syzbot

 sign-in | mailing list | source | docs
🐞 Open [1540]
Subsystems
🐞 Fixed [6209]
🐞 Invalid [15649]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan

Status: upstream: reported C repro on 2025/04/28 19:05
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+4bcdddd48bb6f0be0da1@syzkaller.appspotmail.com
First crash: 5d07h, last: now
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [wireless?] UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan 4 (9) 2025/04/29 11:19
Last patch testing requests (4)
Created Duration User Patch Repo Result
2025/04/29 10:58 19m eadavis@qq.com patch upstream OK log
2025/04/29 10:23 8m eadavis@qq.com patch upstream error
2025/04/29 08:45 14m eadavis@qq.com patch upstream report log
2025/04/29 02:39 15m eadavis@qq.com patch upstream report log

Sample crash report:
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Trigger new scan to find an IBSS to join
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5
index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')
CPU: 0 UID: 0 PID: 131 Comm: kworker/u4:5 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:231
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453
 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1208
 ieee80211_sta_find_ibss net/mac80211/ibss.c:-1 [inline]
 ieee80211_ibss_work+0xde7/0x1060 net/mac80211/ibss.c:1670
 cfg80211_wiphy_work+0x2dc/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 0 UID: 0 PID: 131 Comm: kworker/u4:5 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x99/0x250 lib/dump_stack.c:120
 panic+0x2db/0x790 kernel/panic.c:354
 check_panic_on_warn+0x89/0xb0 kernel/panic.c:243
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453
 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1208
 ieee80211_sta_find_ibss net/mac80211/ibss.c:-1 [inline]
 ieee80211_ibss_work+0xde7/0x1060 net/mac80211/ibss.c:1670
 cfg80211_wiphy_work+0x2dc/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (5026):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/27 05:05 upstream 5bc1018675ec c6b4fb39 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/27 08:06 net f73f05c6f711 c6b4fb39 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/27 04:19 net-next cc17b4b9c332 c6b4fb39 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/30 00:29 upstream ca91b9500108 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/30 00:21 upstream ca91b9500108 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/30 00:14 upstream ca91b9500108 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 18:37 upstream ca91b9500108 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 08:03 upstream ca91b9500108 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/27 11:06 upstream 5bc1018675ec c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/28 01:43 upstream b4432656b36e c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/30 01:45 net d4cb1ecc2290 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 23:46 net d4cb1ecc2290 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 21:40 net d4cb1ecc2290 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 20:38 net d4cb1ecc2290 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 17:50 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 17:34 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 16:02 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 15:28 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 14:26 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 13:49 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 13:07 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 12:29 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 11:48 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 11:29 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 11:02 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 09:52 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 09:19 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 08:33 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 06:36 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 05:41 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 05:05 net f04dd30f1bef aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 03:41 net f04dd30f1bef c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/30 01:19 net-next ff61a4a5dfc2 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/30 00:58 net-next ff61a4a5dfc2 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 23:08 net-next ff61a4a5dfc2 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 22:26 net-next ff61a4a5dfc2 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 21:43 net-next ff61a4a5dfc2 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 20:13 net-next ff61a4a5dfc2 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 19:19 net-next ff61a4a5dfc2 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 16:52 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 16:33 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 14:52 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 10:36 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 08:57 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 07:23 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 06:22 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 06:12 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 06:04 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 04:43 net-next 0d15a26b247d aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 10:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 66d2d510fea3 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/29 07:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
* Struck through repros no longer work on HEAD.