./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4141355118 <...> forked to background, child pid 3186 no interfaces have a carrier [ 26.017418][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.027260][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.230' (ECDSA) to the list of known hosts. execve("./syz-executor4141355118", ["./syz-executor4141355118"], 0x7ffcc4846600 /* 10 vars */) = 0 brk(NULL) = 0x55555616b000 brk(0x55555616bc40) = 0x55555616bc40 arch_prctl(ARCH_SET_FS, 0x55555616b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4141355118", 4096) = 28 brk(0x55555618cc40) = 0x55555618cc40 brk(0x55555618d000) = 0x55555618d000 mprotect(0x7f6717c3f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 recvfrom(4, [{nlmsg_len=2376, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3608}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x37\x01\x00\x00\x74\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2376 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3608}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(4) = 0 ioctl(3, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=8}) = 0 syzkaller login: [ 44.405494][ T3608] INFO: trying to register non-static key. [ 44.411321][ T3608] The code is fine but needs lockdep annotation, or maybe [ 44.418404][ T3608] you didn't initialize this object before use? [ 44.424632][ T3608] turning off the locking correctness validator. [ 44.430932][ T3608] CPU: 0 PID: 3608 Comm: syz-executor414 Not tainted 5.19.0-rc8-syzkaller #0 [ 44.439682][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 44.449715][ T3608] Call Trace: [ 44.452975][ T3608] [ 44.455889][ T3608] dump_stack_lvl+0x1e3/0x2cb [ 44.460565][ T3608] ? bfq_pos_tree_add_move+0x436/0x436 [ 44.466005][ T3608] ? panic+0x76e/0x76e [ 44.470053][ T3608] ? __is_module_percpu_address+0x3fc/0x4a0 [ 44.475927][ T3608] ? __module_address+0x2e/0x2b0 [ 44.480845][ T3608] assign_lock_key+0x22a/0x240 [ 44.485593][ T3608] ? SOFTIRQ_verbose+0x10/0x10 [ 44.490335][ T3608] ? print_irqtrace_events+0x220/0x220 [ 44.495785][ T3608] register_lock_class+0x287/0x9d0 [ 44.500876][ T3608] ? is_dynamic_key+0x1f0/0x1f0 [ 44.505731][ T3608] __lock_acquire+0xe9/0x1f80 [ 44.510389][ T3608] lock_acquire+0x1a7/0x400 [ 44.514885][ T3608] ? ieee80211_do_stop+0x115/0x1cf0 [ 44.520076][ T3608] ? read_lock_is_recursive+0x10/0x10 [ 44.525452][ T3608] ? __local_bh_disable_ip+0x183/0x210 [ 44.530905][ T3608] ? ieee80211_do_stop+0x115/0x1cf0 [ 44.536097][ T3608] ? __bpf_trace_softirq+0x10/0x10 [ 44.541192][ T3608] ? rcu_blocking_is_gp+0x70/0x70 [ 44.546202][ T3608] ? print_irqtrace_events+0x220/0x220 [ 44.551642][ T3608] ? do_raw_spin_unlock+0x134/0x8a0 [ 44.556821][ T3608] ? ieee80211_do_stop+0x115/0x1cf0 [ 44.562000][ T3608] _raw_spin_lock_bh+0x31/0x40 [ 44.566750][ T3608] ? ieee80211_do_stop+0x115/0x1cf0 [ 44.571926][ T3608] ieee80211_do_stop+0x115/0x1cf0 [ 44.576936][ T3608] ? ieee80211_sdata_stop+0x70/0x70 [ 44.582135][ T3608] ? ieee80211_get_vif_queues+0x222/0x390 [ 44.587870][ T3608] ieee80211_if_change_type+0x448/0x9f0 [ 44.593418][ T3608] ieee80211_change_iface+0x58/0x430 [ 44.598703][ T3608] cfg80211_change_iface+0x677/0xaf0 [ 44.603973][ T3608] nl80211_set_interface+0x5ed/0x870 [ 44.609239][ T3608] ? nl80211_dump_interface+0x6b0/0x6b0 [ 44.614772][ T3608] ? nl80211_pre_doit+0x469/0x510 [ 44.619792][ T3608] genl_rcv_msg+0xfbc/0x1490 [ 44.624366][ T3608] ? genl_bind+0x380/0x380 [ 44.628762][ T3608] ? mark_lock+0x98/0x350 [ 44.633075][ T3608] ? __lock_acquire+0x129a/0x1f80 [ 44.638082][ T3608] ? nl80211_dump_interface+0x6b0/0x6b0 [ 44.643614][ T3608] netlink_rcv_skb+0x1f0/0x460 [ 44.648747][ T3608] ? genl_bind+0x380/0x380 [ 44.653158][ T3608] ? netlink_ack+0xb40/0xb40 [ 44.657727][ T3608] ? __down_read_common+0x156/0x2a0 [ 44.662910][ T3608] genl_rcv+0x24/0x40 [ 44.666924][ T3608] netlink_unicast+0x7e7/0x9c0 [ 44.671671][ T3608] ? netlink_detachskb+0xa0/0xa0 [ 44.676588][ T3608] ? __phys_addr_symbol+0x2b/0x70 [ 44.681597][ T3608] ? 0xffffffff81000000 [ 44.685730][ T3608] ? __check_object_size+0x15a/0x210 [ 44.690994][ T3608] ? bpf_lsm_netlink_send+0x5/0x10 [ 44.696101][ T3608] netlink_sendmsg+0x9b3/0xcd0 [ 44.700848][ T3608] ? netlink_getsockopt+0x9c0/0x9c0 [ 44.706024][ T3608] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 44.711294][ T3608] ? security_socket_sendmsg+0x9d/0xb0 [ 44.716732][ T3608] ? netlink_getsockopt+0x9c0/0x9c0 [ 44.721913][ T3608] ____sys_sendmsg+0x597/0x8e0 [ 44.726668][ T3608] ? iovec_from_user+0x335/0x390 [ 44.731584][ T3608] ? __import_iovec+0x340/0x4e0 [ 44.736413][ T3608] ? __sys_sendmsg_sock+0x30/0x30 [ 44.741418][ T3608] __sys_sendmsg+0x301/0x8a0 [ 44.745988][ T3608] ? ____sys_sendmsg+0x8e0/0x8e0 [ 44.750906][ T3608] ? do_raw_spin_unlock+0x134/0x8a0 [ 44.756100][ T3608] ? do_notify_parent+0xeb0/0xeb0 [ 44.761104][ T3608] ? lockdep_hardirqs_on_prepare+0x448/0x7b0 [ 44.767082][ T3608] ? syscall_enter_from_user_mode+0x2e/0x1a0 [ 44.773131][ T3608] ? syscall_enter_from_user_mode+0x86/0x1a0 [ 44.779088][ T3608] do_syscall_64+0x2b/0x70 [ 44.783486][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.789371][ T3608] RIP: 0033:0x7f6717bd2b89 [ 44.793771][ T3608] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 44.813358][ T3608] RSP: 002b:00007ffc49030458 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.821749][ T3608] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6717bd2b89 [ 44.829704][ T3608] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 44.837657][ T3608] RBP: 00007f6717b96550 R08: 0000000000000000 R09: 0000000000000000 [ 44.845610][ T3608] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f6717b965e0 sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x22\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x08\x00\x00\x00\x08\x00\x05\x00\x03\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36 exit_group(0) = ? +++ exited with 0 +++ [ 44.853563][ T3608] R13: 0000000000000000 R14: