Hello,
syzbot found the following issue on:
HEAD commit: 311d8503ef9f Linux 6.1.107
git tree: linux-6.1.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=1016692b980000
kernel config:
https://syzkaller.appspot.com/x/.config?x=73858e3168c88bb2
dashboard link:
https://syzkaller.appspot.com/bug?extid=b730e8b6bc76d07fe10b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/2a0793d8fba9/disk-311d8503.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/3e8716b199e1/vmlinux-311d8503.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/606e572dee15/Image-311d8503.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+b730e8...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:231 wdev_lock net/wireless/core.h:231 [inline]
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:231 cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
Modules linked in:
CPU: 0 PID: 10637 Comm: syz.2.2637 Not tainted 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_lock net/wireless/core.h:231 [inline]
pc : cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
lr : wdev_lock net/wireless/core.h:231 [inline]
lr : cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
sp : ffff8000201074a0
x29: ffff800020107520 x28: 1fffe0001b770400 x27: 1ffff00004020e98
x26: dfff800000000000 x25: 1ffff00002b380af x24: ffff8000159c0000
x23: ffff8000159c0000 x22: ffff0000d0e44000 x21: ffff0000dbb82000
x20: ffff0000d0e44760 x19: ffff0000db8c8000 x18: 1fffe00036864576
x17: ffff8000159bd000 x16: ffff8000084fa148 x15: 0000000000000002
x14: 0000000000000000 x13: ffff0000d6953780 x12: 0000000000040000
x11: 0000000000001e6c x10: ffff80001fe39000 x9 : ffff800011acfdc4
x8 : 0000000000001e6d x7 : 0000000000000000 x6 : 000000000000000a
x5 : ffff0000d20040a2 x4 : ffff800014475f22 x3 : ffff800012241094
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_lock net/wireless/core.h:231 [inline]
cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
get_wireless_stats+0x70/0x138
wireless_seq_printf_stats net/wireless/wext-proc.c:33 [inline]
wireless_dev_seq_show+0x58/0x3dc net/wireless/wext-proc.c:86
traverse+0x1e8/0x554 fs/seq_file.c:111
seq_read_iter+0xb84/0xc44 fs/seq_file.c:195
seq_read+0x1e8/0x2c0 fs/seq_file.c:162
pde_read fs/proc/inode.c:316 [inline]
proc_reg_read+0x190/0x2e8 fs/proc/inode.c:328
do_iter_read+0x41c/0x9a8 fs/read_write.c:798
vfs_readv fs/read_write.c:916 [inline]
do_preadv+0x1e4/0x324 fs/read_write.c:1008
__do_sys_preadv fs/read_write.c:1058 [inline]
__se_sys_preadv fs/read_write.c:1053 [inline]
__arm64_sys_preadv+0xa0/0xb8 fs/read_write.c:1053
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 340
hardirqs last enabled at (339): [<ffff80000827d4a8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last enabled at (339): [<ffff80000827d4a8>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (340): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (318): [<ffff800008032978>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (316): [<ffff800008032944>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:239 wdev_unlock net/wireless/core.h:239 [inline]
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:239 cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
Modules linked in:
CPU: 0 PID: 10637 Comm: syz.2.2637 Tainted: G W 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_unlock net/wireless/core.h:239 [inline]
pc : cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
lr : wdev_unlock net/wireless/core.h:239 [inline]
lr : cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
sp : ffff8000201074a0
x29: ffff800020107520 x28: 1fffe0001b770400 x27: 1ffff00004020e98
x26: dfff800000000000 x25: 1ffff00002b380af x24: ffff0000dbb82580
x23: ffff8000159c0000 x22: ffff0000d0e44000 x21: ffff0000dbb82000
x20: ffff0000dbb82048 x19: 0000000000000000 x18: ffff800020106fc0
x17: ffff800018a93000 x16: ffff8000084fa148 x15: ffff800018578f80
x14: 00000000adda3f79 x13: dfff800000000000 x12: 0000000000040000
x11: 000000000002748d x10: ffff80001fe39000 x9 : ffff800011acfdd0
x8 : 000000000002748e x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800018d9a348 x4 : 0000000000000008 x3 : ffff8000082fbc10
x2 : ffff0000d6953780 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_unlock net/wireless/core.h:239 [inline]
cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
get_wireless_stats+0x70/0x138
wireless_seq_printf_stats net/wireless/wext-proc.c:33 [inline]
wireless_dev_seq_show+0x58/0x3dc net/wireless/wext-proc.c:86
traverse+0x1e8/0x554 fs/seq_file.c:111
seq_read_iter+0xb84/0xc44 fs/seq_file.c:195
seq_read+0x1e8/0x2c0 fs/seq_file.c:162
pde_read fs/proc/inode.c:316 [inline]
proc_reg_read+0x190/0x2e8 fs/proc/inode.c:328
do_iter_read+0x41c/0x9a8 fs/read_write.c:798
vfs_readv fs/read_write.c:916 [inline]
do_preadv+0x1e4/0x324 fs/read_write.c:1008
__do_sys_preadv fs/read_write.c:1058 [inline]
__se_sys_preadv fs/read_write.c:1053 [inline]
__arm64_sys_preadv+0xa0/0xb8 fs/read_write.c:1053
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 528
hardirqs last enabled at (527): [<ffff800012286828>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (527): [<ffff800012286828>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (528): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (522): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (522): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (343): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup