syzbot

 sign-in | mailing list | source | docs
🐞 Open [1568]
Subsystems
🐞 Fixed [6411]
🐞 Invalid [16288]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan (2)

Status: upstream: reported on 2025/07/12 03:45
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+e834e757bd9b3d3e1251@syzkaller.appspotmail.com
Fix commit: wifi: cfg80211: remove scan request n_channels counted_by
Patched on: [ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 9d10h, last: 3h20m
Discussions (2)
Title Replies (including bot) Last reply
[PATCH wireless] wifi: cfg80211: remove scan request n_channels counted_by 3 (3) 2025/07/15 08:24
[syzbot] [wireless?] UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan (2) 0 (1) 2025/07/12 03:45
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan wireless 15 C error 29652 9d15h 79d 29/29 fixed on 2025/07/08 00:33
linux-6.6 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan 15 10 2d23h 27d 0/2 upstream: reported on 2025/06/19 16:46

Sample crash report:
wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1223:5
index 11 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')
CPU: 1 UID: 0 PID: 6462 Comm: kworker/u8:43 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1223
 ieee80211_sta_merge_ibss net/mac80211/ibss.c:1283 [inline]
 ieee80211_ibss_work+0xd85/0x1060 net/mac80211/ibss.c:1665
 cfg80211_wiphy_work+0x2df/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 1 UID: 0 PID: 6462 Comm: kworker/u8:43 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x99/0x250 lib/dump_stack.c:120
 panic+0x2db/0x790 kernel/panic.c:382
 check_panic_on_warn+0x89/0xb0 kernel/panic.c:273
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
 ieee80211_request_ibss_scan+0x600/0x8b0 net/mac80211/scan.c:1223
 ieee80211_sta_merge_ibss net/mac80211/ibss.c:1283 [inline]
 ieee80211_ibss_work+0xd85/0x1060 net/mac80211/ibss.c:1665
 cfg80211_wiphy_work+0x2df/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (206):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/16 22:46 upstream 155a3c003e55 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 06:06 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 15:40 upstream 347e9f5043c8 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/17 05:50 net 531d0d32de3e 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 19:05 bpf bf4807c89d8f c118d736 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 17:27 net dae7f9cbd190 c118d736 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 12:45 net dae7f9cbd190 c118d736 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 11:06 net dae7f9cbd190 c118d736 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 08:36 net dae7f9cbd190 c118d736 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 06:57 net dae7f9cbd190 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 04:07 net dae7f9cbd190 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 02:50 net 0e9418961f89 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 21:55 net 0e9418961f89 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 20:10 net 0e9418961f89 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 17:17 net 0e9418961f89 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 16:15 net 0e9418961f89 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 11:19 bpf bf4807c89d8f 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 10:01 net e18f348632ec 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 20:48 net b640daa2822a 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 14:09 net b640daa2822a 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 09:19 net b640daa2822a 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 00:27 net a059ef8e8889 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 22:30 net a059ef8e8889 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 17:51 bpf bf4807c89d8f 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 12:18 net 5e28d5a3f774 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 11:11 net 5e28d5a3f774 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 09:24 net 5e28d5a3f774 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 07:56 net 5e28d5a3f774 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 05:15 bpf bf4807c89d8f 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 02:33 net 5e28d5a3f774 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 00:54 net 5e28d5a3f774 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/12 22:33 bpf bf4807c89d8f 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/12 20:37 net 7727ec1523d7 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/11 22:15 net 47c84997c686 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/08 03:37 net 1e3b66e32601 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/17 10:13 bpf-next fd60aa0a45c1 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/17 04:11 bpf-next fd60aa0a45c1 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/17 04:09 bpf-next fd60aa0a45c1 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 20:26 bpf-next e860a98c8aeb c118d736 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/16 05:12 bpf-next e860a98c8aeb 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 23:18 bpf-next e860a98c8aeb 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 18:18 bpf-next ea2aecdf7a95 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 13:12 bpf-next ea2aecdf7a95 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 01:04 bpf-next ea2aecdf7a95 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 23:19 bpf-next ea2aecdf7a95 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 12:14 bpf-next ea2aecdf7a95 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 08:58 bpf-next ea2aecdf7a95 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 07:15 net-next b06c4311711c 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 05:38 bpf-next ea2aecdf7a95 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/13 21:11 bpf-next ea2aecdf7a95 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/14 02:09 linux-next a62b7a37e6fc 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
2025/07/15 13:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ec4801305969 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in ieee80211_request_ibss_scan
* Struck through repros no longer work on HEAD.