[v6.1] WARNING in cfg80211_scan_done (2)
3 views
Skip to first unread message
syzbot
Jun 12, 2025, 10:16:23 PM6/12/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 58485ff1a74f Linux 6.1.141
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=152b510c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=d93c21c25e641edc
dashboard link: https://syzkaller.appspot.com/bug?extid=d7464e115e82924f1719
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/13b062afcec7/disk-58485ff1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fdd4e489be2a/vmlinux-58485ff1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/08bebb6045ec/Image-58485ff1.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d7464e...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4488 at net/wireless/scan.c:1118 cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
Modules linked in:
CPU: 0 PID: 4488 Comm: kworker/u4:8 Not tainted 6.1.141-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound cfg80211_wiphy_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
lr : cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
sp : ffff800020cc78d0
x29: ffff800020cc78e0 x28: ffff0000dd620760 x27: 1fffe0001979080d
x26: 1fffe0001979080f x25: dfff800000000000 x24: ffff0000dd6201b8
x23: ffff0000cbc84068 x22: ffff0000dd622bb8 x21: 0000000000000000
x20: ffff0000cbc84078 x19: ffff0000cbc84000 x18: ffff800011a7bce0
x17: 1fffe00033ee2f76 x16: ffff8000082d1c00 x15: ffff80001506d000
x14: 0000000000000100 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100
x11: ff00800010fe8294 x10: 0000000000000000 x9 : ffff800010fe8294
x8 : ffff0000f1771bc0 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800020cc78d6 x4 : ffff0000cbc84086 x3 : ffff800010fe8040
x2 : 0000000000000006 x1 : ffff800011f695a0 x0 : 0000000000000001
Call trace:
cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
__ieee80211_scan_completed+0x470/0xa1c net/mac80211/scan.c:483
ieee80211_scan_work+0xd8/0x17a8 net/mac80211/scan.c:1169
cfg80211_wiphy_work+0x1d8/0x218 net/wireless/core.c:433
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
irq event stamp: 779054
hardirqs last enabled at (779053): [<ffff80000a88d70c>] __free_object+0x1c4/0x850 lib/debugobjects.c:355
hardirqs last disabled at (779054): [<ffff80001191c930>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (779024): [<ffff8000115edc78>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (779024): [<ffff8000115edc78>] batadv_nc_purge_paths+0x2f4/0x37c net/batman-adv/network-coding.c:471
softirqs last disabled at (779022): [<ffff8000115eda54>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (779022): [<ffff8000115eda54>] batadv_nc_purge_paths+0xd0/0x37c net/batman-adv/network-coding.c:442
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 58485ff1a74f Linux 6.1.141
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=152b510c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=d93c21c25e641edc
dashboard link: https://syzkaller.appspot.com/bug?extid=d7464e115e82924f1719
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/13b062afcec7/disk-58485ff1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fdd4e489be2a/vmlinux-58485ff1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/08bebb6045ec/Image-58485ff1.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d7464e...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4488 at net/wireless/scan.c:1118 cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
Modules linked in:
CPU: 0 PID: 4488 Comm: kworker/u4:8 Not tainted 6.1.141-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound cfg80211_wiphy_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
lr : cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
sp : ffff800020cc78d0
x29: ffff800020cc78e0 x28: ffff0000dd620760 x27: 1fffe0001979080d
x26: 1fffe0001979080f x25: dfff800000000000 x24: ffff0000dd6201b8
x23: ffff0000cbc84068 x22: ffff0000dd622bb8 x21: 0000000000000000
x20: ffff0000cbc84078 x19: ffff0000cbc84000 x18: ffff800011a7bce0
x17: 1fffe00033ee2f76 x16: ffff8000082d1c00 x15: ffff80001506d000
x14: 0000000000000100 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100
x11: ff00800010fe8294 x10: 0000000000000000 x9 : ffff800010fe8294
x8 : ffff0000f1771bc0 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800020cc78d6 x4 : ffff0000cbc84086 x3 : ffff800010fe8040
x2 : 0000000000000006 x1 : ffff800011f695a0 x0 : 0000000000000001
Call trace:
cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
__ieee80211_scan_completed+0x470/0xa1c net/mac80211/scan.c:483
ieee80211_scan_work+0xd8/0x17a8 net/mac80211/scan.c:1169
cfg80211_wiphy_work+0x1d8/0x218 net/wireless/core.c:433
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
irq event stamp: 779054
hardirqs last enabled at (779053): [<ffff80000a88d70c>] __free_object+0x1c4/0x850 lib/debugobjects.c:355
hardirqs last disabled at (779054): [<ffff80001191c930>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (779024): [<ffff8000115edc78>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (779024): [<ffff8000115edc78>] batadv_nc_purge_paths+0x2f4/0x37c net/batman-adv/network-coding.c:471
softirqs last disabled at (779022): [<ffff8000115eda54>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (779022): [<ffff8000115eda54>] batadv_nc_purge_paths+0xd0/0x37c net/batman-adv/network-coding.c:442
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 13, 2025, 10:46:37 AM6/13/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 58485ff1a74f Linux 6.1.141
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=155df682580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/13b062afcec7/disk-58485ff1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fdd4e489be2a/vmlinux-58485ff1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/08bebb6045ec/Image-58485ff1.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d7464e...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 11 at net/wireless/scan.c:1118 cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.141-syzkaller #0
x29: ffff80001c8378e0 x28: ffff0000c3488760 x27: 1fffe000185ad20d
x26: 1fffe000185ad20f x25: dfff800000000000 x24: ffff0000c34881b8
x23: ffff0000c2d69068 x22: ffff0000c348abb8 x21: 0000000000000000
x20: ffff0000c2d69078 x19: ffff0000c2d69000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000040000000
x14: 0000000000000002 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100
x5 : ffff80001c8378d6 x4 : ffff0000c2d69086 x3 : ffff800010fe8040
hardirqs last enabled at (1756803): [<ffff80000a88d70c>] __free_object+0x1c4/0x850 lib/debugobjects.c:355
hardirqs last disabled at (1756804): [<ffff80001191c930>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1756756): [<ffff80000c6ce1a4>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (1756756): [<ffff80000c6ce1a4>] macvlan_process_broadcast+0x1c4/0x5c4 drivers/net/macvlan.c:305
softirqs last disabled at (1756754): [<ffff80000c6ce0bc>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (1756754): [<ffff80000c6ce0bc>] macvlan_process_broadcast+0xdc/0x5c4 drivers/net/macvlan.c:303
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 58485ff1a74f Linux 6.1.141
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=d93c21c25e641edc
dashboard link: https://syzkaller.appspot.com/bug?extid=d7464e115e82924f1719
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17e29d70580000
dashboard link: https://syzkaller.appspot.com/bug?extid=d7464e115e82924f1719
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/13b062afcec7/disk-58485ff1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fdd4e489be2a/vmlinux-58485ff1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/08bebb6045ec/Image-58485ff1.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d7464e...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.141-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound cfg80211_wiphy_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
lr : cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
sp : ffff80001c8378d0
Workqueue: events_unbound cfg80211_wiphy_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
lr : cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
x29: ffff80001c8378e0 x28: ffff0000c3488760 x27: 1fffe000185ad20d
x26: 1fffe000185ad20f x25: dfff800000000000 x24: ffff0000c34881b8
x23: ffff0000c2d69068 x22: ffff0000c348abb8 x21: 0000000000000000
x20: ffff0000c2d69078 x19: ffff0000c2d69000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000040000000
x14: 0000000000000002 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100
x11: ff00800010fe8294 x10: 0000000000000000 x9 : ffff800010fe8294
x8 : ffff0000c09ab780 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff80001c8378d6 x4 : ffff0000c2d69086 x3 : ffff800010fe8040
x2 : 0000000000000006 x1 : ffff800011f695a0 x0 : 0000000000000001
Call trace:
cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
__ieee80211_scan_completed+0x470/0xa1c net/mac80211/scan.c:483
ieee80211_scan_work+0xd8/0x17a8 net/mac80211/scan.c:1169
cfg80211_wiphy_work+0x1d8/0x218 net/wireless/core.c:433
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
irq event stamp: 1756804
Call trace:
cfg80211_scan_done+0x2c4/0x504 net/wireless/scan.c:1117
__ieee80211_scan_completed+0x470/0xa1c net/mac80211/scan.c:483
ieee80211_scan_work+0xd8/0x17a8 net/mac80211/scan.c:1169
cfg80211_wiphy_work+0x1d8/0x218 net/wireless/core.c:433
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
hardirqs last enabled at (1756803): [<ffff80000a88d70c>] __free_object+0x1c4/0x850 lib/debugobjects.c:355
hardirqs last disabled at (1756804): [<ffff80001191c930>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1756756): [<ffff80000c6ce1a4>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (1756756): [<ffff80000c6ce1a4>] macvlan_process_broadcast+0x1c4/0x5c4 drivers/net/macvlan.c:305
softirqs last disabled at (1756754): [<ffff80000c6ce0bc>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (1756754): [<ffff80000c6ce0bc>] macvlan_process_broadcast+0xdc/0x5c4 drivers/net/macvlan.c:303
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages