syzbot

 sign-in | mailing list | source | docs
🐞 Open [955] Subsystems 🐞 Fixed [4575] 🐞 Invalid [10562] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in drv_remove_interface

Status: upstream: reported C repro on 2020/10/12 13:21
Labels: wireless (incorrect?)
Reported-by: syzbot+2e5c1e55b9e5c28a3da7@syzkaller.appspotmail.com
First crash: 971d, last: 58d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: WARNING in drv_remove_interface (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):
  92bf22614b21 Linux 5.11-rc7
  568035b01cfb Linux 6.0-rc1
Discussions (1)
Title Replies (including bot) Last reply
WARNING in drv_remove_interface 0 (1) 2020/10/12 13:21
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in drv_remove_interface C error 1 469d 954d 0/1 upstream: reported C repro on 2020/10/29 13:01
linux-4.19 WARNING in drv_remove_interface C error 1 628d 944d 0/1 upstream: reported C repro on 2020/11/08 17:06
Last patch testing requests (5)
Created Duration User Patch Repo Result
2023/04/13 17:11 13m retest repro upstream report log
2023/01/29 07:32 9m retest repro upstream error
2023/01/29 07:32 24m retest repro net-old OK log
2022/10/21 03:30 12m retest repro upstream report log
2022/10/20 19:30 18m retest repro upstream OK log

Sample crash report:
------------[ cut here ]------------
wlan0: Failed check-sdata-in-driver check, flags: 0x0
WARNING: CPU: 0 PID: 8423 at net/mac80211/driver-ops.c:97 drv_remove_interface+0x14c/0x190 net/mac80211/driver-ops.c:97
Modules linked in:
CPU: 0 PID: 8423 Comm: syz-executor091 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:drv_remove_interface+0x14c/0x190 net/mac80211/driver-ops.c:97
Code: df f8 49 8b 87 40 06 00 00 49 81 c7 60 06 00 00 48 85 c0 4c 0f 45 f8 48 c7 c7 60 88 ef 8a 4c 89 fe 89 ea 31 c0 e8 e4 5c 6b f8 <0f> 0b e9 22 ff ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c e8 fe
RSP: 0018:ffffc9000d957a70 EFLAGS: 00010246
RAX: 84e78f97573d2f00 RBX: 1ffff110039a0242 RCX: ffff8880208d1bc0
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff815fb522 R09: ffffed10173860b8
R10: ffffed10173860b8 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88801cd01210 R14: ffff88801ccd8c80 R15: ffff88801cd00000
FS:  00007f570de37700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f570de36278 CR3: 0000000021ca8000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ieee80211_do_stop+0x1880/0x1e90 net/mac80211/iface.c:613
 ieee80211_stop+0x1d/0x30 net/mac80211/iface.c:640
 __dev_close_many+0x2b2/0x390 net/core/dev.c:1612
 __dev_close net/core/dev.c:1624 [inline]
 __dev_change_flags+0x2fe/0x6f0 net/core/dev.c:8476
 dev_change_flags+0x85/0x190 net/core/dev.c:8549
 devinet_ioctl+0x908/0x1df0 net/ipv4/devinet.c:1142
 inet_ioctl+0x240/0x2e0 net/ipv4/af_inet.c:967
 sock_do_ioctl+0x7b/0x260 net/socket.c:1037
 sock_ioctl+0x416/0x5f0 net/socket.c:1177
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x446549
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f570de372f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004cc440 RCX: 0000000000446549
RDX: 0000000020001000 RSI: 0000000000008914 RDI: 0000000000000003
RBP: 000000000049bff8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0031313230386c6e
R13: 1102080006000a00 R14: 0003005296000000 R15: 00000000004cc448

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2021/02/08 18:13 upstream 92bf22614b21 2ce644fc .config console log report syz C ci-upstream-kasan-gce-smack-root WARNING in drv_remove_interface
2021/03/28 03:29 linux-next 931294922e65 a8529b82 .config console log report syz C ci-upstream-linux-next-kasan-gce-root WARNING in drv_remove_interface
2021/02/10 20:15 upstream e0756cfc7d7c 2bd9619f .config console log report syz ci-upstream-kasan-gce-selinux-root WARNING in drv_remove_interface
2020/11/24 02:48 upstream 418baf2c28f3 878fb17a .config console log report syz C ci-upstream-kasan-gce-386
2020/10/12 07:36 net-old 874fb9e2ca94 4a77ae0b .config console log report syz C ci-upstream-net-this-kasan-gce
* Struck through repros no longer work on HEAD.