From: syzbot <syzbot+189dcafc06865d38178d@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, lizhi.xu@windriver.com,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [wireless?] WARNING in cfg80211_scan_done
Date: Wed, 18 Jun 2025 22:51:03 -0700 [thread overview]
Message-ID: <6853a547.050a0220.216029.0188.GAE@google.com> (raw)
In-Reply-To: <20250619025207.461444-1-lizhi.xu@windriver.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in cfg80211_scan_done
local: 00000000ce6d1311, sr: 000000002b737337, wip: 000000003108bf1a, __ieee80211_scan_completed
r: 000000002b737337, wiphy: 000000003108bf1a, scan_req: 0000000000000000, int_scan_req: 0000000000000000, cfg80211_scan_done
------------[ cut here ]------------
WARNING: CPU: 0 PID: 226 at net/wireless/scan.c:1187 cfg80211_scan_done+0x340/0x530 net/wireless/scan.c:1186
Modules linked in:
CPU: 0 UID: 0 PID: 226 Comm: kworker/u8:5 Not tainted 6.16.0-rc1-syzkaller-00004-g39dfc971e42d-dirty #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound cfg80211_wiphy_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_scan_done+0x340/0x530 net/wireless/scan.c:1186
lr : cfg80211_scan_done+0x340/0x530 net/wireless/scan.c:1186
sp : ffff80009b7077a0
x29: ffff80009b707820 x28: 1ffff000136e0ef8 x27: dfff800000000000
x26: ffff0000d7c281b8 x25: ffff0000d7c28700 x24: ffff0000d7c281b8
x23: ffff0000cc5a5060 x22: ffff0000d7c2a9f0 x21: ffff0000cc5a5070
x20: 1fffe000198b4a0c x19: ffff0000cc5a5000 x18: 1fffe00033802c76
x17: 3030303030303030 x16: ffff80008ae56384 x15: 0000000000000001
x14: 1fffe00033802ce2 x13: 0000000000000000 x12: 0000000000000000
x11: ffff600033802ce3 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c5b21e80 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80009b707138 x4 : ffff80008f657060 x3 : ffff8000807bb518
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000007c
Call trace:
cfg80211_scan_done+0x340/0x530 net/wireless/scan.c:1186 (P)
__ieee80211_scan_completed+0x84c/0xb00 net/mac80211/scan.c:503
ieee80211_scan_work+0x15b8/0x1a04 net/mac80211/scan.c:1187
cfg80211_wiphy_work+0x2a8/0x48c net/wireless/core.c:435
process_one_work+0x7e8/0x155c kernel/workqueue.c:3238
process_scheduled_works kernel/workqueue.c:3321 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3402
kthread+0x5fc/0x75c kernel/kthread.c:464
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
irq event stamp: 1298636
hardirqs last enabled at (1298635): [<ffff800080550034>] __up_console_sem kernel/printk/printk.c:344 [inline]
hardirqs last enabled at (1298635): [<ffff800080550034>] __console_unlock+0x70/0xc4 kernel/printk/printk.c:2885
hardirqs last disabled at (1298636): [<ffff80008ae51814>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last enabled at (1298570): [<ffff80008644576c>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (1298570): [<ffff80008644576c>] nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
softirqs last enabled at (1298570): [<ffff80008644576c>] nsim_dev_trap_report_work+0x67c/0x9fc drivers/net/netdevsim/dev.c:851
softirqs last disabled at (1298568): [<ffff8000864456e4>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (1298568): [<ffff8000864456e4>] nsim_dev_trap_report drivers/net/netdevsim/dev.c:816 [inline]
softirqs last disabled at (1298568): [<ffff8000864456e4>] nsim_dev_trap_report_work+0x5f4/0x9fc drivers/net/netdevsim/dev.c:851
---[ end trace 0000000000000000 ]---
3local: 00000000ce6d1311, sr: 00000000b53c744c, wip: 000000003108bf1a, ieee80211_scan_work
local: 00000000ce6d1311, sr: 00000000b53c744c, wip: 000000003108bf1a, __ieee80211_scan_completed
r: 00000000b53c744c, wiphy: 000000003108bf1a, scan_req: 00000000b53c744c, int_scan_req: 0000000000000000, cfg80211_scan_done
Tested on:
commit: 39dfc971 arm64/ptrace: Fix stack-out-of-bounds read in..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=11b6b5d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=8409c4d4e51ac27
dashboard link: https://syzkaller.appspot.com/bug?extid=189dcafc06865d38178d
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
patch: https://syzkaller.appspot.com/x/patch.diff?x=15dc6370580000
next parent reply other threads:[~2025-06-19 5:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250619025207.461444-1-lizhi.xu@windriver.com>
2025-06-19 5:51 ` syzbot [this message]
[not found] <20250619073752.740424-1-lizhi.xu@windriver.com>
2025-06-19 8:04 ` [syzbot] [wireless?] WARNING in cfg80211_scan_done syzbot
2024-08-13 14:03 syzbot
2025-06-13 3:55 ` syzbot
2026-01-05 17:04 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6853a547.050a0220.216029.0188.GAE@google.com \
--to=syzbot+189dcafc06865d38178d@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizhi.xu@windriver.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.