./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3897280624
<...>
Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts.
execve("./syz-executor3897280624", ["./syz-executor3897280624"], 0x7ffd67404fe0 /* 10 vars */) = 0
brk(NULL) = 0x555556235000
brk(0x555556235d00) = 0x555556235d00
arch_prctl(ARCH_SET_FS, 0x555556235380) = 0
set_tid_address(0x555556235650) = 5025
set_robust_list(0x555556235660, 24) = 0
rseq(0x555556235ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3897280624", 4096) = 28
getrandom("\x08\x93\xa2\xb9\xda\x53\x77\x0e", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556235d00
brk(0x555556256d00) = 0x555556256d00
brk(0x555556257000) = 0x555556257000
mprotect(0x7f7b51b71000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556235650) = 5026
./strace-static-x86_64: Process 5026 attached
[pid 5026] set_robust_list(0x555556235660, 24) = 0
[pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5026] setpgid(0, 0) = 0
[pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5026] write(3, "1000", 4) = 4
[pid 5026] close(3) = 0
[pid 5026] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 5026] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5026] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5026] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5026] recvfrom(4, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5026}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5026] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5026}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5026] close(4) = 0
[pid 5026] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x14\x00\x5a\x80\x10\x00\x00\x80\x06\x00\x02\x00\x00\x00\x00\x00\x04\x00\x01\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid 5026] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5026] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid 5026] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5026] recvfrom(5, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1847698138}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5026] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1847698138}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5026] close(5) = 0
[pid 5026] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5
[pid 5026] ioctl(5, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5026] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTROUTE}, 0) = 36
[pid 5026] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6
[pid 5026] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 7
[pid 5026] sendto(7, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5026] recvfrom(7, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-432399418}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5026] recvfrom(7, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-432399418}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5026] close(7) = 0
[pid 5026] ioctl(6, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5026] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x2c\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x05\x00\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=44}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 44
[pid 5026] exit_group(0) = ?
[pid 5026] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5027 attached
, child_tidptr=0x555556235650) = 5027
[pid 5027] set_robust_list(0x555556235660, 24) = 0
[pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5027] setpgid(0, 0) = 0
[pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5027] write(3, "1000", 4) = 4
[pid 5027] close(3) = 0
[pid 5027] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 5027] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5027] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5027] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5027] recvfrom(4, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5027}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5027] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5027}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5027] close(4) = 0
[pid 5027] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x14\x00\x5a\x80\x10\x00\x00\x80\x06\x00\x02\x00\x00\x00\x00\x00\x04\x00\x01\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid 5027] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5027] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid 5027] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5027] recvfrom(5, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-2084198058}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5027] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-2084198058}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5027] close(5) = 0
[pid 5027] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5
[pid 5027] ioctl(5, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5027] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTROUTE}, 0) = 36
[pid 5027] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6
[pid 5027] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 7
[pid 5027] sendto(7, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5027] recvfrom(7, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1544025114}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[ 68.320797][ T5026] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[pid 5027] recvfrom(7, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1544025114}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5027] close(7) = 0
[pid 5027] ioctl(6, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5027] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x2c\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x05\x00\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=44}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 44
[pid 5027] exit_group(0) = ?
[pid 5027] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556235650) = 5028
./strace-static-x86_64: Process 5028 attached
[pid 5028] set_robust_list(0x555556235660, 24) = 0
[pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5028] setpgid(0, 0) = 0
[pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5028] write(3, "1000", 4) = 4
[pid 5028] close(3) = 0
[pid 5028] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 5028] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5028] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5028] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5028] recvfrom(4, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5028}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5028] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5028}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[ 68.369100][ T10] ------------[ cut here ]------------
[ 68.369631][ T5027] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[ 68.374761][ T10] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0
[ 68.394761][ T10] WARNING: CPU: 1 PID: 10 at net/mac80211/rate.c:379 __rate_control_send_low+0x6d7/0x800
[ 68.404971][ T10] Modules linked in:
[ 68.409038][ T10] CPU: 1 PID: 10 Comm: kworker/u4:0 Not tainted 6.5.0-rc4-syzkaller-00186-gd14eea09edf4 #0
[pid 5028] close(4) = 0
[pid 5028] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x14\x00\x5a\x80\x10\x00\x00\x80\x06\x00\x02\x00\x00\x00\x00\x00\x04\x00\x01\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid 5028] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5028] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid 5028] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5028] recvfrom(5, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1239413414}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5028] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1239413414}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5028] close(5) = 0
[pid 5028] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5
[pid 5028] ioctl(5, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5028] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTROUTE}, 0) = 36
[pid 5028] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6
[pid 5028] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 7
[pid 5028] sendto(7, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5028] recvfrom(7, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1637195866}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5028] recvfrom(7, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1637195866}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5028] close(7) = 0
[pid 5028] ioctl(6, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5028] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x2c\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x05\x00\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=44}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 44
[ 68.419137][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 68.429558][ T10] Workqueue: phy1 ieee80211_scan_work
[ 68.435024][ T10] RIP: 0010:__rate_control_send_low+0x6d7/0x800
[ 68.438331][ T5028] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[pid 5028] exit_group(0) = ?
[pid 5028] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5028, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556235650) = 5029
./strace-static-x86_64: Process 5029 attached
[pid 5029] set_robust_list(0x555556235660, 24) = 0
[pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5029] setpgid(0, 0) = 0
[pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5029] write(3, "1000", 4) = 4
[ 68.441388][ T10] Code: 8b a4 a0 d4 00 00 00 e8 17 31 da f7 44 8b 44 24 3c 45 89 e9 89 d9 48 8b 74 24 18 44 89 e2 48 c7 c7 60 b2 a2 8b e8 39 f3 a0 f7 <0f> 0b e9 03 fd ff ff 48 8b 7c 24 30 e8 c8 39 2e f8 e9 e5 fb ff ff
[ 68.470719][ T10] RSP: 0018:ffffc900000f7578 EFLAGS: 00010282
[ 68.476846][ T10] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 68.485276][ T10] RDX: ffff888016679dc0 RSI: ffffffff814ccc06 RDI: 0000000000000001
[ 68.493517][ T10] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 68.494417][ T5029] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[ 68.502193][ T10] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000ffffffff
[ 68.502214][ T10] R13: 0000000000000000 R14: 000000000000000c R15: dffffc0000000000
[ 68.502231][ T10] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 68.502256][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 68.502275][ T10] CR2: 00007f7b51b005b0 CR3: 000000002822a000 CR4: 00000000003506e0
[ 68.502292][ T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 68.502307][ T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 68.502322][ T10] Call Trace:
[ 68.502330][ T10]
[ 68.502341][ T10] ? __warn+0xe6/0x380
[ 68.502374][ T10] ? __wake_up_klogd.part.0+0x99/0xf0
[ 68.502410][ T10] ? __rate_control_send_low+0x6d7/0x800
[ 68.502447][ T10] ? report_bug+0x3bc/0x580
[ 68.502475][ T10] ? handle_bug+0x3c/0x70
[ 68.502500][ T10] ? exc_invalid_op+0x17/0x40
[ 68.502525][ T10] ? asm_exc_invalid_op+0x1a/0x20
[ 68.502563][ T10] ? __warn_printk+0x1a6/0x350
[ 68.502596][ T10] ? __rate_control_send_low+0x6d7/0x800
[ 68.502630][ T10] ? __rate_control_send_low+0x6d7/0x800
[ 68.502672][ T10] rate_control_send_low+0x296/0x820
[ 68.502711][ T10] rate_control_get_rate+0x1be/0x590
[ 68.502770][ T10] ieee80211_tx_h_rate_ctrl+0xa70/0x19d0
[ 68.502808][ T10] ? mark_lock+0x105/0x1950
[ 68.502837][ T10] ? ieee80211_probereq_get+0x290/0x290
[ 68.502880][ T10] invoke_tx_handlers_late+0xd15/0x2c90
[ 68.502910][ T10] ? ieee80211_queue_skb+0x472/0x1fb0
[ 68.502940][ T10] ? ieee80211_ie_build_eht_cap+0x3e0/0x3e0
[ 68.502970][ T10] ? invoke_tx_handlers_early+0x663/0x26c0
[ 68.503009][ T10] ieee80211_tx+0x2ff/0x420
[ 68.503043][ T10] ? ieee80211_tx_prepare_skb+0x470/0x470
[ 68.503076][ T10] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.557672][ T5030] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[ 68.562874][ T10] ? ieee80211_skb_resize+0x22a/0x620
[ 68.626273][ T5031] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[ 68.629308][ T10] ? ieee80211_set_qos_hdr+0xba/0x3e0
[ 68.629353][ T10] ieee80211_xmit+0x30e/0x3e0
[ 68.677580][ T5032] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[ 68.680044][ T10] __ieee80211_tx_skb_tid_band+0x2a0/0x700
[ 68.724160][ T5033] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[ 68.727513][ T10] ieee80211_scan_state_send_probe+0x33c/0x970
[ 68.764951][ T10] ieee80211_scan_work+0x6f8/0x1fc0
[ 68.770859][ T10] ? lock_sync+0x190/0x190
[ 68.771792][ T5034] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[ 68.775453][ T10] ? reacquire_held_locks+0x4b0/0x4b0
[ 68.790737][ T10] ? ieee80211_run_deferred_scan+0x340/0x340
[ 68.796895][ T10] ? spin_bug+0x1d0/0x1d0
[ 68.801357][ T10] process_one_work+0xaa2/0x16f0
[ 68.806537][ T10] ? lock_sync+0x190/0x190
[ 68.811086][ T10] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 68.816709][ T10] ? spin_bug+0x1d0/0x1d0
[ 68.821238][ T10] worker_thread+0x687/0x1110
[ 68.824296][ T5035] netlink: 8 bytes leftover after parsing attributes in process `syz-executor389'.
[ 68.825960][ T10] ? process_one_work+0x16f0/0x16f0
[ 68.840938][ T10] kthread+0x33a/0x430
[ 68.845167][ T10] ? kthread_complete_and_exit+0x40/0x40
[ 68.851115][ T10] ret_from_fork+0x2c/0x70
[ 68.855586][ T10] ? kthread_complete_and_exit+0x40/0x40
[ 68.861354][ T10] ret_from_fork_asm+0x11/0x20
[ 68.866376][ T10]
[ 68.869499][ T10] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 68.877091][ T10] CPU: 1 PID: 10 Comm: kworker/u4:0 Not tainted 6.5.0-rc4-syzkaller-00186-gd14eea09edf4 #0
[ 68.887548][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 68.897729][ T10] Workqueue: phy1 ieee80211_scan_work
[ 68.903339][ T10] Call Trace:
[ 68.906762][ T10]
[ 68.909816][ T10] dump_stack_lvl+0xd9/0x1b0
[ 68.914460][ T10] panic+0x6a4/0x750
[ 68.918585][ T10] ? panic_smp_self_stop+0xa0/0xa0
[ 68.923840][ T10] ? show_trace_log_lvl+0x29d/0x3c0
[ 68.929195][ T10] ? __rate_control_send_low+0x6d7/0x800
[ 68.934918][ T10] check_panic_on_warn+0xab/0xb0
[ 68.940438][ T10] __warn+0xf2/0x380
[ 68.944384][ T10] ? __wake_up_klogd.part.0+0x99/0xf0
[ 68.949842][ T10] ? __rate_control_send_low+0x6d7/0x800
[ 68.955742][ T10] report_bug+0x3bc/0x580
[ 68.960394][ T10] handle_bug+0x3c/0x70
[ 68.964610][ T10] exc_invalid_op+0x17/0x40
[ 68.969255][ T10] asm_exc_invalid_op+0x1a/0x20
[ 68.974229][ T10] RIP: 0010:__rate_control_send_low+0x6d7/0x800
[ 68.980765][ T10] Code: 8b a4 a0 d4 00 00 00 e8 17 31 da f7 44 8b 44 24 3c 45 89 e9 89 d9 48 8b 74 24 18 44 89 e2 48 c7 c7 60 b2 a2 8b e8 39 f3 a0 f7 <0f> 0b e9 03 fd ff ff 48 8b 7c 24 30 e8 c8 39 2e f8 e9 e5 fb ff ff
[ 69.000866][ T10] RSP: 0018:ffffc900000f7578 EFLAGS: 00010282
[ 69.007166][ T10] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 69.016656][ T10] RDX: ffff888016679dc0 RSI: ffffffff814ccc06 RDI: 0000000000000001
[ 69.024876][ T10] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 69.033185][ T10] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000ffffffff
[ 69.041380][ T10] R13: 0000000000000000 R14: 000000000000000c R15: dffffc0000000000
[ 69.049577][ T10] ? __warn_printk+0x1a6/0x350
[ 69.054511][ T10] ? __rate_control_send_low+0x6d7/0x800
[ 69.060308][ T10] rate_control_send_low+0x296/0x820
[ 69.065754][ T10] rate_control_get_rate+0x1be/0x590
[ 69.071103][ T10] ieee80211_tx_h_rate_ctrl+0xa70/0x19d0
[ 69.076841][ T10] ? mark_lock+0x105/0x1950
[ 69.081669][ T10] ? ieee80211_probereq_get+0x290/0x290
[ 69.087548][ T10] invoke_tx_handlers_late+0xd15/0x2c90
[ 69.093257][ T10] ? ieee80211_queue_skb+0x472/0x1fb0
[ 69.099308][ T10] ? ieee80211_ie_build_eht_cap+0x3e0/0x3e0
[ 69.105793][ T10] ? invoke_tx_handlers_early+0x663/0x26c0
[ 69.111773][ T10] ieee80211_tx+0x2ff/0x420
[ 69.116427][ T10] ? ieee80211_tx_prepare_skb+0x470/0x470
[ 69.122380][ T10] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 69.128447][ T10] ? ieee80211_skb_resize+0x22a/0x620
[ 69.133908][ T10] ? ieee80211_set_qos_hdr+0xba/0x3e0
[ 69.139341][ T10] ieee80211_xmit+0x30e/0x3e0
[ 69.144083][ T10] __ieee80211_tx_skb_tid_band+0x2a0/0x700
[ 69.150246][ T10] ieee80211_scan_state_send_probe+0x33c/0x970
[ 69.156770][ T10] ieee80211_scan_work+0x6f8/0x1fc0
[ 69.162276][ T10] ? lock_sync+0x190/0x190
[ 69.166923][ T10] ? reacquire_held_locks+0x4b0/0x4b0
[ 69.172396][ T10] ? ieee80211_run_deferred_scan+0x340/0x340
[ 69.178657][ T10] ? spin_bug+0x1d0/0x1d0
[ 69.183717][ T10] process_one_work+0xaa2/0x16f0
[ 69.188887][ T10] ? lock_sync+0x190/0x190
[ 69.193642][ T10] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 69.199693][ T10] ? spin_bug+0x1d0/0x1d0
[ 69.204199][ T10] worker_thread+0x687/0x1110
[ 69.209248][ T10] ? process_one_work+0x16f0/0x16f0
[ 69.214775][ T10] kthread+0x33a/0x430
[ 69.219095][ T10] ? kthread_complete_and_exit+0x40/0x40
[ 69.225101][ T10] ret_from_fork+0x2c/0x70
[ 69.229874][ T10] ? kthread_complete_and_exit+0x40/0x40
[ 69.236118][ T10] ret_from_fork_asm+0x11/0x20
[ 69.241173][ T10]
[ 69.244593][ T10] Kernel Offset: disabled
[ 69.249202][ T10] Rebooting in 86400 seconds..