syzbot

 sign-in | mailing list | source | docs
🐞 Open [1595]
Subsystems
🐞 Fixed [6224]
🐞 Invalid [15741]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan

Status: upstream: reported C repro on 2025/04/28 19:05
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+4bcdddd48bb6f0be0da1@syzkaller.appspotmail.com
First crash: 17d, last: now
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request 2 (2) 2025/05/09 19:10
[syzbot] [wireless?] UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan 8 (16) 2025/05/09 18:35
Last patch testing requests (7)
Created Duration User Patch Repo Result
2025/05/07 13:28 14m eadavis@qq.com patch upstream report log
2025/05/07 11:30 14m eadavis@qq.com patch upstream report log
2025/04/30 10:13 20m eadavis@qq.com patch upstream OK log
2025/04/29 10:58 19m eadavis@qq.com patch upstream OK log
2025/04/29 10:23 8m eadavis@qq.com patch upstream error
2025/04/29 08:45 14m eadavis@qq.com patch upstream report log
2025/04/29 02:39 15m eadavis@qq.com patch upstream report log

Sample crash report:
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Trigger new scan to find an IBSS to join
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5
index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')
CPU: 0 UID: 0 PID: 131 Comm: kworker/u4:5 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:231
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453
 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1208
 ieee80211_sta_find_ibss net/mac80211/ibss.c:-1 [inline]
 ieee80211_ibss_work+0xde7/0x1060 net/mac80211/ibss.c:1670
 cfg80211_wiphy_work+0x2dc/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 0 UID: 0 PID: 131 Comm: kworker/u4:5 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x99/0x250 lib/dump_stack.c:120
 panic+0x2db/0x790 kernel/panic.c:354
 check_panic_on_warn+0x89/0xb0 kernel/panic.c:243
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453
 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1208
 ieee80211_sta_find_ibss net/mac80211/ibss.c:-1 [inline]
 ieee80211_ibss_work+0xde7/0x1060 net/mac80211/ibss.c:1670
 cfg80211_wiphy_work+0x2dc/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (19142):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/27 05:05 upstream 5bc1018675ec c6b4fb39 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/27 08:06 net f73f05c6f711 c6b4fb39 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/04/27 04:19 net-next cc17b4b9c332 c6b4fb39 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 02:16 upstream 82f2b0b97b36 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 00:35 upstream cd802e7e5f1e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 20:55 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/08 16:55 upstream d76bb1ebb558 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/06 18:35 upstream 0d8d44db295c ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/07 20:15 upstream 707df3375124 dbf35fa1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 07:23 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 07:02 bpf b4432656b36e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 06:13 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 05:26 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 05:05 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 04:51 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 04:25 bpf b4432656b36e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 04:02 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 02:41 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 01:26 bpf b4432656b36e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 00:52 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 23:52 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 23:27 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 22:58 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 22:17 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 20:27 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 19:25 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 19:10 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 18:24 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 17:34 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 17:14 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 16:51 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 16:27 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 15:32 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 14:49 net 4d64321c4f6f 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 06:50 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 06:35 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 05:48 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 03:37 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 03:21 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 03:00 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 01:57 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 01:44 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/12 00:16 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 22:29 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 21:43 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 21:16 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 19:59 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 19:50 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 19:41 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 19:33 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 18:46 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 16:03 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 09:44 bpf-next 7220eabff8cb 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/05/11 11:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c32f8dc5aaf9 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
* Struck through repros no longer work on HEAD.