Re: [syzbot] Re: [syzbot] [wireless?] WARNING in cfg80211_scan_done

From: syzbot
Date: Wed Jun 18 2025 - 22:52:27 EST

Next message: Qunqin Zhao: "[PATCH v11 0/4] dd Loongson Security Engine chip driver"
Previous message: Sergey Senozhatsky: "Re: [PATCHv2 2/2] fuse: use freezable wait in fuse_get_req()"
Next in thread: syzbot: "Re: [syzbot] Re: [syzbot] [wireless?] WARNING in cfg80211_scan_done"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: Re: [syzbot] [wireless?] WARNING in cfg80211_scan_done
Author: lizhi.xu@xxxxxxxxxxxxx

#syz test

diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index cd8385ecafd9..7fc1e98abb2c 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -498,6 +498,8 @@ static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)

if (scan_req != local->int_scan_req) {
local->scan_info.aborted = aborted;
+ printk("local: %p, sr: %p, wip: %p, %s\n",
+ local, scan_req, scan_req->wiphy, __func__);
cfg80211_scan_done(scan_req, &local->scan_info);
}

@@ -1123,6 +1125,8 @@ void ieee80211_scan_work(struct wiphy *wiphy, struct wiphy_work *work)
/* need to complete scan in cfg80211 */
rcu_assign_pointer(local->scan_req, scan_req);
aborted = true;
+ printk("local: %p, sr: %p, wip: %p, %s\n",
+ local, scan_req, scan_req->wiphy, __func__);
goto out_complete;
}

@@ -1135,6 +1139,8 @@ void ieee80211_scan_work(struct wiphy *wiphy, struct wiphy_work *work)
do {
if (!ieee80211_sdata_running(sdata)) {
aborted = true;
+ printk("2local: %p, sr: %p, wip: %p, %s\n",
+ local, scan_req, scan_req->wiphy, __func__);
goto out_complete;
}

@@ -1147,6 +1153,8 @@ void ieee80211_scan_work(struct wiphy *wiphy, struct wiphy_work *work)
/* if no more bands/channels left, complete scan */
if (local->scan_channel_idx >= scan_req->n_channels) {
aborted = false;
+ printk("3local: %p, sr: %p, wip: %p, %s\n",
+ local, scan_req, scan_req->wiphy, __func__);
goto out_complete;
}
ieee80211_scan_state_decision(local, &next_delay);
@@ -1165,6 +1173,8 @@ void ieee80211_scan_work(struct wiphy *wiphy, struct wiphy_work *work)
break;
case SCAN_ABORT:
aborted = true;
+ printk("4local: %p, sr: %p, wip: %p, %s\n",
+ local, scan_req, scan_req->wiphy, __func__);
goto out_complete;
}
} while (next_delay == 0);
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index e8a4fe44ec2d..7c1f80be24bb 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1178,6 +1178,11 @@ void cfg80211_scan_done(struct cfg80211_scan_request *request,
struct cfg80211_scan_info old_info = request->info;

trace_cfg80211_scan_done(request, info);
+ printk("r: %p, wiphy: %p, scan_req: %p, int_scan_req: %p, %s\n",
+ request, request->wiphy,
+ wiphy_to_rdev(request->wiphy)->scan_req,
+ wiphy_to_rdev(request->wiphy)->int_scan_req,
+ __func__);
WARN_ON(request != wiphy_to_rdev(request->wiphy)->scan_req &&
request != wiphy_to_rdev(request->wiphy)->int_scan_req);

Next message: Qunqin Zhao: "[PATCH v11 0/4] dd Loongson Security Engine chip driver"
Previous message: Sergey Senozhatsky: "Re: [PATCHv2 2/2] fuse: use freezable wait in fuse_get_req()"
Next in thread: syzbot: "Re: [syzbot] Re: [syzbot] [wireless?] WARNING in cfg80211_scan_done"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]