./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor705989057

<...>
Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts.
execve("./syz-executor705989057", ["./syz-executor705989057"], 0x7ffcffc4f910 /* 10 vars */) = 0
brk(NULL)                               = 0x55557a0da000
brk(0x55557a0dad00)                     = 0x55557a0dad00
arch_prctl(ARCH_SET_FS, 0x55557a0da380) = 0
set_tid_address(0x55557a0da650)         = 5092
set_robust_list(0x55557a0da660, 24)     = 0
rseq(0x55557a0daca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor705989057", 4096) = 27
getrandom("\xf0\xec\xee\xa5\x22\xfa\xf4\x00", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557a0dad00
brk(0x55557a0fbd00)                     = 0x55557a0fbd00
brk(0x55557a0fc000)                     = 0x55557a0fc000
mprotect(0x7f89d249f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a0da650) = 5093
./strace-static-x86_64: Process 5093 attached
[pid  5093] set_robust_list(0x55557a0da660, 24) = 0
[pid  5093] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5093] setsid()                    = 1
[pid  5093] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5093] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5093] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5093] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5093] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5093] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5093] unshare(CLONE_NEWNS)        = 0
[pid  5093] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5093] unshare(CLONE_NEWIPC)       = 0
[pid  5093] unshare(CLONE_NEWCGROUP)    = 0
[pid  5093] unshare(CLONE_NEWUTS)       = 0
[pid  5093] unshare(CLONE_SYSVSEM)      = 0
[pid  5093] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "16777216", 8)     = 8
[pid  5093] close(3)                    = 0
[pid  5093] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "536870912", 9)    = 9
[pid  5093] close(3)                    = 0
[pid  5093] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "1024", 4)         = 4
[pid  5093] close(3)                    = 0
[pid  5093] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "8192", 4)         = 4
[pid  5093] close(3)                    = 0
[pid  5093] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "1024", 4)         = 4
[pid  5093] close(3)                    = 0
[pid  5093] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "1024", 4)         = 4
[pid  5093] close(3)                    = 0
[pid  5093] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5093] close(3)                    = 0
[pid  5093] getpid()                    = 1
[pid  5093] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5093] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5093] unshare(CLONE_NEWNET)       = 0
[pid  5093] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "0 65535", 7)      = 7
[pid  5093] close(3)                    = 0
[pid  5093] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5093] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5093] close(3)                    = 0
[pid  5093] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5093] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5093] recvfrom(3, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid  5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5093] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5093] recvfrom(3, [{nlmsg_len=2516, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x4a\x01\x00\x00\x00\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2516
[pid  5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5093] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5093] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5093] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5093] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5093] close(4)                    = 0
[pid  5093] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5093] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5093] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5093] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5093] close(4)                    = 0
[pid  5093] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5093] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5093] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5093] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5093] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5093] close(4)                    = 0
[pid  5093] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5093] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5093] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5093] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5093] close(4)                    = 0
[   59.402284][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.410601][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid  5093] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5093] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5093] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5093] close(4)                    = 0
[pid  5093] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5093] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5093] recvfrom(4, [{nlmsg_len=1460, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1460
[pid  5093] close(4)                    = 0
[pid  5093] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5093] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5093] close(4)                    = 0
[pid  5093] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5093] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5093] recvfrom(4, [{nlmsg_len=1460, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1460
[pid  5093] close(4)                    = 0
[pid  5093] close(3)                    = 0
[pid  5093] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "100000", 6)       = 6
[pid  5093] close(3)                    = 0
[pid  5093] mkdir("./syz-tmp", 0777)    = 0
[pid  5093] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5093] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5093] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5093] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5093] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5093] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5093] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5093] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5093] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5093] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5093] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5093] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5093] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[   59.456234][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.464187][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid  5093] chdir("/")                  = 0
[pid  5093] umount2("./pivot", MNT_DETACH) = 0
[pid  5093] chroot("./newroot")         = 0
[pid  5093] chdir("/")                  = 0
[pid  5093] mkdir("/dev/binderfs", 0777) = 0
[pid  5093] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5093] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5093] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached
 <unfinished ...>
[pid  5096] set_robust_list(0x55557a0da660, 24 <unfinished ...>
[pid  5093] <... clone resumed>, child_tidptr=0x55557a0da650) = 2
[pid  5096] <... set_robust_list resumed>) = 0
[pid  5096] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program
) = 0
[pid  5096] setpgid(0, 0)               = 0
[pid  5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5096] write(3, "1000", 4)         = 4
[pid  5096] close(3)                    = 0
[pid  5096] write(1, "executing program\n", 18) = 18
[pid  5096] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5096] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  5096] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5096] recvfrom(4, [{nlmsg_len=2516, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=2}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x4a\x01\x00\x00\x00\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2516
[pid  5096] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=2}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5096] close(4)                    = 0
[pid  5096] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5096] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36
[pid  5096] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x02\x02\x02\x02\x02\x02\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid  5096] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  5096] sendto(4, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5096] recvfrom(4, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-913337683}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid  5096] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-913337683}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5096] sendto(4, [{nlmsg_len=20, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x01\x00\x00\x00"], 20, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 20
[pid  5096] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-913337683}, {error=0, msg={nlmsg_len=20, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5096] sendto(4, [{nlmsg_len=100, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00\x08\x00\x06\x00\x00\x00\x00\x00\x0a\x00\x01\x00\x08\x02\x11\x00\x00\x01\x00\x00\x33\x00\x03\x00\x50\x00\x00\x00\x08\x02\x11\x00\x00\x01\x08\x02\x11\x00\x00\x00\x08\x02\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x64\x00\x01\x00\x00\x06\x02\x02\x02\x02\x02\x02\x01\x01\x02\x00"], 100, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 100
[pid  5096] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-913337683}, {error=0, msg={nlmsg_len=100, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5096] close(4)                    = 0
[pid  5096] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long)
[pid  5096] setsockopt(-1, SOL_IPV6, IPV6_RTHDR, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = -1 EBADF (Bad file descriptor)
[pid  5096] socket(AF_QIPCRTR, SOCK_DGRAM, 0) = 4
[pid  5096] ioctl(4, SIOCSIFHWADDR, {ifr_name="wlan1", ifr_hwaddr={sa_family=ARPHRD_ETHER, sa_data=00:00:00:00:00:00}}) = -1 EADDRNOTAVAIL (Cannot assign requested address)
[pid  5096] ioctl(-1, IMGETDEVINFO, 0)  = -1 EBADF (Bad file descriptor)
[pid  5096] close(3)                    = 0
[pid  5096] close(4)                    = 0
[   59.583028][ T5096] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   59.605205][  T784] wlan1: No basic rates, using min rate instead
[   59.615731][  T784] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   59.624885][  T784] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[pid  5096] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5096] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5096] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5096] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5096] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5096] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5096] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5096] exit_group(0)               = ?
[pid  5096] +++ exited with 0 +++
[pid  5093] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5093] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5093] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached
, child_tidptr=0x55557a0da650) = 3
[pid  5097] set_robust_list(0x55557a0da660, 24) = 0
[pid  5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5097] setpgid(0, 0)               = 0
[pid  5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "1000", 4)         = 4
[pid  5097] close(3)                    = 0
[pid  5097] write(1, "executing program\n", 18executing program
) = 18
[pid  5097] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5097] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  5097] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5097] recvfrom(4, [{nlmsg_len=2516, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x4a\x01\x00\x00\x00\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2516
[pid  5097] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5097] close(4)                    = 0
[pid  5097] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5097] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36
[pid  5097] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x02\x02\x02\x02\x02\x02\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid  5097] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  5097] sendto(4, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5097] recvfrom(4, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-924071591}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[   59.743183][   T11] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[pid  5097] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-924071591}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5097] sendto(4, [{nlmsg_len=20, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x01\x00\x00\x00"], 20, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 20
[pid  5097] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-924071591}, {error=0, msg={nlmsg_len=20, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5097] sendto(4, [{nlmsg_len=100, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00\x08\x00\x06\x00\x00\x00\x00\x00\x0a\x00\x01\x00\x08\x02\x11\x00\x00\x01\x00\x00\x33\x00\x03\x00\x50\x00\x00\x00\x08\x02\x11\x00\x00\x01\x08\x02\x11\x00\x00\x00\x08\x02\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x64\x00\x01\x00\x00\x06\x02\x02\x02\x02\x02\x02\x01\x01\x02\x00"], 100, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 100
[pid  5097] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-924071591}, {error=0, msg={nlmsg_len=100, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5097] close(4)                    = 0
[pid  5097] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long)
[pid  5097] setsockopt(-1, SOL_IPV6, IPV6_RTHDR, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = -1 EBADF (Bad file descriptor)
[pid  5097] socket(AF_QIPCRTR, SOCK_DGRAM, 0) = 4
[pid  5097] ioctl(4, SIOCSIFHWADDR, {ifr_name="wlan1", ifr_hwaddr={sa_family=ARPHRD_ETHER, sa_data=00:00:00:00:00:00}}) = -1 EADDRNOTAVAIL (Cannot assign requested address)
[pid  5097] ioctl(-1, IMGETDEVINFO, 0)  = -1 EBADF (Bad file descriptor)
[pid  5097] close(3)                    = 0
[pid  5097] close(4)                    = 0
[pid  5097] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5097] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5097] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5097] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5097] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5097] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(14)                   = -1 EBADF (Bad file descriptor)
[   59.820423][ T5097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[pid  5097] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(27)                   = -1 EBADF (Bad file descriptor)
[   59.862865][   T11] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[pid  5097] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5097] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5097] exit_group(0)               = ?
[pid  5097] +++ exited with 0 +++
[pid  5093] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
[pid  5093] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5093] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached
, child_tidptr=0x55557a0da650) = 4
[pid  5098] set_robust_list(0x55557a0da660, 24) = 0
[pid  5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5098] setpgid(0, 0)               = 0
[pid  5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5098] write(3, "1000", 4)         = 4
[pid  5098] close(3)                    = 0
[pid  5098] write(1, "executing program\n", 18executing program
) = 18
[pid  5098] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5098] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  5098] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5098] recvfrom(4, [{nlmsg_len=2516, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=4}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x4a\x01\x00\x00\x00\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2516
[pid  5098] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5098] close(4)                    = 0
[   59.972879][   T11] wlan1: authentication with 08:02:11:00:00:00 timed out
[   59.980679][   T11] ==================================================================
[   59.988758][   T11] BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x1fd0
[   59.996395][   T11] Read of size 8 at addr ffff8880772a2808 by task kworker/u8:0/11
[   60.004184][   T11] 
[   60.006504][   T11] CPU: 1 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0
[   60.016545][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   60.026619][   T11] Workqueue: events_unbound cfg80211_wiphy_work
[   60.032875][   T11] Call Trace:
[   60.036149][   T11]  <TASK>
[   60.039067][   T11]  dump_stack_lvl+0x241/0x360
[   60.043734][   T11]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.048938][   T11]  ? __pfx__printk+0x10/0x10
[   60.053535][   T11]  ? _printk+0xd5/0x120
[   60.057690][   T11]  ? __virt_addr_valid+0x183/0x520
[   60.062800][   T11]  ? __virt_addr_valid+0x183/0x520
[   60.067907][   T11]  print_report+0x169/0x550
[   60.072405][   T11]  ? __virt_addr_valid+0x183/0x520
[   60.077504][   T11]  ? __virt_addr_valid+0x183/0x520
[   60.082603][   T11]  ? __virt_addr_valid+0x44e/0x520
[   60.087703][   T11]  ? __phys_addr+0xba/0x170
[   60.092194][   T11]  ? __lock_acquire+0x78/0x1fd0
[   60.097031][   T11]  kasan_report+0x143/0x180
[   60.101524][   T11]  ? __lock_acquire+0x78/0x1fd0
[   60.106361][   T11]  __lock_acquire+0x78/0x1fd0
[   60.111038][   T11]  ? mark_lock+0x9a/0x350
[   60.115353][   T11]  ? __lock_acquire+0x1346/0x1fd0
[   60.120361][   T11]  lock_acquire+0x1ed/0x550
[   60.124850][   T11]  ? lockref_get+0x15/0x60
[   60.129264][   T11]  ? __pfx_lock_acquire+0x10/0x10
[   60.134278][   T11]  ? simple_pin_fs+0x91/0x160
[   60.138939][   T11]  ? do_raw_spin_lock+0x14f/0x370
[   60.143951][   T11]  ? __pfx_lock_release+0x10/0x10
[   60.148959][   T11]  _raw_spin_lock+0x2e/0x40
[   60.153451][   T11]  ? lockref_get+0x15/0x60
[   60.157854][   T11]  lockref_get+0x15/0x60
[   60.162082][   T11]  simple_recursive_removal+0x35/0x8e0
[   60.167523][   T11]  ? mntput+0x65/0xc0
[   60.171491][   T11]  ? __pfx_remove_one+0x10/0x10
[   60.176338][   T11]  debugfs_remove+0x49/0x70
[   60.180830][   T11]  ieee80211_sta_debugfs_remove+0x40/0x60
[   60.186540][   T11]  __sta_info_destroy_part2+0x35e/0x450
[   60.192078][   T11]  sta_info_destroy_addr+0xf4/0x140
[   60.197286][   T11]  ieee80211_destroy_auth_data+0x139/0x270
[   60.203075][   T11]  ieee80211_sta_work+0x1256/0x3850
[   60.208261][   T11]  ? mark_lock+0x9a/0x350
[   60.212577][   T11]  ? __pfx_ieee80211_sta_work+0x10/0x10
[   60.218103][   T11]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.224415][   T11]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   60.230296][   T11]  ? lockdep_hardirqs_on+0x99/0x150
[   60.235477][   T11]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   60.241373][   T11]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   60.247707][   T11]  ? skb_dequeue+0x113/0x150
[   60.252291][   T11]  ? ieee80211_iface_work+0xc0d/0xf20
[   60.257653][   T11]  ? ieee80211_iface_work+0xe29/0xf20
[   60.263010][   T11]  ? rcu_is_watching+0x15/0xb0
[   60.267761][   T11]  cfg80211_wiphy_work+0x2db/0x490
[   60.272864][   T11]  ? process_scheduled_works+0x945/0x1830
[   60.278566][   T11]  process_scheduled_works+0xa2c/0x1830
[   60.284104][   T11]  ? __pfx_process_scheduled_works+0x10/0x10
[   60.290157][   T11]  ? assign_work+0x364/0x3d0
[   60.294731][   T11]  worker_thread+0x86d/0xd50
[   60.299335][   T11]  ? __kthread_parkme+0x169/0x1d0
[   60.306704][   T11]  ? __pfx_worker_thread+0x10/0x10
[   60.311807][   T11]  kthread+0x2f0/0x390
[   60.315868][   T11]  ? __pfx_worker_thread+0x10/0x10
[   60.320969][   T11]  ? __pfx_kthread+0x10/0x10
[   60.325550][   T11]  ret_from_fork+0x4b/0x80
[   60.329961][   T11]  ? __pfx_kthread+0x10/0x10
[   60.334545][   T11]  ret_from_fork_asm+0x1a/0x30
[   60.339304][   T11]  </TASK>
[   60.342306][   T11] 
[   60.344610][   T11] Allocated by task 784:
[   60.348828][   T11]  kasan_save_track+0x3f/0x80
[   60.353493][   T11]  __kasan_slab_alloc+0x66/0x80
[   60.358327][   T11]  kmem_cache_alloc_lru_noprof+0x139/0x2b0
[   60.364117][   T11]  __d_alloc+0x31/0x700
[   60.368256][   T11]  d_alloc_parallel+0xdf/0x1600
[   60.373093][   T11]  __lookup_slow+0x117/0x3f0
[   60.377669][   T11]  lookup_one_len+0x18b/0x2d0
[   60.382331][   T11]  start_creating+0x187/0x310
[   60.386994][   T11]  debugfs_create_dir+0x25/0x430
[   60.391916][   T11]  ieee80211_sta_debugfs_add+0x132/0x820
[   60.397535][   T11]  sta_info_insert_rcu+0xecf/0x1900
[   60.402721][   T11]  sta_info_insert+0x16/0xc0
[   60.407323][   T11]  ieee80211_prep_connection+0xecd/0x12d0
[   60.413024][   T11]  ieee80211_mgd_auth+0xd42/0x14c0
[   60.418118][   T11]  cfg80211_mlme_auth+0x59f/0x980
[   60.423125][   T11]  cfg80211_conn_do_work+0x5ed/0xe60
[   60.428391][   T11]  cfg80211_conn_work+0x27c/0x4d0
[   60.433398][   T11]  process_scheduled_works+0xa2c/0x1830
[   60.438923][   T11]  worker_thread+0x86d/0xd50
[   60.443500][   T11]  kthread+0x2f0/0x390
[   60.447550][   T11]  ret_from_fork+0x4b/0x80
[   60.451953][   T11]  ret_from_fork_asm+0x1a/0x30
[   60.456703][   T11] 
[   60.459008][   T11] Freed by task 0:
[   60.462705][   T11]  kasan_save_track+0x3f/0x80
[   60.467372][   T11]  kasan_save_free_info+0x40/0x50
[   60.472392][   T11]  poison_slab_object+0xe0/0x150
[   60.477316][   T11]  __kasan_slab_free+0x37/0x60
[   60.482066][   T11]  kmem_cache_free+0x145/0x350
[   60.486815][   T11]  rcu_core+0xafd/0x1830
[   60.491040][   T11]  handle_softirqs+0x2c4/0x970
[   60.495783][   T11]  __irq_exit_rcu+0xf4/0x1c0
[   60.500352][   T11]  irq_exit_rcu+0x9/0x30
[   60.504573][   T11]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   60.510194][   T11]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   60.516157][   T11] 
[   60.518460][   T11] Last potentially related work creation:
[   60.524150][   T11]  kasan_save_stack+0x3f/0x60
[   60.528810][   T11]  __kasan_record_aux_stack+0xac/0xc0
[   60.534162][   T11]  call_rcu+0x167/0xa70
[   60.538305][   T11]  __dentry_kill+0x497/0x630
[   60.542873][   T11]  dput+0x19f/0x2b0
[   60.546660][   T11]  simple_recursive_removal+0x2bd/0x8e0
[   60.552186][   T11]  debugfs_remove+0x49/0x70
[   60.556671][   T11]  ieee80211_debugfs_recreate_netdev+0xc4/0x1400
[   60.562983][   T11]  drv_remove_interface+0x1e1/0x590
[   60.568163][   T11]  ieee80211_change_mac+0xaf5/0x11e0
[   60.573431][   T11]  dev_set_mac_address+0x327/0x510
[   60.578524][   T11]  dev_set_mac_address_user+0x31/0x50
[   60.583878][   T11]  dev_ifsioc+0xbd9/0xe70
[   60.588199][   T11]  dev_ioctl+0x719/0x1340
[   60.592511][   T11]  sock_do_ioctl+0x240/0x460
[   60.597102][   T11]  sock_ioctl+0x629/0x8e0
[   60.601412][   T11]  __se_sys_ioctl+0xfc/0x170
[   60.605984][   T11]  do_syscall_64+0xf3/0x230
[   60.610471][   T11]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.616349][   T11] 
[   60.618653][   T11] The buggy address belongs to the object at ffff8880772a2758
[   60.618653][   T11]  which belongs to the cache dentry of size 312
[   60.632249][   T11] The buggy address is located 176 bytes inside of
[   60.632249][   T11]  freed 312-byte region [ffff8880772a2758, ffff8880772a2890)
[   60.646026][   T11] 
[   60.648332][   T11] The buggy address belongs to the physical page:
[   60.654730][   T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x772a2
[   60.663477][   T11] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   60.671954][   T11] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   60.679921][   T11] page_type: 0xffffefff(slab)
[   60.684580][   T11] raw: 00fff00000000040 ffff888015ef98c0 0000000000000000 dead000000000001
[   60.693145][   T11] raw: 0000000000000000 0000000000150015 00000001ffffefff 0000000000000000
[   60.701718][   T11] head: 00fff00000000040 ffff888015ef98c0 0000000000000000 dead000000000001
[   60.710371][   T11] head: 0000000000000000 0000000000150015 00000001ffffefff 0000000000000000
[   60.719048][   T11] head: 00fff00000000001 ffffea0001dca881 ffffffffffffffff 0000000000000000
[   60.727698][   T11] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   60.736347][   T11] page dumped because: kasan: bad access detected
[   60.742755][   T11] page_owner tracks the page as allocated
[   60.748448][   T11] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 4550, tgid 4550 (udevd), ts 30929678673, free_ts 15644256360
[   60.770918][   T11]  post_alloc_hook+0x1f3/0x230
[   60.775670][   T11]  get_page_from_freelist+0x2e4c/0x2f10
[   60.781198][   T11]  __alloc_pages_noprof+0x256/0x6c0
[   60.786381][   T11]  alloc_slab_page+0x5f/0x120
[   60.791040][   T11]  allocate_slab+0x5a/0x2f0
[   60.795611][   T11]  ___slab_alloc+0xcd1/0x14b0
[   60.800267][   T11]  __slab_alloc+0x58/0xa0
[   60.804578][   T11]  kmem_cache_alloc_lru_noprof+0x1c5/0x2b0
[   60.810363][   T11]  __d_alloc+0x31/0x700
[   60.814499][   T11]  d_alloc_parallel+0xdf/0x1600
[   60.819333][   T11]  __lookup_slow+0x117/0x3f0
[   60.823907][   T11]  lookup_slow+0x53/0x70
[   60.828132][   T11]  walk_component+0x2e1/0x410
[   60.832898][   T11]  path_lookupat+0x16f/0x450
[   60.837467][   T11]  filename_lookup+0x256/0x610
[   60.842211][   T11]  vfs_statx+0x105/0x4e0
[   60.846433][   T11] page last free pid 1 tgid 1 stack trace:
[   60.852215][   T11]  free_unref_page+0xd22/0xea0
[   60.856964][   T11]  free_contig_range+0x9e/0x160
[   60.861798][   T11]  destroy_args+0x8a/0x890
[   60.866205][   T11]  debug_vm_pgtable+0x4be/0x550
[   60.871038][   T11]  do_one_initcall+0x248/0x880
[   60.875784][   T11]  do_initcall_level+0x157/0x210
[   60.880789][   T11]  do_initcalls+0x3f/0x80
[   60.885114][   T11]  kernel_init_freeable+0x435/0x5d0
[   60.890299][   T11]  kernel_init+0x1d/0x2b0
[   60.894611][   T11]  ret_from_fork+0x4b/0x80
[   60.899013][   T11]  ret_from_fork_asm+0x1a/0x30
[   60.903781][   T11] 
[   60.906086][   T11] Memory state around the buggy address:
[   60.911701][   T11]  ffff8880772a2700: 00 00 00 fc fc fc fc fc fc fc fc fa fb fb fb fb
[   60.919741][   T11]  ffff8880772a2780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.927780][   T11] >ffff8880772a2800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.935857][   T11]                       ^
[   60.940176][   T11]  ffff8880772a2880: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[   60.948216][   T11]  ffff8880772a2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.956253][   T11] ==================================================================
[   60.964290][   T11] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   60.971460][   T11] CPU: 1 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0
[   60.981500][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   60.991556][   T11] Workqueue: events_unbound cfg80211_wiphy_work
[   60.997792][   T11] Call Trace:
[   61.001056][   T11]  <TASK>
[   61.003971][   T11]  dump_stack_lvl+0x241/0x360
[   61.008634][   T11]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.013815][   T11]  ? __pfx__printk+0x10/0x10
[   61.018391][   T11]  ? rcu_is_watching+0x15/0xb0
[   61.023141][   T11]  ? lock_release+0xbf/0x9f0
[   61.027715][   T11]  ? vscnprintf+0x5d/0x90
[   61.032030][   T11]  panic+0x349/0x860
[   61.035908][   T11]  ? check_panic_on_warn+0x21/0xb0
[   61.041004][   T11]  ? __pfx_panic+0x10/0x10
[   61.045400][   T11]  ? do_raw_spin_unlock+0x13c/0x8b0
[   61.050587][   T11]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   61.056467][   T11]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   61.062781][   T11]  ? print_report+0x502/0x550
[   61.067449][   T11]  check_panic_on_warn+0x86/0xb0
[   61.072397][   T11]  ? __lock_acquire+0x78/0x1fd0
[   61.077257][   T11]  end_report+0x77/0x160
[   61.081499][   T11]  kasan_report+0x154/0x180
[   61.085997][   T11]  ? __lock_acquire+0x78/0x1fd0
[   61.090837][   T11]  __lock_acquire+0x78/0x1fd0
[   61.095498][   T11]  ? mark_lock+0x9a/0x350
[   61.099812][   T11]  ? __lock_acquire+0x1346/0x1fd0
[   61.104820][   T11]  lock_acquire+0x1ed/0x550
[   61.109307][   T11]  ? lockref_get+0x15/0x60
[   61.113711][   T11]  ? __pfx_lock_acquire+0x10/0x10
[   61.118722][   T11]  ? simple_pin_fs+0x91/0x160
[   61.123383][   T11]  ? do_raw_spin_lock+0x14f/0x370
[   61.128398][   T11]  ? __pfx_lock_release+0x10/0x10
[   61.133411][   T11]  _raw_spin_lock+0x2e/0x40
[   61.137913][   T11]  ? lockref_get+0x15/0x60
[   61.142314][   T11]  lockref_get+0x15/0x60
[   61.146541][   T11]  simple_recursive_removal+0x35/0x8e0
[   61.151985][   T11]  ? mntput+0x65/0xc0
[   61.155951][   T11]  ? __pfx_remove_one+0x10/0x10
[   61.160788][   T11]  debugfs_remove+0x49/0x70
[   61.165276][   T11]  ieee80211_sta_debugfs_remove+0x40/0x60
[   61.171157][   T11]  __sta_info_destroy_part2+0x35e/0x450
[   61.176691][   T11]  sta_info_destroy_addr+0xf4/0x140
[   61.181875][   T11]  ieee80211_destroy_auth_data+0x139/0x270
[   61.187670][   T11]  ieee80211_sta_work+0x1256/0x3850
[   61.192867][   T11]  ? mark_lock+0x9a/0x350
[   61.197186][   T11]  ? __pfx_ieee80211_sta_work+0x10/0x10
[   61.202716][   T11]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.209035][   T11]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   61.214916][   T11]  ? lockdep_hardirqs_on+0x99/0x150
[   61.220100][   T11]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   61.225980][   T11]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   61.232297][   T11]  ? skb_dequeue+0x113/0x150
[   61.236873][   T11]  ? ieee80211_iface_work+0xc0d/0xf20
[   61.242238][   T11]  ? ieee80211_iface_work+0xe29/0xf20
[   61.247596][   T11]  ? rcu_is_watching+0x15/0xb0
[   61.252350][   T11]  cfg80211_wiphy_work+0x2db/0x490
[   61.257455][   T11]  ? process_scheduled_works+0x945/0x1830
[   61.263180][   T11]  process_scheduled_works+0xa2c/0x1830
[   61.268826][   T11]  ? __pfx_process_scheduled_works+0x10/0x10
[   61.274821][   T11]  ? assign_work+0x364/0x3d0
[   61.279419][   T11]  worker_thread+0x86d/0xd50
[   61.284004][   T11]  ? __kthread_parkme+0x169/0x1d0
[   61.289016][   T11]  ? __pfx_worker_thread+0x10/0x10
[   61.294114][   T11]  kthread+0x2f0/0x390
[   61.298169][   T11]  ? __pfx_worker_thread+0x10/0x10
[   61.303303][   T11]  ? __pfx_kthread+0x10/0x10
[   61.307999][   T11]  ret_from_fork+0x4b/0x80
[   61.312402][   T11]  ? __pfx_kthread+0x10/0x10
[   61.316980][   T11]  ret_from_fork_asm+0x1a/0x30
[   61.321739][   T11]  </TASK>
[   61.324995][   T11] Kernel Offset: disabled
[   61.329308][   T11] Rebooting in 86400 seconds..