syzbot

 sign-in | mailing list | source | docs
🐞 Open [1516]
Subsystems
🐞 Fixed [6488]
🐞 Invalid [16484]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan

Status: fixed on 2025/07/08 00:33
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+4bcdddd48bb6f0be0da1@syzkaller.appspotmail.com
Fix commit: 82bbe02b2500 wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request
First crash: 103d, last: 29d
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request 2 (2) 2025/05/09 19:10
[syzbot] [wireless?] UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan 8 (16) 2025/05/09 18:35
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan (2) wireless 15 238 15d 25d 27/29 upstream: reported on 2025/07/12 03:45
linux-6.6 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan 15 20 13d 47d 0/2 upstream: reported on 2025/06/19 16:46
Last patch testing requests (7)
Created Duration User Patch Repo Result
2025/05/07 13:28 14m eadavis@qq.com patch upstream report log
2025/05/07 11:30 14m eadavis@qq.com patch upstream report log
2025/04/30 10:13 20m eadavis@qq.com patch upstream OK log
2025/04/29 10:58 19m eadavis@qq.com patch upstream OK log
2025/04/29 10:23 8m eadavis@qq.com patch upstream error
2025/04/29 08:45 14m eadavis@qq.com patch upstream report log
2025/04/29 02:39 15m eadavis@qq.com patch upstream report log

Sample crash report:
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Trigger new scan to find an IBSS to join
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5
index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')
CPU: 0 UID: 0 PID: 131 Comm: kworker/u4:5 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:231
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453
 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1208
 ieee80211_sta_find_ibss net/mac80211/ibss.c:-1 [inline]
 ieee80211_ibss_work+0xde7/0x1060 net/mac80211/ibss.c:1670
 cfg80211_wiphy_work+0x2dc/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 0 UID: 0 PID: 131 Comm: kworker/u4:5 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x99/0x250 lib/dump_stack.c:120
 panic+0x2db/0x790 kernel/panic.c:354
 check_panic_on_warn+0x89/0xb0 kernel/panic.c:243
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453
 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1208
 ieee80211_sta_find_ibss net/mac80211/ibss.c:-1 [inline]
 ieee80211_ibss_work+0xde7/0x1060 net/mac80211/ibss.c:1670
 cfg80211_wiphy_work+0x2dc/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (29652):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/27 05:05 upstream 5bc1018675ec c6b4fb39 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/27 08:06 net f73f05c6f711 c6b4fb39 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/27 04:19 net-next cc17b4b9c332 c6b4fb39 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/14 08:36 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c32f8dc5aaf9 7344edeb .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/07 14:25 upstream d7b8f8e20813 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/02 13:25 upstream 66701750d556 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/18 13:23 upstream 52da431bf03b ca631f70 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/14 08:41 upstream 9f35e33144ae 7344edeb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/07 20:15 upstream 707df3375124 dbf35fa1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/07 20:17 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/07 16:07 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/07 09:14 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/07 05:44 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/07 03:29 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/07 02:28 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/06 20:57 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/06 19:07 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/06 17:31 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/06 09:44 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/06 06:26 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/06 02:23 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/06 01:04 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/05 23:17 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/05 21:38 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/05 17:43 net b9fd9888a565 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 22:23 bpf bf4807c89d8f d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 19:11 net b9fd9888a565 d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 10:44 net 223e2288f4b8 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 05:18 net 223e2288f4b8 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 04:08 bpf bf4807c89d8f 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 03:06 net 223e2288f4b8 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/03 23:21 net 223e2288f4b8 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/03 21:15 bpf bf4807c89d8f 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/03 20:10 net bd475eeaaf3c 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/03 10:02 net bd475eeaaf3c 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/02 21:10 net 561aa0e22b70 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/07 22:09 bpf-next 6e5cae9ddae7 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/07 17:28 bpf-next 6e5cae9ddae7 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/06 08:34 bpf-next 03fe01ddd1d8 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/06 01:17 bpf-next 03fe01ddd1d8 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/05 20:34 bpf-next 03fe01ddd1d8 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/05 14:56 bpf-next 03fe01ddd1d8 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/05 06:55 bpf-next 03fe01ddd1d8 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 14:01 bpf-next 03fe01ddd1d8 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 12:33 bpf-next 1f24c0d81990 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 08:50 bpf-next 1f24c0d81990 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/03 18:03 bpf-next 38d95beb4b24 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/03 12:38 bpf-next 38d95beb4b24 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/02 22:59 bpf-next 212ec9229567 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/02 19:40 bpf-next 212ec9229567 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/02 17:57 bpf-next 212ec9229567 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/02 16:43 bpf-next 212ec9229567 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/02 14:32 bpf-next 212ec9229567 0cd59a8f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/02 11:42 bpf-next 212ec9229567 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/28 05:05 net-next f22e6fdf7b33 803ce19b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/04 01:03 linux-next 8d6c58332c7a 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/27 18:24 linux-next 2aeda9592360 803ce19b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/02 09:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 3c795c3404e8 ffe4b334 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
* Struck through repros no longer work on HEAD.