./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1211257633

<...>
Warning: Permanently added '10.128.1.82' (ECDSA) to the list of known hosts.
execve("./syz-executor1211257633", ["./syz-executor1211257633"], 0x7ffd35202c50 /* 10 vars */) = 0
brk(NULL)                               = 0x555555d90000
brk(0x555555d90c40)                     = 0x555555d90c40
arch_prctl(ARCH_SET_FS, 0x555555d90300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1211257633", 4096) = 28
brk(0x555555db1c40)                     = 0x555555db1c40
brk(0x555555db2000)                     = 0x555555db2000
mprotect(0x7f54e3c42000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d905d0) = 3612
./strace-static-x86_64: Process 3612 attached
[pid  3612] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3612] setsid()                    = 1
[pid  3612] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3612] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3612] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3612] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3612] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3612] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3612] unshare(CLONE_NEWNS)        = 0
[pid  3612] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3612] unshare(CLONE_NEWIPC)       = 0
[pid  3612] unshare(CLONE_NEWCGROUP)    = 0
[pid  3612] unshare(CLONE_NEWUTS)       = 0
[pid  3612] unshare(CLONE_SYSVSEM)      = 0
[pid  3612] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3612] write(3, "16777216", 8)     = 8
[pid  3612] close(3)                    = 0
[pid  3612] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3612] write(3, "536870912", 9)    = 9
[pid  3612] close(3)                    = 0
[pid  3612] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3612] write(3, "1024", 4)         = 4
[pid  3612] close(3)                    = 0
[pid  3612] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3612] write(3, "8192", 4)         = 4
[pid  3612] close(3)                    = 0
[pid  3612] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3612] write(3, "1024", 4)         = 4
[pid  3612] close(3)                    = 0
[pid  3612] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3612] write(3, "1024", 4)         = 4
[pid  3612] close(3)                    = 0
[pid  3612] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3612] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3612] close(3)                    = 0
[pid  3612] getpid()                    = 1
[pid  3612] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3612] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3612] unshare(CLONE_NEWNET)       = 0
[pid  3612] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  3612] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  3612] close(3)                    = 0
[pid  3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  3612] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  3612] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x18\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  3612] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3612] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3612] recvfrom(3, [{nlmsg_len=2376, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x37\x01\x00\x00\x74\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2376
[pid  3612] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3612] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3612] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3612] access("/proc/net", R_OK)   = 0
[pid  3612] access("/proc/net/unix", R_OK) = 0
[pid  3612] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3612] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3612] close(4)                    = 0
[pid  3612] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3612] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3612] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3612] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3612] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3612] close(4)                    = 0
[pid  3612] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3612] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3612] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3612] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3612] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3612] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3612] close(4)                    = 0
[pid  3612] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3612] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3612] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3612] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3612] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3612] close(4)                    = 0
[pid  3612] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3612] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3612] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3612] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3612] close(4)                    = 0
syzkaller login: [   56.556185][   T47] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.556205][   T47] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.558924][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3612] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3612] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3612] close(4)                    = 0
[pid  3612] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3612] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3612] close(4)                    = 0
[pid  3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3612] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3612] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3612] close(4)                    = 0
[pid  3612] close(3)                    = 0
[pid  3612] mkdir("/dev/binderfs", 0777) = 0
[pid  3612] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3612] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3612] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[   56.601127][   T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.601146][   T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.602661][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[pid  3612] write(3, "\x00\x00\x00\x00\x00\x03\x01\x00", 8) = 8
[pid  3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  3612] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3612] recvfrom(5, [{nlmsg_len=2376, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x37\x01\x00\x00\x74\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2376
[pid  3612] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3612] close(5)                    = 0
[pid  3612] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  3612] ioctl(5, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[   56.710709][ T3612] ------------[ cut here ]------------
[   56.710720][ T3612] wlan0: Failed check-sdata-in-driver check, flags: 0x4
[   56.711589][ T3612] WARNING: CPU: 0 PID: 3612 at net/mac80211/driver-ops.h:172 drv_bss_info_changed+0x4dd/0x5f0
[   56.735928][ T3612] Modules linked in:
[   56.740660][ T3612] CPU: 0 PID: 3612 Comm: syz-executor121 Not tainted 5.18.0-next-20220527-syzkaller #0
[   56.751122][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.761574][ T3612] RIP: 0010:drv_bss_info_changed+0x4dd/0x5f0
[   56.767882][ T3612] Code: 08 06 00 00 48 85 ed 0f 84 b9 00 00 00 e8 eb d6 bc f8 e8 e6 d6 bc f8 8b 54 24 04 48 89 ee 48 c7 c7 60 54 f3 8a e8 1d a2 74 00 <0f> 0b e9 f6 fd ff ff e8 c7 d6 bc f8 e8 22 85 b9 00 31 ff 89 c3 89
[   56.787869][ T3612] RSP: 0018:ffffc90002e9f500 EFLAGS: 00010282
[   56.793977][ T3612] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   56.802428][ T3612] RDX: ffff888022815880 RSI: ffffffff81610068 RDI: fffff520005d3e92
[   56.810773][ T3612] RBP: ffff88807b0bc000 R08: 0000000000000005 R09: 0000000000000000
[   56.819053][ T3612] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88807b0bcc80
[   56.827370][ T3612] R13: 0000000002000000 R14: ffff88807b0be2d0 R15: ffff88807b0be2c8
[   56.835372][ T3612] FS:  0000555555d90300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[   56.845201][ T3612] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   56.852171][ T3612] CR2: 0000557a749c57d8 CR3: 000000001ce45000 CR4: 00000000003506f0
[   56.860483][ T3612] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   56.868827][ T3612] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   56.877110][ T3612] Call Trace:
[   56.880418][ T3612]  <TASK>
[   56.883375][ T3612]  ieee80211_bss_info_change_notify+0x9a/0xc0
[   56.889979][ T3612]  ieee80211_set_mcast_rate+0x37/0x40
[   56.895407][ T3612]  ? ieee80211_copy_mbssid_beacon+0x270/0x270
[   56.901925][ T3612]  nl80211_set_mcast_rate+0x317/0x610
[   56.907633][ T3612]  ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0
[   56.914276][ T3612]  ? nl80211_pre_doit+0x100/0x600
[   56.919802][ T3612]  genl_family_rcv_msg_doit+0x228/0x320
[   56.925396][ T3612]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290
[   56.933486][ T3612]  ? ns_capable+0xd9/0x100
[   56.938282][ T3612]  genl_rcv_msg+0x328/0x580
[   56.942828][ T3612]  ? genl_get_cmd+0x480/0x480
[   56.948310][ T3612]  ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0
[   56.954956][ T3612]  ? lock_release+0x780/0x780
[   56.960164][ T3612]  netlink_rcv_skb+0x153/0x420
[   56.964973][ T3612]  ? genl_get_cmd+0x480/0x480
[   56.970046][ T3612]  ? netlink_ack+0xa80/0xa80
[   56.974679][ T3612]  ? netlink_deliver_tap+0x1b1/0xc40
[   56.980413][ T3612]  genl_rcv+0x24/0x40
[   56.984427][ T3612]  netlink_unicast+0x543/0x7f0
[   56.989599][ T3612]  ? netlink_attachskb+0x880/0x880
[   56.994744][ T3612]  ? __phys_addr+0xc4/0x140
[   56.999702][ T3612]  ? __phys_addr_symbol+0x2c/0x70
[   57.004772][ T3612]  ? __check_object_size+0x353/0x7a0
[   57.010514][ T3612]  netlink_sendmsg+0x917/0xe10
[   57.015327][ T3612]  ? netlink_unicast+0x7f0/0x7f0
[   57.020728][ T3612]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   57.026052][ T3612]  ? netlink_unicast+0x7f0/0x7f0
[   57.031406][ T3612]  sock_sendmsg+0xcf/0x120
[   57.035863][ T3612]  ____sys_sendmsg+0x6eb/0x810
[   57.041232][ T3612]  ? kernel_sendmsg+0x50/0x50
[   57.045944][ T3612]  ? do_recvmmsg+0x6d0/0x6d0
[   57.051195][ T3612]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   57.057791][ T3612]  ? lockdep_hardirqs_on+0x79/0x100
[   57.063330][ T3612]  ___sys_sendmsg+0xf3/0x170
[   57.068691][ T3612]  ? sendmsg_copy_msghdr+0x160/0x160
[   57.074029][ T3612]  ? lock_release+0x780/0x780
[   57.079701][ T3612]  ? ptrace_stop.part.0+0x5ec/0xa80
[   57.084942][ T3612]  ? do_raw_spin_lock+0x120/0x2a0
[   57.090405][ T3612]  ? rwlock_bug.part.0+0x90/0x90
[   57.095377][ T3612]  ? _raw_spin_lock_irq+0x41/0x50
[   57.100917][ T3612]  ? __fget_light+0x20a/0x270
[   57.105646][ T3612]  __x64_sys_sendmsg+0x132/0x220
[   57.111070][ T3612]  ? __sys_sendmsg+0x1b0/0x1b0
[   57.115891][ T3612]  ? _raw_spin_unlock_irq+0x2a/0x40
[   57.121566][ T3612]  ? ptrace_notify+0xfa/0x140
[   57.126284][ T3612]  do_syscall_64+0x35/0xb0
[   57.131205][ T3612]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   57.137453][ T3612] RIP: 0033:0x7f54e3bcea89
[   57.141897][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.162038][ T3612] RSP: 002b:00007ffc50f09ae8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   57.171046][ T3612] RAX: ffffffffffffffda RBX: 00007f54e3c483a0 RCX: 00007f54e3bcea89
[   57.179589][ T3612] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004
[   57.187921][ T3612] RBP: 0000000000000003 R08: 0000000c00000001 R09: 0000000c00000001
[   57.195919][ T3612] R10: 0000000c00000001 R11: 0000000000000246 R12: 0000000000000031
[   57.204343][ T3612] R13: 00007ffc50f09b30 R14: 00007ffc50f09b1a R15: 00007f54e3c48410
[   57.212666][ T3612]  </TASK>
[   57.215707][ T3612] Kernel panic - not syncing: panic_on_warn set ...
[   57.222300][ T3612] CPU: 1 PID: 3612 Comm: syz-executor121 Not tainted 5.18.0-next-20220527-syzkaller #0
[   57.231958][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.242029][ T3612] Call Trace:
[   57.245318][ T3612]  <TASK>
[   57.248266][ T3612]  dump_stack_lvl+0xcd/0x134
[   57.252898][ T3612]  panic+0x2d7/0x636
[   57.256820][ T3612]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   57.262857][ T3612]  ? __warn.cold+0x1d9/0x2cd
[   57.267478][ T3612]  ? drv_bss_info_changed+0x4dd/0x5f0
[   57.272882][ T3612]  __warn.cold+0x1ea/0x2cd
[   57.277321][ T3612]  ? __wake_up_klogd.part.0+0x99/0xf0
[   57.282733][ T3612]  ? drv_bss_info_changed+0x4dd/0x5f0
[   57.288135][ T3612]  report_bug+0x1bc/0x210
[   57.292495][ T3612]  handle_bug+0x3c/0x60
[   57.296688][ T3612]  exc_invalid_op+0x14/0x40
[   57.301222][ T3612]  asm_exc_invalid_op+0x1b/0x20
[   57.306097][ T3612] RIP: 0010:drv_bss_info_changed+0x4dd/0x5f0
[   57.312107][ T3612] Code: 08 06 00 00 48 85 ed 0f 84 b9 00 00 00 e8 eb d6 bc f8 e8 e6 d6 bc f8 8b 54 24 04 48 89 ee 48 c7 c7 60 54 f3 8a e8 1d a2 74 00 <0f> 0b e9 f6 fd ff ff e8 c7 d6 bc f8 e8 22 85 b9 00 31 ff 89 c3 89
[   57.331738][ T3612] RSP: 0018:ffffc90002e9f500 EFLAGS: 00010282
[   57.337833][ T3612] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   57.345825][ T3612] RDX: ffff888022815880 RSI: ffffffff81610068 RDI: fffff520005d3e92
[   57.353817][ T3612] RBP: ffff88807b0bc000 R08: 0000000000000005 R09: 0000000000000000
[   57.361832][ T3612] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88807b0bcc80
[   57.369821][ T3612] R13: 0000000002000000 R14: ffff88807b0be2d0 R15: ffff88807b0be2c8
[   57.377823][ T3612]  ? vprintk+0x88/0x90
[   57.381937][ T3612]  ieee80211_bss_info_change_notify+0x9a/0xc0
[   57.388045][ T3612]  ieee80211_set_mcast_rate+0x37/0x40
[   57.393451][ T3612]  ? ieee80211_copy_mbssid_beacon+0x270/0x270
[   57.399551][ T3612]  nl80211_set_mcast_rate+0x317/0x610
[   57.404961][ T3612]  ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0
[   57.411595][ T3612]  ? nl80211_pre_doit+0x100/0x600
[   57.416659][ T3612]  genl_family_rcv_msg_doit+0x228/0x320
[   57.422236][ T3612]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290
[   57.429648][ T3612]  ? ns_capable+0xd9/0x100
[   57.434100][ T3612]  genl_rcv_msg+0x328/0x580
[   57.438640][ T3612]  ? genl_get_cmd+0x480/0x480
[   57.443343][ T3612]  ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0
[   57.449980][ T3612]  ? lock_release+0x780/0x780
[   57.454704][ T3612]  netlink_rcv_skb+0x153/0x420
[   57.459499][ T3612]  ? genl_get_cmd+0x480/0x480
[   57.464205][ T3612]  ? netlink_ack+0xa80/0xa80
[   57.468825][ T3612]  ? netlink_deliver_tap+0x1b1/0xc40
[   57.474143][ T3612]  genl_rcv+0x24/0x40
[   57.478147][ T3612]  netlink_unicast+0x543/0x7f0
[   57.482940][ T3612]  ? netlink_attachskb+0x880/0x880
[   57.488072][ T3612]  ? __phys_addr+0xc4/0x140
[   57.492609][ T3612]  ? __phys_addr_symbol+0x2c/0x70
[   57.497670][ T3612]  ? __check_object_size+0x353/0x7a0
[   57.502993][ T3612]  netlink_sendmsg+0x917/0xe10
[   57.507790][ T3612]  ? netlink_unicast+0x7f0/0x7f0
[   57.512760][ T3612]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   57.518072][ T3612]  ? netlink_unicast+0x7f0/0x7f0
[   57.523032][ T3612]  sock_sendmsg+0xcf/0x120
[   57.527471][ T3612]  ____sys_sendmsg+0x6eb/0x810
[   57.532261][ T3612]  ? kernel_sendmsg+0x50/0x50
[   57.536957][ T3612]  ? do_recvmmsg+0x6d0/0x6d0
[   57.541578][ T3612]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   57.547595][ T3612]  ? lockdep_hardirqs_on+0x79/0x100
[   57.552835][ T3612]  ___sys_sendmsg+0xf3/0x170
[   57.557449][ T3612]  ? sendmsg_copy_msghdr+0x160/0x160
[   57.562768][ T3612]  ? lock_release+0x780/0x780
[   57.567483][ T3612]  ? ptrace_stop.part.0+0x5ec/0xa80
[   57.572707][ T3612]  ? do_raw_spin_lock+0x120/0x2a0
[   57.577755][ T3612]  ? rwlock_bug.part.0+0x90/0x90
[   57.582717][ T3612]  ? _raw_spin_lock_irq+0x41/0x50
[   57.587773][ T3612]  ? __fget_light+0x20a/0x270
[   57.592487][ T3612]  __x64_sys_sendmsg+0x132/0x220
[   57.597453][ T3612]  ? __sys_sendmsg+0x1b0/0x1b0
[   57.602262][ T3612]  ? _raw_spin_unlock_irq+0x2a/0x40
[   57.607485][ T3612]  ? ptrace_notify+0xfa/0x140
[   57.612194][ T3612]  do_syscall_64+0x35/0xb0
[   57.616639][ T3612]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   57.622553][ T3612] RIP: 0033:0x7f54e3bcea89
[   57.626988][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.646622][ T3612] RSP: 002b:00007ffc50f09ae8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   57.655067][ T3612] RAX: ffffffffffffffda RBX: 00007f54e3c483a0 RCX: 00007f54e3bcea89
[   57.663063][ T3612] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004
[   57.671051][ T3612] RBP: 0000000000000003 R08: 0000000c00000001 R09: 0000000c00000001
[   57.679042][ T3612] R10: 0000000c00000001 R11: 0000000000000246 R12: 0000000000000031
[   57.687031][ T3612] R13: 00007ffc50f09b30 R14: 00007ffc50f09b1a R15: 00007f54e3c48410
[   57.695038][ T3612]  </TASK>
[   57.698395][ T3612] Kernel Offset: disabled
[   57.702767][ T3612] Rebooting in 86400 seconds..