syzbot has found a reproducer for the following issue on:
HEAD commit: a343b0dd87b4 Linux 6.1.30
git tree: linux-6.1.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=1559f385280000
kernel config:
https://syzkaller.appspot.com/x/.config?x=8ec86bd749598dca
userspace arch: arm64
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=119f1c71280000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=139bf435280000
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/aebc00d6f042/disk-a343b0dd.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/7ff0321ebb5a/vmlinux-a343b0dd.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/c928974a56d6/Image-a343b0dd.gz.xz
no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0
WARNING: CPU: 0 PID: 70 at net/mac80211/rate.c:384 __rate_control_send_low+0x578/0x770 net/mac80211/rate.c:379
Modules linked in:
CPU: 0 PID: 70 Comm: kworker/u4:3 Not tainted 6.1.30-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: phy1 ieee80211_scan_work
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __rate_control_send_low+0x578/0x770 net/mac80211/rate.c:379
lr : __rate_control_send_low+0x578/0x770 net/mac80211/rate.c:379
sp : ffff80001ba471d0
x29: ffff80001ba47220 x28: ffff0000d14d33f0 x27: 000000000000000c
x26: dfff800000000000 x25: 00000000ffffffff x24: ffff0000d14d0e00
x23: 0000000000000000 x22: ffff0000c896bca8 x21: 000000000000000c
x20: 1fffe0001a29a680 x19: ffff0000d14d33f8 x18: ffff80001ba465c0
x17: 6d5f65746172206e x16: ffff8000120fc834 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff808000081af018 x10: 0000000000000000 x9 : 233ce384d73c5100
x8 : 233ce384d73c5100 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001ba46ab8 x4 : ffff800015692ac0 x3 : ffff8000085879f4
x2 : 0000000000000001 x1 : 0000000100000200 x0 : 0000000000000000
Call trace:
__rate_control_send_low+0x578/0x770 net/mac80211/rate.c:379
rate_control_send_low+0x16c/0x694 net/mac80211/rate.c:404
rate_control_get_rate+0x1a4/0x4b0 net/mac80211/rate.c:916
ieee80211_tx_h_rate_ctrl+0x960/0x140c net/mac80211/tx.c:779
invoke_tx_handlers_late+0xa8/0x13a4 net/mac80211/tx.c:1872
ieee80211_tx+0x278/0x400 net/mac80211/tx.c:1993
ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2086
__ieee80211_tx_skb_tid_band+0x46c/0x59c net/mac80211/tx.c:5843
ieee80211_tx_skb_tid_band net/mac80211/ieee80211_i.h:2186 [inline]
ieee80211_send_scan_probe_req net/mac80211/scan.c:651 [inline]
ieee80211_scan_state_send_probe+0x4f8/0x840 net/mac80211/scan.c:679
ieee80211_scan_work+0x45c/0x1950 net/mac80211/scan.c:1143
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2289
worker_thread+0x8e4/0xfec kernel/workqueue.c:2436
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 336541
hardirqs last enabled at (336540): [<ffff8000083435a8>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (336541): [<ffff8000120f84ec>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (336162): [<ffff8000104348dc>] neigh_managed_work+0x1e0/0x21c net/core/neighbour.c:1638
softirqs last disabled at (336520): [<ffff800011a5a5ec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.