[v6.1] WARNING in __dev_queue_xmit
1 view
Skip to first unread message
syzbot
Jul 8, 2024, 6:37:21 AM7/8/24
Hello,
syzbot found the following issue on:
HEAD commit: 7753af06eebf Linux 6.1.97
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=132daca5980000
kernel config: https://syzkaller.appspot.com/x/.config?x=78e64da4b97e4023
dashboard link: https://syzkaller.appspot.com/bug?extid=2cd4c66288967dfe3e09
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/941bb1b32077/disk-7753af06.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1ab5906b0f1d/vmlinux-7753af06.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f5748e8c024d/Image-7753af06.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
netlink: 8 bytes leftover after parsing attributes in process `syz.3.242'.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5001 at kernel/softirq.c:376 __local_bh_enable_ip+0x28c/0x470 kernel/softirq.c:376
Modules linked in:
CPU: 0 PID: 5001 Comm: syz.3.242 Not tainted 6.1.97-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __local_bh_enable_ip+0x28c/0x470 kernel/softirq.c:376
lr : local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33
sp : ffff80001e326d40
x29: ffff80001e326d50 x28: ffff0000cbf371b0 x27: ffff0000d50ba800
x26: dfff800000000000 x25: ffff8000157c8280 x24: 0000000000000000
x23: 1fffe0001acef379 x22: dfff800000000000 x21: ffff8000104563f4
x20: 0000000000000200 x19: ffff0000d6779bc8 x18: ffff80001e3265a0
x17: ffff8000188f0000 x16: ffff8000081c6e98 x15: ffff800008a8d004
x14: ffff8000103cd090 x13: ffff80001216af8c x12: 0000000000040000
x11: 0000000000036c83 x10: ffff800022a19000 x9 : 0000000000000000
x8 : 0000000100000201 x7 : ffff800008061c64 x6 : ffff800008061e74
x5 : ffff0000d8d85298 x4 : ffff80001e326a40 x3 : ffff80000831ee7c
x2 : 0000000000000001 x1 : 0000000000000200 x0 : ffff8000104563f4
Call trace:
__local_bh_enable_ip+0x28c/0x470 kernel/softirq.c:376
local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33
rcu_read_unlock_bh include/linux/rcupdate.h:861 [inline]
__dev_queue_xmit+0x1a68/0x38d8 net/core/dev.c:4320
dev_queue_xmit include/linux/netdevice.h:3021 [inline]
__netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]
__netlink_deliver_tap+0x464/0x6e4 net/netlink/af_netlink.c:325
netlink_deliver_tap+0x1ac/0x1b0 net/netlink/af_netlink.c:338
__netlink_sendskb net/netlink/af_netlink.c:1270 [inline]
netlink_broadcast_deliver net/netlink/af_netlink.c:1403 [inline]
do_one_broadcast net/netlink/af_netlink.c:1481 [inline]
netlink_broadcast+0x9bc/0xff4 net/netlink/af_netlink.c:1521
nlmsg_multicast include/net/netlink.h:1071 [inline]
genlmsg_multicast_netns+0xa8/0xf0 include/net/genetlink.h:333
nl80211_frame_tx_status+0x7c8/0xe54 net/wireless/nl80211.c:18599
cfg80211_mgmt_tx_status_ext+0x38/0x4c net/wireless/nl80211.c:18626
ieee80211_report_ack_skb net/mac80211/status.c:680 [inline]
ieee80211_report_used_skb+0x1258/0x17b4 net/mac80211/status.c:763
ieee80211_free_txskb+0x30/0x4c net/mac80211/status.c:1284
ieee80211_do_stop+0xe88/0x1994 net/mac80211/iface.c:646
ieee80211_runtime_change_iftype net/mac80211/iface.c:1905 [inline]
ieee80211_if_change_type+0x478/0xcf4 net/mac80211/iface.c:1943
ieee80211_change_iface+0x6c/0x418 net/mac80211/cfg.c:217
rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline]
cfg80211_change_iface+0x758/0x100c net/wireless/util.c:1084
cfg80211_wext_siwmode net/wireless/wext-compat.c:66 [inline]
__cfg80211_wext_siwmode+0x184/0x240 net/wireless/wext-compat.c:1599
ioctl_standard_call+0xe8/0x264 net/wireless/wext-core.c:1026
wext_ioctl_dispatch+0x16c/0x3ec net/wireless/wext-core.c:997
wext_handle_ioctl+0x1f8/0x3f4 net/wireless/wext-core.c:1058
sock_ioctl+0x140/0x858 net/socket.c:1255
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2727
hardirqs last enabled at (2725): [<ffff80001224ebbc>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (2725): [<ffff80001224ebbc>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (2726): [<ffff80001224e9d8>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (2726): [<ffff80001224e9d8>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (2680): [<ffff800011a441f4>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (2680): [<ffff800011a441f4>] netif_addr_unlock_bh include/linux/netdevice.h:4467 [inline]
softirqs last enabled at (2680): [<ffff800011a441f4>] ieee80211_do_stop+0x504/0x1994 net/mac80211/iface.c:521
softirqs last disabled at (2727): [<ffff8000104563c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
================================
WARNING: inconsistent lock state
6.1.97-syzkaller #0 Tainted: G W
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz.3.242/5001 [HC0[0]:SC0[0]:HE0:SE1] takes:
ffff0000cbb794f8 (&local->queue_stop_reason_lock){+.?.}-{2:2}, at: ieee80211_do_stop+0xcf0/0x1994 net/mac80211/iface.c:640
{IN-SOFTIRQ-W} state was registered at:
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
ieee80211_tx_frags+0x138/0x700 net/mac80211/tx.c:1721
__ieee80211_tx+0x1b0/0x40c net/mac80211/tx.c:1820
ieee80211_tx+0x2c4/0x400 net/mac80211/tx.c:2000
ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2092
__ieee80211_subif_start_xmit+0xc84/0x2af4 net/mac80211/tx.c:4265
ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4457
__netdev_start_xmit include/linux/netdevice.h:4853 [inline]
netdev_start_xmit include/linux/netdevice.h:4867 [inline]
xmit_one net/core/dev.c:3627 [inline]
dev_hard_start_xmit+0x25c/0x9a4 net/core/dev.c:3643
sch_direct_xmit+0x234/0x548 net/sched/sch_generic.c:342
__dev_xmit_skb net/core/dev.c:3854 [inline]
__dev_queue_xmit+0x1658/0x38d8 net/core/dev.c:4259
dev_queue_xmit include/linux/netdevice.h:3021 [inline]
neigh_hh_output include/net/neighbour.h:528 [inline]
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0xd8c/0x1aa8 net/ipv6/ip6_output.c:134
__ip6_finish_output net/ipv6/ip6_output.c:201 [inline]
ip6_finish_output+0x5a4/0x940 net/ipv6/ip6_output.c:212
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x274/0x594 net/ipv6/ip6_output.c:233
dst_output include/net/dst.h:444 [inline]
NF_HOOK include/linux/netfilter.h:302 [inline]
ndisc_send_skb+0xc38/0x179c net/ipv6/ndisc.c:509
ndisc_send_rs+0x47c/0x5d4 net/ipv6/ndisc.c:719
addrconf_rs_timer+0x300/0x58c net/ipv6/addrconf.c:3962
call_timer_fn+0x1c0/0xa1c kernel/time/timer.c:1504
expire_timers kernel/time/timer.c:1549 [inline]
__run_timers+0x554/0x718 kernel/time/timer.c:1820
run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1833
handle_softirqs+0x318/0xd58 kernel/softirq.c:571
__do_softirq+0x14/0x20 kernel/softirq.c:605
____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:893
do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0x264/0x4d4 kernel/softirq.c:654
irq_exit_rcu+0x14/0x84 kernel/softirq.c:666
__el1_irq arch/arm64/kernel/entry-common.c:472 [inline]
el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:486
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:581
arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
raw_spin_rq_unlock_irq kernel/sched/sched.h:1366 [inline]
finish_lock_switch+0xc4/0x1e8 kernel/sched/core.c:5004
finish_task_switch+0x120/0x624 kernel/sched/core.c:5122
context_switch kernel/sched/core.c:5248 [inline]
__schedule+0xee8/0x1c98 kernel/sched/core.c:6558
preempt_schedule_notrace+0xc4/0x1a8 kernel/sched/core.c:6820
rcu_is_watching+0x10c/0x18c kernel/rcu/tree.c:722
trace_lock_release include/trace/events/lock.h:69 [inline]
lock_release+0x108/0xa50 kernel/locking/lockdep.c:5673
__might_fault+0xf0/0x124 mm/memory.c:5835
____sys_recvmsg+0x408/0x69c net/socket.c:2754
___sys_recvmsg net/socket.c:2775 [inline]
do_recvmmsg+0x41c/0xb60 net/socket.c:2869
__sys_recvmmsg net/socket.c:2948 [inline]
__do_sys_recvmmsg net/socket.c:2971 [inline]
__se_sys_recvmmsg net/socket.c:2964 [inline]
__arm64_sys_recvmmsg+0x180/0x23c net/socket.c:2964
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2728
hardirqs last enabled at (2725): [<ffff80001224ebbc>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (2725): [<ffff80001224ebbc>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (2726): [<ffff80001224e9d8>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (2726): [<ffff80001224e9d8>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (2728): [<ffff8000104563f4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2727): [<ffff8000104563c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&local->queue_stop_reason_lock);
<Interrupt>
lock(&local->queue_stop_reason_lock);
*** DEADLOCK ***
5 locks held by syz.3.242/5001:
#0: ffff800017e420c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:74
#1: ffff0000cbb787c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5639 [inline]
#1: ffff0000cbb787c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wext_siwmode net/wireless/wext-compat.c:65 [inline]
#1: ffff0000cbb787c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: __cfg80211_wext_siwmode+0x170/0x240 net/wireless/wext-compat.c:1599
#2: ffff0000cbb794f8 (&local->queue_stop_reason_lock){+.?.}-{2:2}, at: ieee80211_do_stop+0xcf0/0x1994 net/mac80211/iface.c:640
#3: ffff800015a34ce0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
#4: ffff800015a34ce0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
stack backtrace:
CPU: 0 PID: 5001 Comm: syz.3.242 Tainted: G W 6.1.97-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
print_usage_bug+0x654/0x9b0 kernel/locking/lockdep.c:3957
mark_lock_irq+0x980/0xd2c
mark_lock+0x258/0x360 kernel/locking/lockdep.c:4628
mark_held_locks kernel/locking/lockdep.c:4230 [inline]
__trace_hardirqs_on_caller kernel/locking/lockdep.c:4256 [inline]
lockdep_hardirqs_on_prepare+0x3e8/0x874 kernel/locking/lockdep.c:4315
trace_hardirqs_on+0x184/0x2d4 kernel/trace/trace_preemptirq.c:49
__local_bh_enable_ip+0x230/0x470 kernel/softirq.c:401
local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33
rcu_read_unlock_bh include/linux/rcupdate.h:861 [inline]
__dev_queue_xmit+0x1a68/0x38d8 net/core/dev.c:4320
dev_queue_xmit include/linux/netdevice.h:3021 [inline]
__netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]
__netlink_deliver_tap+0x464/0x6e4 net/netlink/af_netlink.c:325
netlink_deliver_tap+0x1ac/0x1b0 net/netlink/af_netlink.c:338
__netlink_sendskb net/netlink/af_netlink.c:1270 [inline]
netlink_broadcast_deliver net/netlink/af_netlink.c:1403 [inline]
do_one_broadcast net/netlink/af_netlink.c:1481 [inline]
netlink_broadcast+0x9bc/0xff4 net/netlink/af_netlink.c:1521
nlmsg_multicast include/net/netlink.h:1071 [inline]
genlmsg_multicast_netns+0xa8/0xf0 include/net/genetlink.h:333
nl80211_frame_tx_status+0x7c8/0xe54 net/wireless/nl80211.c:18599
cfg80211_mgmt_tx_status_ext+0x38/0x4c net/wireless/nl80211.c:18626
ieee80211_report_ack_skb net/mac80211/status.c:680 [inline]
ieee80211_report_used_skb+0x1258/0x17b4 net/mac80211/status.c:763
ieee80211_free_txskb+0x30/0x4c net/mac80211/status.c:1284
ieee80211_do_stop+0xe88/0x1994 net/mac80211/iface.c:646
ieee80211_runtime_change_iftype net/mac80211/iface.c:1905 [inline]
ieee80211_if_change_type+0x478/0xcf4 net/mac80211/iface.c:1943
ieee80211_change_iface+0x6c/0x418 net/mac80211/cfg.c:217
rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline]
cfg80211_change_iface+0x758/0x100c net/wireless/util.c:1084
cfg80211_wext_siwmode net/wireless/wext-compat.c:66 [inline]
__cfg80211_wext_siwmode+0x184/0x240 net/wireless/wext-compat.c:1599
ioctl_standard_call+0xe8/0x264 net/wireless/wext-core.c:1026
wext_ioctl_dispatch+0x16c/0x3ec net/wireless/wext-core.c:997
wext_handle_ioctl+0x1f8/0x3f4 net/wireless/wext-core.c:1058
sock_ioctl+0x140/0x858 net/socket.c:1255
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
------------[ cut here ]------------
raw_local_irq_restore() called with IRQs enabled
WARNING: CPU: 0 PID: 5001 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x38/0x40 kernel/locking/irqflag-debug.c:10
Modules linked in:
CPU: 0 PID: 5001 Comm: syz.3.242 Tainted: G W 6.1.97-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : warn_bogus_irq_restore+0x38/0x40 kernel/locking/irqflag-debug.c:10
lr : warn_bogus_irq_restore+0x38/0x40 kernel/locking/irqflag-debug.c:10
sp : ffff80001e327590
x29: ffff80001e327590 x28: ffff0000cbb7a060 x27: dfff800000000000
x26: 0000000000000058 x25: 000000000000000f x24: 0000000000000010
x23: ffff0000ee23e798 x22: 000000000000000f x21: 000000000000000f
x20: ffff0000cbb794e0 x19: 0000000000000000 x18: ffff80001e3265a0
x17: 0000000000000000 x16: ffff8000120bd140 x15: 0000000000000002
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000040000
x11: 000000000003ffff x10: ffff800022a19000 x9 : f31f60c5ac5c4000
x8 : f31f60c5ac5c4000 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001e326e78 x4 : ffff800015942b20 x3 : ffff80000834ee14
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
warn_bogus_irq_restore+0x38/0x40 kernel/locking/irqflag-debug.c:10
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
_raw_spin_unlock_irqrestore+0xa0/0xac kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
ieee80211_do_stop+0xfac/0x1994 net/mac80211/iface.c:650
ieee80211_runtime_change_iftype net/mac80211/iface.c:1905 [inline]
ieee80211_if_change_type+0x478/0xcf4 net/mac80211/iface.c:1943
ieee80211_change_iface+0x6c/0x418 net/mac80211/cfg.c:217
rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline]
cfg80211_change_iface+0x758/0x100c net/wireless/util.c:1084
cfg80211_wext_siwmode net/wireless/wext-compat.c:66 [inline]
__cfg80211_wext_siwmode+0x184/0x240 net/wireless/wext-compat.c:1599
ioctl_standard_call+0xe8/0x264 net/wireless/wext-core.c:1026
wext_ioctl_dispatch+0x16c/0x3ec net/wireless/wext-core.c:997
wext_handle_ioctl+0x1f8/0x3f4 net/wireless/wext-core.c:1058
sock_ioctl+0x140/0x858 net/socket.c:1255
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2728
hardirqs last enabled at (2725): [<ffff80001224ebbc>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (2725): [<ffff80001224ebbc>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (2726): [<ffff80001224e9d8>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (2726): [<ffff80001224e9d8>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (2728): [<ffff8000104563f4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2727): [<ffff8000104563c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7753af06eebf Linux 6.1.97
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=132daca5980000
kernel config: https://syzkaller.appspot.com/x/.config?x=78e64da4b97e4023
dashboard link: https://syzkaller.appspot.com/bug?extid=2cd4c66288967dfe3e09
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/941bb1b32077/disk-7753af06.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1ab5906b0f1d/vmlinux-7753af06.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f5748e8c024d/Image-7753af06.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
netlink: 8 bytes leftover after parsing attributes in process `syz.3.242'.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5001 at kernel/softirq.c:376 __local_bh_enable_ip+0x28c/0x470 kernel/softirq.c:376
Modules linked in:
CPU: 0 PID: 5001 Comm: syz.3.242 Not tainted 6.1.97-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __local_bh_enable_ip+0x28c/0x470 kernel/softirq.c:376
lr : local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33
sp : ffff80001e326d40
x29: ffff80001e326d50 x28: ffff0000cbf371b0 x27: ffff0000d50ba800
x26: dfff800000000000 x25: ffff8000157c8280 x24: 0000000000000000
x23: 1fffe0001acef379 x22: dfff800000000000 x21: ffff8000104563f4
x20: 0000000000000200 x19: ffff0000d6779bc8 x18: ffff80001e3265a0
x17: ffff8000188f0000 x16: ffff8000081c6e98 x15: ffff800008a8d004
x14: ffff8000103cd090 x13: ffff80001216af8c x12: 0000000000040000
x11: 0000000000036c83 x10: ffff800022a19000 x9 : 0000000000000000
x8 : 0000000100000201 x7 : ffff800008061c64 x6 : ffff800008061e74
x5 : ffff0000d8d85298 x4 : ffff80001e326a40 x3 : ffff80000831ee7c
x2 : 0000000000000001 x1 : 0000000000000200 x0 : ffff8000104563f4
Call trace:
__local_bh_enable_ip+0x28c/0x470 kernel/softirq.c:376
local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33
rcu_read_unlock_bh include/linux/rcupdate.h:861 [inline]
__dev_queue_xmit+0x1a68/0x38d8 net/core/dev.c:4320
dev_queue_xmit include/linux/netdevice.h:3021 [inline]
__netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]
__netlink_deliver_tap+0x464/0x6e4 net/netlink/af_netlink.c:325
netlink_deliver_tap+0x1ac/0x1b0 net/netlink/af_netlink.c:338
__netlink_sendskb net/netlink/af_netlink.c:1270 [inline]
netlink_broadcast_deliver net/netlink/af_netlink.c:1403 [inline]
do_one_broadcast net/netlink/af_netlink.c:1481 [inline]
netlink_broadcast+0x9bc/0xff4 net/netlink/af_netlink.c:1521
nlmsg_multicast include/net/netlink.h:1071 [inline]
genlmsg_multicast_netns+0xa8/0xf0 include/net/genetlink.h:333
nl80211_frame_tx_status+0x7c8/0xe54 net/wireless/nl80211.c:18599
cfg80211_mgmt_tx_status_ext+0x38/0x4c net/wireless/nl80211.c:18626
ieee80211_report_ack_skb net/mac80211/status.c:680 [inline]
ieee80211_report_used_skb+0x1258/0x17b4 net/mac80211/status.c:763
ieee80211_free_txskb+0x30/0x4c net/mac80211/status.c:1284
ieee80211_do_stop+0xe88/0x1994 net/mac80211/iface.c:646
ieee80211_runtime_change_iftype net/mac80211/iface.c:1905 [inline]
ieee80211_if_change_type+0x478/0xcf4 net/mac80211/iface.c:1943
ieee80211_change_iface+0x6c/0x418 net/mac80211/cfg.c:217
rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline]
cfg80211_change_iface+0x758/0x100c net/wireless/util.c:1084
cfg80211_wext_siwmode net/wireless/wext-compat.c:66 [inline]
__cfg80211_wext_siwmode+0x184/0x240 net/wireless/wext-compat.c:1599
ioctl_standard_call+0xe8/0x264 net/wireless/wext-core.c:1026
wext_ioctl_dispatch+0x16c/0x3ec net/wireless/wext-core.c:997
wext_handle_ioctl+0x1f8/0x3f4 net/wireless/wext-core.c:1058
sock_ioctl+0x140/0x858 net/socket.c:1255
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2727
hardirqs last enabled at (2725): [<ffff80001224ebbc>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (2725): [<ffff80001224ebbc>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (2726): [<ffff80001224e9d8>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (2726): [<ffff80001224e9d8>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (2680): [<ffff800011a441f4>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (2680): [<ffff800011a441f4>] netif_addr_unlock_bh include/linux/netdevice.h:4467 [inline]
softirqs last enabled at (2680): [<ffff800011a441f4>] ieee80211_do_stop+0x504/0x1994 net/mac80211/iface.c:521
softirqs last disabled at (2727): [<ffff8000104563c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
================================
WARNING: inconsistent lock state
6.1.97-syzkaller #0 Tainted: G W
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
syz.3.242/5001 [HC0[0]:SC0[0]:HE0:SE1] takes:
ffff0000cbb794f8 (&local->queue_stop_reason_lock){+.?.}-{2:2}, at: ieee80211_do_stop+0xcf0/0x1994 net/mac80211/iface.c:640
{IN-SOFTIRQ-W} state was registered at:
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
ieee80211_tx_frags+0x138/0x700 net/mac80211/tx.c:1721
__ieee80211_tx+0x1b0/0x40c net/mac80211/tx.c:1820
ieee80211_tx+0x2c4/0x400 net/mac80211/tx.c:2000
ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2092
__ieee80211_subif_start_xmit+0xc84/0x2af4 net/mac80211/tx.c:4265
ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4457
__netdev_start_xmit include/linux/netdevice.h:4853 [inline]
netdev_start_xmit include/linux/netdevice.h:4867 [inline]
xmit_one net/core/dev.c:3627 [inline]
dev_hard_start_xmit+0x25c/0x9a4 net/core/dev.c:3643
sch_direct_xmit+0x234/0x548 net/sched/sch_generic.c:342
__dev_xmit_skb net/core/dev.c:3854 [inline]
__dev_queue_xmit+0x1658/0x38d8 net/core/dev.c:4259
dev_queue_xmit include/linux/netdevice.h:3021 [inline]
neigh_hh_output include/net/neighbour.h:528 [inline]
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0xd8c/0x1aa8 net/ipv6/ip6_output.c:134
__ip6_finish_output net/ipv6/ip6_output.c:201 [inline]
ip6_finish_output+0x5a4/0x940 net/ipv6/ip6_output.c:212
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x274/0x594 net/ipv6/ip6_output.c:233
dst_output include/net/dst.h:444 [inline]
NF_HOOK include/linux/netfilter.h:302 [inline]
ndisc_send_skb+0xc38/0x179c net/ipv6/ndisc.c:509
ndisc_send_rs+0x47c/0x5d4 net/ipv6/ndisc.c:719
addrconf_rs_timer+0x300/0x58c net/ipv6/addrconf.c:3962
call_timer_fn+0x1c0/0xa1c kernel/time/timer.c:1504
expire_timers kernel/time/timer.c:1549 [inline]
__run_timers+0x554/0x718 kernel/time/timer.c:1820
run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1833
handle_softirqs+0x318/0xd58 kernel/softirq.c:571
__do_softirq+0x14/0x20 kernel/softirq.c:605
____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:893
do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0x264/0x4d4 kernel/softirq.c:654
irq_exit_rcu+0x14/0x84 kernel/softirq.c:666
__el1_irq arch/arm64/kernel/entry-common.c:472 [inline]
el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:486
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:581
arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
raw_spin_rq_unlock_irq kernel/sched/sched.h:1366 [inline]
finish_lock_switch+0xc4/0x1e8 kernel/sched/core.c:5004
finish_task_switch+0x120/0x624 kernel/sched/core.c:5122
context_switch kernel/sched/core.c:5248 [inline]
__schedule+0xee8/0x1c98 kernel/sched/core.c:6558
preempt_schedule_notrace+0xc4/0x1a8 kernel/sched/core.c:6820
rcu_is_watching+0x10c/0x18c kernel/rcu/tree.c:722
trace_lock_release include/trace/events/lock.h:69 [inline]
lock_release+0x108/0xa50 kernel/locking/lockdep.c:5673
__might_fault+0xf0/0x124 mm/memory.c:5835
____sys_recvmsg+0x408/0x69c net/socket.c:2754
___sys_recvmsg net/socket.c:2775 [inline]
do_recvmmsg+0x41c/0xb60 net/socket.c:2869
__sys_recvmmsg net/socket.c:2948 [inline]
__do_sys_recvmmsg net/socket.c:2971 [inline]
__se_sys_recvmmsg net/socket.c:2964 [inline]
__arm64_sys_recvmmsg+0x180/0x23c net/socket.c:2964
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2728
hardirqs last enabled at (2725): [<ffff80001224ebbc>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (2725): [<ffff80001224ebbc>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (2726): [<ffff80001224e9d8>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (2726): [<ffff80001224e9d8>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (2728): [<ffff8000104563f4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2727): [<ffff8000104563c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&local->queue_stop_reason_lock);
<Interrupt>
lock(&local->queue_stop_reason_lock);
*** DEADLOCK ***
5 locks held by syz.3.242/5001:
#0: ffff800017e420c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:74
#1: ffff0000cbb787c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5639 [inline]
#1: ffff0000cbb787c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wext_siwmode net/wireless/wext-compat.c:65 [inline]
#1: ffff0000cbb787c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: __cfg80211_wext_siwmode+0x170/0x240 net/wireless/wext-compat.c:1599
#2: ffff0000cbb794f8 (&local->queue_stop_reason_lock){+.?.}-{2:2}, at: ieee80211_do_stop+0xcf0/0x1994 net/mac80211/iface.c:640
#3: ffff800015a34ce0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
#4: ffff800015a34ce0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
stack backtrace:
CPU: 0 PID: 5001 Comm: syz.3.242 Tainted: G W 6.1.97-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
print_usage_bug+0x654/0x9b0 kernel/locking/lockdep.c:3957
mark_lock_irq+0x980/0xd2c
mark_lock+0x258/0x360 kernel/locking/lockdep.c:4628
mark_held_locks kernel/locking/lockdep.c:4230 [inline]
__trace_hardirqs_on_caller kernel/locking/lockdep.c:4256 [inline]
lockdep_hardirqs_on_prepare+0x3e8/0x874 kernel/locking/lockdep.c:4315
trace_hardirqs_on+0x184/0x2d4 kernel/trace/trace_preemptirq.c:49
__local_bh_enable_ip+0x230/0x470 kernel/softirq.c:401
local_bh_enable+0x28/0x34 include/linux/bottom_half.h:33
rcu_read_unlock_bh include/linux/rcupdate.h:861 [inline]
__dev_queue_xmit+0x1a68/0x38d8 net/core/dev.c:4320
dev_queue_xmit include/linux/netdevice.h:3021 [inline]
__netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]
__netlink_deliver_tap+0x464/0x6e4 net/netlink/af_netlink.c:325
netlink_deliver_tap+0x1ac/0x1b0 net/netlink/af_netlink.c:338
__netlink_sendskb net/netlink/af_netlink.c:1270 [inline]
netlink_broadcast_deliver net/netlink/af_netlink.c:1403 [inline]
do_one_broadcast net/netlink/af_netlink.c:1481 [inline]
netlink_broadcast+0x9bc/0xff4 net/netlink/af_netlink.c:1521
nlmsg_multicast include/net/netlink.h:1071 [inline]
genlmsg_multicast_netns+0xa8/0xf0 include/net/genetlink.h:333
nl80211_frame_tx_status+0x7c8/0xe54 net/wireless/nl80211.c:18599
cfg80211_mgmt_tx_status_ext+0x38/0x4c net/wireless/nl80211.c:18626
ieee80211_report_ack_skb net/mac80211/status.c:680 [inline]
ieee80211_report_used_skb+0x1258/0x17b4 net/mac80211/status.c:763
ieee80211_free_txskb+0x30/0x4c net/mac80211/status.c:1284
ieee80211_do_stop+0xe88/0x1994 net/mac80211/iface.c:646
ieee80211_runtime_change_iftype net/mac80211/iface.c:1905 [inline]
ieee80211_if_change_type+0x478/0xcf4 net/mac80211/iface.c:1943
ieee80211_change_iface+0x6c/0x418 net/mac80211/cfg.c:217
rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline]
cfg80211_change_iface+0x758/0x100c net/wireless/util.c:1084
cfg80211_wext_siwmode net/wireless/wext-compat.c:66 [inline]
__cfg80211_wext_siwmode+0x184/0x240 net/wireless/wext-compat.c:1599
ioctl_standard_call+0xe8/0x264 net/wireless/wext-core.c:1026
wext_ioctl_dispatch+0x16c/0x3ec net/wireless/wext-core.c:997
wext_handle_ioctl+0x1f8/0x3f4 net/wireless/wext-core.c:1058
sock_ioctl+0x140/0x858 net/socket.c:1255
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
------------[ cut here ]------------
raw_local_irq_restore() called with IRQs enabled
WARNING: CPU: 0 PID: 5001 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x38/0x40 kernel/locking/irqflag-debug.c:10
Modules linked in:
CPU: 0 PID: 5001 Comm: syz.3.242 Tainted: G W 6.1.97-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : warn_bogus_irq_restore+0x38/0x40 kernel/locking/irqflag-debug.c:10
lr : warn_bogus_irq_restore+0x38/0x40 kernel/locking/irqflag-debug.c:10
sp : ffff80001e327590
x29: ffff80001e327590 x28: ffff0000cbb7a060 x27: dfff800000000000
x26: 0000000000000058 x25: 000000000000000f x24: 0000000000000010
x23: ffff0000ee23e798 x22: 000000000000000f x21: 000000000000000f
x20: ffff0000cbb794e0 x19: 0000000000000000 x18: ffff80001e3265a0
x17: 0000000000000000 x16: ffff8000120bd140 x15: 0000000000000002
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000040000
x11: 000000000003ffff x10: ffff800022a19000 x9 : f31f60c5ac5c4000
x8 : f31f60c5ac5c4000 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001e326e78 x4 : ffff800015942b20 x3 : ffff80000834ee14
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
warn_bogus_irq_restore+0x38/0x40 kernel/locking/irqflag-debug.c:10
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
_raw_spin_unlock_irqrestore+0xa0/0xac kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
ieee80211_do_stop+0xfac/0x1994 net/mac80211/iface.c:650
ieee80211_runtime_change_iftype net/mac80211/iface.c:1905 [inline]
ieee80211_if_change_type+0x478/0xcf4 net/mac80211/iface.c:1943
ieee80211_change_iface+0x6c/0x418 net/mac80211/cfg.c:217
rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline]
cfg80211_change_iface+0x758/0x100c net/wireless/util.c:1084
cfg80211_wext_siwmode net/wireless/wext-compat.c:66 [inline]
__cfg80211_wext_siwmode+0x184/0x240 net/wireless/wext-compat.c:1599
ioctl_standard_call+0xe8/0x264 net/wireless/wext-core.c:1026
wext_ioctl_dispatch+0x16c/0x3ec net/wireless/wext-core.c:997
wext_handle_ioctl+0x1f8/0x3f4 net/wireless/wext-core.c:1058
sock_ioctl+0x140/0x858 net/socket.c:1255
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2728
hardirqs last enabled at (2725): [<ffff80001224ebbc>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (2725): [<ffff80001224ebbc>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (2726): [<ffff80001224e9d8>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (2726): [<ffff80001224e9d8>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (2728): [<ffff8000104563f4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2727): [<ffff8000104563c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Dec 25, 2024, 7:13:17 AM12/25/24
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages