[v6.1] WARNING in cfg80211_wireless_stats
0 views
Skip to first unread message
syzbot
Aug 29, 2024, 10:46:24 PMAug 29
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 311d8503ef9f Linux 6.1.107
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1016692b980000
kernel config: https://syzkaller.appspot.com/x/.config?x=73858e3168c88bb2
dashboard link: https://syzkaller.appspot.com/bug?extid=b730e8b6bc76d07fe10b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2a0793d8fba9/disk-311d8503.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3e8716b199e1/vmlinux-311d8503.xz
kernel image: https://storage.googleapis.com/syzbot-assets/606e572dee15/Image-311d8503.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b730e8...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:231 wdev_lock net/wireless/core.h:231 [inline]
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:231 cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
Modules linked in:
CPU: 0 PID: 10637 Comm: syz.2.2637 Not tainted 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_lock net/wireless/core.h:231 [inline]
pc : cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
lr : wdev_lock net/wireless/core.h:231 [inline]
lr : cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
sp : ffff8000201074a0
x29: ffff800020107520 x28: 1fffe0001b770400 x27: 1ffff00004020e98
x26: dfff800000000000 x25: 1ffff00002b380af x24: ffff8000159c0000
x23: ffff8000159c0000 x22: ffff0000d0e44000 x21: ffff0000dbb82000
x20: ffff0000d0e44760 x19: ffff0000db8c8000 x18: 1fffe00036864576
x17: ffff8000159bd000 x16: ffff8000084fa148 x15: 0000000000000002
x14: 0000000000000000 x13: ffff0000d6953780 x12: 0000000000040000
x11: 0000000000001e6c x10: ffff80001fe39000 x9 : ffff800011acfdc4
x8 : 0000000000001e6d x7 : 0000000000000000 x6 : 000000000000000a
x5 : ffff0000d20040a2 x4 : ffff800014475f22 x3 : ffff800012241094
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_lock net/wireless/core.h:231 [inline]
cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
get_wireless_stats+0x70/0x138
wireless_seq_printf_stats net/wireless/wext-proc.c:33 [inline]
wireless_dev_seq_show+0x58/0x3dc net/wireless/wext-proc.c:86
traverse+0x1e8/0x554 fs/seq_file.c:111
seq_read_iter+0xb84/0xc44 fs/seq_file.c:195
seq_read+0x1e8/0x2c0 fs/seq_file.c:162
pde_read fs/proc/inode.c:316 [inline]
proc_reg_read+0x190/0x2e8 fs/proc/inode.c:328
do_iter_read+0x41c/0x9a8 fs/read_write.c:798
vfs_readv fs/read_write.c:916 [inline]
do_preadv+0x1e4/0x324 fs/read_write.c:1008
__do_sys_preadv fs/read_write.c:1058 [inline]
__se_sys_preadv fs/read_write.c:1053 [inline]
__arm64_sys_preadv+0xa0/0xb8 fs/read_write.c:1053
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 340
hardirqs last enabled at (339): [<ffff80000827d4a8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last enabled at (339): [<ffff80000827d4a8>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (340): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (318): [<ffff800008032978>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (316): [<ffff800008032944>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:239 wdev_unlock net/wireless/core.h:239 [inline]
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:239 cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
Modules linked in:
CPU: 0 PID: 10637 Comm: syz.2.2637 Tainted: G W 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_unlock net/wireless/core.h:239 [inline]
pc : cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
lr : wdev_unlock net/wireless/core.h:239 [inline]
lr : cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
sp : ffff8000201074a0
x29: ffff800020107520 x28: 1fffe0001b770400 x27: 1ffff00004020e98
x26: dfff800000000000 x25: 1ffff00002b380af x24: ffff0000dbb82580
x23: ffff8000159c0000 x22: ffff0000d0e44000 x21: ffff0000dbb82000
x20: ffff0000dbb82048 x19: 0000000000000000 x18: ffff800020106fc0
x17: ffff800018a93000 x16: ffff8000084fa148 x15: ffff800018578f80
x14: 00000000adda3f79 x13: dfff800000000000 x12: 0000000000040000
x11: 000000000002748d x10: ffff80001fe39000 x9 : ffff800011acfdd0
x8 : 000000000002748e x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800018d9a348 x4 : 0000000000000008 x3 : ffff8000082fbc10
x2 : ffff0000d6953780 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_unlock net/wireless/core.h:239 [inline]
cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
get_wireless_stats+0x70/0x138
wireless_seq_printf_stats net/wireless/wext-proc.c:33 [inline]
wireless_dev_seq_show+0x58/0x3dc net/wireless/wext-proc.c:86
traverse+0x1e8/0x554 fs/seq_file.c:111
seq_read_iter+0xb84/0xc44 fs/seq_file.c:195
seq_read+0x1e8/0x2c0 fs/seq_file.c:162
pde_read fs/proc/inode.c:316 [inline]
proc_reg_read+0x190/0x2e8 fs/proc/inode.c:328
do_iter_read+0x41c/0x9a8 fs/read_write.c:798
vfs_readv fs/read_write.c:916 [inline]
do_preadv+0x1e4/0x324 fs/read_write.c:1008
__do_sys_preadv fs/read_write.c:1058 [inline]
__se_sys_preadv fs/read_write.c:1053 [inline]
__arm64_sys_preadv+0xa0/0xb8 fs/read_write.c:1053
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 528
hardirqs last enabled at (527): [<ffff800012286828>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (527): [<ffff800012286828>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (528): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (522): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (522): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (343): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 311d8503ef9f Linux 6.1.107
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1016692b980000
kernel config: https://syzkaller.appspot.com/x/.config?x=73858e3168c88bb2
dashboard link: https://syzkaller.appspot.com/bug?extid=b730e8b6bc76d07fe10b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2a0793d8fba9/disk-311d8503.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3e8716b199e1/vmlinux-311d8503.xz
kernel image: https://storage.googleapis.com/syzbot-assets/606e572dee15/Image-311d8503.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b730e8...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:231 wdev_lock net/wireless/core.h:231 [inline]
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:231 cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
Modules linked in:
CPU: 0 PID: 10637 Comm: syz.2.2637 Not tainted 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_lock net/wireless/core.h:231 [inline]
pc : cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
lr : wdev_lock net/wireless/core.h:231 [inline]
lr : cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
sp : ffff8000201074a0
x29: ffff800020107520 x28: 1fffe0001b770400 x27: 1ffff00004020e98
x26: dfff800000000000 x25: 1ffff00002b380af x24: ffff8000159c0000
x23: ffff8000159c0000 x22: ffff0000d0e44000 x21: ffff0000dbb82000
x20: ffff0000d0e44760 x19: ffff0000db8c8000 x18: 1fffe00036864576
x17: ffff8000159bd000 x16: ffff8000084fa148 x15: 0000000000000002
x14: 0000000000000000 x13: ffff0000d6953780 x12: 0000000000040000
x11: 0000000000001e6c x10: ffff80001fe39000 x9 : ffff800011acfdc4
x8 : 0000000000001e6d x7 : 0000000000000000 x6 : 000000000000000a
x5 : ffff0000d20040a2 x4 : ffff800014475f22 x3 : ffff800012241094
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_lock net/wireless/core.h:231 [inline]
cfg80211_wireless_stats+0x538/0x630 net/wireless/wext-compat.c:1371
get_wireless_stats+0x70/0x138
wireless_seq_printf_stats net/wireless/wext-proc.c:33 [inline]
wireless_dev_seq_show+0x58/0x3dc net/wireless/wext-proc.c:86
traverse+0x1e8/0x554 fs/seq_file.c:111
seq_read_iter+0xb84/0xc44 fs/seq_file.c:195
seq_read+0x1e8/0x2c0 fs/seq_file.c:162
pde_read fs/proc/inode.c:316 [inline]
proc_reg_read+0x190/0x2e8 fs/proc/inode.c:328
do_iter_read+0x41c/0x9a8 fs/read_write.c:798
vfs_readv fs/read_write.c:916 [inline]
do_preadv+0x1e4/0x324 fs/read_write.c:1008
__do_sys_preadv fs/read_write.c:1058 [inline]
__se_sys_preadv fs/read_write.c:1053 [inline]
__arm64_sys_preadv+0xa0/0xb8 fs/read_write.c:1053
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 340
hardirqs last enabled at (339): [<ffff80000827d4a8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last enabled at (339): [<ffff80000827d4a8>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (340): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (318): [<ffff800008032978>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (316): [<ffff800008032944>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:239 wdev_unlock net/wireless/core.h:239 [inline]
WARNING: CPU: 0 PID: 10637 at net/wireless/core.h:239 cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
Modules linked in:
CPU: 0 PID: 10637 Comm: syz.2.2637 Tainted: G W 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_unlock net/wireless/core.h:239 [inline]
pc : cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
lr : wdev_unlock net/wireless/core.h:239 [inline]
lr : cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
sp : ffff8000201074a0
x29: ffff800020107520 x28: 1fffe0001b770400 x27: 1ffff00004020e98
x26: dfff800000000000 x25: 1ffff00002b380af x24: ffff0000dbb82580
x23: ffff8000159c0000 x22: ffff0000d0e44000 x21: ffff0000dbb82000
x20: ffff0000dbb82048 x19: 0000000000000000 x18: ffff800020106fc0
x17: ffff800018a93000 x16: ffff8000084fa148 x15: ffff800018578f80
x14: 00000000adda3f79 x13: dfff800000000000 x12: 0000000000040000
x11: 000000000002748d x10: ffff80001fe39000 x9 : ffff800011acfdd0
x8 : 000000000002748e x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800018d9a348 x4 : 0000000000000008 x3 : ffff8000082fbc10
x2 : ffff0000d6953780 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_unlock net/wireless/core.h:239 [inline]
cfg80211_wireless_stats+0x544/0x630 net/wireless/wext-compat.c:1373
get_wireless_stats+0x70/0x138
wireless_seq_printf_stats net/wireless/wext-proc.c:33 [inline]
wireless_dev_seq_show+0x58/0x3dc net/wireless/wext-proc.c:86
traverse+0x1e8/0x554 fs/seq_file.c:111
seq_read_iter+0xb84/0xc44 fs/seq_file.c:195
seq_read+0x1e8/0x2c0 fs/seq_file.c:162
pde_read fs/proc/inode.c:316 [inline]
proc_reg_read+0x190/0x2e8 fs/proc/inode.c:328
do_iter_read+0x41c/0x9a8 fs/read_write.c:798
vfs_readv fs/read_write.c:916 [inline]
do_preadv+0x1e4/0x324 fs/read_write.c:1008
__do_sys_preadv fs/read_write.c:1058 [inline]
__se_sys_preadv fs/read_write.c:1053 [inline]
__arm64_sys_preadv+0xa0/0xb8 fs/read_write.c:1053
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 528
hardirqs last enabled at (527): [<ffff800012286828>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (527): [<ffff800012286828>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (528): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (522): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (522): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (343): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 4, 2024, 8:27:27 AMSep 4
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 14e468424d3e Linux 5.15.166
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16bad5b7980000
kernel config: https://syzkaller.appspot.com/x/.config?x=8d58a8e8a6c2ab88
dashboard link: https://syzkaller.appspot.com/bug?extid=04db359128397f305633
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b9a1ffecff66/disk-14e46842.raw.xz
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/fd323d571e29/vmlinux-14e46842.xz
kernel image: https://storage.googleapis.com/syzbot-assets/084b21c96955/bzImage-14e46842.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 16063 at net/wireless/core.h:220 cfg80211_wireless_stats+0x57d/0x660 net/wireless/wext-compat.c:1341
Modules linked in:
CPU: 1 PID: 16063 Comm: syz.2.5739 Not tainted 5.15.166-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:wdev_lock net/wireless/core.h:220 [inline]
RIP: 0010:cfg80211_wireless_stats+0x57d/0x660 net/wireless/wext-compat.c:1341
Code: 00 00 65 48 8b 0c 25 28 00 00 00 48 3b 4c 24 60 0f 85 e7 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 33 9a c5 f7 <0f> 0b e9 3c fc ff ff e8 27 9a c5 f7 0f 0b e9 81 fd ff ff e8 1b 9a
RSP: 0018:ffffc900031279c0 EFLAGS: 00010287
RAX: ffffffff89babfcd RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffffc9000b332000 RSI: 000000000000053e RDI: 000000000000053f
RBP: ffffc90003127a78 R08: ffffffff89babbd0 R09: fffffbfff1bd2b66
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888023726000
R13: ffff88807dca5000 R14: 1ffff1100fb94a00 R15: ffff8880237265c0
FS: 00007fbcb20376c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020dc8000 CR3: 0000000065a45000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
iw_handler_get_iwstats+0x7d/0x240 net/wireless/wext-core.c:672
ioctl_standard_iw_point+0x781/0xca0 net/wireless/wext-core.c:848
ioctl_standard_call+0xc3/0x280 net/wireless/wext-core.c:1033
wext_ioctl_dispatch+0x16f/0x460 net/wireless/wext-core.c:997
wext_handle_ioctl+0x15b/0x260 net/wireless/wext-core.c:1058
sock_ioctl+0x13b/0x770 net/socket.c:1191
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fbcb3bbdef9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbcb2037038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fbcb3d76f80 RCX: 00007fbcb3bbdef9
RDX: 0000000020000000 RSI: 0000000000008b0f RDI: 0000000000000004
RBP: 00007fbcb3c3001e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fbcb3d76f80 R15: 00007ffc2de623a8
</TASK>
syzbot
Sep 4, 2024, 1:57:30 PMSep 4
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 14e468424d3e Linux 5.15.166
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=161a7d09980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=100662c7980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b9a1ffecff66/disk-14e46842.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fd323d571e29/vmlinux-14e46842.xz
kernel image: https://storage.googleapis.com/syzbot-assets/084b21c96955/bzImage-14e46842.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+04db35...@syzkaller.appspotmail.com
netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3563 at net/wireless/core.h:220 cfg80211_wireless_stats+0x57d/0x660 net/wireless/wext-compat.c:1341
Modules linked in:
CPU: 0 PID: 3563 Comm: syz-executor128 Not tainted 5.15.166-syzkaller #0
RAX: ffffffff89babfcd RBX: 0000000000000000 RCX: ffff888018993b80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90002087a78 R08: ffffffff89babbd0 R09: fffffbfff20e221a
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888023162000
R13: ffff88806cc71000 R14: 1ffff1100d98e200 R15: ffff8880231625c0
FS: 000055556551f380(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcc22c9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fed3d54e468 RCX: 00007fed3d501639
RDX: 0000000020000000 RSI: 0000000000008b0f RDI: 0000000000000003
RBP: 00007fed3d54e446 R08: 0000555500000000 R09: 0000555500000000
R10: 0000555500000000 R11: 0000000000000246 R12: 00007fed3d54e406
R13: 0000000000000001 R14: 00007ffcc22c9270 R15: 0000000000000003
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 14e468424d3e Linux 5.15.166
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=8d58a8e8a6c2ab88
dashboard link: https://syzkaller.appspot.com/bug?extid=04db359128397f305633
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17e3de8f980000
dashboard link: https://syzkaller.appspot.com/bug?extid=04db359128397f305633
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=100662c7980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b9a1ffecff66/disk-14e46842.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fd323d571e29/vmlinux-14e46842.xz
kernel image: https://storage.googleapis.com/syzbot-assets/084b21c96955/bzImage-14e46842.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+04db35...@syzkaller.appspotmail.com
netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3563 at net/wireless/core.h:220 cfg80211_wireless_stats+0x57d/0x660 net/wireless/wext-compat.c:1341
Modules linked in:
CPU: 0 PID: 3563 Comm: syz-executor128 Not tainted 5.15.166-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:wdev_lock net/wireless/core.h:220 [inline]
RIP: 0010:cfg80211_wireless_stats+0x57d/0x660 net/wireless/wext-compat.c:1341
Code: 00 00 65 48 8b 0c 25 28 00 00 00 48 3b 4c 24 60 0f 85 e7 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 33 9a c5 f7 <0f> 0b e9 3c fc ff ff e8 27 9a c5 f7 0f 0b e9 81 fd ff ff e8 1b 9a
RSP: 0018:ffffc900020879c0 EFLAGS: 00010293
RIP: 0010:wdev_lock net/wireless/core.h:220 [inline]
RIP: 0010:cfg80211_wireless_stats+0x57d/0x660 net/wireless/wext-compat.c:1341
Code: 00 00 65 48 8b 0c 25 28 00 00 00 48 3b 4c 24 60 0f 85 e7 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 33 9a c5 f7 <0f> 0b e9 3c fc ff ff e8 27 9a c5 f7 0f 0b e9 81 fd ff ff e8 1b 9a
RAX: ffffffff89babfcd RBX: 0000000000000000 RCX: ffff888018993b80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90002087a78 R08: ffffffff89babbd0 R09: fffffbfff20e221a
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888023162000
R13: ffff88806cc71000 R14: 1ffff1100d98e200 R15: ffff8880231625c0
FS: 000055556551f380(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200029c0 CR3: 0000000074861000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
iw_handler_get_iwstats+0x7d/0x240 net/wireless/wext-core.c:672
ioctl_standard_iw_point+0x781/0xca0 net/wireless/wext-core.c:848
ioctl_standard_call+0xc3/0x280 net/wireless/wext-core.c:1033
wext_ioctl_dispatch+0x16f/0x460 net/wireless/wext-core.c:997
wext_handle_ioctl+0x15b/0x260 net/wireless/wext-core.c:1058
sock_ioctl+0x13b/0x770 net/socket.c:1191
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fed3d501639
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
iw_handler_get_iwstats+0x7d/0x240 net/wireless/wext-core.c:672
ioctl_standard_iw_point+0x781/0xca0 net/wireless/wext-core.c:848
ioctl_standard_call+0xc3/0x280 net/wireless/wext-core.c:1033
wext_ioctl_dispatch+0x16f/0x460 net/wireless/wext-core.c:997
wext_handle_ioctl+0x15b/0x260 net/wireless/wext-core.c:1058
sock_ioctl+0x13b/0x770 net/socket.c:1191
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcc22c9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fed3d54e468 RCX: 00007fed3d501639
RDX: 0000000020000000 RSI: 0000000000008b0f RDI: 0000000000000003
RBP: 00007fed3d54e446 R08: 0000555500000000 R09: 0000555500000000
R10: 0000555500000000 R11: 0000000000000246 R12: 00007fed3d54e406
R13: 0000000000000001 R14: 00007ffcc22c9270 R15: 0000000000000003
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages