syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1343]
Subsystems
🐞 Fixed [7129]
🐞 Invalid [18866]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap

Status: upstream: reported C repro on 2026/05/30 20:57
Subsystems: wireless
Labels: prio:normal
[Documentation on labels]
Reported-by: syzbot+8e0622f6d9446420271f@syzkaller.appspotmail.com
First crash: 107d, last: 2d06h
Cause bisection: failed (error log, bisect log)
  
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
441b91be-1b5e-4560-9301-59d59e8a899c assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap 2026/06/01 02:54 2026/06/01 02:54 2026/06/01 03:47 6b4a844333e83556da95d61d7f207e7ef5cd4bc6
ffe0e579-28f9-420b-a453-a3823c66f4c1 assessment-security 💥 UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap 2026/05/15 10:08 2026/05/15 10:08 2026/05/15 10:09 9cd3beaadf14b3a22d15fd97a0bf081ee41ebe01 failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 1 fatal: write error: No space left on device fatal: fetch-pack: invalid index-pack output
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] wifi: mac80211: limit injected antenna index in ieee80211_parse_tx_radiotap 1 (1) 2026/05/31 01:17
[syzbot] [wireless?] UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap 0 (2) 2026/05/31 00:33
Last patch testing requests (5)
Created Duration User Patch Repo Result
2026/05/31 00:33 29m kartikey406@gmail.com patch upstream error
2026/03/05 23:08 49m retest repro linux-next report log
2026/03/05 23:21 18m retest repro upstream report log
2026/03/05 23:21 12m retest repro upstream report log
2026/03/05 23:08 18m retest repro linux-next report log

Sample crash report:
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in net/mac80211/tx.c:2174:30
shift exponent 235 is too large for 64-bit type 'unsigned long'
CPU: 0 UID: 0 PID: 5454 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x30 lib/ubsan.c:233
 __ubsan_handle_shift_out_of_bounds+0x385/0x410 lib/ubsan.c:494
 ieee80211_parse_tx_radiotap+0xadb/0x1950 net/mac80211/tx.c:2174
 ieee80211_monitor_start_xmit+0xb1f/0x1250 net/mac80211/tx.c:2451
 __netdev_start_xmit include/linux/netdevice.h:5275 [inline]
 netdev_start_xmit include/linux/netdevice.h:5284 [inline]
 xmit_one net/core/dev.c:3864 [inline]
 dev_hard_start_xmit+0x2d8/0x870 net/core/dev.c:3880
 __dev_queue_xmit+0x168f/0x38a0 net/core/dev.c:4829
 packet_snd net/packet/af_packet.c:3077 [inline]
 packet_sendmsg+0x3eb6/0x50f0 net/packet/af_packet.c:3109
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x709/0x7a0 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2209
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f251db9bf79
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff388b1f78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f251de15fa0 RCX: 00007f251db9bf79
RDX: 0000000000000038 RSI: 0000200000000640 RDI: 0000000000000007
RBP: 00007f251dc327e0 R08: 0000200000000380 R09: 0000000000000014
R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f251de15fac R14: 00007f251de15fa0 R15: 00007f251de15fa0
 </TASK>
---[ end trace ]---

Crashes (64):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/15 07:08 upstream 3e48a11675c5 1e62d198 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 05:40 upstream 3e48a11675c5 1e62d198 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/04/26 17:36 net e728258debd5 9c2d0995 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/04/26 16:13 net e728258debd5 9c2d0995 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/31 20:03 net-next 841559836550 6b4a8443 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/31 18:34 net-next 841559836550 6b4a8443 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 11:57 linux-next 635c467cc14e 1e62d198 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 10:34 linux-next 635c467cc14e 1e62d198 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/29 01:00 upstream 8fde5d1d47f6 4624854e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/29 00:13 upstream 8fde5d1d47f6 4624854e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/15 05:48 upstream 66182ca873a4 6ccb967e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/13 03:17 upstream c21b90f77687 a0949470 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/12 21:51 upstream c21b90f77687 a0949470 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/07 19:52 upstream 8ab992f815d6 0211be7b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/03 04:17 upstream 66edb901bf87 a0d91488 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/01 15:07 upstream 26fd6bff2c05 753c55b9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/05/01 15:07 upstream 26fd6bff2c05 753c55b9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/04/25 03:42 upstream 892c894b4ba4 9c2d0995 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/03/22 12:35 upstream 113ae7b4decc 5b92003d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/03/20 07:22 upstream e9825d1c7957 2f245add .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/03/09 02:37 upstream 014441d1e4b2 5cb44a80 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/03/08 08:52 upstream c23719abc330 5cb44a80 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/03/08 08:51 upstream c23719abc330 5cb44a80 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/03/08 08:50 upstream c23719abc330 5cb44a80 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/03/07 19:51 upstream 4ae12d8bd9a8 5cb44a80 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/19 22:57 upstream 2b7a25df823d 73a252ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/19 22:57 upstream 2b7a25df823d 73a252ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 18:11 upstream ca4ee40bf13d 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:17 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:17 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:15 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:15 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:15 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:15 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:15 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:15 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:14 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:14 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:14 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:14 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:14 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:14 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:13 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:13 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:13 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:12 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:11 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 04:10 upstream 3e48a11675c5 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/04/24 05:10 net 5e6391da4539 9cfb3ca7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
2026/02/15 11:10 linux-next 635c467cc14e 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce UBSAN: shift-out-of-bounds in ieee80211_parse_tx_radiotap
* Struck through repros no longer work on HEAD.