Extracting prog: 2m1.134562657s
Minimizing prog: 15m26.301684484s
Simplifying prog options: 0s
Extracting C: 1m37.214208408s
Simplifying C: 13m44.506341324s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program crashed: WARNING in cfg80211_bss_update
program crashed: WARNING in cfg80211_bss_update
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, 0x0, 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, 0x0, 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(0x0, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=45.51275251s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
simplifying C reproducer
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program did not crash
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program did not crash
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing compiled C program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in cfg80211_bss_update
testing program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program crashed: WARNING in cfg80211_bss_update
validation run: crashed=true
testing program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program crashed: WARNING in cfg80211_bss_update
validation run: crashed=true
testing program (duration=45.51275251s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program crashed: WARNING in cfg80211_bss_update
validation run: crashed=true
reproducing took 37m25.896164709s
repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1710 __list_del_entry include/linux/list.h:134 [inline]
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1710 list_del include/linux/list.h:148 [inline]
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1710 cfg80211_combine_bsses net/wireless/scan.c:1711 [inline]
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1710 cfg80211_bss_update+0xe7c/0x1c7c net/wireless/scan.c:1907
Modules linked in:
CPU: 0 PID: 88 Comm: kworker/u4:3 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: phy6 ieee80211_iface_work
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_combine_bsses include/linux/list.h:134 [inline]
pc : cfg80211_bss_update+0xe7c/0x1c7c net/wireless/scan.c:1907
lr : cfg80211_bss_update+0xc54/0x1c7c net/wireless/scan.c:-1
sp : ffff80001ce37260
x29: ffff80001ce37340 x28: 0000000000000000 x27: 0000000000000001
x26: ffff0000d8725800 x25: ffff0000deae901d x24: ffff0000d8725880
x23: ffff0000cd0c2448 x22: ffff0000d8725810 x21: ffff0000cd0c2410
x20: ffff0000cd0c2400 x19: dfff800000000000 x18: ffff800011a5bd40
x17: 1fffe00033ee7b7e x16: ffff800008042d90 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000ff0100
x11: ff00800010fc863c x10: 0000000000000000 x9 : ffff0000c62a5340
x8 : ffff0000cd0c7410 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff0000cd0c24c8 x4 : ffff80001ce37528 x3 : ffff800010fc87ec
x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff0000d8725810
Call trace:
 __list_del_entry include/linux/list.h:134 [inline]
 list_del include/linux/list.h:148 [inline]
 cfg80211_combine_bsses net/wireless/scan.c:1711 [inline]
 cfg80211_bss_update+0xe7c/0x1c7c net/wireless/scan.c:1907
 cfg80211_inform_single_bss_frame_data net/wireless/scan.c:2512 [inline]
 cfg80211_inform_bss_frame_data+0x884/0x10b4 net/wireless/scan.c:2545
 ieee80211_bss_info_update+0x5d0/0x9b4 net/mac80211/scan.c:190
 ieee80211_rx_bss_info net/mac80211/ibss.c:1120 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1609 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x86c/0x2490 net/mac80211/ibss.c:1638
 ieee80211_iface_process_skb net/mac80211/iface.c:1679 [inline]
 ieee80211_iface_work+0x598/0xa34 net/mac80211/iface.c:1733
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
irq event stamp: 590799
hardirqs last  enabled at (590798): [<ffff8000088ccf00>] ___slab_alloc+0xcdc/0xec8 mm/slub.c:3088
hardirqs last disabled at (590799): [<ffff8000118fa220>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (590704): [<ffff800010fc7130>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (590704): [<ffff800010fc7130>] cfg80211_get_bss+0x5dc/0x850 net/wireless/scan.c:1564
softirqs last disabled at (590792): [<ffff800010fc7a68>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (590792): [<ffff800010fc7a68>] cfg80211_bss_update+0x80/0x1c7c net/wireless/scan.c:1843
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1708 cfg80211_combine_bsses net/wireless/scan.c:1708 [inline]
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1708 cfg80211_bss_update+0xe70/0x1c7c net/wireless/scan.c:1907
Modules linked in:
CPU: 0 PID: 88 Comm: kworker/u4:3 Tainted: G        W          syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: phy6 ieee80211_iface_work
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_combine_bsses net/wireless/scan.c:1708 [inline]
pc : cfg80211_bss_update+0xe70/0x1c7c net/wireless/scan.c:1907
lr : cfg80211_combine_bsses net/wireless/scan.c:1708 [inline]
lr : cfg80211_bss_update+0xe70/0x1c7c net/wireless/scan.c:1907
sp : ffff80001ce37260
x29: ffff80001ce37340 x28: 0000000000000000 x27: 0000000000000002
x26: ffff0000cd0c7400 x25: ffff0000d368e01d x24: ffff0000cd0c7480
x23: ffff0000cd0c2448 x22: ffff0000cd0c7490 x21: ffff0000cd0c2410
x20: ffff0000cd0c2400 x19: dfff800000000000 x18: ffff800011a5bd40
x17: 1fffe00033ee7b7e x16: ffff800008042d90 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000ff0100
x11: ff00800010fc8858 x10: 0000000000000000 x9 : ffff800010fc8858
x8 : ffff0000c62a5340 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff0000cd0c24c8 x4 : ffff80001ce37528 x3 : ffff800010fc87ec
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000006
Call trace:
 cfg80211_combine_bsses net/wireless/scan.c:1708 [inline]
 cfg80211_bss_update+0xe70/0x1c7c net/wireless/scan.c:1907
 cfg80211_inform_single_bss_frame_data net/wireless/scan.c:2512 [inline]
 cfg80211_inform_bss_frame_data+0x884/0x10b4 net/wireless/scan.c:2545
 ieee80211_bss_info_update+0x5d0/0x9b4 net/mac80211/scan.c:190
 ieee80211_rx_bss_info net/mac80211/ibss.c:1120 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1609 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x86c/0x2490 net/mac80211/ibss.c:1638
 ieee80211_iface_process_skb net/mac80211/iface.c:1679 [inline]
 ieee80211_iface_work+0x598/0xa34 net/mac80211/iface.c:1733
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
irq event stamp: 590805
hardirqs last  enabled at (590804): [<ffff8000118fc2fc>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last  enabled at (590804): [<ffff8000118fc2fc>] exit_to_kernel_mode+0xcc/0xfc arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (590805): [<ffff8000118fa220>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (590704): [<ffff800010fc7130>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (590704): [<ffff800010fc7130>] cfg80211_get_bss+0x5dc/0x850 net/wireless/scan.c:1564
softirqs last disabled at (590792): [<ffff800010fc7a68>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (590792): [<ffff800010fc7a68>] cfg80211_bss_update+0x80/0x1c7c net/wireless/scan.c:1843
---[ end trace 0000000000000000 ]---

final repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1710 __list_del_entry include/linux/list.h:134 [inline]
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1710 list_del include/linux/list.h:148 [inline]
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1710 cfg80211_combine_bsses net/wireless/scan.c:1711 [inline]
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1710 cfg80211_bss_update+0xe7c/0x1c7c net/wireless/scan.c:1907
Modules linked in:
CPU: 0 PID: 88 Comm: kworker/u4:3 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: phy6 ieee80211_iface_work
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_combine_bsses include/linux/list.h:134 [inline]
pc : cfg80211_bss_update+0xe7c/0x1c7c net/wireless/scan.c:1907
lr : cfg80211_bss_update+0xc54/0x1c7c net/wireless/scan.c:-1
sp : ffff80001ce37260
x29: ffff80001ce37340 x28: 0000000000000000 x27: 0000000000000001
x26: ffff0000d8725800 x25: ffff0000deae901d x24: ffff0000d8725880
x23: ffff0000cd0c2448 x22: ffff0000d8725810 x21: ffff0000cd0c2410
x20: ffff0000cd0c2400 x19: dfff800000000000 x18: ffff800011a5bd40
x17: 1fffe00033ee7b7e x16: ffff800008042d90 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000ff0100
x11: ff00800010fc863c x10: 0000000000000000 x9 : ffff0000c62a5340
x8 : ffff0000cd0c7410 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff0000cd0c24c8 x4 : ffff80001ce37528 x3 : ffff800010fc87ec
x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff0000d8725810
Call trace:
 __list_del_entry include/linux/list.h:134 [inline]
 list_del include/linux/list.h:148 [inline]
 cfg80211_combine_bsses net/wireless/scan.c:1711 [inline]
 cfg80211_bss_update+0xe7c/0x1c7c net/wireless/scan.c:1907
 cfg80211_inform_single_bss_frame_data net/wireless/scan.c:2512 [inline]
 cfg80211_inform_bss_frame_data+0x884/0x10b4 net/wireless/scan.c:2545
 ieee80211_bss_info_update+0x5d0/0x9b4 net/mac80211/scan.c:190
 ieee80211_rx_bss_info net/mac80211/ibss.c:1120 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1609 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x86c/0x2490 net/mac80211/ibss.c:1638
 ieee80211_iface_process_skb net/mac80211/iface.c:1679 [inline]
 ieee80211_iface_work+0x598/0xa34 net/mac80211/iface.c:1733
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
irq event stamp: 590799
hardirqs last  enabled at (590798): [<ffff8000088ccf00>] ___slab_alloc+0xcdc/0xec8 mm/slub.c:3088
hardirqs last disabled at (590799): [<ffff8000118fa220>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (590704): [<ffff800010fc7130>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (590704): [<ffff800010fc7130>] cfg80211_get_bss+0x5dc/0x850 net/wireless/scan.c:1564
softirqs last disabled at (590792): [<ffff800010fc7a68>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (590792): [<ffff800010fc7a68>] cfg80211_bss_update+0x80/0x1c7c net/wireless/scan.c:1843
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1708 cfg80211_combine_bsses net/wireless/scan.c:1708 [inline]
WARNING: CPU: 0 PID: 88 at net/wireless/scan.c:1708 cfg80211_bss_update+0xe70/0x1c7c net/wireless/scan.c:1907
Modules linked in:
CPU: 0 PID: 88 Comm: kworker/u4:3 Tainted: G        W          syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: phy6 ieee80211_iface_work
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : cfg80211_combine_bsses net/wireless/scan.c:1708 [inline]
pc : cfg80211_bss_update+0xe70/0x1c7c net/wireless/scan.c:1907
lr : cfg80211_combine_bsses net/wireless/scan.c:1708 [inline]
lr : cfg80211_bss_update+0xe70/0x1c7c net/wireless/scan.c:1907
sp : ffff80001ce37260
x29: ffff80001ce37340 x28: 0000000000000000 x27: 0000000000000002
x26: ffff0000cd0c7400 x25: ffff0000d368e01d x24: ffff0000cd0c7480
x23: ffff0000cd0c2448 x22: ffff0000cd0c7490 x21: ffff0000cd0c2410
x20: ffff0000cd0c2400 x19: dfff800000000000 x18: ffff800011a5bd40
x17: 1fffe00033ee7b7e x16: ffff800008042d90 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000ff0100
x11: ff00800010fc8858 x10: 0000000000000000 x9 : ffff800010fc8858
x8 : ffff0000c62a5340 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff0000cd0c24c8 x4 : ffff80001ce37528 x3 : ffff800010fc87ec
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000006
Call trace:
 cfg80211_combine_bsses net/wireless/scan.c:1708 [inline]
 cfg80211_bss_update+0xe70/0x1c7c net/wireless/scan.c:1907
 cfg80211_inform_single_bss_frame_data net/wireless/scan.c:2512 [inline]
 cfg80211_inform_bss_frame_data+0x884/0x10b4 net/wireless/scan.c:2545
 ieee80211_bss_info_update+0x5d0/0x9b4 net/mac80211/scan.c:190
 ieee80211_rx_bss_info net/mac80211/ibss.c:1120 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1609 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x86c/0x2490 net/mac80211/ibss.c:1638
 ieee80211_iface_process_skb net/mac80211/iface.c:1679 [inline]
 ieee80211_iface_work+0x598/0xa34 net/mac80211/iface.c:1733
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
irq event stamp: 590805
hardirqs last  enabled at (590804): [<ffff8000118fc2fc>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last  enabled at (590804): [<ffff8000118fc2fc>] exit_to_kernel_mode+0xcc/0xfc arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (590805): [<ffff8000118fa220>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (590704): [<ffff800010fc7130>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (590704): [<ffff800010fc7130>] cfg80211_get_bss+0x5dc/0x850 net/wireless/scan.c:1564
softirqs last disabled at (590792): [<ffff800010fc7a68>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (590792): [<ffff800010fc7a68>] cfg80211_bss_update+0x80/0x1c7c net/wireless/scan.c:1843
---[ end trace 0000000000000000 ]---