lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <6853a547.050a0220.216029.0188.GAE@google.com>
Date: Wed, 18 Jun 2025 22:51:03 -0700
From: syzbot <syzbot+189dcafc06865d38178d@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org, lizhi.xu@...driver.com, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [wireless?] WARNING in cfg80211_scan_done

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in cfg80211_scan_done

local: 00000000ce6d1311, sr: 000000002b737337, wip: 000000003108bf1a, __ieee80211_scan_completed
r: 000000002b737337, wiphy: 000000003108bf1a, scan_req: 0000000000000000, int_scan_req: 0000000000000000, cfg80211_scan_done
------------[ cut here ]------------
WARNING: CPU: 0 PID: 226 at net/wireless/scan.c:1187 cfg80211_scan_done+0x340/0x530 net/wireless/scan.c:1186
Modules linked in:
CPU: 0 UID: 0 PID: 226 Comm: kworker/u8:5 Not tainted 6.16.0-rc1-syzkaller-00004-g39dfc971e42d-dirty #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound cfg80211_wiphy_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_scan_done+0x340/0x530 net/wireless/scan.c:1186
lr : cfg80211_scan_done+0x340/0x530 net/wireless/scan.c:1186
sp : ffff80009b7077a0
x29: ffff80009b707820 x28: 1ffff000136e0ef8 x27: dfff800000000000
x26: ffff0000d7c281b8 x25: ffff0000d7c28700 x24: ffff0000d7c281b8
x23: ffff0000cc5a5060 x22: ffff0000d7c2a9f0 x21: ffff0000cc5a5070
x20: 1fffe000198b4a0c x19: ffff0000cc5a5000 x18: 1fffe00033802c76
x17: 3030303030303030 x16: ffff80008ae56384 x15: 0000000000000001
x14: 1fffe00033802ce2 x13: 0000000000000000 x12: 0000000000000000
x11: ffff600033802ce3 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c5b21e80 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80009b707138 x4 : ffff80008f657060 x3 : ffff8000807bb518
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000007c
Call trace:
 cfg80211_scan_done+0x340/0x530 net/wireless/scan.c:1186 (P)
 __ieee80211_scan_completed+0x84c/0xb00 net/mac80211/scan.c:503
 ieee80211_scan_work+0x15b8/0x1a04 net/mac80211/scan.c:1187
 cfg80211_wiphy_work+0x2a8/0x48c net/wireless/core.c:435
 process_one_work+0x7e8/0x155c kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3402
 kthread+0x5fc/0x75c kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
irq event stamp: 1298636
hardirqs last  enabled at (1298635): [<ffff800080550034>] __up_console_sem kernel/printk/printk.c:344 [inline]
hardirqs last  enabled at (1298635): [<ffff800080550034>] __console_unlock+0x70/0xc4 kernel/printk/printk.c:2885
hardirqs last disabled at (1298636): [<ffff80008ae51814>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:511
softirqs last  enabled at (1298570): [<ffff80008644576c>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (1298570): [<ffff80008644576c>] nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
softirqs last  enabled at (1298570): [<ffff80008644576c>] nsim_dev_trap_report_work+0x67c/0x9fc drivers/net/netdevsim/dev.c:851
softirqs last disabled at (1298568): [<ffff8000864456e4>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (1298568): [<ffff8000864456e4>] nsim_dev_trap_report drivers/net/netdevsim/dev.c:816 [inline]
softirqs last disabled at (1298568): [<ffff8000864456e4>] nsim_dev_trap_report_work+0x5f4/0x9fc drivers/net/netdevsim/dev.c:851
---[ end trace 0000000000000000 ]---
3local: 00000000ce6d1311, sr: 00000000b53c744c, wip: 000000003108bf1a, ieee80211_scan_work
local: 00000000ce6d1311, sr: 00000000b53c744c, wip: 000000003108bf1a, __ieee80211_scan_completed
r: 00000000b53c744c, wiphy: 000000003108bf1a, scan_req: 00000000b53c744c, int_scan_req: 0000000000000000, cfg80211_scan_done


Tested on:

commit:         39dfc971 arm64/ptrace: Fix stack-out-of-bounds read in..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=11b6b5d4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8409c4d4e51ac27
dashboard link: https://syzkaller.appspot.com/bug?extid=189dcafc06865d38178d
compiler:       Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
patch:          https://syzkaller.appspot.com/x/patch.diff?x=15dc6370580000

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ