./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3819580350
<...>
Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts.
execve("./syz-executor3819580350", ["./syz-executor3819580350"], 0x7ffd94f9c430 /* 10 vars */) = 0
brk(NULL) = 0x555588598000
brk(0x555588598e00) = 0x555588598e00
arch_prctl(ARCH_SET_FS, 0x555588598480) = 0
set_tid_address(0x555588598750) = 5092
set_robust_list(0x555588598760, 24) = 0
rseq(0x555588598da0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3819580350", 4096) = 28
getrandom("\xfc\x2c\x90\x8e\xb9\xf2\x7f\xba", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555588598e00
brk(0x5555885b9e00) = 0x5555885b9e00
brk(0x5555885ba000) = 0x5555885ba000
mprotect(0x7f57bbbfa000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f57bbb4e2a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f57bbb57400}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f57bbb4e2a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f57bbb57400}, NULL, 8) = 0
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached
<unfinished ...>
[pid 5093] set_robust_list(0x555588598760, 24 <unfinished ...>
[pid 5092] <... clone resumed>, child_tidptr=0x555588598750) = 5093
[pid 5093] <... set_robust_list resumed>) = 0
[pid 5093] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5093] setsid() = 1
[pid 5093] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 5093] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 5093] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 5093] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 5093] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 5093] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 5093] unshare(CLONE_NEWNS) = 0
[pid 5093] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 5093] unshare(CLONE_NEWIPC) = 0
[pid 5093] unshare(CLONE_NEWCGROUP) = 0
[pid 5093] unshare(CLONE_NEWUTS) = 0
[pid 5093] unshare(CLONE_SYSVSEM) = 0
[pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "16777216", 8) = 8
[pid 5093] close(3) = 0
[pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "536870912", 9) = 9
[pid 5093] close(3) = 0
[pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1024", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "8192", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1024", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1024", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1024 1048576 500 1024", 21) = 21
[pid 5093] close(3) = 0
[pid 5093] getpid() = 1
[pid 5093] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5093] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5093] unshare(CLONE_NEWNET) = 0
[pid 5093] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "0 65535", 7) = 7
[pid 5093] close(3) = 0
[pid 5093] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid 5093] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid 5093] close(3) = 0
[pid 5093] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 5093] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid 5093] recvfrom(3, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid 5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5093] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5093] recvfrom(3, [{nlmsg_len=2516, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x4a\x01\x00\x00\x00\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2516
[pid 5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5093] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid 5093] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid 5093] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5093] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid 5093] close(4) = 0
[pid 5093] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid 5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5093] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid 5093] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid 5093] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid 5093] close(4) = 0
[pid 5093] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid 5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5093] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid 5093] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid 5093] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5093] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid 5093] close(4) = 0
[pid 5093] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid 5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5093] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid 5093] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[ 61.210455][ T2405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 61.218800][ T2405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid 5093] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid 5093] close(4) = 0
[pid 5093] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid 5093] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5093] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5093] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid 5093] close(4) = 0
[pid 5093] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid 5093] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5093] recvfrom(4, [{nlmsg_len=1460, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1460
[pid 5093] close(4) = 0
[pid 5093] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5093] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid 5093] close(4) = 0
[pid 5093] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid 5093] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5093] recvfrom(4, [{nlmsg_len=1460, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1460
[pid 5093] close(4) = 0
[pid 5093] close(3) = 0
[pid 5093] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "100000", 6) = 6
[pid 5093] close(3) = 0
[pid 5093] mkdir("./syz-tmp", 0777) = 0
[pid 5093] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid 5093] mkdir("./syz-tmp/newroot", 0777) = 0
[pid 5093] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[ 61.275538][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 61.283589][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid 5093] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 5093] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid 5093] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid 5093] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid 5093] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid 5093] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid 5093] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid 5093] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid 5093] mkdir("./syz-tmp/pivot", 0777) = 0
[pid 5093] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid 5093] chdir("/") = 0
[pid 5093] umount2("./pivot", MNT_DETACH) = 0
[pid 5093] chroot("./newroot") = 0
[pid 5093] chdir("/") = 0
[pid 5093] mkdir("/dev/binderfs", 0777) = 0
[pid 5093] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 5093] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5093] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached
<unfinished ...>
[pid 5096] set_robust_list(0x555588598760, 24 <unfinished ...>
[pid 5093] <... clone resumed>, child_tidptr=0x555588598750) = 2
[pid 5096] <... set_robust_list resumed>) = 0
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] write(1, "executing program\n", 18executing program
) = 18
[pid 5096] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 5096] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5096] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5096] recvfrom(4, [{nlmsg_len=2516, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=2}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x4a\x01\x00\x00\x00\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2516
[pid 5096] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=2}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5096] close(4) = 0
[pid 5096] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid 5096] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36
[pid 5096] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x02\x02\x02\x02\x02\x02\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid 5096] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5096] sendto(4, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid 5096] recvfrom(4, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1850542356}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid 5096] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1850542356}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5096] sendto(4, [{nlmsg_len=20, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x01\x00\x00\x00"], 20, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 20
[pid 5096] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1850542356}, {error=0, msg={nlmsg_len=20, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5096] sendto(4, [{nlmsg_len=100, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00\x08\x00\x06\x00\x00\x00\x00\x00\x0a\x00\x01\x00\x08\x02\x11\x00\x00\x01\x00\x00\x33\x00\x03\x00\x50\x00\x00\x00\x08\x02\x11\x00\x00\x01\x08\x02\x11\x00\x00\x00\x08\x02\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x64\x00\x01\x00\x00\x06\x02\x02\x02\x02\x02\x02\x01\x01\x02\x00"], 100, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 100
[pid 5096] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1850542356}, {error=0, msg={nlmsg_len=100, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5096] close(4) = 0
[pid 5096] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long)
[pid 5096] socket(AF_INET6, SOCK_STREAM, IPPROTO_MPTCP) = 4
[pid 5096] socket(AF_QIPCRTR, SOCK_DGRAM, 0) = 5
[pid 5096] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6
[pid 5096] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5096] ioctl(5, SIOCSIFHWADDR, {ifr_name="wlan1", ifr_hwaddr={sa_family=ARPHRD_ETHER, sa_data=00:00:00:00:00:00}}) = -1 EBUSY (Device or resource busy)
[pid 5096] close(3) = 0
[pid 5096] close(4) = 0
[pid 5096] close(5) = 0
[pid 5096] close(6) = 0
[pid 5096] close(7) = -1 EBADF (Bad file descriptor)
[pid 5096] close(8) = -1 EBADF (Bad file descriptor)
[pid 5096] close(9) = -1 EBADF (Bad file descriptor)
[pid 5096] close(10) = -1 EBADF (Bad file descriptor)
[pid 5096] close(11) = -1 EBADF (Bad file descriptor)
[pid 5096] close(12) = -1 EBADF (Bad file descriptor)
[pid 5096] close(13) = -1 EBADF (Bad file descriptor)
[pid 5096] close(14) = -1 EBADF (Bad file descriptor)
[pid 5096] close(15) = -1 EBADF (Bad file descriptor)
[pid 5096] close(16) = -1 EBADF (Bad file descriptor)
[pid 5096] close(17) = -1 EBADF (Bad file descriptor)
[pid 5096] close(18) = -1 EBADF (Bad file descriptor)
[pid 5096] close(19) = -1 EBADF (Bad file descriptor)
[pid 5096] close(20) = -1 EBADF (Bad file descriptor)
[pid 5096] close(21) = -1 EBADF (Bad file descriptor)
[pid 5096] close(22) = -1 EBADF (Bad file descriptor)
[pid 5096] close(23) = -1 EBADF (Bad file descriptor)
[pid 5096] close(24) = -1 EBADF (Bad file descriptor)
[pid 5096] close(25) = -1 EBADF (Bad file descriptor)
[ 61.470714][ T5096] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 61.494940][ T57] wlan1: No basic rates, using min rate instead
[ 61.503738][ T57] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[ 61.513918][ T57] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[pid 5096] close(26) = -1 EBADF (Bad file descriptor)
[pid 5096] close(27) = -1 EBADF (Bad file descriptor)
[pid 5096] close(28) = -1 EBADF (Bad file descriptor)
[pid 5096] close(29) = -1 EBADF (Bad file descriptor)
[pid 5096] exit_group(0) = ?
[pid 5096] +++ exited with 0 +++
[pid 5093] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid 5093] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid 5093] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached
, child_tidptr=0x555588598750) = 3
[pid 5098] set_robust_list(0x555588598760, 24) = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
executing program
[pid 5098] write(1, "executing program\n", 18) = 18
[pid 5098] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 5098] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5098] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5098] recvfrom(4, [{nlmsg_len=2516, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x4a\x01\x00\x00\x00\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2516
[pid 5098] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5098] close(4) = 0
[pid 5098] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid 5098] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36
[pid 5098] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x02\x02\x02\x02\x02\x02\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid 5098] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5098] sendto(4, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid 5098] recvfrom(4, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1265266535}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid 5098] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1265266535}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5098] sendto(4, [{nlmsg_len=20, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x01\x00\x00\x00"], 20, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 20
[pid 5098] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1265266535}, {error=0, msg={nlmsg_len=20, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[ 61.632011][ T2405] wlan1: send auth to 08:02:11:00:00:00 (try 2/3)
[pid 5098] sendto(4, [{nlmsg_len=100, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00\x08\x00\x06\x00\x00\x00\x00\x00\x0a\x00\x01\x00\x08\x02\x11\x00\x00\x01\x00\x00\x33\x00\x03\x00\x50\x00\x00\x00\x08\x02\x11\x00\x00\x01\x08\x02\x11\x00\x00\x00\x08\x02\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x64\x00\x01\x00\x00\x06\x02\x02\x02\x02\x02\x02\x01\x01\x02\x00"], 100, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 100
[pid 5098] recvfrom(4, [{nlmsg_len=200, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x01\x00\x00\x0a\x00\x02\x00\x08\x02\x11\x00\x00\x00\x00\x00\x70\x00\x03\x00\x08\x00\x00\x00\x33\x33\x00\x00\x00\x16\x08\x02\x11\x00\x00\x00\x50\x50\x50\x50\x50\x50\x20\x00\xaa\xaa\x03\x00\x00\x00\x86\xdd\x60\x00\x00\x00\x00\x24\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00"...], 4096, 0, NULL, NULL) = 200
[pid 5098] close(4) = 0
[pid 5098] bpf(BPF_PROG_LOAD, NULL, 0) = -1 E2BIG (Argument list too long)
[pid 5098] socket(AF_INET6, SOCK_STREAM, IPPROTO_MPTCP) = 4
[pid 5098] socket(AF_QIPCRTR, SOCK_DGRAM, 0) = 5
[pid 5098] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6
[pid 5098] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5098] ioctl(5, SIOCSIFHWADDR, {ifr_name="wlan1", ifr_hwaddr={sa_family=ARPHRD_ETHER, sa_data=00:00:00:00:00:00}}) = -1 EADDRNOTAVAIL (Cannot assign requested address)
[pid 5098] close(3) = 0
[pid 5098] close(4) = 0
[pid 5098] close(5) = 0
[pid 5098] close(6) = 0
[pid 5098] close(7) = -1 EBADF (Bad file descriptor)
[pid 5098] close(8) = -1 EBADF (Bad file descriptor)
[pid 5098] close(9) = -1 EBADF (Bad file descriptor)
[pid 5098] close(10) = -1 EBADF (Bad file descriptor)
[ 61.715493][ T5098] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 61.741394][ T81] wlan1: send auth to 08:02:11:00:00:00 (try 3/3)
[pid 5098] close(11) = -1 EBADF (Bad file descriptor)
[pid 5098] close(12) = -1 EBADF (Bad file descriptor)
[pid 5098] close(13) = -1 EBADF (Bad file descriptor)
[pid 5098] close(14) = -1 EBADF (Bad file descriptor)
[pid 5098] close(15) = -1 EBADF (Bad file descriptor)
[pid 5098] close(16) = -1 EBADF (Bad file descriptor)
[pid 5098] close(17) = -1 EBADF (Bad file descriptor)
[pid 5098] close(18) = -1 EBADF (Bad file descriptor)
[pid 5098] close(19) = -1 EBADF (Bad file descriptor)
[pid 5098] close(20) = -1 EBADF (Bad file descriptor)
[pid 5098] close(21) = -1 EBADF (Bad file descriptor)
[pid 5098] close(22) = -1 EBADF (Bad file descriptor)
[pid 5098] close(23) = -1 EBADF (Bad file descriptor)
[pid 5098] close(24) = -1 EBADF (Bad file descriptor)
[pid 5098] close(25) = -1 EBADF (Bad file descriptor)
[ 61.851368][ T2405] wlan1: authentication with 08:02:11:00:00:00 timed out
[ 61.859925][ T2405] ==================================================================
[ 61.868653][ T2405] BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x1fd0
[ 61.876399][ T2405] Read of size 8 at addr ffff88805e5cfe10 by task kworker/u8:8/2405
[ 61.884748][ T2405]
[ 61.887075][ T2405] CPU: 1 PID: 2405 Comm: kworker/u8:8 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0
[pid 5098] close(26) = -1 EBADF (Bad file descriptor)
[pid 5098] close(27) = -1 EBADF (Bad file descriptor)
[pid 5098] close(28) = -1 EBADF (Bad file descriptor)
[pid 5098] close(29) = -1 EBADF (Bad file descriptor)
[pid 5098] exit_group(0) = ?
[ 61.897500][ T2405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 61.907645][ T2405] Workqueue: events_unbound cfg80211_wiphy_work
[ 61.913918][ T2405] Call Trace:
[ 61.917193][ T2405] <TASK>
[ 61.920117][ T2405] dump_stack_lvl+0x241/0x360
[ 61.924794][ T2405] ? __pfx_dump_stack_lvl+0x10/0x10
[ 61.930112][ T2405] ? __pfx__printk+0x10/0x10
[ 61.934985][ T2405] ? _printk+0xd5/0x120
[ 61.939158][ T2405] ? __virt_addr_valid+0x183/0x520
[ 61.944278][ T2405] ? __virt_addr_valid+0x183/0x520
[ 61.949666][ T2405] print_report+0x169/0x550
[ 61.954181][ T2405] ? __virt_addr_valid+0x183/0x520
[ 61.959324][ T2405] ? __virt_addr_valid+0x183/0x520
[ 61.964997][ T2405] ? __virt_addr_valid+0x44e/0x520
[ 61.970161][ T2405] ? __phys_addr+0xba/0x170
[ 61.974866][ T2405] ? __lock_acquire+0x78/0x1fd0
[ 61.979819][ T2405] kasan_report+0x143/0x180
[ 61.984353][ T2405] ? __lock_acquire+0x78/0x1fd0
[ 61.989298][ T2405] __lock_acquire+0x78/0x1fd0
[ 61.993969][ T2405] ? mark_lock+0x9a/0x350
[ 61.998310][ T2405] ? __lock_acquire+0x1346/0x1fd0
[ 62.003347][ T2405] lock_acquire+0x1ed/0x550
[ 62.007846][ T2405] ? lockref_get+0x15/0x60
[ 62.012265][ T2405] ? __pfx_lock_acquire+0x10/0x10
[ 62.017277][ T2405] ? simple_pin_fs+0x91/0x160
[ 62.021940][ T2405] ? do_raw_spin_lock+0x14f/0x370
[ 62.027136][ T2405] ? __pfx_lock_release+0x10/0x10
[ 62.032279][ T2405] _raw_spin_lock+0x2e/0x40
[ 62.036793][ T2405] ? lockref_get+0x15/0x60
[ 62.041236][ T2405] lockref_get+0x15/0x60
[ 62.045645][ T2405] simple_recursive_removal+0x35/0x8e0
[ 62.051191][ T2405] ? mntput+0x65/0xc0
[ 62.055430][ T2405] ? __pfx_remove_one+0x10/0x10
[ 62.060541][ T2405] debugfs_remove+0x49/0x70
[ 62.065134][ T2405] ieee80211_sta_debugfs_remove+0x40/0x60
[ 62.070957][ T2405] __sta_info_destroy_part2+0x35e/0x450
[ 62.076640][ T2405] sta_info_destroy_addr+0xf4/0x140
[ 62.082648][ T2405] ieee80211_destroy_auth_data+0x139/0x270
[ 62.088710][ T2405] ieee80211_sta_work+0x1256/0x3850
[ 62.093903][ T2405] ? mark_lock+0x9a/0x350
[ 62.098404][ T2405] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 62.103950][ T2405] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 62.110545][ T2405] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 62.116777][ T2405] ? lockdep_hardirqs_on+0x99/0x150
[ 62.122000][ T2405] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 62.127969][ T2405] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 62.134429][ T2405] ? skb_dequeue+0x113/0x150
[ 62.139007][ T2405] ? ieee80211_iface_work+0xc0d/0xf20
[ 62.144453][ T2405] ? ieee80211_iface_work+0xe29/0xf20
[ 62.149900][ T2405] ? rcu_is_watching+0x15/0xb0
[ 62.154652][ T2405] cfg80211_wiphy_work+0x2db/0x490
[ 62.159874][ T2405] ? process_scheduled_works+0x945/0x1830
[ 62.165723][ T2405] process_scheduled_works+0xa2c/0x1830
[ 62.171308][ T2405] ? __pfx_process_scheduled_works+0x10/0x10
[ 62.177393][ T2405] ? assign_work+0x364/0x3d0
[ 62.182068][ T2405] worker_thread+0x86d/0xd50
[ 62.186666][ T2405] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 62.192645][ T2405] ? __kthread_parkme+0x169/0x1d0
[ 62.197834][ T2405] ? __pfx_worker_thread+0x10/0x10
[ 62.203021][ T2405] kthread+0x2f0/0x390
[ 62.207367][ T2405] ? __pfx_worker_thread+0x10/0x10
[ 62.212466][ T2405] ? __pfx_kthread+0x10/0x10
[ 62.217050][ T2405] ret_from_fork+0x4b/0x80
[ 62.221463][ T2405] ? __pfx_kthread+0x10/0x10
[ 62.226308][ T2405] ret_from_fork_asm+0x1a/0x30
[ 62.231093][ T2405] </TASK>
[ 62.234103][ T2405]
[ 62.236439][ T2405] Allocated by task 57:
[ 62.240874][ T2405] kasan_save_track+0x3f/0x80
[ 62.245931][ T2405] __kasan_slab_alloc+0x66/0x80
[ 62.250891][ T2405] kmem_cache_alloc_lru_noprof+0x139/0x2b0
[ 62.256699][ T2405] __d_alloc+0x31/0x700
[ 62.260844][ T2405] d_alloc_parallel+0xdf/0x1600
[ 62.265798][ T2405] __lookup_slow+0x117/0x3f0
[ 62.270488][ T2405] lookup_one_len+0x18b/0x2d0
[ 62.275521][ T2405] start_creating+0x187/0x310
[ 62.280282][ T2405] debugfs_create_dir+0x25/0x430
[ 62.285383][ T2405] ieee80211_sta_debugfs_add+0x132/0x820
[ 62.291122][ T2405] sta_info_insert_rcu+0xecf/0x1900
[ 62.296314][ T2405] sta_info_insert+0x16/0xc0
[ 62.300980][ T2405] ieee80211_prep_connection+0xecd/0x12d0
[ 62.306691][ T2405] ieee80211_mgd_auth+0xd42/0x14c0
[ 62.311791][ T2405] cfg80211_mlme_auth+0x59f/0x980
[ 62.316877][ T2405] cfg80211_conn_do_work+0x5ed/0xe60
[ 62.322238][ T2405] cfg80211_conn_work+0x27c/0x4d0
[ 62.327247][ T2405] process_scheduled_works+0xa2c/0x1830
[ 62.333127][ T2405] worker_thread+0x86d/0xd50
[ 62.337707][ T2405] kthread+0x2f0/0x390
[ 62.341765][ T2405] ret_from_fork+0x4b/0x80
[ 62.346257][ T2405] ret_from_fork_asm+0x1a/0x30
[ 62.351016][ T2405]
[ 62.353405][ T2405] Freed by task 0:
[ 62.357121][ T2405] kasan_save_track+0x3f/0x80
[ 62.361977][ T2405] kasan_save_free_info+0x40/0x50
[ 62.366986][ T2405] poison_slab_object+0xe0/0x150
[ 62.371993][ T2405] __kasan_slab_free+0x37/0x60
[ 62.376868][ T2405] kmem_cache_free+0x145/0x350
[ 62.381623][ T2405] rcu_core+0xafd/0x1830
[ 62.386028][ T2405] handle_softirqs+0x2c4/0x970
[ 62.390878][ T2405] __irq_exit_rcu+0xf4/0x1c0
[ 62.395544][ T2405] irq_exit_rcu+0x9/0x30
[ 62.399861][ T2405] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 62.405936][ T2405] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 62.412006][ T2405]
[ 62.414318][ T2405] Last potentially related work creation:
[ 62.420191][ T2405] kasan_save_stack+0x3f/0x60
[ 62.424864][ T2405] __kasan_record_aux_stack+0xac/0xc0
[ 62.430582][ T2405] call_rcu+0x167/0xa70
[ 62.434816][ T2405] __dentry_kill+0x497/0x630
[ 62.439478][ T2405] dput+0x19f/0x2b0
[ 62.443296][ T2405] simple_recursive_removal+0x2bd/0x8e0
[ 62.448911][ T2405] debugfs_remove+0x49/0x70
[ 62.453512][ T2405] ieee80211_debugfs_recreate_netdev+0xc4/0x1400
[ 62.460092][ T2405] drv_remove_interface+0x1e1/0x590
[ 62.465363][ T2405] ieee80211_change_mac+0xaf5/0x11e0
[ 62.470632][ T2405] dev_set_mac_address+0x327/0x510
[ 62.475847][ T2405] dev_set_mac_address_user+0x31/0x50
[ 62.481213][ T2405] dev_ifsioc+0xbd9/0xe70
[ 62.485709][ T2405] dev_ioctl+0x719/0x1340
[ 62.490115][ T2405] sock_do_ioctl+0x240/0x460
[ 62.494695][ T2405] sock_ioctl+0x629/0x8e0
[ 62.499035][ T2405] __se_sys_ioctl+0xfc/0x170
[ 62.503742][ T2405] do_syscall_64+0xf3/0x230
[ 62.508236][ T2405] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.514119][ T2405]
[ 62.516511][ T2405] The buggy address belongs to the object at ffff88805e5cfd60
[ 62.516511][ T2405] which belongs to the cache dentry of size 312
[ 62.530398][ T2405] The buggy address is located 176 bytes inside of
[ 62.530398][ T2405] freed 312-byte region [ffff88805e5cfd60, ffff88805e5cfe98)
[ 62.544273][ T2405]
[ 62.546583][ T2405] The buggy address belongs to the physical page:
[ 62.552991][ T2405] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e5ce
[ 62.561837][ T2405] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 62.570527][ T2405] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 62.578711][ T2405] page_type: 0xffffefff(slab)
[ 62.583385][ T2405] raw: 00fff00000000040 ffff888015ef98c0 ffffea0000930c80 dead000000000002
[ 62.592138][ T2405] raw: 0000000000000000 0000000000150015 00000001ffffefff 0000000000000000
[ 62.600818][ T2405] head: 00fff00000000040 ffff888015ef98c0 ffffea0000930c80 dead000000000002
[ 62.609570][ T2405] head: 0000000000000000 0000000000150015 00000001ffffefff 0000000000000000
[ 62.618231][ T2405] head: 00fff00000000001 ffffea0001797381 ffffffffffffffff 0000000000000000
[ 62.626975][ T2405] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[ 62.635639][ T2405] page dumped because: kasan: bad access detected
[ 62.642151][ T2405] page_owner tracks the page as allocated
[ 62.648027][ T2405] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 4552, tgid 4552 (udevd), ts 33320668518, free_ts 17328144731
[ 62.671726][ T2405] post_alloc_hook+0x1f3/0x230
[ 62.676671][ T2405] get_page_from_freelist+0x2e4c/0x2f10
[ 62.682375][ T2405] __alloc_pages_noprof+0x256/0x6c0
[ 62.687677][ T2405] alloc_slab_page+0x5f/0x120
[ 62.692531][ T2405] allocate_slab+0x5a/0x2f0
[ 62.697116][ T2405] ___slab_alloc+0xcd1/0x14b0
[ 62.701798][ T2405] __slab_alloc+0x58/0xa0
[ 62.706656][ T2405] kmem_cache_alloc_lru_noprof+0x1c5/0x2b0
[ 62.712463][ T2405] __d_alloc+0x31/0x700
[ 62.716734][ T2405] d_alloc+0x4b/0x190
[ 62.720806][ T2405] lookup_one_qstr_excl+0xce/0x260
[ 62.725930][ T2405] filename_create+0x297/0x540
[ 62.730724][ T2405] do_symlinkat+0xf9/0x3a0
[ 62.735165][ T2405] __x64_sys_symlink+0x7e/0x90
[ 62.740097][ T2405] do_syscall_64+0xf3/0x230
[ 62.744617][ T2405] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.750602][ T2405] page last free pid 1 tgid 1 stack trace:
[ 62.756566][ T2405] free_unref_page+0xd22/0xea0
[ 62.761323][ T2405] free_contig_range+0x9e/0x160
[ 62.766159][ T2405] destroy_args+0x8a/0x890
[ 62.770574][ T2405] debug_vm_pgtable+0x4be/0x550
[ 62.775414][ T2405] do_one_initcall+0x248/0x880
[ 62.780251][ T2405] do_initcall_level+0x157/0x210
[ 62.785525][ T2405] do_initcalls+0x3f/0x80
[ 62.790014][ T2405] kernel_init_freeable+0x435/0x5d0
[ 62.795201][ T2405] kernel_init+0x1d/0x2b0
[ 62.799531][ T2405] ret_from_fork+0x4b/0x80
[ 62.803971][ T2405] ret_from_fork_asm+0x1a/0x30
[ 62.808728][ T2405]
[ 62.811124][ T2405] Memory state around the buggy address:
[ 62.816736][ T2405] ffff88805e5cfd00: 00 00 00 00 fc fc fc fc fc fc fc fc fa fb fb fb
[ 62.825041][ T2405] ffff88805e5cfd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.833141][ T2405] >ffff88805e5cfe00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.841991][ T2405] ^
[ 62.846661][ T2405] ffff88805e5cfe80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 62.854982][ T2405] ffff88805e5cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 62.863041][ T2405] ==================================================================
[ 62.871088][ T2405] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 62.878360][ T2405] CPU: 1 PID: 2405 Comm: kworker/u8:8 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0
[ 62.888595][ T2405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 62.898904][ T2405] Workqueue: events_unbound cfg80211_wiphy_work
[ 62.905415][ T2405] Call Trace:
[ 62.908683][ T2405] <TASK>
[ 62.911785][ T2405] dump_stack_lvl+0x241/0x360
[ 62.916464][ T2405] ? __pfx_dump_stack_lvl+0x10/0x10
[ 62.921737][ T2405] ? __pfx__printk+0x10/0x10
[ 62.926575][ T2405] ? rcu_is_watching+0x15/0xb0
[ 62.931627][ T2405] ? lock_release+0xbf/0x9f0
[ 62.936483][ T2405] ? vscnprintf+0x5d/0x90
[ 62.940826][ T2405] panic+0x349/0x860
[ 62.944757][ T2405] ? check_panic_on_warn+0x21/0xb0
[ 62.950060][ T2405] ? __pfx_panic+0x10/0x10
[ 62.954564][ T2405] ? do_raw_spin_unlock+0x13c/0x8b0
[ 62.960027][ T2405] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 62.966003][ T2405] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 62.972560][ T2405] ? print_report+0x502/0x550
[ 62.977317][ T2405] check_panic_on_warn+0x86/0xb0
[ 62.982347][ T2405] ? __lock_acquire+0x78/0x1fd0
[ 62.987413][ T2405] end_report+0x77/0x160
[ 62.991755][ T2405] kasan_report+0x154/0x180
[ 62.996285][ T2405] ? __lock_acquire+0x78/0x1fd0
[ 63.001317][ T2405] __lock_acquire+0x78/0x1fd0
[ 63.005997][ T2405] ? mark_lock+0x9a/0x350
[ 63.010347][ T2405] ? __lock_acquire+0x1346/0x1fd0
[ 63.015475][ T2405] lock_acquire+0x1ed/0x550
[ 63.019972][ T2405] ? lockref_get+0x15/0x60
[ 63.024383][ T2405] ? __pfx_lock_acquire+0x10/0x10
[ 63.029396][ T2405] ? simple_pin_fs+0x91/0x160
[ 63.034060][ T2405] ? do_raw_spin_lock+0x14f/0x370
[ 63.039456][ T2405] ? __pfx_lock_release+0x10/0x10
[ 63.044652][ T2405] _raw_spin_lock+0x2e/0x40
[ 63.049281][ T2405] ? lockref_get+0x15/0x60
[ 63.053949][ T2405] lockref_get+0x15/0x60
[ 63.058753][ T2405] simple_recursive_removal+0x35/0x8e0
[ 63.064778][ T2405] ? mntput+0x65/0xc0
[ 63.068844][ T2405] ? __pfx_remove_one+0x10/0x10
[ 63.073691][ T2405] debugfs_remove+0x49/0x70
[ 63.078188][ T2405] ieee80211_sta_debugfs_remove+0x40/0x60
[ 63.083903][ T2405] __sta_info_destroy_part2+0x35e/0x450
[ 63.089449][ T2405] sta_info_destroy_addr+0xf4/0x140
[ 63.094799][ T2405] ieee80211_destroy_auth_data+0x139/0x270
[ 63.100604][ T2405] ieee80211_sta_work+0x1256/0x3850
[ 63.105890][ T2405] ? mark_lock+0x9a/0x350
[ 63.110217][ T2405] ? __pfx_ieee80211_sta_work+0x10/0x10
[ 63.116102][ T2405] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 63.122681][ T2405] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 63.128650][ T2405] ? lockdep_hardirqs_on+0x99/0x150
[ 63.133851][ T2405] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 63.139823][ T2405] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 63.146153][ T2405] ? skb_dequeue+0x113/0x150
[ 63.150732][ T2405] ? ieee80211_iface_work+0xc0d/0xf20
[ 63.157045][ T2405] ? ieee80211_iface_work+0xe29/0xf20
[ 63.162580][ T2405] ? rcu_is_watching+0x15/0xb0
[ 63.167356][ T2405] cfg80211_wiphy_work+0x2db/0x490
[ 63.172559][ T2405] ? process_scheduled_works+0x945/0x1830
[ 63.178532][ T2405] process_scheduled_works+0xa2c/0x1830
[ 63.184164][ T2405] ? __pfx_process_scheduled_works+0x10/0x10
[ 63.190424][ T2405] ? assign_work+0x364/0x3d0
[ 63.195007][ T2405] worker_thread+0x86d/0xd50
[ 63.199624][ T2405] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 63.205514][ T2405] ? __kthread_parkme+0x169/0x1d0
[ 63.210533][ T2405] ? __pfx_worker_thread+0x10/0x10
[ 63.216008][ T2405] kthread+0x2f0/0x390
[ 63.220081][ T2405] ? __pfx_worker_thread+0x10/0x10
[ 63.225182][ T2405] ? __pfx_kthread+0x10/0x10
[ 63.229786][ T2405] ret_from_fork+0x4b/0x80
[ 63.234749][ T2405] ? __pfx_kthread+0x10/0x10
[ 63.239606][ T2405] ret_from_fork_asm+0x1a/0x30
[ 63.244374][ T2405] </TASK>
[ 63.248023][ T2405] Kernel Offset: disabled
[ 63.252377][ T2405] Rebooting in 86400 seconds..