[ 1372.642423][T24543] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1372.648505][T24543] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1372.653985][T24543] ? ieee80211_restart_hw+0x290/0x290 [ 1372.659371][T24543] ? debug_object_destroy+0x210/0x210 [ 1372.664767][T24543] ? memset+0x20/0x40 [ 1372.668760][T24543] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1372.675006][T24543] ? __hrtimer_init+0x136/0x280 [ 1372.679872][T24543] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1372.685618][T24543] ? hwsim_virtio_rx_work+0x350/0x350 [ 1372.690998][T24543] ? __kmalloc_track_caller+0x1a0/0x320 [ 1372.696552][T24543] ? memcpy+0x39/0x60 [ 1372.700547][T24543] hwsim_new_radio_nl+0x9bc/0x1080 [ 1372.705677][T24543] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1372.711591][T24543] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1372.717839][T24543] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1372.725221][T24543] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1372.732523][T24543] genl_family_rcv_msg_doit+0x228/0x320 [ 1372.738084][T24543] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1372.745465][T24543] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1372.751719][T24543] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1372.757982][T24543] ? ns_capable+0xde/0x100 [ 1372.762394][T24543] genl_rcv_msg+0x328/0x580 [ 1372.767005][T24543] ? genl_get_cmd+0x480/0x480 [ 1372.771692][T24543] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1372.777604][T24543] ? lock_release+0x720/0x720 [ 1372.782283][T24543] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1372.787577][T24543] netlink_rcv_skb+0x153/0x420 [ 1372.792350][T24543] ? genl_get_cmd+0x480/0x480 [ 1372.797045][T24543] ? netlink_ack+0xa60/0xa60 [ 1372.801659][T24543] genl_rcv+0x24/0x40 [ 1372.805649][T24543] netlink_unicast+0x533/0x7d0 [ 1372.810431][T24543] ? netlink_attachskb+0x890/0x890 [ 1372.815549][T24543] ? __virt_addr_valid+0x5d/0x2d0 [ 1372.820579][T24543] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1372.826807][T24543] ? __phys_addr_symbol+0x2c/0x70 [ 1372.831819][T24543] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1372.837544][T24543] ? __check_object_size+0x16e/0x3f0 [ 1372.842849][T24543] netlink_sendmsg+0x85b/0xda0 [ 1372.847611][T24543] ? netlink_unicast+0x7d0/0x7d0 [ 1372.852627][T24543] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1372.858853][T24543] ? netlink_unicast+0x7d0/0x7d0 [ 1372.863784][T24543] sock_sendmsg+0xcf/0x120 [ 1372.868207][T24543] ____sys_sendmsg+0x6e8/0x810 [ 1372.872973][T24543] ? kernel_sendmsg+0x50/0x50 [ 1372.877818][T24543] ? do_recvmmsg+0x6d0/0x6d0 [ 1372.882407][T24543] ? lock_chain_count+0x20/0x20 [ 1372.887257][T24543] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1372.893239][T24543] ___sys_sendmsg+0xf3/0x170 [ 1372.897824][T24543] ? sendmsg_copy_msghdr+0x160/0x160 [ 1372.903107][T24543] ? __fget_files+0x266/0x3d0 [ 1372.907778][T24543] ? lock_downgrade+0x6e0/0x6e0 [ 1372.912636][T24543] ? __fget_files+0x288/0x3d0 [ 1372.917317][T24543] ? __fget_light+0xea/0x280 [ 1372.921903][T24543] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1372.928149][T24543] __sys_sendmsg+0xe5/0x1b0 [ 1372.932822][T24543] ? __sys_sendmsg_sock+0x30/0x30 [ 1372.937859][T24543] ? syscall_enter_from_user_mode+0x21/0x70 [ 1372.943754][T24543] do_syscall_64+0x35/0xb0 [ 1372.948164][T24543] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1372.954061][T24543] RIP: 0033:0x4665d9 [ 1372.957946][T24543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1372.977630][T24543] RSP: 002b:00007ff8ad9cc188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1372.986038][T24543] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1372.993998][T24543] RDX: 7400000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1373.001961][T24543] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1373.009923][T24543] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1373.017881][T24543] R13: 00007ffd9d70a0cf R14: 00007ff8ad9cc300 R15: 0000000000022000 21:28:27 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:27 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c6c940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:28:27 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x7a00000000000000) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 21:28:27 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d014e0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:27 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03440000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1373.354402][T24600] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1373.434115][T24600] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1373.434115][T24600] !' [ 1373.469383][T24600] CPU: 1 PID: 24600 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1373.478113][T24600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1373.488249][T24600] Call Trace: [ 1373.491517][T24600] dump_stack_lvl+0xcd/0x134 [ 1373.496108][T24600] sysfs_warn_dup.cold+0x1c/0x29 [ 1373.501040][T24600] sysfs_do_create_link_sd+0x11e/0x140 [ 1373.506494][T24600] sysfs_create_link+0x5f/0xc0 [ 1373.511252][T24600] device_add+0x789/0x2100 [ 1373.515659][T24600] ? mutex_lock_io_nested+0xf00/0xf00 [ 1373.521022][T24600] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1373.526648][T24600] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1373.532876][T24600] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1373.539106][T24600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1373.545336][T24600] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1373.551318][T24600] wiphy_register+0x1e8a/0x29b0 [ 1373.556169][T24600] ? wiphy_unregister+0xbd0/0xbd0 [ 1373.561180][T24600] ? minstrel_ht_alloc+0x531/0xa00 [ 1373.566291][T24600] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1373.572359][T24600] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1373.577831][T24600] ? ieee80211_restart_hw+0x290/0x290 [ 1373.583203][T24600] ? debug_object_destroy+0x210/0x210 [ 1373.588575][T24600] ? memset+0x20/0x40 [ 1373.592552][T24600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1373.598781][T24600] ? __hrtimer_init+0x136/0x280 [ 1373.603645][T24600] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1373.609375][T24600] ? hwsim_virtio_rx_work+0x350/0x350 [ 1373.614743][T24600] ? __kmalloc_track_caller+0x1a0/0x320 [ 1373.620280][T24600] ? memcpy+0x39/0x60 [ 1373.624431][T24600] hwsim_new_radio_nl+0x9bc/0x1080 [ 1373.629631][T24600] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1373.635528][T24600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1373.641763][T24600] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1373.649140][T24600] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1373.656426][T24600] genl_family_rcv_msg_doit+0x228/0x320 [ 1373.661970][T24600] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1373.669337][T24600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1373.675581][T24600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1373.681812][T24600] ? ns_capable+0xde/0x100 [ 1373.686223][T24600] genl_rcv_msg+0x328/0x580 [ 1373.690725][T24600] ? genl_get_cmd+0x480/0x480 [ 1373.695395][T24600] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1373.701284][T24600] ? lock_release+0x720/0x720 [ 1373.705954][T24600] netlink_rcv_skb+0x153/0x420 [ 1373.710711][T24600] ? genl_get_cmd+0x480/0x480 [ 1373.715382][T24600] ? netlink_ack+0xa60/0xa60 [ 1373.719971][T24600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1373.726206][T24600] genl_rcv+0x24/0x40 [ 1373.730180][T24600] netlink_unicast+0x533/0x7d0 [ 1373.734939][T24600] ? netlink_attachskb+0x890/0x890 [ 1373.740043][T24600] ? __virt_addr_valid+0x5d/0x2d0 [ 1373.745060][T24600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1373.751291][T24600] ? __phys_addr_symbol+0x2c/0x70 [ 1373.756322][T24600] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1373.762029][T24600] ? __check_object_size+0x16e/0x3f0 [ 1373.767307][T24600] netlink_sendmsg+0x85b/0xda0 [ 1373.772069][T24600] ? netlink_unicast+0x7d0/0x7d0 [ 1373.777006][T24600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1373.783239][T24600] ? netlink_unicast+0x7d0/0x7d0 [ 1373.788170][T24600] sock_sendmsg+0xcf/0x120 [ 1373.792578][T24600] ____sys_sendmsg+0x6e8/0x810 [ 1373.797334][T24600] ? kernel_sendmsg+0x50/0x50 [ 1373.801997][T24600] ? do_recvmmsg+0x6d0/0x6d0 [ 1373.806583][T24600] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1373.812561][T24600] ___sys_sendmsg+0xf3/0x170 [ 1373.817148][T24600] ? sendmsg_copy_msghdr+0x160/0x160 [ 1373.822427][T24600] ? __fget_files+0x266/0x3d0 [ 1373.827110][T24600] ? lock_downgrade+0x6e0/0x6e0 [ 1373.831962][T24600] ? __fget_files+0x288/0x3d0 [ 1373.836636][T24600] ? __fget_light+0xea/0x280 [ 1373.841217][T24600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1373.847625][T24600] __sys_sendmsg+0xe5/0x1b0 [ 1373.852119][T24600] ? __sys_sendmsg_sock+0x30/0x30 [ 1373.857147][T24600] ? syscall_enter_from_user_mode+0x21/0x70 [ 1373.863041][T24600] do_syscall_64+0x35/0xb0 [ 1373.867467][T24600] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1373.873356][T24600] RIP: 0033:0x4665d9 [ 1373.877238][T24600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1373.896833][T24600] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1373.905234][T24600] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1373.913191][T24600] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1373.921152][T24600] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 21:28:28 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1373.929109][T24600] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1373.937069][T24600] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1374.055306][T24604] __nla_validate_parse: 12 callbacks suppressed [ 1374.055324][T24604] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1374.119082][T24611] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1374.125514][T24612] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1374.166971][T24611] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1374.188996][T24613] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1374.226806][T24611] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1374.226806][T24611] !' 21:28:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d024e0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1374.275778][T24611] CPU: 1 PID: 24611 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1374.284411][T24611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1374.294467][T24611] Call Trace: [ 1374.297744][T24611] dump_stack_lvl+0xcd/0x134 [ 1374.302350][T24611] sysfs_warn_dup.cold+0x1c/0x29 [ 1374.307295][T24611] sysfs_do_create_link_sd+0x11e/0x140 [ 1374.312764][T24611] sysfs_create_link+0x5f/0xc0 [ 1374.317535][T24611] device_add+0x789/0x2100 [ 1374.321957][T24611] ? mutex_lock_io_nested+0xf00/0xf00 [ 1374.327336][T24611] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1374.332890][T24611] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1374.339138][T24611] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1374.345385][T24611] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1374.351627][T24611] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1374.357622][T24611] wiphy_register+0x1e8a/0x29b0 [ 1374.362488][T24611] ? wiphy_unregister+0xbd0/0xbd0 [ 1374.367521][T24611] ? minstrel_ht_alloc+0x531/0xa00 [ 1374.372647][T24611] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1374.378735][T24611] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1374.384221][T24611] ? ieee80211_restart_hw+0x290/0x290 [ 1374.389603][T24611] ? debug_object_destroy+0x210/0x210 [ 1374.394992][T24611] ? memset+0x20/0x40 [ 1374.398981][T24611] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1374.405227][T24611] ? __hrtimer_init+0x136/0x280 [ 1374.410096][T24611] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1374.415847][T24611] ? hwsim_virtio_rx_work+0x350/0x350 [ 1374.421231][T24611] ? __kmalloc_track_caller+0x1a0/0x320 [ 1374.426785][T24611] ? memcpy+0x39/0x60 [ 1374.430780][T24611] hwsim_new_radio_nl+0x9bc/0x1080 [ 1374.435905][T24611] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1374.441820][T24611] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1374.448068][T24611] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1374.455451][T24611] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1374.462751][T24611] genl_family_rcv_msg_doit+0x228/0x320 [ 1374.468313][T24611] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1374.475721][T24611] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1374.481966][T24611] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1374.488197][T24611] ? ns_capable+0xde/0x100 [ 1374.492605][T24611] genl_rcv_msg+0x328/0x580 [ 1374.497106][T24611] ? genl_get_cmd+0x480/0x480 [ 1374.502215][T24611] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1374.508107][T24611] ? lock_release+0x720/0x720 [ 1374.512770][T24611] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1374.518140][T24611] netlink_rcv_skb+0x153/0x420 [ 1374.522899][T24611] ? genl_get_cmd+0x480/0x480 [ 1374.527578][T24611] ? netlink_ack+0xa60/0xa60 [ 1374.532174][T24611] genl_rcv+0x24/0x40 [ 1374.536148][T24611] netlink_unicast+0x533/0x7d0 [ 1374.541108][T24611] ? netlink_attachskb+0x890/0x890 [ 1374.546217][T24611] ? __virt_addr_valid+0x5d/0x2d0 [ 1374.551236][T24611] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1374.557468][T24611] ? __phys_addr_symbol+0x2c/0x70 [ 1374.562486][T24611] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1374.568194][T24611] ? __check_object_size+0x16e/0x3f0 [ 1374.573477][T24611] netlink_sendmsg+0x85b/0xda0 [ 1374.578244][T24611] ? netlink_unicast+0x7d0/0x7d0 [ 1374.583179][T24611] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1374.589412][T24611] ? netlink_unicast+0x7d0/0x7d0 [ 1374.594370][T24611] sock_sendmsg+0xcf/0x120 [ 1374.598786][T24611] ____sys_sendmsg+0x6e8/0x810 [ 1374.603544][T24611] ? kernel_sendmsg+0x50/0x50 [ 1374.608212][T24611] ? do_recvmmsg+0x6d0/0x6d0 [ 1374.612960][T24611] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1374.618941][T24611] ___sys_sendmsg+0xf3/0x170 [ 1374.623786][T24611] ? sendmsg_copy_msghdr+0x160/0x160 [ 1374.629067][T24611] ? __fget_files+0x266/0x3d0 [ 1374.633737][T24611] ? lock_downgrade+0x6e0/0x6e0 [ 1374.638677][T24611] ? __fget_files+0x288/0x3d0 [ 1374.643357][T24611] ? __fget_light+0xea/0x280 [ 1374.647944][T24611] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1374.654499][T24611] __sys_sendmsg+0xe5/0x1b0 [ 1374.659001][T24611] ? __sys_sendmsg_sock+0x30/0x30 [ 1374.664033][T24611] ? syscall_enter_from_user_mode+0x21/0x70 [ 1374.669933][T24611] do_syscall_64+0x35/0xb0 [ 1374.674348][T24611] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1374.680333][T24611] RIP: 0033:0x4665d9 [ 1374.684222][T24611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1374.703821][T24611] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1374.712226][T24611] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1374.720189][T24611] RDX: 7a00000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1374.728261][T24611] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1374.736224][T24611] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1374.744185][T24611] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:28:28 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00450000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1374.859055][T24650] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1374.880860][T24631] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1374.883799][T24644] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:28:29 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1374.889211][T24631] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:28:29 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1375.029293][T24631] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1375.029293][T24631] !' [ 1375.087125][T24631] CPU: 0 PID: 24631 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1375.095668][T24631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1375.105726][T24631] Call Trace: [ 1375.109006][T24631] dump_stack_lvl+0xcd/0x134 [ 1375.113616][T24631] sysfs_warn_dup.cold+0x1c/0x29 [ 1375.118572][T24631] sysfs_do_create_link_sd+0x11e/0x140 [ 1375.124046][T24631] sysfs_create_link+0x5f/0xc0 [ 1375.128821][T24631] device_add+0x789/0x2100 [ 1375.133248][T24631] ? mutex_lock_io_nested+0xf00/0xf00 [ 1375.138635][T24631] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1375.144456][T24631] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1375.150708][T24631] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1375.156963][T24631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.163213][T24631] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1375.169210][T24631] wiphy_register+0x1e8a/0x29b0 [ 1375.174077][T24631] ? wiphy_unregister+0xbd0/0xbd0 [ 1375.179106][T24631] ? minstrel_ht_alloc+0x531/0xa00 [ 1375.184326][T24631] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1375.190422][T24631] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1375.195909][T24631] ? ieee80211_restart_hw+0x290/0x290 [ 1375.201298][T24631] ? debug_object_destroy+0x210/0x210 [ 1375.206772][T24631] ? memset+0x20/0x40 [ 1375.210943][T24631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.217191][T24631] ? __hrtimer_init+0x136/0x280 [ 1375.222450][T24631] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1375.228525][T24631] ? hwsim_virtio_rx_work+0x350/0x350 [ 1375.233909][T24631] ? __kmalloc_track_caller+0x1a0/0x320 [ 1375.239469][T24631] ? memcpy+0x39/0x60 [ 1375.243466][T24631] hwsim_new_radio_nl+0x9bc/0x1080 [ 1375.248594][T24631] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1375.254506][T24631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.260756][T24631] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1375.268145][T24631] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1375.275446][T24631] genl_family_rcv_msg_doit+0x228/0x320 [ 1375.281556][T24631] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1375.288940][T24631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.295179][T24631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.301412][T24631] ? ns_capable+0xde/0x100 [ 1375.306066][T24631] genl_rcv_msg+0x328/0x580 [ 1375.311012][T24631] ? genl_get_cmd+0x480/0x480 [ 1375.315705][T24631] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1375.322121][T24631] ? lock_release+0x720/0x720 [ 1375.326809][T24631] netlink_rcv_skb+0x153/0x420 [ 1375.331568][T24631] ? genl_get_cmd+0x480/0x480 [ 1375.336465][T24631] ? netlink_ack+0xa60/0xa60 [ 1375.341081][T24631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.347532][T24631] genl_rcv+0x24/0x40 [ 1375.351511][T24631] netlink_unicast+0x533/0x7d0 [ 1375.356286][T24631] ? netlink_attachskb+0x890/0x890 [ 1375.361390][T24631] ? __virt_addr_valid+0x5d/0x2d0 [ 1375.366508][T24631] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1375.372761][T24631] ? __phys_addr_symbol+0x2c/0x70 [ 1375.377790][T24631] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1375.383501][T24631] ? __check_object_size+0x16e/0x3f0 [ 1375.388797][T24631] netlink_sendmsg+0x85b/0xda0 [ 1375.393565][T24631] ? netlink_unicast+0x7d0/0x7d0 [ 1375.398520][T24631] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.404768][T24631] ? netlink_unicast+0x7d0/0x7d0 [ 1375.409704][T24631] sock_sendmsg+0xcf/0x120 [ 1375.414132][T24631] ____sys_sendmsg+0x6e8/0x810 [ 1375.418907][T24631] ? kernel_sendmsg+0x50/0x50 [ 1375.423583][T24631] ? do_recvmmsg+0x6d0/0x6d0 [ 1375.428184][T24631] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1375.434279][T24631] ___sys_sendmsg+0xf3/0x170 [ 1375.438876][T24631] ? sendmsg_copy_msghdr+0x160/0x160 [ 1375.444263][T24631] ? __fget_files+0x266/0x3d0 [ 1375.448947][T24631] ? lock_downgrade+0x6e0/0x6e0 [ 1375.453804][T24631] ? __fget_files+0x288/0x3d0 [ 1375.458500][T24631] ? __fget_light+0xea/0x280 [ 1375.463104][T24631] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1375.469353][T24631] __sys_sendmsg+0xe5/0x1b0 [ 1375.473851][T24631] ? __sys_sendmsg_sock+0x30/0x30 [ 1375.478914][T24631] ? syscall_enter_from_user_mode+0x21/0x70 [ 1375.484802][T24631] do_syscall_64+0x35/0xb0 [ 1375.489208][T24631] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1375.495099][T24631] RIP: 0033:0x4665d9 [ 1375.498994][T24631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1375.518594][T24631] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1375.527011][T24631] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1375.534971][T24631] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1375.542933][T24631] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1375.550910][T24631] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1375.558880][T24631] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:28:29 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c6f940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:28:29 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01450000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:29 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d034e0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1375.637717][T24636] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1375.650022][T24671] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1375.665544][T24636] netlink: 146340 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1375.726707][T24636] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1375.726707][T24636] !' [ 1375.780318][T24636] CPU: 0 PID: 24636 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1375.788960][T24636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1375.799014][T24636] Call Trace: [ 1375.802294][T24636] dump_stack_lvl+0xcd/0x134 [ 1375.806903][T24636] sysfs_warn_dup.cold+0x1c/0x29 [ 1375.811854][T24636] sysfs_do_create_link_sd+0x11e/0x140 [ 1375.817330][T24636] sysfs_create_link+0x5f/0xc0 [ 1375.822110][T24636] device_add+0x789/0x2100 [ 1375.826539][T24636] ? mutex_lock_io_nested+0xf00/0xf00 [ 1375.831920][T24636] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1375.837478][T24636] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1375.843726][T24636] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1375.849968][T24636] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.856204][T24636] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1375.862202][T24636] wiphy_register+0x1e8a/0x29b0 [ 1375.867073][T24636] ? wiphy_unregister+0xbd0/0xbd0 [ 1375.872106][T24636] ? minstrel_ht_alloc+0x531/0xa00 [ 1375.877236][T24636] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1375.883327][T24636] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1375.888817][T24636] ? ieee80211_restart_hw+0x290/0x290 [ 1375.894204][T24636] ? debug_object_destroy+0x210/0x210 [ 1375.899592][T24636] ? memset+0x20/0x40 [ 1375.903583][T24636] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.909835][T24636] ? __hrtimer_init+0x136/0x280 [ 1375.914703][T24636] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1375.921090][T24636] ? hwsim_virtio_rx_work+0x350/0x350 [ 1375.926474][T24636] ? __kmalloc_track_caller+0x1a0/0x320 [ 1375.932029][T24636] ? memcpy+0x39/0x60 [ 1375.936031][T24636] hwsim_new_radio_nl+0x9bc/0x1080 [ 1375.941190][T24636] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1375.947106][T24636] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.953346][T24636] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1375.960720][T24636] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1375.968022][T24636] genl_family_rcv_msg_doit+0x228/0x320 [ 1375.973572][T24636] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1375.980948][T24636] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.987202][T24636] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1375.993440][T24636] ? ns_capable+0xde/0x100 [ 1375.997859][T24636] genl_rcv_msg+0x328/0x580 [ 1376.002508][T24636] ? genl_get_cmd+0x480/0x480 [ 1376.007316][T24636] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1376.013237][T24636] ? lock_release+0x720/0x720 [ 1376.017913][T24636] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1376.023202][T24636] netlink_rcv_skb+0x153/0x420 [ 1376.027972][T24636] ? genl_get_cmd+0x480/0x480 [ 1376.032653][T24636] ? netlink_ack+0xa60/0xa60 [ 1376.037289][T24636] genl_rcv+0x24/0x40 [ 1376.041270][T24636] netlink_unicast+0x533/0x7d0 [ 1376.046050][T24636] ? netlink_attachskb+0x890/0x890 [ 1376.051160][T24636] ? __virt_addr_valid+0x5d/0x2d0 [ 1376.056182][T24636] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1376.062419][T24636] ? __phys_addr_symbol+0x2c/0x70 [ 1376.067442][T24636] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1376.073158][T24636] ? __check_object_size+0x16e/0x3f0 [ 1376.078444][T24636] netlink_sendmsg+0x85b/0xda0 [ 1376.083216][T24636] ? netlink_unicast+0x7d0/0x7d0 [ 1376.088162][T24636] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1376.094399][T24636] ? netlink_unicast+0x7d0/0x7d0 [ 1376.099337][T24636] sock_sendmsg+0xcf/0x120 [ 1376.103750][T24636] ____sys_sendmsg+0x6e8/0x810 [ 1376.108513][T24636] ? kernel_sendmsg+0x50/0x50 [ 1376.113181][T24636] ? do_recvmmsg+0x6d0/0x6d0 [ 1376.117773][T24636] ? lock_chain_count+0x20/0x20 [ 1376.122618][T24636] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1376.128602][T24636] ___sys_sendmsg+0xf3/0x170 [ 1376.133191][T24636] ? sendmsg_copy_msghdr+0x160/0x160 [ 1376.138483][T24636] ? __fget_files+0x266/0x3d0 [ 1376.143158][T24636] ? lock_downgrade+0x6e0/0x6e0 [ 1376.148019][T24636] ? __fget_files+0x288/0x3d0 [ 1376.152698][T24636] ? __fget_light+0xea/0x280 [ 1376.157287][T24636] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1376.163528][T24636] __sys_sendmsg+0xe5/0x1b0 [ 1376.168028][T24636] ? __sys_sendmsg_sock+0x30/0x30 [ 1376.173062][T24636] ? syscall_enter_from_user_mode+0x21/0x70 [ 1376.178959][T24636] do_syscall_64+0x35/0xb0 [ 1376.183371][T24636] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1376.189261][T24636] RIP: 0033:0x4665d9 [ 1376.193148][T24636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1376.212747][T24636] RSP: 002b:00007ff8ad9cc188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1376.221156][T24636] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1376.229122][T24636] RDX: 7a00000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1376.237085][T24636] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1376.245045][T24636] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1376.253181][T24636] R13: 00007ffd9d70a0cf R14: 00007ff8ad9cc300 R15: 0000000000022000 [ 1376.391826][T24678] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:28:30 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1376.456382][T24691] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:28:30 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x9effffff00000000) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 21:28:30 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1376.583039][T24691] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1376.583039][T24691] !' [ 1376.609031][T24691] CPU: 0 PID: 24691 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1376.617559][T24691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1376.627616][T24691] Call Trace: [ 1376.630897][T24691] dump_stack_lvl+0xcd/0x134 [ 1376.635501][T24691] sysfs_warn_dup.cold+0x1c/0x29 [ 1376.640528][T24691] sysfs_do_create_link_sd+0x11e/0x140 [ 1376.645993][T24691] sysfs_create_link+0x5f/0xc0 [ 1376.650769][T24691] device_add+0x789/0x2100 [ 1376.655196][T24691] ? mutex_lock_io_nested+0xf00/0xf00 [ 1376.660574][T24691] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1376.666131][T24691] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1376.672381][T24691] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1376.678638][T24691] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1376.684880][T24691] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1376.690879][T24691] wiphy_register+0x1e8a/0x29b0 [ 1376.695749][T24691] ? wiphy_unregister+0xbd0/0xbd0 [ 1376.700778][T24691] ? minstrel_ht_alloc+0x531/0xa00 [ 1376.705910][T24691] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1376.711997][T24691] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1376.717486][T24691] ? ieee80211_restart_hw+0x290/0x290 [ 1376.722873][T24691] ? debug_object_destroy+0x210/0x210 [ 1376.728263][T24691] ? memset+0x20/0x40 [ 1376.732257][T24691] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1376.738510][T24691] ? __hrtimer_init+0x136/0x280 [ 1376.743380][T24691] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1376.749138][T24691] ? hwsim_virtio_rx_work+0x350/0x350 [ 1376.754522][T24691] ? __kmalloc_track_caller+0x1a0/0x320 [ 1376.760080][T24691] ? memcpy+0x39/0x60 [ 1376.764078][T24691] hwsim_new_radio_nl+0x9bc/0x1080 [ 1376.769206][T24691] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1376.775125][T24691] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1376.781375][T24691] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1376.788765][T24691] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1376.796071][T24691] genl_family_rcv_msg_doit+0x228/0x320 [ 1376.801633][T24691] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1376.809019][T24691] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1376.815287][T24691] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1376.821535][T24691] ? ns_capable+0xde/0x100 [ 1376.825961][T24691] genl_rcv_msg+0x328/0x580 [ 1376.830473][T24691] ? genl_get_cmd+0x480/0x480 [ 1376.835155][T24691] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1376.841071][T24691] ? lock_release+0x720/0x720 [ 1376.845767][T24691] netlink_rcv_skb+0x153/0x420 [ 1376.850544][T24691] ? genl_get_cmd+0x480/0x480 [ 1376.855236][T24691] ? netlink_ack+0xa60/0xa60 [ 1376.859933][T24691] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1376.866192][T24691] genl_rcv+0x24/0x40 [ 1376.870186][T24691] netlink_unicast+0x533/0x7d0 [ 1376.874966][T24691] ? netlink_attachskb+0x890/0x890 [ 1376.880088][T24691] ? __virt_addr_valid+0x5d/0x2d0 [ 1376.885120][T24691] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1376.891367][T24691] ? __phys_addr_symbol+0x2c/0x70 [ 1376.896403][T24691] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1376.902134][T24691] ? __check_object_size+0x16e/0x3f0 [ 1376.907439][T24691] netlink_sendmsg+0x85b/0xda0 [ 1376.912222][T24691] ? netlink_unicast+0x7d0/0x7d0 [ 1376.917182][T24691] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1376.923437][T24691] ? netlink_unicast+0x7d0/0x7d0 [ 1376.928389][T24691] sock_sendmsg+0xcf/0x120 [ 1376.932823][T24691] ____sys_sendmsg+0x6e8/0x810 [ 1376.937598][T24691] ? kernel_sendmsg+0x50/0x50 [ 1376.942283][T24691] ? do_recvmmsg+0x6d0/0x6d0 [ 1376.947070][T24691] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1376.953058][T24691] ___sys_sendmsg+0xf3/0x170 [ 1376.957664][T24691] ? sendmsg_copy_msghdr+0x160/0x160 [ 1376.962963][T24691] ? __fget_files+0x266/0x3d0 [ 1376.967823][T24691] ? lock_downgrade+0x6e0/0x6e0 [ 1376.972880][T24691] ? __fget_files+0x288/0x3d0 [ 1376.977587][T24691] ? __fget_light+0xea/0x280 [ 1376.982190][T24691] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1376.988653][T24691] __sys_sendmsg+0xe5/0x1b0 [ 1376.993154][T24691] ? __sys_sendmsg_sock+0x30/0x30 [ 1376.998222][T24691] ? syscall_enter_from_user_mode+0x21/0x70 [ 1377.004242][T24691] do_syscall_64+0x35/0xb0 [ 1377.008657][T24691] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1377.014566][T24691] RIP: 0033:0x4665d9 [ 1377.018463][T24691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1377.038493][T24691] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1377.047777][T24691] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1377.055742][T24691] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1377.063715][T24691] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1377.071777][T24691] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1377.079751][T24691] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 21:28:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02450000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:31 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c70940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1377.140479][T24713] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1377.160473][T24713] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1377.160473][T24713] !' [ 1377.218616][T24713] CPU: 0 PID: 24713 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1377.227343][T24713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1377.237404][T24713] Call Trace: [ 1377.240692][T24713] dump_stack_lvl+0xcd/0x134 [ 1377.245298][T24713] sysfs_warn_dup.cold+0x1c/0x29 [ 1377.250253][T24713] sysfs_do_create_link_sd+0x11e/0x140 [ 1377.255725][T24713] sysfs_create_link+0x5f/0xc0 [ 1377.260505][T24713] device_add+0x789/0x2100 [ 1377.264939][T24713] ? mutex_lock_io_nested+0xf00/0xf00 [ 1377.270320][T24713] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1377.275878][T24713] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1377.282130][T24713] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1377.288380][T24713] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1377.294632][T24713] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1377.300629][T24713] wiphy_register+0x1e8a/0x29b0 [ 1377.305494][T24713] ? wiphy_unregister+0xbd0/0xbd0 [ 1377.310520][T24713] ? minstrel_ht_alloc+0x531/0xa00 [ 1377.315652][T24713] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1377.322006][T24713] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1377.327491][T24713] ? ieee80211_restart_hw+0x290/0x290 [ 1377.332880][T24713] ? debug_object_destroy+0x210/0x210 [ 1377.338313][T24713] ? memset+0x20/0x40 [ 1377.342310][T24713] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1377.348562][T24713] ? __hrtimer_init+0x136/0x280 [ 1377.353431][T24713] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1377.359185][T24713] ? hwsim_virtio_rx_work+0x350/0x350 [ 1377.364567][T24713] ? __kmalloc_track_caller+0x1a0/0x320 [ 1377.370126][T24713] ? memcpy+0x39/0x60 [ 1377.374124][T24713] hwsim_new_radio_nl+0x9bc/0x1080 [ 1377.379253][T24713] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1377.385172][T24713] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1377.391423][T24713] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1377.398809][T24713] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1377.406113][T24713] genl_family_rcv_msg_doit+0x228/0x320 [ 1377.411674][T24713] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1377.419061][T24713] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1377.425321][T24713] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1377.431572][T24713] ? ns_capable+0xde/0x100 [ 1377.436004][T24713] genl_rcv_msg+0x328/0x580 [ 1377.440521][T24713] ? genl_get_cmd+0x480/0x480 [ 1377.445204][T24713] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1377.451117][T24713] ? lock_release+0x720/0x720 [ 1377.455800][T24713] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1377.461102][T24713] netlink_rcv_skb+0x153/0x420 21:28:31 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d004f0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1377.465880][T24713] ? genl_get_cmd+0x480/0x480 [ 1377.470584][T24713] ? netlink_ack+0xa60/0xa60 [ 1377.475203][T24713] genl_rcv+0x24/0x40 [ 1377.479198][T24713] netlink_unicast+0x533/0x7d0 [ 1377.483978][T24713] ? netlink_attachskb+0x890/0x890 [ 1377.489098][T24713] ? __virt_addr_valid+0x5d/0x2d0 [ 1377.494220][T24713] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1377.500472][T24713] ? __phys_addr_symbol+0x2c/0x70 [ 1377.505501][T24713] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1377.511234][T24713] ? __check_object_size+0x16e/0x3f0 [ 1377.516532][T24713] netlink_sendmsg+0x85b/0xda0 [ 1377.521314][T24713] ? netlink_unicast+0x7d0/0x7d0 [ 1377.526274][T24713] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1377.532525][T24713] ? netlink_unicast+0x7d0/0x7d0 [ 1377.537475][T24713] sock_sendmsg+0xcf/0x120 [ 1377.541901][T24713] ____sys_sendmsg+0x6e8/0x810 [ 1377.546684][T24713] ? kernel_sendmsg+0x50/0x50 [ 1377.551367][T24713] ? do_recvmmsg+0x6d0/0x6d0 [ 1377.555968][T24713] ? lock_chain_count+0x20/0x20 [ 1377.560828][T24713] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1377.566824][T24713] ___sys_sendmsg+0xf3/0x170 [ 1377.571427][T24713] ? sendmsg_copy_msghdr+0x160/0x160 [ 1377.576732][T24713] ? __fget_files+0x266/0x3d0 [ 1377.581418][T24713] ? lock_downgrade+0x6e0/0x6e0 [ 1377.586290][T24713] ? __fget_files+0x288/0x3d0 [ 1377.590981][T24713] ? __fget_light+0xea/0x280 [ 1377.595579][T24713] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1377.601826][T24713] __sys_sendmsg+0xe5/0x1b0 [ 1377.606334][T24713] ? __sys_sendmsg_sock+0x30/0x30 [ 1377.611377][T24713] ? syscall_enter_from_user_mode+0x21/0x70 [ 1377.617285][T24713] do_syscall_64+0x35/0xb0 [ 1377.621702][T24713] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1377.627603][T24713] RIP: 0033:0x4665d9 [ 1377.631495][T24713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1377.651194][T24713] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1377.659608][T24713] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1377.667580][T24713] RDX: 9effffff00000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1377.675552][T24713] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1377.683520][T24713] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1377.691483][T24713] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:28:31 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1377.813892][T24740] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:28:32 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03450000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1377.888146][T24740] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1377.888146][T24740] !' 21:28:32 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0xb501000000000000) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1377.939824][T24740] CPU: 0 PID: 24740 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1377.948379][T24740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1377.958439][T24740] Call Trace: [ 1377.961721][T24740] dump_stack_lvl+0xcd/0x134 [ 1377.966334][T24740] sysfs_warn_dup.cold+0x1c/0x29 [ 1377.971288][T24740] sysfs_do_create_link_sd+0x11e/0x140 [ 1377.976767][T24740] sysfs_create_link+0x5f/0xc0 [ 1377.981549][T24740] device_add+0x789/0x2100 [ 1377.985980][T24740] ? mutex_lock_io_nested+0xf00/0xf00 [ 1377.991365][T24740] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1377.996930][T24740] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1378.003179][T24740] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1378.009427][T24740] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.015676][T24740] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1378.021677][T24740] wiphy_register+0x1e8a/0x29b0 [ 1378.026546][T24740] ? wiphy_unregister+0xbd0/0xbd0 [ 1378.031581][T24740] ? minstrel_ht_alloc+0x531/0xa00 [ 1378.036710][T24740] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1378.042793][T24740] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1378.048288][T24740] ? ieee80211_restart_hw+0x290/0x290 [ 1378.053679][T24740] ? debug_object_destroy+0x210/0x210 [ 1378.059073][T24740] ? memset+0x20/0x40 [ 1378.063112][T24740] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.069358][T24740] ? __hrtimer_init+0x136/0x280 [ 1378.074228][T24740] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1378.079981][T24740] ? hwsim_virtio_rx_work+0x350/0x350 [ 1378.085369][T24740] ? __kmalloc_track_caller+0x1a0/0x320 [ 1378.090932][T24740] ? memcpy+0x39/0x60 [ 1378.094937][T24740] hwsim_new_radio_nl+0x9bc/0x1080 [ 1378.100069][T24740] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1378.105985][T24740] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.112235][T24740] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1378.119623][T24740] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1378.126931][T24740] genl_family_rcv_msg_doit+0x228/0x320 [ 1378.132494][T24740] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1378.139884][T24740] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.146153][T24740] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.152402][T24740] ? ns_capable+0xde/0x100 [ 1378.156836][T24740] genl_rcv_msg+0x328/0x580 [ 1378.161356][T24740] ? genl_get_cmd+0x480/0x480 [ 1378.166048][T24740] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1378.171957][T24740] ? lock_release+0x720/0x720 [ 1378.176649][T24740] netlink_rcv_skb+0x153/0x420 [ 1378.181428][T24740] ? genl_get_cmd+0x480/0x480 [ 1378.186125][T24740] ? netlink_ack+0xa60/0xa60 [ 1378.190738][T24740] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.196997][T24740] genl_rcv+0x24/0x40 [ 1378.200990][T24740] netlink_unicast+0x533/0x7d0 [ 1378.205775][T24740] ? netlink_attachskb+0x890/0x890 [ 1378.210897][T24740] ? __virt_addr_valid+0x5d/0x2d0 [ 1378.215940][T24740] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1378.222191][T24740] ? __phys_addr_symbol+0x2c/0x70 [ 1378.227224][T24740] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1378.232951][T24740] ? __check_object_size+0x16e/0x3f0 [ 1378.238254][T24740] netlink_sendmsg+0x85b/0xda0 [ 1378.243039][T24740] ? netlink_unicast+0x7d0/0x7d0 [ 1378.247997][T24740] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.254247][T24740] ? netlink_unicast+0x7d0/0x7d0 [ 1378.259198][T24740] sock_sendmsg+0xcf/0x120 [ 1378.263626][T24740] ____sys_sendmsg+0x6e8/0x810 [ 1378.268404][T24740] ? kernel_sendmsg+0x50/0x50 [ 1378.273089][T24740] ? do_recvmmsg+0x6d0/0x6d0 [ 1378.277696][T24740] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1378.283682][T24740] ? __fget_light+0x89/0x280 [ 1378.288296][T24740] ___sys_sendmsg+0xf3/0x170 [ 1378.292896][T24740] ? sendmsg_copy_msghdr+0x160/0x160 [ 1378.298204][T24740] ? __fget_files+0x266/0x3d0 [ 1378.302892][T24740] ? lock_downgrade+0x6e0/0x6e0 [ 1378.307769][T24740] ? __fget_files+0x288/0x3d0 [ 1378.312465][T24740] ? __fget_light+0xea/0x280 [ 1378.317070][T24740] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1378.323327][T24740] __sys_sendmsg+0xe5/0x1b0 [ 1378.327841][T24740] ? __sys_sendmsg_sock+0x30/0x30 [ 1378.332888][T24740] ? syscall_enter_from_user_mode+0x21/0x70 [ 1378.338811][T24740] do_syscall_64+0x35/0xb0 [ 1378.343240][T24740] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1378.349148][T24740] RIP: 0033:0x4665d9 [ 1378.353046][T24740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1378.372661][T24740] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1378.381086][T24740] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1378.389064][T24740] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1378.397041][T24740] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1378.405017][T24740] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1378.412992][T24740] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:28:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d014f0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1378.589042][T24766] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00460000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1378.695173][T24766] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1378.695173][T24766] !' [ 1378.716124][T24766] CPU: 0 PID: 24766 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1378.724651][T24766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1378.734707][T24766] Call Trace: [ 1378.737990][T24766] dump_stack_lvl+0xcd/0x134 [ 1378.742598][T24766] sysfs_warn_dup.cold+0x1c/0x29 [ 1378.747554][T24766] sysfs_do_create_link_sd+0x11e/0x140 [ 1378.753030][T24766] sysfs_create_link+0x5f/0xc0 [ 1378.757809][T24766] device_add+0x789/0x2100 [ 1378.762238][T24766] ? mutex_lock_io_nested+0xf00/0xf00 [ 1378.767620][T24766] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1378.773180][T24766] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1378.779433][T24766] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1378.785680][T24766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.791931][T24766] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1378.797938][T24766] wiphy_register+0x1e8a/0x29b0 [ 1378.802807][T24766] ? wiphy_unregister+0xbd0/0xbd0 [ 1378.807831][T24766] ? minstrel_ht_alloc+0x531/0xa00 [ 1378.812963][T24766] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1378.819054][T24766] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1378.824539][T24766] ? ieee80211_restart_hw+0x290/0x290 [ 1378.829934][T24766] ? debug_object_destroy+0x210/0x210 [ 1378.835324][T24766] ? memset+0x20/0x40 [ 1378.839319][T24766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.845569][T24766] ? __hrtimer_init+0x136/0x280 [ 1378.850438][T24766] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1378.856190][T24766] ? hwsim_virtio_rx_work+0x350/0x350 [ 1378.861578][T24766] ? __kmalloc_track_caller+0x1a0/0x320 [ 1378.867139][T24766] ? memcpy+0x39/0x60 [ 1378.871137][T24766] hwsim_new_radio_nl+0x9bc/0x1080 [ 1378.876271][T24766] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1378.882194][T24766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.888884][T24766] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1378.896254][T24766] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1378.903953][T24766] genl_family_rcv_msg_doit+0x228/0x320 [ 1378.909698][T24766] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1378.917285][T24766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.923624][T24766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1378.929863][T24766] ? ns_capable+0xde/0x100 [ 1378.934318][T24766] genl_rcv_msg+0x328/0x580 [ 1378.938828][T24766] ? genl_get_cmd+0x480/0x480 [ 1378.943503][T24766] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1378.949600][T24766] ? lock_release+0x720/0x720 [ 1378.954268][T24766] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1378.960081][T24766] netlink_rcv_skb+0x153/0x420 [ 1378.964842][T24766] ? genl_get_cmd+0x480/0x480 [ 1378.969516][T24766] ? netlink_ack+0xa60/0xa60 [ 1378.974116][T24766] genl_rcv+0x24/0x40 [ 1378.978097][T24766] netlink_unicast+0x533/0x7d0 [ 1378.982863][T24766] ? netlink_attachskb+0x890/0x890 [ 1378.987971][T24766] ? __virt_addr_valid+0x5d/0x2d0 [ 1378.992991][T24766] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1378.999227][T24766] ? __phys_addr_symbol+0x2c/0x70 [ 1379.004246][T24766] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1379.009965][T24766] ? __check_object_size+0x16e/0x3f0 [ 1379.015250][T24766] netlink_sendmsg+0x85b/0xda0 [ 1379.020013][T24766] ? netlink_unicast+0x7d0/0x7d0 [ 1379.024953][T24766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1379.031191][T24766] ? netlink_unicast+0x7d0/0x7d0 [ 1379.036127][T24766] sock_sendmsg+0xcf/0x120 [ 1379.040540][T24766] ____sys_sendmsg+0x6e8/0x810 [ 1379.045301][T24766] ? kernel_sendmsg+0x50/0x50 [ 1379.049967][T24766] ? do_recvmmsg+0x6d0/0x6d0 [ 1379.054555][T24766] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1379.060535][T24766] ___sys_sendmsg+0xf3/0x170 [ 1379.065120][T24766] ? sendmsg_copy_msghdr+0x160/0x160 [ 1379.070407][T24766] ? __fget_files+0x266/0x3d0 [ 1379.075088][T24766] ? lock_downgrade+0x6e0/0x6e0 [ 1379.079943][T24766] ? __fget_files+0x288/0x3d0 [ 1379.084620][T24766] ? __fget_light+0xea/0x280 [ 1379.089206][T24766] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1379.095444][T24766] __sys_sendmsg+0xe5/0x1b0 [ 1379.099967][T24766] ? __sys_sendmsg_sock+0x30/0x30 [ 1379.104997][T24766] ? syscall_enter_from_user_mode+0x21/0x70 [ 1379.110893][T24766] do_syscall_64+0x35/0xb0 [ 1379.115303][T24766] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1379.121193][T24766] RIP: 0033:0x4665d9 [ 1379.125078][T24766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1379.144675][T24766] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1379.153085][T24766] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1379.161134][T24766] RDX: b501000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1379.169097][T24766] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1379.177063][T24766] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1379.185026][T24766] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:28:33 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1379.254887][T24800] __nla_validate_parse: 13 callbacks suppressed [ 1379.254905][T24800] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1379.281782][T24781] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1379.292244][T24781] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1379.349602][T24781] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1379.349602][T24781] !' [ 1379.384537][T24781] CPU: 0 PID: 24781 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1379.393267][T24781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1379.403722][T24781] Call Trace: [ 1379.407001][T24781] dump_stack_lvl+0xcd/0x134 [ 1379.411608][T24781] sysfs_warn_dup.cold+0x1c/0x29 [ 1379.416559][T24781] sysfs_do_create_link_sd+0x11e/0x140 [ 1379.422227][T24781] sysfs_create_link+0x5f/0xc0 [ 1379.427778][T24781] device_add+0x789/0x2100 [ 1379.432189][T24781] ? mutex_lock_io_nested+0xf00/0xf00 [ 1379.437832][T24781] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1379.443833][T24781] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1379.450268][T24781] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1379.456499][T24781] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1379.462746][T24781] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1379.468942][T24781] wiphy_register+0x1e8a/0x29b0 [ 1379.474000][T24781] ? wiphy_unregister+0xbd0/0xbd0 [ 1379.479424][T24781] ? minstrel_ht_alloc+0x531/0xa00 [ 1379.484964][T24781] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1379.491262][T24781] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1379.496750][T24781] ? ieee80211_restart_hw+0x290/0x290 [ 1379.502331][T24781] ? debug_object_destroy+0x210/0x210 [ 1379.508124][T24781] ? memset+0x20/0x40 [ 1379.512104][T24781] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1379.518349][T24781] ? __hrtimer_init+0x136/0x280 [ 1379.523296][T24781] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1379.529090][T24781] ? hwsim_virtio_rx_work+0x350/0x350 [ 1379.534454][T24781] ? __kmalloc_track_caller+0x1a0/0x320 [ 1379.540007][T24781] ? memcpy+0x39/0x60 [ 1379.543983][T24781] hwsim_new_radio_nl+0x9bc/0x1080 [ 1379.549090][T24781] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1379.554990][T24781] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1379.561250][T24781] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1379.568666][T24781] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1379.575970][T24781] genl_family_rcv_msg_doit+0x228/0x320 [ 1379.581735][T24781] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1379.589759][T24781] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1379.596090][T24781] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1379.602336][T24781] ? ns_capable+0xde/0x100 [ 1379.606744][T24781] genl_rcv_msg+0x328/0x580 [ 1379.611245][T24781] ? genl_get_cmd+0x480/0x480 [ 1379.615934][T24781] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1379.621840][T24781] ? lock_release+0x720/0x720 [ 1379.626510][T24781] netlink_rcv_skb+0x153/0x420 [ 1379.631269][T24781] ? genl_get_cmd+0x480/0x480 [ 1379.635962][T24781] ? netlink_ack+0xa60/0xa60 [ 1379.640655][T24781] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1379.646901][T24781] genl_rcv+0x24/0x40 [ 1379.650880][T24781] netlink_unicast+0x533/0x7d0 [ 1379.655660][T24781] ? netlink_attachskb+0x890/0x890 [ 1379.660860][T24781] ? __virt_addr_valid+0x5d/0x2d0 [ 1379.665891][T24781] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1379.672548][T24781] ? __phys_addr_symbol+0x2c/0x70 [ 1379.677563][T24781] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1379.683273][T24781] ? __check_object_size+0x16e/0x3f0 [ 1379.688564][T24781] netlink_sendmsg+0x85b/0xda0 [ 1379.693323][T24781] ? netlink_unicast+0x7d0/0x7d0 [ 1379.698259][T24781] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1379.704508][T24781] ? netlink_unicast+0x7d0/0x7d0 [ 1379.709458][T24781] sock_sendmsg+0xcf/0x120 [ 1379.713885][T24781] ____sys_sendmsg+0x6e8/0x810 [ 1379.718656][T24781] ? kernel_sendmsg+0x50/0x50 [ 1379.723325][T24781] ? do_recvmmsg+0x6d0/0x6d0 [ 1379.727922][T24781] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1379.733894][T24781] ___sys_sendmsg+0xf3/0x170 [ 1379.738507][T24781] ? sendmsg_copy_msghdr+0x160/0x160 [ 1379.743791][T24781] ? __fget_files+0x266/0x3d0 [ 1379.748562][T24781] ? lock_downgrade+0x6e0/0x6e0 [ 1379.753421][T24781] ? __fget_files+0x288/0x3d0 [ 1379.758094][T24781] ? __fget_light+0xea/0x280 [ 1379.762677][T24781] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1379.768927][T24781] __sys_sendmsg+0xe5/0x1b0 [ 1379.773425][T24781] ? __sys_sendmsg_sock+0x30/0x30 [ 1379.778448][T24781] ? syscall_enter_from_user_mode+0x21/0x70 [ 1379.784343][T24781] do_syscall_64+0x35/0xb0 [ 1379.788765][T24781] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1379.794651][T24781] RIP: 0033:0x4665d9 [ 1379.798938][T24781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1379.818937][T24781] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1379.827536][T24781] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1379.835704][T24781] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1379.843977][T24781] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1379.851948][T24781] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1379.860405][T24781] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 [ 1379.902544][T24801] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1379.915575][T24803] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:28:34 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c73940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:28:34 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01460000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1379.952196][T24772] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1379.978121][T24772] netlink: 146340 bytes leftover after parsing attributes in process `syz-executor.0'. 21:28:34 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1380.030199][T24772] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1380.030199][T24772] !' 21:28:34 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d024f0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1380.117946][T24772] CPU: 0 PID: 24772 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1380.126582][T24772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1380.136636][T24772] Call Trace: [ 1380.139912][T24772] dump_stack_lvl+0xcd/0x134 [ 1380.144519][T24772] sysfs_warn_dup.cold+0x1c/0x29 [ 1380.149468][T24772] sysfs_do_create_link_sd+0x11e/0x140 [ 1380.154939][T24772] sysfs_create_link+0x5f/0xc0 [ 1380.159713][T24772] device_add+0x789/0x2100 [ 1380.164140][T24772] ? mutex_lock_io_nested+0xf00/0xf00 [ 1380.169692][T24772] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1380.175855][T24772] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1380.182096][T24772] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1380.188338][T24772] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1380.194582][T24772] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1380.200579][T24772] wiphy_register+0x1e8a/0x29b0 [ 1380.205449][T24772] ? wiphy_unregister+0xbd0/0xbd0 [ 1380.210476][T24772] ? minstrel_ht_alloc+0x531/0xa00 [ 1380.215604][T24772] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1380.221689][T24772] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1380.227167][T24772] ? ieee80211_restart_hw+0x290/0x290 [ 1380.232545][T24772] ? debug_object_destroy+0x210/0x210 [ 1380.237934][T24772] ? memset+0x20/0x40 [ 1380.241926][T24772] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1380.248171][T24772] ? __hrtimer_init+0x136/0x280 [ 1380.253035][T24772] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1380.258787][T24772] ? hwsim_virtio_rx_work+0x350/0x350 [ 1380.264167][T24772] ? __kmalloc_track_caller+0x1a0/0x320 [ 1380.269721][T24772] ? memcpy+0x39/0x60 [ 1380.273714][T24772] hwsim_new_radio_nl+0x9bc/0x1080 [ 1380.278838][T24772] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1380.284748][T24772] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1380.290994][T24772] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1380.298374][T24772] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1380.305683][T24772] genl_family_rcv_msg_doit+0x228/0x320 [ 1380.311243][T24772] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1380.318625][T24772] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1380.324881][T24772] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1380.331122][T24772] ? ns_capable+0xde/0x100 [ 1380.335547][T24772] genl_rcv_msg+0x328/0x580 [ 1380.340067][T24772] ? genl_get_cmd+0x480/0x480 [ 1380.344755][T24772] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1380.350665][T24772] ? lock_release+0x720/0x720 [ 1380.355343][T24772] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1380.360637][T24772] netlink_rcv_skb+0x153/0x420 [ 1380.365418][T24772] ? genl_get_cmd+0x480/0x480 [ 1380.370106][T24772] ? netlink_ack+0xa60/0xa60 [ 1380.374723][T24772] genl_rcv+0x24/0x40 [ 1380.378712][T24772] netlink_unicast+0x533/0x7d0 [ 1380.383491][T24772] ? netlink_attachskb+0x890/0x890 [ 1380.388610][T24772] ? __virt_addr_valid+0x5d/0x2d0 [ 1380.393642][T24772] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1380.399887][T24772] ? __phys_addr_symbol+0x2c/0x70 [ 1380.404915][T24772] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1380.410637][T24772] ? __check_object_size+0x16e/0x3f0 [ 1380.415932][T24772] netlink_sendmsg+0x85b/0xda0 [ 1380.420715][T24772] ? netlink_unicast+0x7d0/0x7d0 [ 1380.425673][T24772] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1380.431920][T24772] ? netlink_unicast+0x7d0/0x7d0 [ 1380.436872][T24772] sock_sendmsg+0xcf/0x120 [ 1380.441299][T24772] ____sys_sendmsg+0x6e8/0x810 [ 1380.446072][T24772] ? kernel_sendmsg+0x50/0x50 [ 1380.450753][T24772] ? do_recvmmsg+0x6d0/0x6d0 [ 1380.455349][T24772] ? lock_chain_count+0x20/0x20 [ 1380.460203][T24772] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1380.466195][T24772] ___sys_sendmsg+0xf3/0x170 [ 1380.470790][T24772] ? sendmsg_copy_msghdr+0x160/0x160 [ 1380.476083][T24772] ? __fget_files+0x266/0x3d0 [ 1380.480766][T24772] ? lock_downgrade+0x6e0/0x6e0 [ 1380.485631][T24772] ? __fget_files+0x288/0x3d0 [ 1380.490322][T24772] ? __fget_light+0xea/0x280 [ 1380.494917][T24772] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1380.501168][T24772] __sys_sendmsg+0xe5/0x1b0 [ 1380.505762][T24772] ? __sys_sendmsg_sock+0x30/0x30 [ 1380.510808][T24772] ? syscall_enter_from_user_mode+0x21/0x70 [ 1380.516718][T24772] do_syscall_64+0x35/0xb0 [ 1380.521138][T24772] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1380.527037][T24772] RIP: 0033:0x4665d9 [ 1380.530929][T24772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1380.550539][T24772] RSP: 002b:00007ff8ad9cc188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1380.558952][T24772] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1380.566923][T24772] RDX: b501000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1380.574891][T24772] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1380.582857][T24772] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1380.590828][T24772] R13: 00007ffd9d70a0cf R14: 00007ff8ad9cc300 R15: 0000000000022000 21:28:34 executing program 2: perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1380.674269][T24833] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1380.690472][T24829] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1380.708539][T24829] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:28:34 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0xf0ffffff00000000) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1380.754079][T24830] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1380.849972][T24829] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1380.849972][T24829] !' [ 1380.865905][T24829] CPU: 1 PID: 24829 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1380.874442][T24829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1380.884494][T24829] Call Trace: [ 1380.887770][T24829] dump_stack_lvl+0xcd/0x134 [ 1380.892375][T24829] sysfs_warn_dup.cold+0x1c/0x29 [ 1380.897330][T24829] sysfs_do_create_link_sd+0x11e/0x140 [ 1380.902803][T24829] sysfs_create_link+0x5f/0xc0 [ 1380.907574][T24829] device_add+0x789/0x2100 [ 1380.911996][T24829] ? mutex_lock_io_nested+0xf00/0xf00 [ 1380.917375][T24829] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1380.922933][T24829] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1380.929182][T24829] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1380.935648][T24829] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1380.941891][T24829] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1380.947885][T24829] wiphy_register+0x1e8a/0x29b0 [ 1380.952753][T24829] ? wiphy_unregister+0xbd0/0xbd0 [ 1380.957785][T24829] ? minstrel_ht_alloc+0x531/0xa00 [ 1380.962916][T24829] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1380.969003][T24829] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1380.974488][T24829] ? ieee80211_restart_hw+0x290/0x290 [ 1380.979872][T24829] ? debug_object_destroy+0x210/0x210 [ 1380.985261][T24829] ? memset+0x20/0x40 [ 1380.989368][T24829] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1380.995621][T24829] ? __hrtimer_init+0x136/0x280 [ 1381.000488][T24829] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1381.006238][T24829] ? hwsim_virtio_rx_work+0x350/0x350 [ 1381.011617][T24829] ? __kmalloc_track_caller+0x1a0/0x320 [ 1381.017528][T24829] ? memcpy+0x39/0x60 [ 1381.021723][T24829] hwsim_new_radio_nl+0x9bc/0x1080 [ 1381.026967][T24829] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1381.032876][T24829] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.039295][T24829] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1381.047077][T24829] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1381.054596][T24829] genl_family_rcv_msg_doit+0x228/0x320 [ 1381.060547][T24829] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1381.068086][T24829] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.074809][T24829] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.081034][T24829] ? ns_capable+0xde/0x100 [ 1381.085510][T24829] genl_rcv_msg+0x328/0x580 [ 1381.090015][T24829] ? genl_get_cmd+0x480/0x480 [ 1381.094699][T24829] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1381.100587][T24829] ? lock_release+0x720/0x720 [ 1381.105254][T24829] netlink_rcv_skb+0x153/0x420 [ 1381.110013][T24829] ? genl_get_cmd+0x480/0x480 [ 1381.114680][T24829] ? netlink_ack+0xa60/0xa60 [ 1381.119266][T24829] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.125499][T24829] genl_rcv+0x24/0x40 [ 1381.129470][T24829] netlink_unicast+0x533/0x7d0 [ 1381.134232][T24829] ? netlink_attachskb+0x890/0x890 [ 1381.139346][T24829] ? __virt_addr_valid+0x5d/0x2d0 [ 1381.144360][T24829] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1381.150609][T24829] ? __phys_addr_symbol+0x2c/0x70 [ 1381.155637][T24829] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1381.161360][T24829] ? __check_object_size+0x16e/0x3f0 [ 1381.166655][T24829] netlink_sendmsg+0x85b/0xda0 [ 1381.171425][T24829] ? netlink_unicast+0x7d0/0x7d0 [ 1381.176375][T24829] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.182609][T24829] ? netlink_unicast+0x7d0/0x7d0 [ 1381.187535][T24829] sock_sendmsg+0xcf/0x120 [ 1381.191938][T24829] ____sys_sendmsg+0x6e8/0x810 [ 1381.196689][T24829] ? kernel_sendmsg+0x50/0x50 [ 1381.201353][T24829] ? do_recvmmsg+0x6d0/0x6d0 [ 1381.205952][T24829] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1381.211921][T24829] ___sys_sendmsg+0xf3/0x170 [ 1381.216498][T24829] ? sendmsg_copy_msghdr+0x160/0x160 [ 1381.221790][T24829] ? __fget_files+0x266/0x3d0 [ 1381.226541][T24829] ? lock_downgrade+0x6e0/0x6e0 [ 1381.231393][T24829] ? __fget_files+0x288/0x3d0 [ 1381.236112][T24829] ? __fget_light+0xea/0x280 [ 1381.240690][T24829] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1381.246924][T24829] __sys_sendmsg+0xe5/0x1b0 [ 1381.251422][T24829] ? __sys_sendmsg_sock+0x30/0x30 [ 1381.256476][T24829] ? syscall_enter_from_user_mode+0x21/0x70 [ 1381.262361][T24829] do_syscall_64+0x35/0xb0 [ 1381.266764][T24829] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1381.272646][T24829] RIP: 0033:0x4665d9 [ 1381.276538][T24829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1381.296143][T24829] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1381.304541][T24829] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1381.312494][T24829] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1381.320446][T24829] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1381.328398][T24829] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1381.336359][T24829] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 21:28:35 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d034f0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:35 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1381.386267][T24835] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1381.410708][T24858] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1381.419074][T24858] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. 21:28:35 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02460000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1381.477581][T24858] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1381.477581][T24858] !' [ 1381.518267][T24858] CPU: 0 PID: 24858 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1381.526901][T24858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1381.536958][T24858] Call Trace: [ 1381.540231][T24858] dump_stack_lvl+0xcd/0x134 [ 1381.544836][T24858] sysfs_warn_dup.cold+0x1c/0x29 [ 1381.549782][T24858] sysfs_do_create_link_sd+0x11e/0x140 [ 1381.555245][T24858] sysfs_create_link+0x5f/0xc0 [ 1381.560014][T24858] device_add+0x789/0x2100 [ 1381.564434][T24858] ? mutex_lock_io_nested+0xf00/0xf00 [ 1381.569813][T24858] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1381.575453][T24858] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1381.581698][T24858] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1381.588030][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.594360][T24858] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1381.600351][T24858] wiphy_register+0x1e8a/0x29b0 [ 1381.605214][T24858] ? wiphy_unregister+0xbd0/0xbd0 [ 1381.610239][T24858] ? minstrel_ht_alloc+0x531/0xa00 [ 1381.615366][T24858] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1381.621449][T24858] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1381.626933][T24858] ? ieee80211_restart_hw+0x290/0x290 [ 1381.632317][T24858] ? debug_object_destroy+0x210/0x210 [ 1381.637704][T24858] ? memset+0x20/0x40 [ 1381.641895][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.648147][T24858] ? __hrtimer_init+0x136/0x280 [ 1381.653011][T24858] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1381.658765][T24858] ? hwsim_virtio_rx_work+0x350/0x350 [ 1381.664147][T24858] ? __kmalloc_track_caller+0x1a0/0x320 [ 1381.669700][T24858] ? memcpy+0x39/0x60 [ 1381.673695][T24858] hwsim_new_radio_nl+0x9bc/0x1080 [ 1381.678822][T24858] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1381.684728][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.690965][T24858] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1381.698341][T24858] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1381.705626][T24858] genl_family_rcv_msg_doit+0x228/0x320 [ 1381.711172][T24858] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1381.718545][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.724873][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.731113][T24858] ? ns_capable+0xde/0x100 [ 1381.735530][T24858] genl_rcv_msg+0x328/0x580 [ 1381.740031][T24858] ? genl_get_cmd+0x480/0x480 [ 1381.744720][T24858] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1381.750703][T24858] ? lock_release+0x720/0x720 [ 1381.755373][T24858] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1381.760658][T24858] netlink_rcv_skb+0x153/0x420 [ 1381.765424][T24858] ? genl_get_cmd+0x480/0x480 [ 1381.770184][T24858] ? netlink_ack+0xa60/0xa60 [ 1381.774777][T24858] genl_rcv+0x24/0x40 [ 1381.778754][T24858] netlink_unicast+0x533/0x7d0 [ 1381.783515][T24858] ? netlink_attachskb+0x890/0x890 [ 1381.788618][T24858] ? __virt_addr_valid+0x5d/0x2d0 [ 1381.793636][T24858] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1381.799863][T24858] ? __phys_addr_symbol+0x2c/0x70 [ 1381.804875][T24858] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1381.810589][T24858] ? __check_object_size+0x16e/0x3f0 [ 1381.815866][T24858] netlink_sendmsg+0x85b/0xda0 [ 1381.820629][T24858] ? netlink_unicast+0x7d0/0x7d0 [ 1381.825566][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1381.831816][T24858] ? netlink_unicast+0x7d0/0x7d0 [ 1381.836832][T24858] sock_sendmsg+0xcf/0x120 [ 1381.841239][T24858] ____sys_sendmsg+0x6e8/0x810 [ 1381.845993][T24858] ? kernel_sendmsg+0x50/0x50 [ 1381.850655][T24858] ? do_recvmmsg+0x6d0/0x6d0 [ 1381.855242][T24858] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1381.861216][T24858] ___sys_sendmsg+0xf3/0x170 [ 1381.865794][T24858] ? sendmsg_copy_msghdr+0x160/0x160 [ 1381.871080][T24858] ? __fget_files+0x266/0x3d0 [ 1381.875745][T24858] ? lock_downgrade+0x6e0/0x6e0 [ 1381.880590][T24858] ? __fget_files+0x288/0x3d0 [ 1381.885260][T24858] ? __fget_light+0xea/0x280 [ 1381.889838][T24858] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1381.896071][T24858] __sys_sendmsg+0xe5/0x1b0 [ 1381.900561][T24858] ? __sys_sendmsg_sock+0x30/0x30 [ 1381.905584][T24858] ? syscall_enter_from_user_mode+0x21/0x70 [ 1381.911472][T24858] do_syscall_64+0x35/0xb0 [ 1381.915874][T24858] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1381.921763][T24858] RIP: 0033:0x4665d9 [ 1381.925641][T24858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1381.945235][T24858] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1381.953656][T24858] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1381.961747][T24858] RDX: f0ffffff00000000 RSI: 0000000020000000 RDI: 0000000000000004 21:28:36 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c75940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1381.969705][T24858] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1381.977669][T24858] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1381.985625][T24858] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1382.112849][T24889] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:28:36 executing program 2: perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:36 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x0, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1382.189646][T24889] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1382.189646][T24889] !' [ 1382.250026][T24889] CPU: 0 PID: 24889 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1382.258568][T24889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1382.268626][T24889] Call Trace: [ 1382.271907][T24889] dump_stack_lvl+0xcd/0x134 [ 1382.276516][T24889] sysfs_warn_dup.cold+0x1c/0x29 [ 1382.281473][T24889] sysfs_do_create_link_sd+0x11e/0x140 [ 1382.286953][T24889] sysfs_create_link+0x5f/0xc0 [ 1382.291735][T24889] device_add+0x789/0x2100 [ 1382.296164][T24889] ? mutex_lock_io_nested+0xf00/0xf00 [ 1382.301548][T24889] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1382.307110][T24889] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1382.313359][T24889] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1382.319614][T24889] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1382.325863][T24889] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1382.331870][T24889] wiphy_register+0x1e8a/0x29b0 [ 1382.336749][T24889] ? wiphy_unregister+0xbd0/0xbd0 [ 1382.341780][T24889] ? minstrel_ht_alloc+0x531/0xa00 [ 1382.346918][T24889] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1382.353009][T24889] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1382.358507][T24889] ? ieee80211_restart_hw+0x290/0x290 [ 1382.363923][T24889] ? debug_object_destroy+0x210/0x210 [ 1382.369322][T24889] ? memset+0x20/0x40 [ 1382.373316][T24889] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1382.379565][T24889] ? __hrtimer_init+0x136/0x280 [ 1382.384448][T24889] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1382.390213][T24889] ? hwsim_virtio_rx_work+0x350/0x350 [ 1382.395686][T24889] ? __kmalloc_track_caller+0x1a0/0x320 [ 1382.401251][T24889] ? memcpy+0x39/0x60 [ 1382.405254][T24889] hwsim_new_radio_nl+0x9bc/0x1080 [ 1382.410387][T24889] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1382.416409][T24889] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1382.422692][T24889] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1382.430083][T24889] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1382.437394][T24889] genl_family_rcv_msg_doit+0x228/0x320 [ 1382.442962][T24889] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1382.450353][T24889] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1382.456628][T24889] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1382.463143][T24889] ? ns_capable+0xde/0x100 [ 1382.467580][T24889] genl_rcv_msg+0x328/0x580 [ 1382.472107][T24889] ? genl_get_cmd+0x480/0x480 [ 1382.476798][T24889] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1382.482717][T24889] ? lock_release+0x720/0x720 [ 1382.487423][T24889] netlink_rcv_skb+0x153/0x420 [ 1382.492203][T24889] ? genl_get_cmd+0x480/0x480 [ 1382.496898][T24889] ? netlink_ack+0xa60/0xa60 [ 1382.501519][T24889] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1382.507780][T24889] genl_rcv+0x24/0x40 [ 1382.511775][T24889] netlink_unicast+0x533/0x7d0 [ 1382.516563][T24889] ? netlink_attachskb+0x890/0x890 [ 1382.521686][T24889] ? __virt_addr_valid+0x5d/0x2d0 [ 1382.526721][T24889] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1382.532976][T24889] ? __phys_addr_symbol+0x2c/0x70 [ 1382.538017][T24889] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1382.543744][T24889] ? __check_object_size+0x16e/0x3f0 [ 1382.549048][T24889] netlink_sendmsg+0x85b/0xda0 [ 1382.553835][T24889] ? netlink_unicast+0x7d0/0x7d0 [ 1382.558822][T24889] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1382.565079][T24889] ? netlink_unicast+0x7d0/0x7d0 [ 1382.570031][T24889] sock_sendmsg+0xcf/0x120 [ 1382.574464][T24889] ____sys_sendmsg+0x6e8/0x810 [ 1382.579239][T24889] ? kernel_sendmsg+0x50/0x50 [ 1382.583920][T24889] ? do_recvmmsg+0x6d0/0x6d0 [ 1382.588527][T24889] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1382.594531][T24889] ___sys_sendmsg+0xf3/0x170 [ 1382.599134][T24889] ? sendmsg_copy_msghdr+0x160/0x160 [ 1382.604445][T24889] ? __fget_files+0x266/0x3d0 [ 1382.609133][T24889] ? lock_downgrade+0x6e0/0x6e0 [ 1382.614014][T24889] ? __fget_files+0x288/0x3d0 [ 1382.618715][T24889] ? __fget_light+0xea/0x280 [ 1382.623319][T24889] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1382.629578][T24889] __sys_sendmsg+0xe5/0x1b0 [ 1382.634093][T24889] ? __sys_sendmsg_sock+0x30/0x30 [ 1382.639153][T24889] ? syscall_enter_from_user_mode+0x21/0x70 [ 1382.645071][T24889] do_syscall_64+0x35/0xb0 [ 1382.649500][T24889] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1382.655407][T24889] RIP: 0033:0x4665d9 [ 1382.659313][T24889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1382.678927][T24889] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1382.687348][T24889] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1382.695323][T24889] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1382.703300][T24889] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1382.711276][T24889] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1382.719254][T24889] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1382.842342][T24858] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03460000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1382.925292][T24858] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1382.925292][T24858] !' [ 1382.969805][T24858] CPU: 1 PID: 24858 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1382.978442][T24858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1382.988710][T24858] Call Trace: [ 1382.991987][T24858] dump_stack_lvl+0xcd/0x134 [ 1382.996593][T24858] sysfs_warn_dup.cold+0x1c/0x29 [ 1383.001546][T24858] sysfs_do_create_link_sd+0x11e/0x140 [ 1383.007123][T24858] sysfs_create_link+0x5f/0xc0 [ 1383.012057][T24858] device_add+0x789/0x2100 [ 1383.016640][T24858] ? mutex_lock_io_nested+0xf00/0xf00 [ 1383.022408][T24858] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1383.028363][T24858] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1383.035168][T24858] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1383.041396][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.048012][T24858] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1383.054454][T24858] wiphy_register+0x1e8a/0x29b0 [ 1383.059298][T24858] ? wiphy_unregister+0xbd0/0xbd0 [ 1383.064395][T24858] ? minstrel_ht_alloc+0x531/0xa00 [ 1383.069503][T24858] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1383.075559][T24858] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1383.081026][T24858] ? ieee80211_restart_hw+0x290/0x290 [ 1383.086403][T24858] ? debug_object_destroy+0x210/0x210 [ 1383.091778][T24858] ? memset+0x20/0x40 [ 1383.095770][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.101999][T24858] ? __hrtimer_init+0x136/0x280 [ 1383.106859][T24858] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1383.112676][T24858] ? hwsim_virtio_rx_work+0x350/0x350 [ 1383.118426][T24858] ? __kmalloc_track_caller+0x1a0/0x320 [ 1383.123959][T24858] ? memcpy+0x39/0x60 [ 1383.127938][T24858] hwsim_new_radio_nl+0x9bc/0x1080 [ 1383.133046][T24858] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1383.138942][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.145173][T24858] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1383.152533][T24858] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1383.159809][T24858] genl_family_rcv_msg_doit+0x228/0x320 [ 1383.165358][T24858] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1383.172728][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.178959][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.185186][T24858] ? ns_capable+0xde/0x100 [ 1383.189606][T24858] genl_rcv_msg+0x328/0x580 [ 1383.194202][T24858] ? genl_get_cmd+0x480/0x480 [ 1383.198872][T24858] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1383.204774][T24858] ? lock_release+0x720/0x720 [ 1383.209434][T24858] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1383.214716][T24858] netlink_rcv_skb+0x153/0x420 [ 1383.219503][T24858] ? genl_get_cmd+0x480/0x480 [ 1383.224167][T24858] ? netlink_ack+0xa60/0xa60 [ 1383.228755][T24858] genl_rcv+0x24/0x40 [ 1383.232724][T24858] netlink_unicast+0x533/0x7d0 [ 1383.237480][T24858] ? netlink_attachskb+0x890/0x890 [ 1383.242578][T24858] ? __virt_addr_valid+0x5d/0x2d0 [ 1383.247607][T24858] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1383.253831][T24858] ? __phys_addr_symbol+0x2c/0x70 [ 1383.258839][T24858] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1383.264558][T24858] ? __check_object_size+0x16e/0x3f0 [ 1383.269833][T24858] netlink_sendmsg+0x85b/0xda0 [ 1383.274590][T24858] ? netlink_unicast+0x7d0/0x7d0 [ 1383.279517][T24858] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.285745][T24858] ? netlink_unicast+0x7d0/0x7d0 [ 1383.290674][T24858] sock_sendmsg+0xcf/0x120 [ 1383.295083][T24858] ____sys_sendmsg+0x6e8/0x810 [ 1383.299851][T24858] ? kernel_sendmsg+0x50/0x50 [ 1383.304543][T24858] ? do_recvmmsg+0x6d0/0x6d0 [ 1383.309129][T24858] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1383.315113][T24858] ___sys_sendmsg+0xf3/0x170 [ 1383.319698][T24858] ? sendmsg_copy_msghdr+0x160/0x160 [ 1383.324985][T24858] ? __fget_files+0x266/0x3d0 [ 1383.329650][T24858] ? lock_downgrade+0x6e0/0x6e0 [ 1383.334686][T24858] ? __fget_files+0x288/0x3d0 [ 1383.339352][T24858] ? __fget_light+0xea/0x280 [ 1383.343930][T24858] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1383.350158][T24858] __sys_sendmsg+0xe5/0x1b0 [ 1383.354648][T24858] ? __sys_sendmsg_sock+0x30/0x30 [ 1383.359684][T24858] ? syscall_enter_from_user_mode+0x21/0x70 [ 1383.365569][T24858] do_syscall_64+0x35/0xb0 [ 1383.369970][T24858] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1383.375850][T24858] RIP: 0033:0x4665d9 [ 1383.379730][T24858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1383.399324][T24858] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1383.407821][T24858] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 21:28:37 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c78940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1383.415864][T24858] RDX: f0ffffff00000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1383.423819][T24858] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1383.431858][T24858] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1383.439813][T24858] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:28:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00500000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:37 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x0, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:37 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0xffffff7f00000000) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 21:28:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00470000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1383.621737][T24946] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:37 executing program 2: perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1383.679923][T24946] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1383.679923][T24946] !' [ 1383.727605][T24946] CPU: 0 PID: 24946 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1383.736240][T24946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1383.746292][T24946] Call Trace: [ 1383.749651][T24946] dump_stack_lvl+0xcd/0x134 [ 1383.754248][T24946] sysfs_warn_dup.cold+0x1c/0x29 [ 1383.759200][T24946] sysfs_do_create_link_sd+0x11e/0x140 [ 1383.764669][T24946] sysfs_create_link+0x5f/0xc0 [ 1383.769440][T24946] device_add+0x789/0x2100 [ 1383.773862][T24946] ? mutex_lock_io_nested+0xf00/0xf00 [ 1383.779250][T24946] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1383.784805][T24946] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1383.791046][T24946] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1383.797297][T24946] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.803540][T24946] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1383.809533][T24946] wiphy_register+0x1e8a/0x29b0 [ 1383.814487][T24946] ? wiphy_unregister+0xbd0/0xbd0 [ 1383.819512][T24946] ? minstrel_ht_alloc+0x531/0xa00 [ 1383.824641][T24946] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1383.830726][T24946] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1383.836733][T24946] ? ieee80211_restart_hw+0x290/0x290 [ 1383.842118][T24946] ? debug_object_destroy+0x210/0x210 [ 1383.847502][T24946] ? memset+0x20/0x40 [ 1383.851492][T24946] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.857737][T24946] ? __hrtimer_init+0x136/0x280 [ 1383.862603][T24946] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1383.868353][T24946] ? hwsim_virtio_rx_work+0x350/0x350 [ 1383.873731][T24946] ? __kmalloc_track_caller+0x1a0/0x320 [ 1383.879284][T24946] ? memcpy+0x39/0x60 [ 1383.883279][T24946] hwsim_new_radio_nl+0x9bc/0x1080 [ 1383.888403][T24946] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1383.894491][T24946] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.900740][T24946] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1383.908123][T24946] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1383.915427][T24946] genl_family_rcv_msg_doit+0x228/0x320 [ 1383.920988][T24946] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1383.928378][T24946] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.934636][T24946] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1383.940880][T24946] ? ns_capable+0xde/0x100 [ 1383.945312][T24946] genl_rcv_msg+0x328/0x580 [ 1383.949832][T24946] ? genl_get_cmd+0x480/0x480 [ 1383.954519][T24946] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1383.960428][T24946] ? lock_release+0x720/0x720 [ 1383.965109][T24946] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1383.970495][T24946] netlink_rcv_skb+0x153/0x420 [ 1383.975616][T24946] ? genl_get_cmd+0x480/0x480 [ 1383.980304][T24946] ? netlink_ack+0xa60/0xa60 [ 1383.984927][T24946] genl_rcv+0x24/0x40 [ 1383.988925][T24946] netlink_unicast+0x533/0x7d0 [ 1383.993702][T24946] ? netlink_attachskb+0x890/0x890 [ 1383.998820][T24946] ? __virt_addr_valid+0x5d/0x2d0 [ 1384.003852][T24946] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1384.010190][T24946] ? __phys_addr_symbol+0x2c/0x70 [ 1384.015219][T24946] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1384.020943][T24946] ? __check_object_size+0x16e/0x3f0 [ 1384.026243][T24946] netlink_sendmsg+0x85b/0xda0 [ 1384.031024][T24946] ? netlink_unicast+0x7d0/0x7d0 [ 1384.035982][T24946] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1384.042234][T24946] ? netlink_unicast+0x7d0/0x7d0 [ 1384.047183][T24946] sock_sendmsg+0xcf/0x120 [ 1384.051608][T24946] ____sys_sendmsg+0x6e8/0x810 [ 1384.056382][T24946] ? kernel_sendmsg+0x50/0x50 [ 1384.061066][T24946] ? do_recvmmsg+0x6d0/0x6d0 [ 1384.065670][T24946] ? lock_chain_count+0x20/0x20 [ 1384.070523][T24946] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1384.076516][T24946] ___sys_sendmsg+0xf3/0x170 [ 1384.081117][T24946] ? sendmsg_copy_msghdr+0x160/0x160 [ 1384.086413][T24946] ? __fget_files+0x266/0x3d0 [ 1384.091271][T24946] ? lock_downgrade+0x6e0/0x6e0 [ 1384.096141][T24946] ? __fget_files+0x288/0x3d0 [ 1384.100829][T24946] ? __fget_light+0xea/0x280 [ 1384.105435][T24946] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1384.111689][T24946] __sys_sendmsg+0xe5/0x1b0 [ 1384.116200][T24946] ? __sys_sendmsg_sock+0x30/0x30 [ 1384.121338][T24946] ? syscall_enter_from_user_mode+0x21/0x70 [ 1384.127254][T24946] do_syscall_64+0x35/0xb0 [ 1384.131683][T24946] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1384.137588][T24946] RIP: 0033:0x4665d9 [ 1384.141483][T24946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1384.161095][T24946] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1384.169510][T24946] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1384.177478][T24946] RDX: ffffff7f00000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1384.185438][T24946] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1384.193406][T24946] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1384.201563][T24946] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1384.276932][T24958] __nla_validate_parse: 11 callbacks suppressed [ 1384.276954][T24958] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1384.278652][T24948] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:28:38 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0xffffffff00000000) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1384.357098][T24948] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1384.369289][T24961] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1384.387192][T24963] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:28:38 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01500000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01470000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1384.484641][T24948] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1384.484641][T24948] !' [ 1384.519303][T24948] CPU: 0 PID: 24948 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1384.527827][T24948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1384.537880][T24948] Call Trace: [ 1384.541154][T24948] dump_stack_lvl+0xcd/0x134 [ 1384.545758][T24948] sysfs_warn_dup.cold+0x1c/0x29 [ 1384.550709][T24948] sysfs_do_create_link_sd+0x11e/0x140 [ 1384.556267][T24948] sysfs_create_link+0x5f/0xc0 [ 1384.561040][T24948] device_add+0x789/0x2100 [ 1384.565458][T24948] ? mutex_lock_io_nested+0xf00/0xf00 [ 1384.570824][T24948] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1384.576377][T24948] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1384.582642][T24948] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1384.588871][T24948] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1384.595102][T24948] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1384.601099][T24948] wiphy_register+0x1e8a/0x29b0 [ 1384.605964][T24948] ? wiphy_unregister+0xbd0/0xbd0 [ 1384.611011][T24948] ? minstrel_ht_alloc+0x531/0xa00 [ 1384.616131][T24948] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1384.622196][T24948] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1384.627677][T24948] ? ieee80211_restart_hw+0x290/0x290 [ 1384.633064][T24948] ? debug_object_destroy+0x210/0x210 [ 1384.638450][T24948] ? memset+0x20/0x40 [ 1384.642436][T24948] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1384.648682][T24948] ? __hrtimer_init+0x136/0x280 [ 1384.653546][T24948] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1384.659294][T24948] ? hwsim_virtio_rx_work+0x350/0x350 [ 1384.664672][T24948] ? __kmalloc_track_caller+0x1a0/0x320 [ 1384.670215][T24948] ? memcpy+0x39/0x60 [ 1384.674197][T24948] hwsim_new_radio_nl+0x9bc/0x1080 [ 1384.679321][T24948] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1384.685235][T24948] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1384.691481][T24948] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1384.698864][T24948] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1384.706169][T24948] genl_family_rcv_msg_doit+0x228/0x320 [ 1384.711728][T24948] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1384.719109][T24948] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1384.725363][T24948] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1384.731612][T24948] ? ns_capable+0xde/0x100 [ 1384.736039][T24948] genl_rcv_msg+0x328/0x580 [ 1384.740557][T24948] ? genl_get_cmd+0x480/0x480 [ 1384.745242][T24948] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1384.751151][T24948] ? lock_release+0x720/0x720 [ 1384.755845][T24948] netlink_rcv_skb+0x153/0x420 [ 1384.760618][T24948] ? genl_get_cmd+0x480/0x480 [ 1384.765304][T24948] ? netlink_ack+0xa60/0xa60 [ 1384.769996][T24948] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1384.776249][T24948] genl_rcv+0x24/0x40 [ 1384.780237][T24948] netlink_unicast+0x533/0x7d0 [ 1384.785011][T24948] ? netlink_attachskb+0x890/0x890 [ 1384.790131][T24948] ? __virt_addr_valid+0x5d/0x2d0 [ 1384.795165][T24948] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1384.801408][T24948] ? __phys_addr_symbol+0x2c/0x70 [ 1384.806439][T24948] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1384.812162][T24948] ? __check_object_size+0x16e/0x3f0 [ 1384.817455][T24948] netlink_sendmsg+0x85b/0xda0 [ 1384.822235][T24948] ? netlink_unicast+0x7d0/0x7d0 [ 1384.827185][T24948] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1384.833438][T24948] ? netlink_unicast+0x7d0/0x7d0 [ 1384.838385][T24948] sock_sendmsg+0xcf/0x120 [ 1384.842817][T24948] ____sys_sendmsg+0x6e8/0x810 [ 1384.847591][T24948] ? kernel_sendmsg+0x50/0x50 [ 1384.852269][T24948] ? do_recvmmsg+0x6d0/0x6d0 [ 1384.856875][T24948] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1384.862871][T24948] ___sys_sendmsg+0xf3/0x170 [ 1384.867470][T24948] ? sendmsg_copy_msghdr+0x160/0x160 [ 1384.872761][T24948] ? __fget_files+0x266/0x3d0 [ 1384.877429][T24948] ? lock_downgrade+0x6e0/0x6e0 [ 1384.882281][T24948] ? __fget_files+0x288/0x3d0 [ 1384.887121][T24948] ? __fget_light+0xea/0x280 [ 1384.891703][T24948] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1384.897948][T24948] __sys_sendmsg+0xe5/0x1b0 [ 1384.902440][T24948] ? __sys_sendmsg_sock+0x30/0x30 [ 1384.907459][T24948] ? syscall_enter_from_user_mode+0x21/0x70 [ 1384.913358][T24948] do_syscall_64+0x35/0xb0 [ 1384.917762][T24948] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1384.923644][T24948] RIP: 0033:0x4665d9 [ 1384.927525][T24948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1384.947478][T24948] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1384.955900][T24948] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1384.963860][T24948] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1384.972000][T24948] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1384.980056][T24948] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1384.988013][T24948] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 21:28:39 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x0, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1385.046052][T24993] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1385.075601][T24990] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1385.102889][T24990] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. 21:28:39 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1385.153679][T24995] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1385.279816][T24998] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1385.299721][T24997] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1385.344956][T24990] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1385.344956][T24990] !' [ 1385.384341][T24990] CPU: 0 PID: 24990 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 21:28:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02470000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1385.393004][T24990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1385.403068][T24990] Call Trace: [ 1385.406518][T24990] dump_stack_lvl+0xcd/0x134 [ 1385.411125][T24990] sysfs_warn_dup.cold+0x1c/0x29 [ 1385.416094][T24990] sysfs_do_create_link_sd+0x11e/0x140 [ 1385.422027][T24990] sysfs_create_link+0x5f/0xc0 [ 1385.426890][T24990] device_add+0x789/0x2100 [ 1385.431314][T24990] ? mutex_lock_io_nested+0xf00/0xf00 [ 1385.436693][T24990] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1385.442333][T24990] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1385.448579][T24990] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1385.454828][T24990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1385.461106][T24990] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1385.467098][T24990] wiphy_register+0x1e8a/0x29b0 [ 1385.471965][T24990] ? wiphy_unregister+0xbd0/0xbd0 [ 1385.477081][T24990] ? minstrel_ht_alloc+0x531/0xa00 [ 1385.482209][T24990] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1385.488380][T24990] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1385.493869][T24990] ? ieee80211_restart_hw+0x290/0x290 [ 1385.499251][T24990] ? debug_object_destroy+0x210/0x210 [ 1385.504639][T24990] ? memset+0x20/0x40 [ 1385.508631][T24990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1385.514878][T24990] ? __hrtimer_init+0x136/0x280 [ 1385.519738][T24990] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1385.525516][T24990] ? hwsim_virtio_rx_work+0x350/0x350 [ 1385.530981][T24990] ? __kmalloc_track_caller+0x1a0/0x320 [ 1385.536536][T24990] ? memcpy+0x39/0x60 [ 1385.540525][T24990] hwsim_new_radio_nl+0x9bc/0x1080 [ 1385.545647][T24990] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1385.551564][T24990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1385.557806][T24990] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1385.565190][T24990] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1385.572579][T24990] genl_family_rcv_msg_doit+0x228/0x320 [ 1385.578137][T24990] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1385.585520][T24990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1385.591779][T24990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1385.598022][T24990] ? ns_capable+0xde/0x100 [ 1385.602446][T24990] genl_rcv_msg+0x328/0x580 [ 1385.606965][T24990] ? genl_get_cmd+0x480/0x480 [ 1385.611736][T24990] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1385.617898][T24990] ? lock_release+0x720/0x720 [ 1385.622565][T24990] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1385.627861][T24990] netlink_rcv_skb+0x153/0x420 [ 1385.632824][T24990] ? genl_get_cmd+0x480/0x480 [ 1385.637491][T24990] ? netlink_ack+0xa60/0xa60 [ 1385.642088][T24990] genl_rcv+0x24/0x40 [ 1385.646099][T24990] netlink_unicast+0x533/0x7d0 [ 1385.650875][T24990] ? netlink_attachskb+0x890/0x890 [ 1385.655990][T24990] ? __virt_addr_valid+0x5d/0x2d0 [ 1385.661021][T24990] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1385.667580][T24990] ? __phys_addr_symbol+0x2c/0x70 [ 1385.672610][T24990] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1385.678981][T24990] ? __check_object_size+0x16e/0x3f0 [ 1385.684277][T24990] netlink_sendmsg+0x85b/0xda0 [ 1385.689136][T24990] ? netlink_unicast+0x7d0/0x7d0 [ 1385.694075][T24990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1385.700320][T24990] ? netlink_unicast+0x7d0/0x7d0 [ 1385.705247][T24990] sock_sendmsg+0xcf/0x120 [ 1385.709651][T24990] ____sys_sendmsg+0x6e8/0x810 [ 1385.714496][T24990] ? kernel_sendmsg+0x50/0x50 [ 1385.719175][T24990] ? do_recvmmsg+0x6d0/0x6d0 [ 1385.723761][T24990] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1385.729747][T24990] ___sys_sendmsg+0xf3/0x170 [ 1385.734422][T24990] ? sendmsg_copy_msghdr+0x160/0x160 [ 1385.739714][T24990] ? __fget_files+0x266/0x3d0 [ 1385.744381][T24990] ? lock_downgrade+0x6e0/0x6e0 [ 1385.749245][T24990] ? __fget_files+0x288/0x3d0 [ 1385.753919][T24990] ? __fget_light+0xea/0x280 [ 1385.758527][T24990] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1385.764779][T24990] __sys_sendmsg+0xe5/0x1b0 [ 1385.769288][T24990] ? __sys_sendmsg_sock+0x30/0x30 [ 1385.774318][T24990] ? syscall_enter_from_user_mode+0x21/0x70 [ 1385.780221][T24990] do_syscall_64+0x35/0xb0 [ 1385.784629][T24990] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1385.790531][T24990] RIP: 0033:0x4665d9 [ 1385.794499][T24990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1385.814108][T24990] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1385.822526][T24990] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1385.830494][T24990] RDX: ffffffff00000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1385.838449][T24990] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1385.846407][T24990] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1385.854368][T24990] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1385.888178][T25038] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1385.895696][T24987] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1385.960107][T24987] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1385.960107][T24987] !' [ 1385.979577][T24987] CPU: 1 PID: 24987 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1385.988013][T24987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1385.998067][T24987] Call Trace: [ 1386.001342][T24987] dump_stack_lvl+0xcd/0x134 [ 1386.005947][T24987] sysfs_warn_dup.cold+0x1c/0x29 [ 1386.010893][T24987] sysfs_do_create_link_sd+0x11e/0x140 [ 1386.016368][T24987] sysfs_create_link+0x5f/0xc0 [ 1386.021141][T24987] device_add+0x789/0x2100 [ 1386.025559][T24987] ? mutex_lock_io_nested+0xf00/0xf00 [ 1386.030938][T24987] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1386.036491][T24987] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1386.042737][T24987] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1386.048983][T24987] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1386.055228][T24987] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1386.061226][T24987] wiphy_register+0x1e8a/0x29b0 [ 1386.066095][T24987] ? wiphy_unregister+0xbd0/0xbd0 [ 1386.071123][T24987] ? minstrel_ht_alloc+0x531/0xa00 [ 1386.076240][T24987] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1386.082307][T24987] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1386.087771][T24987] ? ieee80211_restart_hw+0x290/0x290 [ 1386.093792][T24987] ? debug_object_destroy+0x210/0x210 [ 1386.099724][T24987] ? memset+0x20/0x40 [ 1386.103869][T24987] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1386.110459][T24987] ? __hrtimer_init+0x136/0x280 [ 1386.115296][T24987] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1386.121106][T24987] ? hwsim_virtio_rx_work+0x350/0x350 [ 1386.126475][T24987] ? __kmalloc_track_caller+0x1a0/0x320 [ 1386.132014][T24987] ? memcpy+0x39/0x60 [ 1386.135980][T24987] hwsim_new_radio_nl+0x9bc/0x1080 [ 1386.141080][T24987] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1386.147049][T24987] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1386.153269][T24987] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1386.160622][T24987] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1386.167901][T24987] genl_family_rcv_msg_doit+0x228/0x320 [ 1386.173468][T24987] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1386.180827][T24987] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1386.187074][T24987] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1386.193296][T24987] ? ns_capable+0xde/0x100 [ 1386.197694][T24987] genl_rcv_msg+0x328/0x580 [ 1386.202182][T24987] ? genl_get_cmd+0x480/0x480 [ 1386.206841][T24987] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1386.212718][T24987] ? lock_release+0x720/0x720 [ 1386.217377][T24987] netlink_rcv_skb+0x153/0x420 [ 1386.222128][T24987] ? genl_get_cmd+0x480/0x480 [ 1386.226788][T24987] ? netlink_ack+0xa60/0xa60 [ 1386.231365][T24987] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1386.237589][T24987] genl_rcv+0x24/0x40 [ 1386.241553][T24987] netlink_unicast+0x533/0x7d0 [ 1386.246304][T24987] ? netlink_attachskb+0x890/0x890 [ 1386.251394][T24987] ? __virt_addr_valid+0x5d/0x2d0 [ 1386.256408][T24987] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1386.262630][T24987] ? __phys_addr_symbol+0x2c/0x70 [ 1386.267635][T24987] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1386.273333][T24987] ? __check_object_size+0x16e/0x3f0 [ 1386.278605][T24987] netlink_sendmsg+0x85b/0xda0 [ 1386.283355][T24987] ? netlink_unicast+0x7d0/0x7d0 [ 1386.288282][T24987] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1386.294590][T24987] ? netlink_unicast+0x7d0/0x7d0 [ 1386.299511][T24987] sock_sendmsg+0xcf/0x120 [ 1386.303909][T24987] ____sys_sendmsg+0x6e8/0x810 [ 1386.308654][T24987] ? kernel_sendmsg+0x50/0x50 [ 1386.313324][T24987] ? do_recvmmsg+0x6d0/0x6d0 [ 1386.317899][T24987] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1386.323863][T24987] ___sys_sendmsg+0xf3/0x170 [ 1386.328522][T24987] ? sendmsg_copy_msghdr+0x160/0x160 [ 1386.333791][T24987] ? __fget_files+0x266/0x3d0 [ 1386.338448][T24987] ? lock_downgrade+0x6e0/0x6e0 [ 1386.343284][T24987] ? __fget_files+0x288/0x3d0 [ 1386.347945][T24987] ? __fget_light+0xea/0x280 [ 1386.352703][T24987] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1386.358927][T24987] __sys_sendmsg+0xe5/0x1b0 [ 1386.363409][T24987] ? __sys_sendmsg_sock+0x30/0x30 [ 1386.368429][T24987] ? syscall_enter_from_user_mode+0x21/0x70 [ 1386.374311][T24987] do_syscall_64+0x35/0xb0 [ 1386.378711][T24987] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1386.384586][T24987] RIP: 0033:0x4665d9 [ 1386.388459][T24987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.408063][T24987] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1386.416458][T24987] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1386.424411][T24987] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1386.432367][T24987] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1386.440316][T24987] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1386.448279][T24987] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 21:28:40 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0xfffffffffffff000) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 21:28:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02500000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:40 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c94940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:28:40 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:40 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03470000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:40 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1386.759600][T25069] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:28:41 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f00003ae000/0x1000)=nil, 0x1000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x0, 0xd9f, 0x400000) r2 = socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x9, 0x80010, r2, 0x9cdeb000) socket(0x0, 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/bcm5974', 0x8000, 0x0) getsockname$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000280)=0x14) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000004300000825bd7000753a756e1c000000000000000600000022d15fe1f747cfe9d283594a457364e3e3b7c8fa303f60a8c14788d8e9c8025261117df15fe39e9ff9a5afac6e31c730827a3f5ab1093052206cd64207a61f8dc0d4514b4a2e0ded370caac3b381f8af51d7808eedc1f48536606b9e40a1a718fa4a626091ee214a82ae7ed19fbce8b083fa60b5b5b3f5ba78596ba611154864a1848326a62e2c1a86ff0c44bdc3a7df646a9790870d9582b4f0fe3e369f641839d5bd782df2d0557e758348026b7a569c81786489e4c49e4f7955133c276872e4df3f22a0976cc9598a2551c5275cddfb4a7de3f498838c6c4d67c2b393cf1013af2164cfda01376ffadcc9e0c751e7d9eda0c5ef2fd1fad27f9cdfd574ee57544ce29d41c027a1c749021cd8886c2aaffe4b7db26a394310b56d6604db6e0cf6e413cabe260a68d09a3e00234bc60711ee8892515fb907ba1f701a8dc68a5a245a4006e13577611bae3e03e7ead24f5107d3d92a7cbe54b11fb30ce5cb5bc9623729d262ca47685db07bed4dafb378f1042cee3c9b10d7ddf08f2b"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x44000) r5 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1386.853264][T25069] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1386.853264][T25069] !' [ 1386.894194][T25069] CPU: 0 PID: 25069 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1386.902735][T25069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1386.912795][T25069] Call Trace: [ 1386.916078][T25069] dump_stack_lvl+0xcd/0x134 [ 1386.920689][T25069] sysfs_warn_dup.cold+0x1c/0x29 [ 1386.925642][T25069] sysfs_do_create_link_sd+0x11e/0x140 [ 1386.931109][T25069] sysfs_create_link+0x5f/0xc0 [ 1386.935881][T25069] device_add+0x789/0x2100 [ 1386.940310][T25069] ? mutex_lock_io_nested+0xf00/0xf00 [ 1386.945697][T25069] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1386.951261][T25069] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1386.957511][T25069] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1386.963759][T25069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1386.970007][T25069] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1386.976013][T25069] wiphy_register+0x1e8a/0x29b0 [ 1386.980891][T25069] ? wiphy_unregister+0xbd0/0xbd0 [ 1386.985918][T25069] ? minstrel_ht_alloc+0x531/0xa00 [ 1386.991058][T25069] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1386.997151][T25069] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1387.002651][T25069] ? ieee80211_restart_hw+0x290/0x290 [ 1387.008041][T25069] ? debug_object_destroy+0x210/0x210 [ 1387.013443][T25069] ? memset+0x20/0x40 [ 1387.017445][T25069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.023698][T25069] ? __hrtimer_init+0x136/0x280 [ 1387.028572][T25069] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1387.034336][T25069] ? hwsim_virtio_rx_work+0x350/0x350 [ 1387.039722][T25069] ? __kmalloc_track_caller+0x1a0/0x320 [ 1387.045287][T25069] ? memcpy+0x39/0x60 [ 1387.049292][T25069] hwsim_new_radio_nl+0x9bc/0x1080 [ 1387.054436][T25069] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1387.060366][T25069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.066623][T25069] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1387.074007][T25069] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1387.081314][T25069] genl_family_rcv_msg_doit+0x228/0x320 [ 1387.086882][T25069] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1387.094271][T25069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.100542][T25069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.106795][T25069] ? ns_capable+0xde/0x100 [ 1387.111230][T25069] genl_rcv_msg+0x328/0x580 [ 1387.115756][T25069] ? genl_get_cmd+0x480/0x480 [ 1387.120449][T25069] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1387.126371][T25069] ? lock_release+0x720/0x720 [ 1387.131074][T25069] netlink_rcv_skb+0x153/0x420 [ 1387.135938][T25069] ? genl_get_cmd+0x480/0x480 [ 1387.140633][T25069] ? netlink_ack+0xa60/0xa60 [ 1387.145255][T25069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.151519][T25069] genl_rcv+0x24/0x40 [ 1387.155510][T25069] netlink_unicast+0x533/0x7d0 [ 1387.160295][T25069] ? netlink_attachskb+0x890/0x890 [ 1387.165423][T25069] ? __virt_addr_valid+0x5d/0x2d0 [ 1387.170457][T25069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1387.176707][T25069] ? __phys_addr_symbol+0x2c/0x70 [ 1387.181738][T25069] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1387.187467][T25069] ? __check_object_size+0x16e/0x3f0 [ 1387.192772][T25069] netlink_sendmsg+0x85b/0xda0 [ 1387.197561][T25069] ? netlink_unicast+0x7d0/0x7d0 [ 1387.202524][T25069] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.208778][T25069] ? netlink_unicast+0x7d0/0x7d0 [ 1387.213732][T25069] sock_sendmsg+0xcf/0x120 [ 1387.218162][T25069] ____sys_sendmsg+0x6e8/0x810 [ 1387.222937][T25069] ? kernel_sendmsg+0x50/0x50 [ 1387.227622][T25069] ? do_recvmmsg+0x6d0/0x6d0 [ 1387.232264][T25069] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1387.238272][T25069] ___sys_sendmsg+0xf3/0x170 [ 1387.242875][T25069] ? sendmsg_copy_msghdr+0x160/0x160 [ 1387.248179][T25069] ? __fget_files+0x266/0x3d0 [ 1387.252874][T25069] ? lock_downgrade+0x6e0/0x6e0 [ 1387.257758][T25069] ? __fget_files+0x288/0x3d0 [ 1387.262461][T25069] ? __fget_light+0xea/0x280 [ 1387.267063][T25069] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1387.273327][T25069] __sys_sendmsg+0xe5/0x1b0 [ 1387.277844][T25069] ? __sys_sendmsg_sock+0x30/0x30 [ 1387.282911][T25069] ? syscall_enter_from_user_mode+0x21/0x70 [ 1387.288830][T25069] do_syscall_64+0x35/0xb0 [ 1387.293258][T25069] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1387.299167][T25069] RIP: 0033:0x4665d9 [ 1387.303069][T25069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1387.322684][T25069] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1387.331125][T25069] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1387.339144][T25069] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1387.347119][T25069] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1387.355095][T25069] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1387.363070][T25069] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 21:28:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03500000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1387.486284][T25094] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00480000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:41 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:41 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1387.557378][T25094] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1387.557378][T25094] !' [ 1387.638971][T25094] CPU: 1 PID: 25094 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1387.647524][T25094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1387.657581][T25094] Call Trace: [ 1387.660859][T25094] dump_stack_lvl+0xcd/0x134 [ 1387.665463][T25094] sysfs_warn_dup.cold+0x1c/0x29 [ 1387.670411][T25094] sysfs_do_create_link_sd+0x11e/0x140 [ 1387.675889][T25094] sysfs_create_link+0x5f/0xc0 [ 1387.680661][T25094] device_add+0x789/0x2100 [ 1387.685086][T25094] ? mutex_lock_io_nested+0xf00/0xf00 [ 1387.690468][T25094] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1387.696018][T25094] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1387.702260][T25094] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1387.708509][T25094] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.714752][T25094] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1387.720745][T25094] wiphy_register+0x1e8a/0x29b0 [ 1387.725608][T25094] ? wiphy_unregister+0xbd0/0xbd0 [ 1387.730630][T25094] ? minstrel_ht_alloc+0x531/0xa00 [ 1387.735752][T25094] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1387.741835][T25094] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1387.747320][T25094] ? ieee80211_restart_hw+0x290/0x290 [ 1387.752701][T25094] ? debug_object_destroy+0x210/0x210 [ 1387.758091][T25094] ? memset+0x20/0x40 [ 1387.762080][T25094] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.768321][T25094] ? __hrtimer_init+0x136/0x280 [ 1387.773185][T25094] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1387.778932][T25094] ? hwsim_virtio_rx_work+0x350/0x350 [ 1387.784313][T25094] ? __kmalloc_track_caller+0x1a0/0x320 [ 1387.789866][T25094] ? memcpy+0x39/0x60 [ 1387.793861][T25094] hwsim_new_radio_nl+0x9bc/0x1080 [ 1387.798989][T25094] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1387.804907][T25094] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.811152][T25094] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1387.818523][T25094] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1387.825819][T25094] genl_family_rcv_msg_doit+0x228/0x320 [ 1387.831412][T25094] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1387.838801][T25094] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.845630][T25094] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.852215][T25094] ? ns_capable+0xde/0x100 [ 1387.856621][T25094] genl_rcv_msg+0x328/0x580 [ 1387.861496][T25094] ? genl_get_cmd+0x480/0x480 [ 1387.866362][T25094] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1387.872448][T25094] ? lock_release+0x720/0x720 [ 1387.877111][T25094] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1387.882387][T25094] netlink_rcv_skb+0x153/0x420 [ 1387.887144][T25094] ? genl_get_cmd+0x480/0x480 [ 1387.891808][T25094] ? netlink_ack+0xa60/0xa60 [ 1387.896402][T25094] genl_rcv+0x24/0x40 [ 1387.900389][T25094] netlink_unicast+0x533/0x7d0 [ 1387.905164][T25094] ? netlink_attachskb+0x890/0x890 [ 1387.910329][T25094] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1387.916556][T25094] ? __phys_addr_symbol+0x2c/0x70 [ 1387.921566][T25094] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1387.927270][T25094] ? __check_object_size+0x16e/0x3f0 [ 1387.932551][T25094] netlink_sendmsg+0x85b/0xda0 [ 1387.937323][T25094] ? netlink_unicast+0x7d0/0x7d0 [ 1387.942252][T25094] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1387.948573][T25094] ? netlink_unicast+0x7d0/0x7d0 [ 1387.953618][T25094] sock_sendmsg+0xcf/0x120 [ 1387.958021][T25094] ____sys_sendmsg+0x6e8/0x810 [ 1387.962771][T25094] ? kernel_sendmsg+0x50/0x50 [ 1387.967434][T25094] ? do_recvmmsg+0x6d0/0x6d0 [ 1387.972013][T25094] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1387.977984][T25094] ___sys_sendmsg+0xf3/0x170 [ 1387.982666][T25094] ? sendmsg_copy_msghdr+0x160/0x160 [ 1387.987947][T25094] ? __fget_files+0x266/0x3d0 [ 1387.992626][T25094] ? lock_downgrade+0x6e0/0x6e0 [ 1387.997469][T25094] ? __fget_files+0x288/0x3d0 [ 1388.002188][T25094] ? __fget_light+0xea/0x280 [ 1388.006780][T25094] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1388.013016][T25094] __sys_sendmsg+0xe5/0x1b0 [ 1388.017526][T25094] ? __sys_sendmsg_sock+0x30/0x30 [ 1388.022559][T25094] ? syscall_enter_from_user_mode+0x21/0x70 [ 1388.028444][T25094] do_syscall_64+0x35/0xb0 [ 1388.032847][T25094] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1388.038731][T25094] RIP: 0033:0x4665d9 [ 1388.042628][T25094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1388.062223][T25094] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1388.070635][T25094] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1388.078597][T25094] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1388.086559][T25094] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1388.094517][T25094] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1388.102482][T25094] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 21:28:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00510000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1388.215135][T25106] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1388.244639][T25106] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1388.244639][T25106] !' 21:28:42 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x15, 0x6, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1388.309777][T25106] CPU: 0 PID: 25106 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1388.318329][T25106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1388.328381][T25106] Call Trace: [ 1388.331658][T25106] dump_stack_lvl+0xcd/0x134 [ 1388.336264][T25106] sysfs_warn_dup.cold+0x1c/0x29 [ 1388.341213][T25106] sysfs_do_create_link_sd+0x11e/0x140 [ 1388.346685][T25106] sysfs_create_link+0x5f/0xc0 [ 1388.351465][T25106] device_add+0x789/0x2100 [ 1388.355891][T25106] ? mutex_lock_io_nested+0xf00/0xf00 [ 1388.361278][T25106] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1388.366833][T25106] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1388.373078][T25106] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1388.379435][T25106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1388.385677][T25106] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1388.391821][T25106] wiphy_register+0x1e8a/0x29b0 [ 1388.396684][T25106] ? wiphy_unregister+0xbd0/0xbd0 [ 1388.401708][T25106] ? minstrel_ht_alloc+0x531/0xa00 [ 1388.406870][T25106] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1388.412961][T25106] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1388.418444][T25106] ? ieee80211_restart_hw+0x290/0x290 [ 1388.423825][T25106] ? debug_object_destroy+0x210/0x210 [ 1388.429216][T25106] ? memset+0x20/0x40 [ 1388.433208][T25106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1388.439540][T25106] ? __hrtimer_init+0x136/0x280 [ 1388.444400][T25106] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1388.450134][T25106] ? hwsim_virtio_rx_work+0x350/0x350 [ 1388.455516][T25106] ? __kmalloc_track_caller+0x1a0/0x320 [ 1388.461072][T25106] ? memcpy+0x39/0x60 [ 1388.465067][T25106] hwsim_new_radio_nl+0x9bc/0x1080 [ 1388.470190][T25106] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1388.476456][T25106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1388.482701][T25106] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1388.490087][T25106] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1388.497387][T25106] genl_family_rcv_msg_doit+0x228/0x320 [ 1388.502946][T25106] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1388.510328][T25106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1388.516590][T25106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1388.522843][T25106] ? ns_capable+0xde/0x100 [ 1388.527274][T25106] genl_rcv_msg+0x328/0x580 [ 1388.531793][T25106] ? genl_get_cmd+0x480/0x480 [ 1388.536478][T25106] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1388.542565][T25106] ? lock_release+0x720/0x720 [ 1388.547251][T25106] netlink_rcv_skb+0x153/0x420 [ 1388.552025][T25106] ? genl_get_cmd+0x480/0x480 [ 1388.556717][T25106] ? netlink_ack+0xa60/0xa60 [ 1388.561413][T25106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1388.567668][T25106] genl_rcv+0x24/0x40 [ 1388.571659][T25106] netlink_unicast+0x533/0x7d0 [ 1388.576436][T25106] ? netlink_attachskb+0x890/0x890 [ 1388.581553][T25106] ? __virt_addr_valid+0x5d/0x2d0 [ 1388.586582][T25106] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1388.593032][T25106] ? __phys_addr_symbol+0x2c/0x70 [ 1388.598346][T25106] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1388.604054][T25106] ? __check_object_size+0x16e/0x3f0 [ 1388.609348][T25106] netlink_sendmsg+0x85b/0xda0 [ 1388.614115][T25106] ? netlink_unicast+0x7d0/0x7d0 [ 1388.619043][T25106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1388.625273][T25106] ? netlink_unicast+0x7d0/0x7d0 [ 1388.630607][T25106] sock_sendmsg+0xcf/0x120 [ 1388.635238][T25106] ____sys_sendmsg+0x6e8/0x810 [ 1388.640095][T25106] ? kernel_sendmsg+0x50/0x50 [ 1388.644761][T25106] ? do_recvmmsg+0x6d0/0x6d0 [ 1388.649539][T25106] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1388.655510][T25106] ___sys_sendmsg+0xf3/0x170 [ 1388.660552][T25106] ? sendmsg_copy_msghdr+0x160/0x160 [ 1388.665833][T25106] ? __fget_files+0x266/0x3d0 [ 1388.670511][T25106] ? lock_downgrade+0x6e0/0x6e0 [ 1388.675357][T25106] ? __fget_files+0x288/0x3d0 [ 1388.680341][T25106] ? __fget_light+0xea/0x280 [ 1388.684924][T25106] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1388.691180][T25106] __sys_sendmsg+0xe5/0x1b0 [ 1388.695687][T25106] ? __sys_sendmsg_sock+0x30/0x30 [ 1388.700733][T25106] ? syscall_enter_from_user_mode+0x21/0x70 [ 1388.706646][T25106] do_syscall_64+0x35/0xb0 [ 1388.711160][T25106] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1388.717064][T25106] RIP: 0033:0x4665d9 [ 1388.720946][T25106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1388.740565][T25106] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1388.748991][T25106] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1388.756951][T25106] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1388.764905][T25106] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1388.773040][T25106] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1388.781020][T25106] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 [ 1388.842141][T25149] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:43 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c95940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:28:43 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01480000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:43 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:43 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1388.907926][T25149] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1388.907926][T25149] !' [ 1388.970168][T25149] CPU: 1 PID: 25149 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1388.978705][T25149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1388.988765][T25149] Call Trace: [ 1388.992047][T25149] dump_stack_lvl+0xcd/0x134 [ 1388.996649][T25149] sysfs_warn_dup.cold+0x1c/0x29 [ 1389.001665][T25149] sysfs_do_create_link_sd+0x11e/0x140 [ 1389.007113][T25149] sysfs_create_link+0x5f/0xc0 [ 1389.011866][T25149] device_add+0x789/0x2100 [ 1389.016271][T25149] ? mutex_lock_io_nested+0xf00/0xf00 [ 1389.021664][T25149] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1389.027314][T25149] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1389.033550][T25149] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1389.039794][T25149] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.046043][T25149] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1389.052037][T25149] wiphy_register+0x1e8a/0x29b0 [ 1389.056900][T25149] ? wiphy_unregister+0xbd0/0xbd0 [ 1389.061923][T25149] ? minstrel_ht_alloc+0x531/0xa00 [ 1389.067050][T25149] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1389.073224][T25149] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1389.078712][T25149] ? ieee80211_restart_hw+0x290/0x290 [ 1389.084096][T25149] ? debug_object_destroy+0x210/0x210 [ 1389.089483][T25149] ? memset+0x20/0x40 [ 1389.093472][T25149] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.099722][T25149] ? __hrtimer_init+0x136/0x280 [ 1389.104586][T25149] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1389.110332][T25149] ? hwsim_virtio_rx_work+0x350/0x350 [ 1389.115797][T25149] ? __kmalloc_track_caller+0x1a0/0x320 [ 1389.121362][T25149] ? memcpy+0x39/0x60 [ 1389.125540][T25149] hwsim_new_radio_nl+0x9bc/0x1080 [ 1389.130666][T25149] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1389.136579][T25149] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.142828][T25149] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1389.150209][T25149] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1389.157511][T25149] genl_family_rcv_msg_doit+0x228/0x320 [ 1389.163072][T25149] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1389.170463][T25149] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.176736][T25149] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.182987][T25149] ? ns_capable+0xde/0x100 [ 1389.187410][T25149] genl_rcv_msg+0x328/0x580 [ 1389.191931][T25149] ? genl_get_cmd+0x480/0x480 [ 1389.196615][T25149] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1389.202524][T25149] ? lock_release+0x720/0x720 [ 1389.207239][T25149] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1389.212529][T25149] netlink_rcv_skb+0x153/0x420 [ 1389.217295][T25149] ? genl_get_cmd+0x480/0x480 [ 1389.221982][T25149] ? netlink_ack+0xa60/0xa60 [ 1389.226592][T25149] genl_rcv+0x24/0x40 [ 1389.230571][T25149] netlink_unicast+0x533/0x7d0 [ 1389.235336][T25149] ? netlink_attachskb+0x890/0x890 [ 1389.240444][T25149] ? __virt_addr_valid+0x5d/0x2d0 [ 1389.245470][T25149] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1389.251705][T25149] ? __phys_addr_symbol+0x2c/0x70 [ 1389.256717][T25149] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1389.262431][T25149] ? __check_object_size+0x16e/0x3f0 [ 1389.267714][T25149] netlink_sendmsg+0x85b/0xda0 [ 1389.272483][T25149] ? netlink_unicast+0x7d0/0x7d0 [ 1389.277430][T25149] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.283664][T25149] ? netlink_unicast+0x7d0/0x7d0 [ 1389.288595][T25149] sock_sendmsg+0xcf/0x120 [ 1389.293002][T25149] ____sys_sendmsg+0x6e8/0x810 [ 1389.297763][T25149] ? kernel_sendmsg+0x50/0x50 [ 1389.302431][T25149] ? do_recvmmsg+0x6d0/0x6d0 [ 1389.307020][T25149] ? lock_chain_count+0x20/0x20 [ 1389.311862][T25149] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1389.317848][T25149] ___sys_sendmsg+0xf3/0x170 [ 1389.322438][T25149] ? sendmsg_copy_msghdr+0x160/0x160 [ 1389.327720][T25149] ? __fget_files+0x266/0x3d0 [ 1389.332391][T25149] ? lock_downgrade+0x6e0/0x6e0 [ 1389.337270][T25149] ? __fget_files+0x288/0x3d0 [ 1389.341945][T25149] ? __fget_light+0xea/0x280 [ 1389.346527][T25149] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1389.352765][T25149] __sys_sendmsg+0xe5/0x1b0 [ 1389.357265][T25149] ? __sys_sendmsg_sock+0x30/0x30 [ 1389.362295][T25149] ? syscall_enter_from_user_mode+0x21/0x70 [ 1389.368191][T25149] do_syscall_64+0x35/0xb0 [ 1389.372600][T25149] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1389.378489][T25149] RIP: 0033:0x4665d9 [ 1389.382372][T25149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1389.401976][T25149] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1389.410385][T25149] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1389.418348][T25149] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1389.426309][T25149] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1389.434269][T25149] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1389.442229][T25149] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:28:43 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01510000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1389.543037][T25155] __nla_validate_parse: 14 callbacks suppressed [ 1389.543055][T25155] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1389.564270][T25170] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1389.658222][T25183] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1389.676968][T25174] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1389.684133][T25183] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1389.707603][T25183] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1389.707603][T25183] !' [ 1389.720975][T25183] CPU: 0 PID: 25183 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1389.729407][T25183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1389.739645][T25183] Call Trace: [ 1389.742930][T25183] dump_stack_lvl+0xcd/0x134 [ 1389.747546][T25183] sysfs_warn_dup.cold+0x1c/0x29 [ 1389.752498][T25183] sysfs_do_create_link_sd+0x11e/0x140 [ 1389.757970][T25183] sysfs_create_link+0x5f/0xc0 [ 1389.762744][T25183] device_add+0x789/0x2100 [ 1389.767164][T25183] ? mutex_lock_io_nested+0xf00/0xf00 [ 1389.772730][T25183] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1389.778380][T25183] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1389.784666][T25183] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1389.790912][T25183] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.797178][T25183] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1389.803182][T25183] wiphy_register+0x1e8a/0x29b0 [ 1389.808056][T25183] ? wiphy_unregister+0xbd0/0xbd0 [ 1389.813092][T25183] ? minstrel_ht_alloc+0x531/0xa00 [ 1389.818455][T25183] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1389.824547][T25183] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1389.830036][T25183] ? ieee80211_restart_hw+0x290/0x290 [ 1389.835429][T25183] ? debug_object_destroy+0x210/0x210 [ 1389.840825][T25183] ? memset+0x20/0x40 [ 1389.844820][T25183] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.851154][T25183] ? __hrtimer_init+0x136/0x280 [ 1389.856028][T25183] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1389.861786][T25183] ? hwsim_virtio_rx_work+0x350/0x350 [ 1389.867166][T25183] ? __kmalloc_track_caller+0x1a0/0x320 [ 1389.872722][T25183] ? memcpy+0x39/0x60 [ 1389.876715][T25183] hwsim_new_radio_nl+0x9bc/0x1080 [ 1389.881842][T25183] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1389.887763][T25183] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.894011][T25183] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1389.901391][T25183] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1389.908691][T25183] genl_family_rcv_msg_doit+0x228/0x320 [ 1389.914252][T25183] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1389.921637][T25183] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.927893][T25183] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.934146][T25183] ? ns_capable+0xde/0x100 [ 1389.938746][T25183] genl_rcv_msg+0x328/0x580 [ 1389.943495][T25183] ? genl_get_cmd+0x480/0x480 [ 1389.948176][T25183] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1389.954466][T25183] ? lock_release+0x720/0x720 [ 1389.959342][T25183] netlink_rcv_skb+0x153/0x420 [ 1389.964118][T25183] ? genl_get_cmd+0x480/0x480 [ 1389.968898][T25183] ? netlink_ack+0xa60/0xa60 [ 1389.973491][T25183] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1389.980154][T25183] genl_rcv+0x24/0x40 [ 1389.984336][T25183] netlink_unicast+0x533/0x7d0 [ 1389.989111][T25183] ? netlink_attachskb+0x890/0x890 [ 1389.994850][T25183] ? __virt_addr_valid+0x5d/0x2d0 [ 1390.000050][T25183] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1390.006459][T25183] ? __phys_addr_symbol+0x2c/0x70 [ 1390.011794][T25183] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1390.017752][T25183] ? __check_object_size+0x16e/0x3f0 [ 1390.023050][T25183] netlink_sendmsg+0x85b/0xda0 [ 1390.027834][T25183] ? netlink_unicast+0x7d0/0x7d0 [ 1390.032784][T25183] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1390.039088][T25183] ? netlink_unicast+0x7d0/0x7d0 [ 1390.044020][T25183] sock_sendmsg+0xcf/0x120 [ 1390.048498][T25183] ____sys_sendmsg+0x6e8/0x810 [ 1390.053252][T25183] ? kernel_sendmsg+0x50/0x50 [ 1390.057931][T25183] ? do_recvmmsg+0x6d0/0x6d0 [ 1390.062525][T25183] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1390.068503][T25183] ? __fget_light+0x89/0x280 [ 1390.073095][T25183] ___sys_sendmsg+0xf3/0x170 [ 1390.077681][T25183] ? sendmsg_copy_msghdr+0x160/0x160 [ 1390.082969][T25183] ? __fget_files+0x266/0x3d0 [ 1390.087638][T25183] ? lock_downgrade+0x6e0/0x6e0 [ 1390.092491][T25183] ? __fget_files+0x288/0x3d0 [ 1390.097191][T25183] ? __fget_light+0xea/0x280 [ 1390.101776][T25183] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1390.108024][T25183] __sys_sendmsg+0xe5/0x1b0 [ 1390.112531][T25183] ? __sys_sendmsg_sock+0x30/0x30 [ 1390.117564][T25183] ? syscall_enter_from_user_mode+0x21/0x70 [ 1390.123459][T25183] do_syscall_64+0x35/0xb0 [ 1390.127868][T25183] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1390.133759][T25183] RIP: 0033:0x4665d9 [ 1390.137642][T25183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1390.157253][T25183] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1390.165672][T25183] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1390.173632][T25183] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1390.181593][T25183] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1390.189552][T25183] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1390.197686][T25183] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:28:44 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:44 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1390.345339][T25193] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1390.420424][T25184] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1390.439411][T25200] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:28:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02510000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1390.463539][T25184] netlink: 146340 bytes leftover after parsing attributes in process `syz-executor.0'. 21:28:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02480000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1390.498173][T25184] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1390.498173][T25184] !' [ 1390.530467][T25184] CPU: 0 PID: 25184 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1390.539172][T25184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1390.549225][T25184] Call Trace: [ 1390.552499][T25184] dump_stack_lvl+0xcd/0x134 [ 1390.557103][T25184] sysfs_warn_dup.cold+0x1c/0x29 [ 1390.562051][T25184] sysfs_do_create_link_sd+0x11e/0x140 [ 1390.567532][T25184] sysfs_create_link+0x5f/0xc0 [ 1390.572314][T25184] device_add+0x789/0x2100 [ 1390.576749][T25184] ? mutex_lock_io_nested+0xf00/0xf00 [ 1390.582139][T25184] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1390.587693][T25184] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1390.593949][T25184] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1390.600193][T25184] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1390.606436][T25184] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1390.612440][T25184] wiphy_register+0x1e8a/0x29b0 [ 1390.617324][T25184] ? wiphy_unregister+0xbd0/0xbd0 [ 1390.622361][T25184] ? minstrel_ht_alloc+0x531/0xa00 [ 1390.627487][T25184] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1390.633571][T25184] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1390.639055][T25184] ? ieee80211_restart_hw+0x290/0x290 [ 1390.644439][T25184] ? debug_object_destroy+0x210/0x210 [ 1390.649834][T25184] ? memset+0x20/0x40 [ 1390.653833][T25184] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1390.660086][T25184] ? __hrtimer_init+0x136/0x280 [ 1390.664956][T25184] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1390.670701][T25184] ? hwsim_virtio_rx_work+0x350/0x350 [ 1390.676083][T25184] ? __kmalloc_track_caller+0x1a0/0x320 [ 1390.681640][T25184] ? memcpy+0x39/0x60 [ 1390.685634][T25184] hwsim_new_radio_nl+0x9bc/0x1080 [ 1390.690760][T25184] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1390.696686][T25184] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1390.702941][T25184] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1390.710299][T25184] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1390.717663][T25184] genl_family_rcv_msg_doit+0x228/0x320 [ 1390.723195][T25184] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1390.730555][T25184] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1390.736975][T25184] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1390.743611][T25184] ? ns_capable+0xde/0x100 [ 1390.748313][T25184] genl_rcv_msg+0x328/0x580 [ 1390.752823][T25184] ? genl_get_cmd+0x480/0x480 [ 1390.757803][T25184] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1390.763696][T25184] ? lock_release+0x720/0x720 [ 1390.768380][T25184] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1390.774205][T25184] netlink_rcv_skb+0x153/0x420 [ 1390.779169][T25184] ? genl_get_cmd+0x480/0x480 [ 1390.784127][T25184] ? netlink_ack+0xa60/0xa60 [ 1390.788738][T25184] genl_rcv+0x24/0x40 [ 1390.792709][T25184] netlink_unicast+0x533/0x7d0 [ 1390.797477][T25184] ? netlink_attachskb+0x890/0x890 [ 1390.802594][T25184] ? __virt_addr_valid+0x5d/0x2d0 [ 1390.807608][T25184] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1390.813847][T25184] ? __phys_addr_symbol+0x2c/0x70 [ 1390.818856][T25184] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1390.824562][T25184] ? __check_object_size+0x16e/0x3f0 [ 1390.829843][T25184] netlink_sendmsg+0x85b/0xda0 [ 1390.834616][T25184] ? netlink_unicast+0x7d0/0x7d0 [ 1390.839543][T25184] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1390.845774][T25184] ? netlink_unicast+0x7d0/0x7d0 [ 1390.850703][T25184] sock_sendmsg+0xcf/0x120 [ 1390.855121][T25184] ____sys_sendmsg+0x6e8/0x810 [ 1390.860092][T25184] ? kernel_sendmsg+0x50/0x50 [ 1390.864750][T25184] ? do_recvmmsg+0x6d0/0x6d0 [ 1390.869550][T25184] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1390.875518][T25184] ? __fget_light+0x89/0x280 [ 1390.880100][T25184] ___sys_sendmsg+0xf3/0x170 [ 1390.884678][T25184] ? sendmsg_copy_msghdr+0x160/0x160 [ 1390.889952][T25184] ? __fget_files+0x266/0x3d0 [ 1390.894615][T25184] ? lock_downgrade+0x6e0/0x6e0 [ 1390.899461][T25184] ? __fget_files+0x288/0x3d0 [ 1390.904129][T25184] ? __fget_light+0xea/0x280 [ 1390.908809][T25184] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1390.915044][T25184] __sys_sendmsg+0xe5/0x1b0 [ 1390.919535][T25184] ? __sys_sendmsg_sock+0x30/0x30 [ 1390.924553][T25184] ? syscall_enter_from_user_mode+0x21/0x70 [ 1390.930630][T25184] do_syscall_64+0x35/0xb0 [ 1390.935053][T25184] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1390.940947][T25184] RIP: 0033:0x4665d9 [ 1390.944835][T25184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1390.964607][T25184] RSP: 002b:00007ff8ad9cc188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1390.973002][T25184] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1390.980958][T25184] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1390.988926][T25184] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1390.996879][T25184] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1391.004837][T25184] R13: 00007ffd9d70a0cf R14: 00007ff8ad9cc300 R15: 0000000000022000 [ 1391.047213][T25228] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:28:45 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) r2 = socket(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) fsetxattr$trusted_overlay_opaque(r2, &(0x7f00000000c0), &(0x7f0000000100), 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1391.097574][T25182] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1391.103212][T25227] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1391.124330][T25182] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:28:45 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1391.193690][T25182] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1391.193690][T25182] !' [ 1391.223439][T25182] CPU: 1 PID: 25182 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1391.231978][T25182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.242039][T25182] Call Trace: [ 1391.245330][T25182] dump_stack_lvl+0xcd/0x134 [ 1391.249943][T25182] sysfs_warn_dup.cold+0x1c/0x29 [ 1391.254894][T25182] sysfs_do_create_link_sd+0x11e/0x140 [ 1391.260370][T25182] sysfs_create_link+0x5f/0xc0 [ 1391.265142][T25182] device_add+0x789/0x2100 [ 1391.269561][T25182] ? mutex_lock_io_nested+0xf00/0xf00 [ 1391.274942][T25182] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1391.280594][T25182] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1391.286850][T25182] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1391.293099][T25182] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1391.299510][T25182] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1391.305603][T25182] wiphy_register+0x1e8a/0x29b0 [ 1391.310471][T25182] ? wiphy_unregister+0xbd0/0xbd0 [ 1391.315494][T25182] ? minstrel_ht_alloc+0x531/0xa00 [ 1391.320619][T25182] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1391.326702][T25182] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1391.332185][T25182] ? ieee80211_restart_hw+0x290/0x290 [ 1391.337565][T25182] ? debug_object_destroy+0x210/0x210 [ 1391.342951][T25182] ? memset+0x20/0x40 [ 1391.346942][T25182] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1391.353182][T25182] ? __hrtimer_init+0x136/0x280 [ 1391.358043][T25182] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1391.363790][T25182] ? hwsim_virtio_rx_work+0x350/0x350 [ 1391.369167][T25182] ? __kmalloc_track_caller+0x1a0/0x320 [ 1391.374729][T25182] ? memcpy+0x39/0x60 [ 1391.378723][T25182] hwsim_new_radio_nl+0x9bc/0x1080 [ 1391.383838][T25182] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1391.389750][T25182] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1391.395993][T25182] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1391.403372][T25182] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1391.410671][T25182] genl_family_rcv_msg_doit+0x228/0x320 [ 1391.416229][T25182] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1391.423608][T25182] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1391.429841][T25182] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1391.436064][T25182] ? ns_capable+0xde/0x100 [ 1391.440470][T25182] genl_rcv_msg+0x328/0x580 [ 1391.444982][T25182] ? genl_get_cmd+0x480/0x480 [ 1391.449668][T25182] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1391.455555][T25182] ? lock_release+0x720/0x720 [ 1391.460228][T25182] netlink_rcv_skb+0x153/0x420 [ 1391.464995][T25182] ? genl_get_cmd+0x480/0x480 [ 1391.469679][T25182] ? netlink_ack+0xa60/0xa60 [ 1391.474270][T25182] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1391.480502][T25182] genl_rcv+0x24/0x40 [ 1391.484471][T25182] netlink_unicast+0x533/0x7d0 [ 1391.489225][T25182] ? netlink_attachskb+0x890/0x890 [ 1391.494323][T25182] ? __virt_addr_valid+0x5d/0x2d0 [ 1391.499594][T25182] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1391.505818][T25182] ? __phys_addr_symbol+0x2c/0x70 [ 1391.510824][T25182] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1391.516527][T25182] ? __check_object_size+0x16e/0x3f0 [ 1391.521818][T25182] netlink_sendmsg+0x85b/0xda0 [ 1391.526609][T25182] ? netlink_unicast+0x7d0/0x7d0 [ 1391.531541][T25182] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1391.537767][T25182] ? netlink_unicast+0x7d0/0x7d0 [ 1391.542692][T25182] sock_sendmsg+0xcf/0x120 [ 1391.547093][T25182] ____sys_sendmsg+0x6e8/0x810 [ 1391.551846][T25182] ? kernel_sendmsg+0x50/0x50 [ 1391.556521][T25182] ? do_recvmmsg+0x6d0/0x6d0 [ 1391.561196][T25182] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1391.567164][T25182] ___sys_sendmsg+0xf3/0x170 [ 1391.571743][T25182] ? sendmsg_copy_msghdr+0x160/0x160 [ 1391.577022][T25182] ? __fget_files+0x266/0x3d0 [ 1391.581682][T25182] ? lock_downgrade+0x6e0/0x6e0 [ 1391.586525][T25182] ? __fget_files+0x288/0x3d0 [ 1391.591192][T25182] ? __fget_light+0xea/0x280 [ 1391.595770][T25182] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1391.602017][T25182] __sys_sendmsg+0xe5/0x1b0 [ 1391.606521][T25182] ? __sys_sendmsg_sock+0x30/0x30 [ 1391.611555][T25182] ? syscall_enter_from_user_mode+0x21/0x70 [ 1391.617447][T25182] do_syscall_64+0x35/0xb0 [ 1391.621859][T25182] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1391.628154][T25182] RIP: 0033:0x4665d9 [ 1391.632036][T25182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1391.652129][T25182] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1391.660749][T25182] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1391.668726][T25182] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1391.676686][T25182] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1391.685270][T25182] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 21:28:45 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03480000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1391.693227][T25182] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1391.785929][T25245] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:46 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648cd2940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:28:46 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:46 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03510000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1391.873089][T25245] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1391.873089][T25245] !' [ 1391.925589][T25245] CPU: 1 PID: 25245 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1391.934019][T25245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1391.944072][T25245] Call Trace: [ 1391.947344][T25245] dump_stack_lvl+0xcd/0x134 [ 1391.951944][T25245] sysfs_warn_dup.cold+0x1c/0x29 [ 1391.956890][T25245] sysfs_do_create_link_sd+0x11e/0x140 [ 1391.962360][T25245] sysfs_create_link+0x5f/0xc0 [ 1391.967128][T25245] device_add+0x789/0x2100 [ 1391.971544][T25245] ? mutex_lock_io_nested+0xf00/0xf00 [ 1391.976914][T25245] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1391.982453][T25245] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1391.988692][T25245] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1391.994931][T25245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.001175][T25245] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1392.007167][T25245] wiphy_register+0x1e8a/0x29b0 [ 1392.012029][T25245] ? wiphy_unregister+0xbd0/0xbd0 [ 1392.017051][T25245] ? minstrel_ht_alloc+0x531/0xa00 [ 1392.022174][T25245] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1392.028257][T25245] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1392.033739][T25245] ? ieee80211_restart_hw+0x290/0x290 [ 1392.039120][T25245] ? debug_object_destroy+0x210/0x210 [ 1392.044504][T25245] ? memset+0x20/0x40 [ 1392.048492][T25245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.054737][T25245] ? __hrtimer_init+0x136/0x280 [ 1392.059603][T25245] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1392.065348][T25245] ? hwsim_virtio_rx_work+0x350/0x350 [ 1392.070727][T25245] ? __kmalloc_track_caller+0x1a0/0x320 [ 1392.076275][T25245] ? memcpy+0x39/0x60 [ 1392.080267][T25245] hwsim_new_radio_nl+0x9bc/0x1080 [ 1392.085391][T25245] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1392.091309][T25245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.097555][T25245] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1392.104932][T25245] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1392.112234][T25245] genl_family_rcv_msg_doit+0x228/0x320 [ 1392.117789][T25245] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1392.125169][T25245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.131432][T25245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.137673][T25245] ? ns_capable+0xde/0x100 [ 1392.142098][T25245] genl_rcv_msg+0x328/0x580 [ 1392.146611][T25245] ? genl_get_cmd+0x480/0x480 [ 1392.151293][T25245] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1392.157200][T25245] ? lock_release+0x720/0x720 [ 1392.161879][T25245] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1392.167178][T25245] netlink_rcv_skb+0x153/0x420 [ 1392.171949][T25245] ? genl_get_cmd+0x480/0x480 [ 1392.176634][T25245] ? netlink_ack+0xa60/0xa60 [ 1392.181247][T25245] genl_rcv+0x24/0x40 [ 1392.185233][T25245] netlink_unicast+0x533/0x7d0 [ 1392.190008][T25245] ? netlink_attachskb+0x890/0x890 [ 1392.195126][T25245] ? __virt_addr_valid+0x5d/0x2d0 [ 1392.200152][T25245] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1392.206395][T25245] ? __phys_addr_symbol+0x2c/0x70 [ 1392.211437][T25245] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1392.217160][T25245] ? __check_object_size+0x16e/0x3f0 [ 1392.222456][T25245] netlink_sendmsg+0x85b/0xda0 [ 1392.227236][T25245] ? netlink_unicast+0x7d0/0x7d0 [ 1392.232189][T25245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.238437][T25245] ? netlink_unicast+0x7d0/0x7d0 [ 1392.243366][T25245] sock_sendmsg+0xcf/0x120 [ 1392.247792][T25245] ____sys_sendmsg+0x6e8/0x810 [ 1392.252565][T25245] ? kernel_sendmsg+0x50/0x50 [ 1392.257240][T25245] ? do_recvmmsg+0x6d0/0x6d0 [ 1392.261825][T25245] ? lock_chain_count+0x20/0x20 [ 1392.266770][T25245] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1392.272756][T25245] ___sys_sendmsg+0xf3/0x170 [ 1392.277344][T25245] ? sendmsg_copy_msghdr+0x160/0x160 [ 1392.282627][T25245] ? __fget_files+0x266/0x3d0 [ 1392.287298][T25245] ? lock_downgrade+0x6e0/0x6e0 [ 1392.292153][T25245] ? __fget_files+0x288/0x3d0 [ 1392.296831][T25245] ? __fget_light+0xea/0x280 [ 1392.301412][T25245] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1392.307656][T25245] __sys_sendmsg+0xe5/0x1b0 [ 1392.312157][T25245] ? __sys_sendmsg_sock+0x30/0x30 [ 1392.317198][T25245] ? syscall_enter_from_user_mode+0x21/0x70 [ 1392.323104][T25245] do_syscall_64+0x35/0xb0 [ 1392.327520][T25245] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1392.333408][T25245] RIP: 0033:0x4665d9 [ 1392.337297][T25245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1392.356893][T25245] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1392.365295][T25245] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1392.373254][T25245] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1392.381214][T25245] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1392.389172][T25245] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1392.397130][T25245] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1392.513007][T25285] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:28:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00490000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1392.584511][T25285] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1392.584511][T25285] !' [ 1392.599933][T25285] CPU: 0 PID: 25285 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1392.608356][T25285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1392.618410][T25285] Call Trace: [ 1392.621687][T25285] dump_stack_lvl+0xcd/0x134 [ 1392.626294][T25285] sysfs_warn_dup.cold+0x1c/0x29 [ 1392.631330][T25285] sysfs_do_create_link_sd+0x11e/0x140 [ 1392.636803][T25285] sysfs_create_link+0x5f/0xc0 [ 1392.641576][T25285] device_add+0x789/0x2100 [ 1392.646000][T25285] ? mutex_lock_io_nested+0xf00/0xf00 [ 1392.651365][T25285] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1392.656920][T25285] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1392.663374][T25285] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1392.669618][T25285] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.675840][T25285] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1392.681820][T25285] wiphy_register+0x1e8a/0x29b0 [ 1392.686697][T25285] ? wiphy_unregister+0xbd0/0xbd0 [ 1392.691907][T25285] ? minstrel_ht_alloc+0x531/0xa00 [ 1392.697027][T25285] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1392.703093][T25285] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1392.708575][T25285] ? ieee80211_restart_hw+0x290/0x290 [ 1392.713955][T25285] ? debug_object_destroy+0x210/0x210 [ 1392.719337][T25285] ? memset+0x20/0x40 [ 1392.723313][T25285] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.729556][T25285] ? __hrtimer_init+0x136/0x280 [ 1392.734402][T25285] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1392.740147][T25285] ? hwsim_virtio_rx_work+0x350/0x350 [ 1392.745504][T25285] ? __kmalloc_track_caller+0x1a0/0x320 [ 1392.751044][T25285] ? memcpy+0x39/0x60 [ 1392.755210][T25285] hwsim_new_radio_nl+0x9bc/0x1080 [ 1392.760312][T25285] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1392.766362][T25285] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.772693][T25285] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1392.780075][T25285] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1392.787369][T25285] genl_family_rcv_msg_doit+0x228/0x320 [ 1392.792913][T25285] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1392.800293][T25285] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.806546][T25285] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.812774][T25285] ? ns_capable+0xde/0x100 [ 1392.817192][T25285] genl_rcv_msg+0x328/0x580 [ 1392.821691][T25285] ? genl_get_cmd+0x480/0x480 [ 1392.826377][T25285] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1392.832290][T25285] ? lock_release+0x720/0x720 [ 1392.836971][T25285] netlink_rcv_skb+0x153/0x420 [ 1392.841727][T25285] ? genl_get_cmd+0x480/0x480 [ 1392.846412][T25285] ? netlink_ack+0xa60/0xa60 [ 1392.851027][T25285] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.857278][T25285] genl_rcv+0x24/0x40 [ 1392.861267][T25285] netlink_unicast+0x533/0x7d0 [ 1392.866045][T25285] ? netlink_attachskb+0x890/0x890 [ 1392.871162][T25285] ? __virt_addr_valid+0x5d/0x2d0 [ 1392.876190][T25285] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1392.882415][T25285] ? __phys_addr_symbol+0x2c/0x70 [ 1392.887447][T25285] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1392.893167][T25285] ? __check_object_size+0x16e/0x3f0 [ 1392.898454][T25285] netlink_sendmsg+0x85b/0xda0 [ 1392.903215][T25285] ? netlink_unicast+0x7d0/0x7d0 [ 1392.908159][T25285] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1392.914390][T25285] ? netlink_unicast+0x7d0/0x7d0 [ 1392.919327][T25285] sock_sendmsg+0xcf/0x120 [ 1392.923734][T25285] ____sys_sendmsg+0x6e8/0x810 [ 1392.928508][T25285] ? kernel_sendmsg+0x50/0x50 [ 1392.933303][T25285] ? do_recvmmsg+0x6d0/0x6d0 [ 1392.937887][T25285] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1392.943854][T25285] ? __fget_light+0x89/0x280 [ 1392.948453][T25285] ___sys_sendmsg+0xf3/0x170 [ 1392.953037][T25285] ? sendmsg_copy_msghdr+0x160/0x160 [ 1392.958523][T25285] ? __fget_files+0x266/0x3d0 [ 1392.963190][T25285] ? lock_downgrade+0x6e0/0x6e0 [ 1392.968263][T25285] ? __fget_files+0x288/0x3d0 [ 1392.972936][T25285] ? __fget_light+0xea/0x280 [ 1392.977531][T25285] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1392.983773][T25285] __sys_sendmsg+0xe5/0x1b0 [ 1392.988278][T25285] ? __sys_sendmsg_sock+0x30/0x30 [ 1392.993309][T25285] ? syscall_enter_from_user_mode+0x21/0x70 [ 1392.999213][T25285] do_syscall_64+0x35/0xb0 [ 1393.003617][T25285] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1393.009516][T25285] RIP: 0033:0x4665d9 [ 1393.013393][T25285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 21:28:47 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1393.032989][T25285] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1393.041404][T25285] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1393.049378][T25285] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1393.057334][T25285] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1393.065290][T25285] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1393.073281][T25285] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:28:47 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00520000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01490000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1393.185639][T25286] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1393.244589][T25286] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1393.244589][T25286] !' [ 1393.289676][T25286] CPU: 0 PID: 25286 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1393.298308][T25286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1393.308362][T25286] Call Trace: [ 1393.311639][T25286] dump_stack_lvl+0xcd/0x134 [ 1393.316241][T25286] sysfs_warn_dup.cold+0x1c/0x29 [ 1393.321187][T25286] sysfs_do_create_link_sd+0x11e/0x140 [ 1393.326655][T25286] sysfs_create_link+0x5f/0xc0 [ 1393.331429][T25286] device_add+0x789/0x2100 [ 1393.335848][T25286] ? mutex_lock_io_nested+0xf00/0xf00 [ 1393.341223][T25286] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1393.346778][T25286] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1393.353020][T25286] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1393.359267][T25286] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1393.365510][T25286] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1393.371502][T25286] wiphy_register+0x1e8a/0x29b0 [ 1393.376365][T25286] ? wiphy_unregister+0xbd0/0xbd0 [ 1393.381390][T25286] ? minstrel_ht_alloc+0x531/0xa00 [ 1393.386520][T25286] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1393.392606][T25286] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1393.398088][T25286] ? ieee80211_restart_hw+0x290/0x290 [ 1393.403474][T25286] ? debug_object_destroy+0x210/0x210 [ 1393.408861][T25286] ? memset+0x20/0x40 [ 1393.412848][T25286] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1393.419092][T25286] ? __hrtimer_init+0x136/0x280 [ 1393.423954][T25286] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1393.429699][T25286] ? hwsim_virtio_rx_work+0x350/0x350 [ 1393.435080][T25286] ? __kmalloc_track_caller+0x1a0/0x320 [ 1393.440719][T25286] ? memcpy+0x39/0x60 [ 1393.444715][T25286] hwsim_new_radio_nl+0x9bc/0x1080 [ 1393.449837][T25286] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1393.455751][T25286] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1393.461997][T25286] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1393.469380][T25286] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1393.476688][T25286] genl_family_rcv_msg_doit+0x228/0x320 [ 1393.482246][T25286] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1393.489626][T25286] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1393.495883][T25286] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1393.502130][T25286] ? ns_capable+0xde/0x100 [ 1393.506642][T25286] genl_rcv_msg+0x328/0x580 [ 1393.511158][T25286] ? genl_get_cmd+0x480/0x480 [ 1393.515929][T25286] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1393.521839][T25286] ? lock_release+0x720/0x720 [ 1393.526518][T25286] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1393.532339][T25286] netlink_rcv_skb+0x153/0x420 [ 1393.537111][T25286] ? genl_get_cmd+0x480/0x480 [ 1393.541799][T25286] ? netlink_ack+0xa60/0xa60 [ 1393.546409][T25286] genl_rcv+0x24/0x40 [ 1393.550405][T25286] netlink_unicast+0x533/0x7d0 [ 1393.555183][T25286] ? netlink_attachskb+0x890/0x890 [ 1393.560299][T25286] ? __virt_addr_valid+0x5d/0x2d0 [ 1393.565326][T25286] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1393.571570][T25286] ? __phys_addr_symbol+0x2c/0x70 [ 1393.576599][T25286] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1393.582493][T25286] ? __check_object_size+0x16e/0x3f0 [ 1393.587789][T25286] netlink_sendmsg+0x85b/0xda0 [ 1393.592568][T25286] ? netlink_unicast+0x7d0/0x7d0 [ 1393.597519][T25286] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1393.603765][T25286] ? netlink_unicast+0x7d0/0x7d0 [ 1393.608711][T25286] sock_sendmsg+0xcf/0x120 [ 1393.613785][T25286] ____sys_sendmsg+0x6e8/0x810 [ 1393.618960][T25286] ? kernel_sendmsg+0x50/0x50 [ 1393.623624][T25286] ? do_recvmmsg+0x6d0/0x6d0 [ 1393.628626][T25286] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1393.634776][T25286] ? __fget_light+0x89/0x280 [ 1393.639357][T25286] ___sys_sendmsg+0xf3/0x170 [ 1393.643938][T25286] ? sendmsg_copy_msghdr+0x160/0x160 [ 1393.649235][T25286] ? __fget_files+0x266/0x3d0 [ 1393.653917][T25286] ? lock_downgrade+0x6e0/0x6e0 [ 1393.658773][T25286] ? __fget_files+0x288/0x3d0 [ 1393.663451][T25286] ? __fget_light+0xea/0x280 [ 1393.668046][T25286] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1393.674296][T25286] __sys_sendmsg+0xe5/0x1b0 [ 1393.678802][T25286] ? __sys_sendmsg_sock+0x30/0x30 [ 1393.683833][T25286] ? syscall_enter_from_user_mode+0x21/0x70 [ 1393.689737][T25286] do_syscall_64+0x35/0xb0 [ 1393.694145][T25286] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1393.700132][T25286] RIP: 0033:0x4665d9 [ 1393.704012][T25286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1393.723620][T25286] RSP: 002b:00007ff8ad9cc188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1393.732122][T25286] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1393.740178][T25286] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1393.748132][T25286] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1393.756178][T25286] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1393.764145][T25286] R13: 00007ffd9d70a0cf R14: 00007ff8ad9cc300 R15: 0000000000022000 [ 1393.847799][T25305] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:28:48 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x2, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_mount_image$squashfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0xbf, 0x4, &(0x7f0000000440)=[{&(0x7f0000000140)="8eec26104fdfd4df1e667f99f1724996b8f16413c49fc90d8e522189ad01a4ada0638fd929eb29a8515fc8de4cf3de7630620ad002ab107bd8a260a895beaba5c020eda5621525859ad04dc770199a7e92247c6cafcc264e2a9af63f5e6e05e9eda6f4d8e7e35e23c1678777d1333093344a61a4dcfaf19046943a274f9cda20011e25b84ab34798d7bcabadd50999248397ef9d9455f9a298d294aa531f5126b2cd4f5e2da5d8d5a3cce8e24abd450eb8bfad1bc683f47ebfbd95cf78e956e7fa1b5d586fcb6684c4362bebb759b1f950e21e1df1284efaed6cb4090e816c8009153e81b4a3d369102e1431f3932bbad6e9c7848f2e0b521a", 0xf9, 0x6}, {&(0x7f0000000240)="eece294a0b52063e33c3aeb142e0828aa06d5190a7df66e174a01a70982fa8e9fad12a3ad13ccdbcdde4d0960cf5040f27f6ff10528d750e6df0ae4234602f06dea346ea10244ca8e8a1fceacde783d3019e1b37234509bd09263c9b2f32cd2d4da3372c8d149c00506166ec37cd68e1b3ce6d45bfc0d0ffe9b1965971a4b2cc720abf50fb3146d32e875561c917e5dd3dd9a692e2f9b292168927e5f0e6be078b87725da98b390c6d56f89e1224b99027d61915653e936067f42ba1e905dcb52946863776ea", 0xc6, 0x2}, {&(0x7f0000000340)="939895ebe2062fa8c0d2395eeeb3e93f6979640635ae79e6545f77cd5037fb716b32e76e56c5f2f9a6a800584cc92508d1", 0x31, 0x100000001}, {&(0x7f0000000380)="76c77e0da46ed909fe6372eca86562094f3111d044afba38b657e6dfeaf1e0d94d5f1e43fd9c7791a42d31236d7b4c2ab14e605992210be43d53b1257766f1b32692321c36a1e505998ea42b724a1f2bf5d09ad798b094e111c028ae6b17f725282389c02e0d78c9851eb1b7fbcb57212a5371ea13eddb7a094442a79631e969225eb28fe34c4f1be32e7ddac1fb0cad1e768e30ea1f74bca5fd2b7e09a8077f4c63645197fe8a64512b07f32229d0d964a76396570c170da7361bae", 0xbc, 0xa000000000000000}], 0x801, &(0x7f00000004c0)=ANY=[@ANYBLOB='-+}[,%[,-&,,#\\*:,,\',context=sysadm_u,fsname=]o@#/,\x00']) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40106614, &(0x7f0000000500)) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 21:28:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02490000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1393.889038][T25305] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1393.889038][T25305] !' 21:28:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01520000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1393.975662][T25305] CPU: 1 PID: 25305 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1393.984531][T25305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1393.994586][T25305] Call Trace: [ 1393.997861][T25305] dump_stack_lvl+0xcd/0x134 [ 1394.002470][T25305] sysfs_warn_dup.cold+0x1c/0x29 [ 1394.007416][T25305] sysfs_do_create_link_sd+0x11e/0x140 [ 1394.012882][T25305] sysfs_create_link+0x5f/0xc0 [ 1394.017692][T25305] device_add+0x789/0x2100 [ 1394.022111][T25305] ? mutex_lock_io_nested+0xf00/0xf00 [ 1394.027491][T25305] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1394.033044][T25305] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1394.039289][T25305] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1394.045535][T25305] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.051778][T25305] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1394.057770][T25305] wiphy_register+0x1e8a/0x29b0 [ 1394.062632][T25305] ? wiphy_unregister+0xbd0/0xbd0 [ 1394.067651][T25305] ? minstrel_ht_alloc+0x531/0xa00 [ 1394.072775][T25305] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1394.078860][T25305] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1394.084342][T25305] ? ieee80211_restart_hw+0x290/0x290 [ 1394.089726][T25305] ? debug_object_destroy+0x210/0x210 [ 1394.095112][T25305] ? memset+0x20/0x40 [ 1394.099100][T25305] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.105342][T25305] ? __hrtimer_init+0x136/0x280 [ 1394.110199][T25305] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1394.115955][T25305] ? hwsim_virtio_rx_work+0x350/0x350 [ 1394.120492][T25354] loop0: detected capacity change from 0 to 264192 [ 1394.121328][T25305] ? __kmalloc_track_caller+0x1a0/0x320 [ 1394.121358][T25305] ? memcpy+0x39/0x60 [ 1394.137413][T25305] hwsim_new_radio_nl+0x9bc/0x1080 [ 1394.142536][T25305] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1394.148450][T25305] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.153397][T25354] squashfs: Unknown parameter '-+}[' [ 1394.154691][T25305] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1394.154728][T25305] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1394.174640][T25305] genl_family_rcv_msg_doit+0x228/0x320 [ 1394.180199][T25305] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1394.187582][T25305] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.193841][T25305] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.200091][T25305] ? ns_capable+0xde/0x100 [ 1394.204516][T25305] genl_rcv_msg+0x328/0x580 [ 1394.209031][T25305] ? genl_get_cmd+0x480/0x480 [ 1394.213715][T25305] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1394.219623][T25305] ? lock_release+0x720/0x720 [ 1394.224306][T25305] netlink_rcv_skb+0x153/0x420 [ 1394.229069][T25305] ? genl_get_cmd+0x480/0x480 [ 1394.233740][T25305] ? netlink_ack+0xa60/0xa60 [ 1394.238328][T25305] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.244562][T25305] genl_rcv+0x24/0x40 [ 1394.248535][T25305] netlink_unicast+0x533/0x7d0 [ 1394.253381][T25305] ? netlink_attachskb+0x890/0x890 [ 1394.258589][T25305] ? __virt_addr_valid+0x5d/0x2d0 [ 1394.263608][T25305] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1394.269838][T25305] ? __phys_addr_symbol+0x2c/0x70 [ 1394.274850][T25305] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1394.280558][T25305] ? __check_object_size+0x16e/0x3f0 [ 1394.285854][T25305] netlink_sendmsg+0x85b/0xda0 [ 1394.290615][T25305] ? netlink_unicast+0x7d0/0x7d0 [ 1394.295551][T25305] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.301783][T25305] ? netlink_unicast+0x7d0/0x7d0 [ 1394.306712][T25305] sock_sendmsg+0xcf/0x120 [ 1394.311118][T25305] ____sys_sendmsg+0x6e8/0x810 [ 1394.315873][T25305] ? kernel_sendmsg+0x50/0x50 [ 1394.320534][T25305] ? do_recvmmsg+0x6d0/0x6d0 [ 1394.325121][T25305] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1394.331098][T25305] ___sys_sendmsg+0xf3/0x170 [ 1394.335679][T25305] ? sendmsg_copy_msghdr+0x160/0x160 [ 1394.340959][T25305] ? __fget_files+0x266/0x3d0 [ 1394.345627][T25305] ? lock_downgrade+0x6e0/0x6e0 [ 1394.350478][T25305] ? __fget_files+0x288/0x3d0 [ 1394.355149][T25305] ? __fget_light+0xea/0x280 [ 1394.359729][T25305] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1394.365962][T25305] __sys_sendmsg+0xe5/0x1b0 [ 1394.370457][T25305] ? __sys_sendmsg_sock+0x30/0x30 [ 1394.375481][T25305] ? syscall_enter_from_user_mode+0x21/0x70 [ 1394.381374][T25305] do_syscall_64+0x35/0xb0 [ 1394.385781][T25305] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1394.391668][T25305] RIP: 0033:0x4665d9 [ 1394.395548][T25305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1394.415317][T25305] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1394.423719][T25305] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1394.431764][T25305] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1394.439722][T25305] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1394.447681][T25305] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1394.455638][T25305] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 [ 1394.523583][T25348] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1394.559032][T25355] __nla_validate_parse: 18 callbacks suppressed 21:28:48 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648cd4940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:28:48 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1394.559083][T25355] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 21:28:48 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1394.643260][T25348] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1394.643260][T25348] !' [ 1394.665692][T25348] CPU: 1 PID: 25348 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1394.674135][T25348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1394.684190][T25348] Call Trace: [ 1394.687464][T25348] dump_stack_lvl+0xcd/0x134 [ 1394.692076][T25348] sysfs_warn_dup.cold+0x1c/0x29 [ 1394.697023][T25348] sysfs_do_create_link_sd+0x11e/0x140 [ 1394.702496][T25348] sysfs_create_link+0x5f/0xc0 [ 1394.707265][T25348] device_add+0x789/0x2100 [ 1394.711684][T25348] ? mutex_lock_io_nested+0xf00/0xf00 [ 1394.717064][T25348] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1394.722705][T25348] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1394.728950][T25348] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1394.735194][T25348] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.741439][T25348] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1394.747432][T25348] wiphy_register+0x1e8a/0x29b0 [ 1394.752295][T25348] ? wiphy_unregister+0xbd0/0xbd0 [ 1394.757320][T25348] ? minstrel_ht_alloc+0x531/0xa00 [ 1394.762441][T25348] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1394.768525][T25348] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1394.774003][T25348] ? ieee80211_restart_hw+0x290/0x290 [ 1394.779387][T25348] ? debug_object_destroy+0x210/0x210 [ 1394.784775][T25348] ? memset+0x20/0x40 [ 1394.788769][T25348] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.795016][T25348] ? __hrtimer_init+0x136/0x280 [ 1394.799880][T25348] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1394.805626][T25348] ? hwsim_virtio_rx_work+0x350/0x350 [ 1394.811004][T25348] ? __kmalloc_track_caller+0x1a0/0x320 [ 1394.816559][T25348] ? memcpy+0x39/0x60 [ 1394.820554][T25348] hwsim_new_radio_nl+0x9bc/0x1080 [ 1394.825673][T25348] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1394.831583][T25348] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.837823][T25348] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1394.845209][T25348] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1394.852515][T25348] genl_family_rcv_msg_doit+0x228/0x320 [ 1394.858075][T25348] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1394.865450][T25348] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.871696][T25348] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.877946][T25348] ? ns_capable+0xde/0x100 [ 1394.882382][T25348] genl_rcv_msg+0x328/0x580 [ 1394.886889][T25348] ? genl_get_cmd+0x480/0x480 [ 1394.891568][T25348] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1394.897462][T25348] ? lock_release+0x720/0x720 [ 1394.902131][T25348] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1394.907414][T25348] netlink_rcv_skb+0x153/0x420 [ 1394.912172][T25348] ? genl_get_cmd+0x480/0x480 [ 1394.916843][T25348] ? netlink_ack+0xa60/0xa60 [ 1394.921445][T25348] genl_rcv+0x24/0x40 [ 1394.925420][T25348] netlink_unicast+0x533/0x7d0 [ 1394.930180][T25348] ? netlink_attachskb+0x890/0x890 [ 1394.935281][T25348] ? __virt_addr_valid+0x5d/0x2d0 [ 1394.940298][T25348] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1394.946544][T25348] ? __phys_addr_symbol+0x2c/0x70 [ 1394.951562][T25348] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1394.957277][T25348] ? __check_object_size+0x16e/0x3f0 [ 1394.962559][T25348] netlink_sendmsg+0x85b/0xda0 [ 1394.967323][T25348] ? netlink_unicast+0x7d0/0x7d0 [ 1394.972260][T25348] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1394.978514][T25348] ? netlink_unicast+0x7d0/0x7d0 [ 1394.983444][T25348] sock_sendmsg+0xcf/0x120 [ 1394.987852][T25348] ____sys_sendmsg+0x6e8/0x810 [ 1394.992608][T25348] ? kernel_sendmsg+0x50/0x50 [ 1394.997272][T25348] ? do_recvmmsg+0x6d0/0x6d0 [ 1395.001855][T25348] ? lock_chain_count+0x20/0x20 [ 1395.006695][T25348] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1395.012673][T25348] ___sys_sendmsg+0xf3/0x170 [ 1395.017256][T25348] ? sendmsg_copy_msghdr+0x160/0x160 [ 1395.022537][T25348] ? __fget_files+0x266/0x3d0 [ 1395.027206][T25348] ? lock_downgrade+0x6e0/0x6e0 [ 1395.032061][T25348] ? __fget_files+0x288/0x3d0 [ 1395.036738][T25348] ? __fget_light+0xea/0x280 [ 1395.041324][T25348] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1395.047558][T25348] __sys_sendmsg+0xe5/0x1b0 [ 1395.052054][T25348] ? __sys_sendmsg_sock+0x30/0x30 [ 1395.057083][T25348] ? syscall_enter_from_user_mode+0x21/0x70 [ 1395.062999][T25348] do_syscall_64+0x35/0xb0 [ 1395.067407][T25348] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1395.073298][T25348] RIP: 0033:0x4665d9 [ 1395.077178][T25348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1395.096774][T25348] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1395.105177][T25348] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1395.113137][T25348] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1395.121099][T25348] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1395.129055][T25348] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1395.137013][T25348] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:28:49 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63020d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1395.274286][T25354] loop0: detected capacity change from 0 to 264192 [ 1395.292254][T25354] squashfs: Unknown parameter '-+}[' [ 1395.330315][T25371] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:28:49 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03490000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1395.406162][T25394] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1395.428858][T25394] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1395.447581][T25394] sysfs: cannot create duplicate filename '/class/ieee80211/ 21:28:49 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x80200, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x5, 0x2, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1395.447581][T25394] !' 21:28:49 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x0, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1395.511430][T25394] CPU: 0 PID: 25394 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1395.520071][T25394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1395.530130][T25394] Call Trace: [ 1395.533412][T25394] dump_stack_lvl+0xcd/0x134 [ 1395.538026][T25394] sysfs_warn_dup.cold+0x1c/0x29 [ 1395.542981][T25394] sysfs_do_create_link_sd+0x11e/0x140 [ 1395.548462][T25394] sysfs_create_link+0x5f/0xc0 [ 1395.553240][T25394] device_add+0x789/0x2100 [ 1395.557659][T25394] ? mutex_lock_io_nested+0xf00/0xf00 [ 1395.563036][T25394] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1395.568596][T25394] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1395.574848][T25394] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1395.581097][T25394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1395.587445][T25394] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1395.593458][T25394] wiphy_register+0x1e8a/0x29b0 [ 1395.598339][T25394] ? wiphy_unregister+0xbd0/0xbd0 [ 1395.603371][T25394] ? minstrel_ht_alloc+0x531/0xa00 [ 1395.608691][T25394] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1395.614784][T25394] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1395.620284][T25394] ? ieee80211_restart_hw+0x290/0x290 [ 1395.625675][T25394] ? debug_object_destroy+0x210/0x210 [ 1395.631072][T25394] ? memset+0x20/0x40 [ 1395.635068][T25394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1395.641316][T25394] ? __hrtimer_init+0x136/0x280 [ 1395.646188][T25394] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1395.651953][T25394] ? hwsim_virtio_rx_work+0x350/0x350 [ 1395.657336][T25394] ? __kmalloc_track_caller+0x1a0/0x320 [ 1395.662894][T25394] ? memcpy+0x39/0x60 [ 1395.666898][T25394] hwsim_new_radio_nl+0x9bc/0x1080 [ 1395.672034][T25394] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1395.677961][T25394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1395.684211][T25394] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1395.691601][T25394] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1395.698913][T25394] genl_family_rcv_msg_doit+0x228/0x320 [ 1395.704478][T25394] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1395.711866][T25394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1395.718136][T25394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1395.724387][T25394] ? ns_capable+0xde/0x100 [ 1395.728829][T25394] genl_rcv_msg+0x328/0x580 [ 1395.733355][T25394] ? genl_get_cmd+0x480/0x480 [ 1395.738051][T25394] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1395.743972][T25394] ? lock_release+0x720/0x720 [ 1395.748671][T25394] netlink_rcv_skb+0x153/0x420 [ 1395.753454][T25394] ? genl_get_cmd+0x480/0x480 21:28:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02520000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1395.758148][T25394] ? netlink_ack+0xa60/0xa60 [ 1395.762770][T25394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1395.769031][T25394] genl_rcv+0x24/0x40 [ 1395.773025][T25394] netlink_unicast+0x533/0x7d0 [ 1395.777812][T25394] ? netlink_attachskb+0x890/0x890 [ 1395.782934][T25394] ? __virt_addr_valid+0x5d/0x2d0 [ 1395.787974][T25394] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1395.794227][T25394] ? __phys_addr_symbol+0x2c/0x70 [ 1395.799261][T25394] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1395.804991][T25394] ? __check_object_size+0x16e/0x3f0 [ 1395.810468][T25394] netlink_sendmsg+0x85b/0xda0 [ 1395.815255][T25394] ? netlink_unicast+0x7d0/0x7d0 [ 1395.820220][T25394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1395.826476][T25394] ? netlink_unicast+0x7d0/0x7d0 [ 1395.831433][T25394] sock_sendmsg+0xcf/0x120 [ 1395.835860][T25394] ____sys_sendmsg+0x6e8/0x810 [ 1395.840638][T25394] ? kernel_sendmsg+0x50/0x50 [ 1395.845316][T25394] ? do_recvmmsg+0x6d0/0x6d0 [ 1395.849923][T25394] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1395.855924][T25394] ___sys_sendmsg+0xf3/0x170 [ 1395.860527][T25394] ? sendmsg_copy_msghdr+0x160/0x160 [ 1395.865830][T25394] ? __fget_files+0x266/0x3d0 [ 1395.870522][T25394] ? lock_downgrade+0x6e0/0x6e0 [ 1395.875403][T25394] ? __fget_files+0x288/0x3d0 [ 1395.880108][T25394] ? __fget_light+0xea/0x280 [ 1395.884709][T25394] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1395.890967][T25394] __sys_sendmsg+0xe5/0x1b0 [ 1395.895486][T25394] ? __sys_sendmsg_sock+0x30/0x30 [ 1395.900548][T25394] ? syscall_enter_from_user_mode+0x21/0x70 [ 1395.906468][T25394] do_syscall_64+0x35/0xb0 [ 1395.910897][T25394] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1395.916806][T25394] RIP: 0033:0x4665d9 [ 1395.920708][T25394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1395.940409][T25394] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1395.948835][T25394] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1395.956809][T25394] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1395.964781][T25394] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1395.972753][T25394] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1395.980727][T25394] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 21:28:50 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1396.050433][T25416] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1396.069161][T25421] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1396.107374][T25421] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. 21:28:50 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x0, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1396.196856][T25408] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1396.323806][T25421] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1396.323806][T25421] !' [ 1396.352614][T25421] CPU: 1 PID: 25421 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1396.361303][T25421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1396.371700][T25421] Call Trace: [ 1396.375152][T25421] dump_stack_lvl+0xcd/0x134 [ 1396.379938][T25421] sysfs_warn_dup.cold+0x1c/0x29 [ 1396.385164][T25421] sysfs_do_create_link_sd+0x11e/0x140 [ 1396.390695][T25421] sysfs_create_link+0x5f/0xc0 [ 1396.395681][T25421] device_add+0x789/0x2100 [ 1396.400087][T25421] ? mutex_lock_io_nested+0xf00/0xf00 [ 1396.405449][T25421] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1396.411256][T25421] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1396.418134][T25421] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1396.424361][T25421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1396.430767][T25421] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1396.436755][T25421] wiphy_register+0x1e8a/0x29b0 [ 1396.441622][T25421] ? wiphy_unregister+0xbd0/0xbd0 [ 1396.446629][T25421] ? minstrel_ht_alloc+0x531/0xa00 [ 1396.451733][T25421] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1396.457802][T25421] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1396.463256][T25421] ? ieee80211_restart_hw+0x290/0x290 [ 1396.468622][T25421] ? debug_object_destroy+0x210/0x210 [ 1396.474007][T25421] ? memset+0x20/0x40 [ 1396.477986][T25421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1396.484215][T25421] ? __hrtimer_init+0x136/0x280 [ 1396.489075][T25421] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1396.494794][T25421] ? hwsim_virtio_rx_work+0x350/0x350 [ 1396.500150][T25421] ? __kmalloc_track_caller+0x1a0/0x320 [ 1396.505682][T25421] ? memcpy+0x39/0x60 [ 1396.509652][T25421] hwsim_new_radio_nl+0x9bc/0x1080 [ 1396.514757][T25421] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1396.520670][T25421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1396.526902][T25421] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1396.534277][T25421] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1396.541565][T25421] genl_family_rcv_msg_doit+0x228/0x320 [ 1396.547105][T25421] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1396.554492][T25421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1396.560725][T25421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1396.566953][T25421] ? ns_capable+0xde/0x100 [ 1396.571356][T25421] genl_rcv_msg+0x328/0x580 [ 1396.575849][T25421] ? genl_get_cmd+0x480/0x480 [ 1396.580514][T25421] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1396.586398][T25421] ? lock_release+0x720/0x720 [ 1396.591061][T25421] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1396.596340][T25421] netlink_rcv_skb+0x153/0x420 [ 1396.601108][T25421] ? genl_get_cmd+0x480/0x480 [ 1396.605780][T25421] ? netlink_ack+0xa60/0xa60 [ 1396.610381][T25421] genl_rcv+0x24/0x40 [ 1396.614353][T25421] netlink_unicast+0x533/0x7d0 [ 1396.619133][T25421] ? netlink_attachskb+0x890/0x890 [ 1396.624248][T25421] ? __virt_addr_valid+0x5d/0x2d0 [ 1396.629261][T25421] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1396.635498][T25421] ? __phys_addr_symbol+0x2c/0x70 [ 1396.640507][T25421] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1396.646228][T25421] ? __check_object_size+0x16e/0x3f0 [ 1396.651511][T25421] netlink_sendmsg+0x85b/0xda0 [ 1396.656275][T25421] ? netlink_unicast+0x7d0/0x7d0 [ 1396.661212][T25421] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1396.667445][T25421] ? netlink_unicast+0x7d0/0x7d0 [ 1396.672374][T25421] sock_sendmsg+0xcf/0x120 [ 1396.676780][T25421] ____sys_sendmsg+0x6e8/0x810 [ 1396.681536][T25421] ? kernel_sendmsg+0x50/0x50 [ 1396.686286][T25421] ? do_recvmmsg+0x6d0/0x6d0 [ 1396.690870][T25421] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1396.696862][T25421] ___sys_sendmsg+0xf3/0x170 [ 1396.701447][T25421] ? sendmsg_copy_msghdr+0x160/0x160 [ 1396.706725][T25421] ? __fget_files+0x266/0x3d0 [ 1396.711390][T25421] ? lock_downgrade+0x6e0/0x6e0 [ 1396.716263][T25421] ? __fget_files+0x288/0x3d0 [ 1396.720941][T25421] ? __fget_light+0xea/0x280 [ 1396.725524][T25421] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1396.731757][T25421] __sys_sendmsg+0xe5/0x1b0 [ 1396.736249][T25421] ? __sys_sendmsg_sock+0x30/0x30 [ 1396.741275][T25421] ? syscall_enter_from_user_mode+0x21/0x70 [ 1396.747168][T25421] do_syscall_64+0x35/0xb0 [ 1396.751577][T25421] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1396.757465][T25421] RIP: 0033:0x4665d9 [ 1396.761345][T25421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1396.780940][T25421] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1396.789431][T25421] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1396.797388][T25421] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1396.805522][T25421] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1396.813477][T25421] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1396.821439][T25421] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 [ 1396.905816][T25422] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1396.924562][T25432] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:28:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d004a0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:51 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x1, 0x4e) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1396.954286][T25432] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:28:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03520000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1397.009423][T25432] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1397.009423][T25432] !' [ 1397.055100][T25432] CPU: 0 PID: 25432 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1397.063798][T25432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.073849][T25432] Call Trace: [ 1397.077119][T25432] dump_stack_lvl+0xcd/0x134 [ 1397.081706][T25432] sysfs_warn_dup.cold+0x1c/0x29 [ 1397.086918][T25432] sysfs_do_create_link_sd+0x11e/0x140 [ 1397.092386][T25432] sysfs_create_link+0x5f/0xc0 [ 1397.097160][T25432] device_add+0x789/0x2100 [ 1397.101579][T25432] ? mutex_lock_io_nested+0xf00/0xf00 [ 1397.106958][T25432] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1397.112509][T25432] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1397.118753][T25432] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1397.124999][T25432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.131243][T25432] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1397.137242][T25432] wiphy_register+0x1e8a/0x29b0 [ 1397.142141][T25432] ? wiphy_unregister+0xbd0/0xbd0 [ 1397.147172][T25432] ? minstrel_ht_alloc+0x531/0xa00 [ 1397.152298][T25432] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1397.158379][T25432] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1397.163864][T25432] ? ieee80211_restart_hw+0x290/0x290 [ 1397.169248][T25432] ? debug_object_destroy+0x210/0x210 [ 1397.174637][T25432] ? memset+0x20/0x40 [ 1397.178652][T25432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.184898][T25432] ? __hrtimer_init+0x136/0x280 [ 1397.189760][T25432] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1397.195507][T25432] ? hwsim_virtio_rx_work+0x350/0x350 [ 1397.200886][T25432] ? __kmalloc_track_caller+0x1a0/0x320 [ 1397.206447][T25432] ? memcpy+0x39/0x60 [ 1397.210444][T25432] hwsim_new_radio_nl+0x9bc/0x1080 [ 1397.215743][T25432] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1397.221657][T25432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.227902][T25432] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1397.235285][T25432] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1397.242587][T25432] genl_family_rcv_msg_doit+0x228/0x320 [ 1397.248145][T25432] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1397.255529][T25432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.261785][T25432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.268030][T25432] ? ns_capable+0xde/0x100 [ 1397.272458][T25432] genl_rcv_msg+0x328/0x580 [ 1397.276977][T25432] ? genl_get_cmd+0x480/0x480 [ 1397.281664][T25432] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1397.287659][T25432] ? lock_release+0x720/0x720 [ 1397.292347][T25432] netlink_rcv_skb+0x153/0x420 [ 1397.297125][T25432] ? genl_get_cmd+0x480/0x480 [ 1397.301816][T25432] ? netlink_ack+0xa60/0xa60 [ 1397.306435][T25432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.312686][T25432] genl_rcv+0x24/0x40 [ 1397.316675][T25432] netlink_unicast+0x533/0x7d0 [ 1397.321455][T25432] ? netlink_attachskb+0x890/0x890 [ 1397.326573][T25432] ? __virt_addr_valid+0x5d/0x2d0 [ 1397.331689][T25432] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1397.338119][T25432] ? __phys_addr_symbol+0x2c/0x70 [ 1397.343433][T25432] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1397.349352][T25432] ? __check_object_size+0x16e/0x3f0 [ 1397.354627][T25432] netlink_sendmsg+0x85b/0xda0 [ 1397.359384][T25432] ? netlink_unicast+0x7d0/0x7d0 [ 1397.364505][T25432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.370956][T25432] ? netlink_unicast+0x7d0/0x7d0 [ 1397.376737][T25432] sock_sendmsg+0xcf/0x120 [ 1397.381162][T25432] ____sys_sendmsg+0x6e8/0x810 [ 1397.386110][T25432] ? kernel_sendmsg+0x50/0x50 [ 1397.391173][T25432] ? do_recvmmsg+0x6d0/0x6d0 [ 1397.395767][T25432] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1397.401954][T25432] ___sys_sendmsg+0xf3/0x170 [ 1397.406549][T25432] ? sendmsg_copy_msghdr+0x160/0x160 [ 1397.411842][T25432] ? __fget_files+0x266/0x3d0 [ 1397.416722][T25432] ? lock_downgrade+0x6e0/0x6e0 [ 1397.421573][T25432] ? __fget_files+0x288/0x3d0 [ 1397.426536][T25432] ? __fget_light+0xea/0x280 [ 1397.431133][T25432] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1397.437384][T25432] __sys_sendmsg+0xe5/0x1b0 [ 1397.441895][T25432] ? __sys_sendmsg_sock+0x30/0x30 [ 1397.447121][T25432] ? syscall_enter_from_user_mode+0x21/0x70 [ 1397.453209][T25432] do_syscall_64+0x35/0xb0 [ 1397.457679][T25432] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1397.463622][T25432] RIP: 0033:0x4665d9 [ 1397.467506][T25432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1397.487098][T25432] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1397.495514][T25432] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1397.503557][T25432] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1397.511518][T25432] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1397.519490][T25432] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1397.527457][T25432] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 [ 1397.569189][T25465] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1397.587103][T25455] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:51 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:51 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x0, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:51 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63030d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1397.626627][T25455] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1397.721846][T25455] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1397.721846][T25455] !' [ 1397.769593][T25455] CPU: 0 PID: 25455 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1397.778136][T25455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1397.788275][T25455] Call Trace: [ 1397.791725][T25455] dump_stack_lvl+0xcd/0x134 [ 1397.796327][T25455] sysfs_warn_dup.cold+0x1c/0x29 [ 1397.801274][T25455] sysfs_do_create_link_sd+0x11e/0x140 [ 1397.806743][T25455] sysfs_create_link+0x5f/0xc0 [ 1397.811514][T25455] device_add+0x789/0x2100 [ 1397.815938][T25455] ? mutex_lock_io_nested+0xf00/0xf00 [ 1397.821404][T25455] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1397.827047][T25455] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1397.833288][T25455] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1397.839530][T25455] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.845776][T25455] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1397.851950][T25455] wiphy_register+0x1e8a/0x29b0 [ 1397.856994][T25455] ? wiphy_unregister+0xbd0/0xbd0 [ 1397.862021][T25455] ? minstrel_ht_alloc+0x531/0xa00 21:28:52 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d014a0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1397.867143][T25455] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1397.873227][T25455] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1397.878795][T25455] ? ieee80211_restart_hw+0x290/0x290 [ 1397.884178][T25455] ? debug_object_destroy+0x210/0x210 [ 1397.889567][T25455] ? memset+0x20/0x40 [ 1397.893557][T25455] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.899890][T25455] ? __hrtimer_init+0x136/0x280 [ 1397.904833][T25455] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1397.910566][T25455] ? hwsim_virtio_rx_work+0x350/0x350 [ 1397.915929][T25455] ? __kmalloc_track_caller+0x1a0/0x320 [ 1397.921646][T25455] ? memcpy+0x39/0x60 [ 1397.925631][T25455] hwsim_new_radio_nl+0x9bc/0x1080 [ 1397.930743][T25455] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1397.936649][T25455] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.942880][T25455] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1397.950252][T25455] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1397.957750][T25455] genl_family_rcv_msg_doit+0x228/0x320 [ 1397.963300][T25455] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1397.970671][T25455] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.976910][T25455] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1397.983318][T25455] ? ns_capable+0xde/0x100 [ 1397.987729][T25455] genl_rcv_msg+0x328/0x580 [ 1397.992230][T25455] ? genl_get_cmd+0x480/0x480 [ 1397.996898][T25455] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1398.002792][T25455] ? lock_release+0x720/0x720 [ 1398.007543][T25455] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1398.012820][T25455] netlink_rcv_skb+0x153/0x420 [ 1398.017578][T25455] ? genl_get_cmd+0x480/0x480 [ 1398.022249][T25455] ? netlink_ack+0xa60/0xa60 [ 1398.026845][T25455] genl_rcv+0x24/0x40 [ 1398.030818][T25455] netlink_unicast+0x533/0x7d0 [ 1398.035581][T25455] ? netlink_attachskb+0x890/0x890 [ 1398.040678][T25455] ? __virt_addr_valid+0x5d/0x2d0 [ 1398.045694][T25455] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1398.052010][T25455] ? __phys_addr_symbol+0x2c/0x70 [ 1398.057023][T25455] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1398.062729][T25455] ? __check_object_size+0x16e/0x3f0 [ 1398.068006][T25455] netlink_sendmsg+0x85b/0xda0 [ 1398.072766][T25455] ? netlink_unicast+0x7d0/0x7d0 [ 1398.077787][T25455] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1398.084017][T25455] ? netlink_unicast+0x7d0/0x7d0 [ 1398.088948][T25455] sock_sendmsg+0xcf/0x120 [ 1398.093358][T25455] ____sys_sendmsg+0x6e8/0x810 [ 1398.098198][T25455] ? kernel_sendmsg+0x50/0x50 [ 1398.102947][T25455] ? do_recvmmsg+0x6d0/0x6d0 [ 1398.107530][T25455] ? lock_chain_count+0x20/0x20 [ 1398.112370][T25455] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1398.118432][T25455] ___sys_sendmsg+0xf3/0x170 [ 1398.123016][T25455] ? sendmsg_copy_msghdr+0x160/0x160 [ 1398.128296][T25455] ? __fget_files+0x266/0x3d0 [ 1398.132963][T25455] ? lock_downgrade+0x6e0/0x6e0 [ 1398.137813][T25455] ? __fget_files+0x288/0x3d0 [ 1398.142484][T25455] ? __fget_light+0xea/0x280 [ 1398.147069][T25455] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1398.153302][T25455] __sys_sendmsg+0xe5/0x1b0 [ 1398.157798][T25455] ? __sys_sendmsg_sock+0x30/0x30 [ 1398.162824][T25455] ? syscall_enter_from_user_mode+0x21/0x70 [ 1398.168716][T25455] do_syscall_64+0x35/0xb0 [ 1398.173121][T25455] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1398.179007][T25455] RIP: 0033:0x4665d9 [ 1398.182887][T25455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1398.202485][T25455] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1398.210889][T25455] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1398.218854][T25455] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1398.226808][T25455] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1398.234764][T25455] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1398.242723][T25455] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:28:52 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1398.350737][T25458] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00530000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:52 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63040d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:28:52 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x0, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1398.496989][T25458] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1398.496989][T25458] !' [ 1398.537867][T25458] CPU: 1 PID: 25458 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1398.546415][T25458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1398.556555][T25458] Call Trace: [ 1398.559825][T25458] dump_stack_lvl+0xcd/0x134 [ 1398.564421][T25458] sysfs_warn_dup.cold+0x1c/0x29 [ 1398.569365][T25458] sysfs_do_create_link_sd+0x11e/0x140 [ 1398.574820][T25458] sysfs_create_link+0x5f/0xc0 [ 1398.579577][T25458] device_add+0x789/0x2100 [ 1398.583987][T25458] ? mutex_lock_io_nested+0xf00/0xf00 [ 1398.590156][T25458] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1398.595698][T25458] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1398.601950][T25458] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1398.608187][T25458] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1398.614417][T25458] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1398.620403][T25458] wiphy_register+0x1e8a/0x29b0 [ 1398.625439][T25458] ? wiphy_unregister+0xbd0/0xbd0 [ 1398.630454][T25458] ? minstrel_ht_alloc+0x531/0xa00 [ 1398.635569][T25458] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1398.641637][T25458] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1398.647109][T25458] ? ieee80211_restart_hw+0x290/0x290 [ 1398.652475][T25458] ? debug_object_destroy+0x210/0x210 [ 1398.657848][T25458] ? memset+0x20/0x40 [ 1398.661823][T25458] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1398.668058][T25458] ? __hrtimer_init+0x136/0x280 [ 1398.672908][T25458] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1398.678639][T25458] ? hwsim_virtio_rx_work+0x350/0x350 [ 1398.684007][T25458] ? __kmalloc_track_caller+0x1a0/0x320 [ 1398.689549][T25458] ? memcpy+0x39/0x60 [ 1398.693533][T25458] hwsim_new_radio_nl+0x9bc/0x1080 [ 1398.698642][T25458] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1398.704542][T25458] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1398.710771][T25458] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1398.718140][T25458] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1398.725424][T25458] genl_family_rcv_msg_doit+0x228/0x320 [ 1398.730972][T25458] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1398.738338][T25458] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1398.744580][T25458] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1398.750834][T25458] ? ns_capable+0xde/0x100 [ 1398.755246][T25458] genl_rcv_msg+0x328/0x580 [ 1398.759764][T25458] ? genl_get_cmd+0x480/0x480 [ 1398.764437][T25458] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1398.770330][T25458] ? lock_release+0x720/0x720 [ 1398.774995][T25458] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1398.780276][T25458] netlink_rcv_skb+0x153/0x420 [ 1398.785035][T25458] ? genl_get_cmd+0x480/0x480 [ 1398.789708][T25458] ? netlink_ack+0xa60/0xa60 [ 1398.794308][T25458] genl_rcv+0x24/0x40 [ 1398.798301][T25458] netlink_unicast+0x533/0x7d0 [ 1398.803066][T25458] ? netlink_attachskb+0x890/0x890 [ 1398.808172][T25458] ? __virt_addr_valid+0x5d/0x2d0 [ 1398.813190][T25458] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1398.819421][T25458] ? __phys_addr_symbol+0x2c/0x70 [ 1398.824442][T25458] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1398.830152][T25458] ? __check_object_size+0x16e/0x3f0 [ 1398.835439][T25458] netlink_sendmsg+0x85b/0xda0 [ 1398.840203][T25458] ? netlink_unicast+0x7d0/0x7d0 [ 1398.845143][T25458] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1398.851376][T25458] ? netlink_unicast+0x7d0/0x7d0 [ 1398.856308][T25458] sock_sendmsg+0xcf/0x120 [ 1398.860714][T25458] ____sys_sendmsg+0x6e8/0x810 [ 1398.865473][T25458] ? kernel_sendmsg+0x50/0x50 [ 1398.870152][T25458] ? do_recvmmsg+0x6d0/0x6d0 [ 1398.874740][T25458] ? lock_chain_count+0x20/0x20 [ 1398.879594][T25458] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1398.885572][T25458] ___sys_sendmsg+0xf3/0x170 [ 1398.890154][T25458] ? sendmsg_copy_msghdr+0x160/0x160 [ 1398.895437][T25458] ? __fget_files+0x266/0x3d0 [ 1398.900105][T25458] ? lock_downgrade+0x6e0/0x6e0 [ 1398.904958][T25458] ? __fget_files+0x288/0x3d0 [ 1398.909635][T25458] ? __fget_light+0xea/0x280 [ 1398.914219][T25458] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1398.920617][T25458] __sys_sendmsg+0xe5/0x1b0 [ 1398.925122][T25458] ? __sys_sendmsg_sock+0x30/0x30 [ 1398.930154][T25458] ? syscall_enter_from_user_mode+0x21/0x70 [ 1398.936047][T25458] do_syscall_64+0x35/0xb0 [ 1398.940454][T25458] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1398.946341][T25458] RIP: 0033:0x4665d9 [ 1398.950224][T25458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1398.969820][T25458] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1398.978224][T25458] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1398.986183][T25458] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1398.994159][T25458] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1399.002121][T25458] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1399.010080][T25458] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 21:28:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d024a0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1399.273810][T25517] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:28:53 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d034a0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1399.356629][T25517] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1399.356629][T25517] !' 21:28:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="2321202e2f66696c653020200a4809c04bade87b5f957dd68804f93717e3563ea3e8187b02cd895819710a461512ebd535356af954a2a9f3de684b54dc167397510c56d906747bfbdd3d1caded0d083f3a3c442d93ead590a12191ea4ecf4d8db42c2e5e8a1e861924fab8e1b288c428ae9d4d662b166aa0ffb79cf2543accc8fa6073000321177c4e94e191a1c60ca79112d19eb3707453b78cfdbe36951feb4e0bbf34d8b5ba14dd315e9e1336231f4518f26528fdcb5f777abd91931638ab994c2a64e50ec96ab71c12dc2d86383da5cab7"], 0xd) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f00000000c0)) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/stat\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000180)=[{&(0x7f0000000140)=""/11, 0xb}], 0x1, 0x8, 0x5) r3 = openat(r0, 0x0, 0x412480, 0x1ab) perf_event_open(0x0, 0x0, 0xffffffffffffffff, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0) [ 1399.442081][T25517] CPU: 1 PID: 25517 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1399.450720][T25517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1399.460771][T25517] Call Trace: [ 1399.464047][T25517] dump_stack_lvl+0xcd/0x134 [ 1399.468652][T25517] sysfs_warn_dup.cold+0x1c/0x29 [ 1399.473605][T25517] sysfs_do_create_link_sd+0x11e/0x140 [ 1399.479079][T25517] sysfs_create_link+0x5f/0xc0 [ 1399.483848][T25517] device_add+0x789/0x2100 [ 1399.488271][T25517] ? mutex_lock_io_nested+0xf00/0xf00 [ 1399.493648][T25517] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1399.499206][T25517] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1399.505451][T25517] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1399.511697][T25517] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1399.517978][T25517] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1399.523974][T25517] wiphy_register+0x1e8a/0x29b0 [ 1399.528836][T25517] ? wiphy_unregister+0xbd0/0xbd0 [ 1399.533882][T25517] ? minstrel_ht_alloc+0x531/0xa00 [ 1399.539006][T25517] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1399.545089][T25517] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1399.550569][T25517] ? ieee80211_restart_hw+0x290/0x290 [ 1399.555953][T25517] ? debug_object_destroy+0x210/0x210 [ 1399.561512][T25517] ? memset+0x20/0x40 [ 1399.565502][T25517] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1399.571746][T25517] ? __hrtimer_init+0x136/0x280 [ 1399.576611][T25517] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1399.582360][T25517] ? hwsim_virtio_rx_work+0x350/0x350 [ 1399.587744][T25517] ? __kmalloc_track_caller+0x1a0/0x320 [ 1399.593296][T25517] ? memcpy+0x39/0x60 [ 1399.597289][T25517] hwsim_new_radio_nl+0x9bc/0x1080 [ 1399.602411][T25517] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1399.608329][T25517] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1399.614572][T25517] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1399.621952][T25517] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1399.629253][T25517] genl_family_rcv_msg_doit+0x228/0x320 [ 1399.634812][T25517] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1399.642197][T25517] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1399.648458][T25517] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1399.654706][T25517] ? ns_capable+0xde/0x100 [ 1399.659135][T25517] genl_rcv_msg+0x328/0x580 [ 1399.663652][T25517] ? genl_get_cmd+0x480/0x480 [ 1399.668340][T25517] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1399.674247][T25517] ? lock_release+0x720/0x720 [ 1399.678935][T25517] netlink_rcv_skb+0x153/0x420 [ 1399.683707][T25517] ? genl_get_cmd+0x480/0x480 [ 1399.688394][T25517] ? netlink_ack+0xa60/0xa60 [ 1399.693009][T25517] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1399.699264][T25517] genl_rcv+0x24/0x40 [ 1399.703251][T25517] netlink_unicast+0x533/0x7d0 [ 1399.708027][T25517] ? netlink_attachskb+0x890/0x890 [ 1399.713146][T25517] ? __virt_addr_valid+0x5d/0x2d0 [ 1399.718176][T25517] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1399.724420][T25517] ? __phys_addr_symbol+0x2c/0x70 [ 1399.729451][T25517] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1399.735175][T25517] ? __check_object_size+0x16e/0x3f0 [ 1399.740731][T25517] netlink_sendmsg+0x85b/0xda0 [ 1399.745514][T25517] ? netlink_unicast+0x7d0/0x7d0 [ 1399.750465][T25517] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1399.756713][T25517] ? netlink_unicast+0x7d0/0x7d0 [ 1399.761657][T25517] sock_sendmsg+0xcf/0x120 [ 1399.766085][T25517] ____sys_sendmsg+0x6e8/0x810 [ 1399.770855][T25517] ? kernel_sendmsg+0x50/0x50 [ 1399.775531][T25517] ? do_recvmmsg+0x6d0/0x6d0 [ 1399.780134][T25517] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1399.786120][T25517] ? __fget_light+0x89/0x280 [ 1399.790728][T25517] ___sys_sendmsg+0xf3/0x170 [ 1399.795328][T25517] ? sendmsg_copy_msghdr+0x160/0x160 [ 1399.800625][T25517] ? __fget_files+0x266/0x3d0 [ 1399.805308][T25517] ? lock_downgrade+0x6e0/0x6e0 [ 1399.810183][T25517] ? __fget_files+0x288/0x3d0 [ 1399.814877][T25517] ? __fget_light+0xea/0x280 [ 1399.819474][T25517] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1399.825726][T25517] __sys_sendmsg+0xe5/0x1b0 [ 1399.830238][T25517] ? __sys_sendmsg_sock+0x30/0x30 [ 1399.835285][T25517] ? syscall_enter_from_user_mode+0x21/0x70 [ 1399.841282][T25517] do_syscall_64+0x35/0xb0 [ 1399.845705][T25517] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1399.851606][T25517] RIP: 0033:0x4665d9 [ 1399.855501][T25517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1399.875146][T25517] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1399.883652][T25517] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 21:28:54 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01530000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1399.891626][T25517] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1399.899600][T25517] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1399.907572][T25517] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1399.915546][T25517] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:28:54 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x0, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1399.987184][T25543] __nla_validate_parse: 10 callbacks suppressed [ 1399.987199][T25543] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1400.011866][T25558] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1400.020121][T25558] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. 21:28:54 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:54 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63050d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1400.112212][T25559] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1400.254763][T25558] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1400.254763][T25558] !' [ 1400.289108][T25558] CPU: 1 PID: 25558 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1400.297892][T25558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1400.307946][T25558] Call Trace: [ 1400.311224][T25558] dump_stack_lvl+0xcd/0x134 [ 1400.315830][T25558] sysfs_warn_dup.cold+0x1c/0x29 [ 1400.320952][T25558] sysfs_do_create_link_sd+0x11e/0x140 [ 1400.326424][T25558] sysfs_create_link+0x5f/0xc0 [ 1400.331207][T25558] device_add+0x789/0x2100 [ 1400.335629][T25558] ? mutex_lock_io_nested+0xf00/0xf00 [ 1400.341102][T25558] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1400.346741][T25558] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1400.352983][T25558] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1400.359230][T25558] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1400.365475][T25558] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1400.371472][T25558] wiphy_register+0x1e8a/0x29b0 [ 1400.376337][T25558] ? wiphy_unregister+0xbd0/0xbd0 [ 1400.381367][T25558] ? minstrel_ht_alloc+0x531/0xa00 [ 1400.386669][T25558] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1400.392751][T25558] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1400.398239][T25558] ? ieee80211_restart_hw+0x290/0x290 [ 1400.403621][T25558] ? debug_object_destroy+0x210/0x210 [ 1400.409184][T25558] ? memset+0x20/0x40 [ 1400.413177][T25558] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1400.419423][T25558] ? __hrtimer_init+0x136/0x280 [ 1400.424294][T25558] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1400.430044][T25558] ? hwsim_virtio_rx_work+0x350/0x350 [ 1400.435424][T25558] ? __kmalloc_track_caller+0x1a0/0x320 [ 1400.440983][T25558] ? memcpy+0x39/0x60 [ 1400.444979][T25558] hwsim_new_radio_nl+0x9bc/0x1080 [ 1400.450106][T25558] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1400.456023][T25558] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1400.462271][T25558] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1400.469658][T25558] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1400.476962][T25558] genl_family_rcv_msg_doit+0x228/0x320 [ 1400.482510][T25558] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1400.490588][T25558] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1400.497249][T25558] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1400.503478][T25558] ? ns_capable+0xde/0x100 [ 1400.508355][T25558] genl_rcv_msg+0x328/0x580 [ 1400.512867][T25558] ? genl_get_cmd+0x480/0x480 [ 1400.517532][T25558] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1400.523415][T25558] ? lock_release+0x720/0x720 [ 1400.528084][T25558] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1400.533454][T25558] netlink_rcv_skb+0x153/0x420 [ 1400.538228][T25558] ? genl_get_cmd+0x480/0x480 [ 1400.542900][T25558] ? netlink_ack+0xa60/0xa60 [ 1400.547505][T25558] genl_rcv+0x24/0x40 [ 1400.551491][T25558] netlink_unicast+0x533/0x7d0 [ 1400.556252][T25558] ? netlink_attachskb+0x890/0x890 [ 1400.561541][T25558] ? __virt_addr_valid+0x5d/0x2d0 [ 1400.566639][T25558] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1400.572866][T25558] ? __phys_addr_symbol+0x2c/0x70 [ 1400.577891][T25558] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1400.583594][T25558] ? __check_object_size+0x16e/0x3f0 [ 1400.588888][T25558] netlink_sendmsg+0x85b/0xda0 [ 1400.593644][T25558] ? netlink_unicast+0x7d0/0x7d0 [ 1400.598580][T25558] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1400.604819][T25558] ? netlink_unicast+0x7d0/0x7d0 [ 1400.609746][T25558] sock_sendmsg+0xcf/0x120 [ 1400.614150][T25558] ____sys_sendmsg+0x6e8/0x810 [ 1400.618903][T25558] ? kernel_sendmsg+0x50/0x50 [ 1400.623582][T25558] ? do_recvmmsg+0x6d0/0x6d0 [ 1400.628162][T25558] ? lock_chain_count+0x20/0x20 [ 1400.633004][T25558] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1400.639164][T25558] ___sys_sendmsg+0xf3/0x170 [ 1400.643743][T25558] ? sendmsg_copy_msghdr+0x160/0x160 [ 1400.649394][T25558] ? __fget_files+0x266/0x3d0 [ 1400.654070][T25558] ? lock_downgrade+0x6e0/0x6e0 [ 1400.658926][T25558] ? __fget_files+0x288/0x3d0 [ 1400.663966][T25558] ? __fget_light+0xea/0x280 [ 1400.668549][T25558] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1400.674990][T25558] __sys_sendmsg+0xe5/0x1b0 [ 1400.679759][T25558] ? __sys_sendmsg_sock+0x30/0x30 [ 1400.684794][T25558] ? syscall_enter_from_user_mode+0x21/0x70 [ 1400.690888][T25558] do_syscall_64+0x35/0xb0 [ 1400.695314][T25558] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1400.701405][T25558] RIP: 0033:0x4665d9 [ 1400.705644][T25558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1400.725446][T25558] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1400.733863][T25558] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1400.741820][T25558] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1400.749777][T25558] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1400.757735][T25558] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1400.765705][T25558] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1400.807268][T25545] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1400.863532][T25566] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1400.877033][T25575] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1400.895237][T25566] netlink: 146340 bytes leftover after parsing attributes in process `syz-executor.0'. 21:28:55 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d004b0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1400.946910][T25566] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1400.946910][T25566] !' [ 1400.976033][T25566] CPU: 0 PID: 25566 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1400.984575][T25566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 21:28:55 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02530000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1400.994632][T25566] Call Trace: [ 1400.997911][T25566] dump_stack_lvl+0xcd/0x134 [ 1401.002525][T25566] sysfs_warn_dup.cold+0x1c/0x29 [ 1401.007473][T25566] sysfs_do_create_link_sd+0x11e/0x140 [ 1401.012949][T25566] sysfs_create_link+0x5f/0xc0 [ 1401.017724][T25566] device_add+0x789/0x2100 [ 1401.022147][T25566] ? mutex_lock_io_nested+0xf00/0xf00 [ 1401.027521][T25566] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1401.033078][T25566] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1401.039326][T25566] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1401.045659][T25566] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.051905][T25566] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1401.057910][T25566] wiphy_register+0x1e8a/0x29b0 [ 1401.062777][T25566] ? wiphy_unregister+0xbd0/0xbd0 [ 1401.067793][T25566] ? minstrel_ht_alloc+0x531/0xa00 [ 1401.072908][T25566] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1401.078983][T25566] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1401.084453][T25566] ? ieee80211_restart_hw+0x290/0x290 [ 1401.089825][T25566] ? debug_object_destroy+0x210/0x210 [ 1401.095197][T25566] ? memset+0x20/0x40 [ 1401.099176][T25566] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.105409][T25566] ? __hrtimer_init+0x136/0x280 [ 1401.110260][T25566] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1401.115993][T25566] ? hwsim_virtio_rx_work+0x350/0x350 [ 1401.121364][T25566] ? __kmalloc_track_caller+0x1a0/0x320 [ 1401.126942][T25566] ? memcpy+0x39/0x60 [ 1401.131013][T25566] hwsim_new_radio_nl+0x9bc/0x1080 [ 1401.136126][T25566] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1401.142110][T25566] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.148341][T25566] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1401.155804][T25566] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1401.163177][T25566] genl_family_rcv_msg_doit+0x228/0x320 [ 1401.168739][T25566] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1401.176282][T25566] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.182524][T25566] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.188755][T25566] ? ns_capable+0xde/0x100 [ 1401.193252][T25566] genl_rcv_msg+0x328/0x580 [ 1401.197754][T25566] ? genl_get_cmd+0x480/0x480 [ 1401.202428][T25566] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1401.208320][T25566] ? lock_release+0x720/0x720 [ 1401.212986][T25566] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1401.218269][T25566] netlink_rcv_skb+0x153/0x420 [ 1401.223029][T25566] ? genl_get_cmd+0x480/0x480 [ 1401.227792][T25566] ? netlink_ack+0xa60/0xa60 [ 1401.232391][T25566] genl_rcv+0x24/0x40 [ 1401.236365][T25566] netlink_unicast+0x533/0x7d0 [ 1401.241146][T25566] ? netlink_attachskb+0x890/0x890 [ 1401.246253][T25566] ? __virt_addr_valid+0x5d/0x2d0 [ 1401.251356][T25566] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1401.257585][T25566] ? __phys_addr_symbol+0x2c/0x70 [ 1401.262597][T25566] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1401.268306][T25566] ? __check_object_size+0x16e/0x3f0 [ 1401.273592][T25566] netlink_sendmsg+0x85b/0xda0 [ 1401.278357][T25566] ? netlink_unicast+0x7d0/0x7d0 [ 1401.283297][T25566] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.289624][T25566] ? netlink_unicast+0x7d0/0x7d0 [ 1401.294555][T25566] sock_sendmsg+0xcf/0x120 [ 1401.298966][T25566] ____sys_sendmsg+0x6e8/0x810 [ 1401.303832][T25566] ? kernel_sendmsg+0x50/0x50 [ 1401.308501][T25566] ? do_recvmmsg+0x6d0/0x6d0 [ 1401.313087][T25566] ? lock_chain_count+0x20/0x20 [ 1401.317947][T25566] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1401.323928][T25566] ___sys_sendmsg+0xf3/0x170 [ 1401.328513][T25566] ? sendmsg_copy_msghdr+0x160/0x160 [ 1401.333796][T25566] ? __fget_files+0x266/0x3d0 [ 1401.338482][T25566] ? lock_downgrade+0x6e0/0x6e0 [ 1401.343337][T25566] ? __fget_files+0x288/0x3d0 [ 1401.348322][T25566] ? __fget_light+0xea/0x280 [ 1401.352904][T25566] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1401.359147][T25566] __sys_sendmsg+0xe5/0x1b0 [ 1401.363663][T25566] ? __sys_sendmsg_sock+0x30/0x30 [ 1401.368692][T25566] ? syscall_enter_from_user_mode+0x21/0x70 [ 1401.374587][T25566] do_syscall_64+0x35/0xb0 [ 1401.378996][T25566] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1401.384885][T25566] RIP: 0033:0x4665d9 [ 1401.388857][T25566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1401.408453][T25566] RSP: 002b:00007ff8ad9cc188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1401.416858][T25566] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1401.424819][T25566] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006 [ 1401.432779][T25566] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1401.440736][T25566] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1401.448695][T25566] R13: 00007ffd9d70a0cf R14: 00007ff8ad9cc300 R15: 0000000000022000 [ 1401.578189][T25602] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1401.602603][T25579] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1401.616475][T25579] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:28:55 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x0, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1401.655120][T25603] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1401.718069][T25579] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1401.718069][T25579] !' [ 1401.747332][T25579] CPU: 0 PID: 25579 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1401.755961][T25579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1401.766012][T25579] Call Trace: [ 1401.769288][T25579] dump_stack_lvl+0xcd/0x134 [ 1401.773895][T25579] sysfs_warn_dup.cold+0x1c/0x29 [ 1401.778848][T25579] sysfs_do_create_link_sd+0x11e/0x140 [ 1401.784317][T25579] sysfs_create_link+0x5f/0xc0 [ 1401.789092][T25579] device_add+0x789/0x2100 [ 1401.793515][T25579] ? mutex_lock_io_nested+0xf00/0xf00 [ 1401.798893][T25579] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1401.804610][T25579] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1401.810856][T25579] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1401.817101][T25579] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.823346][T25579] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1401.829342][T25579] wiphy_register+0x1e8a/0x29b0 [ 1401.834207][T25579] ? wiphy_unregister+0xbd0/0xbd0 [ 1401.839229][T25579] ? minstrel_ht_alloc+0x531/0xa00 [ 1401.844359][T25579] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1401.850445][T25579] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1401.855932][T25579] ? ieee80211_restart_hw+0x290/0x290 [ 1401.861318][T25579] ? debug_object_destroy+0x210/0x210 [ 1401.866706][T25579] ? memset+0x20/0x40 [ 1401.870695][T25579] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.876942][T25579] ? __hrtimer_init+0x136/0x280 [ 1401.881804][T25579] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1401.887552][T25579] ? hwsim_virtio_rx_work+0x350/0x350 [ 1401.892935][T25579] ? __kmalloc_track_caller+0x1a0/0x320 [ 1401.898490][T25579] ? memcpy+0x39/0x60 [ 1401.902482][T25579] hwsim_new_radio_nl+0x9bc/0x1080 [ 1401.907606][T25579] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1401.913517][T25579] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.919761][T25579] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1401.927140][T25579] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1401.934443][T25579] genl_family_rcv_msg_doit+0x228/0x320 [ 1401.940000][T25579] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1401.947381][T25579] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.953633][T25579] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1401.959966][T25579] ? ns_capable+0xde/0x100 [ 1401.964392][T25579] genl_rcv_msg+0x328/0x580 [ 1401.968907][T25579] ? genl_get_cmd+0x480/0x480 [ 1401.973594][T25579] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1401.979665][T25579] ? lock_release+0x720/0x720 [ 1401.984334][T25579] netlink_rcv_skb+0x153/0x420 [ 1401.989479][T25579] ? genl_get_cmd+0x480/0x480 [ 1401.994556][T25579] ? netlink_ack+0xa60/0xa60 [ 1401.999229][T25579] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1402.005649][T25579] genl_rcv+0x24/0x40 [ 1402.009799][T25579] netlink_unicast+0x533/0x7d0 [ 1402.014556][T25579] ? netlink_attachskb+0x890/0x890 [ 1402.019659][T25579] ? __virt_addr_valid+0x5d/0x2d0 [ 1402.024677][T25579] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1402.030909][T25579] ? __phys_addr_symbol+0x2c/0x70 [ 1402.036004][T25579] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1402.041713][T25579] ? __check_object_size+0x16e/0x3f0 [ 1402.047002][T25579] netlink_sendmsg+0x85b/0xda0 [ 1402.051768][T25579] ? netlink_unicast+0x7d0/0x7d0 [ 1402.056778][T25579] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1402.063009][T25579] ? netlink_unicast+0x7d0/0x7d0 [ 1402.068141][T25579] sock_sendmsg+0xcf/0x120 [ 1402.072923][T25579] ____sys_sendmsg+0x6e8/0x810 [ 1402.078080][T25579] ? kernel_sendmsg+0x50/0x50 [ 1402.082960][T25579] ? do_recvmmsg+0x6d0/0x6d0 [ 1402.087904][T25579] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1402.093876][T25579] ___sys_sendmsg+0xf3/0x170 [ 1402.098699][T25579] ? sendmsg_copy_msghdr+0x160/0x160 [ 1402.103993][T25579] ? __fget_files+0x266/0x3d0 [ 1402.108672][T25579] ? lock_downgrade+0x6e0/0x6e0 [ 1402.113604][T25579] ? __fget_files+0x288/0x3d0 [ 1402.118272][T25579] ? __fget_light+0xea/0x280 [ 1402.122853][T25579] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1402.129412][T25579] __sys_sendmsg+0xe5/0x1b0 [ 1402.134000][T25579] ? __sys_sendmsg_sock+0x30/0x30 [ 1402.139035][T25579] ? syscall_enter_from_user_mode+0x21/0x70 [ 1402.144921][T25579] do_syscall_64+0x35/0xb0 [ 1402.149324][T25579] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1402.155293][T25579] RIP: 0033:0x4665d9 [ 1402.159176][T25579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1402.179058][T25579] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1402.187542][T25579] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1402.195673][T25579] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1402.203626][T25579] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1402.211671][T25579] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1402.219642][T25579] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1402.269958][T25604] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1402.282766][T25588] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:56 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:56 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d014b0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1402.317891][T25588] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1402.317891][T25588] !' 21:28:56 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03530000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1402.386676][T25588] CPU: 0 PID: 25588 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1402.395490][T25588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1402.405553][T25588] Call Trace: [ 1402.408830][T25588] dump_stack_lvl+0xcd/0x134 [ 1402.413465][T25588] sysfs_warn_dup.cold+0x1c/0x29 [ 1402.418407][T25588] sysfs_do_create_link_sd+0x11e/0x140 [ 1402.423907][T25588] sysfs_create_link+0x5f/0xc0 [ 1402.428679][T25588] device_add+0x789/0x2100 [ 1402.433104][T25588] ? mutex_lock_io_nested+0xf00/0xf00 [ 1402.438485][T25588] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1402.444041][T25588] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1402.450315][T25588] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1402.456564][T25588] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1402.462811][T25588] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1402.468812][T25588] wiphy_register+0x1e8a/0x29b0 [ 1402.473681][T25588] ? wiphy_unregister+0xbd0/0xbd0 [ 1402.478710][T25588] ? minstrel_ht_alloc+0x531/0xa00 [ 1402.483835][T25588] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1402.489919][T25588] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1402.495398][T25588] ? ieee80211_restart_hw+0x290/0x290 [ 1402.500794][T25588] ? debug_object_destroy+0x210/0x210 [ 1402.506185][T25588] ? memset+0x20/0x40 [ 1402.510175][T25588] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1402.516423][T25588] ? __hrtimer_init+0x136/0x280 [ 1402.521295][T25588] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1402.527045][T25588] ? hwsim_virtio_rx_work+0x350/0x350 [ 1402.532710][T25588] ? __kmalloc_track_caller+0x1a0/0x320 [ 1402.538265][T25588] ? memcpy+0x39/0x60 [ 1402.542262][T25588] hwsim_new_radio_nl+0x9bc/0x1080 [ 1402.547389][T25588] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1402.553309][T25588] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1402.559558][T25588] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1402.566943][T25588] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1402.574245][T25588] genl_family_rcv_msg_doit+0x228/0x320 [ 1402.579805][T25588] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1402.587191][T25588] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1402.593529][T25588] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1402.600373][T25588] ? ns_capable+0xde/0x100 [ 1402.604980][T25588] genl_rcv_msg+0x328/0x580 [ 1402.609489][T25588] ? genl_get_cmd+0x480/0x480 [ 1402.614163][T25588] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1402.620066][T25588] ? lock_release+0x720/0x720 [ 1402.624840][T25588] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1402.630307][T25588] netlink_rcv_skb+0x153/0x420 [ 1402.635060][T25588] ? genl_get_cmd+0x480/0x480 [ 1402.640309][T25588] ? netlink_ack+0xa60/0xa60 [ 1402.644918][T25588] genl_rcv+0x24/0x40 [ 1402.649395][T25588] netlink_unicast+0x533/0x7d0 [ 1402.654160][T25588] ? netlink_attachskb+0x890/0x890 [ 1402.659277][T25588] ? __virt_addr_valid+0x5d/0x2d0 [ 1402.664576][T25588] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1402.671594][T25588] ? __phys_addr_symbol+0x2c/0x70 [ 1402.676974][T25588] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1402.683049][T25588] ? __check_object_size+0x16e/0x3f0 [ 1402.688614][T25588] netlink_sendmsg+0x85b/0xda0 [ 1402.693396][T25588] ? netlink_unicast+0x7d0/0x7d0 [ 1402.698354][T25588] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1402.704819][T25588] ? netlink_unicast+0x7d0/0x7d0 [ 1402.710108][T25588] sock_sendmsg+0xcf/0x120 [ 1402.714719][T25588] ____sys_sendmsg+0x6e8/0x810 [ 1402.719508][T25588] ? kernel_sendmsg+0x50/0x50 [ 1402.724211][T25588] ? do_recvmmsg+0x6d0/0x6d0 [ 1402.729202][T25588] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1402.735370][T25588] ___sys_sendmsg+0xf3/0x170 [ 1402.739971][T25588] ? sendmsg_copy_msghdr+0x160/0x160 [ 1402.745270][T25588] ? __fget_files+0x266/0x3d0 [ 1402.749950][T25588] ? lock_downgrade+0x6e0/0x6e0 [ 1402.754804][T25588] ? __fget_files+0x288/0x3d0 [ 1402.759489][T25588] ? __fget_light+0xea/0x280 [ 1402.764066][T25588] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1402.770297][T25588] __sys_sendmsg+0xe5/0x1b0 [ 1402.774792][T25588] ? __sys_sendmsg_sock+0x30/0x30 [ 1402.779832][T25588] ? syscall_enter_from_user_mode+0x21/0x70 [ 1402.785735][T25588] do_syscall_64+0x35/0xb0 [ 1402.790141][T25588] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1402.796024][T25588] RIP: 0033:0x4665d9 [ 1402.799911][T25588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1402.819689][T25588] RSP: 002b:00007ff8ad9ab188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1402.828088][T25588] RAX: ffffffffffffffda RBX: 000000000056c1a8 RCX: 00000000004665d9 21:28:57 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63060d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1402.836063][T25588] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1402.844110][T25588] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1402.852080][T25588] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c1a8 [ 1402.860049][T25588] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ab300 R15: 0000000000022000 [ 1402.992639][T25562] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1403.007565][T25562] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1403.007565][T25562] !' [ 1403.022658][T25562] CPU: 1 PID: 25562 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1403.031281][T25562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1403.041332][T25562] Call Trace: [ 1403.044608][T25562] dump_stack_lvl+0xcd/0x134 [ 1403.049288][T25562] sysfs_warn_dup.cold+0x1c/0x29 [ 1403.054241][T25562] sysfs_do_create_link_sd+0x11e/0x140 [ 1403.059712][T25562] sysfs_create_link+0x5f/0xc0 [ 1403.064472][T25562] device_add+0x789/0x2100 [ 1403.068887][T25562] ? mutex_lock_io_nested+0xf00/0xf00 [ 1403.074253][T25562] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1403.079789][T25562] ? asm_exc_int3+0x31/0x40 [ 1403.084278][T25562] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1403.090507][T25562] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1403.096741][T25562] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.102969][T25562] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1403.108951][T25562] wiphy_register+0x1e8a/0x29b0 [ 1403.113800][T25562] ? wiphy_unregister+0xbd0/0xbd0 [ 1403.118812][T25562] ? minstrel_ht_alloc+0x531/0xa00 [ 1403.123920][T25562] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1403.129986][T25562] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1403.135456][T25562] ? ieee80211_restart_hw+0x290/0x290 [ 1403.140821][T25562] ? debug_object_destroy+0x210/0x210 [ 1403.146190][T25562] ? memset+0x20/0x40 [ 1403.150164][T25562] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.156395][T25562] ? __hrtimer_init+0x136/0x280 [ 1403.161246][T25562] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1403.166977][T25562] ? hwsim_virtio_rx_work+0x350/0x350 [ 1403.172341][T25562] ? __kmalloc_track_caller+0x1a0/0x320 [ 1403.177879][T25562] ? memcpy+0x39/0x60 [ 1403.181855][T25562] hwsim_new_radio_nl+0x9bc/0x1080 [ 1403.186963][T25562] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1403.192860][T25562] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.199092][T25562] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1403.206457][T25562] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1403.213743][T25562] genl_family_rcv_msg_doit+0x228/0x320 [ 1403.219286][T25562] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1403.226667][T25562] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.232908][T25562] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.239155][T25562] ? ns_capable+0xde/0x100 [ 1403.243565][T25562] genl_rcv_msg+0x328/0x580 [ 1403.248066][T25562] ? genl_get_cmd+0x480/0x480 [ 1403.252734][T25562] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1403.258624][T25562] ? lock_release+0x720/0x720 [ 1403.263287][T25562] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1403.268568][T25562] netlink_rcv_skb+0x153/0x420 [ 1403.273323][T25562] ? genl_get_cmd+0x480/0x480 [ 1403.277994][T25562] ? netlink_ack+0xa60/0xa60 [ 1403.282589][T25562] genl_rcv+0x24/0x40 [ 1403.286565][T25562] netlink_unicast+0x533/0x7d0 [ 1403.291499][T25562] ? netlink_attachskb+0x890/0x890 [ 1403.296601][T25562] ? __virt_addr_valid+0x5d/0x2d0 [ 1403.301617][T25562] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1403.307863][T25562] ? __phys_addr_symbol+0x2c/0x70 [ 1403.312879][T25562] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1403.318587][T25562] ? __check_object_size+0x16e/0x3f0 [ 1403.323865][T25562] netlink_sendmsg+0x85b/0xda0 [ 1403.328627][T25562] ? netlink_unicast+0x7d0/0x7d0 [ 1403.333564][T25562] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.339973][T25562] ? netlink_unicast+0x7d0/0x7d0 [ 1403.344992][T25562] sock_sendmsg+0xcf/0x120 [ 1403.349400][T25562] ____sys_sendmsg+0x6e8/0x810 [ 1403.354159][T25562] ? kernel_sendmsg+0x50/0x50 [ 1403.358824][T25562] ? do_recvmmsg+0x6d0/0x6d0 [ 1403.363408][T25562] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1403.369381][T25562] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1403.375193][T25562] ___sys_sendmsg+0xf3/0x170 [ 1403.379779][T25562] ? sendmsg_copy_msghdr+0x160/0x160 [ 1403.385060][T25562] ? __fget_files+0x266/0x3d0 [ 1403.389728][T25562] ? lock_downgrade+0x6e0/0x6e0 [ 1403.394752][T25562] ? __fget_files+0x288/0x3d0 [ 1403.399425][T25562] ? __fget_light+0xea/0x280 [ 1403.404011][T25562] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1403.410247][T25562] __sys_sendmsg+0xe5/0x1b0 [ 1403.414740][T25562] ? __sys_sendmsg_sock+0x30/0x30 [ 1403.419772][T25562] ? syscall_enter_from_user_mode+0x21/0x70 [ 1403.425664][T25562] do_syscall_64+0x35/0xb0 [ 1403.430071][T25562] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1403.435961][T25562] RIP: 0033:0x4665d9 [ 1403.439843][T25562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1403.459615][T25562] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1403.468017][T25562] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1403.475980][T25562] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006 [ 1403.483937][T25562] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1403.491894][T25562] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1403.499853][T25562] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 [ 1403.599201][T25659] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1403.647487][T25659] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1403.647487][T25659] !' 21:28:57 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x8440, 0x100) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000140)={0x9, &(0x7f00000000c0)=[{0x1000, 0x8, 0x40}, {0x1, 0x1b, 0x75, 0x5}, {0xf001, 0x9, 0x7, 0x7fffffff}, {0x0, 0x1, 0x5, 0x401}, {0x7, 0xff, 0x2, 0xffffffff}, {0x100, 0x70, 0x80, 0x7ff}, {0x6, 0x8, 0x3f, 0x2}, {0x6, 0x80, 0x3f, 0x2e}, {0x8001, 0x20, 0x9, 0xffff}]}, 0x10) socket(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1403.732483][T25659] CPU: 1 PID: 25659 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1403.741181][T25659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1403.751320][T25659] Call Trace: [ 1403.754597][T25659] dump_stack_lvl+0xcd/0x134 [ 1403.759202][T25659] sysfs_warn_dup.cold+0x1c/0x29 [ 1403.764153][T25659] sysfs_do_create_link_sd+0x11e/0x140 [ 1403.769625][T25659] sysfs_create_link+0x5f/0xc0 [ 1403.774397][T25659] device_add+0x789/0x2100 21:28:57 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:57 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:28:57 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00540000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1403.778819][T25659] ? mutex_lock_io_nested+0xf00/0xf00 [ 1403.784198][T25659] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1403.789903][T25659] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1403.796408][T25659] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1403.802660][T25659] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.808904][T25659] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1403.814898][T25659] wiphy_register+0x1e8a/0x29b0 [ 1403.819769][T25659] ? wiphy_unregister+0xbd0/0xbd0 [ 1403.824799][T25659] ? minstrel_ht_alloc+0x531/0xa00 [ 1403.829927][T25659] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1403.836013][T25659] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1403.841499][T25659] ? ieee80211_restart_hw+0x290/0x290 [ 1403.846883][T25659] ? debug_object_destroy+0x210/0x210 [ 1403.852272][T25659] ? memset+0x20/0x40 [ 1403.856443][T25659] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.862686][T25659] ? __hrtimer_init+0x136/0x280 [ 1403.867551][T25659] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1403.873304][T25659] ? hwsim_virtio_rx_work+0x350/0x350 [ 1403.878685][T25659] ? __kmalloc_track_caller+0x1a0/0x320 [ 1403.884239][T25659] ? memcpy+0x39/0x60 [ 1403.888234][T25659] hwsim_new_radio_nl+0x9bc/0x1080 [ 1403.893359][T25659] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1403.899274][T25659] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.905524][T25659] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1403.912910][T25659] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1403.920206][T25659] genl_family_rcv_msg_doit+0x228/0x320 [ 1403.925765][T25659] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1403.933149][T25659] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.939408][T25659] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.945659][T25659] ? ns_capable+0xde/0x100 [ 1403.950085][T25659] genl_rcv_msg+0x328/0x580 [ 1403.954603][T25659] ? genl_get_cmd+0x480/0x480 [ 1403.959289][T25659] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1403.965228][T25659] ? lock_release+0x720/0x720 [ 1403.969917][T25659] netlink_rcv_skb+0x153/0x420 [ 1403.974693][T25659] ? genl_get_cmd+0x480/0x480 [ 1403.979384][T25659] ? netlink_ack+0xa60/0xa60 [ 1403.983999][T25659] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1403.990250][T25659] genl_rcv+0x24/0x40 [ 1403.994241][T25659] netlink_unicast+0x533/0x7d0 [ 1403.999017][T25659] ? netlink_attachskb+0x890/0x890 [ 1404.004162][T25659] ? __virt_addr_valid+0x5d/0x2d0 [ 1404.009189][T25659] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1404.015435][T25659] ? __phys_addr_symbol+0x2c/0x70 [ 1404.020468][T25659] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1404.026194][T25659] ? __check_object_size+0x16e/0x3f0 [ 1404.031491][T25659] netlink_sendmsg+0x85b/0xda0 [ 1404.036272][T25659] ? netlink_unicast+0x7d0/0x7d0 [ 1404.041228][T25659] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1404.047479][T25659] ? netlink_unicast+0x7d0/0x7d0 [ 1404.052426][T25659] sock_sendmsg+0xcf/0x120 [ 1404.056857][T25659] ____sys_sendmsg+0x6e8/0x810 [ 1404.061629][T25659] ? kernel_sendmsg+0x50/0x50 [ 1404.066306][T25659] ? do_recvmmsg+0x6d0/0x6d0 [ 1404.070934][T25659] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1404.076928][T25659] ___sys_sendmsg+0xf3/0x170 [ 1404.081526][T25659] ? sendmsg_copy_msghdr+0x160/0x160 [ 1404.086825][T25659] ? __fget_files+0x266/0x3d0 [ 1404.091513][T25659] ? lock_downgrade+0x6e0/0x6e0 [ 1404.096385][T25659] ? __fget_files+0x288/0x3d0 [ 1404.101078][T25659] ? __fget_light+0xea/0x280 [ 1404.105660][T25659] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1404.112068][T25659] __sys_sendmsg+0xe5/0x1b0 [ 1404.116928][T25659] ? __sys_sendmsg_sock+0x30/0x30 [ 1404.121947][T25659] ? syscall_enter_from_user_mode+0x21/0x70 [ 1404.127832][T25659] do_syscall_64+0x35/0xb0 [ 1404.132236][T25659] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1404.138316][T25659] RIP: 0033:0x4665d9 [ 1404.142406][T25659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1404.162988][T25659] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1404.171574][T25659] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1404.179532][T25659] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1404.187505][T25659] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1404.195463][T25659] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1404.203423][T25659] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 21:28:58 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d024b0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1404.275350][T25680] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:58 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1404.366765][T25680] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1404.366765][T25680] !' [ 1404.388711][T25680] CPU: 0 PID: 25680 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1404.397315][T25680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1404.407718][T25680] Call Trace: [ 1404.410995][T25680] dump_stack_lvl+0xcd/0x134 [ 1404.415597][T25680] sysfs_warn_dup.cold+0x1c/0x29 [ 1404.420534][T25680] sysfs_do_create_link_sd+0x11e/0x140 [ 1404.425992][T25680] sysfs_create_link+0x5f/0xc0 [ 1404.430755][T25680] device_add+0x789/0x2100 [ 1404.435173][T25680] ? mutex_lock_io_nested+0xf00/0xf00 [ 1404.440559][T25680] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1404.446188][T25680] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1404.452597][T25680] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1404.458829][T25680] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1404.465061][T25680] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1404.471042][T25680] wiphy_register+0x1e8a/0x29b0 [ 1404.475892][T25680] ? wiphy_unregister+0xbd0/0xbd0 [ 1404.480902][T25680] ? minstrel_ht_alloc+0x531/0xa00 [ 1404.486017][T25680] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1404.492081][T25680] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1404.497548][T25680] ? ieee80211_restart_hw+0x290/0x290 [ 1404.502915][T25680] ? debug_object_destroy+0x210/0x210 [ 1404.508286][T25680] ? memset+0x20/0x40 [ 1404.512262][T25680] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1404.518491][T25680] ? __hrtimer_init+0x136/0x280 [ 1404.523341][T25680] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1404.529075][T25680] ? hwsim_virtio_rx_work+0x350/0x350 [ 1404.534443][T25680] ? __kmalloc_track_caller+0x1a0/0x320 [ 1404.540159][T25680] ? memcpy+0x39/0x60 [ 1404.544137][T25680] hwsim_new_radio_nl+0x9bc/0x1080 [ 1404.549248][T25680] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1404.555150][T25680] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1404.561382][T25680] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1404.568752][T25680] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1404.576036][T25680] genl_family_rcv_msg_doit+0x228/0x320 [ 1404.581580][T25680] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1404.588947][T25680] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1404.595207][T25680] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1404.601443][T25680] ? ns_capable+0xde/0x100 [ 1404.605856][T25680] genl_rcv_msg+0x328/0x580 [ 1404.610355][T25680] ? genl_get_cmd+0x480/0x480 [ 1404.615043][T25680] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1404.620936][T25680] ? lock_release+0x720/0x720 [ 1404.625604][T25680] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1404.631409][T25680] netlink_rcv_skb+0x153/0x420 [ 1404.636176][T25680] ? genl_get_cmd+0x480/0x480 [ 1404.640847][T25680] ? netlink_ack+0xa60/0xa60 [ 1404.645450][T25680] genl_rcv+0x24/0x40 [ 1404.649421][T25680] netlink_unicast+0x533/0x7d0 [ 1404.654188][T25680] ? netlink_attachskb+0x890/0x890 [ 1404.659290][T25680] ? __virt_addr_valid+0x5d/0x2d0 [ 1404.664305][T25680] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1404.670535][T25680] ? __phys_addr_symbol+0x2c/0x70 [ 1404.675547][T25680] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1404.681258][T25680] ? __check_object_size+0x16e/0x3f0 [ 1404.686544][T25680] netlink_sendmsg+0x85b/0xda0 [ 1404.691307][T25680] ? netlink_unicast+0x7d0/0x7d0 [ 1404.696247][T25680] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1404.702479][T25680] ? netlink_unicast+0x7d0/0x7d0 [ 1404.707416][T25680] sock_sendmsg+0xcf/0x120 [ 1404.711827][T25680] ____sys_sendmsg+0x6e8/0x810 [ 1404.716583][T25680] ? kernel_sendmsg+0x50/0x50 [ 1404.721245][T25680] ? do_recvmmsg+0x6d0/0x6d0 [ 1404.725832][T25680] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1404.731810][T25680] ___sys_sendmsg+0xf3/0x170 [ 1404.736392][T25680] ? sendmsg_copy_msghdr+0x160/0x160 [ 1404.741678][T25680] ? __fget_files+0x266/0x3d0 [ 1404.746540][T25680] ? lock_downgrade+0x6e0/0x6e0 [ 1404.751390][T25680] ? __fget_files+0x288/0x3d0 [ 1404.756069][T25680] ? __fget_light+0xea/0x280 [ 1404.760650][T25680] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1404.766888][T25680] __sys_sendmsg+0xe5/0x1b0 [ 1404.771382][T25680] ? __sys_sendmsg_sock+0x30/0x30 [ 1404.776411][T25680] ? syscall_enter_from_user_mode+0x21/0x70 [ 1404.782307][T25680] do_syscall_64+0x35/0xb0 [ 1404.786715][T25680] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1404.792602][T25680] RIP: 0033:0x4665d9 [ 1404.796486][T25680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1404.816083][T25680] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1404.824486][T25680] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1404.832449][T25680] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1404.840406][T25680] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1404.848543][T25680] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1404.856502][T25680] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 [ 1404.983322][T25706] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1404.999375][T25706] __nla_validate_parse: 12 callbacks suppressed [ 1404.999391][T25706] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:28:59 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01540000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:28:59 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1405.028041][T25708] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 21:28:59 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x3000003, 0x40010, 0xffffffffffffffff, 0x7fd09000) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) write$char_usb(r0, &(0x7f0000000100)="fb5b41bbd2ace149a0a8bf1c4330a2c9d9e803ab9d5fb6c52398b92262e5f05518d2b529675d0636af8b499b79a91ae9fb92740a0fd5aab45a5850b70c92a63a309fc1b336ae5bf8da0cbfaf58f6eac0d8d5f631143c0f6c5ca74b37ac14d8d66d140ed4a02e3d720cc90dab7d36d79cb281df47a6a0f246313a2c7cb6d648ff28824106ed803f988ddcef1d26d0effe5314c96ca1481ce3f8f04f68c371a6a5f2b738894247b50f7030cc8a46df3dd7c498bea8057507bf3dc2bf4bd49eae00422ac31763398914cf5ff334ea2404acc8f3eb9aeca8eb69d218d33e881cd19d7a189f115e4353865f47feb8ef208ab850dd0cb5", 0xf4) utime(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0xfffffffffffffff9}) socket(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 21:28:59 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d034b0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1405.130922][T25706] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1405.130922][T25706] !' [ 1405.177462][T25706] CPU: 0 PID: 25706 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1405.186092][T25706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.196220][T25706] Call Trace: [ 1405.199499][T25706] dump_stack_lvl+0xcd/0x134 [ 1405.204103][T25706] sysfs_warn_dup.cold+0x1c/0x29 [ 1405.209049][T25706] sysfs_do_create_link_sd+0x11e/0x140 [ 1405.214523][T25706] sysfs_create_link+0x5f/0xc0 [ 1405.219292][T25706] device_add+0x789/0x2100 [ 1405.223713][T25706] ? mutex_lock_io_nested+0xf00/0xf00 [ 1405.229096][T25706] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1405.234649][T25706] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1405.240894][T25706] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1405.247142][T25706] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1405.253384][T25706] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1405.259387][T25706] wiphy_register+0x1e8a/0x29b0 [ 1405.264264][T25706] ? wiphy_unregister+0xbd0/0xbd0 [ 1405.269465][T25706] ? minstrel_ht_alloc+0x531/0xa00 [ 1405.274592][T25706] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1405.280671][T25706] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1405.286152][T25706] ? ieee80211_restart_hw+0x290/0x290 [ 1405.291539][T25706] ? debug_object_destroy+0x210/0x210 [ 1405.297274][T25706] ? memset+0x20/0x40 [ 1405.301351][T25706] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1405.307597][T25706] ? __hrtimer_init+0x136/0x280 [ 1405.312463][T25706] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1405.318212][T25706] ? hwsim_virtio_rx_work+0x350/0x350 [ 1405.323596][T25706] ? __kmalloc_track_caller+0x1a0/0x320 [ 1405.329152][T25706] ? memcpy+0x39/0x60 [ 1405.333147][T25706] hwsim_new_radio_nl+0x9bc/0x1080 [ 1405.338275][T25706] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1405.344213][T25706] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1405.350633][T25706] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1405.358014][T25706] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1405.365318][T25706] genl_family_rcv_msg_doit+0x228/0x320 [ 1405.371053][T25706] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1405.378439][T25706] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1405.384696][T25706] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1405.390942][T25706] ? ns_capable+0xde/0x100 [ 1405.395368][T25706] genl_rcv_msg+0x328/0x580 [ 1405.400058][T25706] ? genl_get_cmd+0x480/0x480 [ 1405.404747][T25706] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1405.410653][T25706] ? lock_release+0x720/0x720 [ 1405.415342][T25706] netlink_rcv_skb+0x153/0x420 [ 1405.420115][T25706] ? genl_get_cmd+0x480/0x480 [ 1405.424803][T25706] ? netlink_ack+0xa60/0xa60 [ 1405.429411][T25706] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1405.435670][T25706] genl_rcv+0x24/0x40 [ 1405.439659][T25706] netlink_unicast+0x533/0x7d0 [ 1405.444447][T25706] ? netlink_attachskb+0x890/0x890 [ 1405.449739][T25706] ? __virt_addr_valid+0x5d/0x2d0 [ 1405.454770][T25706] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1405.461014][T25706] ? __phys_addr_symbol+0x2c/0x70 [ 1405.466043][T25706] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1405.471767][T25706] ? __check_object_size+0x16e/0x3f0 [ 1405.477065][T25706] netlink_sendmsg+0x85b/0xda0 [ 1405.481847][T25706] ? netlink_unicast+0x7d0/0x7d0 [ 1405.486800][T25706] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1405.493050][T25706] ? netlink_unicast+0x7d0/0x7d0 [ 1405.497997][T25706] sock_sendmsg+0xcf/0x120 [ 1405.502593][T25706] ____sys_sendmsg+0x6e8/0x810 [ 1405.507363][T25706] ? kernel_sendmsg+0x50/0x50 [ 1405.512043][T25706] ? do_recvmmsg+0x6d0/0x6d0 [ 1405.516653][T25706] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1405.522650][T25706] ___sys_sendmsg+0xf3/0x170 [ 1405.527250][T25706] ? sendmsg_copy_msghdr+0x160/0x160 [ 1405.532547][T25706] ? __fget_files+0x266/0x3d0 [ 1405.537235][T25706] ? lock_downgrade+0x6e0/0x6e0 [ 1405.542108][T25706] ? __fget_files+0x288/0x3d0 [ 1405.546798][T25706] ? __fget_light+0xea/0x280 [ 1405.551397][T25706] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1405.557650][T25706] __sys_sendmsg+0xe5/0x1b0 [ 1405.562355][T25706] ? __sys_sendmsg_sock+0x30/0x30 [ 1405.568171][T25706] ? syscall_enter_from_user_mode+0x21/0x70 [ 1405.574056][T25706] do_syscall_64+0x35/0xb0 [ 1405.578830][T25706] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1405.584731][T25706] RIP: 0033:0x4665d9 [ 1405.589047][T25706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1405.608823][T25706] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1405.617222][T25706] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1405.625181][T25706] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1405.633153][T25706] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1405.641114][T25706] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1405.649090][T25706] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 [ 1405.710982][T25723] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1405.734378][T25731] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 21:28:59 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1405.781128][T25731] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1405.798916][T25727] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:28:59 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63070d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1405.833183][T25727] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1405.876911][T25723] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:29:00 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d004c0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1405.928521][T25727] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1405.928521][T25727] !' [ 1405.994211][T25727] CPU: 0 PID: 25727 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1406.002851][T25727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.012907][T25727] Call Trace: [ 1406.016185][T25727] dump_stack_lvl+0xcd/0x134 [ 1406.020789][T25727] sysfs_warn_dup.cold+0x1c/0x29 [ 1406.025738][T25727] sysfs_do_create_link_sd+0x11e/0x140 [ 1406.031212][T25727] sysfs_create_link+0x5f/0xc0 [ 1406.035984][T25727] device_add+0x789/0x2100 [ 1406.040405][T25727] ? mutex_lock_io_nested+0xf00/0xf00 [ 1406.045784][T25727] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1406.051339][T25727] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1406.057585][T25727] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1406.063834][T25727] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.070080][T25727] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1406.076081][T25727] wiphy_register+0x1e8a/0x29b0 [ 1406.080952][T25727] ? wiphy_unregister+0xbd0/0xbd0 [ 1406.085981][T25727] ? minstrel_ht_alloc+0x531/0xa00 [ 1406.091110][T25727] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1406.097196][T25727] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1406.102683][T25727] ? ieee80211_restart_hw+0x290/0x290 [ 1406.108198][T25727] ? debug_object_destroy+0x210/0x210 [ 1406.113587][T25727] ? memset+0x20/0x40 [ 1406.117575][T25727] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.123821][T25727] ? __hrtimer_init+0x136/0x280 [ 1406.128922][T25727] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1406.134662][T25727] ? hwsim_virtio_rx_work+0x350/0x350 [ 1406.140042][T25727] ? __kmalloc_track_caller+0x1a0/0x320 [ 1406.145597][T25727] ? memcpy+0x39/0x60 [ 1406.149593][T25727] hwsim_new_radio_nl+0x9bc/0x1080 [ 1406.154721][T25727] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1406.160636][T25727] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.166883][T25727] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1406.174265][T25727] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1406.181570][T25727] genl_family_rcv_msg_doit+0x228/0x320 [ 1406.187134][T25727] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1406.194514][T25727] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.200774][T25727] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.207022][T25727] ? ns_capable+0xde/0x100 [ 1406.211449][T25727] genl_rcv_msg+0x328/0x580 [ 1406.216144][T25727] ? genl_get_cmd+0x480/0x480 [ 1406.220829][T25727] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1406.226739][T25727] ? lock_release+0x720/0x720 [ 1406.231418][T25727] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1406.236717][T25727] netlink_rcv_skb+0x153/0x420 [ 1406.241493][T25727] ? genl_get_cmd+0x480/0x480 [ 1406.246181][T25727] ? netlink_ack+0xa60/0xa60 [ 1406.250885][T25727] genl_rcv+0x24/0x40 [ 1406.254882][T25727] netlink_unicast+0x533/0x7d0 [ 1406.259668][T25727] ? netlink_attachskb+0x890/0x890 [ 1406.264788][T25727] ? __virt_addr_valid+0x5d/0x2d0 [ 1406.269822][T25727] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1406.276074][T25727] ? __phys_addr_symbol+0x2c/0x70 [ 1406.281105][T25727] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1406.286831][T25727] ? __check_object_size+0x16e/0x3f0 [ 1406.292301][T25727] netlink_sendmsg+0x85b/0xda0 [ 1406.297263][T25727] ? netlink_unicast+0x7d0/0x7d0 [ 1406.302863][T25727] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.309110][T25727] ? netlink_unicast+0x7d0/0x7d0 [ 1406.314040][T25727] sock_sendmsg+0xcf/0x120 [ 1406.318928][T25727] ____sys_sendmsg+0x6e8/0x810 [ 1406.323687][T25727] ? kernel_sendmsg+0x50/0x50 [ 1406.328607][T25727] ? do_recvmmsg+0x6d0/0x6d0 [ 1406.333427][T25727] ? lock_chain_count+0x20/0x20 [ 1406.338288][T25727] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1406.344269][T25727] ___sys_sendmsg+0xf3/0x170 [ 1406.348863][T25727] ? sendmsg_copy_msghdr+0x160/0x160 [ 1406.354145][T25727] ? __fget_files+0x266/0x3d0 [ 1406.358890][T25727] ? lock_downgrade+0x6e0/0x6e0 [ 1406.363748][T25727] ? __fget_files+0x288/0x3d0 [ 1406.368445][T25727] ? __fget_light+0xea/0x280 [ 1406.373040][T25727] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1406.379295][T25727] __sys_sendmsg+0xe5/0x1b0 [ 1406.383806][T25727] ? __sys_sendmsg_sock+0x30/0x30 [ 1406.388843][T25727] ? syscall_enter_from_user_mode+0x21/0x70 [ 1406.394737][T25727] do_syscall_64+0x35/0xb0 [ 1406.399155][T25727] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1406.405038][T25727] RIP: 0033:0x4665d9 [ 1406.408915][T25727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1406.428508][T25727] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1406.436906][T25727] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 21:29:00 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02540000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1406.444869][T25727] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1406.452842][T25727] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1406.460814][T25727] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1406.468799][T25727] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1406.527388][T25770] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1406.538864][T25766] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:00 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:00 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/126, 0x7e}, {&(0x7f0000000140)=""/224, 0xe0}], 0x2, 0x5, 0xffffffcc) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg$kcm(r2, &(0x7f0000000300)={&(0x7f0000000280)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, 0xffffffffffffffff}, 0x20) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1406.567565][T25766] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1406.648991][T25778] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1406.680060][T25766] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1406.680060][T25766] !' [ 1406.726605][T25766] CPU: 0 PID: 25766 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1406.735167][T25766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1406.745231][T25766] Call Trace: [ 1406.748516][T25766] dump_stack_lvl+0xcd/0x134 [ 1406.753133][T25766] sysfs_warn_dup.cold+0x1c/0x29 [ 1406.758093][T25766] sysfs_do_create_link_sd+0x11e/0x140 [ 1406.763570][T25766] sysfs_create_link+0x5f/0xc0 [ 1406.768350][T25766] device_add+0x789/0x2100 [ 1406.772782][T25766] ? mutex_lock_io_nested+0xf00/0xf00 [ 1406.778171][T25766] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1406.783819][T25766] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1406.790248][T25766] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1406.796500][T25766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.802839][T25766] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1406.808850][T25766] wiphy_register+0x1e8a/0x29b0 [ 1406.813730][T25766] ? wiphy_unregister+0xbd0/0xbd0 [ 1406.818761][T25766] ? minstrel_ht_alloc+0x531/0xa00 [ 1406.823905][T25766] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1406.830003][T25766] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1406.835522][T25766] ? ieee80211_restart_hw+0x290/0x290 [ 1406.840932][T25766] ? debug_object_destroy+0x210/0x210 [ 1406.846327][T25766] ? memset+0x20/0x40 [ 1406.850325][T25766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.856578][T25766] ? __hrtimer_init+0x136/0x280 [ 1406.861457][T25766] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1406.867218][T25766] ? hwsim_virtio_rx_work+0x350/0x350 [ 1406.872607][T25766] ? __kmalloc_track_caller+0x1a0/0x320 [ 1406.878169][T25766] ? memcpy+0x39/0x60 [ 1406.882171][T25766] hwsim_new_radio_nl+0x9bc/0x1080 [ 1406.887307][T25766] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1406.893236][T25766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.899490][T25766] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1406.906879][T25766] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1406.914192][T25766] genl_family_rcv_msg_doit+0x228/0x320 [ 1406.919760][T25766] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1406.927155][T25766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.933429][T25766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.939689][T25766] ? ns_capable+0xde/0x100 [ 1406.944125][T25766] genl_rcv_msg+0x328/0x580 [ 1406.949088][T25766] ? genl_get_cmd+0x480/0x480 [ 1406.953781][T25766] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1406.959703][T25766] ? lock_release+0x720/0x720 [ 1406.964400][T25766] netlink_rcv_skb+0x153/0x420 [ 1406.969187][T25766] ? genl_get_cmd+0x480/0x480 [ 1406.973882][T25766] ? netlink_ack+0xa60/0xa60 [ 1406.978507][T25766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1406.984766][T25766] genl_rcv+0x24/0x40 [ 1406.988761][T25766] netlink_unicast+0x533/0x7d0 [ 1406.993547][T25766] ? netlink_attachskb+0x890/0x890 [ 1406.998672][T25766] ? __virt_addr_valid+0x5d/0x2d0 [ 1407.003709][T25766] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1407.009952][T25766] ? __phys_addr_symbol+0x2c/0x70 [ 1407.014987][T25766] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1407.020715][T25766] ? __check_object_size+0x16e/0x3f0 [ 1407.026020][T25766] netlink_sendmsg+0x85b/0xda0 [ 1407.030806][T25766] ? netlink_unicast+0x7d0/0x7d0 [ 1407.035770][T25766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1407.042022][T25766] ? netlink_unicast+0x7d0/0x7d0 [ 1407.046975][T25766] sock_sendmsg+0xcf/0x120 [ 1407.051662][T25766] ____sys_sendmsg+0x6e8/0x810 [ 1407.056444][T25766] ? kernel_sendmsg+0x50/0x50 [ 1407.061130][T25766] ? do_recvmmsg+0x6d0/0x6d0 [ 1407.065743][T25766] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1407.071754][T25766] ___sys_sendmsg+0xf3/0x170 [ 1407.076361][T25766] ? sendmsg_copy_msghdr+0x160/0x160 [ 1407.081666][T25766] ? __fget_files+0x266/0x3d0 [ 1407.086359][T25766] ? lock_downgrade+0x6e0/0x6e0 [ 1407.091246][T25766] ? __fget_files+0x288/0x3d0 [ 1407.095948][T25766] ? __fget_light+0xea/0x280 [ 1407.100550][T25766] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1407.106912][T25766] __sys_sendmsg+0xe5/0x1b0 [ 1407.111466][T25766] ? __sys_sendmsg_sock+0x30/0x30 [ 1407.116551][T25766] ? syscall_enter_from_user_mode+0x21/0x70 [ 1407.122493][T25766] do_syscall_64+0x35/0xb0 [ 1407.126932][T25766] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1407.132839][T25766] RIP: 0033:0x4665d9 [ 1407.136740][T25766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1407.156646][T25766] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1407.165109][T25766] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1407.173082][T25766] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1407.181323][T25766] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1407.189302][T25766] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1407.197280][T25766] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1407.297255][T25782] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1407.322051][T25782] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1407.322051][T25782] !' [ 1407.370580][T25782] CPU: 0 PID: 25782 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1407.379126][T25782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1407.389181][T25782] Call Trace: [ 1407.392460][T25782] dump_stack_lvl+0xcd/0x134 [ 1407.397065][T25782] sysfs_warn_dup.cold+0x1c/0x29 [ 1407.402454][T25782] sysfs_do_create_link_sd+0x11e/0x140 [ 1407.407929][T25782] sysfs_create_link+0x5f/0xc0 [ 1407.412702][T25782] device_add+0x789/0x2100 [ 1407.417123][T25782] ? mutex_lock_io_nested+0xf00/0xf00 [ 1407.422498][T25782] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1407.428052][T25782] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1407.434300][T25782] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1407.440549][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1407.446795][T25782] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1407.452876][T25782] wiphy_register+0x1e8a/0x29b0 [ 1407.457746][T25782] ? wiphy_unregister+0xbd0/0xbd0 [ 1407.462775][T25782] ? minstrel_ht_alloc+0x531/0xa00 21:29:01 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:01 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d014c0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1407.467905][T25782] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1407.473990][T25782] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1407.479474][T25782] ? ieee80211_restart_hw+0x290/0x290 [ 1407.484862][T25782] ? debug_object_destroy+0x210/0x210 [ 1407.490254][T25782] ? memset+0x20/0x40 [ 1407.494547][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1407.500796][T25782] ? __hrtimer_init+0x136/0x280 [ 1407.505661][T25782] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1407.511406][T25782] ? hwsim_virtio_rx_work+0x350/0x350 [ 1407.516880][T25782] ? __kmalloc_track_caller+0x1a0/0x320 [ 1407.522442][T25782] ? memcpy+0x39/0x60 [ 1407.526443][T25782] hwsim_new_radio_nl+0x9bc/0x1080 [ 1407.531567][T25782] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1407.537481][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1407.543728][T25782] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1407.551110][T25782] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1407.558407][T25782] genl_family_rcv_msg_doit+0x228/0x320 [ 1407.563954][T25782] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1407.571330][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1407.577587][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1407.584051][T25782] ? ns_capable+0xde/0x100 [ 1407.588673][T25782] genl_rcv_msg+0x328/0x580 [ 1407.593172][T25782] ? genl_get_cmd+0x480/0x480 [ 1407.597855][T25782] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1407.603921][T25782] ? lock_release+0x720/0x720 [ 1407.608596][T25782] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1407.613876][T25782] netlink_rcv_skb+0x153/0x420 [ 1407.618755][T25782] ? genl_get_cmd+0x480/0x480 [ 1407.623535][T25782] ? netlink_ack+0xa60/0xa60 [ 1407.628674][T25782] genl_rcv+0x24/0x40 [ 1407.632844][T25782] netlink_unicast+0x533/0x7d0 [ 1407.637615][T25782] ? netlink_attachskb+0x890/0x890 [ 1407.642899][T25782] ? __virt_addr_valid+0x5d/0x2d0 [ 1407.648096][T25782] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1407.654417][T25782] ? __phys_addr_symbol+0x2c/0x70 [ 1407.659446][T25782] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1407.665340][T25782] ? __check_object_size+0x16e/0x3f0 [ 1407.671002][T25782] netlink_sendmsg+0x85b/0xda0 [ 1407.675781][T25782] ? netlink_unicast+0x7d0/0x7d0 [ 1407.680736][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1407.686980][T25782] ? netlink_unicast+0x7d0/0x7d0 [ 1407.691908][T25782] sock_sendmsg+0xcf/0x120 [ 1407.696329][T25782] ____sys_sendmsg+0x6e8/0x810 [ 1407.701102][T25782] ? kernel_sendmsg+0x50/0x50 [ 1407.705779][T25782] ? do_recvmmsg+0x6d0/0x6d0 [ 1407.710359][T25782] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1407.716424][T25782] ___sys_sendmsg+0xf3/0x170 [ 1407.721247][T25782] ? sendmsg_copy_msghdr+0x160/0x160 [ 1407.726603][T25782] ? __fget_files+0x266/0x3d0 [ 1407.731269][T25782] ? lock_downgrade+0x6e0/0x6e0 [ 1407.736143][T25782] ? __fget_files+0x288/0x3d0 [ 1407.740921][T25782] ? __fget_light+0xea/0x280 [ 1407.745516][T25782] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1407.751750][T25782] __sys_sendmsg+0xe5/0x1b0 [ 1407.756258][T25782] ? __sys_sendmsg_sock+0x30/0x30 [ 1407.761302][T25782] ? syscall_enter_from_user_mode+0x21/0x70 [ 1407.767220][T25782] do_syscall_64+0x35/0xb0 [ 1407.771630][T25782] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1407.777531][T25782] RIP: 0033:0x4665d9 [ 1407.781425][T25782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1407.801215][T25782] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1407.809627][T25782] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 21:29:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03540000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1407.817602][T25782] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1407.825574][T25782] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1407.833531][T25782] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1407.841587][T25782] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1407.907415][T25791] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1407.926920][T25791] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1407.926920][T25791] !' [ 1407.957656][T25791] CPU: 0 PID: 25791 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1407.966195][T25791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1407.976250][T25791] Call Trace: [ 1407.979528][T25791] dump_stack_lvl+0xcd/0x134 [ 1407.984130][T25791] sysfs_warn_dup.cold+0x1c/0x29 [ 1407.989066][T25791] sysfs_do_create_link_sd+0x11e/0x140 [ 1407.994544][T25791] sysfs_create_link+0x5f/0xc0 [ 1407.999303][T25791] device_add+0x789/0x2100 [ 1408.003713][T25791] ? mutex_lock_io_nested+0xf00/0xf00 [ 1408.009338][T25791] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1408.014877][T25791] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1408.021112][T25791] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1408.027378][T25791] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.033607][T25791] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1408.039585][T25791] wiphy_register+0x1e8a/0x29b0 [ 1408.044439][T25791] ? wiphy_unregister+0xbd0/0xbd0 [ 1408.049625][T25791] ? minstrel_ht_alloc+0x531/0xa00 [ 1408.054740][T25791] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1408.060810][T25791] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1408.066284][T25791] ? ieee80211_restart_hw+0x290/0x290 [ 1408.071657][T25791] ? debug_object_destroy+0x210/0x210 [ 1408.077030][T25791] ? memset+0x20/0x40 [ 1408.081005][T25791] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.087418][T25791] ? __hrtimer_init+0x136/0x280 [ 1408.092270][T25791] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1408.098282][T25791] ? hwsim_virtio_rx_work+0x350/0x350 [ 1408.103732][T25791] ? __kmalloc_track_caller+0x1a0/0x320 [ 1408.109272][T25791] ? memcpy+0x39/0x60 [ 1408.113272][T25791] hwsim_new_radio_nl+0x9bc/0x1080 [ 1408.118382][T25791] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1408.124276][T25791] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.130509][T25791] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1408.137960][T25791] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1408.145244][T25791] genl_family_rcv_msg_doit+0x228/0x320 [ 1408.150785][T25791] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1408.158260][T25791] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.164498][T25791] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.170729][T25791] ? ns_capable+0xde/0x100 [ 1408.175138][T25791] genl_rcv_msg+0x328/0x580 [ 1408.179636][T25791] ? genl_get_cmd+0x480/0x480 [ 1408.184305][T25791] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1408.190194][T25791] ? lock_release+0x720/0x720 [ 1408.194859][T25791] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1408.200228][T25791] netlink_rcv_skb+0x153/0x420 [ 1408.204982][T25791] ? genl_get_cmd+0x480/0x480 [ 1408.209651][T25791] ? netlink_ack+0xa60/0xa60 [ 1408.214245][T25791] genl_rcv+0x24/0x40 [ 1408.218241][T25791] netlink_unicast+0x533/0x7d0 [ 1408.223000][T25791] ? netlink_attachskb+0x890/0x890 [ 1408.228105][T25791] ? __virt_addr_valid+0x5d/0x2d0 [ 1408.233120][T25791] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1408.239522][T25791] ? __phys_addr_symbol+0x2c/0x70 [ 1408.244534][T25791] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1408.250240][T25791] ? __check_object_size+0x16e/0x3f0 [ 1408.255838][T25791] netlink_sendmsg+0x85b/0xda0 [ 1408.260600][T25791] ? netlink_unicast+0x7d0/0x7d0 [ 1408.265533][T25791] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.271764][T25791] ? netlink_unicast+0x7d0/0x7d0 [ 1408.276695][T25791] sock_sendmsg+0xcf/0x120 [ 1408.281105][T25791] ____sys_sendmsg+0x6e8/0x810 [ 1408.285861][T25791] ? kernel_sendmsg+0x50/0x50 [ 1408.290525][T25791] ? do_recvmmsg+0x6d0/0x6d0 [ 1408.295109][T25791] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1408.301086][T25791] ___sys_sendmsg+0xf3/0x170 [ 1408.305671][T25791] ? sendmsg_copy_msghdr+0x160/0x160 [ 1408.310950][T25791] ? __fget_files+0x266/0x3d0 [ 1408.315616][T25791] ? lock_downgrade+0x6e0/0x6e0 [ 1408.320465][T25791] ? __fget_files+0x288/0x3d0 [ 1408.325137][T25791] ? __fget_light+0xea/0x280 [ 1408.329720][T25791] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1408.335954][T25791] __sys_sendmsg+0xe5/0x1b0 [ 1408.340453][T25791] ? __sys_sendmsg_sock+0x30/0x30 [ 1408.345478][T25791] ? syscall_enter_from_user_mode+0x21/0x70 [ 1408.351374][T25791] do_syscall_64+0x35/0xb0 [ 1408.355779][T25791] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1408.361668][T25791] RIP: 0033:0x4665d9 [ 1408.365548][T25791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1408.385144][T25791] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1408.393547][T25791] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1408.401509][T25791] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1408.409465][T25791] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1408.417420][T25791] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1408.425381][T25791] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 21:29:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d024c0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1408.580500][T25805] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:02 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1408.663765][T25805] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1408.663765][T25805] !' [ 1408.707109][T25805] CPU: 0 PID: 25805 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1408.715650][T25805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1408.725701][T25805] Call Trace: [ 1408.728977][T25805] dump_stack_lvl+0xcd/0x134 [ 1408.733582][T25805] sysfs_warn_dup.cold+0x1c/0x29 [ 1408.738527][T25805] sysfs_do_create_link_sd+0x11e/0x140 [ 1408.743994][T25805] sysfs_create_link+0x5f/0xc0 [ 1408.748765][T25805] device_add+0x789/0x2100 [ 1408.753188][T25805] ? mutex_lock_io_nested+0xf00/0xf00 [ 1408.758569][T25805] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1408.764207][T25805] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1408.770456][T25805] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1408.776701][T25805] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.782944][T25805] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1408.788936][T25805] wiphy_register+0x1e8a/0x29b0 [ 1408.793800][T25805] ? wiphy_unregister+0xbd0/0xbd0 [ 1408.798825][T25805] ? minstrel_ht_alloc+0x531/0xa00 [ 1408.803954][T25805] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1408.810035][T25805] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1408.815495][T25805] ? ieee80211_restart_hw+0x290/0x290 [ 1408.820860][T25805] ? debug_object_destroy+0x210/0x210 [ 1408.826241][T25805] ? memset+0x20/0x40 [ 1408.830212][T25805] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.836447][T25805] ? __hrtimer_init+0x136/0x280 [ 1408.841309][T25805] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1408.847045][T25805] ? hwsim_virtio_rx_work+0x350/0x350 [ 1408.852404][T25805] ? __kmalloc_track_caller+0x1a0/0x320 [ 1408.857940][T25805] ? memcpy+0x39/0x60 [ 1408.861917][T25805] hwsim_new_radio_nl+0x9bc/0x1080 [ 1408.867034][T25805] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1408.872922][T25805] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.879149][T25805] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1408.886533][T25805] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1408.893829][T25805] genl_family_rcv_msg_doit+0x228/0x320 [ 1408.899364][T25805] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1408.906724][T25805] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.912965][T25805] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.919205][T25805] ? ns_capable+0xde/0x100 [ 1408.923629][T25805] genl_rcv_msg+0x328/0x580 [ 1408.928123][T25805] ? genl_get_cmd+0x480/0x480 [ 1408.932790][T25805] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1408.938680][T25805] ? lock_release+0x720/0x720 [ 1408.943379][T25805] netlink_rcv_skb+0x153/0x420 [ 1408.948130][T25805] ? genl_get_cmd+0x480/0x480 [ 1408.952796][T25805] ? netlink_ack+0xa60/0xa60 [ 1408.957399][T25805] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1408.963655][T25805] genl_rcv+0x24/0x40 [ 1408.967632][T25805] netlink_unicast+0x533/0x7d0 [ 1408.972401][T25805] ? netlink_attachskb+0x890/0x890 [ 1408.977509][T25805] ? __virt_addr_valid+0x5d/0x2d0 [ 1408.982539][T25805] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1408.988765][T25805] ? __phys_addr_symbol+0x2c/0x70 [ 1408.993773][T25805] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1408.999476][T25805] ? __check_object_size+0x16e/0x3f0 [ 1409.004747][T25805] netlink_sendmsg+0x85b/0xda0 [ 1409.009503][T25805] ? netlink_unicast+0x7d0/0x7d0 [ 1409.014437][T25805] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1409.020669][T25805] ? netlink_unicast+0x7d0/0x7d0 [ 1409.025611][T25805] sock_sendmsg+0xcf/0x120 [ 1409.030015][T25805] ____sys_sendmsg+0x6e8/0x810 [ 1409.034786][T25805] ? kernel_sendmsg+0x50/0x50 [ 1409.039446][T25805] ? do_recvmmsg+0x6d0/0x6d0 [ 1409.044024][T25805] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1409.049990][T25805] ? find_held_lock+0x2d/0x110 [ 1409.054747][T25805] ___sys_sendmsg+0xf3/0x170 [ 1409.059326][T25805] ? sendmsg_copy_msghdr+0x160/0x160 [ 1409.064602][T25805] ? __fget_files+0x266/0x3d0 [ 1409.069265][T25805] ? lock_downgrade+0x6e0/0x6e0 [ 1409.074116][T25805] ? __fget_files+0x288/0x3d0 [ 1409.078797][T25805] ? __fget_light+0xea/0x280 [ 1409.083375][T25805] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1409.089603][T25805] __sys_sendmsg+0xe5/0x1b0 [ 1409.094093][T25805] ? __sys_sendmsg_sock+0x30/0x30 [ 1409.099121][T25805] ? syscall_enter_from_user_mode+0x21/0x70 [ 1409.105025][T25805] do_syscall_64+0x35/0xb0 [ 1409.109432][T25805] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1409.115318][T25805] RIP: 0033:0x4665d9 [ 1409.119212][T25805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1409.138802][T25805] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1409.147215][T25805] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1409.155170][T25805] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1409.163136][T25805] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1409.171098][T25805] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1409.179064][T25805] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:29:03 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00550000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1409.254566][T25821] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:03 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1409.312415][T25821] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1409.312415][T25821] !' [ 1409.351515][T25821] CPU: 0 PID: 25821 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 21:29:03 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63080d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:03 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d034c0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1409.360226][T25821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1409.370280][T25821] Call Trace: [ 1409.373556][T25821] dump_stack_lvl+0xcd/0x134 [ 1409.378173][T25821] sysfs_warn_dup.cold+0x1c/0x29 [ 1409.383207][T25821] sysfs_do_create_link_sd+0x11e/0x140 [ 1409.388682][T25821] sysfs_create_link+0x5f/0xc0 [ 1409.393456][T25821] device_add+0x789/0x2100 [ 1409.397879][T25821] ? mutex_lock_io_nested+0xf00/0xf00 [ 1409.403260][T25821] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1409.408814][T25821] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1409.415059][T25821] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1409.421302][T25821] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1409.427545][T25821] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1409.433541][T25821] wiphy_register+0x1e8a/0x29b0 [ 1409.438405][T25821] ? wiphy_unregister+0xbd0/0xbd0 [ 1409.443441][T25821] ? minstrel_ht_alloc+0x531/0xa00 [ 1409.448568][T25821] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1409.454648][T25821] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1409.460132][T25821] ? ieee80211_restart_hw+0x290/0x290 [ 1409.465516][T25821] ? debug_object_destroy+0x210/0x210 [ 1409.470904][T25821] ? memset+0x20/0x40 [ 1409.474895][T25821] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1409.481141][T25821] ? __hrtimer_init+0x136/0x280 [ 1409.486006][T25821] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1409.491751][T25821] ? hwsim_virtio_rx_work+0x350/0x350 [ 1409.497133][T25821] ? __kmalloc_track_caller+0x1a0/0x320 [ 1409.502693][T25821] ? memcpy+0x39/0x60 [ 1409.506688][T25821] hwsim_new_radio_nl+0x9bc/0x1080 [ 1409.511900][T25821] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1409.517816][T25821] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1409.524059][T25821] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1409.531445][T25821] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1409.538746][T25821] genl_family_rcv_msg_doit+0x228/0x320 [ 1409.544563][T25821] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1409.551946][T25821] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1409.558202][T25821] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1409.564451][T25821] ? ns_capable+0xde/0x100 [ 1409.568990][T25821] genl_rcv_msg+0x328/0x580 [ 1409.573504][T25821] ? genl_get_cmd+0x480/0x480 [ 1409.578192][T25821] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1409.584101][T25821] ? lock_release+0x720/0x720 [ 1409.588779][T25821] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1409.594072][T25821] netlink_rcv_skb+0x153/0x420 [ 1409.598845][T25821] ? genl_get_cmd+0x480/0x480 [ 1409.603534][T25821] ? netlink_ack+0xa60/0xa60 [ 1409.608150][T25821] genl_rcv+0x24/0x40 [ 1409.612142][T25821] netlink_unicast+0x533/0x7d0 [ 1409.617183][T25821] ? netlink_attachskb+0x890/0x890 [ 1409.622300][T25821] ? __virt_addr_valid+0x5d/0x2d0 [ 1409.627330][T25821] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1409.633576][T25821] ? __phys_addr_symbol+0x2c/0x70 [ 1409.638608][T25821] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1409.644330][T25821] ? __check_object_size+0x16e/0x3f0 [ 1409.649627][T25821] netlink_sendmsg+0x85b/0xda0 [ 1409.654407][T25821] ? netlink_unicast+0x7d0/0x7d0 [ 1409.659367][T25821] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1409.665618][T25821] ? netlink_unicast+0x7d0/0x7d0 [ 1409.670568][T25821] sock_sendmsg+0xcf/0x120 [ 1409.674991][T25821] ____sys_sendmsg+0x6e8/0x810 [ 1409.679759][T25821] ? kernel_sendmsg+0x50/0x50 [ 1409.684441][T25821] ? do_recvmmsg+0x6d0/0x6d0 [ 1409.689035][T25821] ? lock_chain_count+0x20/0x20 [ 1409.693891][T25821] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1409.700259][T25821] ___sys_sendmsg+0xf3/0x170 [ 1409.704837][T25821] ? sendmsg_copy_msghdr+0x160/0x160 [ 1409.710393][T25821] ? __fget_files+0x266/0x3d0 [ 1409.715469][T25821] ? lock_downgrade+0x6e0/0x6e0 [ 1409.720507][T25821] ? __fget_files+0x288/0x3d0 [ 1409.725249][T25821] ? __fget_light+0xea/0x280 [ 1409.729829][T25821] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1409.736058][T25821] __sys_sendmsg+0xe5/0x1b0 [ 1409.740550][T25821] ? __sys_sendmsg_sock+0x30/0x30 [ 1409.745578][T25821] ? syscall_enter_from_user_mode+0x21/0x70 [ 1409.751486][T25821] do_syscall_64+0x35/0xb0 [ 1409.755909][T25821] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1409.761896][T25821] RIP: 0033:0x4665d9 [ 1409.765875][T25821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1409.785469][T25821] RSP: 002b:00007ff8ad98a188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1409.793865][T25821] RAX: ffffffffffffffda RBX: 000000000056c260 RCX: 00000000004665d9 [ 1409.801825][T25821] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1409.809796][T25821] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1409.817761][T25821] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c260 [ 1409.825719][T25821] R13: 00007ffd9d70a0cf R14: 00007ff8ad98a300 R15: 0000000000022000 [ 1409.868929][T25782] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1409.890075][T25782] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1409.890075][T25782] !' [ 1409.904691][T25782] CPU: 1 PID: 25782 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1409.913208][T25782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1409.923263][T25782] Call Trace: [ 1409.926538][T25782] dump_stack_lvl+0xcd/0x134 [ 1409.931140][T25782] sysfs_warn_dup.cold+0x1c/0x29 [ 1409.936089][T25782] sysfs_do_create_link_sd+0x11e/0x140 [ 1409.941547][T25782] sysfs_create_link+0x5f/0xc0 [ 1409.946317][T25782] device_add+0x789/0x2100 [ 1409.950738][T25782] ? mutex_lock_io_nested+0xf00/0xf00 [ 1409.956115][T25782] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1409.961670][T25782] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1409.967910][T25782] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1409.974330][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1409.980902][T25782] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1409.987035][T25782] wiphy_register+0x1e8a/0x29b0 [ 1409.992219][T25782] ? wiphy_unregister+0xbd0/0xbd0 [ 1409.997222][T25782] ? minstrel_ht_alloc+0x531/0xa00 [ 1410.002686][T25782] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1410.009164][T25782] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1410.014616][T25782] ? ieee80211_restart_hw+0x290/0x290 [ 1410.019974][T25782] ? debug_object_destroy+0x210/0x210 [ 1410.025332][T25782] ? memset+0x20/0x40 [ 1410.029299][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.035544][T25782] ? __hrtimer_init+0x136/0x280 [ 1410.040379][T25782] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1410.046097][T25782] ? hwsim_virtio_rx_work+0x350/0x350 [ 1410.051552][T25782] ? __kmalloc_track_caller+0x1a0/0x320 [ 1410.057188][T25782] ? memcpy+0x39/0x60 [ 1410.061155][T25782] hwsim_new_radio_nl+0x9bc/0x1080 [ 1410.066250][T25782] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1410.072131][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.078351][T25782] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1410.085704][T25782] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1410.092973][T25782] genl_family_rcv_msg_doit+0x228/0x320 [ 1410.098502][T25782] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1410.105854][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.112108][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.118345][T25782] ? ns_capable+0xde/0x100 [ 1410.122742][T25782] genl_rcv_msg+0x328/0x580 [ 1410.127229][T25782] ? genl_get_cmd+0x480/0x480 [ 1410.131890][T25782] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1410.137772][T25782] ? lock_release+0x720/0x720 [ 1410.142445][T25782] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1410.147714][T25782] netlink_rcv_skb+0x153/0x420 [ 1410.152460][T25782] ? genl_get_cmd+0x480/0x480 [ 1410.157121][T25782] ? netlink_ack+0xa60/0xa60 [ 1410.161702][T25782] genl_rcv+0x24/0x40 [ 1410.165680][T25782] netlink_unicast+0x533/0x7d0 [ 1410.170432][T25782] ? netlink_attachskb+0x890/0x890 [ 1410.175524][T25782] ? __virt_addr_valid+0x5d/0x2d0 [ 1410.180531][T25782] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1410.186750][T25782] ? __phys_addr_symbol+0x2c/0x70 [ 1410.191755][T25782] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1410.197452][T25782] ? __check_object_size+0x16e/0x3f0 [ 1410.202721][T25782] netlink_sendmsg+0x85b/0xda0 [ 1410.207469][T25782] ? netlink_unicast+0x7d0/0x7d0 [ 1410.212390][T25782] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.218611][T25782] ? netlink_unicast+0x7d0/0x7d0 [ 1410.223530][T25782] sock_sendmsg+0xcf/0x120 [ 1410.227928][T25782] ____sys_sendmsg+0x6e8/0x810 [ 1410.232681][T25782] ? kernel_sendmsg+0x50/0x50 [ 1410.237348][T25782] ? do_recvmmsg+0x6d0/0x6d0 [ 1410.241921][T25782] ? lock_chain_count+0x20/0x20 [ 1410.246750][T25782] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1410.252715][T25782] ___sys_sendmsg+0xf3/0x170 [ 1410.257288][T25782] ? sendmsg_copy_msghdr+0x160/0x160 [ 1410.262557][T25782] ? __fget_files+0x266/0x3d0 [ 1410.267216][T25782] ? lock_downgrade+0x6e0/0x6e0 [ 1410.272054][T25782] ? __fget_files+0x288/0x3d0 [ 1410.276718][T25782] ? __fget_light+0xea/0x280 [ 1410.281285][T25782] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1410.287511][T25782] __sys_sendmsg+0xe5/0x1b0 [ 1410.291996][T25782] ? __sys_sendmsg_sock+0x30/0x30 [ 1410.297007][T25782] ? syscall_enter_from_user_mode+0x21/0x70 [ 1410.302888][T25782] do_syscall_64+0x35/0xb0 [ 1410.307284][T25782] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1410.313161][T25782] RIP: 0033:0x4665d9 [ 1410.317034][T25782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1410.336620][T25782] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1410.345015][T25782] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1410.352966][T25782] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1410.360916][T25782] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1410.368865][T25782] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1410.376815][T25782] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1410.425503][T25869] __nla_validate_parse: 14 callbacks suppressed [ 1410.425519][T25869] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1410.451738][T25871] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1410.460121][T25871] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:29:04 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) r2 = socket(0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000002780)={'syztnl2\x00', &(0x7f0000002680)=ANY=[@ANYBLOB="f0000000002c09000000000001800800", @ANYRES32=0x0, @ANYBLOB="00070080ffffff81000000094a1d00a800640000092f9078ac141430ac1414aa8917f20000000064010101ac14141bffffffffe000000186630000000306107170a9a9a8903219ab2f04ed9a36060b2e349fed05bb47ad6f0110a959be9542fac708391e34af0e0705068152d45d060c20f52df1fe1f909a6c40010583dab3050f301be2cb36d81034344e5acc80020c2066a8eb1d402143dc3f07172bac1414107f0000017f000001e00000020a010100000000"]}) bind$packet(0xffffffffffffffff, &(0x7f00000027c0)={0x11, 0x10, r3, 0x1, 0x40}, 0x14) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x100) writev(r4, &(0x7f0000000280)=[{&(0x7f00000008c0)="110eaa1a9896d57019effc8c79961d0f73ccf3afca3754e2e7a31f536bcb7204bed49311e29c96e1c2b663d61e5b0c0a76ea50cbddaa69f578b8600f77cf1a538ac900673696245b6de4283c979a32c0cf7d54fe9d26650575d1398678895da32663735b4d0cabfe7e972e59c2b4b4c9c89d0b82ca2267ad5062303e8abcb79600010506702eb912e3957e507aec4e2180699a738f675350ba12282a1d7181887f6c2e03de1da0dfe3b4efbb10e9b59301b4ef8a1d", 0xb5}, {&(0x7f0000000980)="34c30d95766fefbb7bdc40a3242505587bbc8584c2bc2003185f5ce116eea020efa91e2aae1eae2b8e848ac13c3dcedbbbc82adb1e70be8eecedba37be82545f2abda4f0a0e0fd0edd6bd03bb8e9bb91c39a2c828511aef3e684ad4c21ec0c146b9570139e31cd", 0x67}], 0x2) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xff, 0x6, 0x20, 0x1, 0x0, 0x4c, 0xc0100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x5, 0x2}, 0x800, 0xff, 0x6, 0x7, 0x3, 0x6, 0x0, 0x0, 0x2, 0x0, 0x100000001}, 0x0, 0xe, r4, 0x3) r5 = openat(r4, 0x0, 0x0, 0x0) r6 = perf_event_open(0x0, 0x0, 0x0, r5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r6, 0x4040942c, &(0x7f0000002600)={0x0, 0x8, [0x7fffffff, 0x45, 0x2, 0x10001, 0x4, 0x2]}) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x10080, 0x0) sendmsg$kcm(r7, &(0x7f00000025c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="3f4ff4c226af8c5200be606941f3f5d937133cbdbd913e2c3f81bc611249112768001bef82acb7c324a748702ae05f1c96546f33e852431be85d922e30029cce8553f494030a733633d48b9eac0ec589096e0b6ab916994adb60b59f24e818ba64f500c607b17c177e1a9c51baea1bc27b1a570438a9c56ca57f9c0d8ad71d716f097b10d875941a599c76781930", 0x8e}, {&(0x7f00000001c0)="6a76bd8d9e179d83adbf07389db457731a613840a163c75daffcbed83b99868adc4e563c0fb1754c8d726d1f16fb4d03602347a490", 0x35}, {&(0x7f0000000200)="0f377445aa44de8ed7ade57a6b8e95e3f12d695bead75f4604e8b0422c4bcc05427dec332df9c83a2cdaf64b54d7b711938ccf3f3a407ac5d108f2bd9ff7a2806be1eb29cba1726a1869", 0x4a}], 0x3, &(0x7f00000002c0)=[{0x1010, 0x113, 0xd4f7, "53b24a34ba30010f25427f5fdb23e7771678c74a6cd94efb205f647f06470019e79ff6a775993eb9c7221269eeeb8cb59bcf4ca24b99bbe6bb9ecede9c01729cde9692e37c37e2f60f20b20b4968357c588e74bc8c154d714e6400f657e0f2419860edcd20ccf483de47bcee389a964b75cc96f1e72df9a146fffe16f85fc419e4a78e1dd82ee383cfe2edce63e9e37c30743ea5fb61e5e43b4dbd2370740965cb1940e2b8b477a30136e1f435ff2916153998d42541152b730bd93376f3728915bd9b5ef0d0883223f2480d8482af3615f0dc1efe7bcb2f83bb191f0bd17fef09f8df869dcd8747c4c3003636b425ce133caf048349af96cc940fbfaa10eb57c13c1b6d4fe6a0a045184ad5f5f4fca71f8c264afeb58e5a947913f68ef056dd23344afd86c485b3c2c0b55c6758a60a57501a384b3befb49e36b152b8e2adb26427214c60ab02fddab17806f2d9be2f2d1cc3d2643998f54020471b0c6558b82810519963d5857851ad80974ac713db94db7bd52bb2fa25867b1542422d2f9955e803c9c573cca5b00c89078504ca7d307df26a7d8ecd076be89d52c464afeb2ead8bbdc098b29fce570f383ec778410e9185e66255c2027a1fa751fdb00f018ba953f1719cb92e5c6e090e9eecb100272d5a1f0bafd8c0d0d849bb27e5bbf0d779b73acdfb3aa36b1d42a4fb5a28bcfebb6d2b140f3aa75dbf10039759fbca5f3f0ff914babef44010739d9657f665c350d1ff5f7d50fc8b1c7791d9dda43ed46b592b8d7ca1c2878e414d2368e6a231faec5b911394c5ed033a7a2e704a64aa4ef39aa42d26198040a81b6a2234d9d107d6cccb1a2da40910a607ee010a12e278517e036648be37bf80223ef3dc6e30ef5bbe72b2d0a5d7b62c87de4be0fb7a8a82f06e696cc24898e4042dcee2cb68a18b4e63815a88447fea2608f7a0a814c2616fa15f85dd271ef4e7bbf9e00879a26a18d20e090104cf4d6718310911a1fb5ea5b256d8a149360de0ec93fb85ce229b3b1f6a3e002d5a85016d620596a8b64a334dee32a7a3bea6ada50b62eb64161fb39cb3df75f12841b21904bff3d53f9e26e08bb33cdd3fb34503c0701103f714343b29e531ff1943e99109e00b235eaec1d0e7af73eed32afb148914ba2fb08957a759ac257ea1ae4d1ea258f09a10818929185a5888ee39702e533e5ea0595376e453c4f3ae8fff522c557af616ed7426b36cbb72bc54e59bfbeba82a9f09c24f3391c0dd374ab50e1394d1ffa37bede183f86693668d1394df8555374b94c3ce2c5e1d0bf8f9eb9de7db8147f38aedecf9657e3539bc85ddffc727cdc5d794c5a83a55c5fd6f39004c13b10819cb3bceed57865bae8566972e2c0c9dec1dd18958ad7c5e1c5f794f0d1c2d516ed2ec61afeb10ee0cb7610a0537e035149a20c7c21bf69e9041106a1155f69199f0d3df4b4e52aecc00607f7a9246ce845b25007ba28d2d5b8590b1f612c2fbba57e985d1f557419f0928e2d5420908397e7dba71a8a8804c388f52e1cf7aeb33e7ea5752e1fd1742c045a9a8465f56ab083c959963c0b81799f1d1ca2a1e9e9daf536830a2470403212c95a922bb3d46e7edd4a30368468f34e5bf799f2a7d95f83550ccd454476c7997d977f93702fa8fd77ef517bd5396a00841042ae900863e2f67fb53779d4ba01455bf1cb5524eca57b906270a8846e0c474de0ad90a451655982cf1f88c857e9277f32882e2f87489ae80befd5e11db0c45e20e2786286f0e3ff2c56fc4f70063a61eefe796f3f9214fe20a74546ef7dd6a01a6e0f4f8750ac22748f91ebd8428cb64f15e70330308a5ed5450577d196879b084a3e8c9e301d7575444d76469657c45f197911d569208f00ff5859b240b9545dbd9b1be83b1cba9a4504c3ef3e5345d44bbdf02539a860a3257ee3f83735fae673a3595492f1c214ca09df7cbdef5923a3b2196b2e48e9116d4471e470abd9e8a2ede9cf5a9bdbb53775619ba30f9498d5a592d1f50dcaa78fad2e91ac6b67bcfe9d2137c1900974f6f4642d011369543888a59d9b513babf46262d4af341ab3a12cb40c3f00a25c29ac7dc2b7cbf60873478130866892aeccf2fd73b8ca50cc428255ee5560da7e75263ec246febcb3846731bec3d3a9e10d068bde29d4a819f37da20e0e61bb4603fad11f4d5dd312973a5cb8d3bb3fc7c0ef78df68474df16f9773b6fd1f6fd74afffdce4b196a5bd2290069a6c5a85d3b36036deb873987243066409b742f400fe023dfd2f11cd2510ed4cdf4b74e79f43e08d4f5ef68a54d554cfd532e5d55de023eea003edf1f535bf90ba4aaabfae7afb23877cd5075536f6787f38b684e95774504629df00a892685c19af1b6563d3c38ea90c11c9c3798d401876a2bea78f3c922ec46efddb2594db5011b264570887df34a1dc61b3e1263aac41e5b602c4494759e09c64677759b32d97940d8d0829fbc1ebf55f8a04ca714858325e7e343ba96f14039e44c722b535634b24643ae904f4667416b438ccb14a53398d16ae1c09d2385d6736f185a57899ec42bfe8868ed569b4e70b33b8bc212567a4f40993751f6e789d61f8f2ecc51d52b5fad3c1dae92994a5cd434bff14da5f1ff598aa619a84d663800836ff8558994c68556cf91a6831b7ad19096357a172bce0be0064b61bc2e8e8c50957d77a203925b45e3d5719b37295deffa29292a1ff0386df648904c1c79fe6544c0b8728c57a6ff3995bdc6fbad95951eb0ee559bfb6af11b673dd6a5684a27be0da9f80d51595cfc0068d72d63711bbde0a6c32ff04f5ff52be2934179dd577d91e3bd3fc8b4ae39051177e269245134e5cea52e885e322e32bbb3483bae432eac12402aa58501d566f2590d28816db9fcf36fa9b94ab7db9162afbb79f3f92a6675e0ef8d43cdb67fc13e497790232489583bfafdc86c4b10a95c93b1c8446c022ab50547424e0cf01c57a3dc68656d742d2c539075ebfe54ad5f4cdeb415f373d4e7970f05d558dffe506769a5a2917e5a00dfa8c156660cef79a5a2a53e5979e0a9eeecbd84bf6e92bfad8e25f017829ce7795e9259142efedbf709425e49a0fec1875b264bcbd1dfc9c340aa54a5d034d7b29c37cacf1c86caa95cbc7a6313783cdf902963d61146a67bf2cd8715113c074deb538846fc3f37f680cf7a17628b52be179001886ce9330894d944df711d4bfbc54ff9a2aba311726b9faa22dfe7850b6bb4872cbf03d84f7fd48244a6064e3aa3a95e34c1ade226cf81df22bb0829b52a31b8ab15bf38cae99c5793ee84d1511bd1d83354799774b0fd3b55fe02a914cb70681869d00f55340e7f58f195509ce88afcd4fe40463bf05e93c8c3b8ef72a74f163b34cbfeba906b7f2aa8a76dc8f1e0c6728c65d4c3d681f00a2b1d2e2cce212a33cc982dfa58de20f07bd06ae92f75f4d6b6461c85bd1d44bc6967b837269aaff7b6b84928db4df24f8746f0b0d0d5dc55641f45f1c3d40a5cfb69d9ae37e2f76c759f92357aed52afdd2a940aeb702fbf37cd7525084353049cb34f99a931376db88776514460c9a3409cab42f685864a28a905ad06fa1e1597e3a9a392c4798f6062aebf1800be6b11358370666cdfee6a95a93089a7929ffe9e139f83f0955e9da8db55a7db4fbfd98e3819f47a36d48da900a2a83109e9879bb49a05ba0aed54cc6c00a902322124a32121630dae9ac42d183af3773d1b6b41c00611ea5063d7574d7ecd6e0880cc3362a8bd5f1ab79de47768ae8985d5a09996fb0ccfa73633baaf5c53f9a6896257081bf53a7c4aed293befb2ad4a332b20d5a23b7d82e4e30df9e8ee228ac8e995bb58bd1288f4a5060517dce14166147eedffb6a63ebc53b476af97766578b70c49726f9e59044bff3534eab946cc80870980b8603f9e41e76af34af85ae5a1843c9e2bf245665c848e8fa392aa6aa20213f67932415829f27c46576baffe5a7fa635db5d8386163b1bfb7b8273c1d34e0513a9da32e13501119bfe10bca3cbf5ec0ee30c37919dd59f6c1521f2a23b2c4c5faa060293cdc0b1958bed107b06c38789da0f5ca680664ed7a053350218a9ae9ce5ea2a5d9e9c7c981f75cbe321a97c63af602f2211c98e1d009c80c388e5e88cea65fa2066d6bf60f5061d645a71eaa2cce502fbbfdb3f50498f4f948c0b6bd39c5d42e61aec7e7ffe21f63bc87bcdbe2d285281353949ea3771fb4e71d9085297d34dcdb093c0a5735c1bea1d8247efe08d18cb1228885d2197709095e52917a389d225ac79e99e130bb9b29ceb603906ad36e5e45e7d28008fb4c44d59cb6328cbfa0c2e95bd59dd95e231b192c2e4dc4597b5676fe4402a61b8ab68241dee28d2b9f925b87096d8ce2250fc7748e083d9897abeaa3619df512559670b9f95302a69f0190426e3cceec5333ed67f32d520402b4cc36db89f99f2b86eb0672a4e539ecd192f2566d85ece46479c2a1509c5d894f347dcf63fb205ca714548f06444cebccafd1f25e8404c5a41c0ffed07114a87d9777957920eff95001f0bf05cd7c257c81bdbe8627ba06447bd3cced13af81713232771f72b4d618d8871dfa88d9c29d882b807484ff2b781e471b5b1b28aebb2380c7f2f0921bc73b47d44af87c35c75c174dc46c810d2e79e012e422fd4bf4ed869ac3b6d3ed4e3628dabb6899229f3de475b4a8b48ae5a08a28875b1c0af1223bd8a3b1efc06a09f92799b1af1eb79ee1f8bc68fea7fa7a1967d7c81d705e85aed5b401f8ab2d806080140b367db52199d71023a36c6dd93a9bb978590c684a793ca867749673552dce86526887a1dc919c5244f984d2804e64287d1e9a4f8251a90e95c1091944cafd3ff3ca70d9604d3cb16fc65d1b06d443c0c9bd65c826a593447daf287768e2099e309b508488b0cf534b28a066897a8e5ffb97e52ce16f37c3ba78db91df64a22b90b9896a38fbb36e7c31e6f1af9fc114fc7afade3569fc893d9038b9d6a616c2babd2f1b2619901854c7d8c2e6e574a39b2837337b511ce6b966cacee53619d7b8515efabbd5867ce21a90740a120bac4090ac7634dc87edd35d9ca77626b4a5bc38f8142d2c930e647091988e87f7306b3d61413f24b312347207054d0b94a075ea7838fd1e90066f9d227ae483f0eae87a94c29cf31ae00c70e7420a8f6d2878181bf5c31f1716068a8fb09f837b92e0cebefda02093426dceaf07135f31f1541cb0f5d78bbf35f1bad0d18ed3d33ad78a755b7cc1eb31c4c45cced4ff27466769bff60b94e16131d0e216df5b0f5ca333501dbb643ac9f377ae8b6dfb1e7398e869781e37dcbdaf9edc555380b43e881908bde7085eaf8fd8d8fb453ea50661e846a9b028c7808e023455c9d57787d6623bc693bc93b0074e17dab2a6eb411fc1a5b9f139d843a1c0ab45a2b1242d8639c2912c33f4f931b93268fb270c9386022e35a1b4510cedffd5baef9281cfcd6af31c94f51f83a17f37cce063d2f0aca005bd598de8209442a080e55fefb69dc1df66bf97e146d95ceb58a3be3e59840a1ad2a612a8c395965588cd3217c84582093e319cc3c806c6f498a9c71c2c42ff865dde99ddfc4014c92a207b36fa0fc47b35a4ac40c12e9ce750310ee8df71544097f454d20fd53132360870b8a09f73d10970483c49d6c7433744ade262c42ad42caf57b67ec378492fdad2249c913338ebcac745727eb9b8211f50bfa809f9f3690b24bace75ecf3dfcf89ff6fc3c6b06c4f446d442fb77a9d37d373a72327e7c3766310dfd8a7b4"}, {0x38, 0x116, 0x7, "29fd92bb7d518aaa44ddb4e710a4fa8cdfa1702a17abe107bd3c080e81e1649e9d3e8e9c26b9ac61"}, {0x60, 0x10b, 0x100, "79421eb254066d19e3d4800f7574a2875e1185b6ff37a807fcbb9b3b4514c46069d1f56bae6b7eea31804eaf2e007c20313eccae81d7d3003e96376ac4aa2738975e8320a1f78769a340"}, {0x10, 0x104, 0x7747}, {0xe8, 0x1, 0x1ff, "21f9d0590617dd8b0f34de7fbd733cc6759931b8ba699428875f43d36577e3bbbf40c3318328754d4299244c737f5d8e0bc478b942290f7789fd372c4f8b46f4f38b97337e54702af6567e92d1bbc8dff7cf66d883bdbc0131a69f1512ce59f9472f17da7344a227b12d04568732229d73b49ecf427d0bbd05e6ad3097d2a40a5f8265cef0cd8b02eb8f31480313f120acc39df0552b928c661ecd91d17b8281d88d2b9ec8c219d7c9d414c26254f4c49d96262ebe9dc5bae7b9156232a3b337da2cbee2c98de7ce303f457e92d2cc1d7742f181"}, {0x70, 0x105, 0x80000000, "2f50a43ef45a2b2c8a474ba770643fe7f292a3286f619a536ab23f540fc8ff76266cb96dc4eebd10357c8c0c4aa9ba89137b7ddb73d8beef34d2c975d545416fdd3edfb4c2f89a30eb4f6509c7fe21aad7eb82c2b7e1070e2b3fda38159d"}, {0xe0, 0x24bab4d8bf3800d7, 0x8, "bbb74b2bd314a0bc54ddd2fcec731649c4fc062bafc507c43997976ed9a98c2d053e7a7c66594a1207dcaaf441afa0f4f9de2ff07c9fb60cf4c10f46d1072e47d203776466e9b9f2f5ca088b5ec159d8b0bcb9041d3ce2e27a1f1b8764a1c27ad6faaa4e840b6fb355f480b053868b397de7a8adbc7704a835ca84702b1b44c5eeb8797493b4bc4ef8148f14ce86c41ac770a1695d2974da8a59805072637c05c0418fd71335a24e32b36bdda1c50e904f39fe92c5e98f1694ed5fab87fcf0700fc80d3a9e65957efeadce73b5"}, {0x1010, 0x117, 0x1, "1469f49265af5cc187edefb0f3fbb3a1f4c246b13e1d4bf9635edb1388fd684b1ec2a25f5525037d6399ba3dae21522cd355f471eb5c3badcc036e66aa7cebdf74de4dad2c020450a258f9db85e82302ce39d3c95028433eb5b464814de1de3c05d2479fdb786a24ee3793027b63fbfd4518b939c888fb16a5d1d03aa4b4f12fade580623b0ab33283cf063b4cd5d905c1da4985f40a215ec3ab7c99c061536568fa850c5a249828b3eaaaebfe34ee99a11ce96853b2a92702cbd465aa0c6559c7ad7a7a5d049b12c60556a1ea6c701a94874ef771a59df6096bdf0e20a98fb72327bfdf0aa664dfe559244ec0f519de54b32a148e6924c1aa57c9dd706c4218cc592b6bb13d42112e5b4169786fc8aa5d8cabe6147d157fc48828dd2ce9e8e0002313ebf032777626eda626bbf961a73211544588c4879dd1ce4cfa91bde952a2f9c1aedfb04bf8bd027ffa73f425a5698759cb899fdbc240d62bc3505a2e6571ac78b27d1221dd6ea104c98a15e0ffe7ddbec9619259713319766d3b91019bd50a1f8d77fd00c8d25c1dfb0eb854ae838ab87d4faf21fcf680d632eb12dd9d3f5971b85f9d974e630126f90019ab666d44a4794d0ac48c22921a9a689eebfb8e632b2f3a5ae0f1f9054239cc93c5584e92b506d91f5d74c383bf5abf264f5395b3a3d65b136718cc04162d932c18420d18a7703290329d5ccd01d20b37f9c2131e389a40aaaeeab063d03d7024289010e1e93f3a37015cd89efcabc7a2e4a235b70cfb5877fa1b40051700f1618b3713b48ff18cb54108c660eb38eca489783b207100cd84b4f7ad9adb8698f653685050c83563091176fae2fc5cf050343a0e5e1abe7ae66163af30871fbf03fc2227b85db7d0c90c843c4ab58dc6f360ffc2893d14ef6410bc0aed56258f8ebdd5f1ca7c0ae9b2abcdcc40c3c777f997c98cd138e47f5300c355ef5b5b1b0e15abd71223c2e0a2db4c03c78273dbdf56b138b4e380f1b82fb3c3b59495fe639b3014479df4b8357185c3ca3fe6edbec2733dcff4f1118c51e144c9be0c30982c112ddf3997e07d712bc3499dd68ee692803d92240294cbb8e58806b90007f9d19adefc878b4de9d1b0b584c87a4ad67def3d8b5b4743d54ac8622f40e61737bd782a83ae7da1f66d04861f1337a98119af5ed3939997f0942761ebafac2d0683dd2b6634ff69f1465f4e76774bf2da0f1fc27bbc7972a61a3fd13c4b75ccb9fb91c6ba442e3c906526ecd80db408a7e3fd463ba34de9483f3372e2717087289a921017cfc5d87601e28b57e8e7e378e060ceb2785cbb34aa68d04b3b36bc9d9f0151e69cc2845b15419a81b3abb6497486574fc5a0d5027f4aee08900d89bbde3d8ff67e45134b2962cc3a22cf27ffff713b33d414f1b9fe43e2e0c54e9f426c45fef64c44a0338848621afca91f0e356b6b9f97983577ccd42cea439eef3a4cffc5e20c720d5957da78a2a1219ef3f55ffd0a2cc1e52edbcbb6f8be940e102ecb82f3923467a14a0d4b228aff0d678b522ccd590a91080e3a089c4da664c2c326c70643c62ac98ef0f562bebae326c896fb630175a918dcf6c31fb4e8701b6a2000acbaf6b17403f3decee71317b05c3048d2b69da636aba52b03d8ff1594dff6b1d52d30032b5006935e1a5d1510a0d6b281179c4a8d6eaf7c67dd80de36e130b097e8dc65ccaba54bcda72b87f1d7ae5f6ba416a8e5bfc57121a072afb36c9c3fb5069569e287bc95a3955700e9baa1c6cd0a6ea924083450235fb25ee5d4f03bb83ebec69c86ca83a5a83d48370bf91636dacc97a1f6de38bd7617b834ba0c7d8e61773a11c4cf9baf5d1e7d45ec84b4a962fd2a3c0c1b900c389f84392409a79afee4f756b49e95f6dfab53d0836c9b76e4a4c0b8838fd7092fba973978b83165643a870233d284a672dc8df64301b9ec09d891e3af17f7ae63c5b4b4c1a79382ef4f5f7bc8927b8b9afebfed0ba8ac5bf3feccfc3c66221eb4ff4bd52886b4f7505793143a31c53f3b81802f443ec9456fc4219853b1f1420a476398eecc3de781818e91edbc25f4b2cf5bed56a3ac6d115a827f0c7ce1974273e582839e68a499e1a70e0cab9d7fd5a91a92b0b2d7e303f0dda915fa9e06131d809b7ccab99692e3e5ab06938b380a432a3e45a3a3b414faf370055616bedc64dae7385cdfb3f95e28ade2905feb692d612cbb115c432f377aba5bb2d72cbde7d95c837b7b32ee7548549fd955b3dc609e84aa5f3d7caff09df69a967e5a447eeebf168162e7ba84d74901e5a9d4b24ec9cca5e457c8fd99b254d660bcc7446216d9f508e3c55e1731e9bd27ba98d001b8a914bfb2c044d57d3a467f8a3920a80fedb98d9b3f905aa016098888ac1dc267d62754530e02e160a24e43cd12e69f4344560c440d0c998eaf894814affdee6e2c2eea303f5c2b9a6a87b0dbd9dd22ebc50e56506763c2cf8572eb4ac9aa5a2341b3cc711f41401853b337ae757eeb3ef98962880414061c2eb0a858b863282e20722f4cd132dd71535b83fa68b9e9790c6ff63b8b9079c79e165024beea6356b29697c883caa144e77253b2ff5e18e0cec8fac762d999190176f0556d84bed094fe4a4886a198995188effcb5653a457374e6177b3a758d24c01d3c26988cb5f9b82db83db35226ce2739a31feb6a8283d92372b94037aa762372101ae6c2a7025ea9b145c388533e044e34f337553bddb3bc5ab1a43b2c32d8db756ae573799259540480e3511323a5e191b867b5fce08e59bab74889e49374d3e940ee739586450ff84ee59e7c3ec780f77775b1a32fd4c26d1f8fbba663fc023c75d89c10f66ebab243662fbf0ceb950affc9f52f4cc868c3c276d55452847877e9f7ff1b823753a7f7c9359e6fdfa1eb6300c7c01cedb016ce53c06e5f0f8078ad3814d6cfb01c644ce612f9d31af7e76631d0e6d950fe3b626571af519210d287a878ab91819fdeca53b7432efb14f7698a04594d5fb7e0db6a8644a0e4132807f890798b17179a2c752ee6927bd7dc188b7274ee5697e0b19cdbff085e87250c4d4d973e953566a2f0bbf20629fb9fcd01bf1e2b7edadca0bb0cdcf2175a011153d6d9e63cf13809a14231c6c95636b9e9d3338f14bc3bbf05ba9a15084fb544063081a1c4e622b751fadebaf4309b2ea2044d8b8f29d5566517873a668119c7792e5bb7ef8682b1f40df5ece2873c5d1ee78ac9830af9439e0646c894744227c230cb57a11b76c5a3d677a396528b5d893b43718e7c60b49158e527b7f451e9516ff4ef061def73f9ed2bf510eb5a56d023dae5260083c70fb5986cbf65c192c155129aa5c11e7da27dc5638841865173e67135f309a4f2d16fe5f3d754cd5a91b825cc7cab8912b8dbd99f24de7ce2f0729ce88252a22aa63cccfce39f95c77ce1250a861e1bab53e0c3725b118683252d1c5f385c973f3b0abc68f77f69238bd2541c75c7607d38555d65e21410674c994a4dcc546c737f2e67f2e4057dce469fcdecbdcdf9ef112b88c24eab6fa1af89b45ac537a062effc71022d044b81f04a07ab34416f98dfb9568c899b75501cb40b0f73493827ed203fcec857f221d1977ae31d878add94b129eca9262ca9dcbe115ab15bd3be4f886aec767f9279d11ec2898186ca46520e96aca8af6cc79af49fc8b1743d7e2f9f5028f84c6132f2e019499fd943e9f7cec18402c9648b87f1a2da0269849452f6cf49dc002b7e518e69a8889b016e276fdec594c3b7ce2252d5127c937adcd3263be9209c8cb5f6c6424c04e69f883d9f10e7f4cb06c79862ba7609c280801d033256822e982ffbd1be9dff1727eaf67e38b87deee8f428e51fb3d455a2ca037df541790b1b08f7c52461656780e2a165c1e2c9c11e0841ba8d23839e7e95cb1133e74974b8bcef46c749902bd9911de1029bfdccd24c410e75858511e12aa5bcab6de78bacc827f59b4800ac52d9691fe70825fe11dbf504278e9f594690972ec7323b5f6a33da5e60d540d31325b92d425e1d11ad357d1ea952b356dc305dda48fd2ec176e5f5f6ac8e4f3425328b248c32b034a97f197ca99d53991ce1f03d9756f844f026bc534944f5782e276bca99669c685eb4b995fff725e94f93c60c9796b9e6ac093e1641dc2f6c0673c9fe1c4bd57af35cd9d1ab684c88aeae3ed50ccf4cb65dc81daafc6038273f22fde267ba9809800c166d07b2a6a409f859dc710f0d4b497aac4db19b5f5d685ba6dd1c1920f6ed0b7b94aea6b40891261f6e62a4825f889aea66c413429f49d2768f838ff8d0f8dee90ba500a5286b149bda4afa1a67f05d1e952bea4ce68e1a7f02218e81f7f2f8617143679c6d1fd208d111cb0ea2cc577ac2f0e55c994958bb20f116ddaa0019bc8eb9250ce13602212a2f706368939e7f85cade9322efbce9b467d298a311929a010520d7875b1353cbf3548aa2567b179360c724de76b0931929417c25eecde5cdadfa9fc9367eafd5b60fe52fe12fd37c1e817ef030a2a15db93f4526ae47fedddef3506deb35131a26159736ace53cf31a4b419072a57d00590e98b141e4b9bf84fec9bcbb9219cd2c44bbc487d19a7f16904ea812306838a106d3c41a6bcd825f2e2fd9393b82e1c63cb6acabe4d1bde0b38d5390cec63055576f882621fda5ddcdd5c22066d5a8e506bd91fff3b0a8a8a417cc126293d393c8e8035b19423d49ff40efb1929875449b9a9c00eabe85d3a8cf1d50c138cab3db8c2dab0d1108e67483db2e1469ee083b8a9667ef5f83d84951e57254e423c52d3d35b4d4acf40b4fef754d947895214e5d456c3988354906cc2a61c5323ad418529b7d4b7f3e2200216b6e0edf5a4b65a0e758c92c45a3eecdb2eeefacf234d42193645f4d7cced2d75b208d7cea5be800bb0ba33daa6b2e27769f775aa04dd64a41b6c662e6906ee45e7262e21456525389d8fe3703037a77f7e4275db233c8ac197941669a773b799d3bd93dffce5bed7fce58810e5e8f9a354d03399e2d9cb7a90884b67d262d3b3b02cfa4d3ffa20dcd5143cbfa0515f414e51d483c637d0f3e9e1561b75b4f4820c56c3e04e3a014317e0866f4d9a85da84a586fb58f659188a87b7e6d2c87b06044702f9a6e363b15c79674d51b2814cdada5a3ec7e010b827451fa05847e71bcfa0d2f2e1ee0942e93d36ad8df58367e90cd969a24a3454f3dcdabcc9de573ecfc6a964405e2bb1ff2f80d70237f996ac3292ed070290fa0001458e66bafcf04b40f1adc63983cb531e4e4175b62f4c7170a42e3bcf38c124ea6a443ca43b68289f2424df4d879a0bccd5ac3adb54c5b0e067c0c56d3774157bdcbe5fda344ad7694fc14c219f88d484cbe851bf52ba940dc36f73f14819bc6cc356002affc866b601e60b4c5d2638f4577d1c968bdaee07fcffde198534fb10b0350f9ced1b0a7ffeb74801e41971038957747a9f75b512da5df0bb6652e9d4b8ac622088197e4cc3936f245113c6d7a395f20bada412f0aa085f2debf6136c53b51a3f0eb3433824d89f33c930b7625f9a3aa9b4b841f8de1c2f706e3f047d510b3d82047e7102842db35be40453afc537e746c03c4ae35344a20920f662d0400f3e5a75ac87f2d18370cfbbf779060983030bc9541589833e009a0cef18aded9f0674ad7425b909f63311938f84cd7dbee49976e1747bc2c17664773f7ec3c0c7cc3ce20ba69ee60c771f6bacf0a83036ed3cb55329d228731e8e4ad5dec96c98d58f3504c37bcc692e040d08c3f0476a18e29259b"}], 0x2300}, 0x800) [ 1410.530305][T25872] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1410.604453][T25871] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1410.604453][T25871] !' [ 1410.637936][T25871] CPU: 1 PID: 25871 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1410.646365][T25871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1410.656415][T25871] Call Trace: [ 1410.659716][T25871] dump_stack_lvl+0xcd/0x134 [ 1410.664318][T25871] sysfs_warn_dup.cold+0x1c/0x29 [ 1410.669445][T25871] sysfs_do_create_link_sd+0x11e/0x140 [ 1410.674911][T25871] sysfs_create_link+0x5f/0xc0 [ 1410.679677][T25871] device_add+0x789/0x2100 [ 1410.684099][T25871] ? mutex_lock_io_nested+0xf00/0xf00 [ 1410.689479][T25871] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1410.695030][T25871] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1410.701275][T25871] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1410.707519][T25871] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.713763][T25871] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1410.719756][T25871] wiphy_register+0x1e8a/0x29b0 [ 1410.724618][T25871] ? wiphy_unregister+0xbd0/0xbd0 [ 1410.729644][T25871] ? minstrel_ht_alloc+0x531/0xa00 [ 1410.734772][T25871] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1410.740851][T25871] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1410.746337][T25871] ? ieee80211_restart_hw+0x290/0x290 [ 1410.751722][T25871] ? debug_object_destroy+0x210/0x210 [ 1410.757111][T25871] ? memset+0x20/0x40 [ 1410.761104][T25871] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.767350][T25871] ? __hrtimer_init+0x136/0x280 [ 1410.772216][T25871] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1410.777963][T25871] ? hwsim_virtio_rx_work+0x350/0x350 [ 1410.783344][T25871] ? __kmalloc_track_caller+0x1a0/0x320 [ 1410.788902][T25871] ? memcpy+0x39/0x60 [ 1410.792895][T25871] hwsim_new_radio_nl+0x9bc/0x1080 [ 1410.798019][T25871] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1410.803932][T25871] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.810180][T25871] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1410.817568][T25871] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1410.824959][T25871] genl_family_rcv_msg_doit+0x228/0x320 [ 1410.830520][T25871] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1410.837904][T25871] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.844325][T25871] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.850555][T25871] ? ns_capable+0xde/0x100 [ 1410.854985][T25871] genl_rcv_msg+0x328/0x580 [ 1410.859494][T25871] ? genl_get_cmd+0x480/0x480 [ 1410.864212][T25871] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1410.870097][T25871] ? lock_release+0x720/0x720 [ 1410.874778][T25871] netlink_rcv_skb+0x153/0x420 [ 1410.879529][T25871] ? genl_get_cmd+0x480/0x480 [ 1410.884197][T25871] ? netlink_ack+0xa60/0xa60 [ 1410.888796][T25871] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.895023][T25871] genl_rcv+0x24/0x40 [ 1410.898993][T25871] netlink_unicast+0x533/0x7d0 [ 1410.903746][T25871] ? netlink_attachskb+0x890/0x890 [ 1410.908844][T25871] ? __virt_addr_valid+0x5d/0x2d0 [ 1410.913854][T25871] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1410.920082][T25871] ? __phys_addr_symbol+0x2c/0x70 [ 1410.925114][T25871] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1410.930919][T25871] ? __check_object_size+0x16e/0x3f0 [ 1410.936194][T25871] netlink_sendmsg+0x85b/0xda0 [ 1410.940958][T25871] ? netlink_unicast+0x7d0/0x7d0 [ 1410.945886][T25871] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1410.952132][T25871] ? netlink_unicast+0x7d0/0x7d0 [ 1410.957075][T25871] sock_sendmsg+0xcf/0x120 [ 1410.961484][T25871] ____sys_sendmsg+0x6e8/0x810 [ 1410.966238][T25871] ? kernel_sendmsg+0x50/0x50 [ 1410.970902][T25871] ? do_recvmmsg+0x6d0/0x6d0 [ 1410.975494][T25871] ? rcu_preempt_deferred_qs_irqrestore+0x4e3/0xb20 [ 1410.982080][T25871] ___sys_sendmsg+0xf3/0x170 [ 1410.986658][T25871] ? sendmsg_copy_msghdr+0x160/0x160 [ 1410.991932][T25871] ? __fget_files+0x266/0x3d0 [ 1410.996611][T25871] ? lock_downgrade+0x6e0/0x6e0 [ 1411.001452][T25871] ? lockdep_hardirqs_off+0x90/0xd0 [ 1411.006646][T25871] ? __fget_files+0x288/0x3d0 [ 1411.011318][T25871] ? __fget_light+0xea/0x280 [ 1411.015957][T25871] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1411.022359][T25871] __sys_sendmsg+0xe5/0x1b0 [ 1411.026848][T25871] ? __sys_sendmsg_sock+0x30/0x30 [ 1411.031868][T25871] ? syscall_enter_from_user_mode+0x21/0x70 [ 1411.037755][T25871] do_syscall_64+0x35/0xb0 [ 1411.042165][T25871] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1411.048044][T25871] RIP: 0033:0x4665d9 [ 1411.052273][T25871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1411.072038][T25871] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1411.080438][T25871] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1411.088399][T25871] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1411.096354][T25871] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 21:29:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d004d0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1411.104309][T25871] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1411.112351][T25871] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:29:05 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01550000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:05 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1411.180297][T25907] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:05 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63090d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:05 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1411.224728][T25907] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1411.248900][T25918] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1411.313649][T25921] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1411.380466][T25907] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1411.380466][T25907] !' [ 1411.396452][T25907] CPU: 1 PID: 25907 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1411.404965][T25907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1411.415020][T25907] Call Trace: [ 1411.418299][T25907] dump_stack_lvl+0xcd/0x134 [ 1411.422907][T25907] sysfs_warn_dup.cold+0x1c/0x29 [ 1411.427857][T25907] sysfs_do_create_link_sd+0x11e/0x140 [ 1411.433330][T25907] sysfs_create_link+0x5f/0xc0 [ 1411.438104][T25907] device_add+0x789/0x2100 [ 1411.442610][T25907] ? mutex_lock_io_nested+0xf00/0xf00 [ 1411.447991][T25907] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1411.453633][T25907] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1411.459877][T25907] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1411.466124][T25907] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1411.472369][T25907] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1411.478368][T25907] wiphy_register+0x1e8a/0x29b0 [ 1411.483321][T25907] ? wiphy_unregister+0xbd0/0xbd0 [ 1411.488347][T25907] ? minstrel_ht_alloc+0x531/0xa00 [ 1411.493505][T25907] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1411.499588][T25907] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1411.505073][T25907] ? ieee80211_restart_hw+0x290/0x290 [ 1411.510629][T25907] ? debug_object_destroy+0x210/0x210 [ 1411.516019][T25907] ? memset+0x20/0x40 [ 1411.520010][T25907] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1411.526259][T25907] ? __hrtimer_init+0x136/0x280 [ 1411.531127][T25907] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1411.536880][T25907] ? hwsim_virtio_rx_work+0x350/0x350 [ 1411.542258][T25907] ? __kmalloc_track_caller+0x1a0/0x320 [ 1411.547811][T25907] ? memcpy+0x39/0x60 [ 1411.551805][T25907] hwsim_new_radio_nl+0x9bc/0x1080 [ 1411.556930][T25907] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1411.562842][T25907] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1411.569088][T25907] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1411.576477][T25907] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1411.583778][T25907] genl_family_rcv_msg_doit+0x228/0x320 [ 1411.589336][T25907] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1411.596718][T25907] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1411.602973][T25907] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1411.609222][T25907] ? ns_capable+0xde/0x100 [ 1411.613645][T25907] genl_rcv_msg+0x328/0x580 [ 1411.618164][T25907] ? genl_get_cmd+0x480/0x480 [ 1411.622849][T25907] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1411.628757][T25907] ? lock_release+0x720/0x720 [ 1411.633438][T25907] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1411.638737][T25907] netlink_rcv_skb+0x153/0x420 [ 1411.643511][T25907] ? genl_get_cmd+0x480/0x480 [ 1411.648195][T25907] ? netlink_ack+0xa60/0xa60 [ 1411.652786][T25907] genl_rcv+0x24/0x40 [ 1411.656764][T25907] netlink_unicast+0x533/0x7d0 [ 1411.661528][T25907] ? netlink_attachskb+0x890/0x890 [ 1411.666625][T25907] ? __virt_addr_valid+0x5d/0x2d0 [ 1411.671638][T25907] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1411.677864][T25907] ? __phys_addr_symbol+0x2c/0x70 [ 1411.682887][T25907] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1411.688611][T25907] ? __check_object_size+0x16e/0x3f0 [ 1411.693886][T25907] netlink_sendmsg+0x85b/0xda0 [ 1411.698641][T25907] ? netlink_unicast+0x7d0/0x7d0 [ 1411.703567][T25907] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1411.709919][T25907] ? netlink_unicast+0x7d0/0x7d0 [ 1411.714843][T25907] sock_sendmsg+0xcf/0x120 [ 1411.719245][T25907] ____sys_sendmsg+0x6e8/0x810 [ 1411.724012][T25907] ? kernel_sendmsg+0x50/0x50 [ 1411.728669][T25907] ? do_recvmmsg+0x6d0/0x6d0 [ 1411.733248][T25907] ? lock_chain_count+0x20/0x20 [ 1411.738084][T25907] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1411.744054][T25907] ___sys_sendmsg+0xf3/0x170 [ 1411.748632][T25907] ? sendmsg_copy_msghdr+0x160/0x160 [ 1411.753907][T25907] ? __fget_files+0x266/0x3d0 [ 1411.758572][T25907] ? lock_downgrade+0x6e0/0x6e0 [ 1411.763417][T25907] ? __fget_files+0x288/0x3d0 [ 1411.768095][T25907] ? __fget_light+0xea/0x280 [ 1411.772692][T25907] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1411.778939][T25907] __sys_sendmsg+0xe5/0x1b0 [ 1411.783433][T25907] ? __sys_sendmsg_sock+0x30/0x30 [ 1411.788460][T25907] ? syscall_enter_from_user_mode+0x21/0x70 [ 1411.794345][T25907] do_syscall_64+0x35/0xb0 [ 1411.798747][T25907] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1411.804630][T25907] RIP: 0033:0x4665d9 [ 1411.808519][T25907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1411.828288][T25907] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1411.836789][T25907] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1411.844746][T25907] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1411.852722][T25907] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1411.860865][T25907] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1411.868816][T25907] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 [ 1411.955724][T25951] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1411.972695][T25928] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1411.992785][T25928] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:29:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02550000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:06 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x18000, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1412.064626][T25928] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1412.064626][T25928] !' [ 1412.118761][T25928] CPU: 1 PID: 25928 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1412.127202][T25928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1412.137256][T25928] Call Trace: [ 1412.140531][T25928] dump_stack_lvl+0xcd/0x134 [ 1412.145138][T25928] sysfs_warn_dup.cold+0x1c/0x29 [ 1412.150084][T25928] sysfs_do_create_link_sd+0x11e/0x140 [ 1412.155555][T25928] sysfs_create_link+0x5f/0xc0 [ 1412.160357][T25928] device_add+0x789/0x2100 [ 1412.164781][T25928] ? mutex_lock_io_nested+0xf00/0xf00 [ 1412.170161][T25928] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1412.175881][T25928] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1412.182117][T25928] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1412.188352][T25928] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1412.194582][T25928] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1412.200562][T25928] wiphy_register+0x1e8a/0x29b0 [ 1412.205414][T25928] ? wiphy_unregister+0xbd0/0xbd0 [ 1412.210433][T25928] ? minstrel_ht_alloc+0x531/0xa00 [ 1412.215544][T25928] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1412.221626][T25928] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1412.227091][T25928] ? ieee80211_restart_hw+0x290/0x290 [ 1412.232460][T25928] ? debug_object_destroy+0x210/0x210 [ 1412.237830][T25928] ? memset+0x20/0x40 [ 1412.241802][T25928] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1412.248033][T25928] ? __hrtimer_init+0x136/0x280 [ 1412.252882][T25928] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1412.258612][T25928] ? hwsim_virtio_rx_work+0x350/0x350 [ 1412.263974][T25928] ? __kmalloc_track_caller+0x1a0/0x320 [ 1412.269514][T25928] ? memcpy+0x39/0x60 [ 1412.273490][T25928] hwsim_new_radio_nl+0x9bc/0x1080 [ 1412.278618][T25928] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1412.284516][T25928] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1412.290749][T25928] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1412.298115][T25928] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1412.305398][T25928] genl_family_rcv_msg_doit+0x228/0x320 [ 1412.310944][T25928] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1412.318313][T25928] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1412.324552][T25928] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1412.330868][T25928] ? ns_capable+0xde/0x100 [ 1412.335277][T25928] genl_rcv_msg+0x328/0x580 [ 1412.339778][T25928] ? genl_get_cmd+0x480/0x480 [ 1412.344447][T25928] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1412.350338][T25928] ? lock_release+0x720/0x720 [ 1412.355119][T25928] netlink_rcv_skb+0x153/0x420 [ 1412.359877][T25928] ? genl_get_cmd+0x480/0x480 [ 1412.364550][T25928] ? netlink_ack+0xa60/0xa60 [ 1412.369142][T25928] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1412.375377][T25928] genl_rcv+0x24/0x40 [ 1412.379350][T25928] netlink_unicast+0x533/0x7d0 [ 1412.384111][T25928] ? netlink_attachskb+0x890/0x890 [ 1412.389316][T25928] ? __virt_addr_valid+0x5d/0x2d0 [ 1412.394329][T25928] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1412.400555][T25928] ? __phys_addr_symbol+0x2c/0x70 [ 1412.405567][T25928] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1412.411276][T25928] ? __check_object_size+0x16e/0x3f0 [ 1412.416552][T25928] netlink_sendmsg+0x85b/0xda0 [ 1412.421312][T25928] ? netlink_unicast+0x7d0/0x7d0 [ 1412.426247][T25928] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1412.432477][T25928] ? netlink_unicast+0x7d0/0x7d0 [ 1412.437410][T25928] sock_sendmsg+0xcf/0x120 [ 1412.441822][T25928] ____sys_sendmsg+0x6e8/0x810 [ 1412.446577][T25928] ? kernel_sendmsg+0x50/0x50 [ 1412.451413][T25928] ? do_recvmmsg+0x6d0/0x6d0 [ 1412.456004][T25928] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1412.461981][T25928] ___sys_sendmsg+0xf3/0x170 [ 1412.466561][T25928] ? sendmsg_copy_msghdr+0x160/0x160 [ 1412.471842][T25928] ? __fget_files+0x266/0x3d0 [ 1412.476509][T25928] ? lock_downgrade+0x6e0/0x6e0 [ 1412.481360][T25928] ? __fget_files+0x288/0x3d0 [ 1412.486035][T25928] ? __fget_light+0xea/0x280 [ 1412.490614][T25928] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1412.496852][T25928] __sys_sendmsg+0xe5/0x1b0 [ 1412.501347][T25928] ? __sys_sendmsg_sock+0x30/0x30 [ 1412.506374][T25928] ? syscall_enter_from_user_mode+0x21/0x70 [ 1412.512268][T25928] do_syscall_64+0x35/0xb0 [ 1412.516673][T25928] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1412.522558][T25928] RIP: 0033:0x4665d9 [ 1412.526440][T25928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1412.546036][T25928] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1412.554444][T25928] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1412.562493][T25928] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 21:29:06 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d014d0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1412.570452][T25928] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1412.578411][T25928] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1412.586373][T25928] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1412.701663][T25960] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1412.736365][T25967] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1412.806864][T25968] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:07 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:07 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:07 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03550000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1412.847749][T25968] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1412.847749][T25968] !' 21:29:07 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d024d0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1412.940038][T25968] CPU: 1 PID: 25968 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1412.948761][T25968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1412.958814][T25968] Call Trace: [ 1412.962090][T25968] dump_stack_lvl+0xcd/0x134 [ 1412.966694][T25968] sysfs_warn_dup.cold+0x1c/0x29 [ 1412.971642][T25968] sysfs_do_create_link_sd+0x11e/0x140 [ 1412.977115][T25968] sysfs_create_link+0x5f/0xc0 [ 1412.981889][T25968] device_add+0x789/0x2100 [ 1412.986315][T25968] ? mutex_lock_io_nested+0xf00/0xf00 [ 1412.991694][T25968] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1412.997424][T25968] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1413.003670][T25968] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1413.009914][T25968] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.016164][T25968] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1413.022157][T25968] wiphy_register+0x1e8a/0x29b0 [ 1413.027022][T25968] ? wiphy_unregister+0xbd0/0xbd0 [ 1413.032046][T25968] ? minstrel_ht_alloc+0x531/0xa00 [ 1413.037173][T25968] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1413.043258][T25968] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1413.048738][T25968] ? ieee80211_restart_hw+0x290/0x290 [ 1413.054122][T25968] ? debug_object_destroy+0x210/0x210 [ 1413.059596][T25968] ? memset+0x20/0x40 [ 1413.063593][T25968] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.069927][T25968] ? __hrtimer_init+0x136/0x280 [ 1413.074798][T25968] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1413.080547][T25968] ? hwsim_virtio_rx_work+0x350/0x350 [ 1413.085925][T25968] ? __kmalloc_track_caller+0x1a0/0x320 [ 1413.091655][T25968] ? memcpy+0x39/0x60 [ 1413.095648][T25968] hwsim_new_radio_nl+0x9bc/0x1080 [ 1413.100772][T25968] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1413.106684][T25968] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.112935][T25968] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1413.120315][T25968] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1413.127618][T25968] genl_family_rcv_msg_doit+0x228/0x320 [ 1413.133180][T25968] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1413.140565][T25968] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.146820][T25968] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.153155][T25968] ? ns_capable+0xde/0x100 [ 1413.157580][T25968] genl_rcv_msg+0x328/0x580 [ 1413.162106][T25968] ? genl_get_cmd+0x480/0x480 [ 1413.166964][T25968] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1413.172874][T25968] ? lock_release+0x720/0x720 [ 1413.177560][T25968] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1413.182845][T25968] netlink_rcv_skb+0x153/0x420 [ 1413.187861][T25968] ? genl_get_cmd+0x480/0x480 [ 1413.192545][T25968] ? netlink_ack+0xa60/0xa60 [ 1413.197308][T25968] genl_rcv+0x24/0x40 [ 1413.201281][T25968] netlink_unicast+0x533/0x7d0 [ 1413.206073][T25968] ? netlink_attachskb+0x890/0x890 [ 1413.211170][T25968] ? __virt_addr_valid+0x5d/0x2d0 [ 1413.216182][T25968] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1413.222408][T25968] ? __phys_addr_symbol+0x2c/0x70 [ 1413.227420][T25968] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1413.233225][T25968] ? __check_object_size+0x16e/0x3f0 [ 1413.238499][T25968] netlink_sendmsg+0x85b/0xda0 [ 1413.243257][T25968] ? netlink_unicast+0x7d0/0x7d0 [ 1413.248187][T25968] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.254416][T25968] ? netlink_unicast+0x7d0/0x7d0 [ 1413.259342][T25968] sock_sendmsg+0xcf/0x120 [ 1413.263749][T25968] ____sys_sendmsg+0x6e8/0x810 [ 1413.268502][T25968] ? kernel_sendmsg+0x50/0x50 [ 1413.273185][T25968] ? do_recvmmsg+0x6d0/0x6d0 [ 1413.277781][T25968] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1413.283787][T25968] ___sys_sendmsg+0xf3/0x170 [ 1413.288391][T25968] ? sendmsg_copy_msghdr+0x160/0x160 [ 1413.293675][T25968] ? __fget_files+0x266/0x3d0 [ 1413.298433][T25968] ? lock_downgrade+0x6e0/0x6e0 [ 1413.303294][T25968] ? __fget_files+0x288/0x3d0 [ 1413.308161][T25968] ? __fget_light+0xea/0x280 [ 1413.312758][T25968] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1413.319216][T25968] __sys_sendmsg+0xe5/0x1b0 [ 1413.323715][T25968] ? __sys_sendmsg_sock+0x30/0x30 [ 1413.328744][T25968] ? syscall_enter_from_user_mode+0x21/0x70 [ 1413.334654][T25968] do_syscall_64+0x35/0xb0 [ 1413.339063][T25968] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1413.344946][T25968] RIP: 0033:0x4665d9 [ 1413.348828][T25968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1413.368438][T25968] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1413.376836][T25968] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1413.384812][T25968] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1413.392768][T25968] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1413.400725][T25968] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1413.408686][T25968] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1413.456191][T25970] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:07 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f000034c000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000140)={0x7, &(0x7f0000000100)=[{0x7fff, 0x2, 0xfb, 0x6}, {0x6, 0xff, 0x1, 0x45bc}, {0x1000, 0x3f, 0x20, 0x157e}, {0x7, 0x5, 0x5, 0x800}, {0xffff, 0xf7, 0x2}, {0x9, 0x6, 0x24, 0x1}, {0x0, 0xff, 0x3b, 0x1a}]}, 0x10) bind(r2, &(0x7f00000001c0)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x80) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000002c0)=0x14) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x0, 0x100) writev(0xffffffffffffffff, &(0x7f0000001640)=[{&(0x7f0000000280)="63d8f2ec78ace2ce52", 0x9}, {&(0x7f0000000340)="4b1b4a43c7a3aacd1b0831e76603a2f4209db313332ae063bfda44f7", 0x1c}, {&(0x7f0000000380)="10124b61217956f396a454197c8e8222ca3aea2616faf30cf84e3ead8249228c4b08e7ce1fa1b06bb3a900402cd9f1b9b0cd33f0ae241937615a67f9acee6af71f7650308635b73e1cfcd512dec8d35d7a7fda49e346", 0x56}, {&(0x7f0000000400)="19eedc7646ad7ca8822e00abb708a06b8421e3c8bfb5060dcc2afb03b4ad451dbc04ea296a4da2f1e7c17c5352eee9658b7cac5b9b8e943301b4e58d68f4cc09016cf5fc2105a8d06c1d433cee5072841956c7b01ace59b10e0b70acadfd46020342c88611f372be0fe220bb053186181f87fb37908a6f", 0x77}, {&(0x7f00000017c0)="69bbb8dd4be53bfc656da1ff5fe3db10f8da35f2eefef9f86936caf9e5000b31ab0c0c28ed4330b40b0c706a1db40678cc2bca8463fa2b38f492e3cf38224c7b439c89dcb4899d02a37d8c351529bd1739d364345bec3081d0338ee6700b269a992823a87f2e7ab7e05f60263123f6efc8b2c7009ac86d7c9220cbeab77658cd7eb474f6ce01cdad9bfb530760375f8eb358f12ff422f397918858e33d092a9873a2a2d26d0d474759c75f6ebb24f180105e5562378ebcf7f5a8dc7f75e44d1fd99405b50eeabfd6aa998a656145aecbf0014099d1a3a00b30a9a895e58dcb7f2778efa85762652f28bb792944c39d12f26c0535d44296ad6623817d3685928a99b0caa75e7377d9a86b59db503f59ac3dc6cc39ef6b31b872fd5066200a6834833f38aa424c52e6397d44381c9fd01a2dc9dcac8896a30b1044c802b36432c782ab70a5526c39661e6c7fe5b5a5e3c3c852491c032fa3f5cf801601d94d015584f861948987c48c1331171f454d5e2e415714fa786c047493e0fd7ae1f25bfb8d07b29d86934ba2afd2292ec3a962d0796182c7c1a71d19c9e53f1aaa0a057b97e43f583296161335459b8c0e1d6ce972b899f6b0c31d5992bae8d9c5afba96d52adae4e55958f7e21cbfd77281dc9b5d86164ed79b35c7bd78b92b16ccf958cb302d1a8a8a546d3f2158cdae1dee25e62125de124f81db805841aee183e09ae7044acd0832bd1687b006c8e0cad3ac797526102c80573f995d7167a77a3a5d61eb0ce9f5f3555b22c09f414ee187bc8672289e35bef8ad81c811773ad1855e822196e6aef58b9f2d16ec986fd0a76fb6d21ef5bea833e981edc63080675e4d7e813094013f2c0962707f76e5b45ef930b9ea5092837f2dc2de2afc20507f0a3a4e7f023da9201081044a1b2fe86a2727578b1598b1cc403492a162510f25a66d023e37505eaac197551b544468223f4efb199b446217e747c32b0b9735b80611956019252b7bfeb8f3e11afcbb9e83489c2a75ac52d5ea18ad06764dcb4f5b4fd17ce550a448d1c311801a63765badb0bd5f213c7e22e5f5970495d6d8b562c789f393eb5996daa3e0c6fdd3d303f1f83d67825bc52ab2bf642f7cad2de9ac407e2b34fbeb5601d923c3d2ac56452a5ea184dd8c96fe8505cb5585ce1961af35761a80009bee2069fbf1563bd8e377ca88566a2944a2f2c2ae93231e015b411f807a7d683682db55dac91670da149b134aba1fff33f79f07b2d7a0814ee9e13869632d9ce569b9aa0717469cf16bacd316fb0898e0b431544906fd7f61b0edd397fdde81d118ebacb478560834d2eef8b61f4266f4537942ae57f4a245bea637b090a32208ef2b185ee37159f663fa5d268fd8852aa00edeb66ec30c58b72b8bfa39b008f7f485bc41dcc920b09bc9bcd2983e8c6ebe11b6022b2a2469f1f291ef1692b85391572a902413b342c2281a6180a45609b329958cb98bac8d6ad91bd3214cdbb4bc0cce7e3ba2fe8ac9463257cd02cf31b2147a934fda9fa5ae115b8cbc0f68e0033da65d9804a2bd3f48d05b552ccf82776f79aba9d3d91b73cb7c15555f9ce65b2aa2c97774edf1add4b74691a6fdc0751b39c7417091aa3875862034b013548e1a5fa7f42582080a7053610799ec9493ea81bc7f51172150edce69fda9fd237fe14840e275ce27d166c0f28dbc87b5bb99d972e5f9be6682516f284a218193fdb6eac2243ca9003eee6022012326a235b20a435b04c1d9009d49dd28cd82a63a211229d19dab7780de831610d162d53729185ea42dd8465608ccfa09e89c372f5567d2576f9346a940eeab8b5af5d03bd81b569cbb486c48d4bd7b7aa6cfd2076c1d76a6b6474a11b3754548cd9fb19ed4b9d5f5896d4de51817af3c1ea718027525faadb350fa525ecfbaaef88d8ac6f8d5abf36edd571f06d2c4ee4086665d1a4f40a97da7dc0d6c08e397b124c6991a8fd24524a2d79dee53e27b8c9153c14e3ffd9aeec6d7d597170bfec14611da93e6b52cc33fe4b740e76ee10734dbb5fde57312ba2afb991a7524d326eea0154290db6400772968f1e63a6ff5f209911073a28955d4d302969c2a474a5479320569c162a58a92e27757c4509d088f5be0b92189f8f52c85d4b444e6c0ad36d88e6b192650ff5b64537681f592a37ac1e4dd90b5ac62ab344fbfeb3c70ddf0b07203bec6f9b551ede1f17e4ead63e4fb5337fec7f6b2ab66a6fb4d5400d070e1e6228b39b20efe769caeaff651c594375b16969f163a0816a1ebb0edc98c652ab9785125d11d42ede44ee54d664c1ee2f189fabfa6b1a07f3a6852684549398ff2a608cc550a12b6283f2a307365e1d36798cb7444ae6b1dcf4521e54bbe44683ce28fd8399474e83123d31a66a14a4f81f17ebace807e2c879b3c9bb18aab4a2fa88f46ebd69dc61530cb83700c49cbb80c075051f124fe203777e16cb56825cbd8b5121b000c4989b6d0da5a9fe39391ac5de7e5ae950236d95e5d3c329c7adc9c3972a119451a543db1eee4e42d1820cf4d8ef477d0c22546033d7c475e139a57c2897313e4fda3770a0cbd03dba79a3428fb6ffaf33f4d04f2a1755099970697930389cfb348af84231ad6a60b91f30ff329e5298eddfab3be815927fdbd4fbabbc3775c9111e39cf5998900bcba918bcfc1b818c682db8fd940423687f7fd4726b50712fa743db5e2f9381751a6ad694cbe13a01cc52b6e88f8cf2404b68c3d8d54e1919384357e823f8c63c1b98e378f422834e6d3b8ebd1cca7f16842252de4ed9726a085ff4c897c2117e7c6996f510ceec8e309cff9c77da837a5635a8a522bf2288f125203b30472c077b664c872a4d9f2d6a36194b591216c7a777946d82126c965d5e9a4bb669117e8995f4faef39d9cb260907811d7dc84fa6fa9fc334e051ee0c1a95fb5f93085d86f873ce1185d47157a99cdbf55613735e0105c96cd8602dc6b9711548faa04ab795127208bf8b65587fdf46ae4c80c7f9afd0c364428418ee2547ba85024d4e8e29bdf6f67252390e0d1ced966767ab02ebe5052c9760a05a7735ade87a42732db2efc0e1c68b379a16f8b09e2c9a8f838c839a3ffcd1216b873db64d9bd635b60cd22dca38feaa8356fe66b4bcbf18e7b31df5d61606b21cb219e383819c6d359cc1fec8a9f37a6dbed52b5cfc65ba7da6ca13ca717007e0b49f9293ae2890a0dfc25fe96da5e465f5873e8fec3b728b499f4a0ac384edb07c735ae1c336bbcfb68f800a7a1a4f5ed7026406cf03d611741ef9699ca3b63c8905cfc82e42650b27cb14d85402a1d00f9204022af98aba3473d4ffc186a909e316aa819f444cbc78c6e437b7b1b051344f66f91c1467e88168a9ac2a53dd0a9c4aee24ec9f525a06a4b9b2bbbf903b32858b9259882e883395e69e37a0a203457dcda976a51214b62e64bc2c36a4953ac66fb53d73dbe3872c2ff98eb1bfc292593a6e089d53aec48bc6288285cf0116c325cbe01bb21ab1a88e6540020fc8bd2657ff54b88ac1f0701a1167926eefc5bfbdf7b6fa1bed1a0f2d5f49d99ace490d04beee717015443b9604f4734c6aa7ad1f2f95fe740974b897adf286de27cdddab274628470b6eb2837c9e01f2194f29901560d9caee2294ce698cd4229f439faa26283d803fb8793fb8562ae4432c158d9a4b98a89aa3ccedd3faecf3d6f03ac25b3e2274f106cb9e129efee0ef232e6fbca866ebb450e658f6945e1f0efb7ff5c01a8a9e0ded8c47e375f589d6121d686bfd3c365cf9c9e99a1499cbbac13de52eaaa70f270c01b76c72a8f85ba0216313bcea03232a7f9b3d1c4a0d5e16500f5a65883b71060934df74e41a2f91e90786fed096f38f97e008bcab73e448d14838192e99dbc8a8aef0c779100cd5aabcbf570fcb66a7059ca18207fce61563a8283a2a27dedceaf0e3ea7173b1b6f9ab21596e04fca8ee6b82d625eed3a85dfabb05cbb480db9272d09cad1a3526249257d66f0ffa2964889973502ea42322bd11b1de1f57a0216d785d0741d1747efca68bd2bb2709cc33a1385e0b98e2cea93bc2ec39786d03b65b79ef42e95e2ecabe86a0bdbe8040d661a77caf5d527e1022f36436a233d0f0c310d3bcf6115f86c4d3e0ac122cd6e5e4872c2202ebd1e586ae52375e180e923d9cb679cb5cd54000182561439ad10178f31bb2eb624ab3025809967bea0ea752fedc9b31ad7d491b7edd70bcd9afa55f3351eea67a700de416412a9d98395a9bb85cd6b679d46391b037a6dd71bf46d6a1698c557a93542364791471950bc1b8e826ad27ac8528d59c161dbf0afcd48fa59a44160af167a3cead1cc9786f06fe089526f596ce19dad6b7d676395a07b2d29c65d75b7e13f7105121006a4385f03be23ff453d11a741bddbb3966dd80b751f7c58aee792ddb180bf80f629fd1382474c8a34601fe3f2a46f5ae2104a1a8d2580710c7094600d6ddbc2c7103bd74639985fe86f293810cbe525947024a7da74372f085cb85af026420548b5c9f3c0f6b7f5e18697c311f46fcdb2b05d29d2a909d6a062f308e229d26681f38f39077d40ad619d1f76b6943bde76243053bb11deb96b1a34d53a61cdb5e3921931b54bd3800c3d2dbfb104cae145771c36f357407a7f45ef31e48cf5ea2df292bb98fa9c52c86eda7111d679c4ef13048ee02f584b377bbdf9e6dd78713b83fdc5963bfc9d5ff0278567465909c616867c3998c897fc6eef622f97093af2ed85acf3bf2a94b72083d7af6ebc7d80606e507f828d85557fc09549e33ac881467c16b28c5a98c8499aa77491d0890edde12a75e0348610130ccf40aeec7c140a3e54e55ec8d2d3569612c7fd6d7e58109ad20c4923db9114404456f2c05f27aa47aa784e924e77f82621171bd9b2a20cf0dd79a1b04622cc1953f1d58cf59ded1515c7c7d89fb98c0ddc73ed05ba6b8e59a9b0d17316d4439f4facf9fe5f1c85306261f6e040ce638682134423ef8352f061a4776b013e2a9698a4d57aab622f9bf6025bf4f548d345f1b33ba12f983d0a21ed53285277739e00f1aa3e3865d989347baae272220b0c75e6bde9450c35d9f0fbb526634560cf68ea7aef328d5bc0420107042f3543a80b66aa04e156e65aefc38c84823dec63b91f41b5d6cd3c7cfdd2e955084da80d1a56aabe2a784f8e766f56cdbb48dec4d691455e680fff4cc2b4c8508ef3f1b0b93bbe154f11b5856c7dabbc3d89b4950818d90d7322916f9d912f486919a3bb820131a557cdffb5bcc9f5a7403509d5d8a1d79bd0dba01f7225c52ce4a641b00cf761306e05e808a33a4738e40f4eed1a494fb0cccba666a0e348315b85fd7bb01a911f93cf402c0bd69826e99c86bd76a8564a6ba54d46b1585c6d4d87d5eda78c14a22d5cc0596da00b3195573cdc281b86a122222877119e2d0089ef96e955942d89b45c952d44455a634e8d57e147d7b473cdd725678e3bce3532a1721f816db45c35aaaa91b49a4181837425748d975c9432d4e8a2f2e95fdf4cf0185e74909805a4e9d1cb5c2c2b358c830ba2f4f7cf1cfaae751424b26bf42dac6f642c1deb4f247f967b865a7c604dfce354e05045f9073c9761792ba83f735e0d8b4576d4578ed491e1ef1f1eb49ee9d93905653cfa269d49166849248e6f8acfb049697261a9adbdcb9553594b3cf8b211f0bae4dd4478433ced02021a0b3aa660b418b6cd09dc657972e90724c270c642d2a2dbf1473d17eaa55a68e69de1c3a7d5928208ed77962abf5309a28f19a0be3657438bd194f696adbadf0d01a90de8ebeb5ecc1e15e88a5072f1", 0x101c}, {&(0x7f0000000480)="1809401a72d5203478abeb2165184f1520400cb17cd227e31243d5cd8fe6964f938ca5398df78e3a269a32b213d9f58bfaa4f61fc8870c06a7cf735c370bc456e860be6545a0940f8e37ca57ba1628c8388c2d70de098f4611b256c08f194f1fced16a7e720646070e9e5898908088b1e014282f87650fd9d8cf398d7b", 0x7d}, {&(0x7f00000016c0)="9593535e0f650d995eab9690a4eebb8a55264fee97862505af2a7d60c1c6aa862caf246672752bc085bf17e0d64d4ea6428fc7da70a8fa7f7f5ea3e73e2ea86c4caed033eff9feafba99be3fa4bfd0ae398e262a9a4c030aa231713e662b4844044732be47f3d4b49a01a91ca6b69b49ad2d52e48d97084f847fee48d1caac2040ad870f2923150f686c5dbb390e7f629ec6ec0cb3171d8a824bd6664a44657ae06873f457484ade98d8f915bc7fbeb3419f41238f0633e231ae6a5baf55e7f0a8bd", 0xc2}], 0x7) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xff, 0x6, 0x20, 0x1, 0x0, 0x4c, 0xc0100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x5, 0x2}, 0x6821, 0xff, 0x7, 0x7, 0x3, 0x6, 0x0, 0x0, 0x2, 0x0, 0x100000001}, 0x0, 0xe, r3, 0x3) setsockopt$bt_hci_HCI_DATA_DIR(r4, 0x0, 0x1, &(0x7f0000000180), 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1413.587870][T25970] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1413.587870][T25970] !' [ 1413.630351][T25970] CPU: 1 PID: 25970 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1413.638905][T25970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1413.648945][T25970] Call Trace: [ 1413.652210][T25970] dump_stack_lvl+0xcd/0x134 [ 1413.656814][T25970] sysfs_warn_dup.cold+0x1c/0x29 [ 1413.661746][T25970] sysfs_do_create_link_sd+0x11e/0x140 [ 1413.667214][T25970] sysfs_create_link+0x5f/0xc0 [ 1413.671981][T25970] device_add+0x789/0x2100 [ 1413.676386][T25970] ? mutex_lock_io_nested+0xf00/0xf00 [ 1413.681838][T25970] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1413.687393][T25970] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1413.693645][T25970] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1413.699888][T25970] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.706131][T25970] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1413.712127][T25970] wiphy_register+0x1e8a/0x29b0 [ 1413.716993][T25970] ? wiphy_unregister+0xbd0/0xbd0 [ 1413.722020][T25970] ? minstrel_ht_alloc+0x531/0xa00 [ 1413.727157][T25970] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1413.733238][T25970] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1413.738722][T25970] ? ieee80211_restart_hw+0x290/0x290 [ 1413.744144][T25970] ? debug_object_destroy+0x210/0x210 [ 1413.749532][T25970] ? memset+0x20/0x40 [ 1413.753523][T25970] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.759768][T25970] ? __hrtimer_init+0x136/0x280 [ 1413.764631][T25970] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1413.770376][T25970] ? hwsim_virtio_rx_work+0x350/0x350 [ 1413.776195][T25970] ? __kmalloc_track_caller+0x1a0/0x320 [ 1413.781752][T25970] ? memcpy+0x39/0x60 [ 1413.786008][T25970] hwsim_new_radio_nl+0x9bc/0x1080 [ 1413.791136][T25970] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1413.797052][T25970] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.803290][T25970] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1413.810654][T25970] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1413.817950][T25970] genl_family_rcv_msg_doit+0x228/0x320 [ 1413.823506][T25970] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1413.830869][T25970] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.837102][T25970] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.843334][T25970] ? ns_capable+0xde/0x100 [ 1413.847754][T25970] genl_rcv_msg+0x328/0x580 [ 1413.852265][T25970] ? genl_get_cmd+0x480/0x480 [ 1413.856948][T25970] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1413.862839][T25970] ? lock_release+0x720/0x720 [ 1413.867518][T25970] netlink_rcv_skb+0x153/0x420 [ 1413.872271][T25970] ? genl_get_cmd+0x480/0x480 [ 1413.876939][T25970] ? netlink_ack+0xa60/0xa60 [ 1413.881523][T25970] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.887751][T25970] genl_rcv+0x24/0x40 [ 1413.891718][T25970] netlink_unicast+0x533/0x7d0 [ 1413.896479][T25970] ? netlink_attachskb+0x890/0x890 [ 1413.901595][T25970] ? __virt_addr_valid+0x5d/0x2d0 [ 1413.906611][T25970] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1413.912848][T25970] ? __phys_addr_symbol+0x2c/0x70 [ 1413.917860][T25970] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1413.923568][T25970] ? __check_object_size+0x16e/0x3f0 [ 1413.928846][T25970] netlink_sendmsg+0x85b/0xda0 [ 1413.933607][T25970] ? netlink_unicast+0x7d0/0x7d0 [ 1413.938544][T25970] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1413.944797][T25970] ? netlink_unicast+0x7d0/0x7d0 [ 1413.949734][T25970] sock_sendmsg+0xcf/0x120 [ 1413.954153][T25970] ____sys_sendmsg+0x6e8/0x810 [ 1413.958908][T25970] ? kernel_sendmsg+0x50/0x50 [ 1413.963570][T25970] ? do_recvmmsg+0x6d0/0x6d0 [ 1413.968161][T25970] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1413.974319][T25970] ___sys_sendmsg+0xf3/0x170 [ 1413.978901][T25970] ? sendmsg_copy_msghdr+0x160/0x160 [ 1413.984188][T25970] ? __fget_files+0x266/0x3d0 [ 1413.988852][T25970] ? lock_downgrade+0x6e0/0x6e0 [ 1413.993702][T25970] ? __fget_files+0x288/0x3d0 [ 1413.998392][T25970] ? __fget_light+0xea/0x280 [ 1414.002996][T25970] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1414.009241][T25970] __sys_sendmsg+0xe5/0x1b0 [ 1414.013744][T25970] ? __sys_sendmsg_sock+0x30/0x30 [ 1414.018780][T25970] ? syscall_enter_from_user_mode+0x21/0x70 [ 1414.024665][T25970] do_syscall_64+0x35/0xb0 [ 1414.029071][T25970] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1414.034965][T25970] RIP: 0033:0x4665d9 [ 1414.038846][T25970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1414.058447][T25970] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1414.066858][T25970] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1414.074813][T25970] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1414.082766][T25970] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1414.090721][T25970] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1414.098692][T25970] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 21:29:08 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c630a0d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1414.170689][T26025] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1414.180113][T26025] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1414.180113][T26025] !' 21:29:08 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:08 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d034d0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:08 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1414.280536][T26025] CPU: 0 PID: 26025 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1414.289082][T26025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1414.299138][T26025] Call Trace: [ 1414.302418][T26025] dump_stack_lvl+0xcd/0x134 [ 1414.307023][T26025] sysfs_warn_dup.cold+0x1c/0x29 [ 1414.311967][T26025] sysfs_do_create_link_sd+0x11e/0x140 [ 1414.317436][T26025] sysfs_create_link+0x5f/0xc0 [ 1414.322211][T26025] device_add+0x789/0x2100 [ 1414.326746][T26025] ? mutex_lock_io_nested+0xf00/0xf00 [ 1414.332129][T26025] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1414.337709][T26025] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1414.343956][T26025] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1414.350202][T26025] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1414.356446][T26025] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1414.362439][T26025] wiphy_register+0x1e8a/0x29b0 [ 1414.367303][T26025] ? wiphy_unregister+0xbd0/0xbd0 [ 1414.372334][T26025] ? minstrel_ht_alloc+0x531/0xa00 [ 1414.377461][T26025] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1414.383542][T26025] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1414.389026][T26025] ? ieee80211_restart_hw+0x290/0x290 [ 1414.394496][T26025] ? debug_object_destroy+0x210/0x210 [ 1414.399882][T26025] ? memset+0x20/0x40 [ 1414.403960][T26025] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1414.410196][T26025] ? __hrtimer_init+0x136/0x280 [ 1414.415050][T26025] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1414.420793][T26025] ? hwsim_virtio_rx_work+0x350/0x350 [ 1414.426166][T26025] ? __kmalloc_track_caller+0x1a0/0x320 [ 1414.431710][T26025] ? memcpy+0x39/0x60 [ 1414.435698][T26025] hwsim_new_radio_nl+0x9bc/0x1080 [ 1414.440819][T26025] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1414.446724][T26025] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1414.452953][T26025] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1414.460319][T26025] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1414.467608][T26025] genl_family_rcv_msg_doit+0x228/0x320 [ 1414.473155][T26025] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1414.480527][T26025] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1414.486770][T26025] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1414.492999][T26025] ? ns_capable+0xde/0x100 [ 1414.497411][T26025] genl_rcv_msg+0x328/0x580 [ 1414.501911][T26025] ? genl_get_cmd+0x480/0x480 [ 1414.506587][T26025] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1414.512480][T26025] ? lock_release+0x720/0x720 [ 1414.517144][T26025] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1414.522957][T26025] netlink_rcv_skb+0x153/0x420 [ 1414.527717][T26025] ? genl_get_cmd+0x480/0x480 [ 1414.532650][T26025] ? netlink_ack+0xa60/0xa60 [ 1414.537249][T26025] genl_rcv+0x24/0x40 [ 1414.541224][T26025] netlink_unicast+0x533/0x7d0 [ 1414.545985][T26025] ? netlink_attachskb+0x890/0x890 [ 1414.551091][T26025] ? __virt_addr_valid+0x5d/0x2d0 [ 1414.556127][T26025] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1414.562356][T26025] ? __phys_addr_symbol+0x2c/0x70 [ 1414.567370][T26025] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1414.573078][T26025] ? __check_object_size+0x16e/0x3f0 [ 1414.578362][T26025] netlink_sendmsg+0x85b/0xda0 [ 1414.583128][T26025] ? netlink_unicast+0x7d0/0x7d0 [ 1414.588065][T26025] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1414.594296][T26025] ? netlink_unicast+0x7d0/0x7d0 [ 1414.599229][T26025] sock_sendmsg+0xcf/0x120 [ 1414.603645][T26025] ____sys_sendmsg+0x6e8/0x810 [ 1414.608433][T26025] ? kernel_sendmsg+0x50/0x50 [ 1414.613100][T26025] ? do_recvmmsg+0x6d0/0x6d0 [ 1414.617690][T26025] ? lock_chain_count+0x20/0x20 [ 1414.622529][T26025] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1414.628509][T26025] ___sys_sendmsg+0xf3/0x170 [ 1414.633116][T26025] ? sendmsg_copy_msghdr+0x160/0x160 [ 1414.638501][T26025] ? __fget_files+0x266/0x3d0 [ 1414.643170][T26025] ? lock_downgrade+0x6e0/0x6e0 [ 1414.648045][T26025] ? __fget_files+0x288/0x3d0 [ 1414.652721][T26025] ? __fget_light+0xea/0x280 [ 1414.657311][T26025] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1414.663568][T26025] __sys_sendmsg+0xe5/0x1b0 [ 1414.668257][T26025] ? __sys_sendmsg_sock+0x30/0x30 [ 1414.673291][T26025] ? syscall_enter_from_user_mode+0x21/0x70 [ 1414.679187][T26025] do_syscall_64+0x35/0xb0 [ 1414.683596][T26025] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1414.689484][T26025] RIP: 0033:0x4665d9 [ 1414.693562][T26025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1414.713176][T26025] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1414.721582][T26025] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 21:29:08 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00560000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1414.730253][T26025] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1414.738212][T26025] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1414.746174][T26025] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1414.754133][T26025] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1415.123612][T26046] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:09 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:09 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x100) writev(r0, &(0x7f0000000280)=[{&(0x7f00000008c0)="110eaa1a9896d57019effc8c79961d0f73ccf3afca3754e2e7a31f536bcb7204bed49311e29c96e1c2b663d61e5b0c0a76ea50cbddaa69f578b8600f77cf1a538ac900673696245b6de4283c979a32c0cf7d54fe9d26650575d1398678895da32663735b4d0cabfe7e972e59c2b4b4c9c89d0b82ca2267ad5062303e8abcb79600010506702eb912e3957e507aec4e2180699a738f675350ba12282a1d7181887f6c2e03de1da0dfe3b4efbb10e9b59301b4ef8a1d", 0xb5}, {&(0x7f0000000980)="34c30d95766fefbb7bdc40a3242505587bbc8584c2bc2003185f5ce116eea020efa91e2aae1eae2b8e848ac13c3dcedbbbc82adb1e70be8eecedba37be82545f2abda4f0a0e0fd0edd6bd03bb8e9bb91c39a2c828511aef3e684ad4c21ec0c146b9570139e31cd", 0x67}], 0x2) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xff, 0x6, 0x20, 0x1, 0x0, 0x4c, 0xc0100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x5, 0x2}, 0x800, 0xff, 0x6, 0x7, 0x3, 0x6, 0x0, 0x0, 0x2, 0x0, 0x100000001}, 0x0, 0xe, r0, 0x3) ioctl$PPPIOCSCOMPRESS(r0, 0x4010744d) symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1415.215529][T26046] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1415.215529][T26046] !' [ 1415.305272][T26046] CPU: 1 PID: 26046 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1415.313821][T26046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1415.323872][T26046] Call Trace: [ 1415.327150][T26046] dump_stack_lvl+0xcd/0x134 [ 1415.331757][T26046] sysfs_warn_dup.cold+0x1c/0x29 [ 1415.336710][T26046] sysfs_do_create_link_sd+0x11e/0x140 [ 1415.342181][T26046] sysfs_create_link+0x5f/0xc0 [ 1415.347141][T26046] device_add+0x789/0x2100 [ 1415.352086][T26046] ? mutex_lock_io_nested+0xf00/0xf00 [ 1415.357646][T26046] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1415.363193][T26046] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1415.369437][T26046] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1415.375686][T26046] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1415.381933][T26046] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1415.387926][T26046] wiphy_register+0x1e8a/0x29b0 [ 1415.392790][T26046] ? wiphy_unregister+0xbd0/0xbd0 [ 1415.397814][T26046] ? minstrel_ht_alloc+0x531/0xa00 [ 1415.402941][T26046] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1415.409026][T26046] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1415.414683][T26046] ? ieee80211_restart_hw+0x290/0x290 [ 1415.420066][T26046] ? debug_object_destroy+0x210/0x210 [ 1415.425460][T26046] ? memset+0x20/0x40 [ 1415.429455][T26046] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1415.435699][T26046] ? __hrtimer_init+0x136/0x280 [ 1415.440562][T26046] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1415.446309][T26046] ? hwsim_virtio_rx_work+0x350/0x350 21:29:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01560000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d004e0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:09 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1415.451689][T26046] ? __kmalloc_track_caller+0x1a0/0x320 [ 1415.457328][T26046] ? memcpy+0x39/0x60 [ 1415.461322][T26046] hwsim_new_radio_nl+0x9bc/0x1080 [ 1415.466449][T26046] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1415.472364][T26046] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1415.478614][T26046] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1415.485996][T26046] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1415.493384][T26046] genl_family_rcv_msg_doit+0x228/0x320 [ 1415.498946][T26046] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1415.506332][T26046] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1415.512589][T26046] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1415.518835][T26046] ? ns_capable+0xde/0x100 [ 1415.523260][T26046] genl_rcv_msg+0x328/0x580 [ 1415.527782][T26046] ? genl_get_cmd+0x480/0x480 [ 1415.532472][T26046] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1415.538385][T26046] ? lock_release+0x720/0x720 [ 1415.543082][T26046] netlink_rcv_skb+0x153/0x420 [ 1415.547858][T26046] ? genl_get_cmd+0x480/0x480 [ 1415.552546][T26046] ? netlink_ack+0xa60/0xa60 [ 1415.557153][T26046] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1415.563498][T26046] genl_rcv+0x24/0x40 [ 1415.567488][T26046] netlink_unicast+0x533/0x7d0 [ 1415.572268][T26046] ? netlink_attachskb+0x890/0x890 [ 1415.577388][T26046] ? __virt_addr_valid+0x5d/0x2d0 [ 1415.582427][T26046] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1415.588680][T26046] ? __phys_addr_symbol+0x2c/0x70 [ 1415.593711][T26046] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1415.599434][T26046] ? __check_object_size+0x16e/0x3f0 [ 1415.604733][T26046] netlink_sendmsg+0x85b/0xda0 [ 1415.609515][T26046] ? netlink_unicast+0x7d0/0x7d0 [ 1415.614470][T26046] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1415.620723][T26046] ? netlink_unicast+0x7d0/0x7d0 [ 1415.625851][T26046] sock_sendmsg+0xcf/0x120 [ 1415.630469][T26046] ____sys_sendmsg+0x6e8/0x810 [ 1415.635605][T26046] ? kernel_sendmsg+0x50/0x50 [ 1415.640453][T26046] ? do_recvmmsg+0x6d0/0x6d0 [ 1415.645247][T26046] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1415.651235][T26046] ? __fget_light+0x89/0x280 [ 1415.655837][T26046] ___sys_sendmsg+0xf3/0x170 [ 1415.660435][T26046] ? sendmsg_copy_msghdr+0x160/0x160 [ 1415.665743][T26046] ? __fget_files+0x266/0x3d0 [ 1415.670428][T26046] ? lock_downgrade+0x6e0/0x6e0 [ 1415.675433][T26046] ? __fget_files+0x288/0x3d0 [ 1415.680111][T26046] ? __fget_light+0xea/0x280 [ 1415.684715][T26046] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1415.691382][T26046] __sys_sendmsg+0xe5/0x1b0 [ 1415.695891][T26046] ? __sys_sendmsg_sock+0x30/0x30 [ 1415.700924][T26046] ? syscall_enter_from_user_mode+0x21/0x70 [ 1415.706828][T26046] do_syscall_64+0x35/0xb0 [ 1415.711251][T26046] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1415.717150][T26046] RIP: 0033:0x4665d9 [ 1415.721031][T26046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1415.740642][T26046] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1415.749151][T26046] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1415.757315][T26046] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1415.765282][T26046] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1415.774093][T26046] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1415.782406][T26046] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 [ 1415.844629][T26083] __nla_validate_parse: 14 callbacks suppressed [ 1415.844646][T26083] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1415.876713][T26084] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1415.929538][T26044] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1415.939822][T26086] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1415.957594][T26044] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:29:10 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02560000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1415.975026][T26089] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1416.005532][T26044] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1416.005532][T26044] !' [ 1416.039092][T26044] CPU: 0 PID: 26044 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1416.047695][T26044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1416.057749][T26044] Call Trace: [ 1416.061025][T26044] dump_stack_lvl+0xcd/0x134 [ 1416.065629][T26044] sysfs_warn_dup.cold+0x1c/0x29 [ 1416.070575][T26044] sysfs_do_create_link_sd+0x11e/0x140 [ 1416.076044][T26044] sysfs_create_link+0x5f/0xc0 [ 1416.080819][T26044] device_add+0x789/0x2100 [ 1416.085243][T26044] ? mutex_lock_io_nested+0xf00/0xf00 [ 1416.090624][T26044] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1416.096178][T26044] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1416.102422][T26044] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1416.108672][T26044] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1416.114916][T26044] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1416.120911][T26044] wiphy_register+0x1e8a/0x29b0 [ 1416.125772][T26044] ? wiphy_unregister+0xbd0/0xbd0 [ 1416.130801][T26044] ? minstrel_ht_alloc+0x531/0xa00 [ 1416.135926][T26044] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1416.142011][T26044] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1416.147495][T26044] ? ieee80211_restart_hw+0x290/0x290 [ 1416.152878][T26044] ? debug_object_destroy+0x210/0x210 [ 1416.158260][T26044] ? memset+0x20/0x40 [ 1416.162251][T26044] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1416.168481][T26044] ? __hrtimer_init+0x136/0x280 [ 1416.173343][T26044] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1416.179091][T26044] ? hwsim_virtio_rx_work+0x350/0x350 [ 1416.184472][T26044] ? __kmalloc_track_caller+0x1a0/0x320 [ 1416.190020][T26044] ? memcpy+0x39/0x60 [ 1416.194014][T26044] hwsim_new_radio_nl+0x9bc/0x1080 [ 1416.199130][T26044] ? mac80211_hwsim_new_radio+0x4940/0x4940 21:29:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d014e0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1416.205030][T26044] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1416.211273][T26044] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1416.218658][T26044] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1416.225962][T26044] genl_family_rcv_msg_doit+0x228/0x320 [ 1416.231546][T26044] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1416.238923][T26044] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1416.245155][T26044] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1416.251387][T26044] ? ns_capable+0xde/0x100 [ 1416.255810][T26044] genl_rcv_msg+0x328/0x580 [ 1416.260304][T26044] ? genl_get_cmd+0x480/0x480 [ 1416.264970][T26044] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1416.270861][T26044] ? lock_release+0x720/0x720 [ 1416.275545][T26044] netlink_rcv_skb+0x153/0x420 [ 1416.280302][T26044] ? genl_get_cmd+0x480/0x480 [ 1416.284990][T26044] ? netlink_ack+0xa60/0xa60 [ 1416.289590][T26044] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1416.295825][T26044] genl_rcv+0x24/0x40 [ 1416.299811][T26044] netlink_unicast+0x533/0x7d0 [ 1416.304567][T26044] ? netlink_attachskb+0x890/0x890 [ 1416.309686][T26044] ? __virt_addr_valid+0x5d/0x2d0 [ 1416.314701][T26044] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1416.320927][T26044] ? __phys_addr_symbol+0x2c/0x70 [ 1416.325953][T26044] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1416.331678][T26044] ? __check_object_size+0x16e/0x3f0 [ 1416.336968][T26044] netlink_sendmsg+0x85b/0xda0 [ 1416.341728][T26044] ? netlink_unicast+0x7d0/0x7d0 [ 1416.346674][T26044] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1416.352906][T26044] ? netlink_unicast+0x7d0/0x7d0 [ 1416.358052][T26044] sock_sendmsg+0xcf/0x120 [ 1416.362468][T26044] ____sys_sendmsg+0x6e8/0x810 [ 1416.367238][T26044] ? kernel_sendmsg+0x50/0x50 [ 1416.371910][T26044] ? do_recvmmsg+0x6d0/0x6d0 [ 1416.376502][T26044] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1416.382489][T26044] ___sys_sendmsg+0xf3/0x170 [ 1416.387070][T26044] ? sendmsg_copy_msghdr+0x160/0x160 [ 1416.392347][T26044] ? __fget_files+0x266/0x3d0 [ 1416.397032][T26044] ? lock_downgrade+0x6e0/0x6e0 [ 1416.401883][T26044] ? __fget_files+0x288/0x3d0 [ 1416.406570][T26044] ? __fget_light+0xea/0x280 [ 1416.411171][T26044] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1416.417420][T26044] __sys_sendmsg+0xe5/0x1b0 [ 1416.421934][T26044] ? __sys_sendmsg_sock+0x30/0x30 [ 1416.426968][T26044] ? syscall_enter_from_user_mode+0x21/0x70 [ 1416.432854][T26044] do_syscall_64+0x35/0xb0 [ 1416.437256][T26044] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1416.443139][T26044] RIP: 0033:0x4665d9 [ 1416.447030][T26044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1416.466622][T26044] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1416.475018][T26044] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1416.482977][T26044] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1416.490949][T26044] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1416.498917][T26044] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1416.506873][T26044] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1416.550396][T26107] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1416.570830][T26080] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1416.579004][T26080] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. 21:29:10 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c630b0d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:10 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:10 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1416.685499][T26109] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1416.768455][T26110] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1416.885201][T26111] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1416.933919][T26080] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1416.933919][T26080] !' [ 1416.976828][T26080] CPU: 1 PID: 26080 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1416.985357][T26080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1416.995411][T26080] Call Trace: [ 1416.998688][T26080] dump_stack_lvl+0xcd/0x134 [ 1417.003314][T26080] sysfs_warn_dup.cold+0x1c/0x29 [ 1417.008262][T26080] sysfs_do_create_link_sd+0x11e/0x140 [ 1417.013735][T26080] sysfs_create_link+0x5f/0xc0 [ 1417.018504][T26080] device_add+0x789/0x2100 [ 1417.022926][T26080] ? mutex_lock_io_nested+0xf00/0xf00 [ 1417.028308][T26080] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1417.033862][T26080] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1417.040110][T26080] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1417.046357][T26080] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.052604][T26080] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1417.058604][T26080] wiphy_register+0x1e8a/0x29b0 [ 1417.063472][T26080] ? wiphy_unregister+0xbd0/0xbd0 [ 1417.068501][T26080] ? minstrel_ht_alloc+0x531/0xa00 [ 1417.073631][T26080] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1417.079711][T26080] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1417.085196][T26080] ? ieee80211_restart_hw+0x290/0x290 [ 1417.090580][T26080] ? debug_object_destroy+0x210/0x210 [ 1417.095970][T26080] ? memset+0x20/0x40 [ 1417.099959][T26080] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.106200][T26080] ? __hrtimer_init+0x136/0x280 [ 1417.111047][T26080] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1417.116770][T26080] ? hwsim_virtio_rx_work+0x350/0x350 [ 1417.122233][T26080] ? __kmalloc_track_caller+0x1a0/0x320 [ 1417.127767][T26080] ? memcpy+0x39/0x60 [ 1417.131740][T26080] hwsim_new_radio_nl+0x9bc/0x1080 [ 1417.136858][T26080] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1417.142749][T26080] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.148976][T26080] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1417.156334][T26080] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1417.163609][T26080] genl_family_rcv_msg_doit+0x228/0x320 [ 1417.169145][T26080] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1417.176504][T26080] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.182738][T26080] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.188961][T26080] ? ns_capable+0xde/0x100 [ 1417.193365][T26080] genl_rcv_msg+0x328/0x580 [ 1417.197863][T26080] ? genl_get_cmd+0x480/0x480 [ 1417.202530][T26080] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1417.208423][T26080] ? lock_release+0x720/0x720 [ 1417.213095][T26080] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1417.218895][T26080] netlink_rcv_skb+0x153/0x420 [ 1417.223647][T26080] ? genl_get_cmd+0x480/0x480 [ 1417.228332][T26080] ? netlink_ack+0xa60/0xa60 [ 1417.232930][T26080] genl_rcv+0x24/0x40 [ 1417.236915][T26080] netlink_unicast+0x533/0x7d0 [ 1417.241671][T26080] ? netlink_attachskb+0x890/0x890 [ 1417.246768][T26080] ? __virt_addr_valid+0x5d/0x2d0 [ 1417.251781][T26080] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1417.258041][T26080] ? __phys_addr_symbol+0x2c/0x70 [ 1417.263053][T26080] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1417.268758][T26080] ? __check_object_size+0x16e/0x3f0 [ 1417.274040][T26080] netlink_sendmsg+0x85b/0xda0 [ 1417.278809][T26080] ? netlink_unicast+0x7d0/0x7d0 [ 1417.283739][T26080] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.289967][T26080] ? netlink_unicast+0x7d0/0x7d0 [ 1417.294890][T26080] sock_sendmsg+0xcf/0x120 [ 1417.299296][T26080] ____sys_sendmsg+0x6e8/0x810 [ 1417.304055][T26080] ? kernel_sendmsg+0x50/0x50 [ 1417.308748][T26080] ? do_recvmmsg+0x6d0/0x6d0 [ 1417.313326][T26080] ? lock_chain_count+0x20/0x20 [ 1417.318163][T26080] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1417.324138][T26080] ___sys_sendmsg+0xf3/0x170 [ 1417.328730][T26080] ? sendmsg_copy_msghdr+0x160/0x160 [ 1417.334006][T26080] ? __fget_files+0x266/0x3d0 [ 1417.338687][T26080] ? lock_downgrade+0x6e0/0x6e0 [ 1417.343578][T26080] ? __fget_files+0x288/0x3d0 [ 1417.348282][T26080] ? __fget_light+0xea/0x280 [ 1417.352887][T26080] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1417.359139][T26080] __sys_sendmsg+0xe5/0x1b0 [ 1417.363652][T26080] ? __sys_sendmsg_sock+0x30/0x30 [ 1417.368675][T26080] ? syscall_enter_from_user_mode+0x21/0x70 [ 1417.374564][T26080] do_syscall_64+0x35/0xb0 [ 1417.378987][T26080] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1417.384903][T26080] RIP: 0033:0x4665d9 [ 1417.388820][T26080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1417.408442][T26080] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1417.416864][T26080] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1417.424843][T26080] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1417.432817][T26080] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1417.440776][T26080] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1417.448732][T26080] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:29:11 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03560000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d024e0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1417.582128][T26082] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1417.598549][T26082] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1417.598549][T26082] !' [ 1417.635985][T26082] CPU: 0 PID: 26082 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1417.644530][T26082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1417.654586][T26082] Call Trace: [ 1417.657862][T26082] dump_stack_lvl+0xcd/0x134 [ 1417.662469][T26082] sysfs_warn_dup.cold+0x1c/0x29 [ 1417.667419][T26082] sysfs_do_create_link_sd+0x11e/0x140 [ 1417.672891][T26082] sysfs_create_link+0x5f/0xc0 [ 1417.677667][T26082] device_add+0x789/0x2100 [ 1417.682090][T26082] ? mutex_lock_io_nested+0xf00/0xf00 [ 1417.687472][T26082] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1417.693025][T26082] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1417.699267][T26082] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1417.705511][T26082] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.711755][T26082] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1417.717746][T26082] wiphy_register+0x1e8a/0x29b0 [ 1417.722605][T26082] ? wiphy_unregister+0xbd0/0xbd0 [ 1417.727631][T26082] ? minstrel_ht_alloc+0x531/0xa00 [ 1417.732756][T26082] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1417.738840][T26082] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1417.744323][T26082] ? ieee80211_restart_hw+0x290/0x290 [ 1417.749707][T26082] ? debug_object_destroy+0x210/0x210 [ 1417.755094][T26082] ? memset+0x20/0x40 [ 1417.759084][T26082] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.765329][T26082] ? __hrtimer_init+0x136/0x280 [ 1417.770197][T26082] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1417.775937][T26082] ? hwsim_virtio_rx_work+0x350/0x350 [ 1417.781391][T26082] ? __kmalloc_track_caller+0x1a0/0x320 [ 1417.786944][T26082] ? memcpy+0x39/0x60 [ 1417.790936][T26082] hwsim_new_radio_nl+0x9bc/0x1080 [ 1417.796055][T26082] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1417.801949][T26082] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.808192][T26082] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1417.815553][T26082] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1417.822836][T26082] genl_family_rcv_msg_doit+0x228/0x320 [ 1417.828390][T26082] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1417.835752][T26082] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.841994][T26082] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.848233][T26082] ? ns_capable+0xde/0x100 [ 1417.852640][T26082] genl_rcv_msg+0x328/0x580 [ 1417.857134][T26082] ? genl_get_cmd+0x480/0x480 [ 1417.861800][T26082] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1417.867702][T26082] ? lock_release+0x720/0x720 [ 1417.872365][T26082] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1417.877657][T26082] netlink_rcv_skb+0x153/0x420 [ 1417.882428][T26082] ? genl_get_cmd+0x480/0x480 [ 1417.887116][T26082] ? netlink_ack+0xa60/0xa60 [ 1417.891713][T26082] genl_rcv+0x24/0x40 [ 1417.895697][T26082] netlink_unicast+0x533/0x7d0 [ 1417.900453][T26082] ? netlink_attachskb+0x890/0x890 [ 1417.905551][T26082] ? __virt_addr_valid+0x5d/0x2d0 [ 1417.910577][T26082] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1417.916805][T26082] ? __phys_addr_symbol+0x2c/0x70 [ 1417.921818][T26082] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1417.928113][T26082] ? __check_object_size+0x16e/0x3f0 [ 1417.934020][T26082] netlink_sendmsg+0x85b/0xda0 [ 1417.939188][T26082] ? netlink_unicast+0x7d0/0x7d0 [ 1417.944126][T26082] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1417.950372][T26082] ? netlink_unicast+0x7d0/0x7d0 [ 1417.955314][T26082] sock_sendmsg+0xcf/0x120 [ 1417.959718][T26082] ____sys_sendmsg+0x6e8/0x810 [ 1417.964471][T26082] ? kernel_sendmsg+0x50/0x50 [ 1417.969140][T26082] ? do_recvmmsg+0x6d0/0x6d0 [ 1417.973745][T26082] ? lock_chain_count+0x20/0x20 [ 1417.978596][T26082] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1417.984562][T26082] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1417.990363][T26082] ___sys_sendmsg+0xf3/0x170 [ 1417.994948][T26082] ? sendmsg_copy_msghdr+0x160/0x160 [ 1418.000254][T26082] ? __fget_files+0x266/0x3d0 [ 1418.004939][T26082] ? lock_downgrade+0x6e0/0x6e0 [ 1418.009783][T26082] ? __fget_files+0x288/0x3d0 [ 1418.014463][T26082] ? __fget_light+0xea/0x280 [ 1418.019057][T26082] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1418.025286][T26082] __sys_sendmsg+0xe5/0x1b0 [ 1418.029775][T26082] ? __sys_sendmsg_sock+0x30/0x30 [ 1418.034805][T26082] ? syscall_enter_from_user_mode+0x21/0x70 [ 1418.040714][T26082] do_syscall_64+0x35/0xb0 [ 1418.045137][T26082] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1418.051043][T26082] RIP: 0033:0x4665d9 [ 1418.055110][T26082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1418.074719][T26082] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1418.083132][T26082] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1418.091090][T26082] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1418.099056][T26082] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1418.107010][T26082] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1418.114966][T26082] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 [ 1418.163200][T26129] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:12 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) writev(r1, &(0x7f0000000380)=[{&(0x7f00000000c0)}, {&(0x7f0000000100)="7d135a905618360569848c4c256ae0a9715d5304b0c0c228cc69118957ff7b26088521c7edbea2d75b8acef71ae3c61099bda5bf074297898b818eede3e40b", 0x3f}, {&(0x7f0000000140)="45c2e6f5a8c2d812184c95b182f248ac62c9bba02c6650164ff6fcb00810c321fd8dee37f56b899e41e0884ff7c9c75331965c81593257bf48991bcefb0223e02df735386d68298815d0fdfb6e10938af51875d7cc22be73be9c97da88bef59e65604563a689577c537d4ff6a26f21c243da8d6d8b4da25d29d43a1c16dc65f4a5c6037fd864a513d511d064b2697d0f76c2d601f41ebc470e71c2", 0x9b}, {&(0x7f0000000200)="a0c0c7a6bcb61547874083cf70fa561efb39905bdf20274bf16ec187119f1496", 0x20}, {&(0x7f0000000240)="06cd959b736b9196a17abfd1b03342cd820c0439ced72bdda02fe2194dc45a079f909b38c6b7f6da0a6ede07e10f9e9298122c063456713637178a1db382edcbb2734c67460f22a16d56aeb2799331bdc4ffc5d8c17da79d31c5d80051361defa0514de48ec41662b56349f3438b76aca28592dc86d602d9eaf87428d40f21f13485986aeaa6d0448c43538113eb80d4ba3afdd8fd9e950866d94c06088cbc27e46e909781f5a948fb3defefc3ba3a9a6adb1caa132e242b5146fe31b1a195a9e43d771fcb6f693cf9a0b86d74008c9a5ad91b0627086a2171736290cfbdb3", 0xdf}, {&(0x7f0000000340)="edec9b00bf3dd848d6f6ba3da7ed3d0c2446a60e0d1c00bba92b48762b68b096f32a2f272c71bc01adfd27e9b84d0ed0c66a0f7c4183f980178b7d", 0x3b}], 0x6) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1418.209011][T26129] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1418.209011][T26129] !' [ 1418.237937][T26129] CPU: 0 PID: 26129 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1418.246470][T26129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1418.256529][T26129] Call Trace: [ 1418.259807][T26129] dump_stack_lvl+0xcd/0x134 [ 1418.264417][T26129] sysfs_warn_dup.cold+0x1c/0x29 [ 1418.269373][T26129] sysfs_do_create_link_sd+0x11e/0x140 [ 1418.274849][T26129] sysfs_create_link+0x5f/0xc0 [ 1418.279624][T26129] device_add+0x789/0x2100 [ 1418.284044][T26129] ? mutex_lock_io_nested+0xf00/0xf00 [ 1418.289420][T26129] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1418.294972][T26129] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1418.301215][T26129] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1418.307461][T26129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1418.313705][T26129] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1418.319698][T26129] wiphy_register+0x1e8a/0x29b0 [ 1418.324561][T26129] ? wiphy_unregister+0xbd0/0xbd0 [ 1418.329589][T26129] ? minstrel_ht_alloc+0x531/0xa00 [ 1418.334713][T26129] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1418.340800][T26129] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1418.346286][T26129] ? ieee80211_restart_hw+0x290/0x290 [ 1418.351670][T26129] ? debug_object_destroy+0x210/0x210 [ 1418.357056][T26129] ? memset+0x20/0x40 [ 1418.361048][T26129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1418.367293][T26129] ? __hrtimer_init+0x136/0x280 [ 1418.372160][T26129] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1418.377912][T26129] ? hwsim_virtio_rx_work+0x350/0x350 [ 1418.383294][T26129] ? __kmalloc_track_caller+0x1a0/0x320 [ 1418.388854][T26129] ? memcpy+0x39/0x60 [ 1418.392848][T26129] hwsim_new_radio_nl+0x9bc/0x1080 [ 1418.397976][T26129] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1418.403885][T26129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1418.410130][T26129] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1418.417499][T26129] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1418.424791][T26129] genl_family_rcv_msg_doit+0x228/0x320 [ 1418.430346][T26129] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1418.437707][T26129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1418.443942][T26129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1418.450168][T26129] ? ns_capable+0xde/0x100 [ 1418.454591][T26129] genl_rcv_msg+0x328/0x580 [ 1418.459107][T26129] ? genl_get_cmd+0x480/0x480 [ 1418.463787][T26129] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1418.469678][T26129] ? lock_release+0x720/0x720 [ 1418.474357][T26129] netlink_rcv_skb+0x153/0x420 [ 1418.479111][T26129] ? genl_get_cmd+0x480/0x480 [ 1418.483790][T26129] ? netlink_ack+0xa60/0xa60 [ 1418.488432][T26129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1418.494714][T26129] genl_rcv+0x24/0x40 [ 1418.498704][T26129] netlink_unicast+0x533/0x7d0 [ 1418.503963][T26129] ? netlink_attachskb+0x890/0x890 [ 1418.509061][T26129] ? __virt_addr_valid+0x5d/0x2d0 [ 1418.514072][T26129] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1418.520298][T26129] ? __phys_addr_symbol+0x2c/0x70 [ 1418.525310][T26129] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1418.531034][T26129] ? __check_object_size+0x16e/0x3f0 [ 1418.536325][T26129] netlink_sendmsg+0x85b/0xda0 [ 1418.541092][T26129] ? netlink_unicast+0x7d0/0x7d0 [ 1418.546041][T26129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1418.552279][T26129] ? netlink_unicast+0x7d0/0x7d0 [ 1418.557224][T26129] sock_sendmsg+0xcf/0x120 [ 1418.561632][T26129] ____sys_sendmsg+0x6e8/0x810 [ 1418.566603][T26129] ? kernel_sendmsg+0x50/0x50 [ 1418.571267][T26129] ? do_recvmmsg+0x6d0/0x6d0 [ 1418.575863][T26129] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1418.581842][T26129] ___sys_sendmsg+0xf3/0x170 [ 1418.586924][T26129] ? sendmsg_copy_msghdr+0x160/0x160 [ 1418.592649][T26129] ? __fget_files+0x266/0x3d0 [ 1418.597553][T26129] ? lock_downgrade+0x6e0/0x6e0 [ 1418.602419][T26129] ? __fget_files+0x288/0x3d0 [ 1418.607116][T26129] ? __fget_light+0xea/0x280 [ 1418.611713][T26129] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1418.617961][T26129] __sys_sendmsg+0xe5/0x1b0 [ 1418.622460][T26129] ? __sys_sendmsg_sock+0x30/0x30 [ 1418.627516][T26129] ? syscall_enter_from_user_mode+0x21/0x70 [ 1418.633514][T26129] do_syscall_64+0x35/0xb0 [ 1418.638311][T26129] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1418.644763][T26129] RIP: 0033:0x4665d9 [ 1418.648642][T26129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1418.668234][T26129] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1418.676631][T26129] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1418.684586][T26129] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1418.692544][T26129] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1418.700511][T26129] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1418.708471][T26129] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1418.770729][T26147] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1418.780287][T26147] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1418.780287][T26147] !' 21:29:12 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:12 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00570000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:12 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d034e0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1418.865836][T26147] CPU: 0 PID: 26147 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1418.874466][T26147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1418.884522][T26147] Call Trace: [ 1418.887799][T26147] dump_stack_lvl+0xcd/0x134 [ 1418.892402][T26147] sysfs_warn_dup.cold+0x1c/0x29 [ 1418.897359][T26147] sysfs_do_create_link_sd+0x11e/0x140 [ 1418.902830][T26147] sysfs_create_link+0x5f/0xc0 [ 1418.907602][T26147] device_add+0x789/0x2100 [ 1418.912025][T26147] ? mutex_lock_io_nested+0xf00/0xf00 [ 1418.917404][T26147] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1418.922963][T26147] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1418.929208][T26147] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1418.935454][T26147] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1418.941702][T26147] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1418.947701][T26147] wiphy_register+0x1e8a/0x29b0 [ 1418.952567][T26147] ? wiphy_unregister+0xbd0/0xbd0 [ 1418.957599][T26147] ? minstrel_ht_alloc+0x531/0xa00 [ 1418.962728][T26147] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1418.968812][T26147] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1418.974295][T26147] ? ieee80211_restart_hw+0x290/0x290 [ 1418.979679][T26147] ? debug_object_destroy+0x210/0x210 [ 1418.985076][T26147] ? memset+0x20/0x40 [ 1418.989078][T26147] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1418.995323][T26147] ? __hrtimer_init+0x136/0x280 [ 1419.000188][T26147] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1419.005935][T26147] ? hwsim_virtio_rx_work+0x350/0x350 [ 1419.011316][T26147] ? __kmalloc_track_caller+0x1a0/0x320 [ 1419.016870][T26147] ? memcpy+0x39/0x60 [ 1419.020862][T26147] hwsim_new_radio_nl+0x9bc/0x1080 [ 1419.026014][T26147] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1419.031930][T26147] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.038178][T26147] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1419.045557][T26147] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1419.052859][T26147] genl_family_rcv_msg_doit+0x228/0x320 [ 1419.058416][T26147] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1419.065803][T26147] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.072059][T26147] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.078305][T26147] ? ns_capable+0xde/0x100 [ 1419.082728][T26147] genl_rcv_msg+0x328/0x580 [ 1419.087248][T26147] ? genl_get_cmd+0x480/0x480 [ 1419.091933][T26147] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1419.097844][T26147] ? lock_release+0x720/0x720 [ 1419.102529][T26147] netlink_rcv_skb+0x153/0x420 [ 1419.107301][T26147] ? genl_get_cmd+0x480/0x480 [ 1419.111992][T26147] ? netlink_ack+0xa60/0xa60 [ 1419.116599][T26147] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.122846][T26147] genl_rcv+0x24/0x40 [ 1419.126839][T26147] netlink_unicast+0x533/0x7d0 [ 1419.131612][T26147] ? netlink_attachskb+0x890/0x890 [ 1419.136728][T26147] ? __virt_addr_valid+0x5d/0x2d0 [ 1419.141757][T26147] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1419.148001][T26147] ? __phys_addr_symbol+0x2c/0x70 [ 1419.153027][T26147] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1419.158753][T26147] ? __check_object_size+0x16e/0x3f0 [ 1419.164053][T26147] netlink_sendmsg+0x85b/0xda0 [ 1419.168833][T26147] ? netlink_unicast+0x7d0/0x7d0 [ 1419.173785][T26147] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.180035][T26147] ? netlink_unicast+0x7d0/0x7d0 [ 1419.184982][T26147] sock_sendmsg+0xcf/0x120 [ 1419.189407][T26147] ____sys_sendmsg+0x6e8/0x810 [ 1419.194185][T26147] ? kernel_sendmsg+0x50/0x50 [ 1419.198864][T26147] ? do_recvmmsg+0x6d0/0x6d0 [ 1419.203465][T26147] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1419.209471][T26147] ___sys_sendmsg+0xf3/0x170 [ 1419.214077][T26147] ? sendmsg_copy_msghdr+0x160/0x160 [ 1419.219375][T26147] ? __fget_files+0x266/0x3d0 [ 1419.224063][T26147] ? lock_downgrade+0x6e0/0x6e0 [ 1419.228934][T26147] ? __fget_files+0x288/0x3d0 [ 1419.233630][T26147] ? __fget_light+0xea/0x280 [ 1419.238229][T26147] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1419.244491][T26147] __sys_sendmsg+0xe5/0x1b0 [ 1419.249008][T26147] ? __sys_sendmsg_sock+0x30/0x30 [ 1419.254056][T26147] ? syscall_enter_from_user_mode+0x21/0x70 [ 1419.259969][T26147] do_syscall_64+0x35/0xb0 [ 1419.264393][T26147] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1419.270303][T26147] RIP: 0033:0x4665d9 [ 1419.274199][T26147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1419.293816][T26147] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1419.302238][T26147] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1419.310218][T26147] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1419.318195][T26147] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1419.326166][T26147] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1419.334140][T26147] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 21:29:13 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c630c0d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1419.379431][T26175] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d004f0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1419.445243][T26175] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1419.445243][T26175] !' [ 1419.498706][T26175] CPU: 0 PID: 26175 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1419.507252][T26175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1419.517305][T26175] Call Trace: [ 1419.520580][T26175] dump_stack_lvl+0xcd/0x134 [ 1419.525182][T26175] sysfs_warn_dup.cold+0x1c/0x29 [ 1419.530133][T26175] sysfs_do_create_link_sd+0x11e/0x140 [ 1419.535613][T26175] sysfs_create_link+0x5f/0xc0 [ 1419.540384][T26175] device_add+0x789/0x2100 [ 1419.544812][T26175] ? mutex_lock_io_nested+0xf00/0xf00 [ 1419.550191][T26175] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1419.555746][T26175] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1419.561991][T26175] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1419.568236][T26175] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.574483][T26175] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1419.580482][T26175] wiphy_register+0x1e8a/0x29b0 [ 1419.585357][T26175] ? wiphy_unregister+0xbd0/0xbd0 [ 1419.590394][T26175] ? minstrel_ht_alloc+0x531/0xa00 [ 1419.595528][T26175] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1419.601615][T26175] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1419.607100][T26175] ? ieee80211_restart_hw+0x290/0x290 [ 1419.612485][T26175] ? debug_object_destroy+0x210/0x210 [ 1419.618112][T26175] ? memset+0x20/0x40 [ 1419.622105][T26175] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.628351][T26175] ? __hrtimer_init+0x136/0x280 [ 1419.633223][T26175] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1419.638985][T26175] ? hwsim_virtio_rx_work+0x350/0x350 [ 1419.644370][T26175] ? __kmalloc_track_caller+0x1a0/0x320 [ 1419.649928][T26175] ? memcpy+0x39/0x60 [ 1419.653922][T26175] hwsim_new_radio_nl+0x9bc/0x1080 [ 1419.659053][T26175] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1419.664968][T26175] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.671216][T26175] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1419.678601][T26175] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1419.685902][T26175] genl_family_rcv_msg_doit+0x228/0x320 [ 1419.691463][T26175] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1419.698846][T26175] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.705108][T26175] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.711356][T26175] ? ns_capable+0xde/0x100 [ 1419.715783][T26175] genl_rcv_msg+0x328/0x580 [ 1419.720297][T26175] ? genl_get_cmd+0x480/0x480 [ 1419.724985][T26175] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1419.730897][T26175] ? lock_release+0x720/0x720 [ 1419.735579][T26175] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1419.740876][T26175] netlink_rcv_skb+0x153/0x420 [ 1419.745655][T26175] ? genl_get_cmd+0x480/0x480 [ 1419.750346][T26175] ? netlink_ack+0xa60/0xa60 [ 1419.754961][T26175] genl_rcv+0x24/0x40 [ 1419.758955][T26175] netlink_unicast+0x533/0x7d0 [ 1419.763744][T26175] ? netlink_attachskb+0x890/0x890 [ 1419.768871][T26175] ? __virt_addr_valid+0x5d/0x2d0 [ 1419.773899][T26175] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1419.780143][T26175] ? __phys_addr_symbol+0x2c/0x70 [ 1419.785203][T26175] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1419.790932][T26175] ? __check_object_size+0x16e/0x3f0 [ 1419.796236][T26175] netlink_sendmsg+0x85b/0xda0 [ 1419.801022][T26175] ? netlink_unicast+0x7d0/0x7d0 [ 1419.805973][T26175] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1419.812220][T26175] ? netlink_unicast+0x7d0/0x7d0 [ 1419.817168][T26175] sock_sendmsg+0xcf/0x120 [ 1419.821593][T26175] ____sys_sendmsg+0x6e8/0x810 [ 1419.826366][T26175] ? kernel_sendmsg+0x50/0x50 [ 1419.831043][T26175] ? do_recvmmsg+0x6d0/0x6d0 [ 1419.835639][T26175] ? lock_chain_count+0x20/0x20 [ 1419.840495][T26175] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1419.846486][T26175] ___sys_sendmsg+0xf3/0x170 [ 1419.851088][T26175] ? sendmsg_copy_msghdr+0x160/0x160 [ 1419.856386][T26175] ? __fget_files+0x266/0x3d0 [ 1419.861076][T26175] ? lock_downgrade+0x6e0/0x6e0 [ 1419.865946][T26175] ? __fget_files+0x288/0x3d0 [ 1419.870636][T26175] ? __fget_light+0xea/0x280 [ 1419.875235][T26175] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1419.881486][T26175] __sys_sendmsg+0xe5/0x1b0 [ 1419.885995][T26175] ? __sys_sendmsg_sock+0x30/0x30 [ 1419.891052][T26175] ? syscall_enter_from_user_mode+0x21/0x70 [ 1419.896971][T26175] do_syscall_64+0x35/0xb0 [ 1419.901393][T26175] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1419.907319][T26175] RIP: 0033:0x4665d9 [ 1419.911208][T26175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1419.930814][T26175] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1419.939230][T26175] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1419.947205][T26175] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1419.955179][T26175] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1419.963142][T26175] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1419.971110][T26175] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1420.042565][T26176] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1420.106942][T26176] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1420.106942][T26176] !' [ 1420.129298][T26176] CPU: 0 PID: 26176 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1420.137733][T26176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1420.147790][T26176] Call Trace: [ 1420.151065][T26176] dump_stack_lvl+0xcd/0x134 21:29:14 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1420.155677][T26176] sysfs_warn_dup.cold+0x1c/0x29 [ 1420.160626][T26176] sysfs_do_create_link_sd+0x11e/0x140 [ 1420.166125][T26176] sysfs_create_link+0x5f/0xc0 [ 1420.170901][T26176] device_add+0x789/0x2100 [ 1420.175440][T26176] ? mutex_lock_io_nested+0xf00/0xf00 [ 1420.180811][T26176] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1420.186362][T26176] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1420.192608][T26176] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1420.198854][T26176] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1420.205101][T26176] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1420.211093][T26176] wiphy_register+0x1e8a/0x29b0 [ 1420.216129][T26176] ? wiphy_unregister+0xbd0/0xbd0 [ 1420.221147][T26176] ? minstrel_ht_alloc+0x531/0xa00 [ 1420.226277][T26176] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1420.232349][T26176] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1420.237816][T26176] ? ieee80211_restart_hw+0x290/0x290 [ 1420.243183][T26176] ? debug_object_destroy+0x210/0x210 [ 1420.248577][T26176] ? memset+0x20/0x40 [ 1420.252552][T26176] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1420.258889][T26176] ? __hrtimer_init+0x136/0x280 [ 1420.263825][T26176] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1420.269560][T26176] ? hwsim_virtio_rx_work+0x350/0x350 [ 1420.274931][T26176] ? __kmalloc_track_caller+0x1a0/0x320 [ 1420.280479][T26176] ? memcpy+0x39/0x60 [ 1420.284457][T26176] hwsim_new_radio_nl+0x9bc/0x1080 [ 1420.289565][T26176] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1420.295676][T26176] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1420.301924][T26176] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1420.309299][T26176] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1420.316592][T26176] genl_family_rcv_msg_doit+0x228/0x320 [ 1420.322149][T26176] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1420.329516][T26176] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1420.335759][T26176] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1420.341992][T26176] ? ns_capable+0xde/0x100 [ 1420.346401][T26176] genl_rcv_msg+0x328/0x580 [ 1420.350900][T26176] ? genl_get_cmd+0x480/0x480 [ 1420.355793][T26176] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1420.361696][T26176] ? lock_release+0x720/0x720 [ 1420.366537][T26176] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1420.371823][T26176] netlink_rcv_skb+0x153/0x420 [ 1420.376587][T26176] ? genl_get_cmd+0x480/0x480 [ 1420.381261][T26176] ? netlink_ack+0xa60/0xa60 [ 1420.385859][T26176] genl_rcv+0x24/0x40 [ 1420.389832][T26176] netlink_unicast+0x533/0x7d0 [ 1420.394768][T26176] ? netlink_attachskb+0x890/0x890 [ 1420.399874][T26176] ? __virt_addr_valid+0x5d/0x2d0 [ 1420.404893][T26176] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1420.411134][T26176] ? __phys_addr_symbol+0x2c/0x70 [ 1420.416153][T26176] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1420.421865][T26176] ? __check_object_size+0x16e/0x3f0 [ 1420.427147][T26176] netlink_sendmsg+0x85b/0xda0 [ 1420.431912][T26176] ? netlink_unicast+0x7d0/0x7d0 [ 1420.436855][T26176] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1420.443090][T26176] ? netlink_unicast+0x7d0/0x7d0 [ 1420.448038][T26176] sock_sendmsg+0xcf/0x120 [ 1420.452449][T26176] ____sys_sendmsg+0x6e8/0x810 [ 1420.457207][T26176] ? kernel_sendmsg+0x50/0x50 [ 1420.461871][T26176] ? do_recvmmsg+0x6d0/0x6d0 [ 1420.466455][T26176] ? lock_chain_count+0x20/0x20 [ 1420.471296][T26176] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1420.477273][T26176] ___sys_sendmsg+0xf3/0x170 [ 1420.481855][T26176] ? sendmsg_copy_msghdr+0x160/0x160 [ 1420.487137][T26176] ? __fget_files+0x266/0x3d0 [ 1420.491809][T26176] ? lock_downgrade+0x6e0/0x6e0 [ 1420.496663][T26176] ? __fget_files+0x288/0x3d0 [ 1420.501336][T26176] ? __fget_light+0xea/0x280 [ 1420.505916][T26176] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1420.512157][T26176] __sys_sendmsg+0xe5/0x1b0 [ 1420.516653][T26176] ? __sys_sendmsg_sock+0x30/0x30 [ 1420.521680][T26176] ? syscall_enter_from_user_mode+0x21/0x70 [ 1420.527573][T26176] do_syscall_64+0x35/0xb0 [ 1420.531987][T26176] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1420.537878][T26176] RIP: 0033:0x4665d9 [ 1420.541804][T26176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1420.561577][T26176] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1420.569979][T26176] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1420.577943][T26176] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1420.585903][T26176] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1420.593863][T26176] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1420.601820][T26176] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 21:29:14 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1420.738952][T26234] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:14 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) socket$kcm(0x10, 0x2, 0x10) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000004c0)={0x0, {{0x2, 0x0, @remote}}, {{0x2, 0x0, @dev}}}, 0x163) mount(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x100) writev(r2, &(0x7f0000000280)=[{&(0x7f00000008c0)="110eaa1a9896d57019effc8c79961d0f73ccf3afca3754e2e7a31f536bcb7204bed49311e29c96e1c2b663d61e5b0c0a76ea50cbddaa69f578b8600f77cf1a538ac900673696245b6de4283c979a32c0cf7d54fe9d26650575d1398678895da32663735b4d0cabfe7e972e59c2b4b4c9c89d0b82ca2267ad5062303e8abcb79600010506702eb912e3957e507aec4e2180699a738f675350ba12282a1d7181887f6c2e03de1da0dfe3b4efbb10e9b59301b4ef8a1d", 0xb5}, {&(0x7f0000000980)="34c30d95766fefbb7bdc40a3242505587bbc8584c2bc2003185f5ce116eea020efa91e2aae1eae2b8e848ac13c3dcedbbbc82adb1e70be8eecedba37be82545f2abda4f0a0e0fd0edd6bd03bb8e9bb91c39a2c828511aef3e684ad4c21ec0c146b9570139e31cd", 0x67}], 0x2) [ 1420.791603][T26234] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1420.791603][T26234] !' 21:29:15 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d014f0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01570000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1420.913371][T26234] CPU: 0 PID: 26234 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1420.921916][T26234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1420.931983][T26234] Call Trace: [ 1420.935260][T26234] dump_stack_lvl+0xcd/0x134 [ 1420.939870][T26234] sysfs_warn_dup.cold+0x1c/0x29 [ 1420.944825][T26234] sysfs_do_create_link_sd+0x11e/0x140 [ 1420.950300][T26234] sysfs_create_link+0x5f/0xc0 [ 1420.955082][T26234] device_add+0x789/0x2100 [ 1420.959512][T26234] ? mutex_lock_io_nested+0xf00/0xf00 [ 1420.964893][T26234] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1420.970455][T26234] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1420.976700][T26234] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1420.982943][T26234] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1420.989197][T26234] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1420.995205][T26234] wiphy_register+0x1e8a/0x29b0 [ 1421.000076][T26234] ? wiphy_unregister+0xbd0/0xbd0 [ 1421.005105][T26234] ? minstrel_ht_alloc+0x531/0xa00 [ 1421.010236][T26234] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1421.016321][T26234] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1421.021801][T26234] ? ieee80211_restart_hw+0x290/0x290 [ 1421.027184][T26234] ? debug_object_destroy+0x210/0x210 [ 1421.032579][T26234] ? memset+0x20/0x40 [ 1421.036573][T26234] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.042822][T26234] ? __hrtimer_init+0x136/0x280 [ 1421.047686][T26234] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1421.053443][T26234] ? hwsim_virtio_rx_work+0x350/0x350 [ 1421.058841][T26234] ? __kmalloc_track_caller+0x1a0/0x320 [ 1421.064389][T26234] ? memcpy+0x39/0x60 [ 1421.068389][T26234] hwsim_new_radio_nl+0x9bc/0x1080 [ 1421.073524][T26234] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1421.079445][T26234] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.085691][T26234] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1421.093078][T26234] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1421.100386][T26234] genl_family_rcv_msg_doit+0x228/0x320 [ 1421.106151][T26234] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1421.113535][T26234] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.119795][T26234] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.126042][T26234] ? ns_capable+0xde/0x100 [ 1421.130471][T26234] genl_rcv_msg+0x328/0x580 [ 1421.134988][T26234] ? genl_get_cmd+0x480/0x480 [ 1421.139676][T26234] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1421.145586][T26234] ? lock_release+0x720/0x720 [ 1421.150275][T26234] netlink_rcv_skb+0x153/0x420 [ 1421.155046][T26234] ? genl_get_cmd+0x480/0x480 [ 1421.159734][T26234] ? netlink_ack+0xa60/0xa60 [ 1421.164338][T26234] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.170583][T26234] genl_rcv+0x24/0x40 [ 1421.174572][T26234] netlink_unicast+0x533/0x7d0 [ 1421.179348][T26234] ? netlink_attachskb+0x890/0x890 [ 1421.184467][T26234] ? __virt_addr_valid+0x5d/0x2d0 [ 1421.189496][T26234] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1421.195742][T26234] ? __phys_addr_symbol+0x2c/0x70 [ 1421.200768][T26234] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1421.206490][T26234] ? __check_object_size+0x16e/0x3f0 [ 1421.211784][T26234] netlink_sendmsg+0x85b/0xda0 [ 1421.216561][T26234] ? netlink_unicast+0x7d0/0x7d0 [ 1421.221512][T26234] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.227759][T26234] ? netlink_unicast+0x7d0/0x7d0 [ 1421.232714][T26234] sock_sendmsg+0xcf/0x120 [ 1421.237183][T26234] ____sys_sendmsg+0x6e8/0x810 [ 1421.241955][T26234] ? kernel_sendmsg+0x50/0x50 [ 1421.246634][T26234] ? do_recvmmsg+0x6d0/0x6d0 [ 1421.251235][T26234] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1421.257220][T26234] ? __fget_light+0x89/0x280 [ 1421.261828][T26234] ___sys_sendmsg+0xf3/0x170 [ 1421.266424][T26234] ? sendmsg_copy_msghdr+0x160/0x160 [ 1421.271726][T26234] ? __fget_files+0x266/0x3d0 [ 1421.276408][T26234] ? lock_downgrade+0x6e0/0x6e0 [ 1421.281288][T26234] ? __fget_files+0x288/0x3d0 [ 1421.285988][T26234] ? __fget_light+0xea/0x280 [ 1421.290585][T26234] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1421.296833][T26234] __sys_sendmsg+0xe5/0x1b0 [ 1421.301344][T26234] ? __sys_sendmsg_sock+0x30/0x30 [ 1421.306388][T26234] ? syscall_enter_from_user_mode+0x21/0x70 [ 1421.312299][T26234] do_syscall_64+0x35/0xb0 [ 1421.316733][T26234] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1421.322648][T26234] RIP: 0033:0x4665d9 [ 1421.326568][T26234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1421.346180][T26234] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1421.354600][T26234] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1421.362573][T26234] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1421.370539][T26234] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1421.378513][T26234] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1421.386483][T26234] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 [ 1421.516154][T26261] __nla_validate_parse: 16 callbacks suppressed [ 1421.516177][T26261] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1421.569980][T26276] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 21:29:15 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="e008030029000505d25a80648c6394200000003582c137153e370848018000f00625e3d82c33f2476872be9bf34a7c919ed6b77ac7a11072a2cbd09a7d3302895087c163a93eafea5d8310f44cf960441a94f05245035f75ec011113d8cf9f56dae9012366f2129c1c1cc7e09af84436f61ca384d5b70aa5c77f77feacf56ad91891546215c2ba592caf2f37b08bd38800000000", 0x94}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1421.616271][T26268] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1421.626898][T26245] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1421.626918][T26245] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1421.710168][T26245] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1421.710168][T26245] !' [ 1421.724159][T26245] CPU: 0 PID: 26245 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1421.732669][T26245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1421.742726][T26245] Call Trace: [ 1421.746002][T26245] dump_stack_lvl+0xcd/0x134 [ 1421.750603][T26245] sysfs_warn_dup.cold+0x1c/0x29 [ 1421.755548][T26245] sysfs_do_create_link_sd+0x11e/0x140 [ 1421.761020][T26245] sysfs_create_link+0x5f/0xc0 [ 1421.765792][T26245] device_add+0x789/0x2100 [ 1421.770212][T26245] ? mutex_lock_io_nested+0xf00/0xf00 [ 1421.775589][T26245] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1421.781401][T26245] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1421.787653][T26245] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1421.793896][T26245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.800141][T26245] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1421.806137][T26245] wiphy_register+0x1e8a/0x29b0 [ 1421.811004][T26245] ? wiphy_unregister+0xbd0/0xbd0 [ 1421.816116][T26245] ? minstrel_ht_alloc+0x531/0xa00 [ 1421.821273][T26245] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1421.827354][T26245] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1421.832837][T26245] ? ieee80211_restart_hw+0x290/0x290 [ 1421.838222][T26245] ? debug_object_destroy+0x210/0x210 [ 1421.843607][T26245] ? memset+0x20/0x40 [ 1421.847600][T26245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.853843][T26245] ? __hrtimer_init+0x136/0x280 [ 1421.858707][T26245] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1421.864455][T26245] ? hwsim_virtio_rx_work+0x350/0x350 [ 1421.869923][T26245] ? __kmalloc_track_caller+0x1a0/0x320 [ 1421.875479][T26245] ? memcpy+0x39/0x60 [ 1421.879477][T26245] hwsim_new_radio_nl+0x9bc/0x1080 [ 1421.884603][T26245] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1421.890732][T26245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.896978][T26245] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1421.904361][T26245] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1421.911660][T26245] genl_family_rcv_msg_doit+0x228/0x320 [ 1421.917221][T26245] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1421.924610][T26245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.930867][T26245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.937308][T26245] ? ns_capable+0xde/0x100 [ 1421.941719][T26245] genl_rcv_msg+0x328/0x580 [ 1421.946230][T26245] ? genl_get_cmd+0x480/0x480 [ 1421.950899][T26245] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1421.956858][T26245] ? lock_release+0x720/0x720 [ 1421.961542][T26245] netlink_rcv_skb+0x153/0x420 [ 1421.966699][T26245] ? genl_get_cmd+0x480/0x480 [ 1421.971579][T26245] ? netlink_ack+0xa60/0xa60 [ 1421.976378][T26245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1421.983308][T26245] genl_rcv+0x24/0x40 [ 1421.987871][T26245] netlink_unicast+0x533/0x7d0 [ 1421.992635][T26245] ? netlink_attachskb+0x890/0x890 [ 1421.997747][T26245] ? __virt_addr_valid+0x5d/0x2d0 [ 1422.002762][T26245] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1422.009004][T26245] ? __phys_addr_symbol+0x2c/0x70 [ 1422.014018][T26245] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1422.019740][T26245] ? __check_object_size+0x16e/0x3f0 [ 1422.025017][T26245] netlink_sendmsg+0x85b/0xda0 [ 1422.029788][T26245] ? netlink_unicast+0x7d0/0x7d0 [ 1422.034717][T26245] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1422.040953][T26245] ? netlink_unicast+0x7d0/0x7d0 [ 1422.045895][T26245] sock_sendmsg+0xcf/0x120 [ 1422.050297][T26245] ____sys_sendmsg+0x6e8/0x810 [ 1422.055052][T26245] ? kernel_sendmsg+0x50/0x50 [ 1422.059727][T26245] ? do_recvmmsg+0x6d0/0x6d0 [ 1422.064306][T26245] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1422.070277][T26245] ___sys_sendmsg+0xf3/0x170 [ 1422.074856][T26245] ? sendmsg_copy_msghdr+0x160/0x160 [ 1422.080130][T26245] ? __fget_files+0x266/0x3d0 [ 1422.084979][T26245] ? lock_downgrade+0x6e0/0x6e0 [ 1422.090441][T26245] ? __fget_files+0x288/0x3d0 [ 1422.095112][T26245] ? __fget_light+0xea/0x280 [ 1422.100083][T26245] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1422.106311][T26245] __sys_sendmsg+0xe5/0x1b0 [ 1422.110807][T26245] ? __sys_sendmsg_sock+0x30/0x30 [ 1422.115844][T26245] ? syscall_enter_from_user_mode+0x21/0x70 [ 1422.121739][T26245] do_syscall_64+0x35/0xb0 [ 1422.126156][T26245] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1422.132051][T26245] RIP: 0033:0x4665d9 [ 1422.135960][T26245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 21:29:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02570000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:16 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0xc8000, 0x0) openat$cgroup_devices(r2, &(0x7f0000000100)='devices.deny\x00', 0x2, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1422.155553][T26245] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1422.163950][T26245] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1422.171920][T26245] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1422.179886][T26245] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1422.187856][T26245] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1422.195809][T26245] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 21:29:16 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100), 0x0, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1422.269493][T26277] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1422.294820][ T3257] ieee802154 phy0 wpan0: encryption failed: -22 [ 1422.301313][ T3257] ieee802154 phy1 wpan1: encryption failed: -22 21:29:16 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1422.334004][T26306] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:29:16 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c630d0d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:16 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d024f0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1422.378806][T26307] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1422.448413][T26307] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1422.505608][T26308] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1422.536355][T26323] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1422.587956][T26307] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1422.587956][T26307] !' [ 1422.609804][T26307] CPU: 1 PID: 26307 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1422.618406][T26307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1422.628469][T26307] Call Trace: [ 1422.631749][T26307] dump_stack_lvl+0xcd/0x134 [ 1422.636352][T26307] sysfs_warn_dup.cold+0x1c/0x29 [ 1422.641301][T26307] sysfs_do_create_link_sd+0x11e/0x140 [ 1422.646884][T26307] sysfs_create_link+0x5f/0xc0 [ 1422.651654][T26307] device_add+0x789/0x2100 [ 1422.656076][T26307] ? mutex_lock_io_nested+0xf00/0xf00 [ 1422.661458][T26307] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1422.667102][T26307] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1422.673351][T26307] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1422.679600][T26307] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1422.685846][T26307] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1422.691840][T26307] wiphy_register+0x1e8a/0x29b0 [ 1422.696708][T26307] ? wiphy_unregister+0xbd0/0xbd0 [ 1422.701739][T26307] ? minstrel_ht_alloc+0x531/0xa00 [ 1422.706869][T26307] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1422.712953][T26307] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1422.718440][T26307] ? ieee80211_restart_hw+0x290/0x290 [ 1422.723824][T26307] ? debug_object_destroy+0x210/0x210 [ 1422.729215][T26307] ? memset+0x20/0x40 [ 1422.733207][T26307] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1422.739458][T26307] ? __hrtimer_init+0x136/0x280 [ 1422.744321][T26307] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1422.750069][T26307] ? hwsim_virtio_rx_work+0x350/0x350 [ 1422.755455][T26307] ? __kmalloc_track_caller+0x1a0/0x320 [ 1422.761008][T26307] ? memcpy+0x39/0x60 [ 1422.765007][T26307] hwsim_new_radio_nl+0x9bc/0x1080 [ 1422.770136][T26307] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1422.776049][T26307] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1422.782294][T26307] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1422.789674][T26307] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1422.796975][T26307] genl_family_rcv_msg_doit+0x228/0x320 [ 1422.802533][T26307] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1422.809914][T26307] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1422.816256][T26307] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1422.822675][T26307] ? ns_capable+0xde/0x100 [ 1422.827100][T26307] genl_rcv_msg+0x328/0x580 [ 1422.831615][T26307] ? genl_get_cmd+0x480/0x480 21:29:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03570000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1422.836302][T26307] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1422.842213][T26307] ? lock_release+0x720/0x720 [ 1422.846896][T26307] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1422.852190][T26307] netlink_rcv_skb+0x153/0x420 [ 1422.856968][T26307] ? genl_get_cmd+0x480/0x480 [ 1422.861656][T26307] ? netlink_ack+0xa60/0xa60 [ 1422.866275][T26307] genl_rcv+0x24/0x40 [ 1422.870267][T26307] netlink_unicast+0x533/0x7d0 [ 1422.875046][T26307] ? netlink_attachskb+0x890/0x890 [ 1422.880165][T26307] ? __virt_addr_valid+0x5d/0x2d0 [ 1422.885198][T26307] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1422.891449][T26307] ? __phys_addr_symbol+0x2c/0x70 [ 1422.896480][T26307] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1422.902202][T26307] ? __check_object_size+0x16e/0x3f0 [ 1422.907507][T26307] netlink_sendmsg+0x85b/0xda0 [ 1422.912290][T26307] ? netlink_unicast+0x7d0/0x7d0 [ 1422.917248][T26307] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1422.923497][T26307] ? netlink_unicast+0x7d0/0x7d0 [ 1422.928449][T26307] sock_sendmsg+0xcf/0x120 [ 1422.932874][T26307] ____sys_sendmsg+0x6e8/0x810 [ 1422.937650][T26307] ? kernel_sendmsg+0x50/0x50 [ 1422.942331][T26307] ? do_recvmmsg+0x6d0/0x6d0 [ 1422.946933][T26307] ? lock_chain_count+0x20/0x20 [ 1422.951792][T26307] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1422.957781][T26307] ___sys_sendmsg+0xf3/0x170 [ 1422.962361][T26307] ? sendmsg_copy_msghdr+0x160/0x160 [ 1422.967637][T26307] ? __fget_files+0x266/0x3d0 [ 1422.972321][T26307] ? lock_downgrade+0x6e0/0x6e0 [ 1422.977174][T26307] ? __fget_files+0x288/0x3d0 [ 1422.981866][T26307] ? __fget_light+0xea/0x280 [ 1422.986459][T26307] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1422.992693][T26307] __sys_sendmsg+0xe5/0x1b0 [ 1422.997200][T26307] ? __sys_sendmsg_sock+0x30/0x30 [ 1423.002220][T26307] ? syscall_enter_from_user_mode+0x21/0x70 [ 1423.008112][T26307] do_syscall_64+0x35/0xb0 [ 1423.012521][T26307] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1423.018419][T26307] RIP: 0033:0x4665d9 [ 1423.022311][T26307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1423.041905][T26307] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1423.050309][T26307] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1423.058266][T26307] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1423.066233][T26307] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1423.074204][T26307] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1423.082177][T26307] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1423.177883][T26337] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1423.233750][T26317] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1423.308999][T26317] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1423.308999][T26317] !' [ 1423.330599][T26317] CPU: 0 PID: 26317 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1423.339200][T26317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1423.349256][T26317] Call Trace: [ 1423.352533][T26317] dump_stack_lvl+0xcd/0x134 [ 1423.357135][T26317] sysfs_warn_dup.cold+0x1c/0x29 [ 1423.362085][T26317] sysfs_do_create_link_sd+0x11e/0x140 [ 1423.367556][T26317] sysfs_create_link+0x5f/0xc0 [ 1423.372329][T26317] device_add+0x789/0x2100 [ 1423.376855][T26317] ? mutex_lock_io_nested+0xf00/0xf00 [ 1423.382241][T26317] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1423.387796][T26317] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1423.394042][T26317] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1423.400289][T26317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1423.406528][T26317] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1423.412521][T26317] wiphy_register+0x1e8a/0x29b0 [ 1423.417387][T26317] ? wiphy_unregister+0xbd0/0xbd0 [ 1423.422419][T26317] ? minstrel_ht_alloc+0x531/0xa00 [ 1423.427569][T26317] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1423.433645][T26317] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1423.439126][T26317] ? ieee80211_restart_hw+0x290/0x290 [ 1423.444509][T26317] ? debug_object_destroy+0x210/0x210 [ 1423.449897][T26317] ? memset+0x20/0x40 21:29:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00580000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:17 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d034f0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:17 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) ioctl$BTRFS_IOC_RESIZE(r4, 0x50009403, &(0x7f00000000c0)={{r3}, {@void, @max}}) [ 1423.453895][T26317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1423.460147][T26317] ? __hrtimer_init+0x136/0x280 [ 1423.465015][T26317] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1423.470762][T26317] ? hwsim_virtio_rx_work+0x350/0x350 [ 1423.476142][T26317] ? __kmalloc_track_caller+0x1a0/0x320 [ 1423.481700][T26317] ? memcpy+0x39/0x60 [ 1423.485692][T26317] hwsim_new_radio_nl+0x9bc/0x1080 [ 1423.490816][T26317] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1423.496731][T26317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1423.502982][T26317] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1423.510366][T26317] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1423.517667][T26317] genl_family_rcv_msg_doit+0x228/0x320 [ 1423.523228][T26317] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1423.530613][T26317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1423.536869][T26317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1423.543114][T26317] ? ns_capable+0xde/0x100 [ 1423.547542][T26317] genl_rcv_msg+0x328/0x580 [ 1423.552059][T26317] ? genl_get_cmd+0x480/0x480 [ 1423.556746][T26317] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1423.563002][T26317] ? lock_release+0x720/0x720 [ 1423.567693][T26317] netlink_rcv_skb+0x153/0x420 [ 1423.572465][T26317] ? genl_get_cmd+0x480/0x480 [ 1423.577156][T26317] ? netlink_ack+0xa60/0xa60 [ 1423.581763][T26317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1423.588015][T26317] genl_rcv+0x24/0x40 [ 1423.592005][T26317] netlink_unicast+0x533/0x7d0 [ 1423.596785][T26317] ? netlink_attachskb+0x890/0x890 [ 1423.601901][T26317] ? __virt_addr_valid+0x5d/0x2d0 [ 1423.606945][T26317] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1423.613188][T26317] ? __phys_addr_symbol+0x2c/0x70 [ 1423.618215][T26317] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1423.623942][T26317] ? __check_object_size+0x16e/0x3f0 [ 1423.629237][T26317] netlink_sendmsg+0x85b/0xda0 [ 1423.634016][T26317] ? netlink_unicast+0x7d0/0x7d0 [ 1423.638968][T26317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1423.645215][T26317] ? netlink_unicast+0x7d0/0x7d0 [ 1423.650165][T26317] sock_sendmsg+0xcf/0x120 [ 1423.654590][T26317] ____sys_sendmsg+0x6e8/0x810 [ 1423.659365][T26317] ? kernel_sendmsg+0x50/0x50 [ 1423.664043][T26317] ? do_recvmmsg+0x6d0/0x6d0 [ 1423.668647][T26317] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1423.674643][T26317] ___sys_sendmsg+0xf3/0x170 [ 1423.679242][T26317] ? sendmsg_copy_msghdr+0x160/0x160 [ 1423.684538][T26317] ? __fget_files+0x266/0x3d0 [ 1423.689222][T26317] ? lock_downgrade+0x6e0/0x6e0 [ 1423.694092][T26317] ? __fget_files+0x288/0x3d0 [ 1423.698784][T26317] ? __fget_light+0xea/0x280 [ 1423.703383][T26317] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1423.709634][T26317] __sys_sendmsg+0xe5/0x1b0 [ 1423.714146][T26317] ? __sys_sendmsg_sock+0x30/0x30 [ 1423.719192][T26317] ? syscall_enter_from_user_mode+0x21/0x70 [ 1423.725104][T26317] do_syscall_64+0x35/0xb0 [ 1423.729527][T26317] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1423.735431][T26317] RIP: 0033:0x4665d9 [ 1423.739544][T26317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1423.760184][T26317] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1423.768584][T26317] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1423.777039][T26317] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1423.785013][T26317] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1423.792982][T26317] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1423.800941][T26317] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 21:29:18 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:18 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100), 0x0, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1423.922171][T26372] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1423.957618][T26372] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1423.957618][T26372] !' [ 1424.017260][T26372] CPU: 1 PID: 26372 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1424.025896][T26372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1424.035951][T26372] Call Trace: [ 1424.039226][T26372] dump_stack_lvl+0xcd/0x134 [ 1424.043832][T26372] sysfs_warn_dup.cold+0x1c/0x29 [ 1424.048784][T26372] sysfs_do_create_link_sd+0x11e/0x140 [ 1424.054255][T26372] sysfs_create_link+0x5f/0xc0 [ 1424.059025][T26372] device_add+0x789/0x2100 [ 1424.063452][T26372] ? mutex_lock_io_nested+0xf00/0xf00 [ 1424.068831][T26372] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1424.074382][T26372] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1424.080631][T26372] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1424.087040][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.093698][T26372] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1424.099963][T26372] wiphy_register+0x1e8a/0x29b0 [ 1424.105045][T26372] ? wiphy_unregister+0xbd0/0xbd0 [ 1424.110416][T26372] ? minstrel_ht_alloc+0x531/0xa00 [ 1424.115729][T26372] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1424.122173][T26372] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1424.128142][T26372] ? ieee80211_restart_hw+0x290/0x290 [ 1424.133505][T26372] ? debug_object_destroy+0x210/0x210 [ 1424.139246][T26372] ? memset+0x20/0x40 [ 1424.143230][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.149473][T26372] ? __hrtimer_init+0x136/0x280 [ 1424.154333][T26372] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1424.160081][T26372] ? hwsim_virtio_rx_work+0x350/0x350 [ 1424.165549][T26372] ? __kmalloc_track_caller+0x1a0/0x320 [ 1424.171103][T26372] ? memcpy+0x39/0x60 [ 1424.175098][T26372] hwsim_new_radio_nl+0x9bc/0x1080 [ 1424.180221][T26372] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1424.186134][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.192384][T26372] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1424.199769][T26372] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1424.207068][T26372] genl_family_rcv_msg_doit+0x228/0x320 [ 1424.212629][T26372] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1424.220009][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.226265][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.232530][T26372] ? ns_capable+0xde/0x100 [ 1424.236953][T26372] genl_rcv_msg+0x328/0x580 [ 1424.241469][T26372] ? genl_get_cmd+0x480/0x480 [ 1424.246157][T26372] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1424.252064][T26372] ? lock_release+0x720/0x720 [ 1424.256743][T26372] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1424.262037][T26372] netlink_rcv_skb+0x153/0x420 [ 1424.266800][T26372] ? genl_get_cmd+0x480/0x480 [ 1424.271487][T26372] ? netlink_ack+0xa60/0xa60 [ 1424.276104][T26372] genl_rcv+0x24/0x40 [ 1424.280092][T26372] netlink_unicast+0x533/0x7d0 [ 1424.284871][T26372] ? netlink_attachskb+0x890/0x890 [ 1424.289988][T26372] ? __virt_addr_valid+0x5d/0x2d0 [ 1424.295018][T26372] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1424.301263][T26372] ? __phys_addr_symbol+0x2c/0x70 [ 1424.306292][T26372] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1424.312014][T26372] ? __check_object_size+0x16e/0x3f0 21:29:18 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00500000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:18 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01580000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1424.317307][T26372] netlink_sendmsg+0x85b/0xda0 [ 1424.322084][T26372] ? netlink_unicast+0x7d0/0x7d0 [ 1424.327035][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.333281][T26372] ? netlink_unicast+0x7d0/0x7d0 [ 1424.338227][T26372] sock_sendmsg+0xcf/0x120 [ 1424.342652][T26372] ____sys_sendmsg+0x6e8/0x810 [ 1424.347425][T26372] ? kernel_sendmsg+0x50/0x50 [ 1424.352112][T26372] ? do_recvmmsg+0x6d0/0x6d0 [ 1424.356693][T26372] ? lock_chain_count+0x20/0x20 [ 1424.361743][T26372] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1424.367922][T26372] ___sys_sendmsg+0xf3/0x170 [ 1424.372731][T26372] ? sendmsg_copy_msghdr+0x160/0x160 [ 1424.378590][T26372] ? __fget_files+0x266/0x3d0 [ 1424.383287][T26372] ? lock_downgrade+0x6e0/0x6e0 [ 1424.388205][T26372] ? __fget_files+0x288/0x3d0 [ 1424.392988][T26372] ? __fget_light+0xea/0x280 [ 1424.397583][T26372] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1424.403831][T26372] __sys_sendmsg+0xe5/0x1b0 [ 1424.408322][T26372] ? __sys_sendmsg_sock+0x30/0x30 [ 1424.413428][T26372] ? syscall_enter_from_user_mode+0x21/0x70 [ 1424.419342][T26372] do_syscall_64+0x35/0xb0 [ 1424.423764][T26372] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1424.429653][T26372] RIP: 0033:0x4665d9 [ 1424.433542][T26372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1424.453148][T26372] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1424.461548][T26372] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1424.469515][T26372] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1424.477469][T26372] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1424.485424][T26372] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1424.493387][T26372] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1424.554126][T26374] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1424.607620][T26374] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1424.607620][T26374] !' [ 1424.635696][T26374] CPU: 1 PID: 26374 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1424.644312][T26374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1424.654358][T26374] Call Trace: [ 1424.657627][T26374] dump_stack_lvl+0xcd/0x134 [ 1424.662216][T26374] sysfs_warn_dup.cold+0x1c/0x29 [ 1424.667149][T26374] sysfs_do_create_link_sd+0x11e/0x140 [ 1424.672605][T26374] sysfs_create_link+0x5f/0xc0 [ 1424.677366][T26374] device_add+0x789/0x2100 [ 1424.681774][T26374] ? mutex_lock_io_nested+0xf00/0xf00 [ 1424.687144][T26374] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1424.693029][T26374] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1424.699257][T26374] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1424.705486][T26374] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.711716][T26374] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1424.717696][T26374] wiphy_register+0x1e8a/0x29b0 [ 1424.722545][T26374] ? wiphy_unregister+0xbd0/0xbd0 [ 1424.727558][T26374] ? minstrel_ht_alloc+0x531/0xa00 [ 1424.732671][T26374] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1424.738737][T26374] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1424.744200][T26374] ? ieee80211_restart_hw+0x290/0x290 [ 1424.749569][T26374] ? debug_object_destroy+0x210/0x210 [ 1424.754938][T26374] ? memset+0x20/0x40 [ 1424.758911][T26374] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.765142][T26374] ? __hrtimer_init+0x136/0x280 [ 1424.769989][T26374] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1424.775804][T26374] ? hwsim_virtio_rx_work+0x350/0x350 [ 1424.781169][T26374] ? __kmalloc_track_caller+0x1a0/0x320 [ 1424.786722][T26374] ? memcpy+0x39/0x60 [ 1424.790714][T26374] hwsim_new_radio_nl+0x9bc/0x1080 [ 1424.795837][T26374] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1424.801733][T26374] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.807963][T26374] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1424.815329][T26374] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1424.822611][T26374] genl_family_rcv_msg_doit+0x228/0x320 [ 1424.828154][T26374] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1424.835519][T26374] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.841759][T26374] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.847991][T26374] ? ns_capable+0xde/0x100 [ 1424.852402][T26374] genl_rcv_msg+0x328/0x580 [ 1424.856922][T26374] ? genl_get_cmd+0x480/0x480 [ 1424.861592][T26374] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1424.867482][T26374] ? lock_release+0x720/0x720 [ 1424.872145][T26374] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1424.877447][T26374] netlink_rcv_skb+0x153/0x420 [ 1424.882221][T26374] ? genl_get_cmd+0x480/0x480 [ 1424.886895][T26374] ? netlink_ack+0xa60/0xa60 [ 1424.891489][T26374] genl_rcv+0x24/0x40 [ 1424.895465][T26374] netlink_unicast+0x533/0x7d0 [ 1424.900223][T26374] ? netlink_attachskb+0x890/0x890 [ 1424.905325][T26374] ? __virt_addr_valid+0x5d/0x2d0 [ 1424.910340][T26374] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1424.916569][T26374] ? __phys_addr_symbol+0x2c/0x70 [ 1424.921585][T26374] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1424.927294][T26374] ? __check_object_size+0x16e/0x3f0 [ 1424.932572][T26374] netlink_sendmsg+0x85b/0xda0 [ 1424.937333][T26374] ? netlink_unicast+0x7d0/0x7d0 [ 1424.942268][T26374] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1424.948499][T26374] ? netlink_unicast+0x7d0/0x7d0 [ 1424.953427][T26374] sock_sendmsg+0xcf/0x120 [ 1424.957839][T26374] ____sys_sendmsg+0x6e8/0x810 [ 1424.962593][T26374] ? kernel_sendmsg+0x50/0x50 [ 1424.967275][T26374] ? do_recvmmsg+0x6d0/0x6d0 [ 1424.971880][T26374] ? lock_chain_count+0x20/0x20 [ 1424.976720][T26374] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1424.982694][T26374] ___sys_sendmsg+0xf3/0x170 [ 1424.987276][T26374] ? sendmsg_copy_msghdr+0x160/0x160 [ 1424.992555][T26374] ? __fget_files+0x266/0x3d0 [ 1424.997222][T26374] ? lock_downgrade+0x6e0/0x6e0 [ 1425.002089][T26374] ? __fget_files+0x288/0x3d0 [ 1425.006762][T26374] ? __fget_light+0xea/0x280 [ 1425.011344][T26374] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1425.017580][T26374] __sys_sendmsg+0xe5/0x1b0 [ 1425.022071][T26374] ? __sys_sendmsg_sock+0x30/0x30 [ 1425.027097][T26374] ? syscall_enter_from_user_mode+0x21/0x70 [ 1425.032992][T26374] do_syscall_64+0x35/0xb0 [ 1425.037399][T26374] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1425.043288][T26374] RIP: 0033:0x4665d9 [ 1425.047167][T26374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1425.066775][T26374] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1425.075176][T26374] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1425.083134][T26374] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1425.091095][T26374] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1425.099050][T26374] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1425.107006][T26374] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 21:29:19 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02580000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1425.207234][T26382] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01500000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1425.262768][T26382] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1425.262768][T26382] !' [ 1425.298044][T26382] CPU: 1 PID: 26382 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1425.306670][T26382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1425.316726][T26382] Call Trace: [ 1425.320004][T26382] dump_stack_lvl+0xcd/0x134 [ 1425.324606][T26382] sysfs_warn_dup.cold+0x1c/0x29 [ 1425.329551][T26382] sysfs_do_create_link_sd+0x11e/0x140 [ 1425.335018][T26382] sysfs_create_link+0x5f/0xc0 [ 1425.339791][T26382] device_add+0x789/0x2100 [ 1425.344213][T26382] ? mutex_lock_io_nested+0xf00/0xf00 [ 1425.349597][T26382] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1425.355139][T26382] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1425.361368][T26382] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1425.367600][T26382] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1425.373830][T26382] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1425.379807][T26382] wiphy_register+0x1e8a/0x29b0 [ 1425.384655][T26382] ? wiphy_unregister+0xbd0/0xbd0 [ 1425.389668][T26382] ? minstrel_ht_alloc+0x531/0xa00 [ 1425.394783][T26382] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1425.400855][T26382] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1425.406318][T26382] ? ieee80211_restart_hw+0x290/0x290 [ 1425.411685][T26382] ? debug_object_destroy+0x210/0x210 [ 1425.417230][T26382] ? memset+0x20/0x40 [ 1425.421204][T26382] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1425.427438][T26382] ? __hrtimer_init+0x136/0x280 [ 1425.432284][T26382] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1425.438015][T26382] ? hwsim_virtio_rx_work+0x350/0x350 [ 1425.443378][T26382] ? __kmalloc_track_caller+0x1a0/0x320 [ 1425.448914][T26382] ? memcpy+0x39/0x60 [ 1425.452891][T26382] hwsim_new_radio_nl+0x9bc/0x1080 [ 1425.457997][T26382] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1425.463890][T26382] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1425.470122][T26382] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1425.477747][T26382] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1425.485048][T26382] genl_family_rcv_msg_doit+0x228/0x320 [ 1425.490591][T26382] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1425.497958][T26382] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1425.504201][T26382] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1425.510431][T26382] ? ns_capable+0xde/0x100 [ 1425.514844][T26382] genl_rcv_msg+0x328/0x580 [ 1425.519360][T26382] ? genl_get_cmd+0x480/0x480 [ 1425.524119][T26382] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1425.530011][T26382] ? lock_release+0x720/0x720 [ 1425.534679][T26382] netlink_rcv_skb+0x153/0x420 [ 1425.539444][T26382] ? genl_get_cmd+0x480/0x480 [ 1425.544119][T26382] ? netlink_ack+0xa60/0xa60 [ 1425.548710][T26382] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1425.554946][T26382] genl_rcv+0x24/0x40 [ 1425.558919][T26382] netlink_unicast+0x533/0x7d0 [ 1425.563679][T26382] ? netlink_attachskb+0x890/0x890 [ 1425.568781][T26382] ? __virt_addr_valid+0x5d/0x2d0 [ 1425.573810][T26382] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1425.580039][T26382] ? __phys_addr_symbol+0x2c/0x70 [ 1425.585050][T26382] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1425.590758][T26382] ? __check_object_size+0x16e/0x3f0 [ 1425.596036][T26382] netlink_sendmsg+0x85b/0xda0 [ 1425.600798][T26382] ? netlink_unicast+0x7d0/0x7d0 [ 1425.605736][T26382] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1425.611968][T26382] ? netlink_unicast+0x7d0/0x7d0 [ 1425.616897][T26382] sock_sendmsg+0xcf/0x120 [ 1425.621303][T26382] ____sys_sendmsg+0x6e8/0x810 [ 1425.626060][T26382] ? kernel_sendmsg+0x50/0x50 [ 1425.630725][T26382] ? do_recvmmsg+0x6d0/0x6d0 [ 1425.635311][T26382] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1425.641286][T26382] ___sys_sendmsg+0xf3/0x170 [ 1425.645867][T26382] ? sendmsg_copy_msghdr+0x160/0x160 [ 1425.651146][T26382] ? __fget_files+0x266/0x3d0 [ 1425.655814][T26382] ? lock_downgrade+0x6e0/0x6e0 [ 1425.660663][T26382] ? __fget_files+0x288/0x3d0 [ 1425.665337][T26382] ? __fget_light+0xea/0x280 [ 1425.669917][T26382] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1425.676150][T26382] __sys_sendmsg+0xe5/0x1b0 [ 1425.680650][T26382] ? __sys_sendmsg_sock+0x30/0x30 [ 1425.685676][T26382] ? syscall_enter_from_user_mode+0x21/0x70 [ 1425.691567][T26382] do_syscall_64+0x35/0xb0 [ 1425.695975][T26382] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1425.701860][T26382] RIP: 0033:0x4665d9 [ 1425.705743][T26382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1425.725342][T26382] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1425.733747][T26382] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1425.741706][T26382] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1425.749751][T26382] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1425.757708][T26382] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1425.765667][T26382] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 [ 1425.877288][T26372] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:20 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100), 0x0, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:20 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c630e0d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:20 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1426.011448][T26372] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1426.011448][T26372] !' [ 1426.041383][T26372] CPU: 0 PID: 26372 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1426.050016][T26372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1426.060071][T26372] Call Trace: [ 1426.063345][T26372] dump_stack_lvl+0xcd/0x134 [ 1426.067945][T26372] sysfs_warn_dup.cold+0x1c/0x29 [ 1426.072893][T26372] sysfs_do_create_link_sd+0x11e/0x140 [ 1426.078361][T26372] sysfs_create_link+0x5f/0xc0 [ 1426.083131][T26372] device_add+0x789/0x2100 [ 1426.087553][T26372] ? mutex_lock_io_nested+0xf00/0xf00 [ 1426.092933][T26372] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1426.098486][T26372] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1426.104730][T26372] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1426.110973][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1426.117218][T26372] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1426.123213][T26372] wiphy_register+0x1e8a/0x29b0 [ 1426.128078][T26372] ? wiphy_unregister+0xbd0/0xbd0 [ 1426.133104][T26372] ? minstrel_ht_alloc+0x531/0xa00 [ 1426.138231][T26372] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1426.144314][T26372] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1426.149797][T26372] ? ieee80211_restart_hw+0x290/0x290 [ 1426.155177][T26372] ? debug_object_destroy+0x210/0x210 [ 1426.160562][T26372] ? memset+0x20/0x40 [ 1426.164549][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1426.170791][T26372] ? __hrtimer_init+0x136/0x280 [ 1426.175655][T26372] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1426.181402][T26372] ? hwsim_virtio_rx_work+0x350/0x350 [ 1426.186787][T26372] ? __kmalloc_track_caller+0x1a0/0x320 [ 1426.192338][T26372] ? memcpy+0x39/0x60 [ 1426.196336][T26372] hwsim_new_radio_nl+0x9bc/0x1080 [ 1426.201467][T26372] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1426.207380][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1426.213635][T26372] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1426.221012][T26372] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1426.228313][T26372] genl_family_rcv_msg_doit+0x228/0x320 [ 1426.233873][T26372] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1426.241258][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1426.247517][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1426.253765][T26372] ? ns_capable+0xde/0x100 [ 1426.258190][T26372] genl_rcv_msg+0x328/0x580 [ 1426.262707][T26372] ? genl_get_cmd+0x480/0x480 [ 1426.267396][T26372] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1426.273304][T26372] ? lock_release+0x720/0x720 [ 1426.277984][T26372] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1426.283279][T26372] netlink_rcv_skb+0x153/0x420 [ 1426.288052][T26372] ? genl_get_cmd+0x480/0x480 [ 1426.292740][T26372] ? netlink_ack+0xa60/0xa60 [ 1426.297355][T26372] genl_rcv+0x24/0x40 [ 1426.301344][T26372] netlink_unicast+0x533/0x7d0 [ 1426.306121][T26372] ? netlink_attachskb+0x890/0x890 [ 1426.311243][T26372] ? __virt_addr_valid+0x5d/0x2d0 [ 1426.316363][T26372] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1426.322610][T26372] ? __phys_addr_symbol+0x2c/0x70 [ 1426.327636][T26372] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1426.333362][T26372] ? __check_object_size+0x16e/0x3f0 [ 1426.338660][T26372] netlink_sendmsg+0x85b/0xda0 [ 1426.343437][T26372] ? netlink_unicast+0x7d0/0x7d0 [ 1426.348398][T26372] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1426.354649][T26372] ? netlink_unicast+0x7d0/0x7d0 [ 1426.359595][T26372] sock_sendmsg+0xcf/0x120 [ 1426.364017][T26372] ____sys_sendmsg+0x6e8/0x810 [ 1426.368787][T26372] ? kernel_sendmsg+0x50/0x50 [ 1426.373464][T26372] ? do_recvmmsg+0x6d0/0x6d0 [ 1426.378067][T26372] ? lock_chain_count+0x20/0x20 [ 1426.382917][T26372] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1426.388900][T26372] ___sys_sendmsg+0xf3/0x170 [ 1426.393491][T26372] ? sendmsg_copy_msghdr+0x160/0x160 [ 1426.398775][T26372] ? __fget_files+0x266/0x3d0 [ 1426.403450][T26372] ? lock_downgrade+0x6e0/0x6e0 [ 1426.408307][T26372] ? __fget_files+0x288/0x3d0 [ 1426.412984][T26372] ? __fget_light+0xea/0x280 [ 1426.417593][T26372] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1426.423833][T26372] __sys_sendmsg+0xe5/0x1b0 [ 1426.428329][T26372] ? __sys_sendmsg_sock+0x30/0x30 [ 1426.433366][T26372] ? syscall_enter_from_user_mode+0x21/0x70 [ 1426.439286][T26372] do_syscall_64+0x35/0xb0 [ 1426.443695][T26372] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1426.449585][T26372] RIP: 0033:0x4665d9 [ 1426.453466][T26372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1426.473064][T26372] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1426.481485][T26372] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1426.489450][T26372] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1426.497411][T26372] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1426.505373][T26372] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1426.513334][T26372] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:29:20 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03580000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1426.643747][T26468] __nla_validate_parse: 17 callbacks suppressed [ 1426.643764][T26468] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1426.698976][T26444] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1426.747662][T26466] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:20 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02500000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1426.793683][T26466] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:29:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00590000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:21 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x0, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:21 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00002e2000/0x3000)=nil, 0x3000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000740)={0x1, 0x5, 0x4, 0x0, 0x7ff, {}, {0x4, 0xc, 0xff, 0x9, 0x7f, 0xff, "f920fd5a"}, 0x7a2, 0x3, @fd=r0, 0x7fff, 0x0, r0}) preadv(r2, &(0x7f0000000280), 0x0, 0xd9f, 0x7) r3 = socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r4 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f00000007c0)={0x0, 0x3, 0x0, 0x7}) perf_event_open(0x0, 0x0, 0x0, r4, 0x0) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x202000, 0x0) recvmsg$can_bcm(r5, &(0x7f0000000600)={&(0x7f0000000840)=@tipc=@name, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)=""/115, 0x6a}, {&(0x7f0000000200)=""/229, 0xe5}, {&(0x7f0000000300)=""/6, 0x6}, {&(0x7f0000000340)=""/160, 0xa0}, {&(0x7f0000000800)=""/58, 0x2f}, {&(0x7f0000000440)=""/76, 0x4c}], 0x6, &(0x7f0000000540)=""/177, 0xfffffffffffffd80}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r6 = accept$packet(r3, &(0x7f0000000640)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000680)=0x14) getsockname$packet(r6, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000700)=0x14) sendmsg$kcm(r0, &(0x7f0000002f00)={&(0x7f0000000100)=@isdn={0x22, 0x8, 0x7, 0x3, 0x8}, 0x80, &(0x7f0000002c00)=[{&(0x7f00000008c0)="54b85e142c242da540e841a99d730529db78fd7da8b2298fae1ab845d41633359338a23076f583f7697a7fb0f3c21c904503d69c39ac92f435c8d8cd236e75792aa0748a3d1467dbcf807c03ca64d20a05359dcb9080016e0222a32c50d29e32408421c8eb727df7393d65694381f0106c768bf380eb6b111e28a167edafe42c36093fad95764d902a1e06d29a15a4db935ff5472b34ce240d8541e25f45c201db5fa03ee8fc105b360c15b326d28aa86613d75923b44c826235f18d2da492eaea62e3ec0916e93deda6e708af11dcb329c35291e436c0709ef9b62fecba7926aaad4f610dc81d3c49767e7225d7f5dfa31cf7d12d3bba87230c8e12cc4093c9fdf10a21cb69938e5b746ea70093eef35bdfbb6f620807e3753abcae95ed2c69b8fe6e8e187c9bc4b32f23e40a5f0140be9d6b6f682f18f756c1d2bea1fb5d6b214de2678cf60596a8224d08fc94f5d95f2e3c7b9f72b56578feb312504ffc0fbcafe62e5e172fda5019b51c09763647bab3af31f6cef1faf957d912cde4644b23086dbb394b78fd7c53c22fe92dac297651925e6881d4ee8357c995c566f33aac5f9831384afd0ea8fd9b14984ed2e3bdfc2142087c5000caa78056b3ff76d1914e13d17a200e6973ce596284d9d5be054904a9ce7dfa053f40a0b73efde40e6d34041bb83505d8308e7c6ee38ec595a87297c8e41a7f210bc58b6a8bf10e6ee855f102e85fa9130e2aa51811093a1ebfd0892065273ff0a1583fed14ffce95f7dc4ec78fa326e8937cc5f69c7a3a1b5941f2d2a904a0384c3f0b28b4993428cea4d2b0935ee3354b04890bf78a34c63beeb70fe01bf9ea4c9dac1a5d98894992be43699fcc18f54ebaa850855578d788b92c8ee088a7ddf4095e89333dabc9805ce425267ac55a747908ccd4ea75aa4ef9a4a668cc40adc65420e69d5ea7d7c9eadbd072cf5da36fff5b94fa9871f970492a29b139b8ff304b29ece737811368dfc40db58574893e2f10c3d7a410e3471c4193bce6322d921436471269050cc844f6991f1b0e242346123bcde3d9786e637b2f4f8759125d7271dbb4a68fa1f448b17fc4f476b62d2078b23d159a7582bfaf14b634e10c48ffb7d2bca3f42580a3bc93364e652c978861effff1b3f759496e33fe4f13c5e14aacb1b016a1e5c9a9a2ff9ac641eaaecbb131ffaa79d744c576ffeb4ee50742d917554c8a5332b8450f837973a9555fbb44acae4b8ce4294d2ea572a6b08d2f0b693e3eb1bf30d5f648450b7c4d5a0d18ee69e9357d6a66ebcc4c553e711c1c4638a9c8315596f73161319d6e62e8d0135c1d7a9238060506657b432735d6a22211ace3f6a72da856788940e0140918e66833621d7e3bc71710badba67f6ee01741dea73cef33ebb5d77ade35e4ae8054431f75be927c5d5aa35e1bf30a917ceddbd8a2c11d86d80794b37a4d95020ff9870a2a868a4d9d158bb9fc15f4405dad762cb1b3e62bc395902935c59e55daa2623cac9262f96e844c8a103154a56c3740a0ece400202b5e642768032743545eb8904076ab49576171861a19e74caf3a353d230e18612d36c75e5f9461f331e7f1285f87a91302416674abb8644aae9fa859ac7de083c17714bd49988f430af50206b879cd1872c7c9f149acb49a9a1840a2031d5d4c0f399b60ab3974bc21a6522f34fdf89184af41414c9758af857c2ebab603dccac4496f05485b1d84914a7297015bcd2fe7d5e55912e7be0912776f9b700ee6fe98ab3d3635a101f4e8e8e415c81ce63e2d905c40461fe2aa02a13ae17e1d955c67392b152e78967990d881d67013ba8ed0023046ed334cc64d39e66e41ab9af32c6222403e709e326f6e714ed0c2972e4704284d1067f3306910ea74a5b29e2a3e641e6ba61f5678eb7f730e83c65d6f84a68db4aec21685b6c63a6c37d0179f9209e0367b90cf156d28ec7252bd839a20dc4b7e9341a0aaf3e9baaecc53ac2ab7bfd59dc310e5fbd30f8ea84b5f743acd2faa120c5c5d718eb6a7b21c5a5e97c214c763b88b9663654b4a404c7cf5a212863887ae9140b69538fc9fba8730b0d69432bbb5f6ecb86aca29dd0542e70518f2eee1abf8e84d8ffb88b049c18ca3262f1af1d56042cb2100e159d0ee794de964f89375a6bd1e3a2092ad471eb3de708fc2f9aea907b3bd5fbfb474b6249b62cdb46e3d644f389ba28464cc174162e5488c7127013c65acb56c498bbfe6610b3c1dfde7bedf7f4ab04c198abff683e31f7f0782f4157485ad306033372efb85e1c3395fb0b0d365c75715cfa14c3577195a080144c4267f3dd064f3c21db5b51ec2dd4b70d12dc3e4549e2639e94630b106814332967b4c552567402f4c1baf044ae5ce18b5523314af7b8d4b80a0983257121633a0b1d04647e729c7a3b5f8339be17da0d7459d9b886e4e65dd22d9dae4981c0f85719e87615b26639b33f23d08de741a419b571323d55ae6c6a97c2db038793b3bf2429101412917d9fe6bef21649d8afadce461a3e4762d3b898685c4a4cce963dfc48d50c6ab3faf388db2d10f9006588d2fec1a75b85081e9e4d2d2fcca5ae8e0830e3a86c09a462837caa19f59e50a4edd1c51dc5771be7f0c4873529ee8b2c7682fc6153670fe24143f5fc626659f1815c08eae7dc8939535b0f7f2b2f62a41abe69dc728892f1c38a75f473b4e0a125f65ab11108eb54918d75f014ee9a3409b34322460be68304b58fe16e83763008b37c9ca19df598b80cd70f0052490a1d1a7223242eabb044726e605d52cb956770ab37fb8416736bed96a17724db5446d890edb2cd100fefe245878d9bdba785b59352eaed38d53f2c7daccee591615aae6bc6e34ce2093d9273fbc94d7accaa9ea441d9b88ae9c133253d9ef33ed60282fa1f0606bd04d0fbf0c73350ca0f818c12c0b4edbef85ccc06d86067dbfc35759c920b8a0559adcd3b37ef4b2a778db0bbe84474d3e6d5752bb77ff9bb12b4fbe7521cbd1bea7e305dce9f95c06ede8fadc0d33e94f6eb3d6390d6f2d185c78d5750365a164f662e91f3457012fc5e4304b6adf6aec1565c419864978b4b7c8cbae36d1f6efc08635d546bf2d68edf1e84dbce456414c50cb5f810bfeabe9aebb97fc0247dbdf6c4307cfa1b5f7f56929bcf1d48e1f321da12ee84a99533893486fa741d5f71c5481b6b687437a7929c2273515151730b004a59caa703807cd80c0765efbee3c573dada8e4a4ab4a295a6149bab46fb9c5303a56f035897c11f1d26ee43f3ea7d0af13d07ac7798afbb09def563e8ea927f4572883ba7d3f7f7a1c536eea0ee1c3d59fe1a1471817d67a2e23067e49d2c78c0b2db930a5ea0add4ce89b214ba95c78b65901fa78968df2a3ec4f065a452da8a9a8d35c3bcb7a38c1874ce222dd2184e6c914c8ba4849924a2d53e78b49c834e6e98e3fe2b2d31fb70b05269224df0664726c54c792d319a806a88f76fc09fa88742e72f4d11db7fd842de37a558cb09185e6aa17c0a93d6a15c596dd10906336bac6cbf6a3db07f1e57b03ab57d97de96a3655acb29d3f597f35f61f0ff4b382049f2a8416ad5be687f37d466389af1b8ed30e70c43e974bda55b7866e0ac82db2cd75467df14b8da33375b9b6dfac360f83a98c0187c4708aaf4c75fc803ac6861d2f0ce6140a8ccac1563d8dce7f6c31e63d32d899b4a8cb27fc3d01a99da28e3bb75dc3fd92e963f2271223fa0748a00566fb4ed54ffae8704abe5fdbaf52a68cef5aa0c62fe304581f5369043a1bdeb47454548ca74310633c68ef9e8e0bec46d38b12a112b303cea981671d7cb3db9c36b8bebd92a3fe584393ea769b7d630e1e7f1650493a73d767375901e5e381d13560ddcbf9c5306d7d522e2cc5bd01b3ff0790961f40d0b72a8d3ffaaf988dbcf591dbd32771d04f6718111cf30433e2ea0c747d4c752a7624b7a644cafa4231081875fefb18cbde34ca962ee830268c7ef71e7fd6934e213097f3b21197cf67c56aafa6ad3d613252a7d7580d9480a9d6e11f49f66cb15fa668ca7e37f04dc997a935a83b3fa2dfd887ee92731c17a11e440059592a06c71638953e56468632e701861d5fdba31861e0d753345d38d58ee30c40a7bddf27aef18e0fef80cc6d05795651631e3942e6c87a5e5c639e9831b3d4cea8fbb2fa711e2bc43d70ac345fea628cd035ba81177c48f328a96d0c4121c39b0a7a3e20a4edef632df57f5d86b50d09f435897932ac6401aa8db6dd0c00db158d811212905a73b3138fd2ca6e485023e04c93b742735574e09927cd9ea764fa8a3277f6e28bf81780657187aa7ce08d25521dbaec21c1a0cd3e29b526d9352dfc7f46ae598a5646bf6e17d0a43fa05beaeb59e4ff402757e8cb5d9b5e6846b69792b865deaa81554177cad655887f5ea375a1a77fb65d7e013b90784dad56908fc33220253b109dad01ef2512e28397a53480be4e85425d6c0813fc7864f2d2ab030f18d217c0848a43e0e262906ad0b0326d2b9dab72c9d5759dfc79ec8e60de2ee08f807396faca8d49dccb0a4d89777422ae3772c7c866cbab649122e8f5753428e1933a764f3cc9aed30790f61295f2eb89de04c89fb6d3816eb8277b3cecf88da9cd9cb09e1d89412a32618d82599de54f7a7ff801bf00d6a65580ea62d6e41b3d38a990d128bc355d855d65f79d898bbb89cd029495e4748f07c0cd29c8992a84f14522a6844e0f5e1503a52ff32cedc30088b71c04c12217d834d5bf9bbaa283723f3bd7ef7587532c3a3c6d2868e2207eefc67459755ab5e2c906cbd4ceebc65f25fb2778436d9990c3ac52a95ba267eabc6af9ced38e6e1c3162592bf355b056413854f53b6fd966280ba00f0c3662bfaa6fcd180aedb7c382d9603d619214946829a9b9233f35a5af95c9a0800db8176e050a16e22f6720cb64a6b47e3b39e7ccb11d0eedfe9265183f47d0184d89c26b8eabad749f3db613d09dd075199a7b6d13b81f824187e80e79df5b253b747247fa0d01bc2273de072f357e0c97566da64335726c343590b80dbb98906532b9819cb97b95c9767e48f86f72dcaa2fa879302f8a1442fb4414cac15f51125d315547cd343a2c1c5ff11932b0053f7e1d743bcaabd78b905f2857b60c2f71e4f7c7b41b70164326fa9134c6a0a05ec5ab770746dacafc0432c3572c1ef288d8e720c5c866a2f99373c5f0a8d2ef09fbf141032968e6a432adbd8c4c4484d855f17d99202052d7ce41addea232c872140c40ffb145e3e0424043e07dd6de0911caf1e62be54a9b8ce3fc3f258dd3a033f4280cb30c06074149a36309da343d89be2a2a1d2622e977f758eaeb4be0311fa182ef18ef8e5701cd21e480cf3da0b745ed36e92dbd7fbb74766f570d3bb5bbe80942c59a4a98ed7e2b90a7aaa0bacfc9356eaa001dd0c65779ad82efc172f96d30d1d8822a68d007745b8e615d6589337119e7020b83fa22bf51b7baedfbdff9e2f3655676655e7eec7373d09654bafd1576faca817de110498b2d9a276caa8d8799dcd8a574c8835f89d1502b5be892ad0c9c2b4e5a04c500ec1fc54976791e0ac7491675010f9718f4e3d5c0b20a83a85d08ea8afd7c66827d2807e6084a942c548996a7a604087d1a070b15e8f104d2b458279f99c30c470fb54bc2a56836c5185f6e52e42c4f8f4ee8802f3a8aef5f21da879b742472acfc8efc30e493cbf67e1f5996fb509f02f8f9f78142f0c911500823dc451a83a78221e26151341f6f97f00d6cf2256a0a400fd71af4cc2aed13", 0x1000}, {&(0x7f00000018c0)="b1b8b9e2d24425e6daa19c7a537d98feb036df97c17e9b3d4b3565fbdb7e4d22671fe4d7122b037bf7e0f64729386a44936b089c9eacddf5616d27f4eff52178ea4465ad22f27f67ecc260414be866ffb70e991d0424bd005a262c2a411471a11cf3117bcffbaefa5a0362c3dd96b16d499e1990c24c71d8a6a8ce65d7fb8442926000b04ba5e9143ed07ebf7309df761a5ca5bd39895879ca00114848c59fd9cea0963d44baa76ada93680b198e2324a4cc8663732da7d39a8d89fc8d7e0167e557f1403821d88a2b", 0xc9}, {&(0x7f00000019c0)="8889c02bcd21e1fff84113d486d61065179e7230643dfd7ea52bc26a954f30c9c395ec041e865e64255800ec731b26069a7c3aa9f9d621a92fcee3784de9f536a1205eb00bfb5c1cecad78637098cbc69879a08175a78ec9820c5ecc5cecb75514ca0da5243541c858e269a4323dce2c3056f5e9ff08e278f3abe892b149766ab9893fb966686ff655cd933937b6f7cfeb4c0637c60e8746a0f4e52ff9c856fd03c43fda7223686c0a305913838e747baae0a234676c5e6a477c396cb7a08ac2cb2e71eaa1104d73241b3b3dcf3be6f4b93d8b5c572ba630ead3b1c5245887ab25206b14a251001f0f94e502526c4174a845", 0xf2}, {&(0x7f0000001ac0)="69cc738238771e4db8985046a3f402767d70e5240de18b94afd529fb7313bea834a45e2800271c1f1a0265eeae4618356dbb1885b040aa5b9a22e521ea3585c72acd6d19701ba654a9e03e6509ce1fd548667092b0fd1d033d48161128bbd2d47da759abe8de5df63b8f4ae5f10f9cd215a986c37a8da1bd26fe085d37a653c0a7ddc3ea3a44bad952ad651c3dc3e80f69122287cbc6dc5fdb378ac36253f172204b423a7bb36ddbd3314a4d834bb66da5a648c43c3130645ec4317c51e6a6fa56fb7a980dac50f479d69db4142435a07008fd1724719ad9df9479b8eca75c2e06be7066a38328ff2f7c31dc203c426af048aa54a8d30ceb5083c9c097c28707b3cdcf1abd8f4006b5301e0b59b2261c41fa8fbff3111dc61b1e704ccae68763762ebc8b0d221f5b136e4832daea2e1a4df2dde88079f21c31634a2a8e8814b8cbaaffd22d1a1b3ec4a63b74450eda514e8e409bc144b633dea66ebd6771b476c6899e916b3a294acf30d1a0d25489f4b67da09abebd643307a0a7e8572173d9cf934fb185e523f0edefc29e493bc5d91e0c021cea26b7d6ff5847e157e7bcbe301341f16a4414c55412d8ab22125eedce3d37efb3de2305a799c9c3ed05c15efb6f295523088e1d1cb3d8fb89f60adc3b1e535d01b2df8ec2a607f4a9fe233d82e8fca9ffb723e450494e03f8a50dc49efc133df9dcbadef6ff687ee3580351f237e99f39d8cdd4414e868dff7234ab6f20d70074d112cf7b31dafead8e19927aac410bf95fc9bd50deea9ebeb58797b1ea52d7c64af15b42072886bd374159c07eddb19a469d4ba4dc886b95a22a65b9eab994b82f6d887f384e8050c237441ec1107913df916fcc2eec11b26ae831e6acadac73f6cfd920f82b44b390fdbe9815a5a0c2dbdc7f366c8f552e6f56e094e719fff23040be12d311acd4cf03f0a68c267338907b61b73ebd51b076bc0524a1a6f1ef8847510d6b240067f5e6dc9528e820ce11d45f95f17fbad289d7d6088133a3e2c4c5b51c251110a2dcb6b2b9ff098da1bb8b313b27c345b7910d8d50a570c76fdb17fe1bdb0db056ea182d10e0378ef066b88d0f414cecc999c5a8f73bfc25d06a3c2b9972cad774a66c8aa6eab8e5acc4c58ca519e5ef22e32e8a9b78c3667d9339a852c996d6451ae38e562150f55bee4a21d773e449c300a231a16bd28585a731eece6d9c1f2d1daade3388057623f93622b89e44a83377df783ead81038a30a6ad8e3c7ab7f839ce5f5fa237bacf9252e247692b052ee2ab4ab076fd261ab5f70ee281961dde4328228b94ba461a0d6e04644e4757bbae21527ee727e7b8eec4590725fb25c264ed828ec332112c18d31681de0bf655f0e99c5936c2a7de3245dbff3cdad6dc4663a76a5733b88806b4b3a4dec35b4c67b6d5bebc1bf3b458928a8983091b2c73503ea09196db0b83a16c11f3862fc2b5d7e66a48d0eb6c136c5f27d9043af28af8c11820901f2e5f8759df716e54ce7f82a8a9fa47ba988b538732ac0d8eee4621b1729721c31da07889f2a0cc8e7c53df828b695e49d215cd412140f1c8a1c65194688b0a0c5d527c723c55fb9c9161c81aff0b88794736c8b254939df1364d095a257fb97b6353eef68b78db386c7fd17f4ab27afd05c0ed94ea70efe93c703b6cc98d27986cb8009bea6bec2cbf09a8e10d442973768795ed3db3ce981af2f23f148e613ac7495d9188f437ad8fab96d42e3b70a508fbf1f30fac23bf8752ae82b1fed78582bbb27b478e9209463327f88f835725e8c9c4c687b68a972a4f575d61e43054842fb949c847d4b992e87875df4783856353d5aed736f4ed24a9916d0f53689efc41720151a693d7c4c96100434bc473e3f414a37ef082103185323ca7b288e87623bd8eaff6f1c520fcd37156e35f909f349f9365ff5023789481ef62c2f84fb08aa3dd826d2cbb62676f48d065b0db769a7e15e5062d7042feec6f04b8f0343e0cc36ecb3983c0d565d7a4d2e9e5370f9dfc41c0224e2053500d27a19ba7d5ec4fe2c508cfbab2e9dfa1ddd79b13ac3f9da6cf09878b1a496ae8db6a12ba4d6cacaa4d8c825b020ff96b30ed9692ec6b6df6ebcd03ab2fe75d0af67766f53f385add395c3ab252a1329d5ff8af25f13a7ac994fcdeac704c6f55b28c4ac9713256ce2814ce0d46464ba2d54488cce8424989c16fc46c971e7f6a06381258af9e3769568de32d4ade0d46eba3d1fa47d1411c723e2b7d6f1d2771cb5876034d7998a7b981414cce78e75af1f9c3a63c4108ae4612b8111d39713a7403edbe6b1440a0b186eb2e13d8507bec3732ae65621ceacab687a81e455a2887696084de3afef45d86535afbf0c5a7956a4c7288c09294f51bd9c87106f6164a3cf3ac03d88727efe18db1cb7432d29990ffe579ebba910305f9975c793b730a68e2a871ffbb10e22404231d7b1284e7e6f28c0283355efee12973924f195391b0a711f63f5a648263a83c18afb8dd54a8f164faff26efc8a94c24efc2dd9e66ed204891a93b15b400e90b6b79f55162f6b6bd40f8c8440cdbe3662739388bb664a5c39331a0da12b5a672fc43b4539942a8b861ab8f2a7803b1a3b49c8c8ff8ea7a577d0383bd6401d034c3a3441f004faf9bec163d5f2f6f0cd9761ecf44bbd629172a6cfb52768de772a305b2e619bb877322beeaee78e77bd852bc6abd8a3fa0d1aaa6d51d3b71495f6ce8a75b6bd22ed368d34ea1724e08648b8022024f47f234e9ac7d2143ec0c9fe86dda676d2d9b844b38781a8cee32b12a5ff521345c894e95048e97147132b5f9c3e884436f19be1e0c7dd0f6e95174661b678288a0d727cb0f46a42a3764e948f827be257a96df20933c9b25a5b2c98f68bddf7ef04fc7504ae2ecf79764fe0ece64ba760200cd872f500b1e3b8b0354d561d1bb75b1032aeca315d18e37e67621a469794cf6912f01288ca81561d659594daacaff37e7f0bc88c987b3b50345e73aec88a70f6c92f7cc17ba43ad408133f8f7ac4b1820ce43e56674fd7d531fc2c0a58944a2125a74f5bdc13bfa7f902370b91f2b1437115927417c5b14c5b6600255615c3ae8a2ecc3475c67eeb97c935a72b3e2d67b4d007b0723b49ad7dc73da13fb12ed2e76f15ac433fcfd2ad85aa84e6b5aec06988cd929a1771d458a7adbe159670aeeb1b1ee594d9b1951fb54ec6feea4f4f8f81d00db574a434d652cc2fdecd41360e85da33cbf03ffd5f03f0e71fa192799b7a7ba2b7db3577d3dc13b56707ed5c9b30adbe5f2f12ec07849426f2259aa72cd4340322f235fa87f675949b7ad02b387604ba1f7fb02ca358f743519205dedd18966abef515279851137a252bc6332e717ab5073d3d8a5c62285a1d9a9f0a116ce0d8018a44e19ba76845aed630858199688f1425764a58c584e76092e083643fa4e087268adf6c244760afbc7e375e2a184a0442dffc86243f0fb3fdcb4b7eb25aa28492c9cb15cc1b35bc1637ec2928a60aa77308e11f5acb796e9252a189b7143d1521b6fa1308a40c10af2cd0ec4837a51101d507002f4386620fa38b49486cf29ca97fa863aa2af57421c785ccb47be732a60aecfcd872e1244de09fc0d657ee728cba2e843cba67c9f959d73d12fc1461aaf6481dd33e370b2f9cd6acd42a1f05724a6288361ce85df3b17c97e4a14361b8198c6c4e7e9e2e98fd5cdc2ce0475d95be54ac25c4d9ab0af007d800e258b51a21ae1e243f1b592a284b47dc903a3e8d7d2e6732bdcfca3da7777d166d92bbca3a7a3ef1b473fd09f663345bdac5980793ddac631c1c7c200c037386c86f71ed43e065010ee410933afd4316a6a0b54fa3144b09c3079a24f4846aeb73c646cf66d1de455b960a6da834c0677f0d4a7f583add4b55140da8c37858c912f050c4c9a00c4a0445fed1e29df68ecc4f7ad25e207d1054a9ac25ae2daa158ce2b91b85177199414633a1897c55d464fe227c5378b42a89b2924320d80ee6729b2e426f67b43eb1912d68b9b36ffab5963be37f5eefcb8143dd7bce77e1cbc9bef8b7076a17d6fd1bc2ad43410e67f266b805fcefdf287e4d5b7fcf0bd2b660bc379d931d589d1cd48b3d748b7253b39a23ea81f58a31d996133686b37be59aff59417974a30b59aff554e4d44bb1198084f1c4c270a4964ffecd253ee93915fa355824473693b67dae820ed92c19e187648704dc41887b241fd6d6696ebddbbdede2c9ff766353e0a2293f05e14bb385409ba10279368b0a7c3ae339de38e69322c0b9a1005222b5b6fe2c37b7fdb99a16db9435c443aaa3f27d1930b80ec8c0825acee454bc1008a767712cdff4b8018582d6aae39cdefd6c6b8db2a4fbdf0c613b6d62c37fa3f844f4f4aa8f232397ccd53c7260683ad2404a49a60b97afc6a800ea8f8e3341e353710717c05ece6668686f6b0442cc713d8a230ff57a5f251cc2f2f9c84209929b4c1f8fd22aa4d348f1cc274a0304d6ddd504a1ae7e6825351a329fd8c878d4c5a00d339796049061a3b3f1babfe3b7a3a6d18cc8fcf48b48ae7e2100ef32b4e8fc29f15bd970738fe3acc07cfb7d5178ae89d6da0e62a6a1863522f080a3d45e38221e360ef80a3b5b01313234232e1e4990ac1c5ede7f5f8b05dff43dba8804629e1795a8fe8e9ac69e56141c7eaee5b301afbe806d2b776acc0936c337cb473d6a6c576ebf8e00356f19ee27b3aa3d9bebdc1853cb0ec0fc64a4f03f22d95b14a04e1a2409198bb9763aae2893b1a1186d4d739213745c868538bc74ae39a422e83024c7d71aa8f631679fe2dcee19019eb13d4d417771fd8fe1044598f012b70678e45a6881a1604ba7245204abe5bc141e7654c5c325a8598055fba4324f879874ac54149408b479125b5a1c56409427feff51550d57790ddbc8a7cba654e6e7dff4bb53bc91358e5d598f2c9e34a7f7fcb7cc85a8112300f56d99dff89efd3a0c2a9da88691238bbf64da16b70ad4fb9e03c0fe415bb4dfb43c8be41883031ddc6d35df6371144d86848a8da95529918740aba333d6bf1dd4f9ca8a1d20e49c2db9a017c1b28c371d81b1f747a21d96d92a332cad60da34e57d420855d36c91dd17dbe91b9a71feddeb8b399f044e5e7e8700b73bda356a769cc0de5aafcd40254b3d2c3a5ff0cc598c6728a0a6cd63a04efd98696577da8613bfeb84558a3e7eb5e54ec70a4898638de332f55ba069ab64c366c9bd0ec31f26c84a59a0ea66a33199ec82a8621ab9e880ddf48c992da40c4c2abca4f343f755ad4d6fc757bbe84dbdb7cd75b6d4021e9528f93077f6ed4a53e0708f843f46af5311b7da4437da275cafce99dd4a4b087270addd93aed88a92b2dda0c3c35477edaeec671808832418516fe50fb68a64204387cf549fd6d951b12801ef455e65b74f66957f2afd50c11f2327838f8ac0772bf2cbbacb763c1c46b957e7af379e3586558fc43bccd8124d67f8720b6719a06026af7418be2bf64b38a6a051f31b96034e01a265e427859f51f2789b7e830b7fc40db17cfea5a868a3951bf9f32cc4226fde1129cb1f0e7ba89ed481b8add76a2910416646c280f41fc36efd9892b0bc9e19fbfe83cf7dece28323497137ca79eb620e37ea35450e49193daad73e96ca721764d9527bd356c3b2d66ae3da329b66716608e9259f3539baf5a7e847a7954bb036f0eb37a2d591d0cb3b5398a40f0773fe52ae2eed2fc576e36d9046bca4b03576184b3c9f36bb9229e62ebe8433ff709f0707e48915a8d8e2eb8f323fd6987eb", 0x1000}, {&(0x7f0000002ac0)="23d1e426d904c9edd8255740e9d6bd2b9e66920462878fd14a06fbafff5c6f603d4a2d7ece3970401a4ec912a7b523f9dd653991cc82647f2fdc8e339cd5075e40b69bc4ce426d67d9", 0x49}, {&(0x7f0000002b40)="79329b69fcac97611004d95491d2890b8a9df269ebd7a1b2fcc298bb5141bc48d64ea43fe3babdc72c3ba0efab63d3d95b21e8e12ab9c9e81b24cd913dc5fb0ec687a758486a9c727fda9e642161529b8a2337317617f5e39d587273e5737614f7b052840044ccc4b8d5c7e93c5b6e0f0afe4cede74663f72535935cb8aacf0ec29d255aeae7c9", 0x87}, {&(0x7f0000000400)="a621be2fdafe1da9194381b7fd83791ad462114a12149532a1487675bdbbee6214bdbfbf40b473c7754c5ac468b6facf4fa146b39071065946ee882ad9", 0x3d}], 0x7, &(0x7f0000002c80)=[{0x60, 0x10e, 0x1, "30d9073817f855e4d5e9ede4198b6b253aba0381ef1b09153b932fe8657ef3648a8c3529a7836859847c9a429d795337bab82429c9dbcffd4d7a2908a77aefde0f9909b1e0c651fe45b74101b42e57"}, {0x30, 0x108, 0x6, "2563b93a45e8e2ad3af6adcdcb1be604a846de4433ed3a5587f272a5"}, {0xd8, 0x0, 0x2d82, "ce1b1da22db25a0d92b7015047a23d8a3fb60c7057269461426bbbcdb90cd460a55fdfed72256f6a74fc284299e7febfbe68828b6eceabda1d38b810fc5ea15022c95ce5fbe19b4d6d946548905d268ebeceb96c89622b595f7ee3b0ea219ca0b7e675275615015acf3fad6018117954c91a9a6f93e0150dc11be147e6901f08f8ff106be2e1ae496705f2f2be67b20ba4e244583c366da1ad0cf72547d91def6a325a011e2b04ae30f6d980f3b844284ca4ecef45f6c5e3656f5d7910be811201ee33"}, {0x40, 0x113, 0x10000, "dbfce7c200fda126a13eff5cd53a599d3156caddc9406eaf8cf98b9d4b07c74d61dd1785e069a02245"}, {0x30, 0x104, 0x9, "e8f91f49d08ec7cb499f9ac8d58b54a1a5282ccba4c4f96a58b34d"}, {0x98, 0x115, 0x80000001, "faf5adc40b0833b948940d50952ec5105dbeb590fd83649152f675042387d42b8fd6fd0672841cf7701e19ccc4858a49e6e8d09a733145cd643ab4af5aa34aa769c0e985dc125584325461ee4115a3a5854ea4d60d73e9a93131066ff8a9e50b51233641c628d90e888cfaf1ca1e02756bd93c141ceff559ee6ed8b51722cab213a9ed"}], 0x270}, 0x4) [ 1426.884521][T26466] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1426.884521][T26466] !' [ 1426.960541][T26466] CPU: 1 PID: 26466 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1426.969064][T26466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1426.979121][T26466] Call Trace: [ 1426.982403][T26466] dump_stack_lvl+0xcd/0x134 [ 1426.987013][T26466] sysfs_warn_dup.cold+0x1c/0x29 [ 1426.991982][T26466] sysfs_do_create_link_sd+0x11e/0x140 [ 1426.997459][T26466] sysfs_create_link+0x5f/0xc0 [ 1427.002234][T26466] device_add+0x789/0x2100 [ 1427.006661][T26466] ? mutex_lock_io_nested+0xf00/0xf00 [ 1427.012042][T26466] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1427.017595][T26466] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1427.023836][T26466] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1427.030084][T26466] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.036332][T26466] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1427.042331][T26466] wiphy_register+0x1e8a/0x29b0 [ 1427.047201][T26466] ? wiphy_unregister+0xbd0/0xbd0 [ 1427.052229][T26466] ? minstrel_ht_alloc+0x531/0xa00 [ 1427.057360][T26466] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1427.063452][T26466] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1427.068935][T26466] ? ieee80211_restart_hw+0x290/0x290 [ 1427.074318][T26466] ? debug_object_destroy+0x210/0x210 [ 1427.079705][T26466] ? memset+0x20/0x40 [ 1427.083698][T26466] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.089945][T26466] ? __hrtimer_init+0x136/0x280 [ 1427.094808][T26466] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1427.100558][T26466] ? hwsim_virtio_rx_work+0x350/0x350 21:29:21 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1427.105941][T26466] ? __kmalloc_track_caller+0x1a0/0x320 [ 1427.111495][T26466] ? memcpy+0x39/0x60 [ 1427.115488][T26466] hwsim_new_radio_nl+0x9bc/0x1080 [ 1427.120614][T26466] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1427.126532][T26466] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.132780][T26466] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1427.140162][T26466] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1427.147467][T26466] genl_family_rcv_msg_doit+0x228/0x320 [ 1427.153026][T26466] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1427.160410][T26466] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.166675][T26466] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.172920][T26466] ? ns_capable+0xde/0x100 [ 1427.177339][T26466] genl_rcv_msg+0x328/0x580 [ 1427.181858][T26466] ? genl_get_cmd+0x480/0x480 [ 1427.186547][T26466] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1427.192464][T26466] ? lock_release+0x720/0x720 [ 1427.197155][T26466] netlink_rcv_skb+0x153/0x420 [ 1427.201930][T26466] ? genl_get_cmd+0x480/0x480 [ 1427.206618][T26466] ? netlink_ack+0xa60/0xa60 [ 1427.211253][T26466] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.217508][T26466] genl_rcv+0x24/0x40 [ 1427.221495][T26466] netlink_unicast+0x533/0x7d0 [ 1427.226278][T26466] ? netlink_attachskb+0x890/0x890 [ 1427.231397][T26466] ? __virt_addr_valid+0x5d/0x2d0 [ 1427.236441][T26466] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1427.242687][T26466] ? __phys_addr_symbol+0x2c/0x70 [ 1427.247713][T26466] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1427.253443][T26466] ? __check_object_size+0x16e/0x3f0 [ 1427.258735][T26466] netlink_sendmsg+0x85b/0xda0 [ 1427.263518][T26466] ? netlink_unicast+0x7d0/0x7d0 [ 1427.268473][T26466] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.274723][T26466] ? netlink_unicast+0x7d0/0x7d0 [ 1427.279669][T26466] sock_sendmsg+0xcf/0x120 [ 1427.284122][T26466] ____sys_sendmsg+0x6e8/0x810 [ 1427.288897][T26466] ? kernel_sendmsg+0x50/0x50 [ 1427.293577][T26466] ? do_recvmmsg+0x6d0/0x6d0 [ 1427.298177][T26466] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1427.304164][T26466] ? __fget_light+0x89/0x280 [ 1427.308769][T26466] ___sys_sendmsg+0xf3/0x170 [ 1427.313367][T26466] ? sendmsg_copy_msghdr+0x160/0x160 [ 1427.318666][T26466] ? __fget_files+0x266/0x3d0 [ 1427.323349][T26466] ? lock_downgrade+0x6e0/0x6e0 [ 1427.328218][T26466] ? __fget_files+0x288/0x3d0 [ 1427.332934][T26466] ? __fget_light+0xea/0x280 [ 1427.337532][T26466] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1427.343784][T26466] __sys_sendmsg+0xe5/0x1b0 [ 1427.348296][T26466] ? __sys_sendmsg_sock+0x30/0x30 [ 1427.353340][T26466] ? syscall_enter_from_user_mode+0x21/0x70 [ 1427.359243][T26466] do_syscall_64+0x35/0xb0 [ 1427.363838][T26466] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1427.370776][T26466] RIP: 0033:0x4665d9 [ 1427.374994][T26466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1427.395778][T26466] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1427.404177][T26466] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1427.412146][T26466] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1427.420364][T26466] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1427.428416][T26466] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1427.436373][T26466] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:29:21 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x0, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1427.480698][T26489] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1427.488321][T26497] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1427.517508][T26497] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1427.570083][T26486] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1427.619432][T26489] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1427.637305][T26506] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1427.669096][T26497] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1427.669096][T26497] !' [ 1427.695778][T26497] CPU: 1 PID: 26497 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1427.704298][T26497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1427.714353][T26497] Call Trace: [ 1427.717631][T26497] dump_stack_lvl+0xcd/0x134 [ 1427.722238][T26497] sysfs_warn_dup.cold+0x1c/0x29 [ 1427.727183][T26497] sysfs_do_create_link_sd+0x11e/0x140 [ 1427.732651][T26497] sysfs_create_link+0x5f/0xc0 [ 1427.737409][T26497] device_add+0x789/0x2100 [ 1427.741834][T26497] ? mutex_lock_io_nested+0xf00/0xf00 [ 1427.747206][T26497] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1427.752764][T26497] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1427.759011][T26497] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1427.765256][T26497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.771503][T26497] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1427.777498][T26497] wiphy_register+0x1e8a/0x29b0 [ 1427.782361][T26497] ? wiphy_unregister+0xbd0/0xbd0 [ 1427.787388][T26497] ? minstrel_ht_alloc+0x531/0xa00 [ 1427.792524][T26497] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1427.798603][T26497] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1427.804083][T26497] ? ieee80211_restart_hw+0x290/0x290 [ 1427.809465][T26497] ? debug_object_destroy+0x210/0x210 [ 1427.814853][T26497] ? memset+0x20/0x40 21:29:21 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03500000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:21 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01590000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1427.818840][T26497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.825086][T26497] ? __hrtimer_init+0x136/0x280 [ 1427.829949][T26497] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1427.835695][T26497] ? hwsim_virtio_rx_work+0x350/0x350 [ 1427.841075][T26497] ? __kmalloc_track_caller+0x1a0/0x320 [ 1427.846628][T26497] ? memcpy+0x39/0x60 [ 1427.850621][T26497] hwsim_new_radio_nl+0x9bc/0x1080 [ 1427.855739][T26497] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1427.861650][T26497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.867896][T26497] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1427.875275][T26497] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1427.882550][T26497] genl_family_rcv_msg_doit+0x228/0x320 [ 1427.888088][T26497] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1427.895454][T26497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.901701][T26497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1427.907927][T26497] ? ns_capable+0xde/0x100 [ 1427.912557][T26497] genl_rcv_msg+0x328/0x580 [ 1427.917054][T26497] ? genl_get_cmd+0x480/0x480 [ 1427.921721][T26497] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1427.927605][T26497] ? lock_release+0x720/0x720 [ 1427.932271][T26497] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1427.937561][T26497] netlink_rcv_skb+0x153/0x420 [ 1427.942320][T26497] ? genl_get_cmd+0x480/0x480 [ 1427.947019][T26497] ? netlink_ack+0xa60/0xa60 [ 1427.951612][T26497] genl_rcv+0x24/0x40 [ 1427.955582][T26497] netlink_unicast+0x533/0x7d0 [ 1427.960342][T26497] ? netlink_attachskb+0x890/0x890 [ 1427.965455][T26497] ? __virt_addr_valid+0x5d/0x2d0 [ 1427.970484][T26497] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1427.976712][T26497] ? __phys_addr_symbol+0x2c/0x70 [ 1427.981735][T26497] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1427.987670][T26497] ? __check_object_size+0x16e/0x3f0 [ 1427.992959][T26497] netlink_sendmsg+0x85b/0xda0 [ 1427.997713][T26497] ? netlink_unicast+0x7d0/0x7d0 [ 1428.002644][T26497] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1428.008876][T26497] ? netlink_unicast+0x7d0/0x7d0 [ 1428.013822][T26497] sock_sendmsg+0xcf/0x120 [ 1428.018248][T26497] ____sys_sendmsg+0x6e8/0x810 [ 1428.023015][T26497] ? kernel_sendmsg+0x50/0x50 [ 1428.027692][T26497] ? do_recvmmsg+0x6d0/0x6d0 [ 1428.032272][T26497] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1428.038250][T26497] ___sys_sendmsg+0xf3/0x170 [ 1428.042860][T26497] ? sendmsg_copy_msghdr+0x160/0x160 [ 1428.048135][T26497] ? __fget_files+0x266/0x3d0 [ 1428.052803][T26497] ? lock_downgrade+0x6e0/0x6e0 [ 1428.057648][T26497] ? __fget_files+0x288/0x3d0 [ 1428.062315][T26497] ? __fget_light+0xea/0x280 [ 1428.066891][T26497] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1428.073124][T26497] __sys_sendmsg+0xe5/0x1b0 [ 1428.077627][T26497] ? __sys_sendmsg_sock+0x30/0x30 [ 1428.082657][T26497] ? syscall_enter_from_user_mode+0x21/0x70 [ 1428.088551][T26497] do_syscall_64+0x35/0xb0 [ 1428.092960][T26497] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1428.098847][T26497] RIP: 0033:0x4665d9 [ 1428.102727][T26497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1428.122323][T26497] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1428.130726][T26497] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1428.138686][T26497] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1428.146642][T26497] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1428.154604][T26497] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1428.162567][T26497] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:29:22 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1428.239626][T26527] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1428.262122][T26507] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1428.270475][T26507] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1428.359952][T26507] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1428.359952][T26507] !' [ 1428.394446][T26507] CPU: 1 PID: 26507 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1428.403157][T26507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1428.413207][T26507] Call Trace: [ 1428.416485][T26507] dump_stack_lvl+0xcd/0x134 [ 1428.421087][T26507] sysfs_warn_dup.cold+0x1c/0x29 [ 1428.426033][T26507] sysfs_do_create_link_sd+0x11e/0x140 [ 1428.431502][T26507] sysfs_create_link+0x5f/0xc0 [ 1428.436262][T26507] device_add+0x789/0x2100 [ 1428.440673][T26507] ? mutex_lock_io_nested+0xf00/0xf00 [ 1428.446046][T26507] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1428.451593][T26507] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1428.457838][T26507] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1428.464082][T26507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1428.470327][T26507] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1428.476322][T26507] wiphy_register+0x1e8a/0x29b0 [ 1428.481188][T26507] ? wiphy_unregister+0xbd0/0xbd0 [ 1428.486308][T26507] ? minstrel_ht_alloc+0x531/0xa00 [ 1428.491440][T26507] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1428.497522][T26507] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1428.503006][T26507] ? ieee80211_restart_hw+0x290/0x290 [ 1428.508390][T26507] ? debug_object_destroy+0x210/0x210 [ 1428.513787][T26507] ? memset+0x20/0x40 [ 1428.517779][T26507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1428.524034][T26507] ? __hrtimer_init+0x136/0x280 [ 1428.528895][T26507] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1428.534614][T26507] ? hwsim_virtio_rx_work+0x350/0x350 [ 1428.539974][T26507] ? __kmalloc_track_caller+0x1a0/0x320 [ 1428.545506][T26507] ? memcpy+0x39/0x60 [ 1428.549481][T26507] hwsim_new_radio_nl+0x9bc/0x1080 [ 1428.554599][T26507] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1428.560485][T26507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1428.566711][T26507] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1428.574071][T26507] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1428.581355][T26507] genl_family_rcv_msg_doit+0x228/0x320 [ 1428.586912][T26507] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1428.594287][T26507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1428.600521][T26507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1428.606759][T26507] ? ns_capable+0xde/0x100 [ 1428.611163][T26507] genl_rcv_msg+0x328/0x580 [ 1428.615655][T26507] ? genl_get_cmd+0x480/0x480 [ 1428.620333][T26507] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1428.626218][T26507] ? lock_release+0x720/0x720 [ 1428.630883][T26507] netlink_rcv_skb+0x153/0x420 [ 1428.635634][T26507] ? genl_get_cmd+0x480/0x480 [ 1428.640299][T26507] ? netlink_ack+0xa60/0xa60 [ 1428.644881][T26507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1428.651111][T26507] genl_rcv+0x24/0x40 [ 1428.655080][T26507] netlink_unicast+0x533/0x7d0 [ 1428.659843][T26507] ? netlink_attachskb+0x890/0x890 [ 1428.664940][T26507] ? __virt_addr_valid+0x5d/0x2d0 [ 1428.669951][T26507] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1428.676177][T26507] ? __phys_addr_symbol+0x2c/0x70 [ 1428.681186][T26507] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1428.686904][T26507] ? __check_object_size+0x16e/0x3f0 [ 1428.692178][T26507] netlink_sendmsg+0x85b/0xda0 [ 1428.696933][T26507] ? netlink_unicast+0x7d0/0x7d0 [ 1428.701862][T26507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1428.708089][T26507] ? netlink_unicast+0x7d0/0x7d0 [ 1428.713015][T26507] sock_sendmsg+0xcf/0x120 [ 1428.717416][T26507] ____sys_sendmsg+0x6e8/0x810 [ 1428.722170][T26507] ? kernel_sendmsg+0x50/0x50 [ 1428.726828][T26507] ? do_recvmmsg+0x6d0/0x6d0 [ 1428.731407][T26507] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1428.737385][T26507] ___sys_sendmsg+0xf3/0x170 [ 1428.741967][T26507] ? sendmsg_copy_msghdr+0x160/0x160 [ 1428.747239][T26507] ? __fget_files+0x266/0x3d0 [ 1428.752076][T26507] ? lock_downgrade+0x6e0/0x6e0 [ 1428.756919][T26507] ? __fget_files+0x288/0x3d0 [ 1428.761602][T26507] ? __fget_light+0xea/0x280 [ 1428.766175][T26507] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1428.772421][T26507] __sys_sendmsg+0xe5/0x1b0 [ 1428.776912][T26507] ? __sys_sendmsg_sock+0x30/0x30 [ 1428.781929][T26507] ? syscall_enter_from_user_mode+0x21/0x70 [ 1428.787813][T26507] do_syscall_64+0x35/0xb0 [ 1428.792214][T26507] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1428.798114][T26507] RIP: 0033:0x4665d9 [ 1428.801991][T26507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1428.821599][T26507] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1428.830171][T26507] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1428.838502][T26507] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1428.846630][T26507] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1428.854801][T26507] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1428.862957][T26507] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 21:29:23 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c630f0d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1428.930688][T26500] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1428.940172][T26500] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1428.940172][T26500] !' [ 1429.008194][T26500] CPU: 0 PID: 26500 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1429.016642][T26500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1429.026693][T26500] Call Trace: [ 1429.029969][T26500] dump_stack_lvl+0xcd/0x134 [ 1429.034570][T26500] sysfs_warn_dup.cold+0x1c/0x29 [ 1429.039514][T26500] sysfs_do_create_link_sd+0x11e/0x140 [ 1429.044985][T26500] sysfs_create_link+0x5f/0xc0 [ 1429.049755][T26500] device_add+0x789/0x2100 [ 1429.054180][T26500] ? mutex_lock_io_nested+0xf00/0xf00 [ 1429.059551][T26500] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1429.065095][T26500] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1429.071330][T26500] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1429.077571][T26500] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1429.083954][T26500] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1429.089943][T26500] wiphy_register+0x1e8a/0x29b0 [ 1429.094794][T26500] ? wiphy_unregister+0xbd0/0xbd0 [ 1429.099826][T26500] ? minstrel_ht_alloc+0x531/0xa00 [ 1429.104946][T26500] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1429.111016][T26500] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1429.116484][T26500] ? ieee80211_restart_hw+0x290/0x290 [ 1429.121852][T26500] ? debug_object_destroy+0x210/0x210 [ 1429.127225][T26500] ? memset+0x20/0x40 [ 1429.131199][T26500] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1429.137430][T26500] ? __hrtimer_init+0x136/0x280 [ 1429.142297][T26500] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1429.148031][T26500] ? hwsim_virtio_rx_work+0x350/0x350 [ 1429.153395][T26500] ? __kmalloc_track_caller+0x1a0/0x320 [ 1429.158934][T26500] ? memcpy+0x39/0x60 [ 1429.162917][T26500] hwsim_new_radio_nl+0x9bc/0x1080 [ 1429.168033][T26500] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1429.173940][T26500] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1429.180173][T26500] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1429.187539][T26500] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1429.194827][T26500] genl_family_rcv_msg_doit+0x228/0x320 [ 1429.200386][T26500] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1429.207754][T26500] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1429.213998][T26500] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1429.220230][T26500] ? ns_capable+0xde/0x100 [ 1429.224644][T26500] genl_rcv_msg+0x328/0x580 [ 1429.229146][T26500] ? genl_get_cmd+0x480/0x480 [ 1429.233833][T26500] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1429.239727][T26500] ? lock_release+0x720/0x720 [ 1429.244395][T26500] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1429.249679][T26500] netlink_rcv_skb+0x153/0x420 [ 1429.254437][T26500] ? genl_get_cmd+0x480/0x480 [ 1429.259112][T26500] ? netlink_ack+0xa60/0xa60 [ 1429.263713][T26500] genl_rcv+0x24/0x40 [ 1429.267686][T26500] netlink_unicast+0x533/0x7d0 [ 1429.272447][T26500] ? netlink_attachskb+0x890/0x890 [ 1429.277551][T26500] ? __virt_addr_valid+0x5d/0x2d0 [ 1429.282567][T26500] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1429.288797][T26500] ? __phys_addr_symbol+0x2c/0x70 [ 1429.293810][T26500] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1429.299516][T26500] ? __check_object_size+0x16e/0x3f0 [ 1429.304796][T26500] netlink_sendmsg+0x85b/0xda0 [ 1429.309558][T26500] ? netlink_unicast+0x7d0/0x7d0 [ 1429.314497][T26500] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1429.320854][T26500] ? netlink_unicast+0x7d0/0x7d0 [ 1429.325786][T26500] sock_sendmsg+0xcf/0x120 [ 1429.330196][T26500] ____sys_sendmsg+0x6e8/0x810 [ 1429.334971][T26500] ? kernel_sendmsg+0x50/0x50 [ 1429.339635][T26500] ? do_recvmmsg+0x6d0/0x6d0 [ 1429.344220][T26500] ? lock_chain_count+0x20/0x20 [ 1429.349062][T26500] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1429.355038][T26500] ___sys_sendmsg+0xf3/0x170 [ 1429.359618][T26500] ? sendmsg_copy_msghdr+0x160/0x160 [ 1429.364897][T26500] ? __fget_files+0x266/0x3d0 [ 1429.369566][T26500] ? lock_downgrade+0x6e0/0x6e0 [ 1429.374420][T26500] ? __fget_files+0x288/0x3d0 [ 1429.379097][T26500] ? __fget_light+0xea/0x280 [ 1429.383679][T26500] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1429.389916][T26500] __sys_sendmsg+0xe5/0x1b0 [ 1429.394418][T26500] ? __sys_sendmsg_sock+0x30/0x30 [ 1429.399449][T26500] ? syscall_enter_from_user_mode+0x21/0x70 [ 1429.405344][T26500] do_syscall_64+0x35/0xb0 [ 1429.409750][T26500] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1429.415636][T26500] RIP: 0033:0x4665d9 [ 1429.419516][T26500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1429.439113][T26500] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1429.447516][T26500] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 21:29:23 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02590000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:23 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x0, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00510000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1429.455477][T26500] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1429.463438][T26500] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1429.471396][T26500] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1429.479352][T26500] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 21:29:24 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137de2d0700f5912f944c9c6e153e370848018000f01700d1bd", 0x39}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) recvmsg$kcm(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000100)=""/106, 0x6a}, {&(0x7f0000000040)=""/13, 0xd}, {&(0x7f0000000180)=""/143, 0x8f}, {&(0x7f0000000240)=""/167, 0xa7}], 0x4}, 0x40) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 21:29:24 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1430.208430][T26587] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:24 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01510000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1430.303450][T26587] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1430.303450][T26587] !' [ 1430.399618][T26587] CPU: 1 PID: 26587 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1430.408266][T26587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1430.418321][T26587] Call Trace: [ 1430.421597][T26587] dump_stack_lvl+0xcd/0x134 [ 1430.426203][T26587] sysfs_warn_dup.cold+0x1c/0x29 [ 1430.431150][T26587] sysfs_do_create_link_sd+0x11e/0x140 [ 1430.436644][T26587] sysfs_create_link+0x5f/0xc0 [ 1430.441422][T26587] device_add+0x789/0x2100 [ 1430.445844][T26587] ? mutex_lock_io_nested+0xf00/0xf00 [ 1430.451226][T26587] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1430.456782][T26587] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1430.463031][T26587] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1430.469280][T26587] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1430.475524][T26587] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1430.481520][T26587] wiphy_register+0x1e8a/0x29b0 [ 1430.486386][T26587] ? wiphy_unregister+0xbd0/0xbd0 [ 1430.491413][T26587] ? minstrel_ht_alloc+0x531/0xa00 [ 1430.496540][T26587] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1430.502625][T26587] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1430.508115][T26587] ? ieee80211_restart_hw+0x290/0x290 [ 1430.513501][T26587] ? debug_object_destroy+0x210/0x210 [ 1430.518893][T26587] ? memset+0x20/0x40 [ 1430.522892][T26587] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1430.529144][T26587] ? __hrtimer_init+0x136/0x280 [ 1430.534007][T26587] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1430.539757][T26587] ? hwsim_virtio_rx_work+0x350/0x350 [ 1430.545139][T26587] ? __kmalloc_track_caller+0x1a0/0x320 [ 1430.550695][T26587] ? memcpy+0x39/0x60 [ 1430.554695][T26587] hwsim_new_radio_nl+0x9bc/0x1080 [ 1430.559818][T26587] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1430.566580][T26587] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1430.573600][T26587] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1430.581770][T26587] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1430.589253][T26587] genl_family_rcv_msg_doit+0x228/0x320 [ 1430.594790][T26587] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1430.602148][T26587] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1430.608382][T26587] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1430.614608][T26587] ? ns_capable+0xde/0x100 [ 1430.619034][T26587] genl_rcv_msg+0x328/0x580 [ 1430.623530][T26587] ? genl_get_cmd+0x480/0x480 [ 1430.628195][T26587] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1430.634104][T26587] ? lock_release+0x720/0x720 [ 1430.638766][T26587] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1430.644565][T26587] netlink_rcv_skb+0x153/0x420 [ 1430.649318][T26587] ? genl_get_cmd+0x480/0x480 [ 1430.654008][T26587] ? netlink_ack+0xa60/0xa60 [ 1430.658596][T26587] genl_rcv+0x24/0x40 [ 1430.662564][T26587] netlink_unicast+0x533/0x7d0 [ 1430.667338][T26587] ? netlink_attachskb+0x890/0x890 [ 1430.672435][T26587] ? __virt_addr_valid+0x5d/0x2d0 [ 1430.677454][T26587] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1430.683681][T26587] ? __phys_addr_symbol+0x2c/0x70 [ 1430.688691][T26587] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1430.694395][T26587] ? __check_object_size+0x16e/0x3f0 [ 1430.699685][T26587] netlink_sendmsg+0x85b/0xda0 [ 1430.704447][T26587] ? netlink_unicast+0x7d0/0x7d0 [ 1430.709377][T26587] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1430.715605][T26587] ? netlink_unicast+0x7d0/0x7d0 [ 1430.720552][T26587] sock_sendmsg+0xcf/0x120 [ 1430.724962][T26587] ____sys_sendmsg+0x6e8/0x810 [ 1430.729717][T26587] ? kernel_sendmsg+0x50/0x50 [ 1430.734394][T26587] ? do_recvmmsg+0x6d0/0x6d0 [ 1430.738975][T26587] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1430.744952][T26587] ___sys_sendmsg+0xf3/0x170 [ 1430.749549][T26587] ? sendmsg_copy_msghdr+0x160/0x160 [ 1430.754825][T26587] ? __fget_files+0x266/0x3d0 [ 1430.759491][T26587] ? lock_downgrade+0x6e0/0x6e0 [ 1430.764335][T26587] ? __fget_files+0x288/0x3d0 [ 1430.769010][T26587] ? __fget_light+0xea/0x280 [ 1430.773589][T26587] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1430.779817][T26587] __sys_sendmsg+0xe5/0x1b0 [ 1430.784306][T26587] ? __sys_sendmsg_sock+0x30/0x30 [ 1430.789325][T26587] ? syscall_enter_from_user_mode+0x21/0x70 [ 1430.795213][T26587] do_syscall_64+0x35/0xb0 [ 1430.799615][T26587] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1430.805504][T26587] RIP: 0033:0x4665d9 [ 1430.809385][T26587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1430.828979][T26587] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1430.837377][T26587] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 21:29:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03590000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1430.845347][T26587] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1430.853916][T26587] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1430.861876][T26587] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1430.869831][T26587] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1430.946505][T26568] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1430.994336][T26568] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1430.994336][T26568] !' [ 1431.039662][T26568] CPU: 0 PID: 26568 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1431.048298][T26568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1431.058352][T26568] Call Trace: [ 1431.061629][T26568] dump_stack_lvl+0xcd/0x134 [ 1431.066232][T26568] sysfs_warn_dup.cold+0x1c/0x29 [ 1431.071180][T26568] sysfs_do_create_link_sd+0x11e/0x140 [ 1431.076647][T26568] sysfs_create_link+0x5f/0xc0 [ 1431.081421][T26568] device_add+0x789/0x2100 [ 1431.085842][T26568] ? mutex_lock_io_nested+0xf00/0xf00 [ 1431.091222][T26568] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1431.096775][T26568] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1431.103021][T26568] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1431.109268][T26568] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1431.115510][T26568] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1431.121507][T26568] wiphy_register+0x1e8a/0x29b0 [ 1431.126375][T26568] ? wiphy_unregister+0xbd0/0xbd0 [ 1431.131402][T26568] ? minstrel_ht_alloc+0x531/0xa00 [ 1431.136530][T26568] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1431.142688][T26568] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1431.148147][T26568] ? ieee80211_restart_hw+0x290/0x290 [ 1431.153526][T26568] ? debug_object_destroy+0x210/0x210 [ 1431.158891][T26568] ? memset+0x20/0x40 [ 1431.162863][T26568] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1431.169092][T26568] ? __hrtimer_init+0x136/0x280 [ 1431.173933][T26568] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1431.179654][T26568] ? hwsim_virtio_rx_work+0x350/0x350 [ 1431.185014][T26568] ? __kmalloc_track_caller+0x1a0/0x320 [ 1431.190547][T26568] ? memcpy+0x39/0x60 [ 1431.194535][T26568] hwsim_new_radio_nl+0x9bc/0x1080 [ 1431.199643][T26568] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1431.205546][T26568] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1431.211772][T26568] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1431.219151][T26568] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1431.226429][T26568] genl_family_rcv_msg_doit+0x228/0x320 [ 1431.231970][T26568] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1431.239330][T26568] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1431.245561][T26568] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1431.251789][T26568] ? ns_capable+0xde/0x100 [ 1431.256209][T26568] genl_rcv_msg+0x328/0x580 [ 1431.260708][T26568] ? genl_get_cmd+0x480/0x480 [ 1431.265391][T26568] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1431.271283][T26568] ? lock_release+0x720/0x720 [ 1431.275964][T26568] netlink_rcv_skb+0x153/0x420 [ 1431.280720][T26568] ? genl_get_cmd+0x480/0x480 [ 1431.285404][T26568] ? netlink_ack+0xa60/0xa60 [ 1431.289991][T26568] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1431.296219][T26568] genl_rcv+0x24/0x40 [ 1431.300212][T26568] netlink_unicast+0x533/0x7d0 [ 1431.304968][T26568] ? netlink_attachskb+0x890/0x890 [ 1431.310067][T26568] ? __virt_addr_valid+0x5d/0x2d0 [ 1431.315081][T26568] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1431.321311][T26568] ? __phys_addr_symbol+0x2c/0x70 [ 1431.326336][T26568] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1431.332058][T26568] ? __check_object_size+0x16e/0x3f0 [ 1431.337339][T26568] netlink_sendmsg+0x85b/0xda0 [ 1431.342110][T26568] ? netlink_unicast+0x7d0/0x7d0 [ 1431.347057][T26568] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1431.353286][T26568] ? netlink_unicast+0x7d0/0x7d0 [ 1431.358217][T26568] sock_sendmsg+0xcf/0x120 [ 1431.362620][T26568] ____sys_sendmsg+0x6e8/0x810 [ 1431.367374][T26568] ? kernel_sendmsg+0x50/0x50 [ 1431.372033][T26568] ? do_recvmmsg+0x6d0/0x6d0 [ 1431.376615][T26568] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1431.382577][T26568] ? __fget_light+0x89/0x280 [ 1431.387160][T26568] ___sys_sendmsg+0xf3/0x170 [ 1431.391742][T26568] ? sendmsg_copy_msghdr+0x160/0x160 [ 1431.397034][T26568] ? __fget_files+0x266/0x3d0 [ 1431.401700][T26568] ? lock_downgrade+0x6e0/0x6e0 [ 1431.406565][T26568] ? __fget_files+0x288/0x3d0 [ 1431.411254][T26568] ? __fget_light+0xea/0x280 [ 1431.415847][T26568] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1431.422077][T26568] __sys_sendmsg+0xe5/0x1b0 [ 1431.426587][T26568] ? __sys_sendmsg_sock+0x30/0x30 [ 1431.431621][T26568] ? syscall_enter_from_user_mode+0x21/0x70 [ 1431.437525][T26568] do_syscall_64+0x35/0xb0 [ 1431.441928][T26568] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1431.447810][T26568] RIP: 0033:0x4665d9 [ 1431.451691][T26568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1431.471299][T26568] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1431.479718][T26568] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1431.487672][T26568] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1431.495730][T26568] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1431.503684][T26568] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1431.511640][T26568] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:29:25 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02510000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1431.620037][T26600] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:25 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x0, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1431.669077][T26600] __nla_validate_parse: 14 callbacks suppressed [ 1431.669095][T26600] netlink: 146340 bytes leftover after parsing attributes in process `syz-executor.0'. 21:29:25 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63100d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:25 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:25 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d005a0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1431.738328][T26643] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1431.876581][T26600] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1431.876581][T26600] !' [ 1431.927035][T26600] CPU: 1 PID: 26600 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1431.935494][T26600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1431.945547][T26600] Call Trace: [ 1431.948852][T26600] dump_stack_lvl+0xcd/0x134 [ 1431.953453][T26600] sysfs_warn_dup.cold+0x1c/0x29 [ 1431.958402][T26600] sysfs_do_create_link_sd+0x11e/0x140 [ 1431.963872][T26600] sysfs_create_link+0x5f/0xc0 [ 1431.968643][T26600] device_add+0x789/0x2100 [ 1431.973066][T26600] ? mutex_lock_io_nested+0xf00/0xf00 [ 1431.978446][T26600] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1431.984085][T26600] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1431.990329][T26600] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1431.996574][T26600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.002817][T26600] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1432.008813][T26600] wiphy_register+0x1e8a/0x29b0 [ 1432.013682][T26600] ? wiphy_unregister+0xbd0/0xbd0 [ 1432.018708][T26600] ? minstrel_ht_alloc+0x531/0xa00 [ 1432.023833][T26600] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1432.029914][T26600] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1432.035404][T26600] ? ieee80211_restart_hw+0x290/0x290 [ 1432.040786][T26600] ? debug_object_destroy+0x210/0x210 [ 1432.046175][T26600] ? memset+0x20/0x40 [ 1432.050165][T26600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.056410][T26600] ? __hrtimer_init+0x136/0x280 [ 1432.061271][T26600] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1432.067022][T26600] ? hwsim_virtio_rx_work+0x350/0x350 [ 1432.072401][T26600] ? __kmalloc_track_caller+0x1a0/0x320 [ 1432.077958][T26600] ? memcpy+0x39/0x60 [ 1432.081957][T26600] hwsim_new_radio_nl+0x9bc/0x1080 [ 1432.087082][T26600] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1432.092998][T26600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.099245][T26600] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1432.106626][T26600] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1432.113928][T26600] genl_family_rcv_msg_doit+0x228/0x320 [ 1432.119493][T26600] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1432.126875][T26600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.133134][T26600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.139378][T26600] ? ns_capable+0xde/0x100 [ 1432.143802][T26600] genl_rcv_msg+0x328/0x580 [ 1432.148313][T26600] ? genl_get_cmd+0x480/0x480 [ 1432.153001][T26600] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1432.158909][T26600] ? lock_release+0x720/0x720 [ 1432.163593][T26600] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1432.168889][T26600] netlink_rcv_skb+0x153/0x420 [ 1432.173663][T26600] ? genl_get_cmd+0x480/0x480 [ 1432.178351][T26600] ? netlink_ack+0xa60/0xa60 [ 1432.182973][T26600] genl_rcv+0x24/0x40 [ 1432.186967][T26600] netlink_unicast+0x533/0x7d0 [ 1432.191748][T26600] ? netlink_attachskb+0x890/0x890 [ 1432.196869][T26600] ? __virt_addr_valid+0x5d/0x2d0 [ 1432.201897][T26600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1432.208144][T26600] ? __phys_addr_symbol+0x2c/0x70 [ 1432.213156][T26600] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1432.218875][T26600] ? __check_object_size+0x16e/0x3f0 [ 1432.224146][T26600] netlink_sendmsg+0x85b/0xda0 [ 1432.228994][T26600] ? netlink_unicast+0x7d0/0x7d0 [ 1432.234141][T26600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.240667][T26600] ? netlink_unicast+0x7d0/0x7d0 [ 1432.246069][T26600] sock_sendmsg+0xcf/0x120 [ 1432.250475][T26600] ____sys_sendmsg+0x6e8/0x810 [ 1432.255228][T26600] ? kernel_sendmsg+0x50/0x50 [ 1432.259891][T26600] ? do_recvmmsg+0x6d0/0x6d0 [ 1432.264922][T26600] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1432.271102][T26600] ? lockdep_hardirqs_on+0x79/0x100 [ 1432.276522][T26600] ___sys_sendmsg+0xf3/0x170 [ 1432.281114][T26600] ? sendmsg_copy_msghdr+0x160/0x160 [ 1432.286389][T26600] ? __fget_files+0x266/0x3d0 [ 1432.291053][T26600] ? lock_downgrade+0x6e0/0x6e0 [ 1432.295896][T26600] ? __fget_files+0x288/0x3d0 [ 1432.300561][T26600] ? __fget_light+0xea/0x280 [ 1432.305205][T26600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1432.311433][T26600] __sys_sendmsg+0xe5/0x1b0 [ 1432.315923][T26600] ? __sys_sendmsg_sock+0x30/0x30 [ 1432.320967][T26600] ? syscall_enter_from_user_mode+0x21/0x70 [ 1432.326852][T26600] do_syscall_64+0x35/0xb0 [ 1432.331251][T26600] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1432.337196][T26600] RIP: 0033:0x4665d9 [ 1432.341072][T26600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1432.360667][T26600] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1432.369064][T26600] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1432.377020][T26600] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1432.384990][T26600] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1432.392946][T26600] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1432.400921][T26600] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 [ 1432.489275][T26658] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1432.518923][T26654] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1432.530339][T26645] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 21:29:26 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x0, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1432.585844][T26654] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. 21:29:26 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d015a0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:26 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000001680)={&(0x7f00000000c0)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x80, &(0x7f00000013c0)=[{&(0x7f0000000140)="cf9c797b95847e647827aece7b85d9897e00f3c04bf19dffde4f2d3462606b7163a3891b469fbc61a8957135241eaa9ccd1451477dfc77a65970a247033c13bf5a9081ebf0e0436c543be9133bd4def5b0a4cfcc9c912403cd3b81e6bd30b34942f000d1e241e29943226febdaa1f79f9e7c95325bab2cf0945934d3e6dc9023b4d5ba985aee7640aa6676e05b7119cf3983eec7c794b3de77e38cc718503bf122f374e6293c9ce835d348133ab926a4ce287f7e158fb421cf27932f8e8fb8f27b41acdbb78fe1137ad1c6c81c0acb4d31a3bd3074a49791e4fc0f1728083a02c84167158bbb14d76580a53a428246f5f821007f8686b12ddd8fdd1942c1283097eb21b50cc73955c801ea2a551a0b58c45cf5a1ada60fdb01c25c393b987d9b3fdbbf4fb3e0360c48fb221fe95f68499db6279dec96c4e58e8ee7faa96f1d30f3243da5319e7806496984d425a4473a25241a17fbf171594ff14047c5bffc3e04d570e52a7cd06736d2d4a997ff7489a5178033a816585da9fce204246d95138687004de2e7d395a877ce027df1045a369a38c816be9f5ff22de1123d8013e73679bf59cdc160bee2df32a4e7ad0f73899eaab0314b2c122b798b145e97842b905c7787b6256b029bda3a221eaed81c21122611fd0c203ab8814f259a98457167c1815d2ab86b607250fcabb6107fbce18c94029605a0ac7240bf1ef15e10126da9dfc85f834762894fd31d95f03b4b266afa697d884701c1e9db9fe19fea773fa241275a22c4d21be95249b275e35b2b7346ceb9b3cc44bcf08a4717914f1abb81e9484e3ce95f0e811657113f911650fbf0d33e145c826339e5a1370a3017d69f9faf9b7a55e981fec0bbcd9e497a3ff795bcd6c77caeb7640737090270d82c2e33c6d3657801f21b320722ce0a6327d7cf7d4a598d2c064abfd13e91b15eebb78529a8592af49bdb401de71b76c38b06455bebf2c52ef963c5f0d49af65263896f8cf214e56f359b6565b6553722a7268fd233e216005cd0ad20ffafd18df1dcab81ff734dcaa02f62aa96b3677ff4568848f1de96e343ff1714fbf201a1af5673bd3e33edd680bb53f9d81802df3aed28f45713a4168a1d7f61ac4ee2b78dd246b1f95f9cc2d288b1f7aaacec1c1bfdd3b6cbf2b4a8ce2a007b51ed78ac9d9389d289ce8b31c4622accca5e87483bbb0070ce0069c7efeb9b58193a70290171b1fd9a786a25834e643bbb4363f573cc404d55ab5657acde38fc544a3a8956ff47499c0dd4c5a9da84f196714c0d8f54cb205d974b068fda15db7740fffe87657c001cc360d6968a1fe57686cbd68205cf811b19b37ae5db2305dde35a7a99fceb70d8bb59fc01ce0c5def49249b69e3bd18a24b728e6c189f89d34c68bdaaa77471b90678bf782ad22b12030907272aa4c13f9fd33ff782429f2baa9a9ef9b4af560a529c79c276a3ffc10b658b405907a5096a4619500bd0b1915d43933cb275de1ac21640f1c43f9e0f856a03cab4e443bd1999554322ad4b90f01d54dd9c5afd6e375227f8cad6b78bd0a95a3831951fd72a7bfd7184801c2bda70f5f11a8360f41662f317c209314955869793fcda2e86e2792c0e5fed45daa6baa398b5f39b701a7d7140fe27ea7238a666fc9ccd01fc695190b634219c83e68b078f789c1a5c46f75988a631271b08564ff97839bb157945c3107b2c57f0a79da27622b46afb71033478a697f1a4265e99712fb8c238556a10610805165f5f2250c99daa907e1b4c65a99e1fc258ddaf90947925becb47337e0a37fc11bcc362f4bfad544c1a69936e1b389f29baa16e26a43e0f9a48d08096dd8866789ab85ec914afe5fab9eeda7bb4b5718607c880eab9cb85a8c031c273109fe53f4de1125cdf7535e4b60ae33984a6cc44fff86f12aa66e54cdb051a962610dfd2a98c7258b0acefd452c500fbb9c57e59342ebaaae21a0fdb74982dec109624b6802b0c1469d9aed48e22a54cb4c05797f2c6c2d6a16b6bbe8d25c24c9c417a79d7eae444f9856f57cf879a16f2e001ecfa0a2ec7c390e86b1ac60ee74523ff4b628b3158c0ab76d4337f9ec91175b7e89a549c116eb6700a1652c8b012b1a3ec3cdeafb499b87855d00c1a14eae5fa9c87ac6db1a495bd0727c921dc3fbf79960257db37f6117a41812b1dc9092a1d7398879ae4f98e2f6f66cee4794a3f3e7c0d151b072290afe856a2cc8164eae556c1be54c8add2c888452c7d4693543f45d26f852b912d3d3eaf38f03b9ee3caf74257e93a87833674838a4adbbcc745f8ee9a9668c65abcef9e777fdd0dc90fa1dd0f17b3b2b851f93f99de510789770fb777c1f75d58f82a9d8ad91eb15035333bea2fd6c84e1d6bed2777e96e610ce787101aa072fb68daf6e04cbb1772f8054a81441d768fa546814a850c9b73fd2cc76aff20e147f0dc817cba26aa4f5448a0e922c5549bdafcb7adacad28ffba918e55f734c66151e02493c309ae3a9c1524e244ac5167b975be229dd1480c817e8213b4fc2941af1a4e1f23a98271e7949f59a7d5b02fcd8fbac6ef2e4535810d1a352a1007aef92be069025d1fe230e3a36baf8c37db52e83dc0b32e8a690045b5e30e1e65576246a3929127e5b316982282ff1aa4b7eb0886e2b7fb729af587bba54ba8e7dbd051de16f866145bf100995dc03aa7d6f405bf1e0d5c657441a9593bd82c6398b20ae71914930679107ed737617bc2e200b95b60fdeabe969082154e470f4bfd32d476d161fc8f3ba60bdff723c507574744e0107772cbf645a292bddaf5c96563f80b82463fd119cd315b8115e23af1226475af69cbbdce05d474adfd8c9f026f681e5df9606e8096ad58512b98a03220df06e7e0604a29b374ff09273e32c0be88fd583890b24af87b88b0da778c12accae15d0668cc82bd4920d0b167802604000f599001a3fc1d1b61b74698c677b90f7da919150ec2ce6cc153204845b03022f558d49d13850687f22295b3b3235f8a0fc56ed1e65f4a18effeb9f52b1ff86d34a4acc0258f0e8d0f558a4536164b361fc28f43a553d8fe15b565e3ca57bf4ba88ca072464aca0368ad0385fe2b21f7376560a8e746bee3ee5d62f3a9ff21b0f24c9b9ccd888dd3d9fe88cf928272b55ec1ad1dc4d43395a57660ea1fc447e5bc5fed843cda9823b2aa708cad1a5fa391ead34dc8492884a91c78723a331bbfef4fcd1a1cf20240bfa383c5dabc6e5d8f964668c27a671ebe73f29d94090c16c052a2f7d3432efdf544279dced80740d38364d304af77bfe688d1bbbf7def2e479b83b0b720ca5d33429506025a22bbaebb07b8005e8eac7158ec0df91858dda341b2c84faad8f34f060071afff25ee4493291daa9503889aa61fbef4633daea9326ef143cdf3e97196d46925f8aeb33423d2f2f5a69d28c3396691f430422ba0211faf25d5367c6ac4429cbe1d40fc0b5bbb2adc46907fe777cb69dd6172c489c98c455cfedee165ed7707aa9408a793a9470e36c310497825a670ab63d350cc5727c279b5d5cdf266b008c114c90704cabc53f87e84f15e8ad7d3255f2546bca67edac6d9c700bb0b983b553bec7720ed398bb1ac74178f07b2cfc30c91e52ef193d6a368864715e138f9f5dc4ded2737c56eee18e5c1bbcf3af10331d012c219c236edd1e1d241fc6a0bade1e164ddb066407fbdf53f0a30cf340972c34018a81c7638970ce6fd9cf18c3f1af85ec583a1fcf1021ed7fc764532326e8823477d23db67a3118c39741eabd1a02d1f0cb09b3a74001714ba23fe548f29f9be0dc42476ef13c2fee00ad12d09ad3fbfd5ba372e72f441f8cf8a0c874cef403555e0f9cfafe2ce82a27c2a7f8c3deb8189f89a72a4a616cedf1ee3a326a3023c4b3f696d9e4550209f026bdd87f69af3135c9bcd1651b4ea82574a7b5f805f7193a43c029dc282ed9f6210d6ff46575dac1d4e662084bcb55d1eff413b76ebdec3bb8906143f7f4e1518d6455135c2efa7dc0f57abd7fd2bbd75cb58bd3cc2094c14bc0148863b976b2b5ce80b62d561fd96678b7f15568aefba6fa53ec8a1d0b3abcb823281feb4e28ef6a9f178cf53d75f10def0a0b5ca59f03a85954c30b8b0687b743f2000141c2313130a39ae5ba6ac51278bdf63f7140a30dd28c0cf74ba8f61535b3e5d4a57502a01afb1e5a879147c25d47dbf3357cc17cb45618be300878386d84ae790ffd0fcbc8672dd85c97efda364b36a6828c13b1ee2caeb95b4f8eade4098908865b388099bd55736601e325f133b6e13590594600dc9223b15330cc1a24ccd1eaec4f40999a07c6bcc4fcf18492e4269646bccee37710be1263862aa64ff6521a3d425a9d6431e7e880bcac0c92588f774bc8881a825868e47cf9e880d80a5f0926e7d8c6c8743c6d40867b580cd789a2242ff814731a991077b702d644716119687f5c4e02b3fc1beec377d2fa7988dbb955db9b6825efe446a35b44776e8caab92e93062e33957f076d66a8d25e1bbe356141645db4c717568e23ef96cb1a4f37f16ddbe0a24ac2521d0e010517e687b2685347372f2fd50968ab5bce064bdd0495956e53ec05067a2847589f722e40744022e2a0e952503ec5a6546753fa4dd466d0cbf10e9f84550335ede58ad4bac63081833959364fa85942172d63a4e1e2b329d0d4d89f7f54c617eb5e4459da9bb4c40f8d9d6d24cc51e7efa17b0e4e68feb592b22f394dac1ab07517bce454087774b4dd87f6abef27868051a4527fae09a107743189aebe29cb4d9c16a2748dceadd0cccf9d76b100b057802ba18fd3319fec79f8e55ae56e291b220fd733095c9303bcc0a037d47f34bbcaef6aea592dbafef787205da53c2e08c45a2a54077eaa76c24ec856cad781ff1c8bd4de7403e20791a3c4907dcf362544ff7a15f632455a660dbd857f1a403620e0561f672cf76ac42c5ca5d60757b5672aabead0bcfeea216f771b8e217c496890b3f081a570d67d96a3cd15414e544aa6d53ae0e2496cc8e85a487a7a48f9d3ca3049bd765b8ca183d0d7977aa689f310a921b35f778ff9830897e79d23ac99d75446da677d3b3d65e9f50496982316580d9a621aece2417b7a88dc49feca0e20433f9c9901321a40ee088f1528ca4732e9f2d8e40a7da9a7e2dcdf7a33e01a7e018ec3ce5837d8938c6263a295434ba6c1f84c922506fd380b58d110146901842a148553f9f74594b920e4707bd7144a66b6a2e1383d57607bad579dbcf6031353414be04572fb0eac08ed462f8ec6a63df90e6c2865222ab44c5780958aa6a618d2854270580e52199c58e6ed3abfb9cc1f6542c85f90b400a349215bcf23e3d5650973b31d1db6ee7e78f4da4e97745ef951c319ce9b44bdfa4b4930e52f64e61d3c5ece3a1f13babc55887b4e01ba41f2a200bd82abd168ea3042c674903efdbdb748bddb6c0e9972b03ef5b31ec817c8870d4a2e249fb628cabafb0f870095e20142d6dde0e0ffdf8c0227d444d2db09701e1c4a9b40809651d12c463dec14ccb5f2c4ef5639174792f76592346448ad4387dde5c535b848c45b8246ce49f52ae6f234e7363685a76381853c25e5d8329c0a18d78f3c3098486b00cd7b66ca14c053e8bc6ee11f29c712eb591ca597d11fe9b1124288855d19adadafba7826013a9e58a26e1775a9aa709bc79a8de9123f28562d18ae99fe1b8da2a81a2a94153d1041bfe6c101a5df772a10294e47dce3b3ea855be61db955fae3e6da6c52d2fd43daab626fe53bc9817e85d4997adc4f81a92", 0x1000}, {&(0x7f0000001140)="939c6a5be9c3e57c9b91fa97b71af08773ef187f83d9f4c19ce6aa632ef4ae31a17a42c785e53d2b8996df7e3c7c4c85cdb6a191f45a66c4b86c44aaf9fc64b297a49c4fc0bae851c888fcb9abdce7c282800f86b2f66d70dc81c2d82ce625ec10ed4c6940f6988bb1304c0b30b4bbf2accef5c7ea89ecbe46735c3d47662b0bf51f1524b835c692574cbad3c23186d44cfbd61354800556992f8dac1925451bdeea40b0305c72e345baf781199a5deeaf90faef0e9567c7062a35fa555da796056c9cee9ad4bb4926", 0xc9}, {&(0x7f0000001240)="f9bc1c1cf7e7e9764c6f280e14706655d9920526e69439c7d3d337c9f83cd2936d58407ff0aff8589aa8d0865514f25b90cc626ac3cbc5f0c153bed7c002ecfd9a7865168f220b3d07e45fa673f0bd8091c25bfabc0604d571c1164a123321db350a62951930c7e6b0fd2a2cc1a6c87b67f0c72c2a814aafe3eaa9c7977d58274bea380f78f02c512fdb5f077ce993d5e4", 0x91}, {&(0x7f0000001300)="6686ad77cfb5e5494b500da08feccfbc1813dca79a2c7714132105eeee79b01d7f587da6c05b934ade5aa1ca1b55752904b542936905637729582e7e7d773a8f396a0d9b7633415221f95cdba17cb7b9950d6099d377a1fcb87e37d5de6cf6e17af4481e5bf335ba75754d846db8c5020c3e84efb0", 0x75}, {&(0x7f0000001380)="72e688ef0aed8026a17e97f54d02dcc95a19aff21cc7a3f7c357c2ef589e2cb5daf7d7e3b796e196518a89d353422b319afef97c827144bd056bd5826a6931", 0x3f}], 0x5, &(0x7f0000001440)=[{0x48, 0x1, 0x3, "bea98ea1f944f4d97efed37658b378a6d706a694184d72c931f36c3d2b79df065457c2585c95e472328dee1ae8c299330c2d82568c"}, {0x28, 0x88, 0x0, "1558fa9876814bf0d5f066647e063050c477822ff6"}, {0xe8, 0x114, 0xfff, "5700abf3a0416a3aff7dd420e9720026204bb723049bc780070dcda105024d51572bff2612da5a643abc1049f0bf92e4a31ed4e4d289c1c769c7a6e177a0906b02522d048a68899a5fa3af70bc33a848b17b2dd2b394ea99c3ba2121623d25768b898c2cba4b2190c1cd217891ec76535975f9e7c6c81761e382e10307f24cca81726fd279f17e158590264b7a9868bb09315bd0f84ed929084929a1596f5625b358365d44810beb4158ece0be48a5e7b7a212609ace6b8324b90a927a4c790fcf9fd0ebe0e02271735ced23d179ae25de176c4ef1743f"}, {0x18, 0x116, 0x7, "4259788d"}, {0xd0, 0x101, 0x100, "cbea56f6120d4bd0ac6c685477f2670e89b551d2e946f7d337a2fe418b5fb70418a7736f0732316729ff1fcfcd5da9edb8c8104a5085ff8f80fdfaf235deac59d31592fbf6434dd9a042bdc0c075782def6fe1846175918481db838912cd077f157432f278e23ab8dffb2d167c8f3b938fd5cf9dcfe960c2c77063b5cc4388eeb5e2baaa37c25b20fa372f13071fb8a57a6f55c26844cf1a7990429dda69edc739f0a7a7585e75f600856f6ad58b9d757fa7a95466069e2b1487ae"}], 0x240}, 0x4080) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 21:29:26 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03510000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1432.628487][T26654] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1432.628487][T26654] !' [ 1432.738852][T26654] CPU: 1 PID: 26654 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1432.747498][T26654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1432.757558][T26654] Call Trace: [ 1432.760837][T26654] dump_stack_lvl+0xcd/0x134 [ 1432.765447][T26654] sysfs_warn_dup.cold+0x1c/0x29 [ 1432.770394][T26654] sysfs_do_create_link_sd+0x11e/0x140 [ 1432.775862][T26654] sysfs_create_link+0x5f/0xc0 [ 1432.780623][T26654] device_add+0x789/0x2100 [ 1432.785035][T26654] ? mutex_lock_io_nested+0xf00/0xf00 [ 1432.790401][T26654] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1432.795944][T26654] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1432.802176][T26654] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1432.808408][T26654] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.814639][T26654] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1432.820621][T26654] wiphy_register+0x1e8a/0x29b0 [ 1432.825499][T26654] ? wiphy_unregister+0xbd0/0xbd0 [ 1432.830514][T26654] ? minstrel_ht_alloc+0x531/0xa00 [ 1432.835625][T26654] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1432.841694][T26654] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1432.847161][T26654] ? ieee80211_restart_hw+0x290/0x290 [ 1432.852528][T26654] ? debug_object_destroy+0x210/0x210 [ 1432.857898][T26654] ? memset+0x20/0x40 [ 1432.861876][T26654] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.868110][T26654] ? __hrtimer_init+0x136/0x280 [ 1432.872965][T26654] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1432.878699][T26654] ? hwsim_virtio_rx_work+0x350/0x350 [ 1432.884063][T26654] ? __kmalloc_track_caller+0x1a0/0x320 [ 1432.889605][T26654] ? memcpy+0x39/0x60 [ 1432.893584][T26654] hwsim_new_radio_nl+0x9bc/0x1080 [ 1432.898697][T26654] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1432.904596][T26654] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.910827][T26654] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1432.918196][T26654] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1432.925484][T26654] genl_family_rcv_msg_doit+0x228/0x320 [ 1432.931027][T26654] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1432.938397][T26654] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.944650][T26654] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.950891][T26654] ? ns_capable+0xde/0x100 [ 1432.955305][T26654] genl_rcv_msg+0x328/0x580 [ 1432.959824][T26654] ? genl_get_cmd+0x480/0x480 [ 1432.964499][T26654] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1432.970391][T26654] ? lock_release+0x720/0x720 [ 1432.975060][T26654] netlink_rcv_skb+0x153/0x420 [ 1432.979816][T26654] ? genl_get_cmd+0x480/0x480 [ 1432.984489][T26654] ? netlink_ack+0xa60/0xa60 [ 1432.989082][T26654] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1432.995316][T26654] genl_rcv+0x24/0x40 [ 1432.999288][T26654] netlink_unicast+0x533/0x7d0 [ 1433.004052][T26654] ? netlink_attachskb+0x890/0x890 [ 1433.009153][T26654] ? __virt_addr_valid+0x5d/0x2d0 [ 1433.014169][T26654] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1433.020399][T26654] ? __phys_addr_symbol+0x2c/0x70 [ 1433.025414][T26654] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1433.031125][T26654] ? __check_object_size+0x16e/0x3f0 [ 1433.036406][T26654] netlink_sendmsg+0x85b/0xda0 [ 1433.041168][T26654] ? netlink_unicast+0x7d0/0x7d0 [ 1433.046106][T26654] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1433.052339][T26654] ? netlink_unicast+0x7d0/0x7d0 [ 1433.057270][T26654] sock_sendmsg+0xcf/0x120 [ 1433.061677][T26654] ____sys_sendmsg+0x6e8/0x810 [ 1433.066433][T26654] ? kernel_sendmsg+0x50/0x50 [ 1433.071096][T26654] ? do_recvmmsg+0x6d0/0x6d0 [ 1433.075699][T26654] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1433.081676][T26654] ___sys_sendmsg+0xf3/0x170 [ 1433.086259][T26654] ? sendmsg_copy_msghdr+0x160/0x160 [ 1433.091540][T26654] ? __fget_files+0x266/0x3d0 [ 1433.096209][T26654] ? lock_downgrade+0x6e0/0x6e0 [ 1433.101060][T26654] ? __fget_files+0x288/0x3d0 [ 1433.105757][T26654] ? __fget_light+0xea/0x280 [ 1433.110336][T26654] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1433.116570][T26654] __sys_sendmsg+0xe5/0x1b0 [ 1433.121065][T26654] ? __sys_sendmsg_sock+0x30/0x30 [ 1433.126118][T26654] ? syscall_enter_from_user_mode+0x21/0x70 [ 1433.132013][T26654] do_syscall_64+0x35/0xb0 [ 1433.136421][T26654] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1433.142310][T26654] RIP: 0033:0x4665d9 [ 1433.146194][T26654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.165789][T26654] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1433.174190][T26654] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1433.182149][T26654] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1433.190108][T26654] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1433.198063][T26654] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1433.206018][T26654] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1433.350430][T26689] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1433.407097][T26694] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1433.410725][T26688] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:27 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1433.463927][T26692] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1433.471949][T26688] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1433.507693][T26688] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1433.507693][T26688] !' [ 1433.535977][T26688] CPU: 0 PID: 26688 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1433.544579][T26688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1433.554624][T26688] Call Trace: [ 1433.557900][T26688] dump_stack_lvl+0xcd/0x134 [ 1433.562495][T26688] sysfs_warn_dup.cold+0x1c/0x29 [ 1433.567450][T26688] sysfs_do_create_link_sd+0x11e/0x140 [ 1433.572924][T26688] sysfs_create_link+0x5f/0xc0 [ 1433.577700][T26688] device_add+0x789/0x2100 [ 1433.582124][T26688] ? mutex_lock_io_nested+0xf00/0xf00 [ 1433.587502][T26688] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1433.593052][T26688] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1433.599293][T26688] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1433.605537][T26688] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1433.611779][T26688] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1433.617775][T26688] wiphy_register+0x1e8a/0x29b0 [ 1433.622636][T26688] ? wiphy_unregister+0xbd0/0xbd0 [ 1433.627653][T26688] ? minstrel_ht_alloc+0x531/0xa00 [ 1433.632767][T26688] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1433.638849][T26688] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1433.644333][T26688] ? ieee80211_restart_hw+0x290/0x290 [ 1433.649718][T26688] ? debug_object_destroy+0x210/0x210 [ 1433.655101][T26688] ? memset+0x20/0x40 [ 1433.659089][T26688] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1433.665331][T26688] ? __hrtimer_init+0x136/0x280 [ 1433.670192][T26688] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1433.675938][T26688] ? hwsim_virtio_rx_work+0x350/0x350 [ 1433.681315][T26688] ? __kmalloc_track_caller+0x1a0/0x320 [ 1433.686877][T26688] ? memcpy+0x39/0x60 [ 1433.690872][T26688] hwsim_new_radio_nl+0x9bc/0x1080 [ 1433.695997][T26688] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1433.701911][T26688] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1433.708156][T26688] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1433.715531][T26688] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1433.722833][T26688] genl_family_rcv_msg_doit+0x228/0x320 [ 1433.728391][T26688] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1433.735780][T26688] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1433.742037][T26688] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1433.748279][T26688] ? ns_capable+0xde/0x100 [ 1433.752703][T26688] genl_rcv_msg+0x328/0x580 [ 1433.757220][T26688] ? genl_get_cmd+0x480/0x480 [ 1433.761903][T26688] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1433.767805][T26688] ? lock_release+0x720/0x720 [ 1433.772493][T26688] netlink_rcv_skb+0x153/0x420 [ 1433.777266][T26688] ? genl_get_cmd+0x480/0x480 [ 1433.781953][T26688] ? netlink_ack+0xa60/0xa60 [ 1433.786560][T26688] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1433.792812][T26688] genl_rcv+0x24/0x40 [ 1433.796801][T26688] netlink_unicast+0x533/0x7d0 [ 1433.801575][T26688] ? netlink_attachskb+0x890/0x890 [ 1433.806691][T26688] ? __virt_addr_valid+0x5d/0x2d0 [ 1433.811719][T26688] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1433.817960][T26688] ? __phys_addr_symbol+0x2c/0x70 [ 1433.822987][T26688] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1433.828710][T26688] ? __check_object_size+0x16e/0x3f0 [ 1433.834004][T26688] netlink_sendmsg+0x85b/0xda0 [ 1433.838776][T26688] ? netlink_unicast+0x7d0/0x7d0 [ 1433.843705][T26688] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1433.850374][T26688] ? netlink_unicast+0x7d0/0x7d0 [ 1433.855302][T26688] sock_sendmsg+0xcf/0x120 [ 1433.859725][T26688] ____sys_sendmsg+0x6e8/0x810 [ 1433.864882][T26688] ? kernel_sendmsg+0x50/0x50 [ 1433.869541][T26688] ? do_recvmmsg+0x6d0/0x6d0 [ 1433.874337][T26688] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1433.880323][T26688] ___sys_sendmsg+0xf3/0x170 [ 1433.885327][T26688] ? sendmsg_copy_msghdr+0x160/0x160 [ 1433.890833][T26688] ? __fget_files+0x266/0x3d0 [ 1433.895516][T26688] ? lock_downgrade+0x6e0/0x6e0 [ 1433.900372][T26688] ? __fget_files+0x288/0x3d0 [ 1433.905037][T26688] ? __fget_light+0xea/0x280 [ 1433.909874][T26688] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1433.916108][T26688] __sys_sendmsg+0xe5/0x1b0 [ 1433.920613][T26688] ? __sys_sendmsg_sock+0x30/0x30 [ 1433.925642][T26688] ? syscall_enter_from_user_mode+0x21/0x70 [ 1433.931598][T26688] do_syscall_64+0x35/0xb0 [ 1433.936065][T26688] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1433.941966][T26688] RIP: 0033:0x4665d9 [ 1433.945842][T26688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1433.966207][T26688] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1433.974808][T26688] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1433.982777][T26688] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1433.990737][T26688] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1433.998704][T26688] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1434.006724][T26688] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 21:29:28 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00520000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:28 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d025a0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:28 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63110d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1434.114654][T26725] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1434.135914][T26686] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1434.212959][T26686] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1434.212959][T26686] !' [ 1434.237169][T26686] CPU: 1 PID: 26686 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1434.245602][T26686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1434.255658][T26686] Call Trace: [ 1434.258934][T26686] dump_stack_lvl+0xcd/0x134 [ 1434.263540][T26686] sysfs_warn_dup.cold+0x1c/0x29 [ 1434.268489][T26686] sysfs_do_create_link_sd+0x11e/0x140 [ 1434.273959][T26686] sysfs_create_link+0x5f/0xc0 [ 1434.278729][T26686] device_add+0x789/0x2100 [ 1434.283154][T26686] ? mutex_lock_io_nested+0xf00/0xf00 [ 1434.288532][T26686] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1434.294174][T26686] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1434.300422][T26686] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1434.306674][T26686] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1434.312920][T26686] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1434.318912][T26686] wiphy_register+0x1e8a/0x29b0 [ 1434.323777][T26686] ? wiphy_unregister+0xbd0/0xbd0 [ 1434.328801][T26686] ? minstrel_ht_alloc+0x531/0xa00 [ 1434.333928][T26686] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1434.340013][T26686] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1434.345495][T26686] ? ieee80211_restart_hw+0x290/0x290 [ 1434.350877][T26686] ? debug_object_destroy+0x210/0x210 [ 1434.356263][T26686] ? memset+0x20/0x40 [ 1434.360248][T26686] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1434.366482][T26686] ? __hrtimer_init+0x136/0x280 [ 1434.371342][T26686] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1434.377092][T26686] ? hwsim_virtio_rx_work+0x350/0x350 [ 1434.382472][T26686] ? __kmalloc_track_caller+0x1a0/0x320 [ 1434.388026][T26686] ? memcpy+0x39/0x60 [ 1434.392021][T26686] hwsim_new_radio_nl+0x9bc/0x1080 [ 1434.397145][T26686] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1434.403060][T26686] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1434.409306][T26686] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1434.416689][T26686] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1434.423994][T26686] genl_family_rcv_msg_doit+0x228/0x320 [ 1434.429550][T26686] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1434.436911][T26686] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1434.443148][T26686] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1434.449376][T26686] ? ns_capable+0xde/0x100 [ 1434.453982][T26686] genl_rcv_msg+0x328/0x580 [ 1434.458499][T26686] ? genl_get_cmd+0x480/0x480 [ 1434.463181][T26686] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1434.469071][T26686] ? lock_release+0x720/0x720 [ 1434.473746][T26686] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1434.479023][T26686] netlink_rcv_skb+0x153/0x420 [ 1434.483791][T26686] ? genl_get_cmd+0x480/0x480 [ 1434.488464][T26686] ? netlink_ack+0xa60/0xa60 [ 1434.493305][T26686] genl_rcv+0x24/0x40 [ 1434.497273][T26686] netlink_unicast+0x533/0x7d0 [ 1434.502334][T26686] ? netlink_attachskb+0x890/0x890 [ 1434.507569][T26686] ? __virt_addr_valid+0x5d/0x2d0 [ 1434.512810][T26686] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1434.519241][T26686] ? __phys_addr_symbol+0x2c/0x70 [ 1434.525048][T26686] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1434.530986][T26686] ? __check_object_size+0x16e/0x3f0 [ 1434.536632][T26686] netlink_sendmsg+0x85b/0xda0 [ 1434.541389][T26686] ? netlink_unicast+0x7d0/0x7d0 [ 1434.546323][T26686] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1434.552551][T26686] ? netlink_unicast+0x7d0/0x7d0 [ 1434.557534][T26686] sock_sendmsg+0xcf/0x120 [ 1434.561940][T26686] ____sys_sendmsg+0x6e8/0x810 [ 1434.566694][T26686] ? kernel_sendmsg+0x50/0x50 [ 1434.571355][T26686] ? do_recvmmsg+0x6d0/0x6d0 [ 1434.575936][T26686] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1434.581905][T26686] ___sys_sendmsg+0xf3/0x170 [ 1434.586500][T26686] ? sendmsg_copy_msghdr+0x160/0x160 [ 1434.591779][T26686] ? __fget_files+0x266/0x3d0 [ 1434.596460][T26686] ? lock_downgrade+0x6e0/0x6e0 [ 1434.601305][T26686] ? __fget_files+0x288/0x3d0 [ 1434.605991][T26686] ? __fget_light+0xea/0x280 [ 1434.610574][T26686] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1434.616839][T26686] __sys_sendmsg+0xe5/0x1b0 [ 1434.621329][T26686] ? __sys_sendmsg_sock+0x30/0x30 [ 1434.626361][T26686] ? syscall_enter_from_user_mode+0x21/0x70 [ 1434.632266][T26686] do_syscall_64+0x35/0xb0 [ 1434.636670][T26686] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1434.642552][T26686] RIP: 0033:0x4665d9 [ 1434.646430][T26686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1434.666024][T26686] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1434.674421][T26686] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1434.682382][T26686] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1434.690352][T26686] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1434.698336][T26686] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1434.706294][T26686] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1434.837293][T26735] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:29 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:29 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x200640, 0x0) close(r0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$VIDIOC_QUERYSTD(0xffffffffffffffff, 0x8008563f, &(0x7f0000000140)) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) close(r2) r4 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x100) writev(r4, &(0x7f0000000280)=[{&(0x7f00000008c0)="110eaa1a9896d57019effc8c79961d0f73ccf3afca3754e2e7a31f536bcb7204bed49311e29c96e1c2b663d61e5b0c0a76ea50cbddaa69f578b8600f77cf1a538ac900673696245b6de4283c979a32c0cf7d54fe9d26650575d1398678895da32663735b4d0cabfe7e972e59c2b4b4c9c89d0b82ca2267ad5062303e8abcb79600010506702eb912e3957e507aec4e2180699a738f675350ba12282a1d7181887f6c2e03de1da0dfe3b4efbb10e9b59301b4ef8a1d", 0xb5}, {&(0x7f0000000980)="34c30d95766fefbb7bdc40a3242505587bbc8584c2bc2003185f5ce116eea020efa91e2aae1eae2b8e848ac13c3dcedbbbc82adb1e70be8eecedba37be82545f2abda4f0a0e0fd0edd6bd03bb8e9bb91c39a2c828511aef3e684ad4c21ec0c146b9570139e31cd", 0x67}], 0x2) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xff, 0x6, 0x20, 0x1, 0x0, 0x4c, 0xc0100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x1, @perf_config_ext={0x5, 0x2}, 0x800, 0xff, 0x6, 0x7, 0x3, 0x6, 0x0, 0x0, 0x2, 0x0, 0x100000001}, 0xffffffffffffffff, 0xe, r4, 0xb) openat$cgroup_ro(r4, &(0x7f00000000c0)='cgroup.stat\x00', 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c463f090101018000000000000003000300020000004b0300000000000040000000000000006f02000000000000ff0f000060003800010000040700810007000070040000000300000000000000acb67c2e00000000ff000000000000001f000000000000004ff7147400000000010000800000000049cd10a12740de178cfd93126c549fe0fc3b1b1e13ce430520abde4a1b777269ef7b85822a545d5280816c1108d958fa20ac06858c76347ea78949ac189c1f5c0c086faec81409e4ce4779e797ac875e684a073ff537f18649e3e48fe8b9eaf78a3b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090eba45342c3edbad85f3a13a62cd7970d3f3d51c929a9c794de9ddb3d436276e3a6c548585fed13a2b61dbd73bd448b5e13e71b2c8002e31bba21a17672c67f740cdd9ece6a076e42aadd957629bdf5a11c09b6cba754abdb68c47fd07190c6e24487fab7e8f748717750bf5e3cb58ab0cbd0b452b05e1e13165ee50ad5ef061a535105a720764a66c0d6e0cbb254fcb502752869a815eb5f8aaf96d47a31e4a22e2a6663a4a34c12682ac123030861ed029976bf8b9e713c0385caa4ff645dc5959ea48bd07ab798288a10b2c7733e39e3d1fb59f896545e329bb4512833bd66f8add80dd0a2"], 0x4da) 21:29:29 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d035a0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:29 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x0, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1434.930293][T26735] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1434.930293][T26735] !' [ 1434.974453][T26735] CPU: 0 PID: 26735 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1434.983092][T26735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1434.993152][T26735] Call Trace: [ 1434.996435][T26735] dump_stack_lvl+0xcd/0x134 [ 1435.001047][T26735] sysfs_warn_dup.cold+0x1c/0x29 [ 1435.006008][T26735] sysfs_do_create_link_sd+0x11e/0x140 [ 1435.011494][T26735] sysfs_create_link+0x5f/0xc0 [ 1435.016274][T26735] device_add+0x789/0x2100 [ 1435.020704][T26735] ? mutex_lock_io_nested+0xf00/0xf00 [ 1435.026089][T26735] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1435.031655][T26735] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1435.037907][T26735] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1435.044165][T26735] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.050404][T26735] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1435.056398][T26735] wiphy_register+0x1e8a/0x29b0 [ 1435.061270][T26735] ? wiphy_unregister+0xbd0/0xbd0 [ 1435.066296][T26735] ? minstrel_ht_alloc+0x531/0xa00 [ 1435.071427][T26735] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1435.077510][T26735] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1435.082991][T26735] ? ieee80211_restart_hw+0x290/0x290 [ 1435.088371][T26735] ? debug_object_destroy+0x210/0x210 [ 1435.093753][T26735] ? memset+0x20/0x40 [ 1435.097733][T26735] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.103967][T26735] ? __hrtimer_init+0x136/0x280 [ 1435.108822][T26735] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1435.114566][T26735] ? hwsim_virtio_rx_work+0x350/0x350 [ 1435.119937][T26735] ? __kmalloc_track_caller+0x1a0/0x320 [ 1435.125492][T26735] ? memcpy+0x39/0x60 [ 1435.129478][T26735] hwsim_new_radio_nl+0x9bc/0x1080 [ 1435.134593][T26735] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1435.140516][T26735] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.146750][T26735] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1435.154121][T26735] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1435.161413][T26735] genl_family_rcv_msg_doit+0x228/0x320 [ 1435.166965][T26735] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1435.174335][T26735] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.180587][T26735] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.186826][T26735] ? ns_capable+0xde/0x100 [ 1435.191244][T26735] genl_rcv_msg+0x328/0x580 [ 1435.195754][T26735] ? genl_get_cmd+0x480/0x480 [ 1435.200430][T26735] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1435.206329][T26735] ? lock_release+0x720/0x720 [ 1435.211029][T26735] netlink_rcv_skb+0x153/0x420 [ 1435.215794][T26735] ? genl_get_cmd+0x480/0x480 [ 1435.220471][T26735] ? netlink_ack+0xa60/0xa60 [ 1435.225073][T26735] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.231334][T26735] genl_rcv+0x24/0x40 [ 1435.235312][T26735] netlink_unicast+0x533/0x7d0 [ 1435.240080][T26735] ? netlink_attachskb+0x890/0x890 [ 1435.245186][T26735] ? __virt_addr_valid+0x5d/0x2d0 [ 1435.250208][T26735] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1435.256443][T26735] ? __phys_addr_symbol+0x2c/0x70 [ 1435.261464][T26735] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1435.267179][T26735] ? __check_object_size+0x16e/0x3f0 [ 1435.272464][T26735] netlink_sendmsg+0x85b/0xda0 [ 1435.277236][T26735] ? netlink_unicast+0x7d0/0x7d0 [ 1435.282181][T26735] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.288419][T26735] ? netlink_unicast+0x7d0/0x7d0 [ 1435.293355][T26735] sock_sendmsg+0xcf/0x120 [ 1435.297770][T26735] ____sys_sendmsg+0x6e8/0x810 [ 1435.302533][T26735] ? kernel_sendmsg+0x50/0x50 [ 1435.307200][T26735] ? do_recvmmsg+0x6d0/0x6d0 [ 1435.311793][T26735] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1435.317780][T26735] ___sys_sendmsg+0xf3/0x170 [ 1435.322368][T26735] ? sendmsg_copy_msghdr+0x160/0x160 [ 1435.327659][T26735] ? __fget_files+0x266/0x3d0 [ 1435.332783][T26735] ? lock_downgrade+0x6e0/0x6e0 [ 1435.337647][T26735] ? __fget_files+0x288/0x3d0 [ 1435.342331][T26735] ? __fget_light+0xea/0x280 [ 1435.346920][T26735] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1435.353166][T26735] __sys_sendmsg+0xe5/0x1b0 [ 1435.357664][T26735] ? __sys_sendmsg_sock+0x30/0x30 [ 1435.362704][T26735] ? syscall_enter_from_user_mode+0x21/0x70 [ 1435.368605][T26735] do_syscall_64+0x35/0xb0 [ 1435.373018][T26735] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1435.378909][T26735] RIP: 0033:0x4665d9 [ 1435.382801][T26735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1435.402404][T26735] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1435.410812][T26735] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1435.418774][T26735] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1435.426735][T26735] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1435.434698][T26735] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1435.442660][T26735] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 21:29:29 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01520000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1435.673499][T26758] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1435.714207][T26758] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1435.714207][T26758] !' [ 1435.747625][T26758] CPU: 0 PID: 26758 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1435.756150][T26758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1435.766204][T26758] Call Trace: [ 1435.769478][T26758] dump_stack_lvl+0xcd/0x134 [ 1435.774079][T26758] sysfs_warn_dup.cold+0x1c/0x29 [ 1435.779025][T26758] sysfs_do_create_link_sd+0x11e/0x140 [ 1435.784498][T26758] sysfs_create_link+0x5f/0xc0 [ 1435.789267][T26758] device_add+0x789/0x2100 [ 1435.793688][T26758] ? mutex_lock_io_nested+0xf00/0xf00 [ 1435.799067][T26758] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1435.804618][T26758] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1435.810860][T26758] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1435.817106][T26758] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.823351][T26758] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1435.829344][T26758] wiphy_register+0x1e8a/0x29b0 [ 1435.834207][T26758] ? wiphy_unregister+0xbd0/0xbd0 [ 1435.839236][T26758] ? minstrel_ht_alloc+0x531/0xa00 [ 1435.844363][T26758] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1435.850448][T26758] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1435.855932][T26758] ? ieee80211_restart_hw+0x290/0x290 [ 1435.861315][T26758] ? debug_object_destroy+0x210/0x210 [ 1435.866706][T26758] ? memset+0x20/0x40 [ 1435.870695][T26758] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.876948][T26758] ? __hrtimer_init+0x136/0x280 [ 1435.881815][T26758] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1435.887557][T26758] ? hwsim_virtio_rx_work+0x350/0x350 [ 1435.892931][T26758] ? __kmalloc_track_caller+0x1a0/0x320 [ 1435.898490][T26758] ? memcpy+0x39/0x60 [ 1435.902487][T26758] hwsim_new_radio_nl+0x9bc/0x1080 [ 1435.907611][T26758] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1435.913523][T26758] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.919767][T26758] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1435.927147][T26758] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1435.934444][T26758] genl_family_rcv_msg_doit+0x228/0x320 [ 1435.940003][T26758] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1435.947387][T26758] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.953645][T26758] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1435.959889][T26758] ? ns_capable+0xde/0x100 [ 1435.964320][T26758] genl_rcv_msg+0x328/0x580 [ 1435.968838][T26758] ? genl_get_cmd+0x480/0x480 [ 1435.973525][T26758] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1435.979435][T26758] ? lock_release+0x720/0x720 [ 1435.984122][T26758] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1435.989426][T26758] netlink_rcv_skb+0x153/0x420 [ 1435.994205][T26758] ? genl_get_cmd+0x480/0x480 [ 1435.998894][T26758] ? netlink_ack+0xa60/0xa60 [ 1436.003509][T26758] genl_rcv+0x24/0x40 [ 1436.007500][T26758] netlink_unicast+0x533/0x7d0 [ 1436.012279][T26758] ? netlink_attachskb+0x890/0x890 [ 1436.017395][T26758] ? __virt_addr_valid+0x5d/0x2d0 [ 1436.022428][T26758] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1436.028679][T26758] ? __phys_addr_symbol+0x2c/0x70 [ 1436.033704][T26758] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1436.039428][T26758] ? __check_object_size+0x16e/0x3f0 [ 1436.044726][T26758] netlink_sendmsg+0x85b/0xda0 [ 1436.049506][T26758] ? netlink_unicast+0x7d0/0x7d0 [ 1436.054464][T26758] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1436.060710][T26758] ? netlink_unicast+0x7d0/0x7d0 [ 1436.065658][T26758] sock_sendmsg+0xcf/0x120 [ 1436.070081][T26758] ____sys_sendmsg+0x6e8/0x810 [ 1436.074849][T26758] ? kernel_sendmsg+0x50/0x50 [ 1436.079525][T26758] ? do_recvmmsg+0x6d0/0x6d0 [ 1436.084120][T26758] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1436.090112][T26758] ___sys_sendmsg+0xf3/0x170 [ 1436.094709][T26758] ? sendmsg_copy_msghdr+0x160/0x160 [ 1436.100006][T26758] ? __fget_files+0x266/0x3d0 [ 1436.104688][T26758] ? lock_downgrade+0x6e0/0x6e0 [ 1436.109555][T26758] ? __fget_files+0x288/0x3d0 [ 1436.114248][T26758] ? __fget_light+0xea/0x280 [ 1436.118844][T26758] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1436.125096][T26758] __sys_sendmsg+0xe5/0x1b0 [ 1436.130058][T26758] ? __sys_sendmsg_sock+0x30/0x30 [ 1436.135353][T26758] ? syscall_enter_from_user_mode+0x21/0x70 [ 1436.141657][T26758] do_syscall_64+0x35/0xb0 [ 1436.146083][T26758] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1436.152371][T26758] RIP: 0033:0x4665d9 [ 1436.156429][T26758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1436.176043][T26758] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1436.185012][T26758] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1436.193241][T26758] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1436.201199][T26758] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 21:29:30 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63120d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:30 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02520000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1436.209166][T26758] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1436.217120][T26758] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 21:29:30 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{0x0}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:30 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d005b0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1436.322272][T26760] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:30 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1436.397111][T26760] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1436.397111][T26760] !' [ 1436.424001][T26760] CPU: 0 PID: 26760 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1436.432713][T26760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1436.442769][T26760] Call Trace: [ 1436.446046][T26760] dump_stack_lvl+0xcd/0x134 [ 1436.450654][T26760] sysfs_warn_dup.cold+0x1c/0x29 [ 1436.455605][T26760] sysfs_do_create_link_sd+0x11e/0x140 [ 1436.461077][T26760] sysfs_create_link+0x5f/0xc0 [ 1436.465851][T26760] device_add+0x789/0x2100 [ 1436.470273][T26760] ? mutex_lock_io_nested+0xf00/0xf00 [ 1436.475651][T26760] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1436.481208][T26760] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1436.487459][T26760] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1436.493703][T26760] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1436.499950][T26760] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1436.505948][T26760] wiphy_register+0x1e8a/0x29b0 [ 1436.510814][T26760] ? wiphy_unregister+0xbd0/0xbd0 [ 1436.515841][T26760] ? minstrel_ht_alloc+0x531/0xa00 [ 1436.520971][T26760] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1436.527057][T26760] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1436.532544][T26760] ? ieee80211_restart_hw+0x290/0x290 [ 1436.537931][T26760] ? debug_object_destroy+0x210/0x210 [ 1436.543318][T26760] ? memset+0x20/0x40 [ 1436.547309][T26760] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1436.553555][T26760] ? __hrtimer_init+0x136/0x280 [ 1436.558420][T26760] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1436.564177][T26760] ? hwsim_virtio_rx_work+0x350/0x350 [ 1436.569555][T26760] ? __kmalloc_track_caller+0x1a0/0x320 [ 1436.575110][T26760] ? memcpy+0x39/0x60 [ 1436.579106][T26760] hwsim_new_radio_nl+0x9bc/0x1080 [ 1436.584235][T26760] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1436.590152][T26760] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1436.596400][T26760] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1436.603812][T26760] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1436.611112][T26760] genl_family_rcv_msg_doit+0x228/0x320 [ 1436.616670][T26760] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1436.624054][T26760] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1436.630315][T26760] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1436.636563][T26760] ? ns_capable+0xde/0x100 [ 1436.640990][T26760] genl_rcv_msg+0x328/0x580 [ 1436.645509][T26760] ? genl_get_cmd+0x480/0x480 [ 1436.650195][T26760] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1436.656106][T26760] ? lock_release+0x720/0x720 [ 1436.660785][T26760] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1436.666082][T26760] netlink_rcv_skb+0x153/0x420 [ 1436.670856][T26760] ? genl_get_cmd+0x480/0x480 [ 1436.675547][T26760] ? netlink_ack+0xa60/0xa60 [ 1436.680162][T26760] genl_rcv+0x24/0x40 [ 1436.684152][T26760] netlink_unicast+0x533/0x7d0 [ 1436.688930][T26760] ? netlink_attachskb+0x890/0x890 [ 1436.694046][T26760] ? __virt_addr_valid+0x5d/0x2d0 [ 1436.699078][T26760] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1436.705322][T26760] ? __phys_addr_symbol+0x2c/0x70 [ 1436.710354][T26760] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1436.716075][T26760] ? __check_object_size+0x16e/0x3f0 [ 1436.721370][T26760] netlink_sendmsg+0x85b/0xda0 [ 1436.726151][T26760] ? netlink_unicast+0x7d0/0x7d0 [ 1436.731109][T26760] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1436.737360][T26760] ? netlink_unicast+0x7d0/0x7d0 [ 1436.742306][T26760] sock_sendmsg+0xcf/0x120 [ 1436.746729][T26760] ____sys_sendmsg+0x6e8/0x810 [ 1436.751503][T26760] ? kernel_sendmsg+0x50/0x50 [ 1436.756183][T26760] ? do_recvmmsg+0x6d0/0x6d0 [ 1436.760786][T26760] ? lock_chain_count+0x20/0x20 [ 1436.765644][T26760] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1436.771638][T26760] ___sys_sendmsg+0xf3/0x170 [ 1436.776236][T26760] ? sendmsg_copy_msghdr+0x160/0x160 [ 1436.781534][T26760] ? __fget_files+0x266/0x3d0 [ 1436.786221][T26760] ? lock_downgrade+0x6e0/0x6e0 [ 1436.791089][T26760] ? __fget_files+0x288/0x3d0 [ 1436.795782][T26760] ? __fget_light+0xea/0x280 [ 1436.800376][T26760] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1436.806628][T26760] __sys_sendmsg+0xe5/0x1b0 [ 1436.811138][T26760] ? __sys_sendmsg_sock+0x30/0x30 [ 1436.816187][T26760] ? syscall_enter_from_user_mode+0x21/0x70 [ 1436.822098][T26760] do_syscall_64+0x35/0xb0 [ 1436.826521][T26760] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1436.832426][T26760] RIP: 0033:0x4665d9 [ 1436.836325][T26760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1436.855933][T26760] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1436.864349][T26760] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1436.872323][T26760] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1436.880295][T26760] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1436.888266][T26760] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1436.896235][T26760] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 [ 1436.994685][T26818] __nla_validate_parse: 12 callbacks suppressed [ 1436.994704][T26818] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1437.026028][T26798] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:31 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00005e3000/0x2000)=nil, 0x2000, 0x1, 0x10010, r3, 0x5ab23000) [ 1437.074140][T26798] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1437.142886][T26824] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1437.168799][T26798] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1437.168799][T26798] !' [ 1437.197121][T26798] CPU: 1 PID: 26798 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1437.205644][T26798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1437.215689][T26798] Call Trace: [ 1437.218959][T26798] dump_stack_lvl+0xcd/0x134 [ 1437.223551][T26798] sysfs_warn_dup.cold+0x1c/0x29 [ 1437.228484][T26798] sysfs_do_create_link_sd+0x11e/0x140 [ 1437.233939][T26798] sysfs_create_link+0x5f/0xc0 [ 1437.238701][T26798] device_add+0x789/0x2100 [ 1437.243113][T26798] ? mutex_lock_io_nested+0xf00/0xf00 [ 1437.248481][T26798] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1437.254020][T26798] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1437.260251][T26798] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1437.266484][T26798] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1437.272718][T26798] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1437.278699][T26798] wiphy_register+0x1e8a/0x29b0 [ 1437.283551][T26798] ? wiphy_unregister+0xbd0/0xbd0 [ 1437.288564][T26798] ? minstrel_ht_alloc+0x531/0xa00 [ 1437.293675][T26798] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1437.299741][T26798] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1437.305208][T26798] ? ieee80211_restart_hw+0x290/0x290 [ 1437.310575][T26798] ? debug_object_destroy+0x210/0x210 [ 1437.316355][T26798] ? memset+0x20/0x40 [ 1437.320332][T26798] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1437.326565][T26798] ? __hrtimer_init+0x136/0x280 [ 1437.331416][T26798] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1437.337149][T26798] ? hwsim_virtio_rx_work+0x350/0x350 [ 1437.342513][T26798] ? __kmalloc_track_caller+0x1a0/0x320 [ 1437.348052][T26798] ? memcpy+0x39/0x60 [ 1437.352027][T26798] hwsim_new_radio_nl+0x9bc/0x1080 [ 1437.357138][T26798] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1437.363032][T26798] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1437.369262][T26798] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1437.376626][T26798] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1437.383911][T26798] genl_family_rcv_msg_doit+0x228/0x320 [ 1437.389458][T26798] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1437.396840][T26798] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1437.403082][T26798] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1437.409312][T26798] ? ns_capable+0xde/0x100 [ 1437.413722][T26798] genl_rcv_msg+0x328/0x580 [ 1437.418223][T26798] ? genl_get_cmd+0x480/0x480 [ 1437.422895][T26798] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1437.428790][T26798] ? lock_release+0x720/0x720 [ 1437.433463][T26798] netlink_rcv_skb+0x153/0x420 [ 1437.438222][T26798] ? genl_get_cmd+0x480/0x480 [ 1437.442898][T26798] ? netlink_ack+0xa60/0xa60 [ 1437.447493][T26798] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1437.453728][T26798] genl_rcv+0x24/0x40 [ 1437.457703][T26798] netlink_unicast+0x533/0x7d0 [ 1437.462463][T26798] ? netlink_attachskb+0x890/0x890 [ 1437.467568][T26798] ? __virt_addr_valid+0x5d/0x2d0 [ 1437.472583][T26798] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1437.478813][T26798] ? __phys_addr_symbol+0x2c/0x70 [ 1437.483829][T26798] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1437.489538][T26798] ? __check_object_size+0x16e/0x3f0 [ 1437.494816][T26798] netlink_sendmsg+0x85b/0xda0 [ 1437.499579][T26798] ? netlink_unicast+0x7d0/0x7d0 [ 1437.504517][T26798] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1437.510750][T26798] ? netlink_unicast+0x7d0/0x7d0 [ 1437.515681][T26798] sock_sendmsg+0xcf/0x120 [ 1437.520090][T26798] ____sys_sendmsg+0x6e8/0x810 [ 1437.525037][T26798] ? kernel_sendmsg+0x50/0x50 [ 1437.529702][T26798] ? do_recvmmsg+0x6d0/0x6d0 [ 1437.534290][T26798] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1437.540269][T26798] ___sys_sendmsg+0xf3/0x170 [ 1437.544852][T26798] ? sendmsg_copy_msghdr+0x160/0x160 [ 1437.550135][T26798] ? __fget_files+0x266/0x3d0 [ 1437.554802][T26798] ? lock_downgrade+0x6e0/0x6e0 [ 1437.559654][T26798] ? __fget_files+0x288/0x3d0 [ 1437.564328][T26798] ? __fget_light+0xea/0x280 [ 1437.568910][T26798] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1437.575150][T26798] __sys_sendmsg+0xe5/0x1b0 [ 1437.579645][T26798] ? __sys_sendmsg_sock+0x30/0x30 [ 1437.584672][T26798] ? syscall_enter_from_user_mode+0x21/0x70 [ 1437.590564][T26798] do_syscall_64+0x35/0xb0 [ 1437.594972][T26798] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1437.600858][T26798] RIP: 0033:0x4665d9 [ 1437.604741][T26798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1437.624340][T26798] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1437.632744][T26798] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1437.640705][T26798] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1437.648663][T26798] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1437.656623][T26798] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1437.664584][T26798] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 21:29:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03520000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:31 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d015b0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1437.757858][T26820] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1437.770278][T26840] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1437.853909][T26837] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1437.863908][T26837] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1437.887132][T26843] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. 21:29:32 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{0x0}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1437.926999][T26837] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1437.926999][T26837] !' [ 1437.958587][T26837] CPU: 0 PID: 26837 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1437.967198][T26837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1437.977254][T26837] Call Trace: [ 1437.980532][T26837] dump_stack_lvl+0xcd/0x134 [ 1437.985136][T26837] sysfs_warn_dup.cold+0x1c/0x29 [ 1437.990173][T26837] sysfs_do_create_link_sd+0x11e/0x140 [ 1437.995646][T26837] sysfs_create_link+0x5f/0xc0 [ 1438.000418][T26837] device_add+0x789/0x2100 [ 1438.004837][T26837] ? mutex_lock_io_nested+0xf00/0xf00 [ 1438.010220][T26837] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1438.015775][T26837] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1438.022019][T26837] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1438.028264][T26837] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.034509][T26837] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1438.040608][T26837] wiphy_register+0x1e8a/0x29b0 [ 1438.045473][T26837] ? wiphy_unregister+0xbd0/0xbd0 [ 1438.050499][T26837] ? minstrel_ht_alloc+0x531/0xa00 [ 1438.055626][T26837] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1438.061709][T26837] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1438.067190][T26837] ? ieee80211_restart_hw+0x290/0x290 [ 1438.072660][T26837] ? debug_object_destroy+0x210/0x210 [ 1438.078049][T26837] ? memset+0x20/0x40 [ 1438.082037][T26837] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.088285][T26837] ? __hrtimer_init+0x136/0x280 [ 1438.093151][T26837] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1438.098898][T26837] ? hwsim_virtio_rx_work+0x350/0x350 [ 1438.104282][T26837] ? __kmalloc_track_caller+0x1a0/0x320 [ 1438.109837][T26837] ? memcpy+0x39/0x60 [ 1438.113831][T26837] hwsim_new_radio_nl+0x9bc/0x1080 [ 1438.118959][T26837] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1438.124867][T26837] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.131113][T26837] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1438.138498][T26837] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1438.145798][T26837] genl_family_rcv_msg_doit+0x228/0x320 [ 1438.151356][T26837] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1438.158739][T26837] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.164996][T26837] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.171240][T26837] ? ns_capable+0xde/0x100 [ 1438.175664][T26837] genl_rcv_msg+0x328/0x580 [ 1438.180180][T26837] ? genl_get_cmd+0x480/0x480 [ 1438.184866][T26837] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1438.190777][T26837] ? lock_release+0x720/0x720 [ 1438.195462][T26837] netlink_rcv_skb+0x153/0x420 [ 1438.200235][T26837] ? genl_get_cmd+0x480/0x480 [ 1438.204923][T26837] ? netlink_ack+0xa60/0xa60 [ 1438.209535][T26837] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.215788][T26837] genl_rcv+0x24/0x40 [ 1438.219775][T26837] netlink_unicast+0x533/0x7d0 [ 1438.224554][T26837] ? netlink_attachskb+0x890/0x890 [ 1438.229673][T26837] ? __virt_addr_valid+0x5d/0x2d0 [ 1438.234703][T26837] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1438.240952][T26837] ? __phys_addr_symbol+0x2c/0x70 [ 1438.245981][T26837] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1438.251705][T26837] ? __check_object_size+0x16e/0x3f0 [ 1438.257000][T26837] netlink_sendmsg+0x85b/0xda0 [ 1438.261778][T26837] ? netlink_unicast+0x7d0/0x7d0 [ 1438.266729][T26837] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.272976][T26837] ? netlink_unicast+0x7d0/0x7d0 [ 1438.277922][T26837] sock_sendmsg+0xcf/0x120 [ 1438.282354][T26837] ____sys_sendmsg+0x6e8/0x810 [ 1438.287128][T26837] ? kernel_sendmsg+0x50/0x50 [ 1438.291809][T26837] ? do_recvmmsg+0x6d0/0x6d0 [ 1438.296412][T26837] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1438.302407][T26837] ___sys_sendmsg+0xf3/0x170 [ 1438.307004][T26837] ? sendmsg_copy_msghdr+0x160/0x160 [ 1438.312302][T26837] ? __fget_files+0x266/0x3d0 [ 1438.316985][T26837] ? lock_downgrade+0x6e0/0x6e0 [ 1438.321853][T26837] ? __fget_files+0x288/0x3d0 [ 1438.326541][T26837] ? __fget_light+0xea/0x280 [ 1438.331142][T26837] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1438.337392][T26837] __sys_sendmsg+0xe5/0x1b0 [ 1438.341900][T26837] ? __sys_sendmsg_sock+0x30/0x30 [ 1438.346956][T26837] ? syscall_enter_from_user_mode+0x21/0x70 [ 1438.352866][T26837] do_syscall_64+0x35/0xb0 [ 1438.357288][T26837] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1438.363188][T26837] RIP: 0033:0x4665d9 [ 1438.367083][T26837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1438.386692][T26837] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1438.395106][T26837] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1438.403076][T26837] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1438.411047][T26837] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1438.419018][T26837] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 21:29:32 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1438.426986][T26837] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 [ 1438.499550][T26854] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:29:32 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00530000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1438.549974][T26863] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1438.551922][T26839] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:32 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63130d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:32 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d025b0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1438.640076][T26839] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1438.704381][T26839] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1438.704381][T26839] !' [ 1438.736863][T26839] CPU: 0 PID: 26839 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1438.745296][T26839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1438.755350][T26839] Call Trace: [ 1438.758629][T26839] dump_stack_lvl+0xcd/0x134 [ 1438.763236][T26839] sysfs_warn_dup.cold+0x1c/0x29 [ 1438.768187][T26839] sysfs_do_create_link_sd+0x11e/0x140 [ 1438.773659][T26839] sysfs_create_link+0x5f/0xc0 [ 1438.778433][T26839] device_add+0x789/0x2100 [ 1438.782865][T26839] ? mutex_lock_io_nested+0xf00/0xf00 [ 1438.788244][T26839] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1438.793799][T26839] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1438.800044][T26839] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1438.806291][T26839] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.812538][T26839] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1438.818539][T26839] wiphy_register+0x1e8a/0x29b0 [ 1438.823405][T26839] ? wiphy_unregister+0xbd0/0xbd0 [ 1438.828438][T26839] ? minstrel_ht_alloc+0x531/0xa00 [ 1438.833570][T26839] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1438.839654][T26839] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1438.845139][T26839] ? ieee80211_restart_hw+0x290/0x290 [ 1438.850522][T26839] ? debug_object_destroy+0x210/0x210 [ 1438.855912][T26839] ? memset+0x20/0x40 [ 1438.859903][T26839] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.866151][T26839] ? __hrtimer_init+0x136/0x280 [ 1438.871018][T26839] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1438.876768][T26839] ? hwsim_virtio_rx_work+0x350/0x350 [ 1438.882151][T26839] ? __kmalloc_track_caller+0x1a0/0x320 [ 1438.887706][T26839] ? memcpy+0x39/0x60 [ 1438.891704][T26839] hwsim_new_radio_nl+0x9bc/0x1080 [ 1438.896829][T26839] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1438.902744][T26839] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.908992][T26839] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1438.916377][T26839] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1438.923678][T26839] genl_family_rcv_msg_doit+0x228/0x320 [ 1438.929237][T26839] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1438.936619][T26839] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.942879][T26839] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1438.949127][T26839] ? ns_capable+0xde/0x100 [ 1438.953554][T26839] genl_rcv_msg+0x328/0x580 [ 1438.958075][T26839] ? genl_get_cmd+0x480/0x480 [ 1438.962763][T26839] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1438.968696][T26839] ? lock_release+0x720/0x720 [ 1438.973376][T26839] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1438.978861][T26839] netlink_rcv_skb+0x153/0x420 [ 1438.983830][T26839] ? genl_get_cmd+0x480/0x480 [ 1438.988500][T26839] ? netlink_ack+0xa60/0xa60 [ 1438.993457][T26839] genl_rcv+0x24/0x40 [ 1438.997627][T26839] netlink_unicast+0x533/0x7d0 [ 1439.002581][T26839] ? netlink_attachskb+0x890/0x890 [ 1439.007703][T26839] ? __virt_addr_valid+0x5d/0x2d0 [ 1439.012733][T26839] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1439.018963][T26839] ? __phys_addr_symbol+0x2c/0x70 [ 1439.023988][T26839] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1439.029693][T26839] ? __check_object_size+0x16e/0x3f0 [ 1439.034967][T26839] netlink_sendmsg+0x85b/0xda0 [ 1439.039723][T26839] ? netlink_unicast+0x7d0/0x7d0 [ 1439.044653][T26839] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1439.050884][T26839] ? netlink_unicast+0x7d0/0x7d0 [ 1439.055828][T26839] sock_sendmsg+0xcf/0x120 [ 1439.060238][T26839] ____sys_sendmsg+0x6e8/0x810 [ 1439.065007][T26839] ? kernel_sendmsg+0x50/0x50 [ 1439.069669][T26839] ? do_recvmmsg+0x6d0/0x6d0 [ 1439.074268][T26839] ? lock_chain_count+0x20/0x20 [ 1439.079110][T26839] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1439.085097][T26839] ___sys_sendmsg+0xf3/0x170 [ 1439.089677][T26839] ? sendmsg_copy_msghdr+0x160/0x160 [ 1439.094954][T26839] ? __fget_files+0x266/0x3d0 [ 1439.099620][T26839] ? lock_downgrade+0x6e0/0x6e0 [ 1439.104468][T26839] ? __fget_files+0x288/0x3d0 [ 1439.109146][T26839] ? __fget_light+0xea/0x280 [ 1439.113741][T26839] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1439.119978][T26839] __sys_sendmsg+0xe5/0x1b0 [ 1439.124483][T26839] ? __sys_sendmsg_sock+0x30/0x30 [ 1439.129504][T26839] ? syscall_enter_from_user_mode+0x21/0x70 [ 1439.135395][T26839] do_syscall_64+0x35/0xb0 [ 1439.139821][T26839] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1439.145720][T26839] RIP: 0033:0x4665d9 [ 1439.149600][T26839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1439.169190][T26839] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1439.177588][T26839] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1439.185547][T26839] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1439.193501][T26839] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1439.201463][T26839] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1439.209430][T26839] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1439.332696][T26841] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1439.366217][T26841] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1439.366217][T26841] !' 21:29:33 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01530000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1439.407338][T26841] CPU: 1 PID: 26841 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1439.415967][T26841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1439.426022][T26841] Call Trace: [ 1439.429299][T26841] dump_stack_lvl+0xcd/0x134 [ 1439.433902][T26841] sysfs_warn_dup.cold+0x1c/0x29 [ 1439.438858][T26841] sysfs_do_create_link_sd+0x11e/0x140 [ 1439.444894][T26841] sysfs_create_link+0x5f/0xc0 [ 1439.449645][T26841] device_add+0x789/0x2100 [ 1439.454050][T26841] ? mutex_lock_io_nested+0xf00/0xf00 [ 1439.459409][T26841] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1439.464945][T26841] ? mark_held_locks+0x9f/0xe0 [ 1439.469695][T26841] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1439.475921][T26841] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1439.482163][T26841] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1439.488404][T26841] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1439.494386][T26841] wiphy_register+0x1e8a/0x29b0 [ 1439.499246][T26841] ? wiphy_unregister+0xbd0/0xbd0 [ 1439.504267][T26841] ? minstrel_ht_alloc+0x531/0xa00 [ 1439.509548][T26841] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1439.515607][T26841] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1439.521063][T26841] ? ieee80211_restart_hw+0x290/0x290 [ 1439.526427][T26841] ? debug_object_destroy+0x210/0x210 [ 1439.531799][T26841] ? memset+0x20/0x40 [ 1439.535786][T26841] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1439.542011][T26841] ? __hrtimer_init+0x136/0x280 [ 1439.546856][T26841] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1439.552576][T26841] ? hwsim_virtio_rx_work+0x350/0x350 [ 1439.557934][T26841] ? __kmalloc_track_caller+0x1a0/0x320 [ 1439.563486][T26841] ? memcpy+0x39/0x60 [ 1439.567467][T26841] hwsim_new_radio_nl+0x9bc/0x1080 [ 1439.572586][T26841] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1439.578473][T26841] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1439.584714][T26841] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1439.592077][T26841] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1439.599372][T26841] genl_family_rcv_msg_doit+0x228/0x320 [ 1439.604909][T26841] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1439.612269][T26841] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1439.618519][T26841] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1439.624746][T26841] ? ns_capable+0xde/0x100 [ 1439.629152][T26841] genl_rcv_msg+0x328/0x580 [ 1439.633645][T26841] ? genl_get_cmd+0x480/0x480 [ 1439.638329][T26841] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1439.644218][T26841] ? lock_release+0x720/0x720 [ 1439.648877][T26841] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1439.654152][T26841] netlink_rcv_skb+0x153/0x420 [ 1439.658913][T26841] ? genl_get_cmd+0x480/0x480 [ 1439.663598][T26841] ? netlink_ack+0xa60/0xa60 [ 1439.668187][T26841] genl_rcv+0x24/0x40 [ 1439.672157][T26841] netlink_unicast+0x533/0x7d0 [ 1439.676934][T26841] ? netlink_attachskb+0x890/0x890 [ 1439.682036][T26841] ? __virt_addr_valid+0x5d/0x2d0 [ 1439.687049][T26841] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1439.693283][T26841] ? __phys_addr_symbol+0x2c/0x70 [ 1439.698314][T26841] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1439.704035][T26841] ? __check_object_size+0x16e/0x3f0 [ 1439.709310][T26841] netlink_sendmsg+0x85b/0xda0 [ 1439.714073][T26841] ? netlink_unicast+0x7d0/0x7d0 [ 1439.719019][T26841] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1439.725266][T26841] ? netlink_unicast+0x7d0/0x7d0 [ 1439.730193][T26841] sock_sendmsg+0xcf/0x120 [ 1439.734596][T26841] ____sys_sendmsg+0x6e8/0x810 [ 1439.739347][T26841] ? kernel_sendmsg+0x50/0x50 [ 1439.744008][T26841] ? do_recvmmsg+0x6d0/0x6d0 [ 1439.748586][T26841] ? lock_chain_count+0x20/0x20 [ 1439.753423][T26841] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1439.759398][T26841] ___sys_sendmsg+0xf3/0x170 [ 1439.763977][T26841] ? sendmsg_copy_msghdr+0x160/0x160 [ 1439.769249][T26841] ? __fget_files+0x266/0x3d0 [ 1439.773911][T26841] ? lock_downgrade+0x6e0/0x6e0 [ 1439.778755][T26841] ? __fget_files+0x288/0x3d0 [ 1439.783422][T26841] ? __fget_light+0xea/0x280 [ 1439.788004][T26841] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1439.794232][T26841] __sys_sendmsg+0xe5/0x1b0 [ 1439.798723][T26841] ? __sys_sendmsg_sock+0x30/0x30 [ 1439.803743][T26841] ? syscall_enter_from_user_mode+0x21/0x70 [ 1439.809629][T26841] do_syscall_64+0x35/0xb0 [ 1439.814047][T26841] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1439.819931][T26841] RIP: 0033:0x4665d9 [ 1439.823817][T26841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1439.843407][T26841] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1439.851809][T26841] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1439.859765][T26841] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1439.867719][T26841] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1439.875673][T26841] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1439.883626][T26841] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 21:29:34 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d035b0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1439.953218][T26853] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:34 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{0x0}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:34 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1440.036500][T26853] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1440.036500][T26853] !' [ 1440.079490][T26853] CPU: 0 PID: 26853 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1440.088123][T26853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1440.098199][T26853] Call Trace: [ 1440.101477][T26853] dump_stack_lvl+0xcd/0x134 [ 1440.106079][T26853] sysfs_warn_dup.cold+0x1c/0x29 [ 1440.111024][T26853] sysfs_do_create_link_sd+0x11e/0x140 [ 1440.116491][T26853] sysfs_create_link+0x5f/0xc0 [ 1440.121255][T26853] device_add+0x789/0x2100 [ 1440.125675][T26853] ? mutex_lock_io_nested+0xf00/0xf00 [ 1440.131052][T26853] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1440.136606][T26853] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1440.142846][T26853] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1440.149078][T26853] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.155321][T26853] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1440.161319][T26853] wiphy_register+0x1e8a/0x29b0 [ 1440.166184][T26853] ? wiphy_unregister+0xbd0/0xbd0 [ 1440.171209][T26853] ? minstrel_ht_alloc+0x531/0xa00 [ 1440.176337][T26853] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1440.182424][T26853] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1440.187911][T26853] ? ieee80211_restart_hw+0x290/0x290 [ 1440.193294][T26853] ? debug_object_destroy+0x210/0x210 [ 1440.198680][T26853] ? memset+0x20/0x40 [ 1440.202671][T26853] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.208917][T26853] ? __hrtimer_init+0x136/0x280 [ 1440.213778][T26853] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1440.219528][T26853] ? hwsim_virtio_rx_work+0x350/0x350 [ 1440.224906][T26853] ? __kmalloc_track_caller+0x1a0/0x320 [ 1440.230462][T26853] ? memcpy+0x39/0x60 [ 1440.234460][T26853] hwsim_new_radio_nl+0x9bc/0x1080 [ 1440.239586][T26853] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1440.245499][T26853] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.251742][T26853] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1440.259125][T26853] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1440.266429][T26853] genl_family_rcv_msg_doit+0x228/0x320 [ 1440.271993][T26853] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1440.279375][T26853] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.285638][T26853] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.291884][T26853] ? ns_capable+0xde/0x100 [ 1440.296306][T26853] genl_rcv_msg+0x328/0x580 [ 1440.300821][T26853] ? genl_get_cmd+0x480/0x480 [ 1440.305509][T26853] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1440.311419][T26853] ? lock_release+0x720/0x720 [ 1440.316104][T26853] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1440.321398][T26853] netlink_rcv_skb+0x153/0x420 [ 1440.326177][T26853] ? genl_get_cmd+0x480/0x480 [ 1440.330864][T26853] ? netlink_ack+0xa60/0xa60 [ 1440.335484][T26853] genl_rcv+0x24/0x40 [ 1440.339472][T26853] netlink_unicast+0x533/0x7d0 [ 1440.344241][T26853] ? netlink_attachskb+0x890/0x890 [ 1440.349361][T26853] ? __virt_addr_valid+0x5d/0x2d0 [ 1440.354402][T26853] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1440.360645][T26853] ? __phys_addr_symbol+0x2c/0x70 [ 1440.365674][T26853] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1440.371399][T26853] ? __check_object_size+0x16e/0x3f0 [ 1440.376699][T26853] netlink_sendmsg+0x85b/0xda0 [ 1440.381476][T26853] ? netlink_unicast+0x7d0/0x7d0 [ 1440.386429][T26853] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.392683][T26853] ? netlink_unicast+0x7d0/0x7d0 [ 1440.397631][T26853] sock_sendmsg+0xcf/0x120 [ 1440.402054][T26853] ____sys_sendmsg+0x6e8/0x810 [ 1440.406827][T26853] ? kernel_sendmsg+0x50/0x50 [ 1440.411504][T26853] ? do_recvmmsg+0x6d0/0x6d0 [ 1440.416100][T26853] ? lock_chain_count+0x20/0x20 [ 1440.421342][T26853] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1440.427524][T26853] ___sys_sendmsg+0xf3/0x170 [ 1440.432329][T26853] ? sendmsg_copy_msghdr+0x160/0x160 [ 1440.438623][T26853] ? __fget_files+0x266/0x3d0 [ 1440.443308][T26853] ? lock_downgrade+0x6e0/0x6e0 [ 1440.448168][T26853] ? __fget_files+0x288/0x3d0 [ 1440.452835][T26853] ? __fget_light+0xea/0x280 [ 1440.457415][T26853] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1440.463673][T26853] __sys_sendmsg+0xe5/0x1b0 [ 1440.468180][T26853] ? __sys_sendmsg_sock+0x30/0x30 [ 1440.473198][T26853] ? syscall_enter_from_user_mode+0x21/0x70 [ 1440.479087][T26853] do_syscall_64+0x35/0xb0 [ 1440.483519][T26853] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1440.489403][T26853] RIP: 0033:0x4665d9 [ 1440.493283][T26853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1440.512877][T26853] RSP: 002b:00007ff8ad9cc188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1440.521291][T26853] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1440.529277][T26853] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1440.537232][T26853] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1440.545372][T26853] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1440.553328][T26853] R13: 00007ffd9d70a0cf R14: 00007ff8ad9cc300 R15: 0000000000022000 [ 1440.600077][T26890] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:34 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r6 = socket(0x10, 0x8000000803, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newlink={0x120, 0x10, 0x401, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x242b8, 0x42a0a}, [@IFLA_LINKINFO={0xf0, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xe0, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x70, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200004, 0x1f}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x10001}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3fc, 0x39e4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8, 0x3235c00}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7ff, 0xc73}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xd1e7, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xcaa3, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8, 0xfffffffc}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8, 0xa1ae}}]}, @IFLA_VLAN_EGRESS_QOS={0x64, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x9, 0x2be5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x9, 0x80000000}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x2, 0x400008}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x2, 0x3000}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0x2ed8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x1, 0xa}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xad4c, 0x4}}]}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x120}}, 0x0) ioctl$SIOCAX25DELUID(r6, 0x89e2, &(0x7f00000000c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r7 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r7, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 21:29:34 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02530000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1440.650247][T26890] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1440.650247][T26890] !' 21:29:34 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d005c0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1440.737339][T26890] CPU: 0 PID: 26890 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1440.745804][T26890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1440.755855][T26890] Call Trace: [ 1440.759131][T26890] dump_stack_lvl+0xcd/0x134 [ 1440.763734][T26890] sysfs_warn_dup.cold+0x1c/0x29 [ 1440.768683][T26890] sysfs_do_create_link_sd+0x11e/0x140 [ 1440.774155][T26890] sysfs_create_link+0x5f/0xc0 [ 1440.778927][T26890] device_add+0x789/0x2100 [ 1440.783349][T26890] ? mutex_lock_io_nested+0xf00/0xf00 [ 1440.788726][T26890] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1440.794281][T26890] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1440.800549][T26890] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1440.806818][T26890] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.813062][T26890] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1440.819055][T26890] wiphy_register+0x1e8a/0x29b0 [ 1440.823921][T26890] ? wiphy_unregister+0xbd0/0xbd0 [ 1440.828947][T26890] ? minstrel_ht_alloc+0x531/0xa00 [ 1440.834073][T26890] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1440.840155][T26890] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1440.845641][T26890] ? ieee80211_restart_hw+0x290/0x290 [ 1440.851023][T26890] ? debug_object_destroy+0x210/0x210 [ 1440.856410][T26890] ? memset+0x20/0x40 [ 1440.860405][T26890] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.866655][T26890] ? __hrtimer_init+0x136/0x280 [ 1440.871516][T26890] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1440.877263][T26890] ? hwsim_virtio_rx_work+0x350/0x350 [ 1440.882640][T26890] ? __kmalloc_track_caller+0x1a0/0x320 [ 1440.888193][T26890] ? memcpy+0x39/0x60 [ 1440.892187][T26890] hwsim_new_radio_nl+0x9bc/0x1080 [ 1440.897315][T26890] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1440.903229][T26890] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.909474][T26890] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1440.916856][T26890] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1440.924155][T26890] genl_family_rcv_msg_doit+0x228/0x320 [ 1440.929706][T26890] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1440.937081][T26890] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.943324][T26890] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.949564][T26890] ? ns_capable+0xde/0x100 [ 1440.953974][T26890] genl_rcv_msg+0x328/0x580 [ 1440.958491][T26890] ? genl_get_cmd+0x480/0x480 [ 1440.963179][T26890] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1440.969304][T26890] ? lock_release+0x720/0x720 [ 1440.973971][T26890] netlink_rcv_skb+0x153/0x420 [ 1440.978726][T26890] ? genl_get_cmd+0x480/0x480 [ 1440.983395][T26890] ? netlink_ack+0xa60/0xa60 [ 1440.988007][T26890] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1440.994258][T26890] genl_rcv+0x24/0x40 [ 1440.998264][T26890] netlink_unicast+0x533/0x7d0 [ 1441.003027][T26890] ? netlink_attachskb+0x890/0x890 [ 1441.008145][T26890] ? __virt_addr_valid+0x5d/0x2d0 [ 1441.013176][T26890] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1441.019406][T26890] ? __phys_addr_symbol+0x2c/0x70 [ 1441.024440][T26890] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1441.030168][T26890] ? __check_object_size+0x16e/0x3f0 [ 1441.035462][T26890] netlink_sendmsg+0x85b/0xda0 [ 1441.040219][T26890] ? netlink_unicast+0x7d0/0x7d0 [ 1441.045155][T26890] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1441.051388][T26890] ? netlink_unicast+0x7d0/0x7d0 [ 1441.056344][T26890] sock_sendmsg+0xcf/0x120 [ 1441.060768][T26890] ____sys_sendmsg+0x6e8/0x810 [ 1441.065535][T26890] ? kernel_sendmsg+0x50/0x50 [ 1441.070197][T26890] ? do_recvmmsg+0x6d0/0x6d0 [ 1441.074776][T26890] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1441.080754][T26890] ___sys_sendmsg+0xf3/0x170 [ 1441.085353][T26890] ? sendmsg_copy_msghdr+0x160/0x160 [ 1441.090650][T26890] ? __fget_files+0x266/0x3d0 [ 1441.095331][T26890] ? lock_downgrade+0x6e0/0x6e0 [ 1441.100186][T26890] ? __fget_files+0x288/0x3d0 [ 1441.104875][T26890] ? __fget_light+0xea/0x280 [ 1441.109470][T26890] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1441.115722][T26890] __sys_sendmsg+0xe5/0x1b0 [ 1441.120229][T26890] ? __sys_sendmsg_sock+0x30/0x30 [ 1441.125237][T26890] ? asm_sysvec_call_function_single+0x12/0x20 [ 1441.131382][T26890] ? lockdep_hardirqs_on+0x79/0x100 [ 1441.136603][T26890] do_syscall_64+0x35/0xb0 [ 1441.141024][T26890] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1441.146926][T26890] RIP: 0033:0x4665d9 [ 1441.150822][T26890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1441.170431][T26890] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1441.178834][T26890] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1441.186791][T26890] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1441.194745][T26890] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1441.202702][T26890] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1441.210671][T26890] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1441.279807][T26926] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1441.439397][T26926] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1441.439397][T26926] !' [ 1441.454454][T26926] CPU: 1 PID: 26926 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1441.462973][T26926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1441.473027][T26926] Call Trace: [ 1441.476304][T26926] dump_stack_lvl+0xcd/0x134 [ 1441.481148][T26926] sysfs_warn_dup.cold+0x1c/0x29 [ 1441.486095][T26926] sysfs_do_create_link_sd+0x11e/0x140 [ 1441.491719][T26926] sysfs_create_link+0x5f/0xc0 [ 1441.496691][T26926] device_add+0x789/0x2100 [ 1441.501611][T26926] ? mutex_lock_io_nested+0xf00/0xf00 [ 1441.507399][T26926] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1441.513431][T26926] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1441.520123][T26926] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1441.526549][T26926] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1441.532778][T26926] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1441.539224][T26926] wiphy_register+0x1e8a/0x29b0 [ 1441.544067][T26926] ? wiphy_unregister+0xbd0/0xbd0 [ 1441.549075][T26926] ? minstrel_ht_alloc+0x531/0xa00 [ 1441.554184][T26926] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1441.560609][T26926] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1441.566271][T26926] ? ieee80211_restart_hw+0x290/0x290 [ 1441.571649][T26926] ? debug_object_destroy+0x210/0x210 [ 1441.577212][T26926] ? memset+0x20/0x40 [ 1441.581193][T26926] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1441.588030][T26926] ? __hrtimer_init+0x136/0x280 [ 1441.592872][T26926] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1441.598600][T26926] ? hwsim_virtio_rx_work+0x350/0x350 [ 1441.603978][T26926] ? __kmalloc_track_caller+0x1a0/0x320 [ 1441.609509][T26926] ? memcpy+0x39/0x60 [ 1441.613497][T26926] hwsim_new_radio_nl+0x9bc/0x1080 [ 1441.618600][T26926] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1441.624501][T26926] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1441.630745][T26926] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1441.638126][T26926] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1441.645408][T26926] genl_family_rcv_msg_doit+0x228/0x320 [ 1441.650971][T26926] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1441.658348][T26926] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1441.664579][T26926] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1441.670811][T26926] ? ns_capable+0xde/0x100 [ 1441.675234][T26926] genl_rcv_msg+0x328/0x580 [ 1441.679744][T26926] ? genl_get_cmd+0x480/0x480 [ 1441.684409][T26926] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1441.690315][T26926] ? lock_release+0x720/0x720 [ 1441.694991][T26926] netlink_rcv_skb+0x153/0x420 [ 1441.699777][T26926] ? genl_get_cmd+0x480/0x480 [ 1441.704442][T26926] ? netlink_ack+0xa60/0xa60 [ 1441.709030][T26926] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1441.715261][T26926] genl_rcv+0x24/0x40 [ 1441.719235][T26926] netlink_unicast+0x533/0x7d0 [ 1441.723996][T26926] ? netlink_attachskb+0x890/0x890 [ 1441.729112][T26926] ? __virt_addr_valid+0x5d/0x2d0 [ 1441.734125][T26926] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1441.740351][T26926] ? __phys_addr_symbol+0x2c/0x70 [ 1441.745360][T26926] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1441.751064][T26926] ? __check_object_size+0x16e/0x3f0 [ 1441.756350][T26926] netlink_sendmsg+0x85b/0xda0 [ 1441.761119][T26926] ? netlink_unicast+0x7d0/0x7d0 [ 1441.766049][T26926] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1441.772281][T26926] ? netlink_unicast+0x7d0/0x7d0 [ 1441.777208][T26926] sock_sendmsg+0xcf/0x120 [ 1441.781612][T26926] ____sys_sendmsg+0x6e8/0x810 [ 1441.786369][T26926] ? kernel_sendmsg+0x50/0x50 [ 1441.791046][T26926] ? do_recvmmsg+0x6d0/0x6d0 [ 1441.795630][T26926] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1441.801600][T26926] ___sys_sendmsg+0xf3/0x170 [ 1441.806177][T26926] ? sendmsg_copy_msghdr+0x160/0x160 [ 1441.811455][T26926] ? __fget_files+0x266/0x3d0 [ 1441.816135][T26926] ? lock_downgrade+0x6e0/0x6e0 [ 1441.820980][T26926] ? __fget_files+0x288/0x3d0 [ 1441.825646][T26926] ? __fget_light+0xea/0x280 [ 1441.830222][T26926] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1441.836459][T26926] __sys_sendmsg+0xe5/0x1b0 [ 1441.840959][T26926] ? __sys_sendmsg_sock+0x30/0x30 [ 1441.845978][T26926] ? syscall_enter_from_user_mode+0x21/0x70 [ 1441.851868][T26926] do_syscall_64+0x35/0xb0 [ 1441.856287][T26926] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1441.862188][T26926] RIP: 0033:0x4665d9 [ 1441.866065][T26926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1441.885673][T26926] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1441.894069][T26926] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1441.902027][T26926] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1441.909995][T26926] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1441.917949][T26926] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1441.925918][T26926] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 21:29:36 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63140d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1442.001682][T26956] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1442.009875][T26956] __nla_validate_parse: 16 callbacks suppressed [ 1442.009889][T26956] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. 21:29:36 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03530000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:36 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d015c0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:36 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1442.459008][T27001] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1442.500563][T27004] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1442.560779][T26956] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1442.560779][T26956] !' [ 1442.586738][T26956] CPU: 0 PID: 26956 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1442.595437][T26956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1442.605490][T26956] Call Trace: [ 1442.608766][T26956] dump_stack_lvl+0xcd/0x134 [ 1442.613369][T26956] sysfs_warn_dup.cold+0x1c/0x29 [ 1442.618317][T26956] sysfs_do_create_link_sd+0x11e/0x140 [ 1442.623788][T26956] sysfs_create_link+0x5f/0xc0 [ 1442.628563][T26956] device_add+0x789/0x2100 [ 1442.632984][T26956] ? mutex_lock_io_nested+0xf00/0xf00 [ 1442.638375][T26956] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1442.644008][T26956] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1442.650253][T26956] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1442.656496][T26956] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1442.662740][T26956] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1442.668739][T26956] wiphy_register+0x1e8a/0x29b0 [ 1442.673607][T26956] ? wiphy_unregister+0xbd0/0xbd0 [ 1442.678635][T26956] ? minstrel_ht_alloc+0x531/0xa00 [ 1442.683765][T26956] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1442.689846][T26956] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1442.695320][T26956] ? ieee80211_restart_hw+0x290/0x290 [ 1442.700695][T26956] ? debug_object_destroy+0x210/0x210 [ 1442.706080][T26956] ? memset+0x20/0x40 [ 1442.710071][T26956] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1442.716316][T26956] ? __hrtimer_init+0x136/0x280 [ 1442.721178][T26956] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1442.726931][T26956] ? hwsim_virtio_rx_work+0x350/0x350 [ 1442.732315][T26956] ? __kmalloc_track_caller+0x1a0/0x320 [ 1442.737869][T26956] ? memcpy+0x39/0x60 [ 1442.741867][T26956] hwsim_new_radio_nl+0x9bc/0x1080 [ 1442.746997][T26956] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1442.752909][T26956] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1442.759734][T26956] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1442.767474][T26956] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1442.775450][T26956] genl_family_rcv_msg_doit+0x228/0x320 [ 1442.781378][T26956] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1442.788758][T26956] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1442.794993][T26956] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1442.801222][T26956] ? ns_capable+0xde/0x100 [ 1442.805642][T26956] genl_rcv_msg+0x328/0x580 [ 1442.810137][T26956] ? genl_get_cmd+0x480/0x480 [ 1442.814803][T26956] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1442.820693][T26956] ? lock_release+0x720/0x720 [ 1442.825368][T26956] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1442.830650][T26956] netlink_rcv_skb+0x153/0x420 [ 1442.835418][T26956] ? genl_get_cmd+0x480/0x480 [ 1442.840089][T26956] ? netlink_ack+0xa60/0xa60 [ 1442.844704][T26956] genl_rcv+0x24/0x40 [ 1442.848704][T26956] netlink_unicast+0x533/0x7d0 [ 1442.853462][T26956] ? netlink_attachskb+0x890/0x890 [ 1442.858562][T26956] ? __virt_addr_valid+0x5d/0x2d0 [ 1442.863609][T26956] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1442.869836][T26956] ? __phys_addr_symbol+0x2c/0x70 [ 1442.874846][T26956] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1442.880547][T26956] ? __check_object_size+0x16e/0x3f0 [ 1442.885821][T26956] netlink_sendmsg+0x85b/0xda0 [ 1442.890577][T26956] ? netlink_unicast+0x7d0/0x7d0 [ 1442.895526][T26956] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1442.901758][T26956] ? netlink_unicast+0x7d0/0x7d0 [ 1442.906700][T26956] sock_sendmsg+0xcf/0x120 [ 1442.911109][T26956] ____sys_sendmsg+0x6e8/0x810 [ 1442.915877][T26956] ? kernel_sendmsg+0x50/0x50 [ 1442.920540][T26956] ? do_recvmmsg+0x6d0/0x6d0 [ 1442.925123][T26956] ? lock_chain_count+0x20/0x20 [ 1442.929960][T26956] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1442.935930][T26956] ___sys_sendmsg+0xf3/0x170 [ 1442.940508][T26956] ? sendmsg_copy_msghdr+0x160/0x160 [ 1442.945783][T26956] ? __fget_files+0x266/0x3d0 [ 1442.950468][T26956] ? lock_downgrade+0x6e0/0x6e0 [ 1442.955311][T26956] ? __fget_files+0x288/0x3d0 [ 1442.959978][T26956] ? __fget_light+0xea/0x280 [ 1442.964554][T26956] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1442.971176][T26956] __sys_sendmsg+0xe5/0x1b0 [ 1442.975682][T26956] ? __sys_sendmsg_sock+0x30/0x30 [ 1442.980713][T26956] ? syscall_enter_from_user_mode+0x21/0x70 [ 1442.986616][T26956] do_syscall_64+0x35/0xb0 [ 1442.991023][T26956] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1442.996927][T26956] RIP: 0033:0x4665d9 [ 1443.000815][T26956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1443.020425][T26956] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1443.028831][T26956] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1443.036794][T26956] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1443.044753][T26956] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1443.052714][T26956] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1443.060673][T26956] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1443.108545][T27007] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1443.132577][T27009] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. 21:29:37 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d025c0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00540000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1443.178202][T26990] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1443.209632][T26990] netlink: 146340 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1443.256635][T27040] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1443.280546][T26990] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1443.280546][T26990] !' [ 1443.304604][T26990] CPU: 1 PID: 26990 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1443.313122][T26990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1443.323175][T26990] Call Trace: [ 1443.326458][T26990] dump_stack_lvl+0xcd/0x134 [ 1443.331083][T26990] sysfs_warn_dup.cold+0x1c/0x29 [ 1443.336073][T26990] sysfs_do_create_link_sd+0x11e/0x140 [ 1443.341552][T26990] sysfs_create_link+0x5f/0xc0 [ 1443.346321][T26990] device_add+0x789/0x2100 [ 1443.350744][T26990] ? mutex_lock_io_nested+0xf00/0xf00 [ 1443.356124][T26990] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1443.361678][T26990] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1443.368105][T26990] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1443.374554][T26990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1443.380991][T26990] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1443.387369][T26990] wiphy_register+0x1e8a/0x29b0 [ 1443.392411][T26990] ? wiphy_unregister+0xbd0/0xbd0 [ 1443.397792][T26990] ? minstrel_ht_alloc+0x531/0xa00 [ 1443.402895][T26990] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1443.409154][T26990] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1443.414824][T26990] ? ieee80211_restart_hw+0x290/0x290 [ 1443.420206][T26990] ? debug_object_destroy+0x210/0x210 [ 1443.425572][T26990] ? memset+0x20/0x40 [ 1443.429543][T26990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1443.435768][T26990] ? __hrtimer_init+0x136/0x280 [ 1443.440632][T26990] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1443.446365][T26990] ? hwsim_virtio_rx_work+0x350/0x350 [ 1443.451741][T26990] ? __kmalloc_track_caller+0x1a0/0x320 [ 1443.457275][T26990] ? memcpy+0x39/0x60 [ 1443.461434][T26990] hwsim_new_radio_nl+0x9bc/0x1080 [ 1443.466551][T26990] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1443.472444][T26990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1443.478692][T26990] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1443.486054][T26990] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1443.493347][T26990] genl_family_rcv_msg_doit+0x228/0x320 [ 1443.498882][T26990] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1443.506248][T26990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1443.512492][T26990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1443.518733][T26990] ? ns_capable+0xde/0x100 [ 1443.523137][T26990] genl_rcv_msg+0x328/0x580 [ 1443.527715][T26990] ? genl_get_cmd+0x480/0x480 [ 1443.532377][T26990] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1443.538262][T26990] ? lock_release+0x720/0x720 [ 1443.542927][T26990] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1443.548227][T26990] netlink_rcv_skb+0x153/0x420 [ 1443.553181][T26990] ? genl_get_cmd+0x480/0x480 [ 1443.558055][T26990] ? netlink_ack+0xa60/0xa60 [ 1443.562654][T26990] genl_rcv+0x24/0x40 [ 1443.566656][T26990] netlink_unicast+0x533/0x7d0 [ 1443.571410][T26990] ? netlink_attachskb+0x890/0x890 [ 1443.576510][T26990] ? __virt_addr_valid+0x5d/0x2d0 [ 1443.581526][T26990] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1443.587766][T26990] ? __phys_addr_symbol+0x2c/0x70 [ 1443.592775][T26990] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1443.598482][T26990] ? __check_object_size+0x16e/0x3f0 [ 1443.603770][T26990] netlink_sendmsg+0x85b/0xda0 [ 1443.608539][T26990] ? netlink_unicast+0x7d0/0x7d0 [ 1443.613482][T26990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1443.619712][T26990] ? netlink_unicast+0x7d0/0x7d0 [ 1443.624640][T26990] sock_sendmsg+0xcf/0x120 [ 1443.629045][T26990] ____sys_sendmsg+0x6e8/0x810 [ 1443.633795][T26990] ? kernel_sendmsg+0x50/0x50 [ 1443.638460][T26990] ? do_recvmmsg+0x6d0/0x6d0 [ 1443.643047][T26990] ? lock_chain_count+0x20/0x20 [ 1443.647903][T26990] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1443.653872][T26990] ___sys_sendmsg+0xf3/0x170 [ 1443.658458][T26990] ? sendmsg_copy_msghdr+0x160/0x160 [ 1443.663751][T26990] ? __fget_files+0x266/0x3d0 [ 1443.668418][T26990] ? lock_downgrade+0x6e0/0x6e0 [ 1443.673284][T26990] ? __fget_files+0x288/0x3d0 [ 1443.677951][T26990] ? __fget_light+0xea/0x280 [ 1443.682529][T26990] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1443.688757][T26990] __sys_sendmsg+0xe5/0x1b0 [ 1443.693269][T26990] ? __sys_sendmsg_sock+0x30/0x30 [ 1443.698286][T26990] ? syscall_enter_from_user_mode+0x21/0x70 [ 1443.704179][T26990] do_syscall_64+0x35/0xb0 [ 1443.708599][T26990] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1443.714498][T26990] RIP: 0033:0x4665d9 [ 1443.718376][T26990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1443.737984][T26990] RSP: 002b:00007ff8ad9ab188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1443.746383][T26990] RAX: ffffffffffffffda RBX: 000000000056c1a8 RCX: 00000000004665d9 [ 1443.754352][T26990] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1443.762321][T26990] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1443.770286][T26990] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c1a8 [ 1443.778240][T26990] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ab300 R15: 0000000000022000 21:29:38 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x2e}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000001, 0x12, r0, 0x4ea39000) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) preadv(r0, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/6, 0x6}, {&(0x7f0000000100)=""/117, 0x75}, {&(0x7f0000000180)=""/173, 0xad}, {&(0x7f0000000240)=""/80, 0x50}], 0x4, 0xb6, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1443.815617][T27003] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1443.826491][T27042] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1443.845357][T27003] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1443.918020][T27049] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1443.971687][T27003] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1443.971687][T27003] !' [ 1443.985427][T27003] CPU: 0 PID: 27003 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1443.993847][T27003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1444.003891][T27003] Call Trace: [ 1444.007167][T27003] dump_stack_lvl+0xcd/0x134 [ 1444.011768][T27003] sysfs_warn_dup.cold+0x1c/0x29 [ 1444.016715][T27003] sysfs_do_create_link_sd+0x11e/0x140 [ 1444.022178][T27003] sysfs_create_link+0x5f/0xc0 [ 1444.026954][T27003] device_add+0x789/0x2100 [ 1444.031377][T27003] ? mutex_lock_io_nested+0xf00/0xf00 [ 1444.036756][T27003] ? __mutex_unlock_slowpath+0x2b6/0x610 [ 1444.042396][T27003] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1444.048640][T27003] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1444.054879][T27003] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.061123][T27003] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1444.067118][T27003] wiphy_register+0x1e8a/0x29b0 [ 1444.071976][T27003] ? wiphy_unregister+0xbd0/0xbd0 [ 1444.076995][T27003] ? minstrel_ht_alloc+0x531/0xa00 [ 1444.082111][T27003] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1444.088194][T27003] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1444.093678][T27003] ? ieee80211_restart_hw+0x290/0x290 [ 1444.099061][T27003] ? debug_object_destroy+0x210/0x210 [ 1444.104448][T27003] ? memset+0x20/0x40 [ 1444.108437][T27003] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.114678][T27003] ? __hrtimer_init+0x136/0x280 [ 1444.119535][T27003] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1444.125273][T27003] ? hwsim_virtio_rx_work+0x350/0x350 [ 1444.130650][T27003] ? __kmalloc_track_caller+0x1a0/0x320 [ 1444.136204][T27003] ? memcpy+0x39/0x60 [ 1444.140190][T27003] hwsim_new_radio_nl+0x9bc/0x1080 [ 1444.145306][T27003] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1444.151218][T27003] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.157485][T27003] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1444.164857][T27003] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1444.172161][T27003] genl_family_rcv_msg_doit+0x228/0x320 [ 1444.177720][T27003] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1444.185105][T27003] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.191364][T27003] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.197606][T27003] ? ns_capable+0xde/0x100 [ 1444.202024][T27003] genl_rcv_msg+0x328/0x580 [ 1444.206538][T27003] ? genl_get_cmd+0x480/0x480 [ 1444.211222][T27003] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1444.217130][T27003] ? lock_release+0x720/0x720 [ 1444.221810][T27003] netlink_rcv_skb+0x153/0x420 [ 1444.226578][T27003] ? genl_get_cmd+0x480/0x480 [ 1444.231257][T27003] ? netlink_ack+0xa60/0xa60 [ 1444.235864][T27003] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.242110][T27003] genl_rcv+0x24/0x40 [ 1444.246098][T27003] netlink_unicast+0x533/0x7d0 [ 1444.250866][T27003] ? netlink_attachskb+0x890/0x890 [ 1444.255980][T27003] ? __virt_addr_valid+0x5d/0x2d0 [ 1444.261002][T27003] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1444.267244][T27003] ? __phys_addr_symbol+0x2c/0x70 [ 1444.272266][T27003] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1444.277984][T27003] ? __check_object_size+0x16e/0x3f0 [ 1444.283273][T27003] netlink_sendmsg+0x85b/0xda0 [ 1444.288053][T27003] ? netlink_unicast+0x7d0/0x7d0 [ 1444.293001][T27003] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.299245][T27003] ? netlink_unicast+0x7d0/0x7d0 [ 1444.304185][T27003] sock_sendmsg+0xcf/0x120 [ 1444.308606][T27003] ____sys_sendmsg+0x6e8/0x810 [ 1444.313369][T27003] ? kernel_sendmsg+0x50/0x50 [ 1444.318048][T27003] ? do_recvmmsg+0x6d0/0x6d0 [ 1444.322642][T27003] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1444.328630][T27003] ___sys_sendmsg+0xf3/0x170 [ 1444.333222][T27003] ? sendmsg_copy_msghdr+0x160/0x160 [ 1444.338515][T27003] ? __fget_files+0x266/0x3d0 [ 1444.343193][T27003] ? lock_downgrade+0x6e0/0x6e0 [ 1444.348057][T27003] ? __fget_files+0x288/0x3d0 [ 1444.352738][T27003] ? __fget_light+0xea/0x280 [ 1444.357332][T27003] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1444.363574][T27003] __sys_sendmsg+0xe5/0x1b0 [ 1444.368081][T27003] ? __sys_sendmsg_sock+0x30/0x30 [ 1444.373122][T27003] ? syscall_enter_from_user_mode+0x21/0x70 [ 1444.379030][T27003] do_syscall_64+0x35/0xb0 [ 1444.383455][T27003] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1444.389358][T27003] RIP: 0033:0x4665d9 [ 1444.393254][T27003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1444.412865][T27003] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 21:29:38 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, &(0x7f00000000c0)={0x0, 0x9, [0x800, 0x2, 0x8000, 0xfff, 0x4, 0x6]}) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1444.421281][T27003] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1444.429250][T27003] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1444.437215][T27003] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1444.445187][T27003] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1444.453158][T27003] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1444.534236][T27035] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 21:29:38 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1444.584111][T27035] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1444.584111][T27035] !' [ 1444.603297][T27035] CPU: 0 PID: 27035 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1444.611897][T27035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1444.621955][T27035] Call Trace: [ 1444.625232][T27035] dump_stack_lvl+0xcd/0x134 [ 1444.629833][T27035] sysfs_warn_dup.cold+0x1c/0x29 [ 1444.634782][T27035] sysfs_do_create_link_sd+0x11e/0x140 [ 1444.640257][T27035] sysfs_create_link+0x5f/0xc0 [ 1444.645029][T27035] device_add+0x789/0x2100 [ 1444.649449][T27035] ? mutex_lock_io_nested+0xf00/0xf00 [ 1444.654828][T27035] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1444.660383][T27035] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1444.666628][T27035] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1444.672877][T27035] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.679123][T27035] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1444.685118][T27035] wiphy_register+0x1e8a/0x29b0 [ 1444.689982][T27035] ? wiphy_unregister+0xbd0/0xbd0 [ 1444.695008][T27035] ? minstrel_ht_alloc+0x531/0xa00 [ 1444.700134][T27035] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1444.706217][T27035] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1444.711700][T27035] ? ieee80211_restart_hw+0x290/0x290 [ 1444.717085][T27035] ? debug_object_destroy+0x210/0x210 [ 1444.722479][T27035] ? memset+0x20/0x40 [ 1444.726468][T27035] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.732714][T27035] ? __hrtimer_init+0x136/0x280 [ 1444.737578][T27035] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1444.743324][T27035] ? hwsim_virtio_rx_work+0x350/0x350 [ 1444.748703][T27035] ? __kmalloc_track_caller+0x1a0/0x320 [ 1444.754256][T27035] ? memcpy+0x39/0x60 [ 1444.758250][T27035] hwsim_new_radio_nl+0x9bc/0x1080 [ 1444.763376][T27035] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1444.769288][T27035] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.775532][T27035] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1444.782913][T27035] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1444.790220][T27035] genl_family_rcv_msg_doit+0x228/0x320 [ 1444.795782][T27035] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1444.803164][T27035] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.809421][T27035] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.815660][T27035] ? ns_capable+0xde/0x100 [ 1444.820082][T27035] genl_rcv_msg+0x328/0x580 [ 1444.824597][T27035] ? genl_get_cmd+0x480/0x480 [ 1444.829281][T27035] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1444.835187][T27035] ? lock_release+0x720/0x720 [ 1444.839874][T27035] netlink_rcv_skb+0x153/0x420 [ 1444.844644][T27035] ? genl_get_cmd+0x480/0x480 [ 1444.849331][T27035] ? netlink_ack+0xa60/0xa60 [ 1444.853938][T27035] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.860196][T27035] genl_rcv+0x24/0x40 [ 1444.864184][T27035] netlink_unicast+0x533/0x7d0 [ 1444.868966][T27035] ? netlink_attachskb+0x890/0x890 [ 1444.874084][T27035] ? __virt_addr_valid+0x5d/0x2d0 [ 1444.879117][T27035] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1444.885359][T27035] ? __phys_addr_symbol+0x2c/0x70 [ 1444.890386][T27035] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1444.896107][T27035] ? __check_object_size+0x16e/0x3f0 [ 1444.901404][T27035] netlink_sendmsg+0x85b/0xda0 [ 1444.906185][T27035] ? netlink_unicast+0x7d0/0x7d0 [ 1444.911142][T27035] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1444.917391][T27035] ? netlink_unicast+0x7d0/0x7d0 [ 1444.922338][T27035] sock_sendmsg+0xcf/0x120 [ 1444.926764][T27035] ____sys_sendmsg+0x6e8/0x810 [ 1444.931567][T27035] ? kernel_sendmsg+0x50/0x50 [ 1444.936291][T27035] ? do_recvmmsg+0x6d0/0x6d0 [ 1444.940893][T27035] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1444.946893][T27035] ___sys_sendmsg+0xf3/0x170 [ 1444.951493][T27035] ? sendmsg_copy_msghdr+0x160/0x160 [ 1444.956789][T27035] ? __fget_files+0x266/0x3d0 [ 1444.961473][T27035] ? lock_downgrade+0x6e0/0x6e0 [ 1444.966342][T27035] ? __fget_files+0x288/0x3d0 [ 1444.971031][T27035] ? __fget_light+0xea/0x280 [ 1444.975630][T27035] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1444.981882][T27035] __sys_sendmsg+0xe5/0x1b0 [ 1444.987172][T27035] ? __sys_sendmsg_sock+0x30/0x30 [ 1444.992400][T27035] ? syscall_enter_from_user_mode+0x21/0x70 [ 1444.998310][T27035] do_syscall_64+0x35/0xb0 [ 1445.002910][T27035] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1445.009000][T27035] RIP: 0033:0x4665d9 [ 1445.012882][T27035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 21:29:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01540000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:39 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1445.032490][T27035] RSP: 002b:00007f3c79daa188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1445.040905][T27035] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1445.048881][T27035] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1445.056863][T27035] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1445.064833][T27035] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1445.072790][T27035] R13: 00007fff2988d9df R14: 00007f3c79daa300 R15: 0000000000022000 [ 1445.171825][T27074] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1445.192306][T27074] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1445.192306][T27074] !' 21:29:39 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63150d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:39 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d035c0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1445.237660][T27074] CPU: 0 PID: 27074 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1445.246200][T27074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1445.256255][T27074] Call Trace: [ 1445.259534][T27074] dump_stack_lvl+0xcd/0x134 [ 1445.264139][T27074] sysfs_warn_dup.cold+0x1c/0x29 [ 1445.269091][T27074] sysfs_do_create_link_sd+0x11e/0x140 [ 1445.274566][T27074] sysfs_create_link+0x5f/0xc0 [ 1445.279337][T27074] device_add+0x789/0x2100 [ 1445.283758][T27074] ? mutex_lock_io_nested+0xf00/0xf00 [ 1445.289139][T27074] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1445.294693][T27074] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1445.300938][T27074] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1445.307188][T27074] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1445.313426][T27074] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1445.319693][T27074] wiphy_register+0x1e8a/0x29b0 [ 1445.324575][T27074] ? wiphy_unregister+0xbd0/0xbd0 [ 1445.329592][T27074] ? minstrel_ht_alloc+0x531/0xa00 [ 1445.334708][T27074] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1445.340785][T27074] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1445.346271][T27074] ? ieee80211_restart_hw+0x290/0x290 [ 1445.351645][T27074] ? debug_object_destroy+0x210/0x210 [ 1445.357030][T27074] ? memset+0x20/0x40 [ 1445.361013][T27074] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1445.367253][T27074] ? __hrtimer_init+0x136/0x280 [ 1445.372108][T27074] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1445.377842][T27074] ? hwsim_virtio_rx_work+0x350/0x350 [ 1445.383206][T27074] ? __kmalloc_track_caller+0x1a0/0x320 [ 1445.388747][T27074] ? memcpy+0x39/0x60 [ 1445.392726][T27074] hwsim_new_radio_nl+0x9bc/0x1080 [ 1445.397837][T27074] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1445.403737][T27074] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1445.409987][T27074] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1445.417353][T27074] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1445.424640][T27074] genl_family_rcv_msg_doit+0x228/0x320 [ 1445.430186][T27074] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1445.437551][T27074] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1445.443794][T27074] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1445.450026][T27074] ? ns_capable+0xde/0x100 [ 1445.454436][T27074] genl_rcv_msg+0x328/0x580 [ 1445.458940][T27074] ? genl_get_cmd+0x480/0x480 [ 1445.463616][T27074] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1445.469510][T27074] ? lock_release+0x720/0x720 [ 1445.474176][T27074] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1445.479459][T27074] netlink_rcv_skb+0x153/0x420 [ 1445.484216][T27074] ? genl_get_cmd+0x480/0x480 [ 1445.488892][T27074] ? netlink_ack+0xa60/0xa60 [ 1445.493492][T27074] genl_rcv+0x24/0x40 [ 1445.497465][T27074] netlink_unicast+0x533/0x7d0 [ 1445.502228][T27074] ? netlink_attachskb+0x890/0x890 [ 1445.507365][T27074] ? __virt_addr_valid+0x5d/0x2d0 [ 1445.512469][T27074] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1445.518701][T27074] ? __phys_addr_symbol+0x2c/0x70 [ 1445.523715][T27074] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1445.529425][T27074] ? __check_object_size+0x16e/0x3f0 [ 1445.534708][T27074] netlink_sendmsg+0x85b/0xda0 [ 1445.539474][T27074] ? netlink_unicast+0x7d0/0x7d0 [ 1445.544406][T27074] ? __sanitizer_cov_trace_const_cmp2+0x80/0x80 [ 1445.550647][T27074] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1445.556880][T27074] ? netlink_unicast+0x7d0/0x7d0 [ 1445.561814][T27074] sock_sendmsg+0xcf/0x120 [ 1445.566225][T27074] ____sys_sendmsg+0x6e8/0x810 [ 1445.570985][T27074] ? kernel_sendmsg+0x50/0x50 [ 1445.575651][T27074] ? do_recvmmsg+0x6d0/0x6d0 [ 1445.580237][T27074] ? lock_chain_count+0x20/0x20 [ 1445.585079][T27074] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1445.591059][T27074] ___sys_sendmsg+0xf3/0x170 [ 1445.595649][T27074] ? sendmsg_copy_msghdr+0x160/0x160 [ 1445.600933][T27074] ? __fget_files+0x266/0x3d0 [ 1445.605609][T27074] ? lock_downgrade+0x6e0/0x6e0 [ 1445.610462][T27074] ? __fget_files+0x288/0x3d0 [ 1445.615140][T27074] ? __fget_light+0xea/0x280 [ 1445.619723][T27074] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1445.625962][T27074] __sys_sendmsg+0xe5/0x1b0 [ 1445.630457][T27074] ? __sys_sendmsg_sock+0x30/0x30 [ 1445.635492][T27074] ? syscall_enter_from_user_mode+0x21/0x70 [ 1445.641391][T27074] do_syscall_64+0x35/0xb0 [ 1445.645801][T27074] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1445.651688][T27074] RIP: 0033:0x4665d9 [ 1445.655572][T27074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1445.675169][T27074] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1445.683575][T27074] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1445.691537][T27074] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1445.699497][T27074] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1445.707455][T27074] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1445.715414][T27074] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1445.859226][T27106] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:40 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:40 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1445.935190][T27106] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1445.935190][T27106] !' [ 1445.993185][T27106] CPU: 0 PID: 27106 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1446.001728][T27106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1446.011785][T27106] Call Trace: [ 1446.015062][T27106] dump_stack_lvl+0xcd/0x134 [ 1446.019665][T27106] sysfs_warn_dup.cold+0x1c/0x29 [ 1446.024611][T27106] sysfs_do_create_link_sd+0x11e/0x140 [ 1446.030082][T27106] sysfs_create_link+0x5f/0xc0 [ 1446.034855][T27106] device_add+0x789/0x2100 [ 1446.039276][T27106] ? mutex_lock_io_nested+0xf00/0xf00 [ 1446.044657][T27106] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1446.050210][T27106] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1446.056459][T27106] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1446.062708][T27106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.068952][T27106] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1446.074950][T27106] wiphy_register+0x1e8a/0x29b0 [ 1446.079814][T27106] ? wiphy_unregister+0xbd0/0xbd0 [ 1446.084839][T27106] ? minstrel_ht_alloc+0x531/0xa00 [ 1446.089966][T27106] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1446.096051][T27106] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1446.101535][T27106] ? ieee80211_restart_hw+0x290/0x290 [ 1446.106923][T27106] ? debug_object_destroy+0x210/0x210 [ 1446.112312][T27106] ? memset+0x20/0x40 [ 1446.116301][T27106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.122546][T27106] ? __hrtimer_init+0x136/0x280 [ 1446.127412][T27106] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1446.133166][T27106] ? hwsim_virtio_rx_work+0x350/0x350 [ 1446.138536][T27106] ? __kmalloc_track_caller+0x1a0/0x320 [ 1446.144077][T27106] ? memcpy+0x39/0x60 [ 1446.148059][T27106] hwsim_new_radio_nl+0x9bc/0x1080 [ 1446.153172][T27106] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1446.159074][T27106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.165307][T27106] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1446.172677][T27106] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1446.179967][T27106] genl_family_rcv_msg_doit+0x228/0x320 [ 1446.185515][T27106] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1446.192883][T27106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.199141][T27106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.205371][T27106] ? ns_capable+0xde/0x100 [ 1446.209782][T27106] genl_rcv_msg+0x328/0x580 [ 1446.214284][T27106] ? genl_get_cmd+0x480/0x480 [ 1446.218956][T27106] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1446.225022][T27106] ? lock_release+0x720/0x720 [ 1446.229687][T27106] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1446.234969][T27106] netlink_rcv_skb+0x153/0x420 [ 1446.239744][T27106] ? genl_get_cmd+0x480/0x480 [ 1446.244418][T27106] ? netlink_ack+0xa60/0xa60 [ 1446.249022][T27106] genl_rcv+0x24/0x40 [ 1446.252996][T27106] netlink_unicast+0x533/0x7d0 [ 1446.257759][T27106] ? netlink_attachskb+0x890/0x890 [ 1446.262860][T27106] ? __virt_addr_valid+0x5d/0x2d0 [ 1446.267876][T27106] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1446.274107][T27106] ? __phys_addr_symbol+0x2c/0x70 [ 1446.279121][T27106] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1446.284828][T27106] ? __check_object_size+0x16e/0x3f0 [ 1446.290110][T27106] netlink_sendmsg+0x85b/0xda0 [ 1446.294874][T27106] ? netlink_unicast+0x7d0/0x7d0 [ 1446.299812][T27106] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.306048][T27106] ? netlink_unicast+0x7d0/0x7d0 [ 1446.310980][T27106] sock_sendmsg+0xcf/0x120 [ 1446.315387][T27106] ____sys_sendmsg+0x6e8/0x810 [ 1446.320157][T27106] ? kernel_sendmsg+0x50/0x50 [ 1446.324821][T27106] ? do_recvmmsg+0x6d0/0x6d0 [ 1446.329409][T27106] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1446.335380][T27106] ? __fget_light+0x89/0x280 [ 1446.339971][T27106] ___sys_sendmsg+0xf3/0x170 [ 1446.344555][T27106] ? sendmsg_copy_msghdr+0x160/0x160 [ 1446.349944][T27106] ? __fget_files+0x266/0x3d0 [ 1446.354611][T27106] ? lock_downgrade+0x6e0/0x6e0 [ 1446.359490][T27106] ? __fget_files+0x288/0x3d0 [ 1446.364167][T27106] ? __fget_light+0xea/0x280 [ 1446.368748][T27106] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1446.374981][T27106] __sys_sendmsg+0xe5/0x1b0 [ 1446.379476][T27106] ? __sys_sendmsg_sock+0x30/0x30 [ 1446.384507][T27106] ? syscall_enter_from_user_mode+0x21/0x70 [ 1446.390399][T27106] do_syscall_64+0x35/0xb0 [ 1446.394802][T27106] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1446.401125][T27106] RIP: 0033:0x4665d9 [ 1446.405183][T27106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1446.424779][T27106] RSP: 002b:00007ff8ad9cc188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1446.433185][T27106] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9 [ 1446.441143][T27106] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1446.449102][T27106] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1446.457059][T27106] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0 [ 1446.465017][T27106] R13: 00007ffd9d70a0cf R14: 00007ff8ad9cc300 R15: 0000000000022000 21:29:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d005d0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:40 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02540000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1446.635045][T27107] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1446.669317][T27107] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1446.669317][T27107] !' [ 1446.714008][T27107] CPU: 0 PID: 27107 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1446.722622][T27107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1446.732670][T27107] Call Trace: [ 1446.735948][T27107] dump_stack_lvl+0xcd/0x134 [ 1446.740555][T27107] sysfs_warn_dup.cold+0x1c/0x29 [ 1446.745503][T27107] sysfs_do_create_link_sd+0x11e/0x140 [ 1446.750973][T27107] sysfs_create_link+0x5f/0xc0 [ 1446.755744][T27107] device_add+0x789/0x2100 [ 1446.760166][T27107] ? mutex_lock_io_nested+0xf00/0xf00 [ 1446.765546][T27107] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1446.771100][T27107] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1446.777345][T27107] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1446.783589][T27107] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.789833][T27107] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1446.795831][T27107] wiphy_register+0x1e8a/0x29b0 [ 1446.800700][T27107] ? wiphy_unregister+0xbd0/0xbd0 [ 1446.805727][T27107] ? minstrel_ht_alloc+0x531/0xa00 [ 1446.810928][T27107] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1446.817188][T27107] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1446.822674][T27107] ? ieee80211_restart_hw+0x290/0x290 [ 1446.828061][T27107] ? debug_object_destroy+0x210/0x210 [ 1446.833450][T27107] ? memset+0x20/0x40 [ 1446.837446][T27107] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.843700][T27107] ? __hrtimer_init+0x136/0x280 [ 1446.848569][T27107] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1446.854322][T27107] ? hwsim_virtio_rx_work+0x350/0x350 21:29:40 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0xe3) socket$packet(0x11, 0x0, 0x300) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='io\x00') getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000180)=0x14) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f00000002c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="00ac00000000000001000000000000000800000000000000a508001c000000008100740200000000010000000000000009000000080000002764ffff0500000000000000000000006c000000000000000002000000000000ff01000000000000400000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fea21c6ede148311b7dccf6301245712ac1a3b15ea15e7d8b3513ed986aad72adbe1c4c272d0184dac109a3261fbdda818d9b8a4163b813a2fc6a1e856cfab000008408b27701ae1a8eddeb915"]) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1446.859702][T27107] ? __kmalloc_track_caller+0x1a0/0x320 [ 1446.865261][T27107] ? memcpy+0x39/0x60 [ 1446.869255][T27107] hwsim_new_radio_nl+0x9bc/0x1080 [ 1446.874381][T27107] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1446.880296][T27107] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.886541][T27107] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1446.893921][T27107] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1446.901228][T27107] genl_family_rcv_msg_doit+0x228/0x320 [ 1446.906787][T27107] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1446.914190][T27107] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.920687][T27107] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.926937][T27107] ? ns_capable+0xde/0x100 [ 1446.931370][T27107] genl_rcv_msg+0x328/0x580 [ 1446.935888][T27107] ? genl_get_cmd+0x480/0x480 [ 1446.940582][T27107] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1446.946491][T27107] ? lock_release+0x720/0x720 [ 1446.951182][T27107] netlink_rcv_skb+0x153/0x420 [ 1446.955963][T27107] ? genl_get_cmd+0x480/0x480 [ 1446.960651][T27107] ? netlink_ack+0xa60/0xa60 [ 1446.965441][T27107] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1446.971693][T27107] genl_rcv+0x24/0x40 [ 1446.975681][T27107] netlink_unicast+0x533/0x7d0 [ 1446.980457][T27107] ? netlink_attachskb+0x890/0x890 [ 1446.985573][T27107] ? __virt_addr_valid+0x5d/0x2d0 [ 1446.990608][T27107] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1446.996854][T27107] ? __phys_addr_symbol+0x2c/0x70 [ 1447.001882][T27107] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1447.007606][T27107] ? __check_object_size+0x16e/0x3f0 [ 1447.012904][T27107] netlink_sendmsg+0x85b/0xda0 [ 1447.017691][T27107] ? netlink_unicast+0x7d0/0x7d0 [ 1447.022645][T27107] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1447.028897][T27107] ? netlink_unicast+0x7d0/0x7d0 [ 1447.033849][T27107] sock_sendmsg+0xcf/0x120 [ 1447.038276][T27107] ____sys_sendmsg+0x6e8/0x810 [ 1447.043051][T27107] ? kernel_sendmsg+0x50/0x50 [ 1447.047733][T27107] ? do_recvmmsg+0x6d0/0x6d0 [ 1447.052338][T27107] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1447.058324][T27107] ? __fget_light+0x89/0x280 [ 1447.062929][T27107] ___sys_sendmsg+0xf3/0x170 [ 1447.067534][T27107] ? sendmsg_copy_msghdr+0x160/0x160 [ 1447.072831][T27107] ? __fget_files+0x266/0x3d0 [ 1447.077514][T27107] ? lock_downgrade+0x6e0/0x6e0 [ 1447.082385][T27107] ? __fget_files+0x288/0x3d0 [ 1447.087080][T27107] ? __fget_light+0xea/0x280 [ 1447.091674][T27107] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1447.097927][T27107] __sys_sendmsg+0xe5/0x1b0 [ 1447.102444][T27107] ? __sys_sendmsg_sock+0x30/0x30 [ 1447.107492][T27107] ? syscall_enter_from_user_mode+0x21/0x70 [ 1447.113402][T27107] do_syscall_64+0x35/0xb0 [ 1447.117827][T27107] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1447.123728][T27107] RIP: 0033:0x4665d9 [ 1447.127623][T27107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1447.147231][T27107] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1447.155646][T27107] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1447.163619][T27107] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1447.171593][T27107] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1447.179565][T27107] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1447.187539][T27107] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 [ 1447.269725][T27152] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 1447.302795][T27146] __nla_validate_parse: 9 callbacks suppressed [ 1447.302812][T27146] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1447.348426][T27147] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1447.383258][T27152] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.0'. 21:29:41 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:41 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x0, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d015d0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:41 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d03540000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1447.463610][T27152] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1447.463610][T27152] !' [ 1447.536551][T27152] CPU: 1 PID: 27152 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1447.545011][T27152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1447.555067][T27152] Call Trace: [ 1447.558345][T27152] dump_stack_lvl+0xcd/0x134 [ 1447.562948][T27152] sysfs_warn_dup.cold+0x1c/0x29 [ 1447.567896][T27152] sysfs_do_create_link_sd+0x11e/0x140 [ 1447.573368][T27152] sysfs_create_link+0x5f/0xc0 [ 1447.578143][T27152] device_add+0x789/0x2100 [ 1447.582567][T27152] ? mutex_lock_io_nested+0xf00/0xf00 [ 1447.587946][T27152] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1447.593497][T27152] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1447.599740][T27152] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1447.605987][T27152] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1447.612234][T27152] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1447.618227][T27152] wiphy_register+0x1e8a/0x29b0 [ 1447.623093][T27152] ? wiphy_unregister+0xbd0/0xbd0 [ 1447.628121][T27152] ? minstrel_ht_alloc+0x531/0xa00 [ 1447.633248][T27152] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1447.639330][T27152] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1447.644811][T27152] ? ieee80211_restart_hw+0x290/0x290 [ 1447.650193][T27152] ? debug_object_destroy+0x210/0x210 [ 1447.655576][T27152] ? memset+0x20/0x40 [ 1447.659565][T27152] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1447.665813][T27152] ? __hrtimer_init+0x136/0x280 [ 1447.670681][T27152] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1447.676418][T27152] ? hwsim_virtio_rx_work+0x350/0x350 [ 1447.681803][T27152] ? __kmalloc_track_caller+0x1a0/0x320 [ 1447.687358][T27152] ? memcpy+0x39/0x60 [ 1447.691353][T27152] hwsim_new_radio_nl+0x9bc/0x1080 [ 1447.696479][T27152] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1447.702395][T27152] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1447.708646][T27152] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1447.716025][T27152] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1447.723326][T27152] genl_family_rcv_msg_doit+0x228/0x320 [ 1447.728874][T27152] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1447.736243][T27152] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1447.742670][T27152] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1447.748896][T27152] ? ns_capable+0xde/0x100 [ 1447.753299][T27152] genl_rcv_msg+0x328/0x580 [ 1447.757984][T27152] ? genl_get_cmd+0x480/0x480 [ 1447.762658][T27152] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1447.768921][T27152] ? lock_release+0x720/0x720 [ 1447.773582][T27152] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1447.778857][T27152] netlink_rcv_skb+0x153/0x420 [ 1447.783832][T27152] ? genl_get_cmd+0x480/0x480 [ 1447.788516][T27152] ? netlink_ack+0xa60/0xa60 [ 1447.793114][T27152] genl_rcv+0x24/0x40 [ 1447.797102][T27152] netlink_unicast+0x533/0x7d0 [ 1447.801859][T27152] ? netlink_attachskb+0x890/0x890 [ 1447.806962][T27152] ? __virt_addr_valid+0x5d/0x2d0 [ 1447.812094][T27152] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1447.818328][T27152] ? __phys_addr_symbol+0x2c/0x70 [ 1447.823339][T27152] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1447.829046][T27152] ? __check_object_size+0x16e/0x3f0 [ 1447.834336][T27152] netlink_sendmsg+0x85b/0xda0 [ 1447.839097][T27152] ? netlink_unicast+0x7d0/0x7d0 [ 1447.844039][T27152] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1447.850271][T27152] ? netlink_unicast+0x7d0/0x7d0 [ 1447.855205][T27152] sock_sendmsg+0xcf/0x120 [ 1447.859607][T27152] ____sys_sendmsg+0x6e8/0x810 [ 1447.864358][T27152] ? kernel_sendmsg+0x50/0x50 [ 1447.869022][T27152] ? do_recvmmsg+0x6d0/0x6d0 [ 1447.873612][T27152] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1447.879593][T27152] ? __fget_light+0x89/0x280 [ 1447.884191][T27152] ___sys_sendmsg+0xf3/0x170 [ 1447.888767][T27152] ? sendmsg_copy_msghdr+0x160/0x160 [ 1447.894041][T27152] ? __fget_files+0x266/0x3d0 [ 1447.898706][T27152] ? lock_downgrade+0x6e0/0x6e0 [ 1447.903548][T27152] ? __fget_files+0x288/0x3d0 [ 1447.908333][T27152] ? __fget_light+0xea/0x280 [ 1447.912948][T27152] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1447.919191][T27152] __sys_sendmsg+0xe5/0x1b0 [ 1447.923690][T27152] ? __sys_sendmsg_sock+0x30/0x30 [ 1447.928725][T27152] ? syscall_enter_from_user_mode+0x21/0x70 [ 1447.934628][T27152] do_syscall_64+0x35/0xb0 [ 1447.939087][T27152] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1447.945015][T27152] RIP: 0033:0x4665d9 [ 1447.948908][T27152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1447.969321][T27152] RSP: 002b:00007ff8ada0e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1447.977933][T27152] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1447.986278][T27152] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1447.994293][T27152] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1448.002259][T27152] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1448.010212][T27152] R13: 00007ffd9d70a0cf R14: 00007ff8ada0e300 R15: 0000000000022000 [ 1448.096541][T27170] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1448.110690][T27101] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1448.118932][T27101] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1448.133722][T27176] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1448.189692][T27101] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1448.189692][T27101] !' [ 1448.215438][T27101] CPU: 0 PID: 27101 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1448.223984][T27101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1448.234235][T27101] Call Trace: [ 1448.237692][T27101] dump_stack_lvl+0xcd/0x134 [ 1448.242846][T27101] sysfs_warn_dup.cold+0x1c/0x29 [ 1448.247800][T27101] sysfs_do_create_link_sd+0x11e/0x140 [ 1448.253250][T27101] sysfs_create_link+0x5f/0xc0 [ 1448.258001][T27101] device_add+0x789/0x2100 [ 1448.262423][T27101] ? mutex_lock_io_nested+0xf00/0xf00 [ 1448.267786][T27101] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1448.273320][T27101] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1448.279545][T27101] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1448.285773][T27101] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1448.292002][T27101] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1448.297999][T27101] wiphy_register+0x1e8a/0x29b0 [ 1448.302856][T27101] ? wiphy_unregister+0xbd0/0xbd0 [ 1448.307864][T27101] ? minstrel_ht_alloc+0x531/0xa00 [ 1448.312975][T27101] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1448.319053][T27101] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1448.324512][T27101] ? ieee80211_restart_hw+0x290/0x290 [ 1448.329876][T27101] ? debug_object_destroy+0x210/0x210 [ 1448.335247][T27101] ? memset+0x20/0x40 [ 1448.339220][T27101] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1448.345446][T27101] ? __hrtimer_init+0x136/0x280 [ 1448.350291][T27101] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1448.356012][T27101] ? hwsim_virtio_rx_work+0x350/0x350 [ 1448.361373][T27101] ? __kmalloc_track_caller+0x1a0/0x320 [ 1448.366923][T27101] ? memcpy+0x39/0x60 [ 1448.370904][T27101] hwsim_new_radio_nl+0x9bc/0x1080 [ 1448.376027][T27101] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1448.381922][T27101] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1448.388165][T27101] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1448.395524][T27101] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1448.402805][T27101] genl_family_rcv_msg_doit+0x228/0x320 [ 1448.408352][T27101] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1448.415710][T27101] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1448.421940][T27101] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1448.428164][T27101] ? ns_capable+0xde/0x100 [ 1448.432575][T27101] genl_rcv_msg+0x328/0x580 [ 1448.437088][T27101] ? genl_get_cmd+0x480/0x480 [ 1448.441754][T27101] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1448.447672][T27101] ? lock_release+0x720/0x720 [ 1448.452335][T27101] netlink_rcv_skb+0x153/0x420 [ 1448.457087][T27101] ? genl_get_cmd+0x480/0x480 [ 1448.461752][T27101] ? netlink_ack+0xa60/0xa60 [ 1448.466346][T27101] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1448.472574][T27101] genl_rcv+0x24/0x40 [ 1448.476540][T27101] netlink_unicast+0x533/0x7d0 [ 1448.481299][T27101] ? netlink_attachskb+0x890/0x890 [ 1448.486414][T27101] ? __virt_addr_valid+0x5d/0x2d0 [ 1448.491435][T27101] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1448.497689][T27101] ? __phys_addr_symbol+0x2c/0x70 [ 1448.502698][T27101] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1448.508399][T27101] ? __check_object_size+0x16e/0x3f0 [ 1448.513667][T27101] netlink_sendmsg+0x85b/0xda0 [ 1448.518419][T27101] ? netlink_unicast+0x7d0/0x7d0 [ 1448.523357][T27101] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1448.529605][T27101] ? netlink_unicast+0x7d0/0x7d0 [ 1448.534547][T27101] sock_sendmsg+0xcf/0x120 [ 1448.538950][T27101] ____sys_sendmsg+0x6e8/0x810 [ 1448.543697][T27101] ? kernel_sendmsg+0x50/0x50 [ 1448.548355][T27101] ? do_recvmmsg+0x6d0/0x6d0 [ 1448.552928][T27101] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1448.558897][T27101] ___sys_sendmsg+0xf3/0x170 [ 1448.563471][T27101] ? sendmsg_copy_msghdr+0x160/0x160 [ 1448.568743][T27101] ? __fget_files+0x266/0x3d0 [ 1448.573401][T27101] ? lock_downgrade+0x6e0/0x6e0 [ 1448.578242][T27101] ? __fget_files+0x288/0x3d0 [ 1448.582904][T27101] ? __fget_light+0xea/0x280 [ 1448.587481][T27101] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1448.593708][T27101] __sys_sendmsg+0xe5/0x1b0 [ 1448.598193][T27101] ? __sys_sendmsg_sock+0x30/0x30 [ 1448.603223][T27101] ? syscall_enter_from_user_mode+0x21/0x70 [ 1448.609107][T27101] do_syscall_64+0x35/0xb0 [ 1448.613504][T27101] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1448.619384][T27101] RIP: 0033:0x4665d9 [ 1448.623260][T27101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1448.642853][T27101] RSP: 002b:00007f3c79dec188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1448.651255][T27101] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1448.659221][T27101] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1448.667178][T27101] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1448.675137][T27101] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1448.683094][T27101] R13: 00007fff2988d9df R14: 00007f3c79dec300 R15: 0000000000022000 [ 1448.717461][T27181] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1448.729466][T27170] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1448.772671][T27157] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 21:29:42 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d00550000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1448.817408][T27157] netlink: 146340 bytes leftover after parsing attributes in process `syz-executor.0'. 21:29:42 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63160d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 21:29:43 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:29:43 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d025d0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:29:43 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x0, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) [ 1448.867618][T27157] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1448.867618][T27157] !' [ 1448.884146][T27157] CPU: 0 PID: 27157 Comm: syz-executor.0 Not tainted 5.13.0-syzkaller #0 [ 1448.892666][T27157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1448.902720][T27157] Call Trace: [ 1448.906001][T27157] dump_stack_lvl+0xcd/0x134 [ 1448.910618][T27157] sysfs_warn_dup.cold+0x1c/0x29 [ 1448.915578][T27157] sysfs_do_create_link_sd+0x11e/0x140 [ 1448.921051][T27157] sysfs_create_link+0x5f/0xc0 [ 1448.925857][T27157] device_add+0x789/0x2100 [ 1448.930277][T27157] ? mutex_lock_io_nested+0xf00/0xf00 [ 1448.935656][T27157] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1448.941210][T27157] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1448.947464][T27157] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1448.953709][T27157] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1448.959946][T27157] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1448.965938][T27157] wiphy_register+0x1e8a/0x29b0 [ 1448.970804][T27157] ? wiphy_unregister+0xbd0/0xbd0 [ 1448.975830][T27157] ? minstrel_ht_alloc+0x531/0xa00 [ 1448.980949][T27157] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1448.987025][T27157] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1448.992503][T27157] ? ieee80211_restart_hw+0x290/0x290 [ 1448.997875][T27157] ? debug_object_destroy+0x210/0x210 [ 1449.003253][T27157] ? memset+0x20/0x40 [ 1449.007244][T27157] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1449.013486][T27157] ? __hrtimer_init+0x136/0x280 [ 1449.018341][T27157] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1449.024079][T27157] ? hwsim_virtio_rx_work+0x350/0x350 [ 1449.029454][T27157] ? __kmalloc_track_caller+0x1a0/0x320 [ 1449.034998][T27157] ? memcpy+0x39/0x60 [ 1449.038979][T27157] hwsim_new_radio_nl+0x9bc/0x1080 [ 1449.044111][T27157] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1449.050015][T27157] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1449.056247][T27157] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1449.063616][T27157] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1449.070903][T27157] genl_family_rcv_msg_doit+0x228/0x320 [ 1449.076455][T27157] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1449.083823][T27157] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1449.090067][T27157] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1449.096301][T27157] ? ns_capable+0xde/0x100 [ 1449.100716][T27157] genl_rcv_msg+0x328/0x580 [ 1449.105252][T27157] ? genl_get_cmd+0x480/0x480 [ 1449.109925][T27157] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1449.115821][T27157] ? lock_release+0x720/0x720 [ 1449.120490][T27157] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 1449.125770][T27157] netlink_rcv_skb+0x153/0x420 [ 1449.130531][T27157] ? genl_get_cmd+0x480/0x480 [ 1449.135207][T27157] ? netlink_ack+0xa60/0xa60 [ 1449.139807][T27157] genl_rcv+0x24/0x40 [ 1449.143782][T27157] netlink_unicast+0x533/0x7d0 [ 1449.148561][T27157] ? netlink_attachskb+0x890/0x890 [ 1449.153665][T27157] ? __virt_addr_valid+0x5d/0x2d0 [ 1449.158686][T27157] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1449.164918][T27157] ? __phys_addr_symbol+0x2c/0x70 [ 1449.169934][T27157] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1449.175642][T27157] ? __check_object_size+0x16e/0x3f0 [ 1449.180925][T27157] netlink_sendmsg+0x85b/0xda0 [ 1449.185694][T27157] ? netlink_unicast+0x7d0/0x7d0 [ 1449.190635][T27157] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1449.196873][T27157] ? netlink_unicast+0x7d0/0x7d0 [ 1449.201805][T27157] sock_sendmsg+0xcf/0x120 [ 1449.206217][T27157] ____sys_sendmsg+0x6e8/0x810 [ 1449.210974][T27157] ? kernel_sendmsg+0x50/0x50 [ 1449.215641][T27157] ? do_recvmmsg+0x6d0/0x6d0 [ 1449.220228][T27157] ? lock_chain_count+0x20/0x20 [ 1449.225069][T27157] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1449.231051][T27157] ___sys_sendmsg+0xf3/0x170 [ 1449.235657][T27157] ? sendmsg_copy_msghdr+0x160/0x160 [ 1449.240939][T27157] ? __fget_files+0x266/0x3d0 [ 1449.245610][T27157] ? lock_downgrade+0x6e0/0x6e0 [ 1449.250467][T27157] ? __fget_files+0x288/0x3d0 [ 1449.255144][T27157] ? __fget_light+0xea/0x280 [ 1449.259729][T27157] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1449.265968][T27157] __sys_sendmsg+0xe5/0x1b0 [ 1449.270471][T27157] ? __sys_sendmsg_sock+0x30/0x30 [ 1449.275508][T27157] ? syscall_enter_from_user_mode+0x21/0x70 [ 1449.281408][T27157] do_syscall_64+0x35/0xb0 [ 1449.285827][T27157] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1449.291720][T27157] RIP: 0033:0x4665d9 [ 1449.295605][T27157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1449.315202][T27157] RSP: 002b:00007ff8ad9ed188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1449.323607][T27157] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1449.331567][T27157] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1449.339527][T27157] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1449.347493][T27157] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1449.355465][T27157] R13: 00007ffd9d70a0cf R14: 00007ff8ad9ed300 R15: 0000000000022000 [ 1449.588041][T27215] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1554.490593][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 1554.497492][ C0] rcu: 0-...!: (1 GPs behind) idle=94a/1/0x4000000000000000 softirq=97492/97493 fqs=12 [ 1554.508353][ C0] (t=10501 jiffies g=120113 q=723) [ 1554.513545][ C0] rcu: rcu_preempt kthread starved for 10471 jiffies! g120113 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1554.524995][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1554.535222][ C0] rcu: RCU grace-period kthread stack dump: [ 1554.541111][ C0] task:rcu_preempt state:I stack:28816 pid: 14 ppid: 2 flags:0x00004000 [ 1554.550323][ C0] Call Trace: [ 1554.553607][ C0] __schedule+0x934/0x2710 [ 1554.558042][ C0] ? io_schedule_timeout+0x140/0x140 [ 1554.563338][ C0] ? debug_object_destroy+0x210/0x210 [ 1554.568729][ C0] schedule+0xd3/0x270 [ 1554.572805][ C0] schedule_timeout+0x14a/0x2a0 [ 1554.577667][ C0] ? usleep_range+0x170/0x170 [ 1554.582351][ C0] ? destroy_timer_on_stack+0x20/0x20 [ 1554.587733][ C0] ? xhci_stop_endpoint_command_watchdog.cold+0xa5/0x395 [ 1554.594767][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 1554.600582][ C0] ? prepare_to_swait_event+0xee/0x470 [ 1554.606050][ C0] rcu_gp_kthread+0xd1a/0x2300 [ 1554.610831][ C0] ? print_cpu_stall_info+0x6b0/0x6b0 [ 1554.616212][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1554.622034][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1554.628285][ C0] ? __kthread_parkme+0x15f/0x220 [ 1554.633315][ C0] ? print_cpu_stall_info+0x6b0/0x6b0 [ 1554.638696][ C0] kthread+0x3e5/0x4d0 [ 1554.642770][ C0] ? set_kthread_struct+0x130/0x130 [ 1554.647977][ C0] ret_from_fork+0x1f/0x30 [ 1554.652425][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1554.658741][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1554.664628][ C1] NMI backtrace for cpu 1 [ 1554.664638][ C1] CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.13.0-syzkaller #0 [ 1554.664647][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1554.664656][ C1] RIP: 0010:unwind_next_frame+0x27/0x1ce0 [ 1554.664667][ C1] Code: 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 49 89 fe 41 55 41 54 55 53 48 81 ec a0 00 00 00 48 c7 44 24 40 b3 8a b5 41 <48> 8d 5c 24 40 48 c7 44 24 48 09 a2 11 8b 48 c1 eb 03 48 c7 44 24 [ 1554.664683][ C1] RSP: 0018:ffffc90000d97670 EFLAGS: 00000282 [ 1554.664694][ C1] RAX: dffffc0000000000 RBX: ffffffff8163fc70 RCX: 0000000000000000 [ 1554.664703][ C1] RDX: 1ffff920001b2f0e RSI: ffffffff81bb28ab RDI: ffffc90000d97748 [ 1554.664711][ C1] RBP: ffffc90000d977d0 R08: ffffffff8e68ea70 R09: 0000000000000001 [ 1554.664720][ C1] R10: fffff520001b2ef4 R11: 0000000000086088 R12: ffffc90000d97800 [ 1554.664729][ C1] R13: 0000000000000000 R14: ffffc90000d97748 R15: 0000000000000000 [ 1554.664738][ C1] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 1554.664746][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1554.664754][ C1] CR2: 0000000020000700 CR3: 0000000017846000 CR4: 0000000000350ee0 [ 1554.664761][ C1] Call Trace: [ 1554.664766][ C1] ? stack_trace_save+0x8c/0xc0 [ 1554.664772][ C1] ? deref_stack_reg+0x150/0x150 [ 1554.664777][ C1] ? __unwind_start+0x51b/0x800 [ 1554.664783][ C1] ? create_prof_cpu_mask+0x20/0x20 [ 1554.664788][ C1] arch_stack_walk+0x7d/0xe0 [ 1554.664794][ C1] ? kasan_save_stack+0x1b/0x40 [ 1554.664799][ C1] ? kmem_cache_free+0x8e/0x5a0 [ 1554.664805][ C1] stack_trace_save+0x8c/0xc0 [ 1554.664810][ C1] ? stack_trace_consume_entry+0x160/0x160 [ 1554.664817][ C1] kasan_save_stack+0x1b/0x40 [ 1554.664822][ C1] ? kasan_save_stack+0x1b/0x40 [ 1554.664828][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1554.664835][ C1] ? find_held_lock+0x2d/0x110 [ 1554.664840][ C1] ? debug_check_no_obj_freed+0x20c/0x420 [ 1554.664846][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 1554.664852][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 1554.664858][ C1] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 1554.664864][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 1554.664870][ C1] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 1554.664877][ C1] ? debug_check_no_obj_freed+0x20c/0x420 [ 1554.664883][ C1] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1554.664890][ C1] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1554.664897][ C1] kasan_set_track+0x1c/0x30 [ 1554.664902][ C1] kasan_set_free_info+0x20/0x30 [ 1554.664907][ C1] __kasan_slab_free+0xfb/0x130 [ 1554.664913][ C1] slab_free_freelist_hook+0xdf/0x240 [ 1554.664918][ C1] kmem_cache_free+0x8e/0x5a0 [ 1554.664924][ C1] ? kfree_skbmem+0xef/0x1b0 [ 1554.664929][ C1] ? skb_release_data+0x627/0x750 [ 1554.664934][ C1] kfree_skbmem+0xef/0x1b0 [ 1554.664939][ C1] consume_skb+0xcf/0x160 [ 1554.664945][ C1] mac80211_hwsim_tx_frame+0x1f6/0x2a0 [ 1554.664951][ C1] mac80211_hwsim_beacon_tx+0x4b7/0x920 [ 1554.664956][ C1] __iterate_interfaces+0x1e5/0x520 [ 1554.664962][ C1] ? mac80211_hwsim_tx_frame+0x2a0/0x2a0 [ 1554.664968][ C1] ? mac80211_hwsim_tx_frame+0x2a0/0x2a0 [ 1554.664974][ C1] ? mac80211_hwsim_addr_match+0x180/0x180 [ 1554.664981][ C1] ieee80211_iterate_active_interfaces_atomic+0x8d/0x170 [ 1554.664988][ C1] mac80211_hwsim_beacon+0xd5/0x1a0 [ 1554.664993][ C1] __hrtimer_run_queues+0x609/0xe40 [ 1554.664999][ C1] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 1554.665006][ C1] ? ktime_get_update_offsets_now+0x3eb/0x5c0 [ 1554.665012][ C1] hrtimer_run_softirq+0x17b/0x360 [ 1554.665021][ C1] __do_softirq+0x29b/0x9bd [ 1554.665026][ C1] ? __irq_exit_rcu+0x1c0/0x1c0 [ 1554.665032][ C1] run_ksoftirqd+0x2d/0x60 [ 1554.665037][ C1] smpboot_thread_fn+0x645/0x9c0 [ 1554.665043][ C1] ? __smpboot_create_thread.part.0+0x370/0x370 [ 1554.665049][ C1] kthread+0x3e5/0x4d0 [ 1554.665054][ C1] ? set_kthread_struct+0x130/0x130 [ 1554.665059][ C1] ret_from_fork+0x1f/0x30 [ 1554.665073][ C0] NMI backtrace for cpu 0 [ 1555.055329][ C0] CPU: 0 PID: 27213 Comm: syz-executor.2 Not tainted 5.13.0-syzkaller #0 [ 1555.063722][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1555.073756][ C0] Call Trace: [ 1555.077015][ C0] [ 1555.079842][ C0] dump_stack_lvl+0xcd/0x134 [ 1555.084422][ C0] nmi_cpu_backtrace.cold+0x44/0xd7 [ 1555.089606][ C0] ? lapic_can_unplug_cpu+0x80/0x80 [ 1555.094792][ C0] nmi_trigger_cpumask_backtrace+0x1b3/0x230 [ 1555.100771][ C0] rcu_dump_cpu_stacks+0x25e/0x3f0 [ 1555.105869][ C0] rcu_sched_clock_irq.cold+0x9f/0x747 [ 1555.111319][ C0] ? find_held_lock+0x2d/0x110 [ 1555.116068][ C0] ? rcutree_dead_cpu+0x50/0x50 [ 1555.120898][ C0] ? tick_sched_timer+0x2b/0x2d0 [ 1555.125817][ C0] ? lock_downgrade+0x6e0/0x6e0 [ 1555.130659][ C0] update_process_times+0x16d/0x200 [ 1555.135842][ C0] tick_sched_handle+0x9b/0x180 [ 1555.140676][ C0] tick_sched_timer+0x1b0/0x2d0 [ 1555.145510][ C0] ? get_cpu_iowait_time_us+0x3f0/0x3f0 [ 1555.151040][ C0] __hrtimer_run_queues+0x1c0/0xe40 [ 1555.156228][ C0] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 1555.162191][ C0] ? ktime_get_update_offsets_now+0x3eb/0x5c0 [ 1555.168247][ C0] hrtimer_interrupt+0x330/0xa00 [ 1555.173184][ C0] __sysvec_apic_timer_interrupt+0x146/0x530 [ 1555.179149][ C0] sysvec_apic_timer_interrupt+0x40/0xc0 [ 1555.184764][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1555.190722][ C0] RIP: 0010:debug_lockdep_rcu_enabled+0x6/0x30 [ 1555.196857][ C0] Code: 0f 1f 40 00 0f 1f 44 00 00 65 81 05 00 ad e0 76 00 00 00 f0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 05 76 e5 c9 04 <85> c0 74 21 8b 05 ac 17 ca 04 85 c0 74 17 65 48 8b 04 25 00 f0 01 [ 1555.216444][ C0] RSP: 0018:ffffc90000007c18 EFLAGS: 00000246 [ 1555.222491][ C0] RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffffffff815b1071 [ 1555.230445][ C0] RDX: fffffbfff1bd6a43 RSI: 0000000000000008 RDI: ffffffff8deb5210 [ 1555.238394][ C0] RBP: 1ffff92000000f88 R08: 0000000000000000 R09: ffffffff8deb5217 [ 1555.246344][ C0] R10: fffffbfff1bd6a42 R11: 0000000000000000 R12: 0000000000000001 [ 1555.254293][ C0] R13: ffff888091647c60 R14: ffffffff872e9aa0 R15: 0000000000000000 [ 1555.262247][ C0] ? garp_request_leave+0x290/0x290 [ 1555.267435][ C0] ? lock_release+0xa1/0x720 [ 1555.272008][ C0] rcu_read_lock_sched_held+0xd/0x70 [ 1555.277274][ C0] lock_release+0x5d3/0x720 [ 1555.281758][ C0] ? garp_join_timer+0xaa/0xf0 [ 1555.286502][ C0] ? lock_downgrade+0x6e0/0x6e0 [ 1555.291335][ C0] ? do_raw_spin_lock+0x120/0x2b0 [ 1555.296343][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 1555.301259][ C0] ? lock_chain_count+0x20/0x20 [ 1555.306109][ C0] ? garp_request_leave+0x290/0x290 [ 1555.311288][ C0] _raw_spin_unlock+0x12/0x40 [ 1555.315949][ C0] garp_join_timer+0xaa/0xf0 [ 1555.320523][ C0] ? garp_request_leave+0x290/0x290 [ 1555.325715][ C0] call_timer_fn+0x1a5/0x6b0 [ 1555.330289][ C0] ? add_timer_on+0x4a0/0x4a0 [ 1555.335189][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1555.340374][ C0] ? garp_request_leave+0x290/0x290 [ 1555.345554][ C0] __run_timers.part.0+0x675/0xa50 [ 1555.350657][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 1555.355416][ C0] run_timer_softirq+0xb3/0x1d0 [ 1555.360248][ C0] __do_softirq+0x29b/0x9bd [ 1555.364753][ C0] __irq_exit_rcu+0x16e/0x1c0 [ 1555.369413][ C0] irq_exit_rcu+0x5/0x20 [ 1555.373648][ C0] sysvec_apic_timer_interrupt+0x93/0xc0 [ 1555.379262][ C0] [ 1555.382172][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1555.388130][ C0] RIP: 0010:__rcu_read_unlock+0xa2/0x520 [ 1555.393741][ C0] Code: 00 85 c0 75 53 65 48 8b 2c 25 00 f0 01 00 48 8d bd cc 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 4f 01 00 00 81 [ 1555.413326][ C0] RSP: 0018:ffffc9000a217c18 EFLAGS: 00000213 [ 1555.419374][ C0] RAX: dffffc0000000000 RBX: ffffc9000a217d80 RCX: ffffc9000df06000 [ 1555.427325][ C0] RDX: 0000000000000000 RSI: ffffffff88963a7d RDI: ffff88802eeb200c [ 1555.435276][ C0] RBP: ffff88802eeb1c40 R08: 0000000000000000 R09: 0000000000000001 [ 1555.443228][ C0] R10: ffffffff88963bd6 R11: 0000000000000000 R12: ffff88803a31c000 [ 1555.451194][ C0] R13: ffff88801cf42800 R14: ffffc9000a217d80 R15: ffff8880b2a42e00 [ 1555.459151][ C0] ? tipc_service_find+0x2c6/0x3f0 [ 1555.464246][ C0] ? tipc_service_find+0x16d/0x3f0 [ 1555.469345][ C0] tipc_service_find+0x172/0x3f0 [ 1555.474264][ C0] tipc_nametbl_build_group+0x8f/0x3b0 [ 1555.479878][ C0] ? tipc_group_create+0x5ee/0x8d0 [ 1555.484967][ C0] ? tipc_group_create+0x5fc/0x8d0 [ 1555.490080][ C0] tipc_setsockopt+0x5e9/0xe70 [ 1555.494847][ C0] ? tipc_sk_publish+0x690/0x690 [ 1555.499769][ C0] ? aa_af_perm+0x230/0x230 [ 1555.504262][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1555.510486][ C0] __sys_setsockopt+0x2db/0x610 [ 1555.515321][ C0] ? tipc_sk_publish+0x690/0x690 [ 1555.520240][ C0] ? __ia32_sys_recv+0x100/0x100 [ 1555.525177][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1555.531324][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1555.537709][ C0] ? trace_hardirqs_on+0x38/0x1c0 [ 1555.542722][ C0] __x64_sys_setsockopt+0xba/0x150 [ 1555.547816][ C0] ? syscall_enter_from_user_mode+0x21/0x70 [ 1555.553692][ C0] do_syscall_64+0x35/0xb0 [ 1555.558089][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1555.563964][ C0] RIP: 0033:0x4665d9 [ 1555.567837][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1555.587423][ C0] RSP: 002b:00007f246239c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1555.595832][ C0] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 1555.603784][ C0] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000006 [ 1555.611737][ C0] RBP: 00000000004bfcb9 R08: 0000000000000010 R09: 0000000000000000 [ 1555.619703][ C0] R10: 00000000200002c0 R11: 0000000000000246 R12: 000000000056bf80 [ 1555.627657][ C0] R13: 00007ffd27f0e81f R14: 00007f246239c300 R15: 0000000000022000 [ 1555.671989][ T20] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-... } 10596 jiffies s: 29985 root: 0x1/. [ 1555.690860][ T3257] ieee802154 phy0 wpan0: encryption failed: -22 [ 1555.697311][ T3257] ieee802154 phy1 wpan1: encryption failed: -22 [ 1555.762134][ T3257] ieee802154 phy0 wpan0: encryption failed: -22 [ 1555.768545][ T3257] ieee802154 phy1 wpan1: encryption failed: -22 [ 1555.891959][ T20] rcu: blocking rcu_node structures (internal RCU debug): [ 1556.104008][ T20] Task dump for CPU 0: [ 1556.213574][ T20] task:syz-executor.2 state:R running task stack:27696 pid:27213 ppid: 8446 flags:0x0000000e [ 1556.358631][ T20] Call Trace: [ 1556.429566][ T20] ? lock_chain_count+0x20/0x20 [ 1556.490455][ T20] ? mark_lock+0xef/0x17b0 [ 1556.550624][ T20] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1556.600621][ T20] ? __lock_acquire+0xbc2/0x54a0 [ 1556.605793][ T20] ? irqentry_enter+0x28/0x50 [ 1556.720626][ T20] ? sysvec_apic_timer_interrupt+0x73/0xc0 [ 1556.760621][ T20] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1556.767001][ T20] ? tipc_service_find+0x2c6/0x3f0 [ 1556.840621][ T20] ? tipc_service_find+0x16d/0x3f0 [ 1556.876486][ T20] ? __rcu_read_unlock+0xa2/0x520 [ 1556.920631][ T20] ? tipc_service_find+0x172/0x3f0 [ 1556.925971][ T20] ? tipc_nametbl_build_group+0x8f/0x3b0 [ 1557.000620][ T20] ? tipc_group_create+0x5ee/0x8d0 [ 1557.036430][ T20] ? tipc_group_create+0x5fc/0x8d0 [ 1557.066857][ T20] ? tipc_setsockopt+0x5e9/0xe70 [ 1557.110628][ T20] ? tipc_sk_publish+0x690/0x690 [ 1557.115794][ T20] ? aa_af_perm+0x230/0x230 [ 1557.170632][ T20] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1557.210623][ T20] ? __sys_setsockopt+0x2db/0x610 [ 1557.215877][ T20] ? tipc_sk_publish+0x690/0x690 21:31:31 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d01550000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:31:31 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r5, 0x8912, 0x400308) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d035d0000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) [ 1557.316904][ T20] ? __ia32_sys_recv+0x100/0x100 [ 1557.450627][ T20] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1557.538344][ T20] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 21:31:31 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0), 0x70500, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1557.634483][ T20] ? trace_hardirqs_on+0x38/0x1c0 [ 1557.639832][ T20] ? __x64_sys_setsockopt+0xba/0x150 [ 1557.705969][ T20] ? syscall_enter_from_user_mode+0x21/0x70 [ 1557.749855][T27212] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 1557.760517][T27212] __nla_validate_parse: 3 callbacks suppressed [ 1557.760532][T27212] netlink: 180404 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1557.760623][ T20] ? do_syscall_64+0x35/0xb0 [ 1557.934926][ T20] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1558.105176][T27212] sysfs: cannot create duplicate filename '/class/ieee80211/ [ 1558.105176][T27212] !' [ 1558.116863][T27212] CPU: 0 PID: 27212 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 [ 1558.125282][T27212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1558.135335][T27212] Call Trace: [ 1558.138610][T27212] dump_stack_lvl+0xcd/0x134 [ 1558.143217][T27212] sysfs_warn_dup.cold+0x1c/0x29 [ 1558.148172][T27212] sysfs_do_create_link_sd+0x11e/0x140 [ 1558.153644][T27212] sysfs_create_link+0x5f/0xc0 [ 1558.158417][T27212] device_add+0x789/0x2100 [ 1558.162838][T27212] ? mutex_lock_io_nested+0xf00/0xf00 [ 1558.168215][T27212] ? __mutex_unlock_slowpath+0xe2/0x610 [ 1558.173767][T27212] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 1558.180011][T27212] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1558.186252][T27212] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1558.192492][T27212] ? ieee80211_set_bitrate_flags+0x3e8/0x650 [ 1558.198479][T27212] wiphy_register+0x1e8a/0x29b0 [ 1558.203329][T27212] ? wiphy_unregister+0xbd0/0xbd0 [ 1558.208344][T27212] ? minstrel_ht_alloc+0x531/0xa00 [ 1558.213459][T27212] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 1558.219531][T27212] ieee80211_register_hw+0x1f3c/0x3ef0 [ 1558.224992][T27212] ? ieee80211_restart_hw+0x290/0x290 [ 1558.230359][T27212] ? debug_object_destroy+0x210/0x210 [ 1558.235727][T27212] ? memset+0x20/0x40 [ 1558.239702][T27212] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1558.245947][T27212] ? __hrtimer_init+0x136/0x280 [ 1558.250795][T27212] mac80211_hwsim_new_radio+0x2106/0x4940 [ 1558.256528][T27212] ? hwsim_virtio_rx_work+0x350/0x350 [ 1558.261893][T27212] ? __kmalloc_track_caller+0x1a0/0x320 [ 1558.267433][T27212] ? memcpy+0x39/0x60 [ 1558.271413][T27212] hwsim_new_radio_nl+0x9bc/0x1080 [ 1558.276529][T27212] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1558.282425][T27212] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1558.288656][T27212] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 1558.296038][T27212] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 1558.303324][T27212] genl_family_rcv_msg_doit+0x228/0x320 [ 1558.308866][T27212] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 1558.316231][T27212] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1558.322471][T27212] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1558.328699][T27212] ? ns_capable+0xde/0x100 [ 1558.333111][T27212] genl_rcv_msg+0x328/0x580 [ 1558.337629][T27212] ? genl_get_cmd+0x480/0x480 [ 1558.342300][T27212] ? mac80211_hwsim_new_radio+0x4940/0x4940 [ 1558.348192][T27212] ? lock_release+0x720/0x720 [ 1558.352863][T27212] netlink_rcv_skb+0x153/0x420 [ 1558.357620][T27212] ? genl_get_cmd+0x480/0x480 [ 1558.362290][T27212] ? netlink_ack+0xa60/0xa60 [ 1558.366881][T27212] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1558.373115][T27212] genl_rcv+0x24/0x40 [ 1558.377090][T27212] netlink_unicast+0x533/0x7d0 [ 1558.381851][T27212] ? netlink_attachskb+0x890/0x890 [ 1558.386954][T27212] ? __virt_addr_valid+0x5d/0x2d0 [ 1558.391968][T27212] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1558.398200][T27212] ? __phys_addr_symbol+0x2c/0x70 [ 1558.403390][T27212] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1558.409097][T27212] ? __check_object_size+0x16e/0x3f0 [ 1558.414377][T27212] netlink_sendmsg+0x85b/0xda0 [ 1558.419141][T27212] ? netlink_unicast+0x7d0/0x7d0 [ 1558.424079][T27212] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1558.430311][T27212] ? netlink_unicast+0x7d0/0x7d0 [ 1558.435242][T27212] sock_sendmsg+0xcf/0x120 [ 1558.439652][T27212] ____sys_sendmsg+0x6e8/0x810 [ 1558.444411][T27212] ? kernel_sendmsg+0x50/0x50 [ 1558.449075][T27212] ? do_recvmmsg+0x6d0/0x6d0 [ 1558.453661][T27212] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1558.459631][T27212] ? __fget_light+0x89/0x280 [ 1558.464220][T27212] ___sys_sendmsg+0xf3/0x170 [ 1558.468803][T27212] ? sendmsg_copy_msghdr+0x160/0x160 [ 1558.474081][T27212] ? __fget_files+0x266/0x3d0 [ 1558.478747][T27212] ? lock_downgrade+0x6e0/0x6e0 [ 1558.483597][T27212] ? __fget_files+0x288/0x3d0 [ 1558.488269][T27212] ? __fget_light+0xea/0x280 [ 1558.492849][T27212] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1558.499084][T27212] __sys_sendmsg+0xe5/0x1b0 [ 1558.503576][T27212] ? __sys_sendmsg_sock+0x30/0x30 [ 1558.508602][T27212] ? syscall_enter_from_user_mode+0x21/0x70 [ 1558.514492][T27212] do_syscall_64+0x35/0xb0 [ 1558.518902][T27212] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1558.524786][T27212] RIP: 0033:0x4665d9 [ 1558.528669][T27212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1558.548266][T27212] RSP: 002b:00007f3c79dcb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1558.556669][T27212] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665d9 [ 1558.564631][T27212] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1558.572590][T27212] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 1558.580548][T27212] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 [ 1558.588505][T27212] R13: 00007fff2988d9df R14: 00007f3c79dcb300 R15: 0000000000022000 21:31:35 executing program 2: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={0x0, 0x28}}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:31:36 executing program 1: sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2, 0x7}, 0x10) sendmmsg(r0, &(0x7f0000000a40), 0x8000000000000b0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/104, 0x68}], 0x1}}], 0x1, 0x0, &(0x7f0000004280)={0x0, 0x3938700}) r1 = socket(0x0, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)=@req={0x3fc, 0x0, 0x2}, 0x10) setsockopt$packet_int(r0, 0x107, 0x12, &(0x7f0000000340), 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000100)=@req={0x1f, 0xfffffffa, 0x7f, 0x3}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESHEX, @ANYBLOB, @ANYRES32=0x0, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x804) 21:31:36 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63940d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) mmap(&(0x7f00004d4000/0x2000)=nil, 0x2000, 0x0, 0x40010, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r1, 0xf50f, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x180000f, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) socket$packet(0x11, 0x0, 0x300) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, r2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 1562.643540][T17641] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 21:31:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400000000ec00000000000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c0012000b000100627269646765"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1c, 0x1b}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x50}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000010000d02550000000000000000000c00", @ANYRES32=r2, @ANYBLOB="89"], 0x20}}, 0x0) 21:31:37 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="e008030029000505d25a80648c63170d0424fc60100011400a2f0000013582c137153e370848018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1563.008773][T17641] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1563.270332][T17641] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1563.562583][T17641] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0