[syzbot] [wireless?] WARNING in ADDR

syzbot <syzbot+652bceddc8ff90c594ad@xxxxxxxxxxxxxxxxxxxxxxxxx> · Fri, 31 Jan 2025 14:50:19 -0800

Hello,

syzbot found the following issue on:

HEAD commit:    805ba04cb7cc Merge tag 'mips_6.14' of git://git.kernel.org..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=102805f8580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=2ae8afe424ee551e
dashboard link: https://syzkaller.appspot.com/bug?extid=652bceddc8ff90c594ad
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-805ba04c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f9b9a1354470/vmlinux-805ba04c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6c77f51f864a/bzImage-805ba04c.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+652bceddc8ff90c594ad@xxxxxxxxxxxxxxxxxxxxxxxxx

Jan 27 22:47:14 syzkaller kern.notice kernel: [   71.133063][   T39] audit: type=1400 audit(1738018034.313:3483): avc:  denied  { read } for  pid=5336 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclas[   71.519128][    C2] ------------[ cut here ]------------
s=[   71.521211][    C2] WARNING: CPU: 2 PID: 1418 at net/mac80211/tx.c:5040 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
s=[   71.521211][    C2] WARNING: CPU: 2 PID: 1418 at net/mac80211/tx.c:5040 __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5035 [inline]
s=[   71.521211][    C2] WARNING: CPU: 2 PID: 1418 at net/mac80211/tx.c:5040 __ieee80211_beacon_get+0x14ac/0x16b0 net/mac80211/tx.c:5469

Jan 27 22:47:14 [   71.555288][    C2] FS:  0000000000000000(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000
syzkaller kern.n[   71.558416][    C2] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
otice kernel: [ [   71.560778][    C2] CR2: 00007f188c918f98 CR3: 000000000df80000 CR4: 0000000000352ef0
  71.183083][   [   71.563537][    C2] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
T39] audit: type[   71.566318][    C2] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
=1400 audit(1738[   71.569117][    C2] Call Trace:
018034.323:3484)[   71.570531][    C2]  <IRQ>
: avc:  denied  [   71.571844][    C2]  ? __warn+0xea/0x3c0 kernel/panic.c:746
{ create } for  [   71.573494][    C2]  ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
{ create } for  [   71.573494][    C2]  ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5035 [inline]
{ create } for  [   71.573494][    C2]  ? __ieee80211_beacon_get+0x14ac/0x16b0 net/mac80211/tx.c:5469
pid=7155 comm="s[   71.575627][    C2]  ? __report_bug lib/bug.c:199 [inline]
pid=7155 comm="s[   71.575627][    C2]  ? report_bug+0x3c0/0x580 lib/bug.c:219
yz.0.427" sconte[   71.577454][    C2]  ? handle_bug+0x54/0xa0 arch/x86/kernel/traps.c:285
xt=root:sysadm_r[   71.579210][    C2]  ? exc_invalid_op+0x17/0x50 arch/x86/kernel/traps.c:309
:sysadm_t tconte[   71.581290][    C2]  ? asm_exc_invalid_op+0x1a/0x20 arch/x86/include/asm/idtentry.h:621
xt=root:sysadm_r[   71.583223][    C2]  ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
xt=root:sysadm_r[   71.583223][    C2]  ? __ieee80211_beacon_get+0xb32/0x16b0 net/mac80211/tx.c:5469
:sysadm_t tclass[   71.585319][    C2]  ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
:sysadm_t tclass[   71.585319][    C2]  ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5035 [inline]
:sysadm_t tclass[   71.585319][    C2]  ? __ieee80211_beacon_get+0x14ab/0x16b0 net/mac80211/tx.c:5469
=netlink_netfilt[   71.587451][    C2]  ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
=netlink_netfilt[   71.587451][    C2]  ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5035 [inline]
=netlink_netfilt[   71.587451][    C2]  ? __ieee80211_beacon_get+0x14ac/0x16b0 net/mac80211/tx.c:5469
er_socket permis[   71.589588][    C2]  ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5040 [inline]
er_socket permis[   71.589588][    C2]  ? __ieee80211_beacon_update_cntdwn net/mac80211/tx.c:5035 [inline]
er_socket permis[   71.589588][    C2]  ? __ieee80211_beacon_get+0x14ab/0x16b0 net/mac80211/tx.c:5469
si[   71.591735][    C2]  ieee80211_beacon_get_tim+0xa7/0x280 net/mac80211/tx.c:5596

Jan 27 22:47:14 [   71.614223][    C2]  ? __pfx___hrtimer_run_queues+0x10/0x10 include/trace/events/timer.h:222
syzkaller kern.n[   71.619260][    C2]  handle_softirqs+0x213/0x8f0 kernel/softirq.c:561
otice kernel: [ [   71.621158][    C2]  ? __pfx_handle_softirqs+0x10/0x10 include/trace/events/irq.h:156
  71.206999][   [   71.623160][    C2]  ? rcu_lock_release include/linux/rcupdate.h:347 [inline]
  71.206999][   [   71.623160][    C2]  ? rcu_read_unlock_bh include/linux/rcupdate.h:917 [inline]
  71.206999][   [   71.623160][    C2]  ? __dev_queue_xmit+0x89b/0x43e0 net/core/dev.c:4611
T39] audit: type[   71.625157][    C2]  do_softirq kernel/softirq.c:462 [inline]
T39] audit: type[   71.625157][    C2]  do_softirq+0xb2/0xf0 kernel/softirq.c:449
=1400 audit(1738[   71.626849][    C2]  </IRQ>
018034.323:3485)[   71.628241][    C2]  <TASK>
: avc:  denied  [   71.629591][    C2]  __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:389
{ read } for  pi[   71.631612][    C2]  ? rcu_lock_release include/linux/rcupdate.h:347 [inline]
{ read } for  pi[   71.631612][    C2]  ? rcu_read_unlock_bh include/linux/rcupdate.h:917 [inline]
{ read } for  pi[   71.631612][    C2]  ? __dev_queue_xmit+0x89b/0x43e0 net/core/dev.c:4611
d=5336 comm="sys[   71.633591][    C2]  local_bh_enable include/linux/bottom_half.h:33 [inline]
d=5336 comm="sys[   71.633591][    C2]  rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
d=5336 comm="sys[   71.633591][    C2]  __dev_queue_xmit+0x8b0/0x43e0 net/core/dev.c:4611
logd" name="log"[   71.635522][    C2]  ? __pfx___dev_queue_xmit+0x10/0x10 include/linux/netdevice.h:3825
 dev="sda1" ino=[   71.637626][    C2]  ? __pfx___lock_acquire+0x10/0x10 kernel/locking/lockdep.c:4389
1915 scontext=sy[   71.639638][    C2]  ? __pfx___lock_acquire+0x10/0x10 kernel/locking/lockdep.c:4389
stem_u:system_r:[   71.641634][    C2]  ? lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851
syslogd_t tconte[   71.643650][    C2]  ? find_held_lock+0x2d/0x110 kernel/locking/lockdep.c:5341
xt=system_u:obje[   71.645540][    C2]  ? find_held_lock+0x2d/0x110 kernel/locking/lockdep.c:5341
ct_r:var_t tclas[   71.647398][    C2]  ? spin_unlock_irq include/linux/spinlock.h:401 [inline]
ct_r:var_t tclas[   71.647398][    C2]  ? tx+0xa8/0x190 drivers/block/aoe/aoenet.c:60
s=
Jan 27 22:47:14 [   71.658874][    C2]  ? __pfx_kthread+0x10/0x10 arch/x86/include/asm/bitops.h:206
syzkaller kern.n[   71.669505][    C2]  ? __pfx_kthread+0x10/0x10 arch/x86/include/asm/bitops.h:206
otice kernel: [ [   71.671354][    C2]  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
  71.238225][   [   71.673261][    C2]  </TASK>

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup