syzbot

 sign-in | mailing list | source | docs
🐞 Open [1458]
Subsystems
🐞 Fixed [6865]
🐞 Invalid [17829]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING in drv_get_tsf (2)

Status: upstream: reported syz repro on 2026/01/18 21:26
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+2cecf0e829ae2219d419@syzkaller.appspotmail.com
First crash: 4d14h, last: 4d02h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [wireless?] WARNING in drv_get_tsf (2) 0 (11) 2026/01/18 23:55
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in drv_get_tsf wireless -1 8 149d 394d 0/29 auto-obsoleted due to no activity on 2025/11/30 23:58
Last patch testing requests (10)
Created Duration User Patch Repo Result
2026/01/18 23:55 0m kapoorarnav43@gmail.com patch upstream error
2026/01/18 23:51 8m kapoorarnav43@gmail.com patch upstream error
2026/01/18 23:29 8m kapoorarnav43@gmail.com patch upstream error
2026/01/18 23:26 0m kapoorarnav43@gmail.com patch upstream error
2026/01/18 23:10 8m kapoorarnav43@gmail.com patch upstream error
2026/01/18 22:52 8m kapoorarnav43@gmail.com patch upstream error
2026/01/18 22:38 8m kapoorarnav43@gmail.com patch upstream error
2026/01/18 22:25 8m kapoorarnav43@gmail.com patch upstream error
2026/01/18 21:59 8m kapoorarnav43@gmail.com patch upstream error
2026/01/18 21:37 8m kapoorarnav43@gmail.com patch upstream error

Sample crash report:
------------[ cut here ]------------
wlan1: Failed check-sdata-in-driver check, flags: 0x0
WARNING: net/mac80211/driver-ops.c:255 at drv_get_tsf+0x187/0x6f0 net/mac80211/driver-ops.c:255, CPU#0: kworker/u8:11/3538
Modules linked in:
CPU: 0 UID: 0 PID: 3538 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:drv_get_tsf+0x18d/0x6f0 net/mac80211/driver-ops.c:255
Code: 0a 00 00 4d 85 e4 0f 84 95 04 00 00 e8 8c 9a dc f6 49 81 c4 20 01 00 00 e8 80 9a dc f6 48 8d 3d 49 e9 b6 05 44 89 f2 4c 89 e6 <67> 48 0f b9 3a e8 69 9a dc f6 4c 89 ea 48 b8 00 00 00 00 00 fc ff
RSP: 0018:ffffc9000c49fb08 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88805c0c4d80 RCX: ffffffff8ae1c32f
RDX: 0000000000000000 RSI: ffff88805c0c4120 RDI: ffffffff9098acd0
RBP: ffff888031cc8e80 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: ffff88803190c830 R12: ffff88805c0c4120
R13: ffff88805c0c57b8 R14: 0000000000000000 R15: ffff888031cc86d0
FS:  0000000000000000(0000) GS:ffff8881248f9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f239b3156c0 CR3: 0000000075ed0000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 ieee80211_if_fmt_tsf+0x42/0x70 net/mac80211/debugfs_netdev.c:659
 wiphy_locked_debugfs_read_work+0xe6/0x1c0 net/wireless/debugfs.c:168
 cfg80211_wiphy_work+0x3fb/0x560 net/wireless/core.c:438
 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	00 00                	add    %al,(%rax)
   2:	4d 85 e4             	test   %r12,%r12
   5:	0f 84 95 04 00 00    	je     0x4a0
   b:	e8 8c 9a dc f6       	call   0xf6dc9a9c
  10:	49 81 c4 20 01 00 00 	add    $0x120,%r12
  17:	e8 80 9a dc f6       	call   0xf6dc9a9c
  1c:	48 8d 3d 49 e9 b6 05 	lea    0x5b6e949(%rip),%rdi        # 0x5b6e96c
  23:	44 89 f2             	mov    %r14d,%edx
  26:	4c 89 e6             	mov    %r12,%rsi
* 29:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2e:	e8 69 9a dc f6       	call   0xf6dc9a9c
  33:	4c 89 ea             	mov    %r13,%rdx
  36:	48                   	rex.W
  37:	b8 00 00 00 00       	mov    $0x0,%eax
  3c:	00 fc                	add    %bh,%ah
  3e:	ff                   	.byte 0xff

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/15 08:52 upstream 944aacb68baf d1b870e1 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto WARNING in drv_get_tsf
2026/01/14 21:17 upstream c537e12daeec d1b870e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto WARNING in drv_get_tsf
* Struck through repros no longer work on HEAD.