[v5.15] WARNING in ieee80211_determine_chantype
0 views
Skip to first unread message
syzbot
Aug 19, 2025, 4:56:35 PMAug 19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c79648372d02 Linux 5.15.189
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=165d1442580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9e47345638b85bd0
dashboard link: https://syzkaller.appspot.com/bug?extid=0c89109adfe3d5737326
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ab49562317a/disk-c7964837.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e847ec1e38d3/vmlinux-c7964837.xz
kernel image: https://storage.googleapis.com/syzbot-assets/263158c6371c/Image-c7964837.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0c8910...@syzkaller.appspotmail.com
wlan1: authenticate with 08:02:11:00:00:00
------------[ cut here ]------------
WARNING: CPU: 1 PID: 7770 at net/mac80211/mlme.c:335 ieee80211_determine_chantype+0x7d4/0xef0 net/mac80211/mlme.c:335
Modules linked in:
CPU: 1 PID: 7770 Comm: syz.5.1040 Not tainted 5.15.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ieee80211_determine_chantype+0x7d4/0xef0 net/mac80211/mlme.c:335
lr : ieee80211_determine_chantype+0x7d4/0xef0 net/mac80211/mlme.c:335
sp : ffff80001fe86660
x29: ffff80001fe867c0 x28: 0000000000000001 x27: 0000000000000003
x26: 1fffe0001e424a51 x25: 0000000000010810 x24: 1fffe0001aa8a6ae
x23: 0000000000000000 x22: ffff80001fe86938 x21: ffff0000f2125288
x20: ffff80001fe86930 x19: dfff800000000000 x18: 0000000000000000
x17: 0000000000000002 x16: ffff800010a19950 x15: 000000000000000c
x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000080000
x11: 000000000000392b x10: ffff80002b608000 x9 : ffff800010c2c868
x8 : 000000000000392c x7 : 0000096c00000000 x6 : ffff0000d5453570
x5 : ffff80001fe86720 x4 : ffff80001fe86950 x3 : ffff800010c2c3bc
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
ieee80211_determine_chantype+0x7d4/0xef0 net/mac80211/mlme.c:335
ieee80211_prep_channel net/mac80211/mlme.c:5160 [inline]
ieee80211_prep_connection+0x1e18/0x2fd0 net/mac80211/mlme.c:5373
ieee80211_mgd_auth+0x858/0xbf0 net/mac80211/mlme.c:5538
ieee80211_auth+0x28/0x38 net/mac80211/cfg.c:2550
rdev_auth net/wireless/rdev-ops.h:458 [inline]
cfg80211_mlme_auth+0x378/0x8a0 net/wireless/mlme.c:273
cfg80211_conn_do_work+0x3c0/0x980 net/wireless/sme.c:171
cfg80211_sme_connect net/wireless/sme.c:594 [inline]
cfg80211_connect+0x1250/0x1c7c net/wireless/sme.c:1277
nl80211_connect+0xfb0/0x1434 net/wireless/nl80211.c:10950
genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
genl_rcv_msg+0x8b4/0xb6c net/netlink/genetlink.c:792
netlink_rcv_skb+0x208/0x3c4 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x624/0x8b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6e8/0x9cc net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
____sys_sendmsg+0x61c/0x920 net/socket.c:2436
___sys_sendmsg+0x1d0/0x240 net/socket.c:2490
__sys_sendmsg net/socket.c:2519 [inline]
__do_sys_sendmsg net/socket.c:2528 [inline]
__se_sys_sendmsg net/socket.c:2526 [inline]
__arm64_sys_sendmsg+0x1a8/0x254 net/socket.c:2526
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 880
hardirqs last enabled at (879): [<ffff80000870d06c>] mod_lruvec_page_state include/linux/vmstat.h:497 [inline]
hardirqs last enabled at (879): [<ffff80000870d06c>] kmalloc_order+0xc4/0x160 mm/slab_common.c:989
hardirqs last disabled at (880): [<ffff8000111b7ff8>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (850): [<ffff80001096ca2c>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last enabled at (850): [<ffff80001096ca2c>] cfg80211_get_bss+0x824/0xc68 net/wireless/scan.c:1547
softirqs last disabled at (848): [<ffff80001096c328>] spin_lock_bh include/linux/spinlock.h:368 [inline]
softirqs last disabled at (848): [<ffff80001096c328>] cfg80211_get_bss+0x120/0xc68 net/wireless/scan.c:1521
---[ end trace 40cf47969fce8aa9 ]---
wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c79648372d02 Linux 5.15.189
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=165d1442580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9e47345638b85bd0
dashboard link: https://syzkaller.appspot.com/bug?extid=0c89109adfe3d5737326
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ab49562317a/disk-c7964837.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e847ec1e38d3/vmlinux-c7964837.xz
kernel image: https://storage.googleapis.com/syzbot-assets/263158c6371c/Image-c7964837.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0c8910...@syzkaller.appspotmail.com
wlan1: authenticate with 08:02:11:00:00:00
------------[ cut here ]------------
WARNING: CPU: 1 PID: 7770 at net/mac80211/mlme.c:335 ieee80211_determine_chantype+0x7d4/0xef0 net/mac80211/mlme.c:335
Modules linked in:
CPU: 1 PID: 7770 Comm: syz.5.1040 Not tainted 5.15.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ieee80211_determine_chantype+0x7d4/0xef0 net/mac80211/mlme.c:335
lr : ieee80211_determine_chantype+0x7d4/0xef0 net/mac80211/mlme.c:335
sp : ffff80001fe86660
x29: ffff80001fe867c0 x28: 0000000000000001 x27: 0000000000000003
x26: 1fffe0001e424a51 x25: 0000000000010810 x24: 1fffe0001aa8a6ae
x23: 0000000000000000 x22: ffff80001fe86938 x21: ffff0000f2125288
x20: ffff80001fe86930 x19: dfff800000000000 x18: 0000000000000000
x17: 0000000000000002 x16: ffff800010a19950 x15: 000000000000000c
x14: 0000000000ff0100 x13: ffffffffffffffff x12: 0000000000080000
x11: 000000000000392b x10: ffff80002b608000 x9 : ffff800010c2c868
x8 : 000000000000392c x7 : 0000096c00000000 x6 : ffff0000d5453570
x5 : ffff80001fe86720 x4 : ffff80001fe86950 x3 : ffff800010c2c3bc
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
ieee80211_determine_chantype+0x7d4/0xef0 net/mac80211/mlme.c:335
ieee80211_prep_channel net/mac80211/mlme.c:5160 [inline]
ieee80211_prep_connection+0x1e18/0x2fd0 net/mac80211/mlme.c:5373
ieee80211_mgd_auth+0x858/0xbf0 net/mac80211/mlme.c:5538
ieee80211_auth+0x28/0x38 net/mac80211/cfg.c:2550
rdev_auth net/wireless/rdev-ops.h:458 [inline]
cfg80211_mlme_auth+0x378/0x8a0 net/wireless/mlme.c:273
cfg80211_conn_do_work+0x3c0/0x980 net/wireless/sme.c:171
cfg80211_sme_connect net/wireless/sme.c:594 [inline]
cfg80211_connect+0x1250/0x1c7c net/wireless/sme.c:1277
nl80211_connect+0xfb0/0x1434 net/wireless/nl80211.c:10950
genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
genl_rcv_msg+0x8b4/0xb6c net/netlink/genetlink.c:792
netlink_rcv_skb+0x208/0x3c4 net/netlink/af_netlink.c:2507
genl_rcv+0x38/0x50 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x624/0x8b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6e8/0x9cc net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
____sys_sendmsg+0x61c/0x920 net/socket.c:2436
___sys_sendmsg+0x1d0/0x240 net/socket.c:2490
__sys_sendmsg net/socket.c:2519 [inline]
__do_sys_sendmsg net/socket.c:2528 [inline]
__se_sys_sendmsg net/socket.c:2526 [inline]
__arm64_sys_sendmsg+0x1a8/0x254 net/socket.c:2526
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 880
hardirqs last enabled at (879): [<ffff80000870d06c>] mod_lruvec_page_state include/linux/vmstat.h:497 [inline]
hardirqs last enabled at (879): [<ffff80000870d06c>] kmalloc_order+0xc4/0x160 mm/slab_common.c:989
hardirqs last disabled at (880): [<ffff8000111b7ff8>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last enabled at (850): [<ffff80001096ca2c>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last enabled at (850): [<ffff80001096ca2c>] cfg80211_get_bss+0x824/0xc68 net/wireless/scan.c:1547
softirqs last disabled at (848): [<ffff80001096c328>] spin_lock_bh include/linux/spinlock.h:368 [inline]
softirqs last disabled at (848): [<ffff80001096c328>] cfg80211_get_bss+0x120/0xc68 net/wireless/scan.c:1521
---[ end trace 40cf47969fce8aa9 ]---
wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
3:56 PM (8 hours ago) 3:56 PM
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages