./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2554441927

<...>
Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts.
execve("./syz-executor2554441927", ["./syz-executor2554441927"], 0x7ffe6ea56230 /* 10 vars */) = 0
brk(NULL)                               = 0x5555881eb000
brk(0x5555881ebd00)                     = 0x5555881ebd00
arch_prctl(ARCH_SET_FS, 0x5555881eb380) = 0
set_tid_address(0x5555881eb650)         = 5853
set_robust_list(0x5555881eb660, 24)     = 0
rseq(0x5555881ebca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2554441927", 4096) = 28
getrandom("\x06\x44\x8f\x72\x62\x42\xd6\x33", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555881ebd00
brk(0x55558820cd00)                     = 0x55558820cd00
brk(0x55558820d000)                     = 0x55558820d000
mprotect(0x7fa3d516e000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached
, child_tidptr=0x5555881eb650) = 5854
[pid  5854] set_robust_list(0x5555881eb660, 24) = 0
[pid  5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5854] getppid()                   = 0
[pid  5854] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5854] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5854] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5854] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5854] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5854] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5854] unshare(CLONE_NEWNS)        = 0
[pid  5854] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5854] unshare(CLONE_NEWIPC)       = 0
[pid  5854] unshare(CLONE_NEWCGROUP)    = 0
[pid  5854] unshare(CLONE_NEWUTS)       = 0
[pid  5854] unshare(CLONE_SYSVSEM)      = 0
[pid  5854] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "16777216", 8)     = 8
[pid  5854] close(3)                    = 0
[pid  5854] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "536870912", 9)    = 9
[pid  5854] close(3)                    = 0
[pid  5854] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "1024", 4)         = 4
[pid  5854] close(3)                    = 0
[pid  5854] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "8192", 4)         = 4
[pid  5854] close(3)                    = 0
[pid  5854] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "1024", 4)         = 4
[pid  5854] close(3)                    = 0
[pid  5854] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "1024", 4)         = 4
[pid  5854] close(3)                    = 0
[pid  5854] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5854] close(3)                    = 0
[pid  5854] getpid()                    = 1
[pid  5854] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5854] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5854] unshare(CLONE_NEWNET)       = 0
[pid  5854] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "0 65535", 7)      = 7
[pid  5854] close(3)                    = 0
[pid  5854] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5854] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5854] close(3)                    = 0
[pid  5854] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5854] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5854] recvfrom(3, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1d\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid  5854] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5854] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5854] recvfrom(3, [{nlmsg_len=2556, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x24\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x52\x01\x00\x00\x28\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2556
[pid  5854] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5854] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2d /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5854] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x2d /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5854] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5854] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5854] close(4)                    = 0
[pid  5854] sendto(3, [{nlmsg_len=36, nlmsg_type=0x24 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5854] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x24 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5854] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5854] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5854] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5854] close(4)                    = 0
[pid  5854] sendto(3, [{nlmsg_len=64, nlmsg_type=0x24 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5854] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x24 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5854] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2d /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5854] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x2d /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5854] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5854] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[   88.506641][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.514523][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid  5854] close(4)                    = 0
[pid  5854] sendto(3, [{nlmsg_len=36, nlmsg_type=0x24 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5854] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x24 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5854] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5854] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5854] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5854] close(4)                    = 0
[pid  5854] sendto(3, [{nlmsg_len=64, nlmsg_type=0x24 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5854] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x24 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5854] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5854] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5854] close(4)                    = 0
[pid  5854] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5854] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[   88.611688][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.619647][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid  5854] recvfrom(4, [{nlmsg_len=1476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x05\x00\x43\x00\x01\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1476
[pid  5854] close(4)                    = 0
[pid  5854] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5854] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5854] close(4)                    = 0
[pid  5854] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5854] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5854] recvfrom(4, [{nlmsg_len=1476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x05\x00\x43\x00\x01\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1476
[pid  5854] close(4)                    = 0
[pid  5854] close(3)                    = 0
[pid  5854] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "100000", 6)       = 6
[pid  5854] close(3)                    = 0
[pid  5854] mkdir("./syz-tmp", 0777)    = 0
[pid  5854] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5854] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5854] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5854] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5854] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5854] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5854] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5854] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5854] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5854] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5854] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5854] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5854] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5854] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5854] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid  5854] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5854] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5854] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5854] chdir("/")                  = 0
[pid  5854] umount2("./pivot", MNT_DETACH) = 0
[pid  5854] chroot("./newroot")         = 0
[pid  5854] chdir("/")                  = 0
[pid  5854] mkdir("/dev/gadgetfs", 0777) = 0
[pid  5854] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = 0
[pid  5854] mkdir("/dev/binderfs", 0777) = 0
[pid  5854] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5854] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5854] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5854] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached
, child_tidptr=0x5555881eb650) = 2
[pid  5858] set_robust_list(0x5555881eb660, 24) = 0
[pid  5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5858] setpgid(0, 0)               = 0
[pid  5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5858] write(3, "1000", 4)         = 4
[pid  5858] close(3)                    = 0
[pid  5858] write(1, "executing program\n", 18executing program
) = 18
[pid  5858] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5858] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5858] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  5858] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  5858] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5858] recvfrom(5, [{nlmsg_len=2556, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=2}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x24\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x52\x01\x00\x00\x28\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2556
[pid  5858] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=2}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5858] close(5)                    = 0
[pid  5858] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x24\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x0b\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_NOSIGNAL|MSG_MORE|MSG_ZEROCOPY}, 0) = 36
[pid  5858] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x2c\x00\x00\x00\x24\x00\x01\x00\x28\xbd\x70\x00\xff\xdb\xdf\x25\x6c\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x08\x00\x9f\x00\x07\x00\x00\x00", iov_len=44}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_OOB|MSG_DONTROUTE|MSG_PROBE|MSG_NOSIGNAL|MSG_ZEROCOPY|MSG_FASTOPEN}, MSG_PROBE|MSG_DONTWAIT|MSG_EOR|MSG_CONFIRM|MSG_NOSIGNAL|MSG_BATCH) = 44
[pid  5858] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  5858] sendto(5, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5858] recvfrom(5, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1697853315}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1d\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid  5858] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1697853315}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5858] sendto(5, [{nlmsg_len=20, nlmsg_type=0x2d /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x01\x00\x00\x00"], 20, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 20
[pid  5858] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1697853315}, {error=0, msg={nlmsg_len=20, nlmsg_type=0x2d /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5858] sendto(5, [{nlmsg_len=84, nlmsg_type=0x2d /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00\x08\x00\x06\x00\x00\x00\x00\x00\x0a\x00\x01\x00\x08\x02\x11\x00\x00\x01\x00\x00\x22\x00\x03\x00\x88\xa8\x00\x60\x37\x12\x00\x08\x02\x11\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 84, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 84
[pid  5858] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1697853315}, {error=0, msg={nlmsg_len=84, nlmsg_type=0x2d /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[   89.218128][ T1113] ------------[ cut here ]------------
[   89.223710][ T1113] intf 08:02:11:00:00:01 [link=0]: bad STA 00:00:00:ff:ff:ff bandwidth 20 MHz (0) > channel config 10 MHz (7)
[   89.236580][ T1113] WARNING: drivers/net/wireless/virtual/mac80211_hwsim.c:2654 at mac80211_hwsim_sta_rc_update+0x6f5/0x860, CPU#0: kworker/u8:6/1113
[   89.241832][ T5858] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   89.250414][ T1113] Modules linked in:
[pid  5858] close(5)                    = 0
[pid  5858] close(3)                    = 0
[pid  5858] close(4)                    = 0
[pid  5858] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5858] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5858] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5858] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5858] close(9)                    = -1 EBADF (Bad file descriptor)
[   89.264212][ T1113] CPU: 0 UID: 0 PID: 1113 Comm: kworker/u8:6 Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[   89.276057][ T1113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.286207][ T1113] Workqueue: events_unbound cfg80211_wiphy_work
[   89.292522][ T1113] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860
[pid  5858] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5858] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5858] exit_group(0)               = ?
[pid  5858] +++ exited with 0 +++
[pid  5854] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
[pid  5854] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5854] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached
 <unfinished ...>
[pid  5859] set_robust_list(0x5555881eb660, 24) = 0
[pid  5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5859] setpgid(0, 0 <unfinished ...>
[pid  5854] <... clone resumed>, child_tidptr=0x5555881eb650) = 3
[pid  5859] <... setpgid resumed>)      = 0
[pid  5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5859] write(3, "1000", 4)         = 4
[pid  5859] close(3)                    = 0
executing program
[pid  5859] write(1, "executing program\n", 18) = 18
[pid  5859] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5859] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5859] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  5859] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  5859] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[   89.299274][ T1113] Code: 71 17 00 00 48 c7 c7 20 f4 4f 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 90 1e 81 fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 1d 4d bd fa 90 0f 0b 90 e9 fe fe ff
[   89.319073][ T1113] RSP: 0018:ffffc90003c57768 EFLAGS: 00010282
[   89.325204][ T1113] RAX: ac2bbd09d5414000 RBX: 0000000000000014 RCX: ffff888026e65a00
[   89.333219][ T1113] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   89.341463][ T1113] RBP: 0000000000000000 R08: ffffc90003c57487 R09: 1ffff9200078ae90
[   89.349753][ T1113] R10: dffffc0000000000 R11: fffff5200078ae91 R12: 0000000000000000
[   89.357799][ T1113] R13: dffffc0000000000 R14: 0000000000000007 R15: 0000000000000000
[pid  5859] recvfrom(5, [{nlmsg_len=2556, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x24\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x52\x01\x00\x00\x28\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2556
[pid  5859] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5859] close(5)                    = 0
[   89.365850][ T1113] FS:  0000000000000000(0000) GS:ffff88812579f000(0000) knlGS:0000000000000000
[   89.374802][ T1113] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   89.381456][ T1113] CR2: 00007ffed573fff8 CR3: 0000000032f16000 CR4: 00000000003526f0
[   89.389516][ T1113] Call Trace:
[   89.392811][ T1113]  <TASK>
[   89.395804][ T1113]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[   89.401846][ T1113]  mac80211_hwsim_sta_add+0xa3/0x310
[   89.407201][ T1113]  drv_sta_state+0x8be/0x1840
[   89.411912][ T1113]  sta_info_insert_rcu+0xd32/0x1940
[   89.417186][ T1113]  ? sta_info_insert_rcu+0x2ce/0x1940
[   89.422628][ T1113]  ieee80211_ocb_work+0x31f/0x580
[   89.427785][ T1113]  ? __pfx_ieee80211_ocb_work+0x10/0x10
[   89.433357][ T1113]  ? ieee80211_iface_work+0xf14/0xfe0
[   89.438781][ T1113]  ? rcu_is_watching+0x15/0xb0
[   89.443908][ T1113]  cfg80211_wiphy_work+0x2df/0x460
[   89.449294][ T1113]  ? process_scheduled_works+0x9ef/0x17b0
[   89.455045][ T1113]  process_scheduled_works+0xade/0x17b0
[   89.460667][ T1113]  ? __pfx_process_scheduled_works+0x10/0x10
[   89.466731][ T1113]  worker_thread+0x8a0/0xda0
[   89.471359][ T1113]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.477742][ T1113]  ? __kthread_parkme+0x7b/0x200
[   89.482728][ T1113]  kthread+0x711/0x8a0
[   89.486889][ T1113]  ? __pfx_worker_thread+0x10/0x10
[   89.492020][ T1113]  ? __pfx_kthread+0x10/0x10
[   89.497284][ T1113]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.502512][ T1113]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.507801][ T1113]  ? __pfx_kthread+0x10/0x10
[   89.512425][ T1113]  ret_from_fork+0x3fc/0x770
[   89.517066][ T1113]  ? __pfx_ret_from_fork+0x10/0x10
[   89.522223][ T1113]  ? __switch_to_asm+0x39/0x70
[   89.527042][ T1113]  ? __switch_to_asm+0x33/0x70
[   89.531830][ T1113]  ? __pfx_kthread+0x10/0x10
[   89.536482][ T1113]  ret_from_fork_asm+0x1a/0x30
[   89.541287][ T1113]  </TASK>
[   89.544464][ T1113] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   89.551741][ T1113] CPU: 0 UID: 0 PID: 1113 Comm: kworker/u8:6 Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) 
[   89.563356][ T1113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.573412][ T1113] Workqueue: events_unbound cfg80211_wiphy_work
[   89.579695][ T1113] Call Trace:
[   89.582973][ T1113]  <TASK>
[   89.585897][ T1113]  dump_stack_lvl+0x99/0x250
[   89.590490][ T1113]  ? __asan_memcpy+0x40/0x70
[   89.595087][ T1113]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.600304][ T1113]  ? __pfx__printk+0x10/0x10
[   89.604924][ T1113]  panic+0x2e2/0x7b0
[   89.608841][ T1113]  ? __pfx_panic+0x10/0x10
[   89.613278][ T1113]  ? ret_from_fork_asm+0x1a/0x30
[   89.618230][ T1113]  __warn+0x334/0x4c0
[   89.622222][ T1113]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   89.628310][ T1113]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   89.634393][ T1113]  report_bug+0x2be/0x4f0
[   89.638731][ T1113]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   89.644814][ T1113]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   89.650892][ T1113]  ? mac80211_hwsim_sta_rc_update+0x6f7/0x860
[   89.656971][ T1113]  handle_bug+0x84/0x160
[   89.661226][ T1113]  exc_invalid_op+0x1a/0x50
[   89.665739][ T1113]  asm_exc_invalid_op+0x1a/0x20
[   89.670607][ T1113] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860
[   89.677313][ T1113] Code: 71 17 00 00 48 c7 c7 20 f4 4f 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 90 1e 81 fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 1d 4d bd fa 90 0f 0b 90 e9 fe fe ff
[   89.696955][ T1113] RSP: 0018:ffffc90003c57768 EFLAGS: 00010282
[   89.703029][ T1113] RAX: ac2bbd09d5414000 RBX: 0000000000000014 RCX: ffff888026e65a00
[   89.711035][ T1113] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[   89.719007][ T1113] RBP: 0000000000000000 R08: ffffc90003c57487 R09: 1ffff9200078ae90
[   89.726980][ T1113] R10: dffffc0000000000 R11: fffff5200078ae91 R12: 0000000000000000
[   89.734953][ T1113] R13: dffffc0000000000 R14: 0000000000000007 R15: 0000000000000000
[   89.742941][ T1113]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[   89.748934][ T1113]  mac80211_hwsim_sta_add+0xa3/0x310
[   89.754233][ T1113]  drv_sta_state+0x8be/0x1840
[   89.758918][ T1113]  sta_info_insert_rcu+0xd32/0x1940
[   89.764126][ T1113]  ? sta_info_insert_rcu+0x2ce/0x1940
[   89.769522][ T1113]  ieee80211_ocb_work+0x31f/0x580
[   89.774570][ T1113]  ? __pfx_ieee80211_ocb_work+0x10/0x10
[   89.780130][ T1113]  ? ieee80211_iface_work+0xf14/0xfe0
[   89.785529][ T1113]  ? rcu_is_watching+0x15/0xb0
[   89.790309][ T1113]  cfg80211_wiphy_work+0x2df/0x460
[   89.795438][ T1113]  ? process_scheduled_works+0x9ef/0x17b0
[   89.801170][ T1113]  process_scheduled_works+0xade/0x17b0
[   89.806751][ T1113]  ? __pfx_process_scheduled_works+0x10/0x10
[   89.812754][ T1113]  worker_thread+0x8a0/0xda0
[   89.817367][ T1113]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.823732][ T1113]  ? __kthread_parkme+0x7b/0x200
[   89.828707][ T1113]  kthread+0x711/0x8a0
[   89.832807][ T1113]  ? __pfx_worker_thread+0x10/0x10
[   89.837932][ T1113]  ? __pfx_kthread+0x10/0x10
[   89.842538][ T1113]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.847739][ T1113]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.852947][ T1113]  ? __pfx_kthread+0x10/0x10
[   89.857544][ T1113]  ret_from_fork+0x3fc/0x770
[   89.862140][ T1113]  ? __pfx_ret_from_fork+0x10/0x10
[   89.867258][ T1113]  ? __switch_to_asm+0x39/0x70
[   89.872031][ T1113]  ? __switch_to_asm+0x33/0x70
[   89.876795][ T1113]  ? __pfx_kthread+0x10/0x10
[   89.881397][ T1113]  ret_from_fork_asm+0x1a/0x30
[   89.886187][ T1113]  </TASK>
[   89.889541][ T1113] Kernel Offset: disabled
[   89.893869][ T1113] Rebooting in 86400 seconds..