./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2685264940

<...>
Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
execve("./syz-executor2685264940", ["./syz-executor2685264940"], 0x7fff82adfa80 /* 10 vars */) = 0
brk(NULL)                               = 0x55555701d000
brk(0x55555701dc40)                     = 0x55555701dc40
arch_prctl(ARCH_SET_FS, 0x55555701d300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2685264940", 4096) = 28
brk(0x55555703ec40)                     = 0x55555703ec40
brk(0x55555703f000)                     = 0x55555703f000
mprotect(0x7f0585670000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3609 attached
, child_tidptr=0x55555701d5d0) = 3609
[pid  3609] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3609] setsid()                    = 1
[pid  3609] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3609] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3609] unshare(CLONE_NEWNS)        = 0
[pid  3609] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3609] unshare(CLONE_NEWIPC)       = 0
[pid  3609] unshare(CLONE_NEWCGROUP)    = 0
[pid  3609] unshare(CLONE_NEWUTS)       = 0
[pid  3609] unshare(CLONE_SYSVSEM)      = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "16777216", 8)     = 8
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "536870912", 9)    = 9
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "1024", 4)         = 4
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "8192", 4)         = 4
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "1024", 4)         = 4
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "1024", 4)         = 4
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3609] close(3)                    = 0
[pid  3609] getpid()                    = 1
[pid  3609] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3609] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3609] unshare(CLONE_NEWNET)       = 0
[pid  3609] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3609] write(3, "0 65535", 7)      = 7
[pid  3609] close(3)                    = 0
[pid  3609] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  3609] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  3609] close(3)                    = 0
[pid  3609] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  3609] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  3609] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x18\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  3609] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3609] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3609] recvfrom(3, [{nlmsg_len=2376, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x37\x01\x00\x00\x74\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2376
[pid  3609] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3609] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3609] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3609] access("/proc/net", R_OK)   = 0
[pid  3609] access("/proc/net/unix", R_OK) = 0
[pid  3609] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3609] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3609] close(4)                    = 0
[pid  3609] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3609] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3609] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3609] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3609] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3609] close(4)                    = 0
[pid  3609] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3609] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3609] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3609] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3609] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3609] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3609] close(4)                    = 0
[pid  3609] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3609] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3609] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3609] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3609] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3609] close(4)                    = 0
syzkaller login: [   51.841682][   T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   51.850586][   T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   51.860925][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  3609] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3609] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3609] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3609] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3609] close(4)                    = 0
[pid  3609] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3609] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3609] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3609] close(4)                    = 0
[pid  3609] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3609] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3609] close(4)                    = 0
[pid  3609] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3609] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3609] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3609] close(4)                    = 0
[pid  3609] close(3)                    = 0
[pid  3609] mkdir("/dev/binderfs", 0777) = 0
[pid  3609] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3609] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3609] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  3609] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  3609] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3609] recvfrom(4, [{nlmsg_len=2376, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x37\x01\x00\x00\x74\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2376
[pid  3609] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3609] close(4)                    = 0
[pid  3609] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[   51.889919][    T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   51.898230][    T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   51.908939][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   51.939261][ T3609] INFO: trying to register non-static key.
[   51.945103][ T3609] The code is fine but needs lockdep annotation, or maybe
[   51.952208][ T3609] you didn't initialize this object before use?
[   51.958459][ T3609] turning off the locking correctness validator.
[   51.964769][ T3609] CPU: 1 PID: 3609 Comm: syz-executor268 Not tainted 5.19.0-rc8-syzkaller #0
[   51.973545][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   51.983684][ T3609] Call Trace:
[   51.986950][ T3609]  <TASK>
[   51.989866][ T3609]  dump_stack_lvl+0x1e3/0x2cb
[   51.994633][ T3609]  ? bfq_pos_tree_add_move+0x436/0x436
[   52.000110][ T3609]  ? panic+0x76e/0x76e
[   52.004357][ T3609]  ? __is_module_percpu_address+0x3fc/0x4a0
[   52.010310][ T3609]  ? __module_address+0x2e/0x2b0
[   52.015255][ T3609]  assign_lock_key+0x22a/0x240
[   52.020367][ T3609]  ? SOFTIRQ_verbose+0x10/0x10
[   52.025139][ T3609]  ? print_irqtrace_events+0x220/0x220
[   52.030611][ T3609]  register_lock_class+0x287/0x9d0
[   52.035825][ T3609]  ? is_dynamic_key+0x1f0/0x1f0
[   52.040691][ T3609]  __lock_acquire+0xe9/0x1f80
[   52.045388][ T3609]  lock_acquire+0x1a7/0x400
[   52.049889][ T3609]  ? ieee80211_do_stop+0x115/0x1cf0
[   52.055251][ T3609]  ? read_lock_is_recursive+0x10/0x10
[   52.060623][ T3609]  ? __local_bh_disable_ip+0x183/0x210
[   52.066286][ T3609]  ? ieee80211_do_stop+0x115/0x1cf0
[   52.071499][ T3609]  ? __bpf_trace_softirq+0x10/0x10
[   52.078530][ T3609]  ? rcu_blocking_is_gp+0x70/0x70
[   52.083634][ T3609]  ? print_irqtrace_events+0x220/0x220
[   52.089106][ T3609]  ? do_raw_spin_unlock+0x134/0x8a0
[   52.094413][ T3609]  ? ieee80211_do_stop+0x115/0x1cf0
[   52.099646][ T3609]  _raw_spin_lock_bh+0x31/0x40
[   52.104468][ T3609]  ? ieee80211_do_stop+0x115/0x1cf0
[   52.109789][ T3609]  ieee80211_do_stop+0x115/0x1cf0
[   52.114838][ T3609]  ? ieee80211_sdata_stop+0x70/0x70
[   52.120048][ T3609]  ? ieee80211_get_vif_queues+0x222/0x390
[   52.125847][ T3609]  ieee80211_if_change_type+0x448/0x9f0
[   52.131494][ T3609]  ieee80211_change_iface+0x58/0x430
[   52.136789][ T3609]  cfg80211_change_iface+0x677/0xaf0
[   52.142172][ T3609]  nl80211_set_interface+0x5ed/0x870
[   52.147468][ T3609]  ? nl80211_dump_interface+0x6b0/0x6b0
[   52.153014][ T3609]  ? nl80211_pre_doit+0x469/0x510
[   52.158089][ T3609]  genl_rcv_msg+0xfbc/0x1490
[   52.162730][ T3609]  ? genl_bind+0x380/0x380
[   52.167135][ T3609]  ? local_lock_release+0x24/0x60
[   52.172165][ T3609]  ? mark_lock+0x98/0x350
[   52.176496][ T3609]  ? __lock_acquire+0x129a/0x1f80
[   52.181514][ T3609]  ? nl80211_dump_interface+0x6b0/0x6b0
[   52.187140][ T3609]  netlink_rcv_skb+0x1f0/0x460
[   52.192079][ T3609]  ? genl_bind+0x380/0x380
[   52.196491][ T3609]  ? netlink_ack+0xb40/0xb40
[   52.201219][ T3609]  ? __down_read_common+0x156/0x2a0
[   52.206427][ T3609]  genl_rcv+0x24/0x40
[   52.210431][ T3609]  netlink_unicast+0x7e7/0x9c0
[   52.215291][ T3609]  ? netlink_detachskb+0xa0/0xa0
[   52.220224][ T3609]  ? __phys_addr_symbol+0x2b/0x70
[   52.225271][ T3609]  ? 0xffffffff81000000
[   52.229420][ T3609]  ? __check_object_size+0x15a/0x210
[   52.234752][ T3609]  ? bpf_lsm_netlink_send+0x5/0x10
[   52.239893][ T3609]  netlink_sendmsg+0x9b3/0xcd0
[   52.244740][ T3609]  ? netlink_getsockopt+0x9c0/0x9c0
[   52.250107][ T3609]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   52.255468][ T3609]  ? security_socket_sendmsg+0x9d/0xb0
[   52.261008][ T3609]  ? netlink_getsockopt+0x9c0/0x9c0
[   52.266197][ T3609]  ____sys_sendmsg+0x597/0x8e0
[   52.271029][ T3609]  ? iovec_from_user+0x335/0x390
[   52.276349][ T3609]  ? __import_iovec+0x340/0x4e0
[   52.281301][ T3609]  ? __sys_sendmsg_sock+0x30/0x30
[   52.286515][ T3609]  __sys_sendmsg+0x301/0x8a0
[   52.291107][ T3609]  ? ____sys_sendmsg+0x8e0/0x8e0
[   52.296065][ T3609]  ? do_raw_spin_unlock+0x134/0x8a0
[   52.301276][ T3609]  ? do_notify_parent+0xeb0/0xeb0
[   52.306369][ T3609]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   52.312345][ T3609]  ? syscall_enter_from_user_mode+0x2e/0x1a0
[   52.318495][ T3609]  ? syscall_enter_from_user_mode+0x86/0x1a0
[   52.324471][ T3609]  do_syscall_64+0x2b/0x70
[   52.328886][ T3609]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.334813][ T3609] RIP: 0033:0x7f05855fc9e9
[   52.339224][ T3609] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   52.358930][ T3609] RSP: 002b:00007ffd7a229548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   52.367336][ T3609] RAX: ffffffffffffffda RBX: 00007f0585676380 RCX: 00007f05855fc9e9
[   52.375387][ T3609] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[   52.383350][ T3609] RBP: 0000000000000003 R08: 0000000c00000001 R09: 0000000c00000001
[pid  3609] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x22\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36
[pid  3609] exit_group(1)               = ?
[pid  3609] +++ exited with 1 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3609, si_uid=0, si_status=1, si_utime=0, si_stime=57} ---
exit_group(0)                           = ?
+++ exited with 0 +++