syzbot

 sign-in | mailing list | source | docs
🐞 Open [950] 🐞 Fixed [4020] 🐞 Invalid [8931] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING in ieee80211_check_rate_mask

Status: upstream: reported C repro on 2020/10/06 08:08
Reported-by: syzbot+be0e03ca215b06199629@syzkaller.appspotmail.com
First crash: 722d, last: 75d

Cause bisection: introduced by (bisect log) :
commit 983e1a6c95abf8058d26149a928578b720c77bce
Author: Nelson Chang <nelson.chang@mediatek.com>
Date: Thu Oct 6 11:44:02 2016 +0000

  net: ethernet: mediatek: get hw lro capability by the chip id instead of by the dtsi

Crash: WARNING in nf_unregister_net_hook (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):
  1048ba83fb1c Linux 5.11-rc6
  3cc40a443a04 Merge tag 'nios2_fixes_v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in ieee80211_check_rate_mask C 1 34d 701d 0/1 upstream: reported C repro on 2020/10/27 07:51
linux-4.19 WARNING in ieee80211_check_rate_mask C error 2 348d 691d 0/1 upstream: reported C repro on 2020/11/06 04:49

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3667 at net/mac80211/rate.c:282 ieee80211_check_rate_mask+0x2b3/0x370 net/mac80211/rate.c:282
Modules linked in:
CPU: 0 PID: 3667 Comm: syz-executor706 Not tainted 5.19.0-rc6-syzkaller-00115-g4a57a8400075 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
RIP: 0010:ieee80211_check_rate_mask+0x2b3/0x370 net/mac80211/rate.c:282
Code: 00 42 89 ac a3 08 0d 00 00 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 ab 5a b4 f8 e8 a6 5a b4 f8 0f 0b eb e4 e8 9d 5a b4 f8 <0f> 0b eb db e8 b4 75 00 f9 e9 f2 fd ff ff 48 89 ef e8 a7 75 00 f9
RSP: 0018:ffffc90002d8f4a8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88801e520c80 RCX: 0000000000000000
RDX: ffff88801eb70040 RSI: ffffffff88c54093 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000020
R13: 0000000000000000 R14: ffff88801e520c80 R15: 0000000000000000
FS:  0000555555f30300(0000) GS:ffff88802c800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000200 CR3: 00000000243a1000 CR4: 0000000000150ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ieee80211_change_bss+0x524/0xc20 net/mac80211/cfg.c:2478
 rdev_change_bss net/wireless/rdev-ops.h:394 [inline]
 nl80211_set_bss+0x769/0xc00 net/wireless/nl80211.c:7517
 genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:731
 genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
 genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:792
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2501
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x917/0xe10 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:734
 ____sys_sendmsg+0x6eb/0x810 net/socket.c:2488
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2542
 __sys_sendmsg net/socket.c:2571 [inline]
 __do_sys_sendmsg net/socket.c:2580 [inline]
 __se_sys_sendmsg net/socket.c:2578 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2578
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7dbf2abe39
Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd2e23d6c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7dbf2abe39
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004
RBP: 00007f7dbf26f8a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7dbf26f930
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

Crashes (18):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-qemu-upstream 2022/07/15 06:50 upstream 4a57a8400075 5d921b08 .config log report syz C WARNING in ieee80211_check_rate_mask
ci-upstream-kasan-gce-smack-root 2021/02/02 02:22 upstream 1048ba83fb1c e6b95f32 .config log report syz C WARNING in ieee80211_check_rate_mask
ci-upstream-kasan-gce-root 2021/01/24 14:01 upstream e1ae4b0be158 52e37319 .config log report syz C WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2020/10/09 19:28 net 3fdd47c3b40a d81b165e .config log report syz C
ci-upstream-net-kasan-gce 2020/10/06 02:46 net-next c2568c8c9e63 1880b4a9 .config log report syz C
ci-upstream-net-this-kasan-gce 2021/11/04 03:44 net 92f62485b371 4c1be0be .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/10/31 09:51 net 6de6e46d27ef 098b5d53 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/10/29 15:24 net 411a44c24a56 2353a3ec .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/24 07:13 net 6ab4c3117aec e613994b .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/21 18:43 net 87d77e59d1eb bea32f74 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/16 06:47 net 13832ae27553 fdb2bb2c .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/14 12:48 net ad236ccde19a 4a003785 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/12 14:01 net 7a1468ba0e02 429d8a6b .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/11 23:43 net 47142ed6c34d 429d8a6b .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/08 01:41 net 9270bbe258c8 09fbf400 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/04 23:51 net d93ef301644e 9d751681 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/02/11 11:35 net 1bcc51ac0731 a52ee10a .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-kasan-gce 2021/02/18 09:53 net-next 38b5133ad607 14052202 .config log report info WARNING in ieee80211_check_rate_mask
* Struck through repros no longer work on HEAD.