[moderation/CI] Re: wifi: cfg80211/nl80211: Add NAN Data Path support
0 views
Skip to first unread message
syzbot ci
Jan 7, 2026, 5:16:41 PM (4 days ago) Jan 7
to syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
syzbot ci has tested the following series
[v1] wifi: cfg80211/nl80211: Add NAN Data Path support
https://lore.kernel.org/all/20260107132003.2291979-1...@intel.com
* [PATCH wireless-next 01/15] wifi: nl80211: refactor nl80211_parse_chandef
* [PATCH wireless-next 02/15] wifi: nl80211/cfg80211: support stations of non-netdev interfaces
* [PATCH wireless-next 03/15] wifi: cfg80211: refactor wiphy_suspend
* [PATCH wireless-next 04/15] wifi: nl80211: don't allow DFS channels for NAN
* [PATCH wireless-next 05/15] wifi: cfg80211: Add an API to configure local NAN schedule
* [PATCH wireless-next 06/15] wifi: cfg80211: store the chandefs used for NAN
* [PATCH wireless-next 07/15] wifi: cfg80211: make sure NAN chandefs are valid
* [PATCH wireless-next 08/15] wifi: cfg80211: add support for NAN data interface
* [PATCH wireless-next 09/15] wifi: cfg80211: separately store HT, VHT and HE capabilities for NAN
* [PATCH wireless-next 10/15] wifi: nl80211: add support for NAN stations
* [PATCH wireless-next 11/15] wifi: nl80211: define an API for configuring the NAN peer's schedule
* [PATCH wireless-next 12/15] wifi: cfg80211: allow ToDS=0/FromDS=0 data frames on NAN data interfaces
* [PATCH wireless-next 13/15] wifi: nl80211: allow reporting spurious NAN Data frames
* [PATCH wireless-next 14/15] wifi: cfg80211: support key installation on non-netdev wdevs
* [PATCH wireless-next 15/15] wifi: cfg80211: allow protected action frame TX for NAN
and found the following issue:
possible deadlock in cfg80211_leave
Full report is available here:
https://ci.syzbot.org/series/233ae6b9-f1a6-42ee-a9ad-23778617ac45
***
possible deadlock in cfg80211_leave
tree: torvalds
URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
base: 805f9a061372164d43ddef771d7cd63e3ba6d845
arch: amd64
compiler: Debian clang version 21.1.8 (++20251202083448+f68f64eb8130-1~exp1~20251202083504.46), Debian LLD 21.1.8
config: https://ci.syzbot.org/builds/ef828e0d-7b43-4e85-a3b3-c8a39bcbb3c9/config
C repro: https://ci.syzbot.org/findings/f7def9d9-24af-4952-b991-2e6c88f8fb50/c_repro
syz repro: https://ci.syzbot.org/findings/f7def9d9-24af-4952-b991-2e6c88f8fb50/syz_repro
============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
kworker/1:3/1286 is trying to acquire lock:
ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6552 [inline]
ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_leave+0x17e/0x240 net/wireless/core.c:1507
but task is already holding lock:
ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6552 [inline]
ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_destroy_ifaces+0x128/0x1e0 net/wireless/core.c:394
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&rdev->wiphy.mtx);
lock(&rdev->wiphy.mtx);
*** DEADLOCK ***
May be due to missing lock nesting notation
4 locks held by kworker/1:3/1286:
#0: ffff888100075948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff888100075948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
#1: ffffc90008c3fbc0 ((work_completion)(&rdev->destroy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90008c3fbc0 ((work_completion)(&rdev->destroy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
#2: ffffffff8f714e88 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_destroy_iface_wk+0x19/0x30 net/wireless/core.c:424
#3: ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6552 [inline]
#3: ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_destroy_ifaces+0x128/0x1e0 net/wireless/core.c:394
stack backtrace:
CPU: 1 UID: 0 PID: 1286 Comm: kworker/1:3 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: events cfg80211_destroy_iface_wk
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_deadlock_bug+0x279/0x290 kernel/locking/lockdep.c:3041
check_deadlock kernel/locking/lockdep.c:3093 [inline]
validate_chain kernel/locking/lockdep.c:3895 [inline]
__lock_acquire+0x253f/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x106/0x330 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/mutex.c:614 [inline]
__mutex_lock+0x19f/0x1340 kernel/locking/mutex.c:776
class_wiphy_constructor include/net/cfg80211.h:6552 [inline]
cfg80211_leave+0x17e/0x240 net/wireless/core.c:1507
cfg80211_destroy_ifaces+0x137/0x1e0 net/wireless/core.c:396
cfg80211_destroy_iface_wk+0x21/0x30 net/wireless/core.c:425
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
worker_thread+0x89f/0xd90 kernel/workqueue.c:3421
kthread+0x726/0x8b0 kernel/kthread.c:463
ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
</TASK>
***
If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
Tested-by: syz...@syzkaller.appspotmail.com
---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzk...@googlegroups.com.
The email will later be sent to:
[avraha...@intel.com daniel...@intel.com johann...@intel.com linux-w...@vger.kernel.org miriam.rach...@intel.com]
If the report looks fine to you, reply with:
#syz upstream
If the report is a false positive, reply with
#syz invalid
[v1] wifi: cfg80211/nl80211: Add NAN Data Path support
https://lore.kernel.org/all/20260107132003.2291979-1...@intel.com
* [PATCH wireless-next 01/15] wifi: nl80211: refactor nl80211_parse_chandef
* [PATCH wireless-next 02/15] wifi: nl80211/cfg80211: support stations of non-netdev interfaces
* [PATCH wireless-next 03/15] wifi: cfg80211: refactor wiphy_suspend
* [PATCH wireless-next 04/15] wifi: nl80211: don't allow DFS channels for NAN
* [PATCH wireless-next 05/15] wifi: cfg80211: Add an API to configure local NAN schedule
* [PATCH wireless-next 06/15] wifi: cfg80211: store the chandefs used for NAN
* [PATCH wireless-next 07/15] wifi: cfg80211: make sure NAN chandefs are valid
* [PATCH wireless-next 08/15] wifi: cfg80211: add support for NAN data interface
* [PATCH wireless-next 09/15] wifi: cfg80211: separately store HT, VHT and HE capabilities for NAN
* [PATCH wireless-next 10/15] wifi: nl80211: add support for NAN stations
* [PATCH wireless-next 11/15] wifi: nl80211: define an API for configuring the NAN peer's schedule
* [PATCH wireless-next 12/15] wifi: cfg80211: allow ToDS=0/FromDS=0 data frames on NAN data interfaces
* [PATCH wireless-next 13/15] wifi: nl80211: allow reporting spurious NAN Data frames
* [PATCH wireless-next 14/15] wifi: cfg80211: support key installation on non-netdev wdevs
* [PATCH wireless-next 15/15] wifi: cfg80211: allow protected action frame TX for NAN
and found the following issue:
possible deadlock in cfg80211_leave
Full report is available here:
https://ci.syzbot.org/series/233ae6b9-f1a6-42ee-a9ad-23778617ac45
***
possible deadlock in cfg80211_leave
tree: torvalds
URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
base: 805f9a061372164d43ddef771d7cd63e3ba6d845
arch: amd64
compiler: Debian clang version 21.1.8 (++20251202083448+f68f64eb8130-1~exp1~20251202083504.46), Debian LLD 21.1.8
config: https://ci.syzbot.org/builds/ef828e0d-7b43-4e85-a3b3-c8a39bcbb3c9/config
C repro: https://ci.syzbot.org/findings/f7def9d9-24af-4952-b991-2e6c88f8fb50/c_repro
syz repro: https://ci.syzbot.org/findings/f7def9d9-24af-4952-b991-2e6c88f8fb50/syz_repro
============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
kworker/1:3/1286 is trying to acquire lock:
ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6552 [inline]
ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_leave+0x17e/0x240 net/wireless/core.c:1507
but task is already holding lock:
ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6552 [inline]
ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_destroy_ifaces+0x128/0x1e0 net/wireless/core.c:394
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&rdev->wiphy.mtx);
lock(&rdev->wiphy.mtx);
*** DEADLOCK ***
May be due to missing lock nesting notation
4 locks held by kworker/1:3/1286:
#0: ffff888100075948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff888100075948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
#1: ffffc90008c3fbc0 ((work_completion)(&rdev->destroy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90008c3fbc0 ((work_completion)(&rdev->destroy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
#2: ffffffff8f714e88 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_destroy_iface_wk+0x19/0x30 net/wireless/core.c:424
#3: ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6552 [inline]
#3: ffff888113640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_destroy_ifaces+0x128/0x1e0 net/wireless/core.c:394
stack backtrace:
CPU: 1 UID: 0 PID: 1286 Comm: kworker/1:3 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: events cfg80211_destroy_iface_wk
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_deadlock_bug+0x279/0x290 kernel/locking/lockdep.c:3041
check_deadlock kernel/locking/lockdep.c:3093 [inline]
validate_chain kernel/locking/lockdep.c:3895 [inline]
__lock_acquire+0x253f/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x106/0x330 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/mutex.c:614 [inline]
__mutex_lock+0x19f/0x1340 kernel/locking/mutex.c:776
class_wiphy_constructor include/net/cfg80211.h:6552 [inline]
cfg80211_leave+0x17e/0x240 net/wireless/core.c:1507
cfg80211_destroy_ifaces+0x137/0x1e0 net/wireless/core.c:396
cfg80211_destroy_iface_wk+0x21/0x30 net/wireless/core.c:425
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
worker_thread+0x89f/0xd90 kernel/workqueue.c:3421
kthread+0x726/0x8b0 kernel/kthread.c:463
ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
</TASK>
***
If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
Tested-by: syz...@syzkaller.appspotmail.com
---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzk...@googlegroups.com.
The email will later be sent to:
[avraha...@intel.com daniel...@intel.com johann...@intel.com linux-w...@vger.kernel.org miriam.rach...@intel.com]
If the report looks fine to you, reply with:
#syz upstream
If the report is a false positive, reply with
#syz invalid
Aleksandr Nogikh
Jan 8, 2026, 2:34:14 AM (4 days ago) Jan 8
to syzbot ci, syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
#syz upstream
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/695edb46.050a0220.1c677c.0382.GAE%40google.com.
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/695edb46.050a0220.1c677c.0382.GAE%40google.com.
Reply all
Reply to author
Forward
0 new messages