Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp2253445rdb; Mon, 25 Dec 2023 03:00:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IGqJxB91BnRKLueGeQl65PA58zcKQFkUNqZNmwP3B6LZYncnPORVdi2P9MNCzqg5mb7ODKJ X-Received: by 2002:a05:6808:651:b0:3b9:f69a:4fce with SMTP id z17-20020a056808065100b003b9f69a4fcemr6555891oih.107.1703502025332; Mon, 25 Dec 2023 03:00:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703502025; cv=none; d=google.com; s=arc-20160816; b=Vg9ThrCXTATI92Z2SrOAqVH1oXONHexXA6wVJ+dE9aAoca4HhpWxYLOyK88lHlbn3y F1lAECroOmmb+y9iI1sczI6Ff3tb9EvgNodPY3wT6gJn2oz6qTAQ7oCUSSD32oQ2dUAp lfgbbHgDia6w8NmD88o2N8jiUCkEQUu/6C6UFr8d0hfsFPraMgw3tmmQzSEqBYIaIMJh lt5hsSyxsGc74GOsmvzSgsGlo9mrScMHKq/Pbct3MDSk/koqSj0Dqp0SJOsuLWy900Z5 cz40uDhmjYkhOViO5z0oIvmOWXobTYd1otCbWeWOUnPtX+BTBsQEMsno7MFjlhQGpToD uhCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:subject:autocrypt:from:cc:to :content-language:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=+5tG1YuuMKHS7h/np+riTeSgnpjUFPFymTa5ge+oZM8=; fh=kiH9BsJ+TyHZ/0f9lp96S1R8k/374lMiI4doNuDXH6k=; b=A1P/exisPt9OGP/yDButaiQF+EjaGuh7+K1AZ3om2q7ixZCKhvLE4P/jFSg3Pu4KL1 98QuO8N4ZyyemN07g+56J0hlTucs+ZOeDc0rHNc1Si0/0IIQAacGaXKtI/oey5+9bSDz iZ0CXkMX69Kl0MwKd7mXX4uiPOyR5Gssh2rMPrTShsadK+sIGGvemH2tU3Op4A73/tmn uUWlzxM0/LEVkX0UXJCM+nfxDyxZi0NFtns1j4zFcBZSO9Sea/7H2lPMz3GLEJPB1OoM UJ407qZxlfHgERadA/5Vnob0BACF/ijMghPG9GNnt7Oise55CLwg9eL21nml99b1kAJy XEAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@yandex.ru header.s=mail header.b="JKMj/f4d"; spf=pass (google.com: domain of linux-wireless+bounces-1279-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1279-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id jc18-20020a17090325d200b001c9c967e77esi7552341plb.207.2023.12.25.03.00.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Dec 2023 03:00:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless+bounces-1279-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@yandex.ru header.s=mail header.b="JKMj/f4d"; spf=pass (google.com: domain of linux-wireless+bounces-1279-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-wireless+bounces-1279-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8F9C2281EA8 for ; Mon, 25 Dec 2023 11:00:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3AF965100B; Mon, 25 Dec 2023 11:00:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b="JKMj/f4d" X-Original-To: linux-wireless@vger.kernel.org Received: from forward102a.mail.yandex.net (forward102a.mail.yandex.net [178.154.239.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8CFB51007 for ; Mon, 25 Dec 2023 11:00:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=yandex.ru Received: from mail-nwsmtp-smtp-production-main-68.vla.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-68.vla.yp-c.yandex.net [IPv6:2a02:6b8:c0d:1f80:0:640:8386:0]) by forward102a.mail.yandex.net (Yandex) with ESMTP id 685A360AE8; Mon, 25 Dec 2023 14:00:08 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-68.vla.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id 70QhbSNvLOs0-umrpxxIY; Mon, 25 Dec 2023 14:00:08 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1703502008; bh=+5tG1YuuMKHS7h/np+riTeSgnpjUFPFymTa5ge+oZM8=; h=Subject:To:From:Cc:Date:Message-ID; b=JKMj/f4dZEHUd1AXwqtxwgxE5MVsOdpsXzIz2FHyv3wTHAnnClWHKrwx5TBP2jToo 7HnZPbKW9aSUFozlrZoFucz0X/uLvjBogW4MbbjREeJtkG7OdjiCAMDWbetYViVE+m 6hBmehPkuBZocyJv4agF5XjCmKGMeiMy8bDHduXU= Authentication-Results: mail-nwsmtp-smtp-production-main-68.vla.yp-c.yandex.net; dkim=pass header.i=@yandex.ru Message-ID: <92f0017d-7b1d-4562-984f-885179b50435@yandex.ru> Date: Mon, 25 Dec 2023 14:00:07 +0300 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Johannes Berg Cc: linux-wireless@vger.kernel.org From: Dmitry Antipov Autocrypt: addr=dmantipov@yandex.ru; keydata= xsDNBGBYjL8BDAC1iFIjCNMSvYkyi04ln+5sTl5TCU9O5Ot/kaKKCstLq3TZ1zwsyeqF7S/q vBVSmkWHQaj80BlT/1m7BnFECMNV0M72+cTGfrX8edesMSzv/id+M+oe0adUeA07bBc2Rq2V YD88b1WgIkACQZVFCo+y7zXY64cZnf+NnI3jCPRfCKOFVwtj4OfkGZfcDAVAtxZCaksBpTHA tf24ay2PmV6q/QN+3IS9ZbHBs6maC1BQe6clFmpGMTvINJ032oN0Lm5ZkpNN+Xcp9393W34y v3aYT/OuT9eCbOxmjgMcXuERCMok72uqdhM8zkZlV85LRdW/Vy99u9gnu8Bm9UZrKTL94erm 0A9LSI/6BLa1Qzvgwkyd2h1r6f2MVmy71/csplvaDTAqlF/4iA4TS0icC0iXDyD+Oh3EfvgP iEc0OAnNps/SrDWUdZbJpLtxDrSl/jXEvFW7KkW5nfYoXzjfrdb89/m7o1HozGr1ArnsMhQC Uo/HlX4pPHWqEAFKJ5HEa/0AEQEAAc0kRG1pdHJ5IEFudGlwb3YgPGRtYW50aXBvdkB5YW5k ZXgucnU+wsEPBBMBCAA5FiEEgi6CDXNWvLfa6d7RtgcLSrzur7cFAmBYjL8FCQWjmoACGwMF CwkIBwIGFQgJCgsCBRYCAwEAAAoJELYHC0q87q+34CEMAKvYwHwegsKYeQokLHXeJVg/bcx9 gVBPj88G+hcI0+3VBdsEU0M521T4zKfS6i7FYWT+mLgf35wtj/kR4akAzU3VyucUqP92t0+T GTvzNiJXbb4a7uxpSvV/vExfPRG/iEKxzdnNiebSe2yS4UkxsVdwXRyH5uE0mqZbDX6Muzk8 O6h2jfzqfLSePNsxq+Sapa7CHiSQJkRiMXOHZJfXq6D+qpvnyh92hqBmrwDYZvNPmdVRIw3f mRFSKqSBq5J3pCKoEvAvJ6b0oyoVEwq7PoPgslJXwiuBzYhpubvSwPkdYD32Jk9CzKEF9z26 dPSVA9l8YJ4o023lU3tTKhSOWaZy2xwE5rYHCnBs5sSshjTYNiXflYf8pjWPbQ5So0lqxfJg 0FlMx2S8cWC7IPjfipKGof7W1DlXl1fVPs6UwCvBGkjUoSgstSZd/OcB/qIcouTmz0Pcd/jD nIFNw/ImUziCdCPRd8RNAddH/Fmx8R2h/DwipNp1DGY251gIJQVO3c7AzQRgWIzAAQwAyZj1 4kk+OmXzTpV9tkUqDGDseykicFMrEE9JTdSO7fiEE4Al86IPhITKRCrjsBdQ5QnmYXcnr3/9 i2RFI0Q7Evp0gD242jAJYgnCMXQXvWdfC55HyppWazwybDiyufW/CV3gmiiiJtUj3d8r8q6l aXMOGky37sRlv1UvjGyjwOxY6hBpB2oXdbpssqFOAgEw66zL54pazMOQ6g1fWmvQhUh0TpKj JZRGF/sib/ifBFHA/RQfAlP/jCsgnX57EOP3ALNwQqdsd5Nm1vxPqDOtKgo7e0qx3sNyk05F FR+f9px6eDbjE3dYfsicZd+aUOpa35EuOPXS0MC4b8SnTB6OW+pmEu/wNzWJ0vvvxX8afgPg lUQELheY+/bH25DnwBnWdlp45DZlz/LdancQdiRuCU77hC4fnntk2aClJh7L9Mh4J3QpBp3d h+vHyESFdWo5idUSNmWoPwLSYQ/evKynzeODU/afzOrDnUBEyyyPTknDxvBQZLv0q3vT0Uiq caL7ABEBAAHCwPwEGAEIACYWIQSCLoINc1a8t9rp3tG2BwtKvO6vtwUCYFiMwAUJBaOagAIb DAAKCRC2BwtKvO6vtwe/C/40zBwVFhiQTVJ5v9heTiIwfE68ZIKVnr+tq6+/z/wrRGNro4PZ fnqumrZtC+nD2Aj5ktNmrwlL2gTauhMT/L0tUrr287D4AHnXfZJT9fra+1NozFm7OeYkcgxh EG2TElxcnXSanQffA7Xx25423FD0dkh2Z5omMqH7cvmh45hBAO/6o9VltTe9T5/6mAqUjIaY 05v2npSKsXqavaiLt4MDutgkhFCfE5PTHWEQAjnXNd0UQeBqR7/JWS55KtwsFcPvyHblW4be 9urNPdoikGY+vF+LtIbXBgwK0qp03ivp7Ye1NcoI4n4PkGusOCD4jrzwmD18o0b31JNd2JAB hETgYXDi/9rBHry1xGnjzuEBalpEiTAehORU2bOVje0FBQ8Pz1C/lhyVW/wrHlW7uNqNGuop Pj5JUAPxMu1UKx+0KQn6HYa0bfGqstmF+d6Stj3W5VAN5J9e80MHqxg8XuXirm/6dH/mm4xc tx98MCutXbJWn55RtnVKbpIiMfBrcB8= Subject: mac80211: WARN_ONCE("no supported rates for sta ...") Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit I'm trying to investigate the following WARN_ONCE() observed at https://syzkaller.appspot.com/bug?extid=fdc5123366fb9c3fdc6d: ------------[ cut here ]------------ no supported rates for sta (null) (0xffffffff, band 1) in rate_mask 0x0 with flags 0x0 WARNING: CPU: 1 PID: 2875 at net/mac80211/rate.c:379 __rate_control_send_low+0x6d9/0x800 net/mac80211/rate.c:379 ... There is a (weird and completely unreadable) reproducer, the most recent one https://syzkaller.appspot.com/text?tag=ReproC&x=10437de6e80000 matches 6.7.0-rc6. IIUC it creates a kind of a virtual subnet of 'mac80211_hwsim' instances and then enforces an attempt to setup an incorrect set of rates. Since I assume that this WARN_ONCE() shouldn't happen, there might be some missing check for the contents of rate-related fields of 'struct ieee80211_sub_if_data'. I've found that this WARN_ONCE() may be avoided one step later by silently dropping the (presumably invalid?) rate control packet in 'ieee80211_tx_h_rate_ctrl()', i. e.: diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index ed4fdf655343..3ca1db6bb0fd 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -703,6 +703,9 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) txrc.reported_rate.idx = -1; txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; + if (unlikely(txrc.rate_idx_mask == 0)) + return TX_DROP; + if (tx->sdata->rc_has_mcs_mask[info->band]) txrc.rate_idx_mcs_mask = tx->sdata->rc_rateidx_mcs_mask[info->band]; but most likely this is wrong and should be handled in some another way somewhere else. Dmitry