[v6.1] WARNING in ieee80211_ibss_csa_beacon (2)
0 views
Skip to first unread message
syzbot
Nov 18, 2025, 2:37:27 AM (3 days ago) Nov 18
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f6e38ae624cf Linux 6.1.158
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=135c1658580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=510f2b0097f0edee4ad2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c1bd671a9def/disk-f6e38ae6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fa0af998ea40/vmlinux-f6e38ae6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e5512d873524/Image-f6e38ae6.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+510f2b...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 11 at net/mac80211/ibss.c:500 ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
Modules linked in:
CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: phy7 ieee80211_iface_work
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
lr : ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
sp : ffff80001c8872c0
x29: ffff80001c8872d0 x28: 1fffe0001ec262b5 x27: dfff800000000000
x26: 0000000000000000 x25: ffff0000f6131af8 x24: ffff0000f6158760
x23: ffff0000f61315a8 x22: ffff0000f6131b08 x21: 0000000000000002
x20: ffff0000f6130c80 x19: ffff80001c887560 x18: 0000000000000000
x17: ffff8000181f9000 x16: ffff8000082d25ac x15: 0000000000000002
x14: 0000000000000003 x13: 0000000000ff0100 x12: 0000000000100000
x11: 0000000000001120 x10: ffff800031f2a000 x9 : ffff8000111c5e90
x8 : 0000000000001121 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000020 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff800011abd7c0 x0 : 0000000000000000
Call trace:
ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
ieee80211_set_csa_beacon+0x604/0xa1c net/mac80211/cfg.c:3698
__ieee80211_channel_switch net/mac80211/cfg.c:3828 [inline]
ieee80211_channel_switch+0x69c/0xaf0 net/mac80211/cfg.c:3868
ieee80211_ibss_process_chanswitch+0x6b0/0x9f8 net/mac80211/ibss.c:888
ieee80211_rx_mgmt_spectrum_mgmt net/mac80211/ibss.c:927 [inline]
ieee80211_ibss_rx_queued_mgmt+0xec4/0x2490 net/mac80211/ibss.c:1662
ieee80211_iface_process_skb net/mac80211/iface.c:1671 [inline]
ieee80211_iface_work+0x598/0xa34 net/mac80211/iface.c:1725
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
irq event stamp: 2839958
hardirqs last enabled at (2839957): [<ffff8000081a8850>] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:426
hardirqs last disabled at (2839958): [<ffff80001195cc30>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (2839956): [<ffff800011028c54>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (2839956): [<ffff800011028c54>] cfg80211_get_bss+0x48c/0x850 net/wireless/scan.c:1564
softirqs last disabled at (2839954): [<ffff800011028904>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (2839954): [<ffff800011028904>] cfg80211_get_bss+0x13c/0x850 net/wireless/scan.c:1538
---[ end trace 0000000000000000 ]---
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: f6e38ae624cf Linux 6.1.158
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=135c1658580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=510f2b0097f0edee4ad2
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c1bd671a9def/disk-f6e38ae6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fa0af998ea40/vmlinux-f6e38ae6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e5512d873524/Image-f6e38ae6.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+510f2b...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 11 at net/mac80211/ibss.c:500 ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
Modules linked in:
CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: phy7 ieee80211_iface_work
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
lr : ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
sp : ffff80001c8872c0
x29: ffff80001c8872d0 x28: 1fffe0001ec262b5 x27: dfff800000000000
x26: 0000000000000000 x25: ffff0000f6131af8 x24: ffff0000f6158760
x23: ffff0000f61315a8 x22: ffff0000f6131b08 x21: 0000000000000002
x20: ffff0000f6130c80 x19: ffff80001c887560 x18: 0000000000000000
x17: ffff8000181f9000 x16: ffff8000082d25ac x15: 0000000000000002
x14: 0000000000000003 x13: 0000000000ff0100 x12: 0000000000100000
x11: 0000000000001120 x10: ffff800031f2a000 x9 : ffff8000111c5e90
x8 : 0000000000001121 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000020 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff800011abd7c0 x0 : 0000000000000000
Call trace:
ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
ieee80211_set_csa_beacon+0x604/0xa1c net/mac80211/cfg.c:3698
__ieee80211_channel_switch net/mac80211/cfg.c:3828 [inline]
ieee80211_channel_switch+0x69c/0xaf0 net/mac80211/cfg.c:3868
ieee80211_ibss_process_chanswitch+0x6b0/0x9f8 net/mac80211/ibss.c:888
ieee80211_rx_mgmt_spectrum_mgmt net/mac80211/ibss.c:927 [inline]
ieee80211_ibss_rx_queued_mgmt+0xec4/0x2490 net/mac80211/ibss.c:1662
ieee80211_iface_process_skb net/mac80211/iface.c:1671 [inline]
ieee80211_iface_work+0x598/0xa34 net/mac80211/iface.c:1725
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
irq event stamp: 2839958
hardirqs last enabled at (2839957): [<ffff8000081a8850>] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:426
hardirqs last disabled at (2839958): [<ffff80001195cc30>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (2839956): [<ffff800011028c54>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (2839956): [<ffff800011028c54>] cfg80211_get_bss+0x48c/0x850 net/wireless/scan.c:1564
softirqs last disabled at (2839954): [<ffff800011028904>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (2839954): [<ffff800011028904>] cfg80211_get_bss+0x13c/0x850 net/wireless/scan.c:1538
---[ end trace 0000000000000000 ]---
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages