Extracting prog: 2m9.744523582s
Minimizing prog: 13m24.793382045s
Simplifying prog options: 0s
Extracting C: 30.439664348s
Simplifying C: 17m19.96055531s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program crashed: WARNING in __cfg80211_bss_update
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, 0x0, 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, 0x0, 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(0x0, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program did not crash
testing program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=48.619826673s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
simplifying C reproducer
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program did not crash
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program did not crash
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing compiled C program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
program crashed: WARNING in __cfg80211_bss_update
testing program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program crashed: WARNING in __cfg80211_bss_update
validation run: crashed=true
testing program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program crashed: WARNING in __cfg80211_bss_update
validation run: crashed=true
testing program (duration=48.619826673s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_80211_inject_frame-syz_80211_inject_frame-syz_80211_inject_frame
detailed listing:
executing program 0:
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000640000000006"], 0x4e7)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000d40)=ANY=[@ANYBLOB="500000000802110000010802110000005050505050500000000000000000000064000000000601"], 0x4e7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=@mgmt_frame=@beacon={{{}, {}, @broadcast}, 0x0, @default, 0x245, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @void, @void, @val={0x3c, 0x4}, @void, @val={0x72, 0x6}, @void, @void}, 0x40)

program crashed: WARNING in __cfg80211_bss_update
validation run: crashed=true
reproducing took 37m27.376381367s
repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: net/wireless/scan.c:1788 at cfg80211_combine_bsses net/wireless/scan.c:1788 [inline], CPU#0: ksoftirqd/0/15
WARNING: net/wireless/scan.c:1788 at __cfg80211_bss_update+0x1ca9/0x2380 net/wireless/scan.c:2035, CPU#0: ksoftirqd/0/15
Modules linked in:
CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:cfg80211_combine_bsses net/wireless/scan.c:1788 [inline]
RIP: 0010:__cfg80211_bss_update+0x1ca9/0x2380 net/wireless/scan.c:2035
Code: 00 00 00 48 85 db 0f 85 0c fe ff ff e9 4a fe ff ff e8 0b b5 f6 f6 48 8d 7b 98 e8 d2 64 ff ff e9 a8 fe ff ff e8 f8 b4 f6 f6 90 <0f> 0b 90 48 8b 7c 24 40 e8 8a b2 ec f9 31 ff 89 c6 88 44 24 60 e8
RSP: 0018:ffffc900001471d8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff8ac828be
RDX: ffff88801d6e4980 RSI: ffffffff8ac83178 RDI: 0000000000000005
RBP: ffff88807bae4468 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000030000 R12: ffff888031470190
R13: ffff88807bae4400 R14: ffff888025f8fc00 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881248f5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00774a000 CR3: 000000007abee000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 cfg80211_inform_single_bss_data+0x7b9/0x1d30 net/wireless/scan.c:2369
 cfg80211_inform_bss_data+0x22b/0x3be0 net/wireless/scan.c:3228
 cfg80211_inform_bss_frame_data+0x26f/0x720 net/wireless/scan.c:3319
 ieee80211_bss_info_update+0x310/0xab0 net/mac80211/scan.c:230
 ieee80211_scan_rx+0x4cf/0xb30 net/mac80211/scan.c:359
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5282 [inline]
 ieee80211_rx_list+0x1c40/0x2ed0 net/mac80211/rx.c:5539
 ieee80211_rx_napi+0xdc/0x410 net/mac80211/rx.c:5562
 ieee80211_rx include/net/mac80211.h:5216 [inline]
 ieee80211_handle_queued_frames+0xcf/0x130 net/mac80211/main.c:452
 tasklet_action_common+0x254/0x3f0 kernel/softirq.c:925
 handle_softirqs+0x219/0x950 kernel/softirq.c:622
 run_ksoftirqd kernel/softirq.c:1063 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:1055
 smpboot_thread_fn+0x3f7/0xae0 kernel/smpboot.c:160
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: net/wireless/scan.c:1788 at cfg80211_combine_bsses net/wireless/scan.c:1788 [inline], CPU#0: ksoftirqd/0/15
WARNING: net/wireless/scan.c:1788 at __cfg80211_bss_update+0x1ca9/0x2380 net/wireless/scan.c:2035, CPU#0: ksoftirqd/0/15
Modules linked in:
CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:cfg80211_combine_bsses net/wireless/scan.c:1788 [inline]
RIP: 0010:__cfg80211_bss_update+0x1ca9/0x2380 net/wireless/scan.c:2035
Code: 00 00 00 48 85 db 0f 85 0c fe ff ff e9 4a fe ff ff e8 0b b5 f6 f6 48 8d 7b 98 e8 d2 64 ff ff e9 a8 fe ff ff e8 f8 b4 f6 f6 90 <0f> 0b 90 48 8b 7c 24 40 e8 8a b2 ec f9 31 ff 89 c6 88 44 24 60 e8
RSP: 0018:ffffc900001471d8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff8ac828be
RDX: ffff88801d6e4980 RSI: ffffffff8ac83178 RDI: 0000000000000005
RBP: ffff88807bae4468 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000030000 R12: ffff888031470190
R13: ffff88807bae4400 R14: ffff888025f8fc00 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881248f5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00774a000 CR3: 000000007abee000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 cfg80211_inform_single_bss_data+0x7b9/0x1d30 net/wireless/scan.c:2369
 cfg80211_inform_bss_data+0x22b/0x3be0 net/wireless/scan.c:3228
 cfg80211_inform_bss_frame_data+0x26f/0x720 net/wireless/scan.c:3319
 ieee80211_bss_info_update+0x310/0xab0 net/mac80211/scan.c:230
 ieee80211_scan_rx+0x4cf/0xb30 net/mac80211/scan.c:359
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5282 [inline]
 ieee80211_rx_list+0x1c40/0x2ed0 net/mac80211/rx.c:5539
 ieee80211_rx_napi+0xdc/0x410 net/mac80211/rx.c:5562
 ieee80211_rx include/net/mac80211.h:5216 [inline]
 ieee80211_handle_queued_frames+0xcf/0x130 net/mac80211/main.c:452
 tasklet_action_common+0x254/0x3f0 kernel/softirq.c:925
 handle_softirqs+0x219/0x950 kernel/softirq.c:622
 run_ksoftirqd kernel/softirq.c:1063 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:1055
 smpboot_thread_fn+0x3f7/0xae0 kernel/smpboot.c:160
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>