[v6.1] WARNING in wdev_lock
1 view
Skip to first unread message
syzbot
Aug 29, 2024, 9:59:22 PMAug 29
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 311d8503ef9f Linux 6.1.107
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=155be197980000
kernel config: https://syzkaller.appspot.com/x/.config?x=44dc66fb9519a1c5
dashboard link: https://syzkaller.appspot.com/bug?extid=310a1a9715fc1c9ead61
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c9b6626770a0/disk-311d8503.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c07728c82ee1/vmlinux-311d8503.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3fce695ed5be/bzImage-311d8503.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+310a1a...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8758 at net/wireless/core.h:231 wdev_lock+0x96/0xc0
Modules linked in:
CPU: 0 PID: 8758 Comm: syz.0.2497 Not tainted 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:wdev_lock+0x96/0xc0 net/wireless/core.h:231
Code: 44 7e f7 85 ed 74 1e e8 f8 40 7e f7 eb 05 e8 f1 40 7e f7 48 83 c3 48 48 89 df 31 f6 5b 41 5e 5d e9 df 03 a3 00 e8 da 40 7e f7 <0f> 0b eb e5 48 c7 c1 24 0f 9a 8e 80 e1 07 80 c1 03 38 c1 0f 8c 7b
RSP: 0018:ffffc90004c0ef40 EFLAGS: 00010287
RAX: ffffffff8a0c6d96 RBX: ffff88807cc60c90 RCX: 0000000000040000
RDX: ffffc90003d51000 RSI: 00000000000007ae RDI: 00000000000007af
RBP: 0000000000000000 R08: ffffffff8a0c6d6f R09: ffffed1004376812
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8880282ce000 R14: dffffc0000000000 R15: ffff888021bb4014
FS: 00007f4e6027e6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 000000007d5c9000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
nl80211_send_iface+0x816/0x1470 net/wireless/nl80211.c:3852
nl80211_dump_interface+0x490/0x6a0 net/wireless/nl80211.c:3985
netlink_dump+0x5a2/0xca0 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x521/0x6c0 net/netlink/af_netlink.c:2334
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:714 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
genl_rcv_msg+0x9f3/0xf70 net/netlink/genetlink.c:850
netlink_rcv_skb+0x1cd/0x410 net/netlink/af_netlink.c:2507
genl_rcv+0x24/0x40 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x7d8/0x970 net/netlink/af_netlink.c:1352
netlink_sendmsg+0xa26/0xd60 net/netlink/af_netlink.c:1874
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5a5/0x8f0 net/socket.c:2514
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x2a9/0x390 net/socket.c:2597
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f4e5f579ef9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4e6027e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f4e5f715f80 RCX: 00007f4e5f579ef9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f4e5f5e793e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f4e5f715f80 R15: 00007ffc18184928
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 311d8503ef9f Linux 6.1.107
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=155be197980000
kernel config: https://syzkaller.appspot.com/x/.config?x=44dc66fb9519a1c5
dashboard link: https://syzkaller.appspot.com/bug?extid=310a1a9715fc1c9ead61
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c9b6626770a0/disk-311d8503.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c07728c82ee1/vmlinux-311d8503.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3fce695ed5be/bzImage-311d8503.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+310a1a...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8758 at net/wireless/core.h:231 wdev_lock+0x96/0xc0
Modules linked in:
CPU: 0 PID: 8758 Comm: syz.0.2497 Not tainted 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:wdev_lock+0x96/0xc0 net/wireless/core.h:231
Code: 44 7e f7 85 ed 74 1e e8 f8 40 7e f7 eb 05 e8 f1 40 7e f7 48 83 c3 48 48 89 df 31 f6 5b 41 5e 5d e9 df 03 a3 00 e8 da 40 7e f7 <0f> 0b eb e5 48 c7 c1 24 0f 9a 8e 80 e1 07 80 c1 03 38 c1 0f 8c 7b
RSP: 0018:ffffc90004c0ef40 EFLAGS: 00010287
RAX: ffffffff8a0c6d96 RBX: ffff88807cc60c90 RCX: 0000000000040000
RDX: ffffc90003d51000 RSI: 00000000000007ae RDI: 00000000000007af
RBP: 0000000000000000 R08: ffffffff8a0c6d6f R09: ffffed1004376812
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8880282ce000 R14: dffffc0000000000 R15: ffff888021bb4014
FS: 00007f4e6027e6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 000000007d5c9000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
nl80211_send_iface+0x816/0x1470 net/wireless/nl80211.c:3852
nl80211_dump_interface+0x490/0x6a0 net/wireless/nl80211.c:3985
netlink_dump+0x5a2/0xca0 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x521/0x6c0 net/netlink/af_netlink.c:2334
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:714 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
genl_rcv_msg+0x9f3/0xf70 net/netlink/genetlink.c:850
netlink_rcv_skb+0x1cd/0x410 net/netlink/af_netlink.c:2507
genl_rcv+0x24/0x40 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x7d8/0x970 net/netlink/af_netlink.c:1352
netlink_sendmsg+0xa26/0xd60 net/netlink/af_netlink.c:1874
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5a5/0x8f0 net/socket.c:2514
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x2a9/0x390 net/socket.c:2597
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f4e5f579ef9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4e6027e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f4e5f715f80 RCX: 00007f4e5f579ef9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f4e5f5e793e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f4e5f715f80 R15: 00007ffc18184928
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 1, 2024, 5:19:22 AMSep 1
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 311d8503ef9f Linux 6.1.107
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10e64d43980000
kernel config: https://syzkaller.appspot.com/x/.config?x=2867015e9d1abb4c
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1482b263980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14aeec8f980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b07a428f9e33/disk-311d8503.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/78b6435593b7/vmlinux-311d8503.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ca3d4d2e330e/Image-311d8503.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+310a1a...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4287 at net/wireless/core.h:231 wdev_lock+0xd0/0xe8 net/wireless/core.h:231
Modules linked in:
CPU: 0 PID: 4287 Comm: syz-executor362 Not tainted 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_lock+0xd0/0xe8 net/wireless/core.h:231
lr : wdev_lock+0xd0/0xe8 net/wireless/core.h:231
sp : ffff800020e96cc0
x29: ffff800020e96cc0 x28: 1fffe0001a174993 x27: dfff800000000000
x26: 1fffe0001a191000 x25: ffff0000d0ba4c90 x24: 0000000000000000
x23: ffff0000d0ba4c98 x22: ffff7000041d2dac x21: 00000000000007d0
x20: 0000000000000000 x19: ffff0000d0ba4c90 x18: ffff800020e96b00
x17: ffff800018a93000 x16: ffff8000084fa148 x15: ffff8000104d3f60
x14: 1ffff00002b380b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000119f4174
x8 : ffff0000d9a30000 x7 : 0000000000000000 x6 : 00000000000007d0
x5 : ffff0000de664068 x4 : ffff800020e96d94 x3 : ffff80000ac83588
x2 : 0000000000000004 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_lock+0xd0/0xe8 net/wireless/core.h:231
nl80211_send_iface+0x6f4/0x1194 net/wireless/nl80211.c:3852
nl80211_dump_interface+0x38c/0x5cc net/wireless/nl80211.c:3985
netlink_dump+0x4a4/0xac8 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x470/0x680 net/netlink/af_netlink.c:2334
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2597
__do_sys_sendmsg net/socket.c:2606 [inline]
__se_sys_sendmsg net/socket.c:2604 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2604
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 15202
hardirqs last enabled at (15201): [<ffff80000897bedc>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (15202): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15186): [<ffff8000104de930>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (15186): [<ffff8000104de930>] release_sock+0x178/0x1cc net/core/sock.c:3511
softirqs last disabled at (15184): [<ffff8000104de7f4>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (15184): [<ffff8000104de7f4>] release_sock+0x3c/0x1cc net/core/sock.c:3498
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4287 at net/wireless/core.h:239 wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
Modules linked in:
CPU: 0 PID: 4287 Comm: syz-executor362 Tainted: G W 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
lr : wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
sp : ffff800020e96cc0
x29: ffff800020e96cc0 x28: 1fffe0001a174993 x27: dfff800000000000
x26: 1fffe0001a191000 x25: ffff0000d0ba4c90 x24: 0000000000000000
x23: 0000000000000000 x22: ffff7000041d2dac x21: 00000000000007d0
x20: 0000000000000000 x19: ffff0000d0ba4c90 x18: 1fffe0003679f576
x17: ffff8000159bd000 x16: ffff8000084fa148 x15: 0000000000000000
x14: 0000000000000009 x13: ffff0000d9a30000 x12: 0000000000ff0100
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000119f4aec
x8 : ffff0000d9a30000 x7 : ffff80000827d408 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000826b0e4
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
nl80211_send_iface+0x954/0x1194 net/wireless/nl80211.c:3878
nl80211_dump_interface+0x38c/0x5cc net/wireless/nl80211.c:3985
netlink_dump+0x4a4/0xac8 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x470/0x680 net/netlink/af_netlink.c:2334
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2597
__do_sys_sendmsg net/socket.c:2606 [inline]
__se_sys_sendmsg net/socket.c:2604 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2604
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 15256
hardirqs last enabled at (15255): [<ffff80000827d4a8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last enabled at (15255): [<ffff80000827d4a8>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (15256): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15246): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (15246): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (15205): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4287 at net/wireless/core.h:231 wdev_lock+0xd0/0xe8 net/wireless/core.h:231
Modules linked in:
CPU: 0 PID: 4287 Comm: syz-executor362 Tainted: G W 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_lock+0xd0/0xe8 net/wireless/core.h:231
lr : wdev_lock+0xd0/0xe8 net/wireless/core.h:231
sp : ffff800020e96cc0
x29: ffff800020e96cc0 x28: 1fffe0001a172993 x27: dfff800000000000
x26: 1fffe0001a181000 x25: ffff0000d0b94c90 x24: 0000000000000000
x23: ffff0000d0b94c98 x22: ffff7000041d2dac x21: 00000000000007d0
x20: 0000000000000000 x19: ffff0000d0b94c90 x18: 1fffe0003679f576
x17: ffff8000159bd000 x16: ffff8000084fa148 x15: 0000000000000000
x14: 1ffff00002b380b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000119f4174
x8 : ffff0000d9a30000 x7 : 0000000000000000 x6 : 00000000000007d0
x5 : ffff0000de6640d0 x4 : ffff800020e96d94 x3 : ffff80000ac83588
x2 : 0000000000000004 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_lock+0xd0/0xe8 net/wireless/core.h:231
nl80211_send_iface+0x6f4/0x1194 net/wireless/nl80211.c:3852
nl80211_dump_interface+0x38c/0x5cc net/wireless/nl80211.c:3985
netlink_dump+0x4a4/0xac8 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x470/0x680 net/netlink/af_netlink.c:2334
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2597
__do_sys_sendmsg net/socket.c:2606 [inline]
__se_sys_sendmsg net/socket.c:2604 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2604
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 15282
hardirqs last enabled at (15281): [<ffff800012286828>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (15281): [<ffff800012286828>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (15282): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15276): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (15276): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (15259): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4287 at net/wireless/core.h:239 wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
Modules linked in:
CPU: 0 PID: 4287 Comm: syz-executor362 Tainted: G W 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
lr : wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
sp : ffff800020e96cc0
x29: ffff800020e96cc0 x28: 1fffe0001a172993 x27: dfff800000000000
x26: 1fffe0001a181000 x25: ffff0000d0b94c90 x24: 0000000000000000
x23: 0000000000000000 x22: ffff7000041d2dac x21: 00000000000007d0
x20: 0000000000000000 x19: ffff0000d0b94c90 x18: 1fffe0003679f576
x17: ffff8000159bd000 x16: ffff8000084fa148 x15: 0000000000000000
x14: 0000000000000009 x13: ffff0000d9a30000 x12: 0000000000ff0100
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000119f4aec
x8 : ffff0000d9a30000 x7 : ffff8000119f4160 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000082fbc10
x2 : ffff0000d9a30000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
nl80211_send_iface+0x954/0x1194 net/wireless/nl80211.c:3878
nl80211_dump_interface+0x38c/0x5cc net/wireless/nl80211.c:3985
netlink_dump+0x4a4/0xac8 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x470/0x680 net/netlink/af_netlink.c:2334
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2597
__do_sys_sendmsg net/socket.c:2606 [inline]
__se_sys_sendmsg net/socket.c:2604 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2604
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 15392
hardirqs last enabled at (15391): [<ffff800012286828>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (15391): [<ffff800012286828>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (15392): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15386): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (15386): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (15285): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 311d8503ef9f Linux 6.1.107
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=2867015e9d1abb4c
dashboard link: https://syzkaller.appspot.com/bug?extid=310a1a9715fc1c9ead61
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1482b263980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14aeec8f980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b07a428f9e33/disk-311d8503.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/78b6435593b7/vmlinux-311d8503.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ca3d4d2e330e/Image-311d8503.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+310a1a...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 0 PID: 4287 Comm: syz-executor362 Not tainted 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_lock+0xd0/0xe8 net/wireless/core.h:231
lr : wdev_lock+0xd0/0xe8 net/wireless/core.h:231
sp : ffff800020e96cc0
x29: ffff800020e96cc0 x28: 1fffe0001a174993 x27: dfff800000000000
x26: 1fffe0001a191000 x25: ffff0000d0ba4c90 x24: 0000000000000000
x23: ffff0000d0ba4c98 x22: ffff7000041d2dac x21: 00000000000007d0
x20: 0000000000000000 x19: ffff0000d0ba4c90 x18: ffff800020e96b00
x17: ffff800018a93000 x16: ffff8000084fa148 x15: ffff8000104d3f60
x14: 1ffff00002b380b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000119f4174
x8 : ffff0000d9a30000 x7 : 0000000000000000 x6 : 00000000000007d0
x5 : ffff0000de664068 x4 : ffff800020e96d94 x3 : ffff80000ac83588
x2 : 0000000000000004 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_lock+0xd0/0xe8 net/wireless/core.h:231
nl80211_send_iface+0x6f4/0x1194 net/wireless/nl80211.c:3852
nl80211_dump_interface+0x38c/0x5cc net/wireless/nl80211.c:3985
netlink_dump+0x4a4/0xac8 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x470/0x680 net/netlink/af_netlink.c:2334
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:714 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
genl_rcv_msg+0x7b4/0xc2c net/netlink/genetlink.c:850
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x55c/0x848 net/socket.c:2514
__sock_sendmsg net/socket.c:730 [inline]
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2597
__do_sys_sendmsg net/socket.c:2606 [inline]
__se_sys_sendmsg net/socket.c:2604 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2604
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 15202
hardirqs last enabled at (15201): [<ffff80000897bedc>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (15202): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15186): [<ffff8000104de930>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (15186): [<ffff8000104de930>] release_sock+0x178/0x1cc net/core/sock.c:3511
softirqs last disabled at (15184): [<ffff8000104de7f4>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (15184): [<ffff8000104de7f4>] release_sock+0x3c/0x1cc net/core/sock.c:3498
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4287 at net/wireless/core.h:239 wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
Modules linked in:
CPU: 0 PID: 4287 Comm: syz-executor362 Tainted: G W 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
lr : wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
sp : ffff800020e96cc0
x29: ffff800020e96cc0 x28: 1fffe0001a174993 x27: dfff800000000000
x26: 1fffe0001a191000 x25: ffff0000d0ba4c90 x24: 0000000000000000
x23: 0000000000000000 x22: ffff7000041d2dac x21: 00000000000007d0
x20: 0000000000000000 x19: ffff0000d0ba4c90 x18: 1fffe0003679f576
x17: ffff8000159bd000 x16: ffff8000084fa148 x15: 0000000000000000
x14: 0000000000000009 x13: ffff0000d9a30000 x12: 0000000000ff0100
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000119f4aec
x8 : ffff0000d9a30000 x7 : ffff80000827d408 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000826b0e4
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
nl80211_send_iface+0x954/0x1194 net/wireless/nl80211.c:3878
nl80211_dump_interface+0x38c/0x5cc net/wireless/nl80211.c:3985
netlink_dump+0x4a4/0xac8 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x470/0x680 net/netlink/af_netlink.c:2334
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:714 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
genl_rcv_msg+0x7b4/0xc2c net/netlink/genetlink.c:850
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x55c/0x848 net/socket.c:2514
__sock_sendmsg net/socket.c:730 [inline]
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2597
__do_sys_sendmsg net/socket.c:2606 [inline]
__se_sys_sendmsg net/socket.c:2604 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2604
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 15256
hardirqs last enabled at (15255): [<ffff80000827d4a8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last enabled at (15255): [<ffff80000827d4a8>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (15256): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15246): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (15246): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (15205): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4287 at net/wireless/core.h:231 wdev_lock+0xd0/0xe8 net/wireless/core.h:231
Modules linked in:
CPU: 0 PID: 4287 Comm: syz-executor362 Tainted: G W 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_lock+0xd0/0xe8 net/wireless/core.h:231
lr : wdev_lock+0xd0/0xe8 net/wireless/core.h:231
sp : ffff800020e96cc0
x29: ffff800020e96cc0 x28: 1fffe0001a172993 x27: dfff800000000000
x26: 1fffe0001a181000 x25: ffff0000d0b94c90 x24: 0000000000000000
x23: ffff0000d0b94c98 x22: ffff7000041d2dac x21: 00000000000007d0
x20: 0000000000000000 x19: ffff0000d0b94c90 x18: 1fffe0003679f576
x17: ffff8000159bd000 x16: ffff8000084fa148 x15: 0000000000000000
x14: 1ffff00002b380b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000119f4174
x8 : ffff0000d9a30000 x7 : 0000000000000000 x6 : 00000000000007d0
x5 : ffff0000de6640d0 x4 : ffff800020e96d94 x3 : ffff80000ac83588
x2 : 0000000000000004 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_lock+0xd0/0xe8 net/wireless/core.h:231
nl80211_send_iface+0x6f4/0x1194 net/wireless/nl80211.c:3852
nl80211_dump_interface+0x38c/0x5cc net/wireless/nl80211.c:3985
netlink_dump+0x4a4/0xac8 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x470/0x680 net/netlink/af_netlink.c:2334
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:714 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
genl_rcv_msg+0x7b4/0xc2c net/netlink/genetlink.c:850
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x55c/0x848 net/socket.c:2514
__sock_sendmsg net/socket.c:730 [inline]
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2597
__do_sys_sendmsg net/socket.c:2606 [inline]
__se_sys_sendmsg net/socket.c:2604 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2604
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 15282
hardirqs last enabled at (15281): [<ffff800012286828>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (15281): [<ffff800012286828>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (15282): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15276): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (15276): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (15259): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4287 at net/wireless/core.h:239 wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
Modules linked in:
CPU: 0 PID: 4287 Comm: syz-executor362 Tainted: G W 6.1.107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
lr : wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
sp : ffff800020e96cc0
x29: ffff800020e96cc0 x28: 1fffe0001a172993 x27: dfff800000000000
x26: 1fffe0001a181000 x25: ffff0000d0b94c90 x24: 0000000000000000
x23: 0000000000000000 x22: ffff7000041d2dac x21: 00000000000007d0
x20: 0000000000000000 x19: ffff0000d0b94c90 x18: 1fffe0003679f576
x17: ffff8000159bd000 x16: ffff8000084fa148 x15: 0000000000000000
x14: 0000000000000009 x13: ffff0000d9a30000 x12: 0000000000ff0100
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000119f4aec
x8 : ffff0000d9a30000 x7 : ffff8000119f4160 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000082fbc10
x2 : ffff0000d9a30000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
wdev_unlock+0xcc/0xe4 net/wireless/core.h:239
nl80211_send_iface+0x954/0x1194 net/wireless/nl80211.c:3878
nl80211_dump_interface+0x38c/0x5cc net/wireless/nl80211.c:3985
netlink_dump+0x4a4/0xac8 net/netlink/af_netlink.c:2232
__netlink_dump_start+0x470/0x680 net/netlink/af_netlink.c:2334
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:714 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
genl_rcv_msg+0x7b4/0xc2c net/netlink/genetlink.c:850
genl_family_rcv_msg net/netlink/genetlink.c:830 [inline]
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1874
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x55c/0x848 net/socket.c:2514
__sock_sendmsg net/socket.c:730 [inline]
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2597
__do_sys_sendmsg net/socket.c:2606 [inline]
__se_sys_sendmsg net/socket.c:2604 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2604
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 15392
hardirqs last enabled at (15391): [<ffff800012286828>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (15391): [<ffff800012286828>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (15392): [<ffff800012284414>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15386): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (15386): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (15285): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Sep 4, 2024, 8:01:29 AMSep 4
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 14e468424d3e Linux 5.15.166
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14f0e6fb980000
kernel config: https://syzkaller.appspot.com/x/.config?x=8d58a8e8a6c2ab88
dashboard link: https://syzkaller.appspot.com/bug?extid=6da468643e351bf0000b
disk image: https://storage.googleapis.com/syzbot-assets/b9a1ffecff66/disk-14e46842.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fd323d571e29/vmlinux-14e46842.xz
kernel image: https://storage.googleapis.com/syzbot-assets/084b21c96955/bzImage-14e46842.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6da468...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10418 at net/wireless/core.h:220 wdev_lock+0x96/0xc0
Modules linked in:
CPU: 0 PID: 10418 Comm: syz.0.3295 Not tainted 5.15.166-syzkaller #0
Code: bd d2 f7 85 ed 74 1e e8 b8 b9 d2 f7 eb 05 e8 b1 b9 d2 f7 48 83 c3 48 48 89 df 31 f6 5b 41 5e 5d e9 8f 09 8f 00 e8 9a b9 d2 f7 <0f> 0b eb e5 48 c7 c1 c4 8e e9 8d 80 e1 07 80 c1 03 38 c1 0f 8c 7b
RSP: 0018:ffffc90002ee6ee0 EFLAGS: 00010283
RAX: ffffffff89ada066 RBX: ffff88802619cc90 RCX: 0000000000040000
RDX: ffffc90003259000 RSI: 000000000000299a RDI: 000000000000299b
RBP: 0000000000000000 R08: ffffffff89ada03f R09: ffffed100f0bc80d
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880614603c0
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff8880785e4014
FS: 00007f3392c1e6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
Call Trace:
<TASK>
nl80211_send_iface+0x763/0xe10 net/wireless/nl80211.c:3631
nl80211_dump_interface+0x490/0x6a0 net/wireless/nl80211.c:3735
netlink_dump+0x5a4/0xca0 net/netlink/af_netlink.c:2279
__netlink_dump_start+0x50f/0x6d0 net/netlink/af_netlink.c:2382
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:689 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:772 [inline]
genl_rcv_msg+0xd89/0x14a0 net/netlink/genetlink.c:792
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2503
genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1352
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1920
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2431
___sys_sendmsg+0x252/0x2e0 net/socket.c:2485
__sys_sendmsg net/socket.c:2514 [inline]
__do_sys_sendmsg net/socket.c:2523 [inline]
__se_sys_sendmsg+0x19a/0x260 net/socket.c:2521
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f33947a4ef9
RAX: ffffffffffffffda RBX: 00007f339495df80 RCX: 00007f33947a4ef9
syzbot found the following issue on:
HEAD commit: 14e468424d3e Linux 5.15.166
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14f0e6fb980000
kernel config: https://syzkaller.appspot.com/x/.config?x=8d58a8e8a6c2ab88
dashboard link: https://syzkaller.appspot.com/bug?extid=6da468643e351bf0000b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b9a1ffecff66/disk-14e46842.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fd323d571e29/vmlinux-14e46842.xz
kernel image: https://storage.googleapis.com/syzbot-assets/084b21c96955/bzImage-14e46842.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10418 at net/wireless/core.h:220 wdev_lock+0x96/0xc0
Modules linked in:
CPU: 0 PID: 10418 Comm: syz.0.3295 Not tainted 5.15.166-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:wdev_lock+0x96/0xc0 net/wireless/core.h:220
Code: bd d2 f7 85 ed 74 1e e8 b8 b9 d2 f7 eb 05 e8 b1 b9 d2 f7 48 83 c3 48 48 89 df 31 f6 5b 41 5e 5d e9 8f 09 8f 00 e8 9a b9 d2 f7 <0f> 0b eb e5 48 c7 c1 c4 8e e9 8d 80 e1 07 80 c1 03 38 c1 0f 8c 7b
RSP: 0018:ffffc90002ee6ee0 EFLAGS: 00010283
RAX: ffffffff89ada066 RBX: ffff88802619cc90 RCX: 0000000000040000
RDX: ffffc90003259000 RSI: 000000000000299a RDI: 000000000000299b
RBP: 0000000000000000 R08: ffffffff89ada03f R09: ffffed100f0bc80d
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880614603c0
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff8880785e4014
FS: 00007f3392c1e6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f28dbe522d8 CR3: 000000007364c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
nl80211_send_iface+0x763/0xe10 net/wireless/nl80211.c:3631
nl80211_dump_interface+0x490/0x6a0 net/wireless/nl80211.c:3735
netlink_dump+0x5a4/0xca0 net/netlink/af_netlink.c:2279
__netlink_dump_start+0x50f/0x6d0 net/netlink/af_netlink.c:2382
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:689 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:772 [inline]
genl_rcv_msg+0xd89/0x14a0 net/netlink/genetlink.c:792
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2503
genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1352
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1920
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2431
___sys_sendmsg+0x252/0x2e0 net/socket.c:2485
__sys_sendmsg net/socket.c:2514 [inline]
__do_sys_sendmsg net/socket.c:2523 [inline]
__se_sys_sendmsg+0x19a/0x260 net/socket.c:2521
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f33947a4ef9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3392c1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f339495df80 RCX: 00007f33947a4ef9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f339481701e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f339495df80 R15: 00007ffeea5d4428
syzbot
Sep 4, 2024, 1:29:22 PMSep 4
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 14e468424d3e Linux 5.15.166
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1205168f980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16341339980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b9a1ffecff66/disk-14e46842.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fd323d571e29/vmlinux-14e46842.xz
kernel image: https://storage.googleapis.com/syzbot-assets/084b21c96955/bzImage-14e46842.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6da468...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3562 at net/wireless/core.h:220 wdev_lock+0x96/0xc0
Modules linked in:
CPU: 1 PID: 3562 Comm: syz-executor365 Not tainted 5.15.166-syzkaller #0
RAX: ffffffff89ada066 RBX: ffff888022f64c90 RCX: ffff88801e85bb80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff89ada03f R09: ffffed100411840d
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888029c6db40
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff8880208c2014
FS: 0000555577c25380(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcf5ad1568 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ffcf5ad1738 RCX: 00007fbfde146329
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffcf5ad1728 R14: 0000000000000001 R15: 0000000000000001
</TASK>
HEAD commit: 14e468424d3e Linux 5.15.166
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=8d58a8e8a6c2ab88
dashboard link: https://syzkaller.appspot.com/bug?extid=6da468643e351bf0000b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=175f14ab980000
dashboard link: https://syzkaller.appspot.com/bug?extid=6da468643e351bf0000b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16341339980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b9a1ffecff66/disk-14e46842.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fd323d571e29/vmlinux-14e46842.xz
kernel image: https://storage.googleapis.com/syzbot-assets/084b21c96955/bzImage-14e46842.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6da468...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 1 PID: 3562 Comm: syz-executor365 Not tainted 5.15.166-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:wdev_lock+0x96/0xc0 net/wireless/core.h:220
Code: bd d2 f7 85 ed 74 1e e8 b8 b9 d2 f7 eb 05 e8 b1 b9 d2 f7 48 83 c3 48 48 89 df 31 f6 5b 41 5e 5d e9 8f 09 8f 00 e8 9a b9 d2 f7 <0f> 0b eb e5 48 c7 c1 c4 8e e9 8d 80 e1 07 80 c1 03 38 c1 0f 8c 7b
RSP: 0018:ffffc90002516ee0 EFLAGS: 00010293
RIP: 0010:wdev_lock+0x96/0xc0 net/wireless/core.h:220
Code: bd d2 f7 85 ed 74 1e e8 b8 b9 d2 f7 eb 05 e8 b1 b9 d2 f7 48 83 c3 48 48 89 df 31 f6 5b 41 5e 5d e9 8f 09 8f 00 e8 9a b9 d2 f7 <0f> 0b eb e5 48 c7 c1 c4 8e e9 8d 80 e1 07 80 c1 03 38 c1 0f 8c 7b
RAX: ffffffff89ada066 RBX: ffff888022f64c90 RCX: ffff88801e85bb80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff89ada03f R09: ffffed100411840d
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888029c6db40
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff8880208c2014
FS: 0000555577c25380(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020034000 CR3: 000000007d186000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
nl80211_send_iface+0x763/0xe10 net/wireless/nl80211.c:3631
nl80211_dump_interface+0x490/0x6a0 net/wireless/nl80211.c:3735
netlink_dump+0x5a4/0xca0 net/netlink/af_netlink.c:2279
__netlink_dump_start+0x50f/0x6d0 net/netlink/af_netlink.c:2382
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:689 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:772 [inline]
genl_rcv_msg+0xd89/0x14a0 net/netlink/genetlink.c:792
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2503
genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1352
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1920
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2431
___sys_sendmsg+0x252/0x2e0 net/socket.c:2485
__sys_sendmsg net/socket.c:2514 [inline]
__do_sys_sendmsg net/socket.c:2523 [inline]
__se_sys_sendmsg+0x19a/0x260 net/socket.c:2521
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fbfde146329
<TASK>
nl80211_send_iface+0x763/0xe10 net/wireless/nl80211.c:3631
nl80211_dump_interface+0x490/0x6a0 net/wireless/nl80211.c:3735
netlink_dump+0x5a4/0xca0 net/netlink/af_netlink.c:2279
__netlink_dump_start+0x50f/0x6d0 net/netlink/af_netlink.c:2382
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:689 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:772 [inline]
genl_rcv_msg+0xd89/0x14a0 net/netlink/genetlink.c:792
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2503
genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1352
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1920
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2431
___sys_sendmsg+0x252/0x2e0 net/socket.c:2485
__sys_sendmsg net/socket.c:2514 [inline]
__do_sys_sendmsg net/socket.c:2523 [inline]
__se_sys_sendmsg+0x19a/0x260 net/socket.c:2521
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcf5ad1568 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ffcf5ad1738 RCX: 00007fbfde146329
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007fbfde1b9610 R08: 0000000000000000 R09: 00007ffcf5ad1738
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffcf5ad1728 R14: 0000000000000001 R15: 0000000000000001
</TASK>
Reply all
Reply to author
Forward
0 new messages