./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1219349114

<...>
no interfaces have a carrier
forked to background, child pid 4634
[   31.929168][ T4635] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.938674][ T4635] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.56' (ECDSA) to the list of known hosts.
execve("./syz-executor1219349114", ["./syz-executor1219349114"], 0x7ffd444eb150 /* 10 vars */) = 0
brk(NULL)                               = 0x555556e90000
brk(0x555556e90c40)                     = 0x555556e90c40
arch_prctl(ARCH_SET_FS, 0x555556e90300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1219349114", 4096) = 28
brk(0x555556eb1c40)                     = 0x555556eb1c40
brk(0x555556eb2000)                     = 0x555556eb2000
mprotect(0x7fd44d29c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached
, child_tidptr=0x555556e905d0) = 5060
[pid  5060] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5060] setsid()                    = 1
[pid  5060] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5060] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5060] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5060] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5060] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5060] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5060] unshare(CLONE_NEWNS)        = 0
[pid  5060] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5060] unshare(CLONE_NEWIPC)       = 0
[pid  5060] unshare(CLONE_NEWCGROUP)    = 0
[pid  5060] unshare(CLONE_NEWUTS)       = 0
[pid  5060] unshare(CLONE_SYSVSEM)      = 0
[pid  5060] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "16777216", 8)     = 8
[pid  5060] close(3)                    = 0
[pid  5060] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "536870912", 9)    = 9
[pid  5060] close(3)                    = 0
[pid  5060] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "1024", 4)         = 4
[pid  5060] close(3)                    = 0
[pid  5060] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "8192", 4)         = 4
[pid  5060] close(3)                    = 0
[pid  5060] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "1024", 4)         = 4
[pid  5060] close(3)                    = 0
[pid  5060] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "1024", 4)         = 4
[pid  5060] close(3)                    = 0
[pid  5060] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5060] close(3)                    = 0
[pid  5060] getpid()                    = 1
[pid  5060] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5060] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5060] unshare(CLONE_NEWNET)       = 0
[pid  5060] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "0 65535", 7)      = 7
[pid  5060] close(3)                    = 0
[pid  5060] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5060] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5060] close(3)                    = 0
[pid  5060] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5060] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5060] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x28\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x19\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  5060] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5060] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5060] recvfrom(3, [{nlmsg_len=2476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x41\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  5060] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5060] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5060] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5060] access("/proc/net", R_OK)   = 0
[pid  5060] access("/proc/net/unix", R_OK) = 0
[pid  5060] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5060] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5060] close(4)                    = 0
[pid  5060] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5060] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5060] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5060] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5060] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5060] close(4)                    = 0
[pid  5060] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5060] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5060] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5060] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5060] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5060] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5060] close(4)                    = 0
[pid  5060] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5060] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5060] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5060] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5060] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5060] close(4)                    = 0
[pid  5060] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
syzkaller login: [   57.833408][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.849248][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.865014][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  5060] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5060] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5060] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5060] close(4)                    = 0
[pid  5060] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5060] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5060] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
[pid  5060] close(4)                    = 0
[pid  5060] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5060] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5060] close(4)                    = 0
[pid  5060] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5060] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5060] recvfrom(4, [{nlmsg_len=1420, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1420
[pid  5060] close(4)                    = 0
[pid  5060] close(3)                    = 0
[pid  5060] mkdir("/dev/binderfs", 0777) = 0
[pid  5060] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5060] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5060] ioctl(3, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=0}) = 0
[pid  5060] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  5060] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  5060] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6
[pid  5060] sendto(6, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5060] recvfrom(6, [{nlmsg_len=2476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x41\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  5060] recvfrom(6, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5060] close(6)                    = 0
[pid  5060] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[   57.879268][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.887914][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.896918][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   57.938926][ T5060] ------------[ cut here ]------------
[   57.944786][ T5060] wlan0: Failed check-sdata-in-driver check, flags: 0x0
[   57.951968][ T5060] WARNING: CPU: 0 PID: 5060 at net/mac80211/main.c:235 ieee80211_bss_info_change_notify+0x3f9/0x470
[   57.962812][ T5060] Modules linked in:
[   57.966766][ T5060] CPU: 0 PID: 5060 Comm: syz-executor121 Not tainted 6.2.0-rc4-syzkaller-00067-g7287904c8771 #0
[   57.977215][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   57.987327][ T5060] RIP: 0010:ieee80211_bss_info_change_notify+0x3f9/0x470
[   57.994397][ T5060] Code: a9 f7 49 8b 86 08 09 00 00 49 81 c6 28 09 00 00 48 85 c0 4c 0f 45 f0 48 c7 c7 60 2a 46 8c 4c 89 f6 89 da 31 c0 e8 87 f8 18 f7 <0f> 0b e9 a4 fc ff ff e8 7b a6 52 f7 0f 0b e9 98 fc ff ff 44 89 e1
[   58.014144][ T5060] RSP: 0018:ffffc90003cdf208 EFLAGS: 00010246
[   58.020208][ T5060] RAX: 24009aa3669feb00 RBX: 0000000000000000 RCX: ffff8880200e1d40
[   58.028250][ T5060] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   58.036287][ T5060] RBP: ffff888027978de0 R08: ffffffff8170a02d R09: ffffed1017304f5b
[   58.044327][ T5060] R10: ffffed1017304f5b R11: 1ffff11017304f5a R12: ffff8880228e66d0
[   58.052324][ T5060] R13: 0000000000000a00 R14: ffff8880228e4000 R15: dffffc0000000000
[   58.060776][ T5060] FS:  0000555556e90300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   58.069795][ T5060] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.076522][ T5060] CR2: 00007ffc51b9cff8 CR3: 000000007b86c000 CR4: 00000000003506f0
[   58.084543][ T5060] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   58.092522][ T5060] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   58.100554][ T5060] Call Trace:
[   58.103886][ T5060]  <TASK>
[   58.106815][ T5060]  ieee80211_ibss_disconnect+0x5c5/0x880
[   58.112448][ T5060]  ieee80211_ibss_leave+0x2a/0x130
[   58.117757][ T5060]  __cfg80211_leave_ibss+0x11c/0x200
[   58.123061][ T5060]  cfg80211_leave_ibss+0x5b/0x70
[   58.128039][ T5060]  cfg80211_change_iface+0x434/0xaf0
[   58.133348][ T5060]  nl80211_set_interface+0x5ed/0x870
[   58.138719][ T5060]  ? nl80211_dump_interface+0x6b0/0x6b0
[   58.144305][ T5060]  ? mutex_lock_nested+0x17/0x20
[   58.149242][ T5060]  genl_rcv_msg+0xbe9/0xf40
[   58.153818][ T5060]  ? genl_bind+0x370/0x370
[   58.158274][ T5060]  ? kernel_text_address+0x9e/0xd0
[   58.163401][ T5060]  ? __kernel_text_address+0x9/0x40
[   58.168670][ T5060]  ? unwind_get_return_address+0x48/0x80
[   58.174376][ T5060]  ? arch_stack_walk+0xf8/0x140
[   58.179260][ T5060]  ? mark_lock+0x9a/0x350
[   58.183586][ T5060]  ? mark_lock+0x9a/0x350
[   58.187987][ T5060]  ? trace_rdev_del_link_station+0x300/0x300
[   58.194019][ T5060]  ? nl80211_dump_interface+0x6b0/0x6b0
[   58.199559][ T5060]  ? nl80211_pre_doit+0x8b0/0x8b0
[   58.204685][ T5060]  netlink_rcv_skb+0x1f0/0x470
[   58.209461][ T5060]  ? genl_bind+0x370/0x370
[   58.214306][ T5060]  ? netlink_ack+0x1290/0x1290
[   58.219161][ T5060]  ? __lock_acquire+0x1f60/0x1f60
[   58.224273][ T5060]  ? __down_read_common+0x156/0x2a0
[   58.229505][ T5060]  genl_rcv+0x24/0x40
[   58.233482][ T5060]  netlink_unicast+0x7e7/0x9c0
[   58.238314][ T5060]  ? netlink_detachskb+0xa0/0xa0
[   58.243284][ T5060]  ? __phys_addr_symbol+0x2b/0x70
[   58.248391][ T5060]  ? 0xffffffff81000000
[   58.252552][ T5060]  ? __check_object_size+0x15a/0x210
[   58.257904][ T5060]  ? bpf_lsm_netlink_send+0x5/0x10
[   58.263025][ T5060]  netlink_sendmsg+0x9b3/0xcd0
[   58.267875][ T5060]  ? netlink_getsockopt+0x9c0/0x9c0
[   58.273092][ T5060]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   58.278655][ T5060]  ? security_socket_sendmsg+0x9d/0xb0
[   58.284520][ T5060]  ? netlink_getsockopt+0x9c0/0x9c0
[   58.289725][ T5060]  ____sys_sendmsg+0x597/0x8e0
[   58.294622][ T5060]  ? __sys_sendmsg_sock+0x30/0x30
[   58.299700][ T5060]  ? rcu_read_lock_sched_held+0x89/0x130
[   58.305645][ T5060]  ? __rwlock_init+0x140/0x140
[   58.310436][ T5060]  __sys_sendmsg+0x28e/0x390
[   58.315142][ T5060]  ? ____sys_sendmsg+0x8e0/0x8e0
[   58.320201][ T5060]  ? do_notify_parent+0xeb0/0xeb0
[   58.325310][ T5060]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   58.331317][ T5060]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   58.337362][ T5060]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   58.343360][ T5060]  do_syscall_64+0x2b/0x70
[   58.347851][ T5060]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.353838][ T5060] RIP: 0033:0x7fd44d228a29
[   58.358249][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   58.377920][ T5060] RSP: 002b:00007ffc51b9e088 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.386394][ T5060] RAX: ffffffffffffffda RBX: 00007fd44d2a23a0 RCX: 00007fd44d228a29
[   58.394431][ T5060] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000005
[   58.402411][ T5060] RBP: 0000000000000003 R08: 0000000c00000001 R09: 0000000c00000001
[   58.410444][ T5060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000031
[   58.418504][ T5060] R13: 00007ffc51b9e0d0 R14: 00007ffc51b9e0ba R15: 00007fd44d2a2410
[   58.426772][ T5060]  </TASK>
[   58.429813][ T5060] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   58.437091][ T5060] CPU: 0 PID: 5060 Comm: syz-executor121 Not tainted 6.2.0-rc4-syzkaller-00067-g7287904c8771 #0
[   58.447494][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   58.457545][ T5060] Call Trace:
[   58.460819][ T5060]  <TASK>
[   58.463768][ T5060]  dump_stack_lvl+0x1e3/0x2d0
[   58.468447][ T5060]  ? nf_tcp_handle_invalid+0x630/0x630
[   58.473900][ T5060]  ? panic+0x770/0x770
[   58.477972][ T5060]  ? vscnprintf+0x59/0x80
[   58.482303][ T5060]  ? ieee80211_bss_info_change_notify+0x3e0/0x470
[   58.488735][ T5060]  panic+0x316/0x770
[   58.492635][ T5060]  ? __warn+0x16d/0x2d0
[   58.496789][ T5060]  ? memcpy_page_flushcache+0x100/0x100
[   58.502351][ T5060]  ? ieee80211_bss_info_change_notify+0x3f9/0x470
[   58.508765][ T5060]  __warn+0x284/0x2d0
[   58.512747][ T5060]  ? ieee80211_bss_info_change_notify+0x3f9/0x470
[   58.519177][ T5060]  report_bug+0x1b3/0x2d0
[   58.523507][ T5060]  handle_bug+0x3d/0x70
[   58.527682][ T5060]  exc_invalid_op+0x16/0x40
[   58.532181][ T5060]  asm_exc_invalid_op+0x16/0x20
[   58.537026][ T5060] RIP: 0010:ieee80211_bss_info_change_notify+0x3f9/0x470
[   58.544059][ T5060] Code: a9 f7 49 8b 86 08 09 00 00 49 81 c6 28 09 00 00 48 85 c0 4c 0f 45 f0 48 c7 c7 60 2a 46 8c 4c 89 f6 89 da 31 c0 e8 87 f8 18 f7 <0f> 0b e9 a4 fc ff ff e8 7b a6 52 f7 0f 0b e9 98 fc ff ff 44 89 e1
[   58.563658][ T5060] RSP: 0018:ffffc90003cdf208 EFLAGS: 00010246
[   58.569736][ T5060] RAX: 24009aa3669feb00 RBX: 0000000000000000 RCX: ffff8880200e1d40
[   58.577724][ T5060] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   58.585688][ T5060] RBP: ffff888027978de0 R08: ffffffff8170a02d R09: ffffed1017304f5b
[   58.593654][ T5060] R10: ffffed1017304f5b R11: 1ffff11017304f5a R12: ffff8880228e66d0
[   58.601793][ T5060] R13: 0000000000000a00 R14: ffff8880228e4000 R15: dffffc0000000000
[   58.609767][ T5060]  ? __wake_up_klogd+0xcd/0x100
[   58.614644][ T5060]  ? ieee80211_bss_info_change_notify+0x3f9/0x470
[   58.621075][ T5060]  ieee80211_ibss_disconnect+0x5c5/0x880
[   58.626716][ T5060]  ieee80211_ibss_leave+0x2a/0x130
[   58.631916][ T5060]  __cfg80211_leave_ibss+0x11c/0x200
[   58.637221][ T5060]  cfg80211_leave_ibss+0x5b/0x70
[   58.642166][ T5060]  cfg80211_change_iface+0x434/0xaf0
[   58.647468][ T5060]  nl80211_set_interface+0x5ed/0x870
[   58.652806][ T5060]  ? nl80211_dump_interface+0x6b0/0x6b0
[   58.658384][ T5060]  ? mutex_lock_nested+0x17/0x20
[   58.663347][ T5060]  genl_rcv_msg+0xbe9/0xf40
[   58.667890][ T5060]  ? genl_bind+0x370/0x370
[   58.673301][ T5060]  ? kernel_text_address+0x9e/0xd0
[   58.678428][ T5060]  ? __kernel_text_address+0x9/0x40
[   58.683627][ T5060]  ? unwind_get_return_address+0x48/0x80
[   58.689256][ T5060]  ? arch_stack_walk+0xf8/0x140
[   58.694112][ T5060]  ? mark_lock+0x9a/0x350
[   58.698447][ T5060]  ? mark_lock+0x9a/0x350
[   58.702775][ T5060]  ? trace_rdev_del_link_station+0x300/0x300
[   58.708752][ T5060]  ? nl80211_dump_interface+0x6b0/0x6b0
[   58.714294][ T5060]  ? nl80211_pre_doit+0x8b0/0x8b0
[   58.719327][ T5060]  netlink_rcv_skb+0x1f0/0x470
[   58.724086][ T5060]  ? genl_bind+0x370/0x370
[   58.728512][ T5060]  ? netlink_ack+0x1290/0x1290
[   58.733284][ T5060]  ? __lock_acquire+0x1f60/0x1f60
[   58.738318][ T5060]  ? __down_read_common+0x156/0x2a0
[   58.743511][ T5060]  genl_rcv+0x24/0x40
[   58.747491][ T5060]  netlink_unicast+0x7e7/0x9c0
[   58.752255][ T5060]  ? netlink_detachskb+0xa0/0xa0
[   58.757195][ T5060]  ? __phys_addr_symbol+0x2b/0x70
[   58.762215][ T5060]  ? 0xffffffff81000000
[   58.766363][ T5060]  ? __check_object_size+0x15a/0x210
[   58.771644][ T5060]  ? bpf_lsm_netlink_send+0x5/0x10
[   58.776754][ T5060]  netlink_sendmsg+0x9b3/0xcd0
[   58.781524][ T5060]  ? netlink_getsockopt+0x9c0/0x9c0
[   58.786726][ T5060]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   58.792012][ T5060]  ? security_socket_sendmsg+0x9d/0xb0
[   58.797487][ T5060]  ? netlink_getsockopt+0x9c0/0x9c0
[   58.802708][ T5060]  ____sys_sendmsg+0x597/0x8e0
[   58.807585][ T5060]  ? __sys_sendmsg_sock+0x30/0x30
[   58.812611][ T5060]  ? rcu_read_lock_sched_held+0x89/0x130
[   58.818283][ T5060]  ? __rwlock_init+0x140/0x140
[   58.823053][ T5060]  __sys_sendmsg+0x28e/0x390
[   58.827645][ T5060]  ? ____sys_sendmsg+0x8e0/0x8e0
[   58.832608][ T5060]  ? do_notify_parent+0xeb0/0xeb0
[   58.837639][ T5060]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   58.843638][ T5060]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   58.849886][ T5060]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   58.855861][ T5060]  do_syscall_64+0x2b/0x70
[   58.860297][ T5060]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.866243][ T5060] RIP: 0033:0x7fd44d228a29
[   58.870674][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   58.890289][ T5060] RSP: 002b:00007ffc51b9e088 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.898704][ T5060] RAX: ffffffffffffffda RBX: 00007fd44d2a23a0 RCX: 00007fd44d228a29
[   58.906667][ T5060] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000005
[   58.914632][ T5060] RBP: 0000000000000003 R08: 0000000c00000001 R09: 0000000c00000001
[   58.922595][ T5060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000031
[   58.930646][ T5060] R13: 00007ffc51b9e0d0 R14: 00007ffc51b9e0ba R15: 00007fd44d2a2410
[   58.938627][ T5060]  </TASK>
[   58.941859][ T5060] Kernel Offset: disabled
[   58.946259][ T5060] Rebooting in 86400 seconds..