UBSAN: array-index-out-of-bounds in ieee80211_request_ibss

Title	Replies (including bot)	Last reply
[PATCH] wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request	2 (2)	2025/05/09 19:10
[syzbot] [wireless?] UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan	8 (16)	2025/05/09 18:35

Title

Replies (including bot)

Last reply

[PATCH] wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request

2 (2)

2025/05/09 19:10

[syzbot] [wireless?] UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan

8 (16)

2025/05/09 18:35


Created	Duration	User	Patch	Repo	Result
2025/05/07 13:28	14m	eadavis@qq.com	patch	upstream	report log
2025/05/07 11:30	14m	eadavis@qq.com	patch	upstream	report log
2025/04/30 10:13	20m	eadavis@qq.com	patch	upstream	OK log
2025/04/29 10:58	19m	eadavis@qq.com	patch	upstream	OK log
2025/04/29 10:23	8m	eadavis@qq.com	patch	upstream	error
2025/04/29 08:45	14m	eadavis@qq.com	patch	upstream	report log
2025/04/29 02:39	15m	eadavis@qq.com	patch	upstream	report log

wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 wlan1: Trigger new scan to find an IBSS to join ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5 index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') CPU: 0 UID: 0 PID: 131 Comm: kworker/u4:5 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: events_unbound cfg80211_wiphy_work Call Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 ubsan_epilogue+0xa/0x40 lib/ubsan.c:231 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1208 ieee80211_sta_find_ibss net/mac80211/ibss.c:-1 [inline] ieee80211_ibss_work+0xde7/0x1060 net/mac80211/ibss.c:1670 cfg80211_wiphy_work+0x2dc/0x460 net/wireless/core.c:435 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> ---[ end trace ]--- Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 0 UID: 0 PID: 131 Comm: kworker/u4:5 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: events_unbound cfg80211_wiphy_work Call Trace: <TASK> dump_stack_lvl+0x99/0x250 lib/dump_stack.c:120 panic+0x2db/0x790 kernel/panic.c:354 check_panic_on_warn+0x89/0xb0 kernel/panic.c:243 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1208 ieee80211_sta_find_ibss net/mac80211/ibss.c:-1 [inline] ieee80211_ibss_work+0xde7/0x1060 net/mac80211/ibss.c:1670 cfg80211_wiphy_work+0x2dc/0x460 net/wireless/core.c:435 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds..

Crashes (29354):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/04/27 05:05	upstream	5bc1018675ec	c6b4fb39	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/27 08:06	net	f73f05c6f711	c6b4fb39	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/27 04:19	net-next	cc17b4b9c332	c6b4fb39	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image]	ci-upstream-net-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/14 08:36	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	c32f8dc5aaf9	7344edeb	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/17 00:11	upstream	e04c78d86a96	d1716036	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/15 03:31	upstream	4774cfe3543a	5f4b362d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/14 17:03	upstream	4774cfe3543a	5f4b362d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/14 08:07	upstream	02adc1490e6d	0e8da31f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/15 19:41	upstream	546bce579204	d6b2ee52	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/14 08:41	upstream	9f35e33144ae	7344edeb	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/07 20:15	upstream	707df3375124	dbf35fa1	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/17 07:41	net	1224b218a4b9	cfebc887	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/17 05:16	net	1224b218a4b9	d1716036	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/17 03:32	net	1224b218a4b9	d1716036	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/16 22:55	net	1224b218a4b9	d1716036	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/16 19:06	net	5466491c9e33	d1716036	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/16 11:28	net	5466491c9e33	5f4b362d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/16 10:20	net	5466491c9e33	5f4b362d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/16 09:10	net	5466491c9e33	5f4b362d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/16 01:16	net	5466491c9e33	5f4b362d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/15 16:25	net	5466491c9e33	5f4b362d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/15 07:49	net	5466491c9e33	5f4b362d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/14 06:14	net	5466491c9e33	0e8da31f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/14 05:07	net	5466491c9e33	0e8da31f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/13 23:27	bpf	d60d09eadb7c	0e8da31f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-bpf-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/12 16:58	net	27cea0e419d2	98683f8f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/12 14:10	net	27cea0e419d2	98683f8f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/11 23:36	net	d9816ec74e6d	98683f8f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/11 20:58	net	d9816ec74e6d	98683f8f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/11 15:52	net	d9816ec74e6d	5d7e17ca	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/11 04:57	net	dc9c67820f81	5d7e17ca	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/10 20:16	net	fdd9ebccfc32	5d7e17ca	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/10 11:26	net	fdd9ebccfc32	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/10 06:30	net	fdd9ebccfc32	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/10 05:22	net	fdd9ebccfc32	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/09 21:44	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/09 20:40	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/09 07:54	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/09 06:15	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/09 05:04	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/08 21:29	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/08 08:20	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/08 06:43	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/08 05:40	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/07 21:57	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/07 16:28	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/07 14:22	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/07 13:08	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/07 08:15	net	82cbd06f327f	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/13 10:10	net-next	b549faa950e6	98683f8f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/12 09:09	net-next	a4a65c6fe08b	98683f8f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/11 16:13	net-next	0097c4195b1d	5d7e17ca	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/05 15:22	bpf-next	cd2e103d57e5	6b6b5f21	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-bpf-next-kasan-gce	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/09 00:18	linux-next	475c850a7fdd	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/08 19:45	linux-next	475c850a7fdd	4826c28e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/11 17:49	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	19272b37aa4f	5d7e17ca	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/06/11 01:48	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	d7fa1af5b33e	5d7e17ca	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan

Crashes (29354):

Assets (help?)

2025/04/27 05:05

upstream