./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2878519968

<...>
DUID 00:04:f2:7f:36:b6:03:80:f9:c3:71:03:f9:5e:f9:cf:ad:4a
forked to background, child pid 3210
[   33.188100][ T3211] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.197473][ T3211] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts.
execve("./syz-executor2878519968", ["./syz-executor2878519968"], 0x7fff6c39c740 /* 10 vars */) = 0
brk(NULL)                               = 0x555555c0d000
brk(0x555555c0dc40)                     = 0x555555c0dc40
arch_prctl(ARCH_SET_FS, 0x555555c0d300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2878519968", 4096) = 28
brk(0x555555c2ec40)                     = 0x555555c2ec40
brk(0x555555c2f000)                     = 0x555555c2f000
mprotect(0x7f3af356c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3639 attached
, child_tidptr=0x555555c0d5d0) = 3639
[pid  3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3639] setpgid(0, 0)               = 0
[pid  3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3639] write(3, "1000", 4)         = 4
[pid  3639] close(3)                    = 0
[pid  3639] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  3639] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  3639] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  3639] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3639] recvfrom(5, [{nlmsg_len=2476, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3639}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x40\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  3639] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3639}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3639] close(5)                    = 0
[pid  3639] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid  3639] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x22\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36
[pid  3639] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  3639] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3639] recvfrom(5, [{nlmsg_len=2476, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-2140036540}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x40\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  3639] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-2140036540}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3639] close(5)                    = 0
[pid  3639] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid  3639] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x22\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x08\x00\x05\x00\x0b\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36
[pid  3639] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5
syzkaller login: [   54.729701][ T3639] netlink: 'syz-executor287': attribute type 27 has an invalid length.
[   54.924670][ T3644] ------------[ cut here ]------------
[   54.945031][ T3644] wlan1: Failed check-sdata-in-driver check, flags: 0x0
[   54.952698][ T3644] WARNING: CPU: 0 PID: 3644 at net/mac80211/main.c:235 ieee80211_bss_info_change_notify+0x8c2/0xbe0
[   54.964376][ T3644] Modules linked in:
[   54.968609][ T3644] CPU: 0 PID: 3644 Comm: syz-executor287 Not tainted 6.1.0-rc8-syzkaller-00137-g01de1123322e #0
[   54.979295][ T3644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   54.990522][ T3644] RIP: 0010:ieee80211_bss_info_change_notify+0x8c2/0xbe0
[   54.997866][ T3644] Code: ab 08 09 00 00 48 85 ed 0f 84 25 01 00 00 e8 05 bc 59 f8 e8 00 bc 59 f8 44 89 fa 48 89 ee 48 c7 c7 80 86 79 8b e8 7d b3 80 00 <0f> 0b e9 55 f8 ff ff e8 e2 bb 59 f8 65 ff 05 5b 1d dc 76 48 c7 c0
[   55.021176][ T3644] RSP: 0018:ffffc90003c5f3b8 EFLAGS: 00010282
[   55.027540][ T3644] RAX: 0000000000000000 RBX: ffff888021620c80 RCX: 0000000000000000
[   55.035806][ T3644] RDX: ffff88807ae20000 RSI: ffffffff8165785c RDI: fffff5200078be69
[   55.043815][ T3644] RBP: ffff888021620000 R08: 0000000000000005 R09: 0000000000000000
[   55.052166][ T3644] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000400000
[   55.060507][ T3644] R13: ffff8880216226d0 R14: 0000000000000000 R15: 0000000000000000
[   55.068791][ T3644] FS:  0000555555c0d300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   55.078058][ T3644] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.084679][ T3644] CR2: 0000562bfc40f950 CR3: 0000000024580000 CR4: 00000000003506f0
[   55.095241][ T3644] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.103248][ T3644] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.112413][ T3644] Call Trace:
[   55.116149][ T3644]  <TASK>
[   55.119124][ T3644]  ieee80211_ocb_leave+0x24d/0x3c0
[   55.124284][ T3644]  __cfg80211_leave_ocb+0x22c/0x8e0
[   55.130000][ T3644]  cfg80211_leave_ocb+0x52/0x70
[   55.134912][ T3644]  cfg80211_change_iface+0xa55/0x1150
[   55.140708][ T3644]  nl80211_set_interface+0x695/0x960
[   55.146417][ T3644]  ? nl80211_notify_iface+0x190/0x190
[   55.151840][ T3644]  ? nl80211_pre_doit+0x120/0xab0
[   55.157296][ T3644]  genl_family_rcv_msg_doit+0x228/0x320
[   55.162889][ T3644]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290
[   55.170638][ T3644]  ? ns_capable+0xdd/0x100
[   55.175375][ T3644]  genl_rcv_msg+0x445/0x780
[   55.179922][ T3644]  ? genl_start+0x670/0x670
[   55.184435][ T3644]  ? nl80211_notify_iface+0x190/0x190
[   55.190331][ T3644]  ? lock_release+0x810/0x810
[   55.195340][ T3644]  netlink_rcv_skb+0x157/0x430
[   55.200149][ T3644]  ? genl_start+0x670/0x670
[   55.204688][ T3644]  ? netlink_ack+0xd60/0xd60
[   55.209739][ T3644]  ? netlink_deliver_tap+0x1b1/0xc50
[   55.215357][ T3644]  genl_rcv+0x28/0x40
[   55.219376][ T3644]  netlink_unicast+0x547/0x7f0
[   55.224198][ T3644]  ? netlink_attachskb+0x890/0x890
[   55.229935][ T3644]  ? __virt_addr_valid+0x61/0x2e0
[   55.235431][ T3644]  ? __phys_addr_symbol+0x30/0x70
[   55.240507][ T3644]  ? __check_object_size+0x2e2/0x5a0
[   55.246355][ T3644]  netlink_sendmsg+0x91b/0xe10
[   55.251180][ T3644]  ? netlink_unicast+0x7f0/0x7f0
[   55.256385][ T3644]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   55.261676][ T3644]  ? netlink_unicast+0x7f0/0x7f0
[   55.267028][ T3644]  sock_sendmsg+0xd3/0x120
[   55.271502][ T3644]  ____sys_sendmsg+0x712/0x8c0
[   55.276661][ T3644]  ? copy_msghdr_from_user+0xfc/0x150
[   55.282075][ T3644]  ? kernel_sendmsg+0x50/0x50
[   55.287239][ T3644]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   55.293304][ T3644]  ___sys_sendmsg+0x110/0x1b0
[   55.298371][ T3644]  ? do_recvmmsg+0x6e0/0x6e0
[   55.303017][ T3644]  ? lock_release+0x810/0x810
[   55.308127][ T3644]  ? ptrace_stop.part.0+0x49a/0x8c0
[   55.313387][ T3644]  ? do_raw_spin_lock+0x124/0x2b0
[   55.318771][ T3644]  ? rwlock_bug.part.0+0x90/0x90
[   55.323750][ T3644]  ? _raw_spin_lock_irq+0x45/0x50
[   55.329193][ T3644]  ? __fget_light+0x20a/0x270
[   55.333925][ T3644]  __sys_sendmsg+0xf7/0x1c0
[   55.345220][ T3644]  ? __sys_sendmsg_sock+0x40/0x40
[   55.350286][ T3644]  ? lock_downgrade+0x6e0/0x6e0
[   55.359582][ T3644]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.364826][ T3644]  ? _raw_spin_unlock_irq+0x2e/0x50
[   55.370699][ T3644]  ? ptrace_notify+0xfe/0x140
[   55.376023][ T3644]  do_syscall_64+0x39/0xb0
[   55.380489][ T3644]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.386805][ T3644] RIP: 0033:0x7f3af34ffa99
[   55.391253][ T3644] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.411811][ T3644] RSP: 002b:00007ffea70b1928 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   55.420664][ T3644] RAX: ffffffffffffffda RBX: 000000000000d593 RCX: 00007f3af34ffa99
[   55.429120][ T3644] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000004
[   55.437569][ T3644] RBP: 0000000000000000 R08: 00007ffea70b1ac8 R09: 00007ffea70b1ac8
[   55.446019][ T3644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffea70b193c
[   55.454141][ T3644] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[   55.462604][ T3644]  </TASK>
[   55.466337][ T3644] Kernel panic - not syncing: panic_on_warn set ...
[   55.472949][ T3644] CPU: 0 PID: 3644 Comm: syz-executor287 Not tainted 6.1.0-rc8-syzkaller-00137-g01de1123322e #0
[   55.483398][ T3644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.493477][ T3644] Call Trace:
[   55.496775][ T3644]  <TASK>
[   55.499744][ T3644]  dump_stack_lvl+0xd1/0x138
[   55.504374][ T3644]  panic+0x2cc/0x626
[   55.508315][ T3644]  ? panic_print_sys_info.part.0+0x110/0x110
[   55.514360][ T3644]  ? __warn.cold+0x24b/0x350
[   55.518999][ T3644]  ? ieee80211_bss_info_change_notify+0x8c2/0xbe0
[   55.525456][ T3644]  __warn.cold+0x25c/0x350
[   55.529921][ T3644]  ? ieee80211_bss_info_change_notify+0x8c2/0xbe0
[   55.536465][ T3644]  report_bug+0x1c0/0x210
[   55.540853][ T3644]  handle_bug+0x3c/0x70
[   55.545047][ T3644]  exc_invalid_op+0x18/0x50
[   55.549599][ T3644]  asm_exc_invalid_op+0x1a/0x20
[   55.554487][ T3644] RIP: 0010:ieee80211_bss_info_change_notify+0x8c2/0xbe0
[   55.561557][ T3644] Code: ab 08 09 00 00 48 85 ed 0f 84 25 01 00 00 e8 05 bc 59 f8 e8 00 bc 59 f8 44 89 fa 48 89 ee 48 c7 c7 80 86 79 8b e8 7d b3 80 00 <0f> 0b e9 55 f8 ff ff e8 e2 bb 59 f8 65 ff 05 5b 1d dc 76 48 c7 c0
[   55.581202][ T3644] RSP: 0018:ffffc90003c5f3b8 EFLAGS: 00010282
[   55.587297][ T3644] RAX: 0000000000000000 RBX: ffff888021620c80 RCX: 0000000000000000
[   55.595305][ T3644] RDX: ffff88807ae20000 RSI: ffffffff8165785c RDI: fffff5200078be69
[   55.603480][ T3644] RBP: ffff888021620000 R08: 0000000000000005 R09: 0000000000000000
[   55.611475][ T3644] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000400000
[   55.619455][ T3644] R13: ffff8880216226d0 R14: 0000000000000000 R15: 0000000000000000
[   55.627428][ T3644]  ? vprintk+0x8c/0xa0
[   55.631494][ T3644]  ? ieee80211_bss_info_change_notify+0x8c2/0xbe0
[   55.637931][ T3644]  ieee80211_ocb_leave+0x24d/0x3c0
[   55.643067][ T3644]  __cfg80211_leave_ocb+0x22c/0x8e0
[   55.648272][ T3644]  cfg80211_leave_ocb+0x52/0x70
[   55.653127][ T3644]  cfg80211_change_iface+0xa55/0x1150
[   55.658507][ T3644]  nl80211_set_interface+0x695/0x960
[   55.663797][ T3644]  ? nl80211_notify_iface+0x190/0x190
[   55.669182][ T3644]  ? nl80211_pre_doit+0x120/0xab0
[   55.674235][ T3644]  genl_family_rcv_msg_doit+0x228/0x320
[   55.679780][ T3644]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290
[   55.687156][ T3644]  ? ns_capable+0xdd/0x100
[   55.691573][ T3644]  genl_rcv_msg+0x445/0x780
[   55.696085][ T3644]  ? genl_start+0x670/0x670
[   55.700603][ T3644]  ? nl80211_notify_iface+0x190/0x190
[   55.705988][ T3644]  ? lock_release+0x810/0x810
[   55.710685][ T3644]  netlink_rcv_skb+0x157/0x430
[   55.715457][ T3644]  ? genl_start+0x670/0x670
[   55.719976][ T3644]  ? netlink_ack+0xd60/0xd60
[   55.724564][ T3644]  ? netlink_deliver_tap+0x1b1/0xc50
[   55.729856][ T3644]  genl_rcv+0x28/0x40
[   55.733829][ T3644]  netlink_unicast+0x547/0x7f0
[   55.738600][ T3644]  ? netlink_attachskb+0x890/0x890
[   55.743713][ T3644]  ? __virt_addr_valid+0x61/0x2e0
[   55.748750][ T3644]  ? __phys_addr_symbol+0x30/0x70
[   55.753779][ T3644]  ? __check_object_size+0x2e2/0x5a0
[   55.759103][ T3644]  netlink_sendmsg+0x91b/0xe10
[   55.763863][ T3644]  ? netlink_unicast+0x7f0/0x7f0
[   55.768809][ T3644]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   55.774095][ T3644]  ? netlink_unicast+0x7f0/0x7f0
[   55.779038][ T3644]  sock_sendmsg+0xd3/0x120
[   55.783457][ T3644]  ____sys_sendmsg+0x712/0x8c0
[   55.788235][ T3644]  ? copy_msghdr_from_user+0xfc/0x150
[   55.793631][ T3644]  ? kernel_sendmsg+0x50/0x50
[   55.798343][ T3644]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   55.804328][ T3644]  ___sys_sendmsg+0x110/0x1b0
[   55.809012][ T3644]  ? do_recvmmsg+0x6e0/0x6e0
[   55.813624][ T3644]  ? lock_release+0x810/0x810
[   55.818301][ T3644]  ? ptrace_stop.part.0+0x49a/0x8c0
[   55.823502][ T3644]  ? do_raw_spin_lock+0x124/0x2b0
[   55.828520][ T3644]  ? rwlock_bug.part.0+0x90/0x90
[   55.833455][ T3644]  ? _raw_spin_lock_irq+0x45/0x50
[   55.838504][ T3644]  ? __fget_light+0x20a/0x270
[   55.843196][ T3644]  __sys_sendmsg+0xf7/0x1c0
[   55.847712][ T3644]  ? __sys_sendmsg_sock+0x40/0x40
[   55.852745][ T3644]  ? lock_downgrade+0x6e0/0x6e0
[   55.857633][ T3644]  ? lockdep_hardirqs_on+0x7d/0x100
[   55.862827][ T3644]  ? _raw_spin_unlock_irq+0x2e/0x50
[   55.868030][ T3644]  ? ptrace_notify+0xfe/0x140
[   55.872744][ T3644]  do_syscall_64+0x39/0xb0
[   55.877162][ T3644]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.883060][ T3644] RIP: 0033:0x7f3af34ffa99
[   55.887489][ T3644] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.907087][ T3644] RSP: 002b:00007ffea70b1928 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   55.915502][ T3644] RAX: ffffffffffffffda RBX: 000000000000d593 RCX: 00007f3af34ffa99
[   55.923465][ T3644] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000004
[   55.931425][ T3644] RBP: 0000000000000000 R08: 00007ffea70b1ac8 R09: 00007ffea70b1ac8
[   55.939396][ T3644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffea70b193c
[   55.947379][ T3644] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[   55.955359][ T3644]  </TASK>
[   55.958700][ T3644] Kernel Offset: disabled
[   55.963096][ T3644] Rebooting in 86400 seconds..