./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3605454089

<...>
Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts.
execve("./syz-executor3605454089", ["./syz-executor3605454089"], 0x7ffd72cee7e0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555607e000
brk(0x55555607ec40)                     = 0x55555607ec40
arch_prctl(ARCH_SET_FS, 0x55555607e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3605454089", 4096) = 28
brk(0x55555609fc40)                     = 0x55555609fc40
brk(0x5555560a0000)                     = 0x5555560a0000
mprotect(0x7f578c30d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3607 attached
, child_tidptr=0x55555607e5d0) = 3607
[pid  3607] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3607] setsid()                    = 1
[pid  3607] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3607] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3607] unshare(CLONE_NEWNS)        = 0
[pid  3607] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3607] unshare(CLONE_NEWIPC)       = 0
[pid  3607] unshare(CLONE_NEWCGROUP)    = 0
[pid  3607] unshare(CLONE_NEWUTS)       = 0
[pid  3607] unshare(CLONE_SYSVSEM)      = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "16777216", 8)     = 8
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "536870912", 9)    = 9
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "8192", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3607] close(3)                    = 0
[pid  3607] getpid()                    = 1
[pid  3607] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3607] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3607] unshare(CLONE_NEWNET)       = 0
[pid  3607] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "0 65535", 7)      = 7
[pid  3607] close(3)                    = 0
[pid  3607] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  3607] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  3607] close(3)                    = 0
[pid  3607] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  3607] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  3607] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x18\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  3607] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3607] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3607] recvfrom(3, [{nlmsg_len=2376, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x37\x01\x00\x00\x74\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2376
[pid  3607] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3607] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3607] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3607] access("/proc/net", R_OK)   = 0
[pid  3607] access("/proc/net/unix", R_OK) = 0
[pid  3607] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3607] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3607] close(4)                    = 0
[pid  3607] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3607] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3607] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3607] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3607] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3607] close(4)                    = 0
[pid  3607] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3607] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3607] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3607] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3607] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3607] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3607] close(4)                    = 0
[pid  3607] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3607] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3607] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3607] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3607] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3607] close(4)                    = 0
[pid  3607] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
syzkaller login: [   37.631787][ T2444] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.639772][ T2444] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.650002][  T919] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  3607] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3607] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3607] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3607] close(4)                    = 0
[pid  3607] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3607] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3607] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3607] close(4)                    = 0
[pid  3607] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3607] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3607] close(4)                    = 0
[pid  3607] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3607] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3607] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3607] close(4)                    = 0
[pid  3607] close(3)                    = 0
[pid  3607] mkdir("/dev/binderfs", 0777) = 0
[pid  3607] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3607] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3607] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  3607] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x28\x00\x00\x00\x10\x00\x01\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x02\x00\x00\x00\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00", iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 40
[pid  3607] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  3607] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3607] recvfrom(4, [{nlmsg_len=2376, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x37\x01\x00\x00\x74\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2376
[pid  3607] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3607] close(4)                    = 0
[pid  3607] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  3607] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  3607] ioctl(5, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[   37.678310][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.686379][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.695390][  T141] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   37.731123][ T3607] ------------[ cut here ]------------
[   37.736727][ T3607] wlan1: Failed check-sdata-in-driver check, flags: 0x4
[   37.744553][ T3607] WARNING: CPU: 0 PID: 3607 at net/mac80211/driver-ops.h:172 drv_bss_info_changed+0x4dd/0x5f0
[   37.755185][ T3607] Modules linked in:
[   37.759102][ T3607] CPU: 0 PID: 3607 Comm: syz-executor360 Not tainted 5.19.0-rc8-syzkaller-00152-g620725263f42 #0
[   37.769982][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   37.780451][ T3607] RIP: 0010:drv_bss_info_changed+0x4dd/0x5f0
[   37.786490][ T3607] Code: 08 06 00 00 48 85 ed 0f 84 b9 00 00 00 e8 4b ad bc f8 e8 46 ad bc f8 8b 54 24 04 48 89 ee 48 c7 c7 20 bb f3 8a e8 52 c1 74 00 <0f> 0b e9 f6 fd ff ff e8 27 ad bc f8 e8 92 bb b9 00 31 ff 89 c3 89
[   37.806262][ T3607] RSP: 0018:ffffc9000334f500 EFLAGS: 00010282
[   37.812478][ T3607] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   37.820811][ T3607] RDX: ffff888025ae3b00 RSI: ffffffff8160d1d8 RDI: fffff52000669e92
[   37.829094][ T3607] RBP: ffff888079e1c000 R08: 0000000000000005 R09: 0000000000000000
[   37.837373][ T3607] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888079e1cc80
[   37.845397][ T3607] R13: 0000000002000000 R14: ffff888079e1e2d0 R15: ffff888079e1e2c8
[   37.853407][ T3607] FS:  000055555607e300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   37.862413][ T3607] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   37.868990][ T3607] CR2: 0000000020000140 CR3: 000000001c4dc000 CR4: 0000000000350ef0
[   37.877030][ T3607] Call Trace:
[   37.880323][ T3607]  <TASK>
[   37.883330][ T3607]  ieee80211_bss_info_change_notify+0x9a/0xc0
[   37.889420][ T3607]  ieee80211_set_mcast_rate+0x37/0x40
[   37.894887][ T3607]  ? ieee80211_copy_mbssid_beacon+0x270/0x270
[   37.901059][ T3607]  nl80211_set_mcast_rate+0x317/0x610
[   37.906459][ T3607]  ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0
[   37.913643][ T3607]  ? nl80211_pre_doit+0x100/0x600
[   37.918683][ T3607]  genl_family_rcv_msg_doit+0x228/0x320
[   37.924358][ T3607]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290
[   37.931785][ T3607]  ? ns_capable+0xd9/0x100
[   37.936196][ T3607]  genl_rcv_msg+0x328/0x580
[   37.940687][ T3607]  ? genl_get_cmd+0x480/0x480
[   37.945656][ T3607]  ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0
[   37.952368][ T3607]  ? lock_release+0x780/0x780
[   37.957052][ T3607]  netlink_rcv_skb+0x153/0x420
[   37.961910][ T3607]  ? genl_get_cmd+0x480/0x480
[   37.966638][ T3607]  ? netlink_ack+0xa80/0xa80
[   37.971294][ T3607]  ? netlink_deliver_tap+0x1b1/0xc40
[   37.976619][ T3607]  genl_rcv+0x24/0x40
[   37.980595][ T3607]  netlink_unicast+0x543/0x7f0
[   37.985446][ T3607]  ? netlink_attachskb+0x880/0x880
[   37.990675][ T3607]  ? __virt_addr_valid+0x5d/0x2d0
[   37.995767][ T3607]  ? __phys_addr_symbol+0x2c/0x70
[   38.000838][ T3607]  ? __check_object_size+0x2de/0x700
[   38.006127][ T3607]  netlink_sendmsg+0x917/0xe10
[   38.010944][ T3607]  ? netlink_unicast+0x7f0/0x7f0
[   38.015925][ T3607]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   38.021501][ T3607]  ? netlink_unicast+0x7f0/0x7f0
[   38.026486][ T3607]  sock_sendmsg+0xcf/0x120
[   38.031028][ T3607]  ____sys_sendmsg+0x6eb/0x810
[   38.035821][ T3607]  ? kernel_sendmsg+0x50/0x50
[   38.040519][ T3607]  ? do_recvmmsg+0x6d0/0x6d0
[   38.045222][ T3607]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   38.051285][ T3607]  ? lockdep_hardirqs_on+0x79/0x100
[   38.056498][ T3607]  ___sys_sendmsg+0xf3/0x170
[   38.061179][ T3607]  ? sendmsg_copy_msghdr+0x160/0x160
[   38.066522][ T3607]  ? lock_release+0x780/0x780
[   38.071498][ T3607]  ? ptrace_stop.part.0+0x5ec/0xa80
[   38.076762][ T3607]  ? do_raw_spin_lock+0x120/0x2a0
[   38.081915][ T3607]  ? rwlock_bug.part.0+0x90/0x90
[   38.086871][ T3607]  ? _raw_spin_lock_irq+0x41/0x50
[   38.091956][ T3607]  ? __fget_light+0x20a/0x270
[   38.096659][ T3607]  __x64_sys_sendmsg+0x132/0x220
[   38.101682][ T3607]  ? __sys_sendmsg+0x1b0/0x1b0
[   38.106463][ T3607]  ? _raw_spin_unlock_irq+0x2a/0x40
[   38.111701][ T3607]  ? ptrace_notify+0xfa/0x140
[   38.116398][ T3607]  do_syscall_64+0x35/0xb0
[   38.120876][ T3607]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   38.126792][ T3607] RIP: 0033:0x7f578c299b49
[   38.131293][ T3607] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   38.151341][ T3607] RSP: 002b:00007ffcfedbb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   38.159776][ T3607] RAX: ffffffffffffffda RBX: 00007f578c3133a0 RCX: 00007f578c299b49
[   38.167870][ T3607] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004
[   38.175935][ T3607] RBP: 0000000000000003 R08: 0000000c00000000 R09: 0000000c00000000
[   38.184134][ T3607] R10: 0000000c00000000 R11: 0000000000000246 R12: 0000000000000031
[   38.192211][ T3607] R13: 00007ffcfedbb1d0 R14: 00007ffcfedbb1ba R15: 00007f578c313410
[   38.200191][ T3607]  </TASK>
[   38.203277][ T3607] Kernel panic - not syncing: panic_on_warn set ...
[   38.209877][ T3607] CPU: 0 PID: 3607 Comm: syz-executor360 Not tainted 5.19.0-rc8-syzkaller-00152-g620725263f42 #0
[   38.220371][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   38.230412][ T3607] Call Trace:
[   38.233681][ T3607]  <TASK>
[   38.236599][ T3607]  dump_stack_lvl+0xcd/0x134
[   38.241181][ T3607]  panic+0x2d7/0x636
[   38.245059][ T3607]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   38.251025][ T3607]  ? __warn.cold+0x1d1/0x2c5
[   38.255601][ T3607]  ? drv_bss_info_changed+0x4dd/0x5f0
[   38.261135][ T3607]  __warn.cold+0x1e2/0x2c5
[   38.265536][ T3607]  ? __wake_up_klogd.part.0+0x99/0xf0
[   38.271071][ T3607]  ? drv_bss_info_changed+0x4dd/0x5f0
[   38.276431][ T3607]  report_bug+0x1bc/0x210
[   38.280758][ T3607]  handle_bug+0x3c/0x60
[   38.284900][ T3607]  exc_invalid_op+0x14/0x40
[   38.289385][ T3607]  asm_exc_invalid_op+0x16/0x20
[   38.294231][ T3607] RIP: 0010:drv_bss_info_changed+0x4dd/0x5f0
[   38.300213][ T3607] Code: 08 06 00 00 48 85 ed 0f 84 b9 00 00 00 e8 4b ad bc f8 e8 46 ad bc f8 8b 54 24 04 48 89 ee 48 c7 c7 20 bb f3 8a e8 52 c1 74 00 <0f> 0b e9 f6 fd ff ff e8 27 ad bc f8 e8 92 bb b9 00 31 ff 89 c3 89
[   38.319917][ T3607] RSP: 0018:ffffc9000334f500 EFLAGS: 00010282
[   38.325990][ T3607] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   38.333965][ T3607] RDX: ffff888025ae3b00 RSI: ffffffff8160d1d8 RDI: fffff52000669e92
[   38.341937][ T3607] RBP: ffff888079e1c000 R08: 0000000000000005 R09: 0000000000000000
[   38.349901][ T3607] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888079e1cc80
[   38.357874][ T3607] R13: 0000000002000000 R14: ffff888079e1e2d0 R15: ffff888079e1e2c8
[   38.365853][ T3607]  ? vprintk+0x88/0x90
[   38.370013][ T3607]  ieee80211_bss_info_change_notify+0x9a/0xc0
[   38.376087][ T3607]  ieee80211_set_mcast_rate+0x37/0x40
[   38.381468][ T3607]  ? ieee80211_copy_mbssid_beacon+0x270/0x270
[   38.387535][ T3607]  nl80211_set_mcast_rate+0x317/0x610
[   38.392906][ T3607]  ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0
[   38.399502][ T3607]  ? nl80211_pre_doit+0x100/0x600
[   38.404533][ T3607]  genl_family_rcv_msg_doit+0x228/0x320
[   38.410084][ T3607]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290
[   38.417562][ T3607]  ? ns_capable+0xd9/0x100
[   38.422162][ T3607]  genl_rcv_msg+0x328/0x580
[   38.426670][ T3607]  ? genl_get_cmd+0x480/0x480
[   38.431345][ T3607]  ? nl80211_tdls_cancel_channel_switch+0x5a0/0x5a0
[   38.437944][ T3607]  ? lock_release+0x780/0x780
[   38.442623][ T3607]  netlink_rcv_skb+0x153/0x420
[   38.447387][ T3607]  ? genl_get_cmd+0x480/0x480
[   38.452062][ T3607]  ? netlink_ack+0xa80/0xa80
[   38.456654][ T3607]  ? netlink_deliver_tap+0x1b1/0xc40
[   38.461941][ T3607]  genl_rcv+0x24/0x40
[   38.465920][ T3607]  netlink_unicast+0x543/0x7f0
[   38.470683][ T3607]  ? netlink_attachskb+0x880/0x880
[   38.475861][ T3607]  ? __virt_addr_valid+0x5d/0x2d0
[   38.480888][ T3607]  ? __phys_addr_symbol+0x2c/0x70
[   38.485915][ T3607]  ? __check_object_size+0x2de/0x700
[   38.491202][ T3607]  netlink_sendmsg+0x917/0xe10
[   38.495970][ T3607]  ? netlink_unicast+0x7f0/0x7f0
[   38.500909][ T3607]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   38.506193][ T3607]  ? netlink_unicast+0x7f0/0x7f0
[   38.511132][ T3607]  sock_sendmsg+0xcf/0x120
[   38.515637][ T3607]  ____sys_sendmsg+0x6eb/0x810
[   38.520397][ T3607]  ? kernel_sendmsg+0x50/0x50
[   38.525065][ T3607]  ? do_recvmmsg+0x6d0/0x6d0
[   38.529652][ T3607]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   38.535636][ T3607]  ? lockdep_hardirqs_on+0x79/0x100
[   38.540834][ T3607]  ___sys_sendmsg+0xf3/0x170
[   38.545596][ T3607]  ? sendmsg_copy_msghdr+0x160/0x160
[   38.551056][ T3607]  ? lock_release+0x780/0x780
[   38.555726][ T3607]  ? ptrace_stop.part.0+0x5ec/0xa80
[   38.560921][ T3607]  ? do_raw_spin_lock+0x120/0x2a0
[   38.565938][ T3607]  ? rwlock_bug.part.0+0x90/0x90
[   38.570870][ T3607]  ? _raw_spin_lock_irq+0x41/0x50
[   38.575897][ T3607]  ? __fget_light+0x20a/0x270
[   38.580576][ T3607]  __x64_sys_sendmsg+0x132/0x220
[   38.585866][ T3607]  ? __sys_sendmsg+0x1b0/0x1b0
[   38.590638][ T3607]  ? _raw_spin_unlock_irq+0x2a/0x40
[   38.595924][ T3607]  ? ptrace_notify+0xfa/0x140
[   38.600605][ T3607]  do_syscall_64+0x35/0xb0
[   38.605026][ T3607]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   38.610922][ T3607] RIP: 0033:0x7f578c299b49
[   38.615334][ T3607] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   38.635126][ T3607] RSP: 002b:00007ffcfedbb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   38.643539][ T3607] RAX: ffffffffffffffda RBX: 00007f578c3133a0 RCX: 00007f578c299b49
[   38.652136][ T3607] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004
[   38.660110][ T3607] RBP: 0000000000000003 R08: 0000000c00000000 R09: 0000000c00000000
[   38.668167][ T3607] R10: 0000000c00000000 R11: 0000000000000246 R12: 0000000000000031
[   38.676133][ T3607] R13: 00007ffcfedbb1d0 R14: 00007ffcfedbb1ba R15: 00007f578c313410
[   38.684294][ T3607]  </TASK>
[   38.687925][ T3607] Kernel Offset: disabled
[   38.692311][ T3607] Rebooting in 86400 seconds..