[v6.1] WARNING in ieee80211_bss_info_change_notify
3 views
Skip to first unread message
syzbot
Mar 8, 2023, 12:12:47 AM3/8/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 42616e0f09fb Linux 6.1.15
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17fc3614c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=690b9ff41783cd73
dashboard link: https://syzkaller.appspot.com/bug?extid=a171518375d8f4311bc4
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/db869f2ed2bd/disk-42616e0f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/37951bbe5829/vmlinux-42616e0f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/23aa1a75ce0f/bzImage-42616e0f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a17151...@syzkaller.appspotmail.com
------------[ cut here ]------------
wlan0: Failed check-sdata-in-driver check, flags: 0x0
WARNING: CPU: 1 PID: 15329 at net/mac80211/main.c:235 ieee80211_bss_info_change_notify+0x56f/0x790 net/mac80211/main.c:235
Modules linked in:
CPU: 1 PID: 15329 Comm: syz-executor.3 Not tainted 6.1.15-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:ieee80211_bss_info_change_notify+0x56f/0x790 net/mac80211/main.c:235
Code: 87 a6 e7 f7 49 8b 86 08 09 00 00 49 81 c6 28 09 00 00 48 85 c0 4c 0f 45 f0 48 c7 c7 00 8e fb 8b 4c 89 f6 89 ea e8 c1 fd 59 f7 <0f> 0b e9 30 fb ff ff e8 85 9b 91 f7 0f 0b e9 7f fd ff ff e8 79 9b
RSP: 0018:ffffc90006447230 EFLAGS: 00010246
RAX: eca64b9d08975900 RBX: 0000000000000a00 RCX: 0000000000040000
RDX: ffffc900068e9000 RSI: 0000000000005c9c RDI: 0000000000005c9d
RBP: 0000000000000000 R08: ffffffff816dec4c R09: fffff52000c88e01
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888077a3e6d0
R13: ffff888028170de0 R14: ffff888077a3c000 R15: dffffc0000000000
FS: 00007fcf6d046700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa3a6babf84 CR3: 000000007cccb000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ieee80211_ibss_disconnect+0x578/0x6e0 net/mac80211/ibss.c:723
ieee80211_ibss_leave+0x21/0x130 net/mac80211/ibss.c:1868
rdev_leave_ibss net/wireless/rdev-ops.h:557 [inline]
__cfg80211_leave_ibss+0x24a/0x530 net/wireless/ibss.c:211
cfg80211_leave_ibss+0x5b/0x70 net/wireless/ibss.c:229
cfg80211_change_iface+0x55d/0x11f0 net/wireless/util.c:1056
nl80211_set_interface+0x5fa/0x870 net/wireless/nl80211.c:4169
genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
genl_rcv_msg+0xc1a/0xf70 net/netlink/genetlink.c:850
netlink_rcv_skb+0x1cd/0x410 net/netlink/af_netlink.c:2550
genl_rcv+0x24/0x40 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
netlink_unicast+0x7bf/0x990 net/netlink/af_netlink.c:1354
netlink_sendmsg+0x9fe/0xd10 net/netlink/af_netlink.c:1931
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2485
___sys_sendmsg net/socket.c:2539 [inline]
__sys_sendmsg+0x2a9/0x390 net/socket.c:2568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fcf6c28c0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcf6d046168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fcf6c3abf80 RCX: 00007fcf6c28c0f9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
RBP: 00007fcf6c2e7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff6a4a008f R14: 00007fcf6d046300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 42616e0f09fb Linux 6.1.15
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17fc3614c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=690b9ff41783cd73
dashboard link: https://syzkaller.appspot.com/bug?extid=a171518375d8f4311bc4
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/db869f2ed2bd/disk-42616e0f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/37951bbe5829/vmlinux-42616e0f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/23aa1a75ce0f/bzImage-42616e0f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a17151...@syzkaller.appspotmail.com
------------[ cut here ]------------
wlan0: Failed check-sdata-in-driver check, flags: 0x0
WARNING: CPU: 1 PID: 15329 at net/mac80211/main.c:235 ieee80211_bss_info_change_notify+0x56f/0x790 net/mac80211/main.c:235
Modules linked in:
CPU: 1 PID: 15329 Comm: syz-executor.3 Not tainted 6.1.15-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:ieee80211_bss_info_change_notify+0x56f/0x790 net/mac80211/main.c:235
Code: 87 a6 e7 f7 49 8b 86 08 09 00 00 49 81 c6 28 09 00 00 48 85 c0 4c 0f 45 f0 48 c7 c7 00 8e fb 8b 4c 89 f6 89 ea e8 c1 fd 59 f7 <0f> 0b e9 30 fb ff ff e8 85 9b 91 f7 0f 0b e9 7f fd ff ff e8 79 9b
RSP: 0018:ffffc90006447230 EFLAGS: 00010246
RAX: eca64b9d08975900 RBX: 0000000000000a00 RCX: 0000000000040000
RDX: ffffc900068e9000 RSI: 0000000000005c9c RDI: 0000000000005c9d
RBP: 0000000000000000 R08: ffffffff816dec4c R09: fffff52000c88e01
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888077a3e6d0
R13: ffff888028170de0 R14: ffff888077a3c000 R15: dffffc0000000000
FS: 00007fcf6d046700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa3a6babf84 CR3: 000000007cccb000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ieee80211_ibss_disconnect+0x578/0x6e0 net/mac80211/ibss.c:723
ieee80211_ibss_leave+0x21/0x130 net/mac80211/ibss.c:1868
rdev_leave_ibss net/wireless/rdev-ops.h:557 [inline]
__cfg80211_leave_ibss+0x24a/0x530 net/wireless/ibss.c:211
cfg80211_leave_ibss+0x5b/0x70 net/wireless/ibss.c:229
cfg80211_change_iface+0x55d/0x11f0 net/wireless/util.c:1056
nl80211_set_interface+0x5fa/0x870 net/wireless/nl80211.c:4169
genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
genl_rcv_msg+0xc1a/0xf70 net/netlink/genetlink.c:850
netlink_rcv_skb+0x1cd/0x410 net/netlink/af_netlink.c:2550
genl_rcv+0x24/0x40 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
netlink_unicast+0x7bf/0x990 net/netlink/af_netlink.c:1354
netlink_sendmsg+0x9fe/0xd10 net/netlink/af_netlink.c:1931
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2485
___sys_sendmsg net/socket.c:2539 [inline]
__sys_sendmsg+0x2a9/0x390 net/socket.c:2568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fcf6c28c0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcf6d046168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fcf6c3abf80 RCX: 00007fcf6c28c0f9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
RBP: 00007fcf6c2e7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff6a4a008f R14: 00007fcf6d046300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 8, 2023, 1:54:47 PM3/8/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17e991f4c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=2f8d9515b973b23b
dashboard link: https://syzkaller.appspot.com/bug?extid=0a139b1a72e3314bad6f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/037cabbd3313/disk-d9b4a0c8.raw.xz
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/9967e551eb34/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a050c7a4fd99/bzImage-d9b4a0c8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
wlan1: Failed check-sdata-in-driver check, flags: 0x4
WARNING: CPU: 0 PID: 1650 at net/mac80211/driver-ops.h:172 drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
WARNING: CPU: 0 PID: 1650 at net/mac80211/driver-ops.h:172 ieee80211_bss_info_change_notify+0x430/0x600 net/mac80211/main.c:210
Modules linked in:
CPU: 0 PID: 1650 Comm: syz-executor.1 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
RIP: 0010:ieee80211_bss_info_change_notify+0x430/0x600 net/mac80211/main.c:210
Code: 5c 26 f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 a0 de 92 8b 4c 89 e6 89 ea e8 10 d7 a8 f7 <0f> 0b e9 5e fc ff ff e8 44 29 dd f7 0f 0b e9 ed fd ff ff e8 38 29
RSP: 0018:ffffc9000317f160 EFLAGS: 00010246
RAX: 455683b054ef5800 RBX: ffff88807e17d290 RCX: 0000000000040000
RDX: ffffc90003c46000 RSI: 0000000000006b96 RDI: 0000000000006b97
RBP: 0000000000000004 R08: ffffffff81668cfc R09: ffffed10173467a0
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807e17c000
R13: 0000000000400000 R14: dffffc0000000000 R15: ffff88807e17e298
FS: 00007fedef725700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c008161000 CR3: 0000000012d81000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000011e50000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ieee80211_ocb_leave+0x26a/0x310 net/mac80211/ocb.c:228
rdev_leave_ocb net/wireless/rdev-ops.h:382 [inline]
__cfg80211_leave_ocb+0x28a/0x4d0 net/wireless/ocb.c:70
cfg80211_leave_ocb+0x54/0x70 net/wireless/ocb.c:84
cfg80211_change_iface+0x5b1/0x10d0 net/wireless/util.c:1064
nl80211_set_interface+0x5f8/0x890 net/wireless/nl80211.c:3945
genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
genl_rcv_msg+0xfbd/0x14a0 net/netlink/genetlink.c:792
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2533
genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa04/0xd10 net/netlink/af_netlink.c:1952
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2412
___sys_sendmsg+0x252/0x2e0 net/socket.c:2466
__sys_sendmsg net/socket.c:2495 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__se_sys_sendmsg+0x19a/0x260 net/socket.c:2502
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
RIP: 0033:0x7fedf11b30f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fedef725168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fedf12d2f80 RCX: 00007fedf11b30f9
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
RBP: 00007fedf120eae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff0d57d00f R14: 00007fedef725300 R15: 0000000000022000
syzbot
Mar 10, 2023, 2:34:45 PM3/10/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: abddfcf701a5 Linux 5.15.99
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10f5cc1ac80000
kernel config: https://syzkaller.appspot.com/x/.config?x=53e47369740caba3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16f1a70ac80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16827666c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/78c522505d54/disk-abddfcf7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/caca388168a7/vmlinux-abddfcf7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e6db198604be/Image-abddfcf7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a139b...@syzkaller.appspotmail.com
------------[ cut here ]------------
wlan0: Failed check-sdata-in-driver check, flags: 0x4
WARNING: CPU: 1 PID: 4054 at net/mac80211/driver-ops.h:172 drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
WARNING: CPU: 1 PID: 4054 at net/mac80211/driver-ops.h:172 ieee80211_bss_info_change_notify+0x4b8/0x79c net/mac80211/main.c:210
Modules linked in:
CPU: 1 PID: 4054 Comm: syz-executor407 Not tainted 5.15.99-syzkaller #0
pc : drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
pc : ieee80211_bss_info_change_notify+0x4b8/0x79c net/mac80211/main.c:210
lr : drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
lr : ieee80211_bss_info_change_notify+0x4b8/0x79c net/mac80211/main.c:210
sp : ffff80001ca470b0
x29: ffff80001ca470b0 x28: 1fffe00018456359 x27: 1fffe00018400000
x26: 1fffe0001b426c53 x25: dfff800000000000 x24: 0000000000000000
x23: ffff0000da134c80 x22: 0000000000000004 x21: ffff0000da136298
x20: ffff0000c2000dc0 x19: ffff800016dd0000 x18: 0000000000000001
x17: ff808000083386a0 x16: ffff800011a094a4 x15: ffff8000083386a0
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800008330148 x10: 0000000000000000 x9 : 06c8e7014eb33a00
x8 : 06c8e7014eb33a00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001ca46818 x4 : ffff800014aa0780 x3 : ffff8000085518d8
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000035
Call trace:
drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
ieee80211_bss_info_change_notify+0x4b8/0x79c net/mac80211/main.c:210
ieee80211_set_mcast_rate+0x44/0x5c net/mac80211/cfg.c:2598
rdev_set_mcast_rate net/wireless/rdev-ops.h:1212 [inline]
nl80211_set_mcast_rate+0x3cc/0x71c net/wireless/nl80211.c:10454
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2533
genl_rcv+0x38/0x50 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x664/0x938 net/netlink/af_netlink.c:1356
netlink_sendmsg+0x844/0xb38 net/netlink/af_netlink.c:1952
___sys_sendmsg+0x214/0x294 net/socket.c:2466
__arm64_sys_sendmsg+0x1ac/0x25c net/socket.c:2502
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
irq event stamp: 2978
hardirqs last enabled at (2977): [<ffff80000832e2e0>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (2978): [<ffff800011a04b38>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (2942): [<ffff80000fda76c8>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last enabled at (2942): [<ffff80000fda76c8>] release_sock+0x1e4/0x270 net/core/sock.c:3242
softirqs last disabled at (2940): [<ffff80000fda7520>] spin_lock_bh include/linux/spinlock.h:368 [inline]
softirqs last disabled at (2940): [<ffff80000fda7520>] release_sock+0x3c/0x270 net/core/sock.c:3229
---[ end trace c87249097c2e47d2 ]---
HEAD commit: abddfcf701a5 Linux 5.15.99
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10f5cc1ac80000
kernel config: https://syzkaller.appspot.com/x/.config?x=53e47369740caba3
dashboard link: https://syzkaller.appspot.com/bug?extid=0a139b1a72e3314bad6f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16f1a70ac80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16827666c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/78c522505d54/disk-abddfcf7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/caca388168a7/vmlinux-abddfcf7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e6db198604be/Image-abddfcf7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a139b...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4054 at net/mac80211/driver-ops.h:172 drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
WARNING: CPU: 1 PID: 4054 at net/mac80211/driver-ops.h:172 ieee80211_bss_info_change_notify+0x4b8/0x79c net/mac80211/main.c:210
Modules linked in:
CPU: 1 PID: 4054 Comm: syz-executor407 Not tainted 5.15.99-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
pc : ieee80211_bss_info_change_notify+0x4b8/0x79c net/mac80211/main.c:210
lr : drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
lr : ieee80211_bss_info_change_notify+0x4b8/0x79c net/mac80211/main.c:210
sp : ffff80001ca470b0
x29: ffff80001ca470b0 x28: 1fffe00018456359 x27: 1fffe00018400000
x26: 1fffe0001b426c53 x25: dfff800000000000 x24: 0000000000000000
x23: ffff0000da134c80 x22: 0000000000000004 x21: ffff0000da136298
x20: ffff0000c2000dc0 x19: ffff800016dd0000 x18: 0000000000000001
x17: ff808000083386a0 x16: ffff800011a094a4 x15: ffff8000083386a0
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800008330148 x10: 0000000000000000 x9 : 06c8e7014eb33a00
x8 : 06c8e7014eb33a00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001ca46818 x4 : ffff800014aa0780 x3 : ffff8000085518d8
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000035
Call trace:
drv_bss_info_changed net/mac80211/driver-ops.h:172 [inline]
ieee80211_bss_info_change_notify+0x4b8/0x79c net/mac80211/main.c:210
ieee80211_set_mcast_rate+0x44/0x5c net/mac80211/cfg.c:2598
rdev_set_mcast_rate net/wireless/rdev-ops.h:1212 [inline]
nl80211_set_mcast_rate+0x3cc/0x71c net/wireless/nl80211.c:10454
genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
genl_rcv_msg+0xc18/0x1018 net/netlink/genetlink.c:792
genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2533
genl_rcv+0x38/0x50 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x664/0x938 net/netlink/af_netlink.c:1356
netlink_sendmsg+0x844/0xb38 net/netlink/af_netlink.c:1952
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x584/0x870 net/socket.c:2412
sock_sendmsg net/socket.c:724 [inline]
___sys_sendmsg+0x214/0x294 net/socket.c:2466
__sys_sendmsg net/socket.c:2495 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__se_sys_sendmsg net/socket.c:2502 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__arm64_sys_sendmsg+0x1ac/0x25c net/socket.c:2502
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
irq event stamp: 2978
hardirqs last enabled at (2977): [<ffff80000832e2e0>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (2978): [<ffff800011a04b38>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (2942): [<ffff80000fda76c8>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last enabled at (2942): [<ffff80000fda76c8>] release_sock+0x1e4/0x270 net/core/sock.c:3242
softirqs last disabled at (2940): [<ffff80000fda7520>] spin_lock_bh include/linux/spinlock.h:368 [inline]
softirqs last disabled at (2940): [<ffff80000fda7520>] release_sock+0x3c/0x270 net/core/sock.c:3229
---[ end trace c87249097c2e47d2 ]---
syzbot
Mar 11, 2023, 2:00:42 AM3/11/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 8a923980a190 Linux 6.1.16
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1087a2dac80000
kernel config: https://syzkaller.appspot.com/x/.config?x=890c08c5270b796
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b352dac80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b5419f7c9b17/disk-8a923980.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/eda486f8541a/vmlinux-8a923980.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e1451605e837/bzImage-8a923980.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a17151...@syzkaller.appspotmail.com
------------[ cut here ]------------
wlan0: Failed check-sdata-in-driver check, flags: 0x0
WARNING: CPU: 1 PID: 3633 at net/mac80211/main.c:235 ieee80211_bss_info_change_notify+0x589/0x7b0 net/mac80211/main.c:235
Modules linked in:
CPU: 1 PID: 3633 Comm: syz-executor318 Not tainted 6.1.16-syzkaller #0
Code: ed 81 e0 f7 49 8b 86 08 09 00 00 49 81 c6 28 09 00 00 48 85 c0 4c 0f 45 f0 48 c7 c7 60 bd fb 8b 4c 89 f6 89 ea e8 67 66 52 f7 <0f> 0b e9 16 fb ff ff e8 db 1d 8a f7 0f 0b e9 65 fd ff ff e8 cf 1d
RSP: 0018:ffffc90003b7f230 EFLAGS: 00010246
RAX: 840e9bc40fd77600 RBX: 0000000000000a00 RCX: ffff888018b40000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff8152ac2e R09: ffffed1017324f1c
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801fac2780
R13: ffff8880775a0de0 R14: ffff88801fac0000 R15: dffffc0000000000
FS: 0000555556e04300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
cfg80211_leave_ibss+0x5b/0x70 net/wireless/ibss.c:229
cfg80211_change_iface+0x597/0x1220 net/wireless/util.c:1056
sock_sendmsg_nosec net/socket.c:716 [inline]
sock_sendmsg net/socket.c:736 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x2a9/0x390 net/socket.c:2565
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdc7d13608 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f2a91d4d369
RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffdc7d13637 R09: 00007ffdc7d13637
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000ccf7
R13: 00007ffdc7d13680 R14: 00007ffdc7d13670 R15: 00007ffdc7d1363c
</TASK>
HEAD commit: 8a923980a190 Linux 6.1.16
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1087a2dac80000
kernel config: https://syzkaller.appspot.com/x/.config?x=890c08c5270b796
dashboard link: https://syzkaller.appspot.com/bug?extid=a171518375d8f4311bc4
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16586e84c80000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b352dac80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b5419f7c9b17/disk-8a923980.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/eda486f8541a/vmlinux-8a923980.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e1451605e837/bzImage-8a923980.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a17151...@syzkaller.appspotmail.com
------------[ cut here ]------------
wlan0: Failed check-sdata-in-driver check, flags: 0x0
Modules linked in:
CPU: 1 PID: 3633 Comm: syz-executor318 Not tainted 6.1.16-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:ieee80211_bss_info_change_notify+0x589/0x7b0 net/mac80211/main.c:235
Code: ed 81 e0 f7 49 8b 86 08 09 00 00 49 81 c6 28 09 00 00 48 85 c0 4c 0f 45 f0 48 c7 c7 60 bd fb 8b 4c 89 f6 89 ea e8 67 66 52 f7 <0f> 0b e9 16 fb ff ff e8 db 1d 8a f7 0f 0b e9 65 fd ff ff e8 cf 1d
RSP: 0018:ffffc90003b7f230 EFLAGS: 00010246
RAX: 840e9bc40fd77600 RBX: 0000000000000a00 RCX: ffff888018b40000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff8152ac2e R09: ffffed1017324f1c
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801fac2780
R13: ffff8880775a0de0 R14: ffff88801fac0000 R15: dffffc0000000000
FS: 0000555556e04300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000200 CR3: 0000000026240000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ieee80211_ibss_disconnect+0x567/0x700 net/mac80211/ibss.c:723
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ieee80211_ibss_leave+0x21/0x130 net/mac80211/ibss.c:1868
rdev_leave_ibss net/wireless/rdev-ops.h:557 [inline]
__cfg80211_leave_ibss+0x261/0x540 net/wireless/ibss.c:211
rdev_leave_ibss net/wireless/rdev-ops.h:557 [inline]
cfg80211_leave_ibss+0x5b/0x70 net/wireless/ibss.c:229
cfg80211_change_iface+0x597/0x1220 net/wireless/util.c:1056
nl80211_set_interface+0x5fa/0x870 net/wireless/nl80211.c:4169
genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
genl_rcv_msg+0xc1a/0xf70 net/netlink/genetlink.c:850
netlink_rcv_skb+0x1cd/0x410 net/netlink/af_netlink.c:2550
genl_rcv+0x24/0x40 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
netlink_unicast+0x7bf/0x990 net/netlink/af_netlink.c:1354
netlink_sendmsg+0xa26/0xd60 net/netlink/af_netlink.c:1931
genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
genl_rcv_msg+0xc1a/0xf70 net/netlink/genetlink.c:850
netlink_rcv_skb+0x1cd/0x410 net/netlink/af_netlink.c:2550
genl_rcv+0x24/0x40 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
netlink_unicast+0x7bf/0x990 net/netlink/af_netlink.c:1354
sock_sendmsg_nosec net/socket.c:716 [inline]
sock_sendmsg net/socket.c:736 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x2a9/0x390 net/socket.c:2565
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f2a91d4d369
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdc7d13608 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f2a91d4d369
RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffdc7d13637 R09: 00007ffdc7d13637
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000ccf7
R13: 00007ffdc7d13680 R14: 00007ffdc7d13670 R15: 00007ffdc7d1363c
</TASK>
syzbot
Apr 4, 2024, 1:49:04 AMApr 4
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 930e826962d9f01dcd2220176134427358d112f2
Author: Johannes Berg <johann...@intel.com>
Date: Wed Feb 14 19:08:35 2024 +0000
wifi: nl80211: reject iftype change with mesh ID change
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13e1e519180000
start commit: 6ac30d748bb0 Linux 6.1.64
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=d9d5b8fc77ddec1d
dashboard link: https://syzkaller.appspot.com/bug?extid=a171518375d8f4311bc4
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=129f704ae80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c3abaae80000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: wifi: nl80211: reject iftype change with mesh ID change
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 930e826962d9f01dcd2220176134427358d112f2
Author: Johannes Berg <johann...@intel.com>
Date: Wed Feb 14 19:08:35 2024 +0000
wifi: nl80211: reject iftype change with mesh ID change
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13e1e519180000
start commit: 6ac30d748bb0 Linux 6.1.64
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=d9d5b8fc77ddec1d
dashboard link: https://syzkaller.appspot.com/bug?extid=a171518375d8f4311bc4
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=129f704ae80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c3abaae80000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: wifi: nl80211: reject iftype change with mesh ID change
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages