./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor768312304

<...>
DUID 00:04:76:8b:f6:84:a4:3b:36:39:6c:68:e7:10:38:dd:b7:2c
forked to background, child pid 4658
[   36.516702][ T4659] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.548896][ T4659] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.56' (ECDSA) to the list of known hosts.
execve("./syz-executor768312304", ["./syz-executor768312304"], 0x7fff0a532ae0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555574b000
brk(0x55555574bc40)                     = 0x55555574bc40
arch_prctl(ARCH_SET_FS, 0x55555574b300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x55555574b5d0)         = 4993
set_robust_list(0x55555574b5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f974c1fc0c0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f974c1fc790}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f974c1fc160, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f974c1fc790}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor768312304", 4096) = 27
brk(0x55555576cc40)                     = 0x55555576cc40
brk(0x55555576d000)                     = 0x55555576d000
mprotect(0x7f974c2c6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 4993
mkdir("./syzkaller.3hIa7J", 0700)       = 0
chmod("./syzkaller.3hIa7J", 0777)       = 0
chdir("./syzkaller.3hIa7J")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4994 attached
, child_tidptr=0x55555574b5d0) = 4994
[pid  4994] set_robust_list(0x55555574b5e0, 24) = 0
[pid  4994] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  4994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4994] setsid()                    = 1
[pid  4994] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  4994] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  4994] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  4994] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  4994] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  4994] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  4994] unshare(CLONE_NEWNS)        = 0
[pid  4994] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  4994] unshare(CLONE_NEWIPC)       = 0
[pid  4994] unshare(CLONE_NEWCGROUP)    = 0
[pid  4994] unshare(CLONE_NEWUTS)       = 0
[pid  4994] unshare(CLONE_SYSVSEM)      = 0
[pid  4994] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  4994] write(3, "16777216", 8)     = 8
[pid  4994] close(3)                    = 0
[pid  4994] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  4994] write(3, "536870912", 9)    = 9
[pid  4994] close(3)                    = 0
[pid  4994] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  4994] write(3, "1024", 4)         = 4
[pid  4994] close(3)                    = 0
[pid  4994] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  4994] write(3, "8192", 4)         = 4
[pid  4994] close(3)                    = 0
[pid  4994] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  4994] write(3, "1024", 4)         = 4
[pid  4994] close(3)                    = 0
[pid  4994] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  4994] write(3, "1024", 4)         = 4
[pid  4994] close(3)                    = 0
[pid  4994] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  4994] write(3, "1024 1048576 500 1024", 21) = 21
[pid  4994] close(3)                    = 0
[pid  4994] getpid()                    = 1
[pid  4994] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  4994] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  4994] unshare(CLONE_NEWNET)       = 0
[pid  4994] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  4994] write(3, "0 65535", 7)      = 7
[pid  4994] close(3)                    = 0
[pid  4994] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  4994] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  4994] close(3)                    = 0
[pid  4994] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  4994] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  4994] recvfrom(3, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid  4994] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4994] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  4994] recvfrom(3, [{nlmsg_len=2496, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid  4994] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4994] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  4994] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  4994] access("/proc/net", R_OK)   = 0
[pid  4994] access("/proc/net/unix", R_OK) = 0
[pid  4994] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4994] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  4994] close(4)                    = 0
[pid  4994] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  4994] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4994] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  4994] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  4994] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  4994] close(4)                    = 0
[pid  4994] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  4994] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4994] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  4994] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  4994] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4994] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  4994] close(4)                    = 0
[pid  4994] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  4994] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4994] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  4994] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  4994] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  4994] close(4)                    = 0
[pid  4994] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
syzkaller login: [   62.900063][ T1069] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.915526][ T1069] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.928899][ T4735] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   62.940824][ T1069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[pid  4994] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4994] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4994] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  4994] close(4)                    = 0
[pid  4994] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  4994] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  4994] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  4994] close(4)                    = 0
[pid  4994] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4994] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  4994] close(4)                    = 0
[pid  4994] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  4994] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  4994] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  4994] close(4)                    = 0
[pid  4994] close(3)                    = 0
[pid  4994] mkdir("/dev/binderfs", 0777) = 0
[pid  4994] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  4994] mkdir("./0", 0777)          = 0
[pid  4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  4994] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  4994] close(3)                    = 0
[pid  4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555574b5d0) = 2
./strace-static-x86_64: Process 4997 attached
[pid  4997] set_robust_list(0x55555574b5e0, 24) = 0
[pid  4997] chdir("./0")                = 0
[pid  4997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4997] setpgid(0, 0)               = 0
[pid  4997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4997] write(3, "1000", 4)         = 4
[pid  4997] close(3)                    = 0
[pid  4997] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4997] futex(0x7f974c2cc7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f974c1ca000
[pid  4997] mprotect(0x7f974c1cb000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4997] clone(child_stack=0x7f974c1ea3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4998 attached
, parent_tid=[3], tls=0x7f974c1ea700, child_tidptr=0x7f974c1ea9d0) = 3
[pid  4998] set_robust_list(0x7f974c1ea9e0, 24 <unfinished ...>
[pid  4997] futex(0x7f974c2cc7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   62.949967][ T1069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.958642][  T900] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[pid  4997] futex(0x7f974c2cc7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4998] <... set_robust_list resumed>) = 0
[pid  4998] memfd_create("syzkaller", 0) = 3
[pid  4998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9743dca000
[   63.012129][ T4998] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4998 'syz-executor768'
[pid  4998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836
[pid  4998] munmap(0x7f9743dca000, 32394836) = 0
[pid  4998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4998] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4998] close(3)                    = 0
[pid  4998] mkdir("./bus", 0777)        = 0
[   63.422977][ T4998] loop0: detected capacity change from 0 to 63271
[   63.435305][ T4998] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605)
[   63.443962][ T4998] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   63.455294][ T4998] F2FS-fs (loop0): invalid crc value
[   63.464735][ T4998] F2FS-fs (loop0): Found nat_bits in checkpoint
[pid  4998] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0
[pid  4998] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  4998] chdir("./bus")              = 0
[pid  4998] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4998] close(4)                    = 0
[pid  4998] futex(0x7f974c2cc7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4997] <... futex resumed>)        = 0
[pid  4997] futex(0x7f974c2cc7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4997] futex(0x7f974c2cc7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4998] <... futex resumed>)        = 1
[pid  4998] open("./bus", O_RDONLY)     = -1 ENOENT (No such file or directory)
[pid  4998] futex(0x7f974c2cc7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4997] <... futex resumed>)        = 0
[pid  4997] futex(0x7f974c2cc7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4997] futex(0x7f974c2cc7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4998] <... futex resumed>)        = 1
[pid  4998] creat(NULL, 000)            = -1 EFAULT (Bad address)
[pid  4998] futex(0x7f974c2cc7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4997] <... futex resumed>)        = 0
[pid  4997] futex(0x7f974c2cc7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4997] futex(0x7f974c2cc7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4998] <... futex resumed>)        = 1
[   63.507800][ T4998] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   63.514982][ T4998] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b
[pid  4998] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  4998] futex(0x7f974c2cc7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4997] <... futex resumed>)        = 0
[pid  4997] futex(0x7f974c2cc7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4997] futex(0x7f974c2cc7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4998] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC <unfinished ...>
[pid  4997] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4997] futex(0x7f974c2cc7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   63.546220][   T27] audit: type=1800 audit(1682908545.680:2): pid=4998 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor768" name="bus" dev="loop0" ino=4 res=0 errno=0
[pid  4997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9745c8e000
[pid  4997] mprotect(0x7f9745c8f000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4997] clone(child_stack=0x7f9745cae3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7f9745cae700, child_tidptr=0x7f9745cae9d0) = 4
[pid  4997] futex(0x7f974c2cc7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4997] futex(0x7f974c2cc7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5003 attached
 <unfinished ...>
[pid  5003] set_robust_list(0x7f9745cae9e0, 24) = 0
[pid  5003] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process)
[pid  5003] futex(0x7f974c2cc7bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4997] <... futex resumed>)        = 0
[pid  5003] <... futex resumed>)        = 1
[pid  5003] futex(0x7f974c2cc7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4998] <... pwritev2 resumed>)     = -1 EIO (Input/output error)
[   63.629613][ T4998] syz-executor768: attempt to access beyond end of device
[   63.629613][ T4998] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=63271
[   63.657537][ T4998] syz-executor768: attempt to access beyond end of device
[   63.657537][ T4998] loop0: rw=2049, sector=79872, nr_sectors = 2048 limit=63271
[   63.692860][ T4998] 
[   63.695227][ T4998] ================================================
[   63.701715][ T4998] WARNING: lock held when returning to user space!
[   63.708224][ T4998] 6.3.0-syzkaller-12049-g58390c8ce1bd #0 Not tainted
[   63.714888][ T4998] ------------------------------------------------
[   63.721380][ T4998] syz-executor768/4998 is leaving the kernel with locks still held!
[   63.729343][ T4998] 1 lock held by syz-executor768/4998:
[pid  4998] futex(0x7f974c2cc7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4998] futex(0x7f974c2cc7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4997] close(3)                    = 0
[pid  4997] close(4)                    = 0
[pid  4997] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  4997] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  4997] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  4997] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  4997] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  4997] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  4997] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  4997] exit_group(0 <unfinished ...>
[pid  5003] <... futex resumed>)        = ?
[pid  4997] <... exit_group resumed>)   = ?
[pid  5003] +++ exited with 0 +++
[pid  4998] <... futex resumed>)        = ?
[pid  4998] +++ exited with 0 +++
[pid  4997] +++ exited with 0 +++
[pid  4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=46 /* 0.46 s */} ---
[pid  4994] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  4994] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  4994] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  4994] getdents64(3, 0x55555574c620 /* 4 entries */, 32768) = 104
[   63.734799][ T4998]  #0: ffff88807e800448 (&sbi->node_write){++++}-{3:3}, at: f2fs_write_single_data_page+0xa10/0x1d50