa2369ab17	805b5003	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/04/20 07:12	upstream	7af08140979a	4285c989	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/04/16 09:27	upstream	7e25f40eab52	c59079a6	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-root	2021/03/07 10:53	upstream	a38fd8748464	e4b4d570	.config	log	report	syz	C		WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2020/12/05 01:54	upstream	e87297fa080a	20366b87	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/09/14 16:44	upstream	1619b69edce1	07e953c1	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/09/13 13:46	upstream	6880fa6c5660	3ce60af8	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/09/11 16:40	upstream	926de8c4326c	5ae8508a	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/09/11 16:26	upstream	926de8c4326c	5ae8508a	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/09/07 22:32	upstream	a2b28235335f	064c9eb7	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/09/07 02:11	upstream	27151f177827	6ca60148	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/09/06 15:26	upstream	27151f177827	6ca60148	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/09/06 13:35	upstream	27151f177827	d236a457	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/09/05 07:12	upstream	49624efa65ac	d236a457	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/08/28 21:27	upstream	3f5ad13cb012	be2c130d	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-root	2021/08/26 20:10	upstream	73f3af7b4611	b318694d	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/08/23 13:37	upstream	e22ce8eb631b	b599f2fc	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/08/22 05:45	upstream	002c0aef1090	b599f2fc	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/08/18 11:50	upstream	614cb2751d31	a2fe1cb5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/08/18 11:32	upstream	614cb2751d31	a2fe1cb5	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/08/12 21:47	upstream	f8fbb47c6e86	3fd2ea69	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/07/12 19:16	upstream	e73f0f0ee754	f415556d	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/07/11 01:12	upstream	3dbdb38e2869	8f5a7b8c	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/04/30 01:26	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/04/30 01:26	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/04/30 01:21	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/04/15 12:38	upstream	7f75285ca572	fcdb12ba	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/02/17 10:59	upstream	f40ddce88593	052f8d9f	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-selinux-root	2021/02/15 03:42	upstream	f40ddce88593	98682e5e	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/02/13 01:00	upstream	dcc0b49040c7	98682e5e	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-smack-root	2021/01/24 00:39	upstream	e1ae4b0be158	52e37319	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/01/19 05:12	upstream	1e2a199f6ccd	63631df1	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce	2021/01/17 16:19	upstream	0da0a8a0a0e1	813be542	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-386	2021/08/07 06:07	upstream	894d6f401b21	6972b106	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-386	2021/07/14 19:40	upstream	8096acd7442e	94e0b707	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-386	2021/07/13 21:09	upstream	40226a3d96ef	fa0594c3	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-386	2021/07/12 07:49	upstream	e73f0f0ee754	a4869c92	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-386	2021/02/03 12:54	upstream	3aaf0a27ffc2	624dad51	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-kasan-gce-386	2021/01/19 03:32	upstream	1e2a199f6ccd	63631df1	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-this-kasan-gce	2021/08/26 11:05	net	cd9b50adc6bb	b599f2fc	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-this-kasan-gce	2021/07/02 05:08	net	dbe69e433722	658ebc66	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-this-kasan-gce	2021/05/14 08:06	net	e4df1b0c2435	8bdd5343	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-this-kasan-gce	2021/05/12 19:20	net	440c3247cba3	da958a4d	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-this-kasan-gce	2021/05/07 11:06	net	bbd6f0a94813	f6da8120	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-this-kasan-gce	2021/05/06 16:12	net	bbd6f0a94813	06585184	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-this-kasan-gce	2021/05/03 16:52	net	bbd6f0a94813	ad61f371	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-this-kasan-gce	2021/04/30 12:25	net	bbd6f0a94813	77e2b668	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/09/17 14:10	net-next	561bed688bff	5b989942	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/09/08 18:08	net-next	626bf91a292e	e2776ee4	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/07/09 22:23	net-next	5e437416ff66	281e815f	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/07/02 04:56	net-next	5e437416ff66	658ebc66	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/06/16 06:59	net-next	925a56b2c085	990d3cbe	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/04/12 07:03	net-next	5b489fea977c	bfeda1b1	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-net-kasan-gce	2021/02/12 15:41	net-next	3c5a2fd042d0	a5f86b15	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-linux-next-kasan-gce-root	2021/09/13 03:06	linux-next	24a36d3171e4	5ae8508a	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-linux-next-kasan-gce-root	2021/08/20 13:34	linux-next	86ed57fd8c93	b599f2fc	.config	log	report			info	WARNING in ieee80211_start_next_roc
ci-upstream-linux-next-kasan-gce-root	2021/08/07 06:04	linux-next	7999516e20bd	6972b106	.config	log	report			info	WARNING in ieee80211_start_next_roc