syzbot


WARNING in mac80211_hwsim_tx (2)

Status: upstream: reported C repro on 2026/05/10 21:02
Subsystems: wireless
Labels: prio:normal
[Documentation on labels]
Reported-by: syzbot+435fdb053cf98bfa5778@syzkaller.appspotmail.com
First crash: 56d, last: 1d18h
Cause bisection: failed (error log, bisect log)
  
✨ AI Jobs (3)
ID Workflow Result Correct Bug Created Started Finished Revision Error
3b151767-f899-408d-9229-31650328d21c assessment-security DenialOfService: ✅ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ WARNING in mac80211_hwsim_tx (2) 2026/05/31 05:08 2026/05/31 05:08 2026/05/31 06:07 6b4a844333e83556da95d61d7f207e7ef5cd4bc6

			
		
5d15ab96-dd2c-4a03-a93a-49ab041e8a19 repro-c Reproduced: ✅ WARNING in mac80211_hwsim_tx (2) 2026/05/25 10:25 2026/05/25 10:49 2026/05/25 14:06 c69befb30ac10e158cc9d1557b508ee3f0eca1de

			
		
a30b0016-95b2-40af-ba20-3b922f526d5c assessment-security 💥 WARNING in mac80211_hwsim_tx (2) 2026/05/14 14:11 2026/05/14 14:11 2026/05/14 14:12 6ccb967e465e832a7bfd7a116ad00d52a0923a5d
failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128
From /app/workdir/repo/linux
 * branch                HEAD       -> FETCH_HEAD
Updating files:  ...
truncated to first 200 bytes; open job for full error
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [wireless?] WARNING in mac80211_hwsim_tx (2) 0 (2) 2026/06/30 19:33
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 WARNING in mac80211_hwsim_tx -1 1 33d 33d 0/3 upstream: reported on 2026/05/29 17:05
upstream WARNING in mac80211_hwsim_tx wireless -1 44 460d 561d 0/29 auto-obsoleted due to no activity on 2025/06/07 07:17

Sample crash report:
mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
------------[ cut here ]------------
hwsim_get_chanwidth(bw) > hwsim_get_chanwidth(confbw)
WARNING: drivers/net/wireless/virtual/mac80211_hwsim_main.c:2248 at mac80211_hwsim_tx+0x1ab4/0x2500 drivers/net/wireless/virtual/mac80211_hwsim_main.c:2248, CPU#0: syz.0.17/5510
Modules linked in:
CPU: 0 UID: 0 PID: 5510 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:mac80211_hwsim_tx+0x1ab4/0x2500 drivers/net/wireless/virtual/mac80211_hwsim_main.c:2248
Code: c6 05 da 65 07 09 01 48 c7 c7 e0 74 7a 8c be 6b 08 00 00 48 c7 c2 20 76 7a 8c e8 a7 d6 8c fa e9 ff ee ff ff e8 7d eb b0 fa 90 <0f> 0b 90 49 bc 00 00 00 00 00 fc ff df e9 dd fe ff ff e8 65 eb b0
RSP: 0018:ffffc9000278efe0 EFLAGS: 00010293
RAX: ffffffff87158693 RBX: 0000000000000000 RCX: ffff888000ad8000
RDX: 0000000000000000 RSI: 0000000000000014 RDI: 00000000000000a0
RBP: ffffc9000278f170 R08: ffff888000ad8000 R09: 000000000000000e
R10: 000000000000000d R11: 0000000000000000 R12: 0000000000000014
R13: ffff8880120b3cb0 R14: 00000000000000a0 R15: 0000000000000030
FS:  000055559073c500(0000) GS:ffff88808c815000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005562391e0138 CR3: 0000000012ea1000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 drv_tx net/mac80211/driver-ops.h:38 [inline]
 ieee80211_tx_frags+0x3df/0x890 net/mac80211/tx.c:1746
 __ieee80211_tx+0x267/0x580 net/mac80211/tx.c:1801
 ieee80211_tx+0x312/0x4b0 net/mac80211/tx.c:1984
 ieee80211_monitor_start_xmit+0xb33/0x1280 net/mac80211/tx.c:2479
 __netdev_start_xmit include/linux/netdevice.h:5400 [inline]
 netdev_start_xmit include/linux/netdevice.h:5409 [inline]
 xmit_one net/core/dev.c:3889 [inline]
 dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3905
 __dev_queue_xmit+0x1435/0x37f0 net/core/dev.c:4872
 packet_snd net/packet/af_packet.c:3082 [inline]
 packet_sendmsg+0x3d95/0x5040 net/packet/af_packet.c:3114
 sock_sendmsg_nosec+0x13a/0x180 net/socket.c:775
 __sock_sendmsg net/socket.c:790 [inline]
 __sys_sendto+0x408/0x5a0 net/socket.c:2252
 __do_sys_sendto net/socket.c:2259 [inline]
 __se_sys_sendto net/socket.c:2255 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2255
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc04219ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcb766be38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fc042415fa0 RCX: 00007fc04219ce59
RDX: 0000000000000030 RSI: 0000200000000640 RDI: 0000000000000008
RBP: 00007fc042232e6f R08: 0000200000000380 R09: 0000000000000014
R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc042415fac R14: 00007fc042415fa0 R15: 00007fc042415fa0
 </TASK>

Crashes (20):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/30 19:33 upstream dc59e4fea9d8 e5173a01 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root WARNING in mac80211_hwsim_tx
2026/06/30 21:14 net 2a00517db8de 00e8b0fd .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING in mac80211_hwsim_tx
2026/06/30 20:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ff4c5a0de1f2 00e8b0fd .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in mac80211_hwsim_tx
2026/05/29 14:06 upstream 8fde5d1d47f6 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in mac80211_hwsim_tx
2026/05/29 14:06 upstream 8fde5d1d47f6 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in mac80211_hwsim_tx
2026/05/06 20:58 upstream adc1e5c6203c cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mac80211_hwsim_tx
2026/05/29 16:21 upstream 8fde5d1d47f6 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 WARNING in mac80211_hwsim_tx
2026/06/30 17:41 upstream dc59e4fea9d8 e5173a01 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root WARNING in mac80211_hwsim_tx
2026/06/19 01:46 upstream 83f1454877cc d7ffd47b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root WARNING in mac80211_hwsim_tx
2026/05/29 12:23 upstream 8fde5d1d47f6 6b4a8443 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mac80211_hwsim_tx
2026/05/29 12:18 upstream 8fde5d1d47f6 6b4a8443 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mac80211_hwsim_tx
2026/05/29 12:41 upstream 8fde5d1d47f6 6b4a8443 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING in mac80211_hwsim_tx
2026/05/29 12:41 upstream 8fde5d1d47f6 6b4a8443 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING in mac80211_hwsim_tx
2026/05/29 12:41 upstream 8fde5d1d47f6 6b4a8443 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING in mac80211_hwsim_tx
2026/05/29 13:31 net 422b5233b607 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING in mac80211_hwsim_tx
2026/05/29 13:24 net 422b5233b607 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce WARNING in mac80211_hwsim_tx
2026/05/29 14:29 net-next 841559836550 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING in mac80211_hwsim_tx
2026/05/29 14:29 net-next 841559836550 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce WARNING in mac80211_hwsim_tx
2026/05/29 13:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 4b4362973b6f 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in mac80211_hwsim_tx
2026/05/29 13:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 4b4362973b6f 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in mac80211_hwsim_tx
* Struck through repros no longer work on HEAD.