./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4272430005 <...> forked to background, child pid 3189 no interfaces have a carrier [ 25.264297][ T3190] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.271424][ T3190] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. execve("./syz-executor4272430005", ["./syz-executor4272430005"], 0x7ffc4ad301f0 /* 10 vars */) = 0 brk(NULL) = 0x5555568b8000 brk(0x5555568b8c40) = 0x5555568b8c40 arch_prctl(ARCH_SET_FS, 0x5555568b8300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4272430005", 4096) = 28 brk(0x5555568d9c40) = 0x5555568d9c40 brk(0x5555568da000) = 0x5555568da000 mprotect(0x7f3249ed2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3617 mkdir("./syzkaller.qm0pqI", 0700) = 0 chmod("./syzkaller.qm0pqI", 0777) = 0 chdir("./syzkaller.qm0pqI") = 0 mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) getuid() = 0 getgid() = 0 mprotect(0x7f3249ef5000, 4096, PROT_NONE) = 0 clone(child_stack=0x7f3249ff4fb0, flags=CLONE_NEWUSER|CLONE_NEWPID./strace-static-x86_64: Process 3618 attached ) = 3618 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3618] setsid() = 1 [pid 3618] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3618] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = -1 EPERM (Operation not permitted) [pid 3618] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3618] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3618] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3618] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3618] unshare(CLONE_NEWNS) = 0 [pid 3618] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3618] unshare(CLONE_NEWIPC) = 0 [pid 3618] unshare(CLONE_NEWCGROUP) = 0 [pid 3618] unshare(CLONE_NEWUTS) = 0 [pid 3618] unshare(CLONE_SYSVSEM) = 0 [pid 3618] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "16777216", 8) = 8 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "536870912", 9) = 9 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1024", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "8192", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1024", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1024", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/setgroups", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "deny", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/uid_map", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "0 0 1\n", 6) = 6 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/gid_map", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "0 0 1\n", 6) = 6 [pid 3618] close(3) = 0 [pid 3618] unshare(CLONE_NEWNET) = 0 [pid 3618] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "0 65535", 7) = -1 EINVAL (Invalid argument) [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3 [pid 3618] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8 [pid 3618] close(3) = 0 [pid 3618] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 3618] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40 [pid 3618] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x18\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224 [pid 3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3618] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3618] recvfrom(3, [{nlmsg_len=2376, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x37\x01\x00\x00\x74\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2376 [pid 3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3618] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 [pid 3618] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56 [pid 3618] access("/proc/net", R_OK) = 0 [pid 3618] access("/proc/net/unix", R_OK) = 0 [pid 3618] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 3618] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0 [pid 3618] close(4) = 0 [pid 3618] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 [pid 3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3618] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 [pid 3618] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0 [pid 3618] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0 [pid 3618] close(4) = 0 [pid 3618] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64 [pid 3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3618] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 [pid 3618] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56 [pid 3618] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 3618] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0 [pid 3618] close(4) = 0 [pid 3618] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 [pid 3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3618] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 [pid 3618] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0 [pid 3618] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0 [pid 3618] close(4) = 0 [pid 3618] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64 [pid 3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 3618] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 3618] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0 [pid 3618] close(4) = 0 syzkaller login: [ 49.408142][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.408161][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.409557][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 49.447957][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [pid 3618] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3618] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3618] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404 [pid 3618] close(4) = 0 [pid 3618] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4 [pid 3618] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0 [pid 3618] close(4) = 0 [pid 3618] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 3618] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 3618] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404 [pid 3618] close(4) = 0 [pid 3618] close(3) = 0 [pid 3618] mkdir("./syz-tmp", 0777) = 0 [pid 3618] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 3618] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 3618] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 3618] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 3618] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 3618] mount(NULL, "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 3618] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 3618] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 3618] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 3618] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 3618] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 3618] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 3618] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 3618] chdir("/") = 0 [pid 3618] umount2("./pivot", MNT_DETACH) = 0 [pid 3618] chroot("./newroot") = 0 [pid 3618] chdir("/") = 0 [pid 3618] mkdir("/dev/binderfs", 0777) = 0 [pid 3618] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 3618] getpid() = 1 [pid 3618] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 0b e9 f6 fd ff ff e8 17 1f bd f8 e8 72 a9 b9 00 31 ff 89 c3 89 [ 49.599501][ T3618] RSP: 0018:ffffc9000309f500 EFLAGS: 00010282 [ 49.605604][ T3618] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 49.613917][ T3618] RDX: ffff88801ad81d80 RSI: ffffffff8160dd58 RDI: fffff52000613e92 [ 49.622004][ T3618] RBP: ffff88801dbfc000 R08: 0000000000000005 R09: 0000000000000000 [ 49.630055][ T3618] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88801dbfcc80 [ 49.638033][ T3618] R13: 0000000002000000 R14: ffff88801dbfe2d0 R15: ffff88801dbfe2c8 [ 49.646071][ T3618] FS: 00005555568b8300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 49.655078][ T3618] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.661754][ T3618] CR2: 00007f3249ff3e88 CR3: 000000001d58e000 CR4: 00000000003506f0 [ 49.669816][ T3618] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.677800][ T3618] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.685845][ T3618] Call Trace: [ 49.689128][ T3618] [ 49.692181][ T3618] ieee80211_bss_info_change_notify+0x9a/0xc0 [ 49.698273][ T3618] ieee80211_set_mcast_rate+0x37/0x40 [ 49.703730][ T3618] ? ieee80211_copy_mbssid_beacon+0x270/0x270 [ 49.709974][ T3618] nl80211_set_mcast_rate+0x317/0x610 [ 49.715371][ T3618] ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0 [ 49.722047][ T3618] ? nl80211_pre_doit+0x100/0x600 [ 49.727086][ T3618] genl_family_rcv_msg_doit+0x228/0x320 [ 49.732721][ T3618] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 49.740433][ T3618] ? ns_capable+0xd9/0x100 [ 49.744874][ T3618] genl_rcv_msg+0x328/0x580 [ 49.749439][ T3618] ? genl_get_cmd+0x480/0x480 [ 49.754135][ T3618] ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0 [ 49.760833][ T3618] ? lock_release+0x780/0x780 [ 49.765529][ T3618] netlink_rcv_skb+0x153/0x420 [ 49.770368][ T3618] ? genl_get_cmd+0x480/0x480 [ 49.775057][ T3618] ? netlink_ack+0xa80/0xa80 [ 49.779739][ T3618] ? netlink_deliver_tap+0x1b1/0xc40 [ 49.785037][ T3618] genl_rcv+0x24/0x40 [ 49.789011][ T3618] netlink_unicast+0x543/0x7f0 [ 49.793849][ T3618] ? netlink_attachskb+0x880/0x880 [ 49.798972][ T3618] ? __virt_addr_valid+0x5d/0x2d0 [ 49.804085][ T3618] ? __phys_addr_symbol+0x2c/0x70 [ 49.809134][ T3618] ? __check_object_size+0x2de/0x700 [ 49.814493][ T3618] netlink_sendmsg+0x917/0xe10 [ 49.819272][ T3618] ? netlink_unicast+0x7f0/0x7f0 [ 49.824304][ T3618] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 49.829678][ T3618] ? netlink_unicast+0x7f0/0x7f0 [ 49.834635][ T3618] sock_sendmsg+0xcf/0x120 [ 49.839045][ T3618] ____sys_sendmsg+0x6eb/0x810 [ 49.843904][ T3618] ? kernel_sendmsg+0x50/0x50 [ 49.848659][ T3618] ? do_recvmmsg+0x6d0/0x6d0 [ 49.853374][ T3618] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 49.859488][ T3618] ? lockdep_hardirqs_on+0x79/0x100 [ 49.864758][ T3618] ___sys_sendmsg+0xf3/0x170 [ 49.869469][ T3618] ? sendmsg_copy_msghdr+0x160/0x160 [ 49.874801][ T3618] ? lock_release+0x780/0x780 [ 49.879614][ T3618] ? ptrace_stop.part.0+0x5ec/0xa80 [ 49.884826][ T3618] ? do_raw_spin_lock+0x120/0x2a0 [ 49.889959][ T3618] ? rwlock_bug.part.0+0x90/0x90 [ 49.894922][ T3618] ? _raw_spin_lock_irq+0x41/0x50 [ 49.900090][ T3618] ? __fget_light+0x20a/0x270 [ 49.904793][ T3618] __x64_sys_sendmsg+0x132/0x220 [ 49.909807][ T3618] ? __sys_sendmsg+0x1b0/0x1b0 [ 49.914605][ T3618] ? _raw_spin_unlock_irq+0x2a/0x40 [ 49.919967][ T3618] ? ptrace_notify+0xfa/0x140 [ 49.924675][ T3618] do_syscall_64+0x35/0xb0 [ 49.929094][ T3618] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 49.935082][ T3618] RIP: 0033:0x7f3249e5dd89 [ 49.939605][ T3618] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 49.959429][ T3618] RSP: 002b:00007f3249ff4ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 49.967885][ T3618] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3249e5dd89 [ 49.975954][ T3618] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 49.984040][ T3618] RBP: 00007f3249ff4f40 R08: 0000000000000000 R09: 0000000000000000 [ 49.992088][ T3618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3249ff4f50 [ 50.000150][ T3618] R13: 0000000000000004 R14: 00007f3249ff5020 R15: 0000000000000000 [ 50.008193][ T3618] [ 50.011301][ T3618] Kernel panic - not syncing: panic_on_warn set ... [ 50.017904][ T3618] CPU: 0 PID: 3618 Comm: syz-executor427 Not tainted 5.19.0-rc3-syzkaller-00043-g3abc3ae553c7 #0 [ 50.028413][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.038464][ T3618] Call Trace: [ 50.041748][ T3618] [ 50.044670][ T3618] dump_stack_lvl+0xcd/0x134 [ 50.049258][ T3618] panic+0x2d7/0x64a [ 50.053154][ T3618] ? panic_print_sys_info.part.0+0x10b/0x10b [ 50.059130][ T3618] ? __warn.cold+0x1d9/0x2cd [ 50.063723][ T3618] ? drv_bss_info_changed+0x4dd/0x5f0 [ 50.069086][ T3618] __warn.cold+0x1ea/0x2cd [ 50.073490][ T3618] ? __wake_up_klogd.part.0+0x99/0xf0 [ 50.078851][ T3618] ? drv_bss_info_changed+0x4dd/0x5f0 [ 50.084212][ T3618] report_bug+0x1bc/0x210 [ 50.088551][ T3618] handle_bug+0x3c/0x60 [ 50.092705][ T3618] exc_invalid_op+0x14/0x40 [ 50.097289][ T3618] asm_exc_invalid_op+0x1b/0x20 [ 50.102129][ T3618] RIP: 0010:drv_bss_info_changed+0x4dd/0x5f0 [ 50.108095][ T3618] Code: 08 06 00 00 48 85 ed 0f 84 b9 00 00 00 e8 3b 1f bd f8 e8 36 1f bd f8 8b 54 24 04 48 89 ee 48 c7 c7 e0 97 f3 8a e8 9c a8 74 00 <0f> 0b e9 f6 fd ff ff e8 17 1f bd f8 e8 72 a9 b9 00 31 ff 89 c3 89 [ 50.127700][ T3618] RSP: 0018:ffffc9000309f500 EFLAGS: 00010282 [ 50.133775][ T3618] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 50.141744][ T3618] RDX: ffff88801ad81d80 RSI: ffffffff8160dd58 RDI: fffff52000613e92 [ 50.149716][ T3618] RBP: ffff88801dbfc000 R08: 0000000000000005 R09: 0000000000000000 [ 50.157693][ T3618] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88801dbfcc80 [ 50.165672][ T3618] R13: 0000000002000000 R14: ffff88801dbfe2d0 R15: ffff88801dbfe2c8 [ 50.173737][ T3618] ? vprintk+0x88/0x90 [ 50.177818][ T3618] ieee80211_bss_info_change_notify+0x9a/0xc0 [ 50.183890][ T3618] ieee80211_set_mcast_rate+0x37/0x40 [ 50.189272][ T3618] ? ieee80211_copy_mbssid_beacon+0x270/0x270 [ 50.195341][ T3618] nl80211_set_mcast_rate+0x317/0x610 [ 50.200722][ T3618] ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0 [ 50.207332][ T3618] ? nl80211_pre_doit+0x100/0x600 [ 50.212369][ T3618] genl_family_rcv_msg_doit+0x228/0x320 [ 50.217930][ T3618] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 50.225313][ T3618] ? ns_capable+0xd9/0x100 [ 50.229738][ T3618] genl_rcv_msg+0x328/0x580 [ 50.234247][ T3618] ? genl_get_cmd+0x480/0x480 [ 50.238924][ T3618] ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0 [ 50.245521][ T3618] ? lock_release+0x780/0x780 [ 50.250208][ T3618] netlink_rcv_skb+0x153/0x420 [ 50.254973][ T3618] ? genl_get_cmd+0x480/0x480 [ 50.259656][ T3618] ? netlink_ack+0xa80/0xa80 [ 50.264254][ T3618] ? netlink_deliver_tap+0x1b1/0xc40 [ 50.269545][ T3618] genl_rcv+0x24/0x40 [ 50.273612][ T3618] netlink_unicast+0x543/0x7f0 [ 50.278386][ T3618] ? netlink_attachskb+0x880/0x880 [ 50.283521][ T3618] ? __virt_addr_valid+0x5d/0x2d0 [ 50.288565][ T3618] ? __phys_addr_symbol+0x2c/0x70 [ 50.293603][ T3618] ? __check_object_size+0x2de/0x700 [ 50.298901][ T3618] netlink_sendmsg+0x917/0xe10 [ 50.303693][ T3618] ? netlink_unicast+0x7f0/0x7f0 [ 50.308661][ T3618] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 50.313964][ T3618] ? netlink_unicast+0x7f0/0x7f0 [ 50.318909][ T3618] sock_sendmsg+0xcf/0x120 [ 50.323339][ T3618] ____sys_sendmsg+0x6eb/0x810 [ 50.328109][ T3618] ? kernel_sendmsg+0x50/0x50 [ 50.332784][ T3618] ? do_recvmmsg+0x6d0/0x6d0 [ 50.337383][ T3618] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.343368][ T3618] ? lockdep_hardirqs_on+0x79/0x100 [ 50.348570][ T3618] ___sys_sendmsg+0xf3/0x170 [ 50.353164][ T3618] ? sendmsg_copy_msghdr+0x160/0x160 [ 50.358468][ T3618] ? lock_release+0x780/0x780 [ 50.363148][ T3618] ? ptrace_stop.part.0+0x5ec/0xa80 [ 50.368362][ T3618] ? do_raw_spin_lock+0x120/0x2a0 [ 50.373392][ T3618] ? rwlock_bug.part.0+0x90/0x90 [ 50.378353][ T3618] ? _raw_spin_lock_irq+0x41/0x50 [ 50.383390][ T3618] ? __fget_light+0x20a/0x270 [ 50.388076][ T3618] __x64_sys_sendmsg+0x132/0x220 [ 50.393015][ T3618] ? __sys_sendmsg+0x1b0/0x1b0 [ 50.397789][ T3618] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.403086][ T3618] ? ptrace_notify+0xfa/0x140 [ 50.407769][ T3618] do_syscall_64+0x35/0xb0 [ 50.412192][ T3618] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 50.418098][ T3618] RIP: 0033:0x7f3249e5dd89 [ 50.422516][ T3618] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.442124][ T3618] RSP: 002b:00007f3249ff4ef8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 50.450548][ T3618] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3249e5dd89 [ 50.458603][ T3618] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004 [ 50.466569][ T3618] RBP: 00007f3249ff4f40 R08: 0000000000000000 R09: 0000000000000000 [ 50.474554][ T3618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3249ff4f50 [ 50.482551][ T3618] R13: 0000000000000004 R14: 00007f3249ff5020 R15: 0000000000000000 [ 50.490554][ T3618] [ 50.493873][ T3618] Kernel Offset: disabled [ 50.498242][ T3618] Rebooting in 86400 seconds..