[v6.6] WARNING in ieee80211_link_info_change_notify
0 views
Skip to first unread message
syzbot
May 22, 2026, 12:27:22 AM (4 days ago) May 22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: eac8889a3a1c Linux 6.6.140
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11cefa73980000
kernel config: https://syzkaller.appspot.com/x/.config?x=c5b35c4db8465904
dashboard link: https://syzkaller.appspot.com/bug?extid=d78755d1d93ad022d727
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/284081ee4b1a/disk-eac8889a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6503c72409ee/vmlinux-eac8889a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5e529dbebdcb/bzImage-eac8889a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d78755...@syzkaller.appspotmail.com
------------[ cut here ]------------
wlan1: Failed check-sdata-in-driver check, flags: 0x0
WARNING: CPU: 1 PID: 12087 at net/mac80211/main.c:291 ieee80211_link_info_change_notify+0x250/0x2f0 net/mac80211/main.c:291
Modules linked in:
CPU: 1 PID: 12087 Comm: syz.3.1314 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ieee80211_link_info_change_notify+0x250/0x2f0 net/mac80211/main.c:291
Code: 74 05 e8 c3 66 eb f7 49 8b 86 10 09 00 00 49 8d b6 30 09 00 00 48 85 c0 48 0f 45 f0 48 c7 c7 60 aa de 8b 89 ea e8 d0 e0 5c f7 <0f> 0b e9 f8 fe ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 3c fe ff
RSP: 0018:ffffc90010707ab0 EFLAGS: 00010246
RAX: 8ee63d1bcb942800 RBX: 0000000000040000 RCX: 0000000000080000
RDX: ffffc9000cee9000 RSI: 00000000000069c8 RDI: 00000000000069c9
RBP: 0000000000000000 R08: ffffc900107076a7 R09: 1ffff920020e0ed4
R10: dffffc0000000000 R11: fffff520020e0ed5 R12: dffffc0000000000
R13: ffff88802df095a0 R14: ffff88802df08c80 R15: ffff88802df09598
FS: 00007f7e6a0566c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7e69185fc0 CR3: 000000001be6d000 CR4: 00000000003506e0
Call Trace:
<TASK>
ieee80211_set_tx_power+0x28f/0x960 net/mac80211/cfg.c:-1
rdev_set_tx_power net/wireless/rdev-ops.h:598 [inline]
cfg80211_wext_siwtxpower+0x32f/0x500 net/wireless/wext-compat.c:976
ioctl_standard_call+0xd8/0x2b0 net/wireless/wext-core.c:1045
wireless_process_ioctl net/wireless/wext-core.c:-1 [inline]
wext_ioctl_dispatch+0x1cb/0x600 net/wireless/wext-core.c:1016
wext_handle_ioctl+0x117/0x1d0 net/wireless/wext-core.c:1077
sock_ioctl+0x15d/0x7e0 net/socket.c:1272
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:871 [inline]
__se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7e6919ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7e6a056028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7e69415fa0 RCX: 00007f7e6919ce59
RDX: 0000200000000000 RSI: 0000000000008b26 RDI: 0000000000000004
RBP: 00007f7e69232d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f7e69416038 R14: 00007f7e69415fa0 R15: 00007ffd08076418
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: eac8889a3a1c Linux 6.6.140
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11cefa73980000
kernel config: https://syzkaller.appspot.com/x/.config?x=c5b35c4db8465904
dashboard link: https://syzkaller.appspot.com/bug?extid=d78755d1d93ad022d727
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/284081ee4b1a/disk-eac8889a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6503c72409ee/vmlinux-eac8889a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5e529dbebdcb/bzImage-eac8889a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d78755...@syzkaller.appspotmail.com
------------[ cut here ]------------
wlan1: Failed check-sdata-in-driver check, flags: 0x0
WARNING: CPU: 1 PID: 12087 at net/mac80211/main.c:291 ieee80211_link_info_change_notify+0x250/0x2f0 net/mac80211/main.c:291
Modules linked in:
CPU: 1 PID: 12087 Comm: syz.3.1314 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:ieee80211_link_info_change_notify+0x250/0x2f0 net/mac80211/main.c:291
Code: 74 05 e8 c3 66 eb f7 49 8b 86 10 09 00 00 49 8d b6 30 09 00 00 48 85 c0 48 0f 45 f0 48 c7 c7 60 aa de 8b 89 ea e8 d0 e0 5c f7 <0f> 0b e9 f8 fe ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 3c fe ff
RSP: 0018:ffffc90010707ab0 EFLAGS: 00010246
RAX: 8ee63d1bcb942800 RBX: 0000000000040000 RCX: 0000000000080000
RDX: ffffc9000cee9000 RSI: 00000000000069c8 RDI: 00000000000069c9
RBP: 0000000000000000 R08: ffffc900107076a7 R09: 1ffff920020e0ed4
R10: dffffc0000000000 R11: fffff520020e0ed5 R12: dffffc0000000000
R13: ffff88802df095a0 R14: ffff88802df08c80 R15: ffff88802df09598
FS: 00007f7e6a0566c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7e69185fc0 CR3: 000000001be6d000 CR4: 00000000003506e0
Call Trace:
<TASK>
ieee80211_set_tx_power+0x28f/0x960 net/mac80211/cfg.c:-1
rdev_set_tx_power net/wireless/rdev-ops.h:598 [inline]
cfg80211_wext_siwtxpower+0x32f/0x500 net/wireless/wext-compat.c:976
ioctl_standard_call+0xd8/0x2b0 net/wireless/wext-core.c:1045
wireless_process_ioctl net/wireless/wext-core.c:-1 [inline]
wext_ioctl_dispatch+0x1cb/0x600 net/wireless/wext-core.c:1016
wext_handle_ioctl+0x117/0x1d0 net/wireless/wext-core.c:1077
sock_ioctl+0x15d/0x7e0 net/socket.c:1272
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:871 [inline]
__se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7e6919ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7e6a056028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7e69415fa0 RCX: 00007f7e6919ce59
RDX: 0000200000000000 RSI: 0000000000008b26 RDI: 0000000000000004
RBP: 00007f7e69232d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f7e69416038 R14: 00007f7e69415fa0 R15: 00007ffd08076418
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages