* WARNING in cfg80211_connect @ 2020-10-01 10:28 syzbot 2020-10-01 21:32 ` syzbot 2020-10-02 4:31 ` syzbot 0 siblings, 2 replies; 5+ messages in thread From: syzbot @ 2020-10-01 10:28 UTC (permalink / raw) To: davem, johannes, kuba, linux-kernel, linux-wireless, netdev, syzkaller-bugs Hello, syzbot found the following issue on: HEAD commit: 60e72093 Merge tag 'clk-fixes-for-linus' of git://git.kern.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12adca47900000 kernel config: https://syzkaller.appspot.com/x/.config?x=4e0df28c181f1b6d dashboard link: https://syzkaller.appspot.com/bug?extid=5f9392825de654244975 compiler: gcc (GCC) 10.1.0-syz 20200507 userspace arch: i386 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+5f9392825de654244975@syzkaller.appspotmail.com ------------[ cut here ]------------ WARNING: CPU: 0 PID: 17631 at net/wireless/sme.c:533 cfg80211_sme_connect net/wireless/sme.c:533 [inline] WARNING: CPU: 0 PID: 17631 at net/wireless/sme.c:533 cfg80211_connect+0x1432/0x2010 net/wireless/sme.c:1258 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 17631 Comm: syz-executor.1 Not tainted 5.9.0-rc7-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 panic+0x382/0x7fb kernel/panic.c:231 __warn.cold+0x20/0x4b kernel/panic.c:600 report_bug+0x1bd/0x210 lib/bug.c:198 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536 RIP: 0010:cfg80211_sme_connect net/wireless/sme.c:533 [inline] RIP: 0010:cfg80211_connect+0x1432/0x2010 net/wireless/sme.c:1258 Code: 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 80 3c 02 00 0f 85 a2 0a 00 00 49 83 bd 48 01 00 00 00 0f 84 b6 f7 ff ff e8 ce 82 c2 f9 <0f> 0b e8 c7 82 c2 f9 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df RSP: 0018:ffffc90008ad7340 EFLAGS: 00010212 RAX: 0000000000000499 RBX: 0000000000000000 RCX: ffffc90002c73000 RDX: 0000000000040000 RSI: ffffffff87b3bbc2 RDI: ffffffff895f55e0 RBP: ffff8880578d0d30 R08: 0000000000000001 R09: ffff8880578d0d35 R10: ffffed100af1a1a6 R11: 0000000000000000 R12: ffffc90008ad74e0 R13: ffff8880578d0c10 R14: ffff8880578d0d58 R15: ffffffff895f54a0 nl80211_connect+0x1646/0x2220 net/wireless/nl80211.c:10392 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline] genl_family_rcv_msg net/netlink/genetlink.c:714 [inline] genl_rcv_msg+0x61d/0x980 net/netlink/genetlink.c:731 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 genl_rcv+0x24/0x40 net/netlink/genetlink.c:742 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2353 ___sys_sendmsg+0xf3/0x170 net/socket.c:2407 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2440 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x60/0x90 arch/x86/entry/common.c:137 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7fcd549 Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:00000000f55c70bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000340 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Kernel Offset: disabled Rebooting in 86400 seconds.. --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING in cfg80211_connect 2020-10-01 10:28 WARNING in cfg80211_connect syzbot @ 2020-10-01 21:32 ` syzbot 2020-10-02 4:31 ` syzbot 1 sibling, 0 replies; 5+ messages in thread From: syzbot @ 2020-10-01 21:32 UTC (permalink / raw) To: davem, johannes, kuba, linux-kernel, linux-wireless, netdev, syzkaller-bugs syzbot has found a reproducer for the following issue on: HEAD commit: 87d5034d Merge tag 'mlx5-updates-2020-09-30' of git://git... git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=121d2313900000 kernel config: https://syzkaller.appspot.com/x/.config?x=7b5cc8ec2218e99d dashboard link: https://syzkaller.appspot.com/bug?extid=5f9392825de654244975 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1100d333900000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1414c997900000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+5f9392825de654244975@syzkaller.appspotmail.com ------------[ cut here ]------------ WARNING: CPU: 0 PID: 6914 at net/wireless/sme.c:533 cfg80211_sme_connect net/wireless/sme.c:533 [inline] WARNING: CPU: 0 PID: 6914 at net/wireless/sme.c:533 cfg80211_connect+0x1432/0x2010 net/wireless/sme.c:1258 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 6914 Comm: syz-executor935 Not tainted 5.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 panic+0x382/0x7fb kernel/panic.c:231 __warn.cold+0x20/0x4b kernel/panic.c:600 report_bug+0x1bd/0x210 lib/bug.c:198 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536 RIP: 0010:cfg80211_sme_connect net/wireless/sme.c:533 [inline] RIP: 0010:cfg80211_connect+0x1432/0x2010 net/wireless/sme.c:1258 Code: 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 80 3c 02 00 0f 85 a2 0a 00 00 49 83 bd 48 01 00 00 00 0f 84 b6 f7 ff ff e8 7e 1e b5 f9 <0f> 0b e8 77 1e b5 f9 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df RSP: 0018:ffffc90005667360 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888093bdc380 RSI: ffffffff87c166d2 RDI: ffffffff896172c0 RBP: ffff888088cf8d30 R08: 0000000000000001 R09: ffff888088cf8d35 R10: ffffed101119f1a6 R11: 0000000000000000 R12: ffffc90005667500 R13: ffff888088cf8c10 R14: ffff888088cf8d58 R15: ffffffff89617180 nl80211_connect+0x1646/0x2220 net/wireless/nl80211.c:10615 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline] genl_family_rcv_msg net/netlink/genetlink.c:714 [inline] genl_rcv_msg+0x61d/0x980 net/netlink/genetlink.c:731 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 genl_rcv+0x24/0x40 net/netlink/genetlink.c:742 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2353 ___sys_sendmsg+0xf3/0x170 net/socket.c:2407 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x442139 Code: e8 ac 00 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fff18327468 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442139 RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000002000000000 R09: 0000002000000000 R10: 0000002000000000 R11: 0000000000000246 R12: 000000000000f7cb R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 Kernel Offset: disabled Rebooting in 86400 seconds.. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING in cfg80211_connect 2020-10-01 10:28 WARNING in cfg80211_connect syzbot 2020-10-01 21:32 ` syzbot @ 2020-10-02 4:31 ` syzbot 2020-10-02 6:26 ` Johannes Berg 1 sibling, 1 reply; 5+ messages in thread From: syzbot @ 2020-10-02 4:31 UTC (permalink / raw) To: a, b.a.t.m.a.n, davem, david, dchinner, hch, johannes, kuba, linux-kernel, linux-wireless, mareklindner, netdev, sw, syzkaller-bugs syzbot has bisected this issue to: commit 16d4d43595b4780daac8fcea6d042689124cb094 Author: Christoph Hellwig <hch@lst.de> Date: Wed Jul 20 01:38:55 2016 +0000 xfs: split direct I/O and DAX path bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14f662b7900000 start commit: 87d5034d Merge tag 'mlx5-updates-2020-09-30' of git://git... git tree: net-next final oops: https://syzkaller.appspot.com/x/report.txt?x=16f662b7900000 console output: https://syzkaller.appspot.com/x/log.txt?x=12f662b7900000 kernel config: https://syzkaller.appspot.com/x/.config?x=7b5cc8ec2218e99d dashboard link: https://syzkaller.appspot.com/bug?extid=5f9392825de654244975 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1100d333900000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1414c997900000 Reported-by: syzbot+5f9392825de654244975@syzkaller.appspotmail.com Fixes: 16d4d43595b4 ("xfs: split direct I/O and DAX path") For information about bisection process see: https://goo.gl/tpsmEJ#bisection ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING in cfg80211_connect 2020-10-02 4:31 ` syzbot @ 2020-10-02 6:26 ` Johannes Berg 2020-10-02 7:48 ` Dmitry Vyukov 0 siblings, 1 reply; 5+ messages in thread From: Johannes Berg @ 2020-10-02 6:26 UTC (permalink / raw) To: syzbot, a, b.a.t.m.a.n, davem, david, dchinner, hch, kuba, linux-kernel, linux-wireless, mareklindner, netdev, sw, syzkaller-bugs On Thu, 2020-10-01 at 21:31 -0700, syzbot wrote: > syzbot has bisected this issue to: > > commit 16d4d43595b4780daac8fcea6d042689124cb094 > Author: Christoph Hellwig <hch@lst.de> > Date: Wed Jul 20 01:38:55 2016 +0000 > > xfs: split direct I/O and DAX path > LOL! Unlike in many other cases, here I don't even see why it went down that path. You'd think that Christoph's commit should have no effect whatsoever, but here we are with syzbot claiming a difference? I mean, often enough it says something is "caused" by a patch because that caused e.g. generic netlink family renumbering, or because it emitted some other ioctl() calls or whatnot that are invalid before and valid after some other (feature) patch (or vice versa sometimes), but you'd think that this patch would have _zero_ userspace observable effect? Which I guess means that the reproduction of this bug is random, perhaps timing related. johannes ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING in cfg80211_connect 2020-10-02 6:26 ` Johannes Berg @ 2020-10-02 7:48 ` Dmitry Vyukov 0 siblings, 0 replies; 5+ messages in thread From: Dmitry Vyukov @ 2020-10-02 7:48 UTC (permalink / raw) To: Johannes Berg Cc: syzbot, a, b.a.t.m.a.n, David Miller, Dave Chinner, dchinner, Christoph Hellwig, Jakub Kicinski, LKML, linux-wireless, mareklindner, netdev, sw, syzkaller-bugs, syzkaller On Fri, Oct 2, 2020 at 8:27 AM Johannes Berg <johannes@sipsolutions.net> wrote: > > On Thu, 2020-10-01 at 21:31 -0700, syzbot wrote: > > syzbot has bisected this issue to: > > > > commit 16d4d43595b4780daac8fcea6d042689124cb094 > > Author: Christoph Hellwig <hch@lst.de> > > Date: Wed Jul 20 01:38:55 2016 +0000 > > > > xfs: split direct I/O and DAX path > > > > LOL! > > Unlike in many other cases, here I don't even see why it went down that > path. You'd think that Christoph's commit should have no effect > whatsoever, but here we are with syzbot claiming a difference? > > I mean, often enough it says something is "caused" by a patch because > that caused e.g. generic netlink family renumbering, or because it > emitted some other ioctl() calls or whatnot that are invalid before and > valid after some other (feature) patch (or vice versa sometimes), but > you'd think that this patch would have _zero_ userspace observable > effect? > > Which I guess means that the reproduction of this bug is random, perhaps > timing related. Hi Johannes, syzbot provides bisection log which usually answers the why question. In this case bisection was diverged by an unrelated kernel bug. That's the most common reason for wrong bisection results. If you are interested in more reasons for wrong bisection results, some time ago I did a large analysis of bisection results: https://groups.google.com/g/syzkaller/c/sR8aAXaWEF4/m/tTWYRgvmAwAJ ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-10-02 7:48 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-10-01 10:28 WARNING in cfg80211_connect syzbot 2020-10-01 21:32 ` syzbot 2020-10-02 4:31 ` syzbot 2020-10-02 6:26 ` Johannes Berg 2020-10-02 7:48 ` Dmitry Vyukov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).