syzbot

 sign-in | mailing list | source | docs
🐞 Open [961] 🐞 Fixed [3806] 🐞 Invalid [8175] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING in ieee80211_check_rate_mask
Status: upstream: reported C repro on 2020/10/06 08:08
Reported-by: syzbot+be0e03ca215b06199629@syzkaller.appspotmail.com
First crash: 597d, last: 17d

Cause bisection: introduced by (bisect log) :
commit 983e1a6c95abf8058d26149a928578b720c77bce
Author: Nelson Chang <nelson.chang@mediatek.com>
Date: Thu Oct 6 11:44:02 2016 +0000

  net: ethernet: mediatek: get hw lro capability by the chip id instead of by the dtsi

Crash: WARNING in nf_unregister_net_hook (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in ieee80211_check_rate_mask C 1 29d 576d 0/1 upstream: reported C repro on 2020/10/27 07:51
linux-4.19 WARNING in ieee80211_check_rate_mask C error 2 223d 566d 0/1 upstream: reported C repro on 2020/11/06 04:49

Sample crash report:
netlink: 20 bytes leftover after parsing attributes in process `syz-executor401'.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8428 at net/mac80211/rate.c:282 ieee80211_check_rate_mask+0x18f/0x3a0 net/mac80211/rate.c:282
Modules linked in:
CPU: 1 PID: 8428 Comm: syz-executor401 Not tainted 5.11.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ieee80211_check_rate_mask+0x18f/0x3a0 net/mac80211/rate.c:282
Code: 44 89 e8 44 21 e0 74 26 e8 9e 02 96 f8 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 8a 02 96 f8 0f 0b eb e8 e8 81 02 96 f8 <0f> 0b eb df 0f 1f 44 00 00 e8 73 02 96 f8 48 81 c3 60 06 00 00 48
RSP: 0018:ffffc90000ec7860 EFLAGS: 00010293
RAX: ffffffff88e1c47f RBX: ffff8880136c4bc0 RCX: ffff88801f281bc0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff888028b53390 R08: ffffffff88e1c3b7 R09: ffffffff88e387cc
R10: 0000000000000002 R11: ffff88801f281bc0 R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888028b50c80
FS:  0000000001d71300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000200 CR3: 0000000021654000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ieee80211_change_bss+0x420/0x8c0 net/mac80211/cfg.c:2317
 rdev_change_bss net/wireless/rdev-ops.h:394 [inline]
 nl80211_set_bss+0x765/0xa50 net/wireless/nl80211.c:7091
 genl_family_rcv_msg_doit net/netlink/genetlink.c:739 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
 genl_rcv_msg+0xe4e/0x1280 net/netlink/genetlink.c:800
 netlink_rcv_skb+0x190/0x3a0 net/netlink/af_netlink.c:2494
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x786/0x940 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x9ae/0xd50 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x519/0x800 net/socket.c:2345
 ___sys_sendmsg net/socket.c:2399 [inline]
 __sys_sendmsg+0x2bf/0x370 net/socket.c:2432
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440939
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe308428d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000031 RCX: 0000000000440939
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004
RBP: 0000000000000003 R08: 0000000000000000 R09: 00007ffe30842908
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe30842930
R13: 00007ffe30842922 R14: 00000000004b7430 R15: 00000000004b73c0

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2022/05/09 12:53 upstream c5eb0a61238d e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2022/04/03 05:18 upstream be2d3ecedd99 e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2022/03/04 05:01 upstream 38f80f42147f e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2022/02/02 04:43 upstream 9f7fb8de5d9b e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2022/01/03 04:22 upstream c9e6606c7fe9 e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/12/04 04:03 upstream 12119cfa1052 e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/10/21 14:38 upstream 2f111a6fd5b5 e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/09/21 14:11 upstream d9fb678414c0 e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/08/22 08:42 upstream 9ff50bf2f2ff e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/07/22 21:50 upstream 9f42f674a892 e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/06/22 14:47 upstream a96bfed64c89 e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/05/23 08:26 upstream 4d7620341eda e6b95f32 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/04/23 07:32 upstream 18a3c5f7abfd e6b95f32 .config log report syz C
ci-upstream-net-this-kasan-gce 2021/01/15 23:51 net b7ba6cfabc42 d81b165e .config log report syz C
ci-upstream-net-this-kasan-gce 2020/12/16 09:02 net 3db1a3fa9880 d81b165e .config log report syz C
ci-upstream-net-this-kasan-gce 2020/11/08 23:25 net 4e0396c59559 d81b165e .config log report syz C
Crashes (17):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2021/02/02 02:22 upstream 1048ba83fb1c e6b95f32 .config log report syz C WARNING in ieee80211_check_rate_mask
ci-upstream-kasan-gce-root 2021/01/24 14:01 upstream e1ae4b0be158 52e37319 .config log report syz C WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2020/10/09 19:28 net 3fdd47c3b40a d81b165e .config log report syz C
ci-upstream-net-kasan-gce 2020/10/06 02:46 net-next c2568c8c9e63 1880b4a9 .config log report syz C
ci-upstream-net-this-kasan-gce 2021/11/04 03:44 net 92f62485b371 4c1be0be .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/10/31 09:51 net 6de6e46d27ef 098b5d53 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/10/29 15:24 net 411a44c24a56 2353a3ec .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/24 07:13 net 6ab4c3117aec e613994b .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/21 18:43 net 87d77e59d1eb bea32f74 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/16 06:47 net 13832ae27553 fdb2bb2c .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/14 12:48 net ad236ccde19a 4a003785 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/12 14:01 net 7a1468ba0e02 429d8a6b .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/11 23:43 net 47142ed6c34d 429d8a6b .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/08 01:41 net 9270bbe258c8 09fbf400 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/03/04 23:51 net d93ef301644e 9d751681 .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-this-kasan-gce 2021/02/11 11:35 net 1bcc51ac0731 a52ee10a .config log report info WARNING in ieee80211_check_rate_mask
ci-upstream-net-kasan-gce 2021/02/18 09:53 net-next 38b5133ad607 14052202 .config log report info WARNING in ieee80211_check_rate_mask