Extracting prog: 2m21.64262775s
Minimizing prog: 1h2m21.4515839s
Simplifying prog options: 0s
Extracting C: 34.547549226s
Simplifying C: 16m57.451585611s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-bpf$ENABLE_STATS-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-socketpair$unix-syz_mount_image$minix-openat-pwrite64
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xf6, 0xf0, '\x00', 0x6})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_mount_image$minix(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00ad4da59bd78a248060eb7e05f7e56b446305d49c3e5d3120577c4e2b73c6db3384cc496525aa5a1e3f87e283e57448d56ced36ed336d8f77b350d227"], 0x1, 0x1ce, &(0x7f00000002c0)="$eJzs20tqU2EUB/B/0qjgEpwq6MQmrQrtsFDf78cGShtLMVWxDmwRrEtxZXYDHbgBr3iLSkOTXF/5KP39INwDJ4dz7uDk+yYJcHJ1klZaWU5SVdWHdxda2S09EzAVVeH+XyugnJnva7hXegpg+vaX6v3PXpLPX96v/vgsNzy/95fa9XN3qP560/qPrfp5rnO4/kaSmw3qq08H9ReH+t/6zf5nh+pvN64/eP9L5w/X30lyN8m9JPeTPEjyMMmjJI+P6L821P9Zw/4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Siuzk/Jjv9DO841Bvzcyf6rOz43Mn67z8xPyV0bmz9T52dVXg7VxYwJHaP/l/s9M2P/OhP0Hytna3nmxMhj03wgEAsHPoPQvE/C/dd9uvu5ube9c3thcWe+v91/OLc73ri4sLPaudeubfXf8/R44vn4d+qUnAQAAAAAAAAD+1JMkT0sPAQAATMU0/k5U+h0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOP6+BQAA///mpdN2")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r8, &(0x7f0000000140)='2', 0xfdef, 0x8000e00)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-bpf$ENABLE_STATS-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-socketpair$unix-syz_mount_image$minix-openat-pwrite64
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xf6, 0xf0, '\x00', 0x6})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_mount_image$minix(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00ad4da59bd78a248060eb7e05f7e56b446305d49c3e5d3120577c4e2b73c6db3384cc496525aa5a1e3f87e283e57448d56ced36ed336d8f77b350d227"], 0x1, 0x1ce, &(0x7f00000002c0)="$eJzs20tqU2EUB/B/0qjgEpwq6MQmrQrtsFDf78cGShtLMVWxDmwRrEtxZXYDHbgBr3iLSkOTXF/5KP39INwDJ4dz7uDk+yYJcHJ1klZaWU5SVdWHdxda2S09EzAVVeH+XyugnJnva7hXegpg+vaX6v3PXpLPX96v/vgsNzy/95fa9XN3qP560/qPrfp5rnO4/kaSmw3qq08H9ReH+t/6zf5nh+pvN64/eP9L5w/X30lyN8m9JPeTPEjyMMmjJI+P6L821P9Zw/4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Siuzk/Jjv9DO841Bvzcyf6rOz43Mn67z8xPyV0bmz9T52dVXg7VxYwJHaP/l/s9M2P/OhP0Hytna3nmxMhj03wgEAsHPoPQvE/C/dd9uvu5ube9c3thcWe+v91/OLc73ri4sLPaudeubfXf8/R44vn4d+qUnAQAAAAAAAAD+1JMkT0sPAQAATMU0/k5U+h0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOP6+BQAA///mpdN2")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r8, &(0x7f0000000140)='2', 0xfdef, 0x8000e00)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
single: successfully extracted reproducer
found reproducer with 30 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-bpf$ENABLE_STATS-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-socketpair$unix-syz_mount_image$minix-openat
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xf6, 0xf0, '\x00', 0x6})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_mount_image$minix(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00ad4da59bd78a248060eb7e05f7e56b446305d49c3e5d3120577c4e2b73c6db3384cc496525aa5a1e3f87e283e57448d56ced36ed336d8f77b350d227"], 0x1, 0x1ce, &(0x7f00000002c0)="$eJzs20tqU2EUB/B/0qjgEpwq6MQmrQrtsFDf78cGShtLMVWxDmwRrEtxZXYDHbgBr3iLSkOTXF/5KP39INwDJ4dz7uDk+yYJcHJ1klZaWU5SVdWHdxda2S09EzAVVeH+XyugnJnva7hXegpg+vaX6v3PXpLPX96v/vgsNzy/95fa9XN3qP560/qPrfp5rnO4/kaSmw3qq08H9ReH+t/6zf5nh+pvN64/eP9L5w/X30lyN8m9JPeTPEjyMMmjJI+P6L821P9Zw/4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Siuzk/Jjv9DO841Bvzcyf6rOz43Mn67z8xPyV0bmz9T52dVXg7VxYwJHaP/l/s9M2P/OhP0Hytna3nmxMhj03wgEAsHPoPQvE/C/dd9uvu5ube9c3thcWe+v91/OLc73ri4sLPaudeubfXf8/R44vn4d+qUnAQAAAAAAAAD+1JMkT0sPAQAATMU0/k5U+h0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOP6+BQAA///mpdN2")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-bpf$ENABLE_STATS-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-socketpair$unix-syz_mount_image$minix
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xf6, 0xf0, '\x00', 0x6})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_mount_image$minix(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00ad4da59bd78a248060eb7e05f7e56b446305d49c3e5d3120577c4e2b73c6db3384cc496525aa5a1e3f87e283e57448d56ced36ed336d8f77b350d227"], 0x1, 0x1ce, &(0x7f00000002c0)="$eJzs20tqU2EUB/B/0qjgEpwq6MQmrQrtsFDf78cGShtLMVWxDmwRrEtxZXYDHbgBr3iLSkOTXF/5KP39INwDJ4dz7uDk+yYJcHJ1klZaWU5SVdWHdxda2S09EzAVVeH+XyugnJnva7hXegpg+vaX6v3PXpLPX96v/vgsNzy/95fa9XN3qP560/qPrfp5rnO4/kaSmw3qq08H9ReH+t/6zf5nh+pvN64/eP9L5w/X30lyN8m9JPeTPEjyMMmjJI+P6L821P9Zw/4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Siuzk/Jjv9DO841Bvzcyf6rOz43Mn67z8xPyV0bmz9T52dVXg7VxYwJHaP/l/s9M2P/OhP0Hytna3nmxMhj03wgEAsHPoPQvE/C/dd9uvu5ube9c3thcWe+v91/OLc73ri4sLPaudeubfXf8/R44vn4d+qUnAQAAAAAAAAD+1JMkT0sPAQAATMU0/k5U+h0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOP6+BQAA///mpdN2")

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-bpf$ENABLE_STATS-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS-socketpair$unix
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xf6, 0xf0, '\x00', 0x6})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-bpf$ENABLE_STATS-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_SET_MSRS
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xf6, 0xf0, '\x00', 0x6})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-bpf$ENABLE_STATS-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xf6, 0xf0, '\x00', 0x6})

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-bpf$ENABLE_STATS-ioctl$KVM_CREATE_VCPU
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-bpf$ENABLE_STATS
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm-ioctl$KVM_CREATE_VM
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP-openat$kvm
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4-ioctl$KVM_SET_IRQCHIP
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x3, 0xf56, 0x0, [{0x0, 0xfe}, {}, {}, {0x0, 0x35, 0x0, '\x00', 0xfc}, {}, {}, {0x0, 0x0, 0x10}, {0x0, 0x0, 0x3}, {0x0, 0x5}, {}, {}, {0x40}, {}, {}, {}, {}, {0x3, 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x8}, {}, {}, {0x0, 0x1, 0x0, '\x00', 0xf}, {}, {0x4, 0x4}]}})

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci-syz_mount_image$ext4
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3d9rHFsdAPDvTLL3Nm2um6s+1IJtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xDxBEVPBFn3wR/AME6Z8gQkHfRUURbfXBh+rI7s7GNN1NUro/vNnPB07mnJnZ/Z6TYc7OmRlmAhhaFyNiKiKyLMuuREQxn5/mKXabqb7ei+ePF+spiSy787ckknxe67vezadn8o+dioivfTnim8nrcTe3d1YXKpXyRl6erq0lL7Ns5+rK2sJyebm8Pjc3e2P+5vz1+ZmutHMiIm598U8/+O7PvnTrV59++Pu7f5n6VrOBTfvb0U3Nphca/4uW0YjY6EWwAUkaLWy6PuC6AABwuPrx/ocj4hMRcSWKMdI4OgUAAABOkuxz4/EyaV7/AwAAAE6mNCLGI0lL+f2+45GmpVLzHt6Pxum0Ut2sfSor7p0vmIhCem+lUp7J7x2YiEJSL8/m99i2ytcOlOci4v2I+H5xrFEuLVYrSwM98wEAAADD48yB8f8/i83xPwAAAHDCTAy6AgAAAEDPGf8DAADAyWf8DwAAACfaV27frqes9f7rpQfbW6vVB1eXypurpbWtxdJideN+ablaXW48s2/tqO+rVKv3PxPrW4+ma+XN2vTm9s7dterWeu3uyiuvwAYAAAD66P0LT3+XRMTuZ8fSiMiSfcsKEdnI/pVH+18/oHfSN1n5j72rB9B/I4OuADAwDulheBUGXQFg4I7qBzrevPPr7tcFAADojcmP7V3/b6S6d/JlyUBrBvRafv0/sa/D8HH9H4aX638wvAqHHQEYFMCJlx5jV3/76/9Z9kaVAgAAum68kZK0lI8DxiNNS6WI9xqvBSgk91Yq5ZmI+FBE/LZYeLdenm18MnF6AAAAAAAAAAAAAAAAAAAAAAAAAACOKcuSyDoY21sHAAAA+CCLSP+c5O//mixeHj94fuCd5F/FxjQiHv74zg8fLdRqG7P1+X/fm1/7UT7/Wr/PXgAAAADttMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTi+ePF1upn3H/+oWImGgXfzRONaanohARp/+RxOi+zyURMdKF+LtPIuJsu/hJvVoxkdfiYPw0IsYGHP9MF+LDMHta738+327/S+NiY9p+/xvN09vq3P+le/3fSIf+7712X5i+Puvcs19Md4z/JOLcaPv+pxU/6RD/0jHb+I2v7+x0Wpb9NGKy7e9P8kqs6WT0/vTm9s7VlbWF5fJyeX1ubvbG/M356/Mz0/dWKuX8b9sY3/v4L/9zWPtPd4g/cUT7Lx+z/f9+9uj5R5rZwoFFhfhJlk1dar/9z3aI3/rt+2S+uevlyVZ+t5nf7/zPf3P+wiHtX+rQ/qO2/9Qx23/lq9/5wzFXBQD6YHN7Z3WhUilvyMj0LDMWfQy6EIet0zqI7UN9vp2H+r/YBG+cGWCnBAAA9MT/DvoHXRMAAAAAAAAAAAAAAAAAAAAYXkc9Biy68DixgzF3B9NUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBD/TcAAP//AU3LQQ==")

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci-write$bt_hci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x1009, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x400, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x64)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-nanosleep
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-socket$nl_generic-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-syz_init_net_socket$bt_hci-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-ioctl$HCIINQUIRY-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1e321f45b1d4323513a54b6463c2d4449dde040051509ff6583e72f6fe29b9d2b294ac32366e36569925ab7a575c5391845bee227a2786"], 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x1e)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000880)=ANY=[@ANYBLOB], 0x1e)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_80211_inject_frame
program crashed: UBSAN: array-index-out-of-bounds in ieee80211_rx_mgmt_beacon
reproducing took 1h22m15.093381649s
repro crashed as (corrupted=false):
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in net/mac80211/mlme.c:7224:41
index 4 is out of range for type 'u8[0]' (aka 'unsigned char[0]')
CPU: 0 UID: 0 PID: 1097 Comm: kworker/u4:9 Not tainted 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
 ieee80211_rx_mgmt_beacon+0x21fd/0x2c10 net/mac80211/mlme.c:7224
 ieee80211_iface_process_skb net/mac80211/iface.c:1630 [inline]
 ieee80211_iface_work+0x49c/0xfe0 net/mac80211/iface.c:1722
 cfg80211_wiphy_work+0x2df/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 0 UID: 0 PID: 1097 Comm: kworker/u4:9 Not tainted 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x99/0x250 lib/dump_stack.c:120
 panic+0x2db/0x790 kernel/panic.c:382
 check_panic_on_warn+0x89/0xb0 kernel/panic.c:273
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
 ieee80211_rx_mgmt_beacon+0x21fd/0x2c10 net/mac80211/mlme.c:7224
 ieee80211_iface_process_skb net/mac80211/iface.c:1630 [inline]
 ieee80211_iface_work+0x49c/0xfe0 net/mac80211/iface.c:1722
 cfg80211_wiphy_work+0x2df/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

final repro crashed as (corrupted=false):
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in net/mac80211/mlme.c:7224:41
index 4 is out of range for type 'u8[0]' (aka 'unsigned char[0]')
CPU: 0 UID: 0 PID: 1097 Comm: kworker/u4:9 Not tainted 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
 ieee80211_rx_mgmt_beacon+0x21fd/0x2c10 net/mac80211/mlme.c:7224
 ieee80211_iface_process_skb net/mac80211/iface.c:1630 [inline]
 ieee80211_iface_work+0x49c/0xfe0 net/mac80211/iface.c:1722
 cfg80211_wiphy_work+0x2df/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 0 UID: 0 PID: 1097 Comm: kworker/u4:9 Not tainted 6.16.0-rc1-syzkaller-00182-g18531f4d1c8c #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x99/0x250 lib/dump_stack.c:120
 panic+0x2db/0x790 kernel/panic.c:382
 check_panic_on_warn+0x89/0xb0 kernel/panic.c:273
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
 ieee80211_rx_mgmt_beacon+0x21fd/0x2c10 net/mac80211/mlme.c:7224
 ieee80211_iface_process_skb net/mac80211/iface.c:1630 [inline]
 ieee80211_iface_work+0x49c/0xfe0 net/mac80211/iface.c:1722
 cfg80211_wiphy_work+0x2df/0x460 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..