WARNING in __cfg80211_connect_result

WARNING in __cfg80211_connect_result

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit:    23212a70 Merge branch 'mptcp-add-receive-buffer-auto-tuning'
git tree:       net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=155842d5100000
kernel config:  https://syzkaller.appspot.com/x/.config?x=829871134ca5e230
dashboard link: https://syzkaller.appspot.com/bug?extid=cc4c0f394e2611edba66
compiler:       gcc (GCC) 10.1.0-syz 20200507

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cc4c0f394e2611edba66@syzkaller.appspotmail.com

ip6_tunnel: syzkaller1 xmit: Local address not yet configured!
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9155 at net/wireless/sme.c:757 __cfg80211_connect_result+0xf71/0x13a0 net/wireless/sme.c:757
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9155 Comm: kworker/u4:17 Not tainted 5.8.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: cfg80211 cfg80211_event_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:231
 __warn.cold+0x20/0x45 kernel/panic.c:600
 report_bug+0x1bd/0x210 lib/bug.c:198
 exc_invalid_op+0x24d/0x400 arch/x86/kernel/traps.c:235
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:563
RIP: 0010:__cfg80211_connect_result+0xf71/0x13a0 net/wireless/sme.c:757
Code: 89 be ac 02 00 00 48 c7 c7 00 2d 16 89 c6 05 ba ce 34 03 01 e8 35 58 e5 f9 e9 4f f6 ff ff e8 36 ad fe f9 0f 0b e8 2f ad fe f9 <0f> 0b e9 0c f2 ff ff e8 23 ad fe f9 e8 ee 51 71 00 31 ff 89 c3 89
RSP: 0018:ffffc90001ab7bb8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888091d10000 RCX: ffffffff87749792
RDX: ffff888059f5c4c0 RSI: ffffffff8774a321 RDI: 0000000000000005
RBP: ffff888040f72618 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff888040f72628 R14: ffff888091d10200 R15: ffff888040f72620
 cfg80211_process_wdev_events+0x2c6/0x5b0 net/wireless/util.c:885
 cfg80211_process_rdev_events+0x6e/0x100 net/wireless/util.c:926
 cfg80211_event_work+0x1a/0x20 net/wireless/core.c:320
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:291
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293
Kernel Offset: disabled


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

Re: WARNING in __cfg80211_connect_result

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit:    e3ec1e8c net: eliminate meaningless memcpy to data in pskb..
git tree:       net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1664ac89900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3d400a47d1416652
dashboard link: https://syzkaller.appspot.com/bug?extid=cc4c0f394e2611edba66
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15d9de91900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cc4c0f394e2611edba66@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 0 PID: 234 at net/wireless/sme.c:757 __cfg80211_connect_result+0xf71/0x13a0 net/wireless/sme.c:757
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 234 Comm: kworker/u4:5 Not tainted 5.9.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: cfg80211 cfg80211_event_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:231
 __warn.cold+0x20/0x4a kernel/panic.c:600
 report_bug+0x1bd/0x210 lib/bug.c:198
 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234
 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:__cfg80211_connect_result+0xf71/0x13a0 net/wireless/sme.c:757
Code: 89 be ac 02 00 00 48 c7 c7 60 0f 18 89 c6 05 ef ba 2b 03 01 e8 f5 4a d9 f9 e9 4f f6 ff ff e8 d6 cc f2 f9 0f 0b e8 cf cc f2 f9 <0f> 0b e9 0c f2 ff ff e8 c3 cc f2 f9 e8 2e bb 71 00 31 ff 89 c3 89
RSP: 0018:ffffc900019c7bb8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88808ae13000 RCX: ffffffff87816922
RDX: ffff8880a8b0a540 RSI: ffffffff878174b1 RDI: 0000000000000005
RBP: ffff88807be34818 R08: 0000000000000001 R09: ffffffff8c5f1a3f
R10: 0000000000000000 R11: 1ffffffff1835405 R12: 0000000000000000
R13: ffff88807be34828 R14: ffff88808ae13200 R15: ffff88807be34820
 cfg80211_process_wdev_events+0x2c6/0x5b0 net/wireless/util.c:893
 cfg80211_process_rdev_events+0x6e/0x100 net/wireless/util.c:934
 cfg80211_event_work+0x1a/0x20 net/wireless/core.c:320
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Kernel Offset: disabled
Rebooting in 86400 seconds..

Re: WARNING in __cfg80211_connect_result

[syzbot]

syzbot has bisected this issue to:

commit e7096c131e5161fa3b8e52a650d7719d2857adfd
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date:   Sun Dec 8 23:27:34 2019 +0000

    net: WireGuard secure network tunnel

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=175ad8b1900000
start commit:   e3ec1e8c net: eliminate meaningless memcpy to data in pskb..
git tree:       net-next
final oops:     https://syzkaller.appspot.com/x/report.txt?x=14dad8b1900000
console output: https://syzkaller.appspot.com/x/log.txt?x=10dad8b1900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3d400a47d1416652
dashboard link: https://syzkaller.appspot.com/bug?extid=cc4c0f394e2611edba66
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15d9de91900000

Reported-by: syzbot+cc4c0f394e2611edba66@syzkaller.appspotmail.com
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Re: WARNING in __cfg80211_connect_result

[Jason A. Donenfeld]

On Wed, Aug 19, 2020 at 8:42 PM syzbot
<syzbot+cc4c0f394e2611edba66@syzkaller.appspotmail.com> wrote:
>
> syzbot has bisected this issue to:
>
> commit e7096c131e5161fa3b8e52a650d7719d2857adfd
> Author: Jason A. Donenfeld <Jason@zx2c4.com>
> Date:   Sun Dec 8 23:27:34 2019 +0000
>
>     net: WireGuard secure network tunnel
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=175ad8b1900000
> start commit:   e3ec1e8c net: eliminate meaningless memcpy to data in pskb..
> git tree:       net-next
> final oops:     https://syzkaller.appspot.com/x/report.txt?x=14dad8b1900000
> console output: https://syzkaller.appspot.com/x/log.txt?x=10dad8b1900000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3d400a47d1416652
> dashboard link: https://syzkaller.appspot.com/bug?extid=cc4c0f394e2611edba66
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15d9de91900000
>
> Reported-by: syzbot+cc4c0f394e2611edba66@syzkaller.appspotmail.com
> Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")

Having trouble linking this back to wireguard... Those oopses don't
have anything to do with it either. Bisection error?

Re: WARNING in __cfg80211_connect_result

[Johannes Berg]

On Thu, 2020-08-20 at 11:47 +0200, Jason A. Donenfeld wrote:
> On Wed, Aug 19, 2020 at 8:42 PM syzbot
> <syzbot+cc4c0f394e2611edba66@syzkaller.appspotmail.com> wrote:
> > syzbot has bisected this issue to:
> > 
> > commit e7096c131e5161fa3b8e52a650d7719d2857adfd
> > Author: Jason A. Donenfeld <Jason@zx2c4.com>
> > Date:   Sun Dec 8 23:27:34 2019 +0000
> > 
> >     net: WireGuard secure network tunnel
> > 
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=175ad8b1900000
> > start commit:   e3ec1e8c net: eliminate meaningless memcpy to data in pskb..
> > git tree:       net-next
> > final oops:     https://syzkaller.appspot.com/x/report.txt?x=14dad8b1900000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=10dad8b1900000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=3d400a47d1416652
> > dashboard link: https://syzkaller.appspot.com/bug?extid=cc4c0f394e2611edba66
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15d9de91900000
> > 
> > Reported-by: syzbot+cc4c0f394e2611edba66@syzkaller.appspotmail.com
> > Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
> 
> Having trouble linking this back to wireguard... Those oopses don't
> have anything to do with it either. Bisection error?

Probably the typical generic netlink issue - syzbot often hits the
generic netlink family by ID, rather than by name. So when it has a
kernel without WG a generic netlink family disappears, the later ones
get different IDs, and the issue no longer happens since the ID is now
no longer valid or hitting some completely different code path ...

johannes

Re: WARNING in __cfg80211_connect_result

[Dmitry Vyukov]

On Thu, Aug 20, 2020 at 11:48 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On Wed, Aug 19, 2020 at 8:42 PM syzbot
> <syzbot+cc4c0f394e2611edba66@syzkaller.appspotmail.com> wrote:
> >
> > syzbot has bisected this issue to:
> >
> > commit e7096c131e5161fa3b8e52a650d7719d2857adfd
> > Author: Jason A. Donenfeld <Jason@zx2c4.com>
> > Date:   Sun Dec 8 23:27:34 2019 +0000
> >
> >     net: WireGuard secure network tunnel
> >
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=175ad8b1900000
> > start commit:   e3ec1e8c net: eliminate meaningless memcpy to data in pskb..
> > git tree:       net-next
> > final oops:     https://syzkaller.appspot.com/x/report.txt?x=14dad8b1900000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=10dad8b1900000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=3d400a47d1416652
> > dashboard link: https://syzkaller.appspot.com/bug?extid=cc4c0f394e2611edba66
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15d9de91900000
> >
> > Reported-by: syzbot+cc4c0f394e2611edba66@syzkaller.appspotmail.com
> > Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
>
> Having trouble linking this back to wireguard... Those oopses don't
> have anything to do with it either. Bisection error?

I don't see anything obviously wrong in the bisection log:
bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=175ad8b1900000

On the other hand, it looks super precise. It tracked "WARNING in
__cfg80211_connect_result" all the way down to the wireguard commit
with no flakes or anything.