setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f00000003c0)=0x6, 0x4) 17:30:23 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x800e0000}) 17:30:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 781.373942] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:23 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600ff001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:23 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x24}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:23 executing program 5: syz_open_procfs(0x0, &(0x7f0000000080)='net/dev\x00') setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000200)=0x2, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r1, &(0x7f0000000180)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @local}}}, &(0x7f0000000140)=0x80) r3 = dup3(r0, r2, 0x0) sendto$inet(r3, &(0x7f0000000040)="35ab5bae8dd6d7ab8963f234e44bba9855", 0x11, 0x40080, 0x0, 0x0) [ 781.462710] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 781.469675] CPU: 0 PID: 5271 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 781.478093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.487605] Call Trace: [ 781.490224] dump_stack+0x1c9/0x2b4 [ 781.493904] ? dump_stack_print_info.cold.2+0x52/0x52 [ 781.499287] ? trace_hardirqs_on+0xd/0x10 [ 781.503443] sysfs_warn_dup.cold.3+0x1c/0x2b [ 781.507842] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 781.513195] sysfs_create_link+0x65/0xc0 [ 781.517245] device_add+0x5d0/0x17b0 [ 781.520948] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 781.525448] ? genl_family_rcv_msg+0x8a3/0x1140 [ 781.530119] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 781.535219] ? do_syscall_64+0x1b9/0x820 [ 781.539276] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 781.544453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.549982] wiphy_register+0x1a21/0x2740 [ 781.554120] ? wiphy_unregister+0x12c0/0x12c0 [ 781.558602] ? kasan_unpoison_shadow+0x35/0x50 [ 781.563315] ? kasan_kmalloc+0xc4/0xe0 [ 781.567192] ? __kmalloc+0x315/0x760 [ 781.570901] ? __lockdep_init_map+0x105/0x590 [ 781.575386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.580924] ? ieee80211_cs_list_valid+0x7c/0x440 [ 781.585764] ? ieee80211_register_hw+0xc61/0x3890 [ 781.590595] ieee80211_register_hw+0x146b/0x3890 [ 781.595366] ? init_timer_on_stack_key+0x31/0xe0 [ 781.600122] ? ieee80211_free_ack_frame+0x60/0x60 [ 781.604960] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 781.609982] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 781.616204] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 781.621731] ? vsnprintf+0x20d/0x1b60 [ 781.625615] ? pointer+0x990/0x990 [ 781.629153] ? check_same_owner+0x340/0x340 [ 781.633476] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 781.638490] ? kvasprintf+0xea/0x140 [ 781.642191] ? bust_spinlocks+0xe0/0xe0 [ 781.646155] ? kasprintf+0xab/0xe0 [ 781.649693] ? kvasprintf_const+0x190/0x190 [ 781.654006] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 781.659534] hwsim_new_radio_nl+0x7c0/0xa80 [ 781.663860] ? nla_parse+0x32b/0x4e0 [ 781.667568] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 781.672747] ? __netlink_ns_capable+0x100/0x130 [ 781.677403] genl_family_rcv_msg+0x8a3/0x1140 [ 781.682147] ? genl_unregister_family+0x8b0/0x8b0 [ 781.686990] ? netlink_deliver_tap+0x32d/0xfb0 [ 781.691563] ? lock_downgrade+0x8f0/0x8f0 [ 781.695697] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 781.700702] ? lock_release+0xa30/0xa30 [ 781.704662] ? __netlink_lookup+0x5e1/0xab0 [ 781.708970] ? lock_acquire+0x1e4/0x540 [ 781.712938] ? genl_rcv+0x19/0x40 [ 781.716382] genl_rcv_msg+0xc6/0x168 [ 781.720081] netlink_rcv_skb+0x172/0x440 [ 781.724131] ? genl_family_rcv_msg+0x1140/0x1140 [ 781.728872] ? netlink_ack+0xbe0/0xbe0 [ 781.732759] genl_rcv+0x28/0x40 [ 781.736023] netlink_unicast+0x5a0/0x760 [ 781.740069] ? netlink_attachskb+0x9a0/0x9a0 [ 781.744490] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.750016] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 781.755021] netlink_sendmsg+0xa18/0xfc0 [ 781.759085] ? netlink_unicast+0x760/0x760 [ 781.763306] ? move_addr_to_kernel.part.20+0x100/0x100 [ 781.768574] ? security_socket_sendmsg+0x94/0xc0 [ 781.773489] ? netlink_unicast+0x760/0x760 [ 781.777706] sock_sendmsg+0xd5/0x120 [ 781.781418] ___sys_sendmsg+0x7fd/0x930 [ 781.785390] ? copy_msghdr_from_user+0x580/0x580 [ 781.790129] ? lock_acquire+0x1e4/0x540 [ 781.794085] ? __fd_install+0x2b2/0x880 [ 781.798045] ? lock_downgrade+0x8f0/0x8f0 [ 781.802189] ? select_collect+0x610/0x610 [ 781.806325] ? __fget_light+0x2f7/0x440 [ 781.810284] ? fget_raw+0x20/0x20 [ 781.813736] ? __fd_install+0x2db/0x880 [ 781.817710] ? get_unused_fd_flags+0x1a0/0x1a0 [ 781.822309] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 781.827840] ? sockfd_lookup_light+0xc5/0x160 [ 781.832330] __sys_sendmsg+0x11d/0x290 [ 781.836202] ? __ia32_sys_shutdown+0x80/0x80 [ 781.840596] ? __x64_sys_futex+0x47f/0x6a0 [ 781.844813] ? fd_install+0x4d/0x60 [ 781.848436] ? ksys_ioctl+0x81/0xd0 [ 781.852050] __x64_sys_sendmsg+0x78/0xb0 [ 781.856100] do_syscall_64+0x1b9/0x820 [ 781.859971] ? finish_task_switch+0x1d3/0x870 [ 781.864453] ? syscall_return_slowpath+0x5e0/0x5e0 [ 781.869367] ? syscall_return_slowpath+0x31d/0x5e0 [ 781.874289] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 781.879306] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 781.884138] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 781.889312] RIP: 0033:0x456959 [ 781.892509] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:30:23 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="14000000000000002900"], 0xa}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:23 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8864000000000000}) [ 781.911403] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 781.919194] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 781.926456] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 781.933721] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 781.940974] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 781.948237] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 782.016123] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 782.052382] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 782.059325] CPU: 1 PID: 5287 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 782.067736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.077184] Call Trace: [ 782.079799] dump_stack+0x1c9/0x2b4 [ 782.083481] ? dump_stack_print_info.cold.2+0x52/0x52 [ 782.088692] ? trace_hardirqs_on+0xd/0x10 [ 782.092865] sysfs_warn_dup.cold.3+0x1c/0x2b [ 782.097262] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 782.102623] sysfs_create_link+0x65/0xc0 [ 782.106671] device_add+0x5d0/0x17b0 [ 782.110370] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 782.114851] ? genl_family_rcv_msg+0x8a3/0x1140 [ 782.119509] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 782.124600] ? do_syscall_64+0x1b9/0x820 [ 782.128650] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 782.133826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.139354] wiphy_register+0x1a21/0x2740 [ 782.143494] ? wiphy_unregister+0x12c0/0x12c0 [ 782.147992] ? kasan_unpoison_shadow+0x35/0x50 [ 782.152567] ? kasan_kmalloc+0xc4/0xe0 [ 782.156444] ? __kmalloc+0x315/0x760 [ 782.160146] ? __lockdep_init_map+0x105/0x590 [ 782.164628] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.170163] ? ieee80211_cs_list_valid+0x7c/0x440 [ 782.174995] ? ieee80211_register_hw+0xc61/0x3890 [ 782.179824] ieee80211_register_hw+0x146b/0x3890 [ 782.184567] ? init_timer_on_stack_key+0x31/0xe0 [ 782.189308] ? ieee80211_free_ack_frame+0x60/0x60 [ 782.194146] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 782.199157] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 782.205393] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 782.210917] ? vsnprintf+0x20d/0x1b60 [ 782.214716] ? pointer+0x990/0x990 [ 782.218245] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 782.222987] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 782.228013] ? kvasprintf+0xea/0x140 [ 782.231726] ? bust_spinlocks+0xe0/0xe0 [ 782.235689] ? kasprintf+0xab/0xe0 [ 782.239215] ? kvasprintf_const+0x190/0x190 [ 782.243537] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 782.249064] hwsim_new_radio_nl+0x7c0/0xa80 [ 782.253374] ? nla_parse+0x32b/0x4e0 [ 782.257073] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 782.262249] ? __netlink_ns_capable+0x100/0x130 [ 782.266917] genl_family_rcv_msg+0x8a3/0x1140 [ 782.271401] ? genl_unregister_family+0x8b0/0x8b0 [ 782.276227] ? netlink_deliver_tap+0x32d/0xfb0 [ 782.280794] ? lock_downgrade+0x8f0/0x8f0 [ 782.284927] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 782.289929] ? lock_release+0xa30/0xa30 [ 782.293889] ? lock_acquire+0x1e4/0x540 [ 782.297845] ? genl_rcv+0x19/0x40 [ 782.301288] genl_rcv_msg+0xc6/0x168 [ 782.304991] netlink_rcv_skb+0x172/0x440 [ 782.309045] ? genl_family_rcv_msg+0x1140/0x1140 [ 782.313783] ? netlink_ack+0xbe0/0xbe0 [ 782.317660] genl_rcv+0x28/0x40 [ 782.320926] netlink_unicast+0x5a0/0x760 [ 782.324972] ? netlink_attachskb+0x9a0/0x9a0 [ 782.329366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.334973] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 782.339982] netlink_sendmsg+0xa18/0xfc0 [ 782.344037] ? netlink_unicast+0x760/0x760 [ 782.348259] ? move_addr_to_kernel.part.20+0x100/0x100 [ 782.353521] ? security_socket_sendmsg+0x94/0xc0 [ 782.358258] ? netlink_unicast+0x760/0x760 [ 782.362478] sock_sendmsg+0xd5/0x120 [ 782.366368] ___sys_sendmsg+0x7fd/0x930 [ 782.370330] ? copy_msghdr_from_user+0x580/0x580 [ 782.375072] ? lock_acquire+0x1e4/0x540 [ 782.379032] ? __fd_install+0x2b2/0x880 [ 782.382991] ? lock_downgrade+0x8f0/0x8f0 [ 782.387127] ? select_collect+0x610/0x610 [ 782.391260] ? __fget_light+0x2f7/0x440 [ 782.395217] ? fget_raw+0x20/0x20 [ 782.398658] ? __fd_install+0x2db/0x880 [ 782.402618] ? get_unused_fd_flags+0x1a0/0x1a0 [ 782.407187] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 782.412713] ? sockfd_lookup_light+0xc5/0x160 [ 782.417194] __sys_sendmsg+0x11d/0x290 [ 782.421078] ? __ia32_sys_shutdown+0x80/0x80 [ 782.425472] ? __x64_sys_futex+0x47f/0x6a0 [ 782.429701] ? fd_install+0x4d/0x60 [ 782.433318] ? ksys_ioctl+0x81/0xd0 [ 782.436940] __x64_sys_sendmsg+0x78/0xb0 [ 782.440992] do_syscall_64+0x1b9/0x820 [ 782.444864] ? finish_task_switch+0x1d3/0x870 [ 782.449344] ? syscall_return_slowpath+0x5e0/0x5e0 [ 782.454255] ? syscall_return_slowpath+0x31d/0x5e0 [ 782.459169] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 782.464172] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 782.469015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 782.474191] RIP: 0033:0x456959 [ 782.477373] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 782.496257] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 782.503951] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 782.511204] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 782.518456] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 782.525720] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 782.532972] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 782.554035] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 782.565568] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 782.572569] CPU: 0 PID: 5271 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 782.580962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.590303] Call Trace: [ 782.592893] dump_stack+0x1c9/0x2b4 [ 782.596511] ? dump_stack_print_info.cold.2+0x52/0x52 [ 782.601689] ? trace_hardirqs_on+0xd/0x10 [ 782.605829] sysfs_warn_dup.cold.3+0x1c/0x2b [ 782.610222] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 782.615572] sysfs_create_link+0x65/0xc0 [ 782.619619] device_add+0x5d0/0x17b0 [ 782.623316] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 782.628565] ? genl_family_rcv_msg+0x8a3/0x1140 [ 782.633250] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 782.638340] ? do_syscall_64+0x1b9/0x820 [ 782.642400] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 782.647580] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.653106] wiphy_register+0x1a21/0x2740 [ 782.657248] ? wiphy_unregister+0x12c0/0x12c0 [ 782.661730] ? kasan_unpoison_shadow+0x35/0x50 [ 782.666324] ? kasan_kmalloc+0xc4/0xe0 [ 782.670200] ? __kmalloc+0x315/0x760 [ 782.673899] ? __lockdep_init_map+0x105/0x590 [ 782.678393] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.683929] ? ieee80211_cs_list_valid+0x7c/0x440 [ 782.688757] ? ieee80211_register_hw+0xc61/0x3890 [ 782.693586] ieee80211_register_hw+0x146b/0x3890 [ 782.698332] ? init_timer_on_stack_key+0x31/0xe0 [ 782.703076] ? ieee80211_free_ack_frame+0x60/0x60 [ 782.707911] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 782.712927] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 782.719158] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 782.724682] ? vsnprintf+0x20d/0x1b60 [ 782.728475] ? pointer+0x990/0x990 [ 782.732012] ? do_raw_spin_unlock+0xa7/0x2f0 [ 782.736409] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 782.741412] ? kvasprintf+0xea/0x140 [ 782.745109] ? bust_spinlocks+0xe0/0xe0 [ 782.749072] ? kasprintf+0xab/0xe0 [ 782.752609] ? kvasprintf_const+0x190/0x190 [ 782.756915] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 782.762440] hwsim_new_radio_nl+0x7c0/0xa80 [ 782.766755] ? nla_parse+0x32b/0x4e0 [ 782.770473] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 782.775651] ? __netlink_ns_capable+0x100/0x130 [ 782.780307] genl_family_rcv_msg+0x8a3/0x1140 [ 782.784800] ? genl_unregister_family+0x8b0/0x8b0 [ 782.789627] ? netlink_deliver_tap+0x32d/0xfb0 [ 782.794211] ? lock_downgrade+0x8f0/0x8f0 [ 782.798344] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 782.803362] ? lock_release+0xa30/0xa30 [ 782.807331] ? lock_acquire+0x1e4/0x540 [ 782.811381] ? genl_rcv+0x19/0x40 [ 782.814824] genl_rcv_msg+0xc6/0x168 [ 782.818524] netlink_rcv_skb+0x172/0x440 [ 782.822742] ? genl_family_rcv_msg+0x1140/0x1140 [ 782.827486] ? netlink_ack+0xbe0/0xbe0 [ 782.831368] genl_rcv+0x28/0x40 [ 782.834630] netlink_unicast+0x5a0/0x760 [ 782.838675] ? netlink_attachskb+0x9a0/0x9a0 [ 782.843069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.848590] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 782.853593] netlink_sendmsg+0xa18/0xfc0 [ 782.857641] ? netlink_unicast+0x760/0x760 [ 782.861863] ? move_addr_to_kernel.part.20+0x100/0x100 [ 782.867126] ? security_socket_sendmsg+0x94/0xc0 [ 782.871863] ? netlink_unicast+0x760/0x760 [ 782.876082] sock_sendmsg+0xd5/0x120 [ 782.879780] ___sys_sendmsg+0x7fd/0x930 [ 782.883751] ? copy_msghdr_from_user+0x580/0x580 [ 782.888510] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 782.893688] ? __fget_light+0x2f7/0x440 [ 782.897647] ? fget_raw+0x20/0x20 [ 782.901089] ? __fd_install+0x2db/0x880 [ 782.905047] ? dlci_ioctl_set+0x40/0x40 [ 782.909010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.914533] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 782.920051] ? sockfd_lookup_light+0xc5/0x160 [ 782.924541] __sys_sendmsg+0x11d/0x290 [ 782.928414] ? __ia32_sys_shutdown+0x80/0x80 [ 782.932898] ? __x64_sys_futex+0x47f/0x6a0 [ 782.937125] ? fd_install+0x4d/0x60 [ 782.940745] ? ksys_ioctl+0x81/0xd0 [ 782.944366] __x64_sys_sendmsg+0x78/0xb0 [ 782.948414] do_syscall_64+0x1b9/0x820 [ 782.952290] ? finish_task_switch+0x1d3/0x870 [ 782.956770] ? syscall_return_slowpath+0x5e0/0x5e0 [ 782.961694] ? syscall_return_slowpath+0x31d/0x5e0 [ 782.966615] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 782.971617] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 782.976471] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 782.981644] RIP: 0033:0x456959 [ 782.984833] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 783.003719] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 783.011414] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 17:30:24 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc8070031") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:24 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:24 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="14000000000000002900"], 0xa}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:24 executing program 5: exit(0x0) r0 = socket$netlink(0x10, 0x3, 0x0) close(r0) socket$unix(0x1, 0x1, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000000), &(0x7f0000006380)=0x10) 17:30:24 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x6000000000000000}) 17:30:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006003f001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:24 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1810000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 783.018668] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 783.025922] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 783.033198] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 783.040455] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 783.091588] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. 17:30:24 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x86ddffff00000000}) 17:30:25 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="14000000000000002900"], 0xa}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:25 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600fc001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:25 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1c00000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 783.136591] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 783.143552] CPU: 0 PID: 5324 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 783.151960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.161324] Call Trace: [ 783.163939] dump_stack+0x1c9/0x2b4 [ 783.167592] ? dump_stack_print_info.cold.2+0x52/0x52 [ 783.172820] ? trace_hardirqs_on+0xd/0x10 [ 783.177007] sysfs_warn_dup.cold.3+0x1c/0x2b [ 783.181445] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 783.186855] sysfs_create_link+0x65/0xc0 [ 783.190944] device_add+0x5d0/0x17b0 [ 783.194696] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 783.199210] ? genl_family_rcv_msg+0x8a3/0x1140 [ 783.203900] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 783.209035] ? do_syscall_64+0x1b9/0x820 [ 783.213106] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 783.218320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.225172] wiphy_register+0x1a21/0x2740 [ 783.229336] ? wiphy_unregister+0x12c0/0x12c0 [ 783.233820] ? kasan_unpoison_shadow+0x35/0x50 [ 783.238385] ? kasan_kmalloc+0xc4/0xe0 [ 783.242256] ? __kmalloc+0x315/0x760 [ 783.245968] ? __lockdep_init_map+0x105/0x590 [ 783.250453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.255988] ? ieee80211_cs_list_valid+0x7c/0x440 [ 783.260817] ? ieee80211_register_hw+0xc61/0x3890 [ 783.265658] ieee80211_register_hw+0x146b/0x3890 [ 783.270404] ? init_timer_on_stack_key+0x31/0xe0 [ 783.275148] ? ieee80211_free_ack_frame+0x60/0x60 [ 783.279994] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 783.285032] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 783.291182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 783.296880] ? vsnprintf+0x20d/0x1b60 [ 783.300664] ? pointer+0x990/0x990 [ 783.304202] ? check_same_owner+0x340/0x340 [ 783.308513] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 783.313514] ? kvasprintf+0xea/0x140 [ 783.317215] ? bust_spinlocks+0xe0/0xe0 [ 783.321177] ? kasprintf+0xab/0xe0 [ 783.324704] ? kvasprintf_const+0x190/0x190 [ 783.329019] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 783.334558] hwsim_new_radio_nl+0x7c0/0xa80 [ 783.338865] ? nla_parse+0x32b/0x4e0 [ 783.342567] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 783.347742] ? __netlink_ns_capable+0x100/0x130 [ 783.352399] genl_family_rcv_msg+0x8a3/0x1140 [ 783.356886] ? genl_unregister_family+0x8b0/0x8b0 [ 783.361711] ? netlink_deliver_tap+0x32d/0xfb0 [ 783.366281] ? lock_downgrade+0x8f0/0x8f0 [ 783.370434] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 783.375456] ? lock_release+0xa30/0xa30 [ 783.379433] ? __netlink_lookup+0x5e1/0xab0 [ 783.383739] ? lock_acquire+0x1e4/0x540 [ 783.387695] ? genl_rcv+0x19/0x40 [ 783.391143] genl_rcv_msg+0xc6/0x168 [ 783.394845] netlink_rcv_skb+0x172/0x440 [ 783.398900] ? genl_family_rcv_msg+0x1140/0x1140 [ 783.403640] ? netlink_ack+0xbe0/0xbe0 [ 783.407517] genl_rcv+0x28/0x40 [ 783.410781] netlink_unicast+0x5a0/0x760 [ 783.414829] ? netlink_attachskb+0x9a0/0x9a0 [ 783.419225] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.424748] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 783.429749] netlink_sendmsg+0xa18/0xfc0 [ 783.433798] ? netlink_unicast+0x760/0x760 [ 783.438021] ? move_addr_to_kernel.part.20+0x100/0x100 [ 783.443283] ? security_socket_sendmsg+0x94/0xc0 [ 783.448021] ? netlink_unicast+0x760/0x760 [ 783.452240] sock_sendmsg+0xd5/0x120 [ 783.455939] ___sys_sendmsg+0x7fd/0x930 [ 783.459919] ? copy_msghdr_from_user+0x580/0x580 [ 783.464674] ? lock_acquire+0x1e4/0x540 [ 783.468636] ? __fd_install+0x2b2/0x880 [ 783.472597] ? lock_downgrade+0x8f0/0x8f0 [ 783.476742] ? select_collect+0x610/0x610 [ 783.480874] ? __fget_light+0x2f7/0x440 [ 783.484832] ? fget_raw+0x20/0x20 [ 783.488285] ? __fd_install+0x2db/0x880 [ 783.492242] ? get_unused_fd_flags+0x1a0/0x1a0 [ 783.496816] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 783.502348] ? sockfd_lookup_light+0xc5/0x160 [ 783.506832] __sys_sendmsg+0x11d/0x290 [ 783.510704] ? __ia32_sys_shutdown+0x80/0x80 [ 783.515102] ? __x64_sys_futex+0x47f/0x6a0 [ 783.519324] ? fd_install+0x4d/0x60 [ 783.522951] ? ksys_ioctl+0x81/0xd0 [ 783.526564] __x64_sys_sendmsg+0x78/0xb0 [ 783.530610] do_syscall_64+0x1b9/0x820 [ 783.534481] ? finish_task_switch+0x1d3/0x870 [ 783.538961] ? syscall_return_slowpath+0x5e0/0x5e0 [ 783.543876] ? syscall_return_slowpath+0x31d/0x5e0 [ 783.548790] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 783.553792] ? prepare_exit_to_usermode+0x291/0x3b0 [ 783.558797] ? perf_trace_sys_enter+0xb10/0xb10 [ 783.563452] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 783.568285] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 783.573458] RIP: 0033:0x456959 [ 783.576640] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 783.595525] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 783.603219] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 783.610472] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 783.617739] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 783.625005] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 783.632258] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:25 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e0000"], 0xf}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:25 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x84ffffff00000000}) 17:30:25 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffff90}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 783.663932] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 783.729295] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 783.736273] CPU: 1 PID: 5331 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 783.744809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.754165] Call Trace: [ 783.756761] dump_stack+0x1c9/0x2b4 [ 783.760375] ? dump_stack_print_info.cold.2+0x52/0x52 [ 783.765554] ? trace_hardirqs_on+0xd/0x10 [ 783.769709] sysfs_warn_dup.cold.3+0x1c/0x2b [ 783.774118] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 783.779466] sysfs_create_link+0x65/0xc0 [ 783.783520] device_add+0x5d0/0x17b0 [ 783.787226] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 783.791709] ? genl_family_rcv_msg+0x8a3/0x1140 [ 783.796374] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 783.801468] ? do_syscall_64+0x1b9/0x820 [ 783.805531] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 783.810707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.816243] wiphy_register+0x1a21/0x2740 [ 783.820386] ? wiphy_unregister+0x12c0/0x12c0 [ 783.824868] ? kasan_unpoison_shadow+0x35/0x50 [ 783.829437] ? kasan_kmalloc+0xc4/0xe0 [ 783.833314] ? __kmalloc+0x315/0x760 [ 783.837195] ? __lockdep_init_map+0x105/0x590 [ 783.841700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.847235] ? ieee80211_cs_list_valid+0x7c/0x440 [ 783.852066] ? ieee80211_register_hw+0xc61/0x3890 [ 783.856899] ieee80211_register_hw+0x146b/0x3890 [ 783.861669] ? init_timer_on_stack_key+0x31/0xe0 [ 783.866431] ? ieee80211_free_ack_frame+0x60/0x60 [ 783.871278] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 783.876290] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 783.882431] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 783.887954] ? vsnprintf+0x20d/0x1b60 [ 783.891739] ? pointer+0x990/0x990 [ 783.895266] ? do_raw_spin_unlock+0xa7/0x2f0 [ 783.899662] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 783.904662] ? kvasprintf+0xea/0x140 [ 783.908378] ? bust_spinlocks+0xe0/0xe0 [ 783.912340] ? kasprintf+0xab/0xe0 [ 783.915870] ? kvasprintf_const+0x190/0x190 [ 783.920193] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 783.925719] hwsim_new_radio_nl+0x7c0/0xa80 [ 783.930043] ? nla_parse+0x32b/0x4e0 [ 783.933741] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 783.938918] ? __netlink_ns_capable+0x100/0x130 [ 783.943574] genl_family_rcv_msg+0x8a3/0x1140 [ 783.948060] ? genl_unregister_family+0x8b0/0x8b0 [ 783.952910] ? netlink_deliver_tap+0x32d/0xfb0 [ 783.957478] ? lock_downgrade+0x8f0/0x8f0 [ 783.961611] ? lock_release+0xa30/0xa30 [ 783.965572] ? lock_acquire+0x1e4/0x540 [ 783.969545] ? genl_rcv+0x19/0x40 [ 783.972990] genl_rcv_msg+0xc6/0x168 [ 783.976704] netlink_rcv_skb+0x172/0x440 [ 783.980752] ? genl_family_rcv_msg+0x1140/0x1140 [ 783.985490] ? netlink_ack+0xbe0/0xbe0 [ 783.989368] genl_rcv+0x28/0x40 [ 783.992630] netlink_unicast+0x5a0/0x760 [ 783.996677] ? netlink_attachskb+0x9a0/0x9a0 [ 784.001074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.006596] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 784.011608] netlink_sendmsg+0xa18/0xfc0 [ 784.015657] ? netlink_unicast+0x760/0x760 [ 784.019882] ? move_addr_to_kernel.part.20+0x100/0x100 [ 784.025144] ? security_socket_sendmsg+0x94/0xc0 [ 784.029882] ? netlink_unicast+0x760/0x760 [ 784.034114] sock_sendmsg+0xd5/0x120 [ 784.037836] ___sys_sendmsg+0x7fd/0x930 [ 784.041806] ? copy_msghdr_from_user+0x580/0x580 [ 784.046549] ? lock_acquire+0x1e4/0x540 [ 784.050507] ? __fd_install+0x2b2/0x880 [ 784.054468] ? lock_downgrade+0x8f0/0x8f0 [ 784.058600] ? select_collect+0x610/0x610 [ 784.062749] ? __fget_light+0x2f7/0x440 [ 784.066721] ? fget_raw+0x20/0x20 [ 784.070174] ? __fd_install+0x2db/0x880 [ 784.074135] ? get_unused_fd_flags+0x1a0/0x1a0 [ 784.078723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 784.084246] ? sockfd_lookup_light+0xc5/0x160 [ 784.088731] __sys_sendmsg+0x11d/0x290 [ 784.092604] ? __ia32_sys_shutdown+0x80/0x80 [ 784.096999] ? __x64_sys_futex+0x47f/0x6a0 [ 784.101218] ? fd_install+0x4d/0x60 [ 784.104836] ? syscall_slow_exit_work+0x500/0x500 [ 784.109667] ? ksys_ioctl+0x81/0xd0 [ 784.113283] __x64_sys_sendmsg+0x78/0xb0 [ 784.117342] do_syscall_64+0x1b9/0x820 [ 784.121219] ? syscall_return_slowpath+0x5e0/0x5e0 [ 784.126148] ? syscall_return_slowpath+0x31d/0x5e0 [ 784.131063] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 784.136068] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 784.140900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.146075] RIP: 0033:0x456959 [ 784.149272] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 784.168171] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:26 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f8571") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 784.175866] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 784.183120] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 784.190384] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 784.197635] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 784.204885] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 784.220390] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. 17:30:26 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000603b4001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 784.256316] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 784.263279] CPU: 1 PID: 5353 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 784.271683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.281033] Call Trace: [ 784.283643] dump_stack+0x1c9/0x2b4 [ 784.287290] ? dump_stack_print_info.cold.2+0x52/0x52 [ 784.292499] ? trace_hardirqs_on+0xd/0x10 [ 784.296784] sysfs_warn_dup.cold.3+0x1c/0x2b [ 784.301218] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 784.306602] sysfs_create_link+0x65/0xc0 [ 784.310683] device_add+0x5d0/0x17b0 [ 784.314416] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 784.318933] ? genl_family_rcv_msg+0x8a3/0x1140 [ 784.323630] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 784.328751] ? do_syscall_64+0x1b9/0x820 [ 784.332834] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 784.338050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.343612] wiphy_register+0x1a21/0x2740 [ 784.347788] ? wiphy_unregister+0x12c0/0x12c0 [ 784.352305] ? kasan_unpoison_shadow+0x35/0x50 [ 784.356902] ? kasan_kmalloc+0xc4/0xe0 [ 784.360812] ? __kmalloc+0x315/0x760 [ 784.364552] ? __lockdep_init_map+0x105/0x590 [ 784.369072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.374621] ? ieee80211_cs_list_valid+0x7c/0x440 [ 784.379487] ? ieee80211_register_hw+0xc61/0x3890 [ 784.384341] ieee80211_register_hw+0x146b/0x3890 [ 784.389185] ? init_timer_on_stack_key+0x31/0xe0 [ 784.393939] ? ieee80211_free_ack_frame+0x60/0x60 [ 784.398788] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 784.403808] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 784.409962] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 784.415495] ? vsnprintf+0x20d/0x1b60 [ 784.419291] ? pointer+0x990/0x990 [ 784.422836] ? do_raw_spin_unlock+0xa7/0x2f0 [ 784.427262] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 784.432268] ? kvasprintf+0xea/0x140 [ 784.435974] ? bust_spinlocks+0xe0/0xe0 [ 784.439939] ? kasprintf+0xab/0xe0 [ 784.443489] ? kvasprintf_const+0x190/0x190 [ 784.447833] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 784.453369] hwsim_new_radio_nl+0x7c0/0xa80 [ 784.457681] ? nla_parse+0x32b/0x4e0 [ 784.461403] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 784.466584] ? __netlink_ns_capable+0x100/0x130 [ 784.471246] genl_family_rcv_msg+0x8a3/0x1140 [ 784.475757] ? genl_unregister_family+0x8b0/0x8b0 [ 784.480586] ? netlink_deliver_tap+0x32d/0xfb0 [ 784.485158] ? lock_downgrade+0x8f0/0x8f0 [ 784.489293] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 784.494309] ? lock_release+0xa30/0xa30 [ 784.498272] ? lock_acquire+0x1e4/0x540 [ 784.502242] ? genl_rcv+0x19/0x40 [ 784.505691] genl_rcv_msg+0xc6/0x168 [ 784.509395] netlink_rcv_skb+0x172/0x440 [ 784.513443] ? genl_family_rcv_msg+0x1140/0x1140 [ 784.518193] ? netlink_ack+0xbe0/0xbe0 [ 784.522066] genl_rcv+0x28/0x40 [ 784.525334] netlink_unicast+0x5a0/0x760 [ 784.529907] ? netlink_attachskb+0x9a0/0x9a0 [ 784.534306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.539845] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 784.544869] netlink_sendmsg+0xa18/0xfc0 [ 784.548925] ? netlink_unicast+0x760/0x760 [ 784.553158] ? move_addr_to_kernel.part.20+0x100/0x100 [ 784.558445] ? security_socket_sendmsg+0x94/0xc0 [ 784.563187] ? netlink_unicast+0x760/0x760 [ 784.567407] sock_sendmsg+0xd5/0x120 [ 784.571104] ___sys_sendmsg+0x7fd/0x930 [ 784.575076] ? copy_msghdr_from_user+0x580/0x580 [ 784.579833] ? __sched_text_start+0x8/0x8 [ 784.583983] ? __fget_light+0x2f7/0x440 [ 784.587945] ? fget_raw+0x20/0x20 [ 784.591388] ? __fd_install+0x2db/0x880 [ 784.595350] ? get_unused_fd_flags+0x1a0/0x1a0 [ 784.599927] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 784.605457] ? sockfd_lookup_light+0xc5/0x160 [ 784.609947] __sys_sendmsg+0x11d/0x290 [ 784.613827] ? __ia32_sys_shutdown+0x80/0x80 [ 784.618229] ? __x64_sys_futex+0x47f/0x6a0 [ 784.622455] ? fd_install+0x4d/0x60 [ 784.626079] ? syscall_slow_exit_work+0x500/0x500 [ 784.630927] ? ksys_ioctl+0x81/0xd0 [ 784.634550] __x64_sys_sendmsg+0x78/0xb0 [ 784.638605] do_syscall_64+0x1b9/0x820 [ 784.642485] ? finish_task_switch+0x1d3/0x870 [ 784.646978] ? syscall_return_slowpath+0x5e0/0x5e0 [ 784.651908] ? syscall_return_slowpath+0x31d/0x5e0 [ 784.656837] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 784.661855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 784.666700] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.671890] RIP: 0033:0x456959 [ 784.675100] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 784.694004] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='uid_map\x00') dup2(r0, r1) sendto$unix(r1, &(0x7f0000000040)="f766ed465c054dc0e92459c39fa0b46898a80f7e74bb79b2cab04c399d61d171a7bf273b9c243f813cc6d4dbf98abb0c42563abbd2526cd6539ba837ffb8731c726631ea6a4977cedb1579639e60d5302c4a791f997c", 0x56, 0xfffffffffffffff6, 0x0, 0x0) 17:30:26 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x1c00000000000000}) 17:30:26 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e0000"], 0xf}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:26 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1c}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 784.701711] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 784.708976] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 784.716243] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 784.723500] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 784.730762] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 784.749827] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 784.772769] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 784.779711] CPU: 1 PID: 5331 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 784.788136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.797480] Call Trace: [ 784.800065] dump_stack+0x1c9/0x2b4 [ 784.803681] ? dump_stack_print_info.cold.2+0x52/0x52 [ 784.808874] ? trace_hardirqs_on+0xd/0x10 [ 784.813019] sysfs_warn_dup.cold.3+0x1c/0x2b [ 784.817429] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 784.822779] sysfs_create_link+0x65/0xc0 [ 784.826834] device_add+0x5d0/0x17b0 [ 784.830535] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 784.835028] ? genl_family_rcv_msg+0x8a3/0x1140 [ 784.839689] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 784.844779] ? do_syscall_64+0x1b9/0x820 [ 784.848830] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 784.854006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.859619] wiphy_register+0x1a21/0x2740 [ 784.863759] ? wiphy_unregister+0x12c0/0x12c0 [ 784.868256] ? kasan_unpoison_shadow+0x35/0x50 [ 784.872822] ? kasan_kmalloc+0xc4/0xe0 [ 784.876711] ? __kmalloc+0x315/0x760 [ 784.880418] ? __lockdep_init_map+0x105/0x590 [ 784.884901] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.890422] ? ieee80211_cs_list_valid+0x7c/0x440 [ 784.895250] ? ieee80211_register_hw+0xc61/0x3890 [ 784.900095] ieee80211_register_hw+0x146b/0x3890 [ 784.904847] ? init_timer_on_stack_key+0x31/0xe0 [ 784.909603] ? ieee80211_free_ack_frame+0x60/0x60 [ 784.914439] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 784.919459] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 784.925594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 784.931128] ? vsnprintf+0x20d/0x1b60 [ 784.934911] ? pointer+0x990/0x990 [ 784.938437] ? do_raw_spin_unlock+0xa7/0x2f0 [ 784.942831] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 784.947833] ? kvasprintf+0xea/0x140 [ 784.951543] ? bust_spinlocks+0xe0/0xe0 [ 784.955505] ? kasprintf+0xab/0xe0 [ 784.959031] ? kvasprintf_const+0x190/0x190 [ 784.963340] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 784.968864] hwsim_new_radio_nl+0x7c0/0xa80 [ 784.973173] ? nla_parse+0x32b/0x4e0 [ 784.976873] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 784.982053] ? __netlink_ns_capable+0x100/0x130 [ 784.986710] genl_family_rcv_msg+0x8a3/0x1140 [ 784.991198] ? genl_unregister_family+0x8b0/0x8b0 [ 784.996021] ? netlink_deliver_tap+0x32d/0xfb0 [ 785.000589] ? lock_downgrade+0x8f0/0x8f0 [ 785.004721] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 785.009724] ? lock_release+0xa30/0xa30 [ 785.013696] ? lock_acquire+0x1e4/0x540 [ 785.017665] ? genl_rcv+0x19/0x40 [ 785.021118] genl_rcv_msg+0xc6/0x168 [ 785.024816] netlink_rcv_skb+0x172/0x440 [ 785.028947] ? genl_family_rcv_msg+0x1140/0x1140 [ 785.033686] ? netlink_ack+0xbe0/0xbe0 [ 785.037560] genl_rcv+0x28/0x40 [ 785.040823] netlink_unicast+0x5a0/0x760 [ 785.044869] ? netlink_attachskb+0x9a0/0x9a0 [ 785.049272] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.054794] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 785.059796] netlink_sendmsg+0xa18/0xfc0 [ 785.063843] ? netlink_unicast+0x760/0x760 [ 785.068065] ? move_addr_to_kernel.part.20+0x100/0x100 [ 785.073329] ? security_socket_sendmsg+0x94/0xc0 [ 785.078066] ? netlink_unicast+0x760/0x760 [ 785.082286] sock_sendmsg+0xd5/0x120 [ 785.085983] ___sys_sendmsg+0x7fd/0x930 [ 785.089941] ? copy_msghdr_from_user+0x580/0x580 [ 785.094684] ? lock_acquire+0x1e4/0x540 [ 785.098642] ? __fd_install+0x2b2/0x880 [ 785.102599] ? lock_downgrade+0x8f0/0x8f0 [ 785.106744] ? select_collect+0x610/0x610 [ 785.110886] ? __fget_light+0x2f7/0x440 [ 785.114841] ? fget_raw+0x20/0x20 [ 785.118281] ? __fd_install+0x2db/0x880 [ 785.122256] ? get_unused_fd_flags+0x1a0/0x1a0 [ 785.126829] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 785.132347] ? sockfd_lookup_light+0xc5/0x160 [ 785.136828] __sys_sendmsg+0x11d/0x290 [ 785.140698] ? __ia32_sys_shutdown+0x80/0x80 [ 785.145095] ? __x64_sys_futex+0x47f/0x6a0 [ 785.149319] ? fd_install+0x4d/0x60 [ 785.152937] ? syscall_slow_exit_work+0x500/0x500 [ 785.157780] ? ksys_ioctl+0x81/0xd0 [ 785.161391] __x64_sys_sendmsg+0x78/0xb0 [ 785.165449] do_syscall_64+0x1b9/0x820 [ 785.169321] ? syscall_return_slowpath+0x5e0/0x5e0 [ 785.174237] ? syscall_return_slowpath+0x31d/0x5e0 [ 785.179152] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 785.184157] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 785.188996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 785.194171] RIP: 0033:0x456959 [ 785.197352] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 785.216237] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 785.223934] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 785.231187] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 785.238441] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 785.245693] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 785.252949] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:27 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:27 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060009001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:27 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e0000"], 0xf}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:27 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f8571") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:27 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffff8000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:27 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x43050000}) 17:30:27 executing program 5: r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000002980), 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r1, &(0x7f0000000180)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @local}}}, &(0x7f0000000040)=0xfc) dup3(r0, r2, 0x0) pwrite64(r2, &(0x7f0000000280), 0x0, 0x0) [ 785.333207] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 785.403232] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 785.410201] CPU: 0 PID: 5393 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 785.418618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 785.427984] Call Trace: [ 785.430601] dump_stack+0x1c9/0x2b4 [ 785.434249] ? dump_stack_print_info.cold.2+0x52/0x52 [ 785.439459] ? trace_hardirqs_on+0xd/0x10 [ 785.443627] sysfs_warn_dup.cold.3+0x1c/0x2b [ 785.448051] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 785.453426] sysfs_create_link+0x65/0xc0 [ 785.457507] device_add+0x5d0/0x17b0 [ 785.461247] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 785.465763] ? genl_family_rcv_msg+0x8a3/0x1140 [ 785.470449] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 785.475570] ? do_syscall_64+0x1b9/0x820 [ 785.479647] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 785.484852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.490419] wiphy_register+0x1a21/0x2740 [ 785.494589] ? wiphy_unregister+0x12c0/0x12c0 [ 785.499099] ? kasan_unpoison_shadow+0x35/0x50 17:30:27 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e0000000000"], 0x12}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) sendto$unix(r0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0) 17:30:27 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xac1414aa}) [ 785.503698] ? kasan_kmalloc+0xc4/0xe0 [ 785.507610] ? __kmalloc+0x315/0x760 [ 785.511342] ? __lockdep_init_map+0x105/0x590 [ 785.515866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.521427] ? ieee80211_cs_list_valid+0x7c/0x440 [ 785.526287] ? ieee80211_register_hw+0xc61/0x3890 [ 785.531152] ieee80211_register_hw+0x146b/0x3890 [ 785.535930] ? init_timer_on_stack_key+0x31/0xe0 [ 785.540729] ? ieee80211_free_ack_frame+0x60/0x60 [ 785.545581] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 785.550599] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 785.556751] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 785.562283] ? vsnprintf+0x20d/0x1b60 [ 785.566075] ? pointer+0x990/0x990 [ 785.569698] ? check_same_owner+0x340/0x340 [ 785.574012] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 785.579015] ? kvasprintf+0xea/0x140 [ 785.582729] ? bust_spinlocks+0xe0/0xe0 [ 785.586689] ? kasprintf+0xab/0xe0 [ 785.590214] ? kvasprintf_const+0x190/0x190 [ 785.594525] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 785.600052] hwsim_new_radio_nl+0x7c0/0xa80 [ 785.604361] ? nla_parse+0x32b/0x4e0 [ 785.608060] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 785.613250] ? __netlink_ns_capable+0x100/0x130 [ 785.617906] genl_family_rcv_msg+0x8a3/0x1140 [ 785.622390] ? genl_unregister_family+0x8b0/0x8b0 [ 785.627235] ? netlink_deliver_tap+0x32d/0xfb0 [ 785.631803] ? lock_downgrade+0x8f0/0x8f0 [ 785.635934] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 785.640933] ? lock_release+0xa30/0xa30 [ 785.644891] ? __netlink_lookup+0x5e1/0xab0 [ 785.649200] ? lock_acquire+0x1e4/0x540 [ 785.653162] ? genl_rcv+0x19/0x40 [ 785.656607] genl_rcv_msg+0xc6/0x168 [ 785.660307] netlink_rcv_skb+0x172/0x440 [ 785.664366] ? genl_family_rcv_msg+0x1140/0x1140 [ 785.669109] ? netlink_ack+0xbe0/0xbe0 [ 785.672996] genl_rcv+0x28/0x40 [ 785.676271] netlink_unicast+0x5a0/0x760 [ 785.680329] ? netlink_attachskb+0x9a0/0x9a0 [ 785.684732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.690264] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 785.695264] netlink_sendmsg+0xa18/0xfc0 [ 785.699326] ? netlink_unicast+0x760/0x760 [ 785.703548] ? move_addr_to_kernel.part.20+0x100/0x100 [ 785.708815] ? security_socket_sendmsg+0x94/0xc0 [ 785.713557] ? netlink_unicast+0x760/0x760 [ 785.717777] sock_sendmsg+0xd5/0x120 [ 785.721474] ___sys_sendmsg+0x7fd/0x930 [ 785.725434] ? copy_msghdr_from_user+0x580/0x580 [ 785.730280] ? lock_acquire+0x1e4/0x540 [ 785.734241] ? __fd_install+0x2b2/0x880 [ 785.738203] ? lock_downgrade+0x8f0/0x8f0 [ 785.742339] ? select_collect+0x610/0x610 [ 785.746560] ? __fget_light+0x2f7/0x440 [ 785.750532] ? fget_raw+0x20/0x20 [ 785.753977] ? __fd_install+0x2db/0x880 [ 785.757938] ? get_unused_fd_flags+0x1a0/0x1a0 [ 785.762511] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 785.768037] ? sockfd_lookup_light+0xc5/0x160 [ 785.772519] __sys_sendmsg+0x11d/0x290 [ 785.776402] ? __ia32_sys_shutdown+0x80/0x80 [ 785.780800] ? __x64_sys_futex+0x47f/0x6a0 [ 785.785019] ? fd_install+0x4d/0x60 [ 785.788636] ? ksys_ioctl+0x81/0xd0 [ 785.792249] __x64_sys_sendmsg+0x78/0xb0 [ 785.796297] do_syscall_64+0x1b9/0x820 [ 785.800172] ? finish_task_switch+0x1d3/0x870 [ 785.804651] ? syscall_return_slowpath+0x5e0/0x5e0 [ 785.809565] ? syscall_return_slowpath+0x31d/0x5e0 [ 785.814490] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 785.819495] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 785.824329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 785.829505] RIP: 0033:0x456959 [ 785.832686] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 785.851574] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 785.859269] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 785.866524] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 785.873786] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 785.881049] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 785.888300] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:27 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x80350000}) 17:30:27 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f8571") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 785.910036] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:27 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:27 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8864}) [ 785.995483] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 786.002534] CPU: 1 PID: 5414 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 786.010944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 786.020429] Call Trace: [ 786.023013] dump_stack+0x1c9/0x2b4 [ 786.026630] ? dump_stack_print_info.cold.2+0x52/0x52 [ 786.031811] ? trace_hardirqs_on+0xd/0x10 [ 786.035949] sysfs_warn_dup.cold.3+0x1c/0x2b [ 786.040346] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 786.045699] sysfs_create_link+0x65/0xc0 [ 786.049768] device_add+0x5d0/0x17b0 [ 786.053473] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 786.057952] ? genl_family_rcv_msg+0x8a3/0x1140 [ 786.062610] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 786.067703] ? do_syscall_64+0x1b9/0x820 [ 786.071756] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 786.076934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.082472] wiphy_register+0x1a21/0x2740 [ 786.086610] ? wiphy_unregister+0x12c0/0x12c0 [ 786.091089] ? kasan_unpoison_shadow+0x35/0x50 [ 786.095657] ? kasan_kmalloc+0xc4/0xe0 [ 786.099538] ? __kmalloc+0x315/0x760 [ 786.103240] ? __lockdep_init_map+0x105/0x590 [ 786.107726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.113353] ? ieee80211_cs_list_valid+0x7c/0x440 [ 786.118184] ? ieee80211_register_hw+0xc61/0x3890 [ 786.123035] ieee80211_register_hw+0x146b/0x3890 [ 786.127782] ? init_timer_on_stack_key+0x31/0xe0 [ 786.132526] ? ieee80211_free_ack_frame+0x60/0x60 [ 786.137363] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 786.142371] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 786.148515] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 786.154037] ? vsnprintf+0x20d/0x1b60 [ 786.157823] ? pointer+0x990/0x990 [ 786.161347] ? check_same_owner+0x340/0x340 [ 786.165655] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 786.170658] ? kvasprintf+0xea/0x140 [ 786.174363] ? bust_spinlocks+0xe0/0xe0 [ 786.178328] ? kasprintf+0xab/0xe0 [ 786.181852] ? kvasprintf_const+0x190/0x190 [ 786.186161] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 786.191691] hwsim_new_radio_nl+0x7c0/0xa80 [ 786.196000] ? nla_parse+0x32b/0x4e0 [ 786.199699] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 786.204887] ? __netlink_ns_capable+0x100/0x130 [ 786.209544] genl_family_rcv_msg+0x8a3/0x1140 [ 786.214025] ? genl_unregister_family+0x8b0/0x8b0 [ 786.218859] ? netlink_deliver_tap+0x32d/0xfb0 [ 786.223428] ? lock_downgrade+0x8f0/0x8f0 [ 786.227561] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 786.232575] ? lock_release+0xa30/0xa30 [ 786.236536] ? __netlink_lookup+0x5e1/0xab0 [ 786.240844] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 786.245599] genl_rcv_msg+0xc6/0x168 [ 786.249299] netlink_rcv_skb+0x172/0x440 [ 786.253342] ? genl_family_rcv_msg+0x1140/0x1140 [ 786.258096] ? netlink_ack+0xbe0/0xbe0 [ 786.261982] genl_rcv+0x28/0x40 [ 786.265245] netlink_unicast+0x5a0/0x760 [ 786.269301] ? netlink_attachskb+0x9a0/0x9a0 [ 786.273695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.279221] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 786.284224] netlink_sendmsg+0xa18/0xfc0 [ 786.288289] ? netlink_unicast+0x760/0x760 [ 786.292512] ? move_addr_to_kernel.part.20+0x100/0x100 [ 786.297786] ? security_socket_sendmsg+0x94/0xc0 [ 786.302539] ? netlink_unicast+0x760/0x760 [ 786.306758] sock_sendmsg+0xd5/0x120 [ 786.310454] ___sys_sendmsg+0x7fd/0x930 [ 786.314416] ? copy_msghdr_from_user+0x580/0x580 [ 786.319165] ? lock_acquire+0x1e4/0x540 [ 786.323126] ? __fd_install+0x2b2/0x880 [ 786.327083] ? lock_downgrade+0x8f0/0x8f0 [ 786.331215] ? select_collect+0x610/0x610 [ 786.335350] ? __fget_light+0x2f7/0x440 [ 786.339319] ? fget_raw+0x20/0x20 [ 786.342759] ? __fd_install+0x2db/0x880 [ 786.346721] ? get_unused_fd_flags+0x1a0/0x1a0 [ 786.351290] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 786.356811] ? sockfd_lookup_light+0xc5/0x160 [ 786.361293] __sys_sendmsg+0x11d/0x290 [ 786.365177] ? __ia32_sys_shutdown+0x80/0x80 [ 786.369572] ? __x64_sys_futex+0x47f/0x6a0 [ 786.373787] ? fd_install+0x4d/0x60 [ 786.377415] ? ksys_ioctl+0x81/0xd0 [ 786.381026] __x64_sys_sendmsg+0x78/0xb0 [ 786.385080] do_syscall_64+0x1b9/0x820 [ 786.388951] ? finish_task_switch+0x1d3/0x870 [ 786.393432] ? syscall_return_slowpath+0x5e0/0x5e0 [ 786.398344] ? syscall_return_slowpath+0x31d/0x5e0 [ 786.403261] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 786.408264] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 786.413095] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 786.418272] RIP: 0033:0x456959 [ 786.421454] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:30:28 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060006001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 786.440340] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 786.448043] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 786.455296] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 786.462550] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 786.469814] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 786.477077] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 786.508017] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 786.527182] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 786.534178] CPU: 1 PID: 5393 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 786.542681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 786.552033] Call Trace: [ 786.554620] dump_stack+0x1c9/0x2b4 [ 786.558237] ? dump_stack_print_info.cold.2+0x52/0x52 [ 786.563765] ? trace_hardirqs_on+0xd/0x10 [ 786.567914] sysfs_warn_dup.cold.3+0x1c/0x2b [ 786.572310] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 786.577756] sysfs_create_link+0x65/0xc0 [ 786.581819] device_add+0x5d0/0x17b0 [ 786.585522] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 786.590006] ? genl_family_rcv_msg+0x8a3/0x1140 [ 786.594668] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 786.599758] ? do_syscall_64+0x1b9/0x820 [ 786.603804] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 786.608982] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.614513] wiphy_register+0x1a21/0x2740 [ 786.618654] ? wiphy_unregister+0x12c0/0x12c0 [ 786.623134] ? kasan_unpoison_shadow+0x35/0x50 [ 786.627714] ? kasan_kmalloc+0xc4/0xe0 [ 786.631595] ? __kmalloc+0x315/0x760 [ 786.635320] ? __lockdep_init_map+0x105/0x590 [ 786.639802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.645330] ? ieee80211_cs_list_valid+0x7c/0x440 [ 786.650176] ? ieee80211_register_hw+0xc61/0x3890 [ 786.655004] ieee80211_register_hw+0x146b/0x3890 [ 786.659753] ? init_timer_on_stack_key+0x31/0xe0 [ 786.664495] ? ieee80211_free_ack_frame+0x60/0x60 [ 786.669332] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 786.674340] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 786.680472] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 786.686006] ? vsnprintf+0x20d/0x1b60 [ 786.689791] ? pointer+0x990/0x990 [ 786.693316] ? do_raw_spin_unlock+0xa7/0x2f0 [ 786.697714] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 786.702719] ? kvasprintf+0xea/0x140 [ 786.706416] ? bust_spinlocks+0xe0/0xe0 [ 786.710378] ? kasprintf+0xab/0xe0 [ 786.713901] ? kvasprintf_const+0x190/0x190 [ 786.718212] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 786.723740] hwsim_new_radio_nl+0x7c0/0xa80 [ 786.728053] ? nla_parse+0x32b/0x4e0 [ 786.731753] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 786.736945] ? __netlink_ns_capable+0x100/0x130 [ 786.741616] genl_family_rcv_msg+0x8a3/0x1140 [ 786.746109] ? genl_unregister_family+0x8b0/0x8b0 [ 786.750935] ? netlink_deliver_tap+0x32d/0xfb0 [ 786.755863] ? lock_downgrade+0x8f0/0x8f0 [ 786.759996] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 786.764998] ? lock_release+0xa30/0xa30 [ 786.768960] ? lock_acquire+0x1e4/0x540 [ 786.772917] ? genl_rcv+0x19/0x40 [ 786.776362] genl_rcv_msg+0xc6/0x168 [ 786.780062] netlink_rcv_skb+0x172/0x440 [ 786.784109] ? genl_family_rcv_msg+0x1140/0x1140 [ 786.788848] ? netlink_ack+0xbe0/0xbe0 [ 786.792732] genl_rcv+0x28/0x40 [ 786.795996] netlink_unicast+0x5a0/0x760 [ 786.800043] ? netlink_attachskb+0x9a0/0x9a0 [ 786.804624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.810157] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 786.815159] netlink_sendmsg+0xa18/0xfc0 [ 786.819216] ? netlink_unicast+0x760/0x760 [ 786.823439] ? move_addr_to_kernel.part.20+0x100/0x100 [ 786.828699] ? security_socket_sendmsg+0x94/0xc0 [ 786.833449] ? netlink_unicast+0x760/0x760 [ 786.837669] sock_sendmsg+0xd5/0x120 [ 786.841370] ___sys_sendmsg+0x7fd/0x930 [ 786.845330] ? copy_msghdr_from_user+0x580/0x580 [ 786.850083] ? lock_acquire+0x1e4/0x540 [ 786.854054] ? __fd_install+0x2b2/0x880 [ 786.858015] ? lock_downgrade+0x8f0/0x8f0 [ 786.862146] ? select_collect+0x610/0x610 [ 786.866281] ? __fget_light+0x2f7/0x440 [ 786.870240] ? fget_raw+0x20/0x20 [ 786.873681] ? __fd_install+0x2db/0x880 [ 786.877646] ? get_unused_fd_flags+0x1a0/0x1a0 [ 786.882215] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 786.887738] ? sockfd_lookup_light+0xc5/0x160 [ 786.892216] __sys_sendmsg+0x11d/0x290 [ 786.896088] ? __ia32_sys_shutdown+0x80/0x80 [ 786.900485] ? __x64_sys_futex+0x47f/0x6a0 [ 786.904703] ? fd_install+0x4d/0x60 [ 786.908409] ? ksys_ioctl+0x81/0xd0 [ 786.912030] __x64_sys_sendmsg+0x78/0xb0 [ 786.916080] do_syscall_64+0x1b9/0x820 [ 786.919950] ? finish_task_switch+0x1d3/0x870 [ 786.924439] ? syscall_return_slowpath+0x5e0/0x5e0 [ 786.929376] ? syscall_return_slowpath+0x31d/0x5e0 [ 786.934304] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 786.939308] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 786.944141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 786.949327] RIP: 0033:0x456959 [ 786.952510] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 786.971408] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 786.979103] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 786.986368] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 786.993622] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 787.000887] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 787.008246] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 787.030662] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 787.055020] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 787.061961] CPU: 1 PID: 5414 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 787.070372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.079831] Call Trace: [ 787.082440] dump_stack+0x1c9/0x2b4 [ 787.086092] ? dump_stack_print_info.cold.2+0x52/0x52 [ 787.091310] ? trace_hardirqs_on+0xd/0x10 [ 787.095485] sysfs_warn_dup.cold.3+0x1c/0x2b [ 787.099931] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 787.105309] sysfs_create_link+0x65/0xc0 [ 787.109389] device_add+0x5d0/0x17b0 [ 787.113122] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 787.117637] ? genl_family_rcv_msg+0x8a3/0x1140 [ 787.122328] ? get_device_parent.isra.27+0x5a0/0x5a0 17:30:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 787.127450] ? do_syscall_64+0x1b9/0x820 [ 787.131534] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 787.136747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.142311] wiphy_register+0x1a21/0x2740 [ 787.146488] ? wiphy_unregister+0x12c0/0x12c0 [ 787.151003] ? kasan_unpoison_shadow+0x35/0x50 [ 787.155600] ? kasan_kmalloc+0xc4/0xe0 [ 787.159484] ? __kmalloc+0x315/0x760 [ 787.163194] ? __lockdep_init_map+0x105/0x590 [ 787.167694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.173232] ? ieee80211_cs_list_valid+0x7c/0x440 [ 787.178062] ? ieee80211_register_hw+0xc61/0x3890 [ 787.182894] ieee80211_register_hw+0x146b/0x3890 [ 787.187653] ? init_timer_on_stack_key+0x31/0xe0 [ 787.192414] ? ieee80211_free_ack_frame+0x60/0x60 [ 787.197253] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 787.202269] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 787.208406] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 787.213943] ? vsnprintf+0x20d/0x1b60 [ 787.217734] ? pointer+0x990/0x990 [ 787.221333] ? do_raw_spin_unlock+0xa7/0x2f0 [ 787.225747] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 787.230760] ? kvasprintf+0xea/0x140 [ 787.234468] ? bust_spinlocks+0xe0/0xe0 [ 787.238452] ? kasprintf+0xab/0xe0 [ 787.241987] ? kvasprintf_const+0x190/0x190 [ 787.246295] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 787.251829] hwsim_new_radio_nl+0x7c0/0xa80 [ 787.256153] ? nla_parse+0x32b/0x4e0 [ 787.259861] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 787.265044] ? __netlink_ns_capable+0x100/0x130 [ 787.269696] genl_family_rcv_msg+0x8a3/0x1140 [ 787.274182] ? genl_unregister_family+0x8b0/0x8b0 [ 787.279012] ? netlink_deliver_tap+0x32d/0xfb0 [ 787.283576] ? lock_downgrade+0x8f0/0x8f0 [ 787.287716] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 787.292818] ? lock_release+0xa30/0xa30 [ 787.296775] ? lock_acquire+0x1e4/0x540 [ 787.300737] ? genl_rcv+0x19/0x40 [ 787.304189] genl_rcv_msg+0xc6/0x168 [ 787.307892] netlink_rcv_skb+0x172/0x440 [ 787.311953] ? genl_family_rcv_msg+0x1140/0x1140 [ 787.316697] ? netlink_ack+0xbe0/0xbe0 [ 787.320606] genl_rcv+0x28/0x40 [ 787.323880] netlink_unicast+0x5a0/0x760 [ 787.327926] ? netlink_attachskb+0x9a0/0x9a0 [ 787.332320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.337843] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 787.342845] netlink_sendmsg+0xa18/0xfc0 [ 787.346892] ? netlink_unicast+0x760/0x760 [ 787.351114] ? move_addr_to_kernel.part.20+0x100/0x100 [ 787.356378] ? security_socket_sendmsg+0x94/0xc0 [ 787.361118] ? netlink_unicast+0x760/0x760 [ 787.365333] sock_sendmsg+0xd5/0x120 [ 787.369030] ___sys_sendmsg+0x7fd/0x930 [ 787.373000] ? copy_msghdr_from_user+0x580/0x580 [ 787.377745] ? lock_acquire+0x1e4/0x540 [ 787.381717] ? __fd_install+0x2b2/0x880 [ 787.385690] ? lock_downgrade+0x8f0/0x8f0 [ 787.389828] ? select_collect+0x610/0x610 [ 787.393960] ? __fget_light+0x2f7/0x440 [ 787.397917] ? fget_raw+0x20/0x20 [ 787.401355] ? __fd_install+0x2db/0x880 [ 787.405321] ? get_unused_fd_flags+0x1a0/0x1a0 [ 787.409912] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 787.415443] ? sockfd_lookup_light+0xc5/0x160 [ 787.419926] __sys_sendmsg+0x11d/0x290 [ 787.423807] ? __ia32_sys_shutdown+0x80/0x80 [ 787.428219] ? __x64_sys_futex+0x47f/0x6a0 [ 787.432442] ? fd_install+0x4d/0x60 [ 787.436064] ? ksys_ioctl+0x81/0xd0 [ 787.439677] __x64_sys_sendmsg+0x78/0xb0 [ 787.443742] do_syscall_64+0x1b9/0x820 [ 787.447620] ? finish_task_switch+0x1d3/0x870 [ 787.452112] ? syscall_return_slowpath+0x5e0/0x5e0 [ 787.457024] ? syscall_return_slowpath+0x31d/0x5e0 [ 787.462894] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 787.467901] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 787.472742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 787.477913] RIP: 0033:0x456959 [ 787.481104] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 787.499991] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 787.507697] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 787.514955] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 787.522210] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 17:30:29 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:29 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x70000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:29 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e000000000000"], 0x13}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:29 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f857140") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:29 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006f000001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:29 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8035}) 17:30:29 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 787.529463] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 787.536718] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 787.548517] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 787.580227] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 787.587196] CPU: 0 PID: 5456 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 787.595729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.605090] Call Trace: [ 787.607692] dump_stack+0x1c9/0x2b4 [ 787.611331] ? dump_stack_print_info.cold.2+0x52/0x52 [ 787.616536] ? trace_hardirqs_on+0xd/0x10 [ 787.620680] sysfs_warn_dup.cold.3+0x1c/0x2b [ 787.625094] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 787.630455] sysfs_create_link+0x65/0xc0 [ 787.634513] device_add+0x5d0/0x17b0 [ 787.638219] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 787.642707] ? genl_family_rcv_msg+0x8a3/0x1140 [ 787.647396] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 787.652499] ? do_syscall_64+0x1b9/0x820 [ 787.656556] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 787.661765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.667304] wiphy_register+0x1a21/0x2740 [ 787.671464] ? wiphy_unregister+0x12c0/0x12c0 [ 787.675966] ? kasan_unpoison_shadow+0x35/0x50 [ 787.680541] ? kasan_kmalloc+0xc4/0xe0 [ 787.684425] ? __kmalloc+0x315/0x760 [ 787.688143] ? __lockdep_init_map+0x105/0x590 [ 787.692632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.698165] ? ieee80211_cs_list_valid+0x7c/0x440 [ 787.703010] ? ieee80211_register_hw+0xc61/0x3890 [ 787.707867] ieee80211_register_hw+0x146b/0x3890 [ 787.712622] ? init_timer_on_stack_key+0x31/0xe0 [ 787.717386] ? ieee80211_free_ack_frame+0x60/0x60 [ 787.722231] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 787.727250] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 787.733396] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 787.738946] ? vsnprintf+0x20d/0x1b60 [ 787.742755] ? pointer+0x990/0x990 [ 787.746294] ? do_raw_spin_unlock+0xa7/0x2f0 [ 787.750693] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 787.755704] ? kvasprintf+0xea/0x140 [ 787.759411] ? bust_spinlocks+0xe0/0xe0 [ 787.763376] ? kasprintf+0xab/0xe0 [ 787.766913] ? kvasprintf_const+0x190/0x190 [ 787.771233] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 787.776764] hwsim_new_radio_nl+0x7c0/0xa80 [ 787.781081] ? nla_parse+0x32b/0x4e0 [ 787.784789] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 787.789977] ? __netlink_ns_capable+0x100/0x130 [ 787.794660] genl_family_rcv_msg+0x8a3/0x1140 [ 787.799169] ? genl_unregister_family+0x8b0/0x8b0 [ 787.804011] ? netlink_deliver_tap+0x32d/0xfb0 [ 787.808607] ? lock_downgrade+0x8f0/0x8f0 [ 787.812753] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 787.817771] ? lock_release+0xa30/0xa30 [ 787.821751] ? lock_acquire+0x1e4/0x540 [ 787.825724] ? genl_rcv+0x19/0x40 [ 787.829188] genl_rcv_msg+0xc6/0x168 [ 787.832904] netlink_rcv_skb+0x172/0x440 [ 787.836980] ? genl_family_rcv_msg+0x1140/0x1140 [ 787.841730] ? netlink_ack+0xbe0/0xbe0 [ 787.845624] genl_rcv+0x28/0x40 [ 787.848892] netlink_unicast+0x5a0/0x760 [ 787.852940] ? netlink_attachskb+0x9a0/0x9a0 [ 787.857337] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.862865] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 787.867874] netlink_sendmsg+0xa18/0xfc0 [ 787.871925] ? netlink_unicast+0x760/0x760 [ 787.876149] ? move_addr_to_kernel.part.20+0x100/0x100 [ 787.881417] ? security_socket_sendmsg+0x94/0xc0 [ 787.886178] ? netlink_unicast+0x760/0x760 [ 787.890414] sock_sendmsg+0xd5/0x120 [ 787.894126] ___sys_sendmsg+0x7fd/0x930 [ 787.898100] ? copy_msghdr_from_user+0x580/0x580 [ 787.902859] ? __sched_text_start+0x8/0x8 [ 787.907015] ? __fget_light+0x2f7/0x440 [ 787.910989] ? fget_raw+0x20/0x20 [ 787.914430] ? __fd_install+0x2db/0x880 [ 787.918394] ? get_unused_fd_flags+0x1a0/0x1a0 [ 787.922970] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 787.928510] ? sockfd_lookup_light+0xc5/0x160 [ 787.933000] __sys_sendmsg+0x11d/0x290 [ 787.936926] ? __ia32_sys_shutdown+0x80/0x80 [ 787.941443] ? __x64_sys_futex+0x47f/0x6a0 [ 787.945678] ? fd_install+0x4d/0x60 [ 787.949476] ? syscall_slow_exit_work+0x500/0x500 [ 787.954314] ? ksys_ioctl+0x81/0xd0 [ 787.957943] __x64_sys_sendmsg+0x78/0xb0 [ 787.962540] do_syscall_64+0x1b9/0x820 [ 787.966447] ? finish_task_switch+0x1d3/0x870 [ 787.970944] ? syscall_return_slowpath+0x5e0/0x5e0 [ 787.975883] ? syscall_return_slowpath+0x31d/0x5e0 [ 787.980815] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 787.985838] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 787.990681] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 787.995861] RIP: 0033:0x456959 [ 787.999131] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 788.018048] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 788.025767] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 788.033046] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 788.040311] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 788.047660] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 788.054926] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:29 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x6000}) [ 788.080385] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 788.102936] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 788.109952] CPU: 1 PID: 5471 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 788.118367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 788.127730] Call Trace: [ 788.130321] dump_stack+0x1c9/0x2b4 [ 788.133942] ? dump_stack_print_info.cold.2+0x52/0x52 [ 788.139132] ? trace_hardirqs_on+0xd/0x10 [ 788.143330] sysfs_warn_dup.cold.3+0x1c/0x2b [ 788.147733] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 788.153096] sysfs_create_link+0x65/0xc0 [ 788.157147] device_add+0x5d0/0x17b0 [ 788.160867] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 788.165352] ? genl_family_rcv_msg+0x8a3/0x1140 [ 788.170013] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 788.175976] ? do_syscall_64+0x1b9/0x820 [ 788.180030] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 788.185222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.190747] wiphy_register+0x1a21/0x2740 [ 788.194885] ? wiphy_unregister+0x12c0/0x12c0 [ 788.199368] ? kasan_unpoison_shadow+0x35/0x50 [ 788.203947] ? kasan_kmalloc+0xc4/0xe0 [ 788.207820] ? __kmalloc+0x315/0x760 [ 788.211546] ? __lockdep_init_map+0x105/0x590 [ 788.216029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.221595] ? ieee80211_cs_list_valid+0x7c/0x440 [ 788.226435] ? ieee80211_register_hw+0xc61/0x3890 [ 788.231293] ieee80211_register_hw+0x146b/0x3890 [ 788.236131] ? init_timer_on_stack_key+0x31/0xe0 [ 788.240873] ? ieee80211_free_ack_frame+0x60/0x60 [ 788.245708] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 788.250731] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 788.256868] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 788.262405] ? vsnprintf+0x20d/0x1b60 [ 788.266195] ? pointer+0x990/0x990 [ 788.269721] ? check_same_owner+0x340/0x340 [ 788.274031] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 788.279037] ? kvasprintf+0xea/0x140 [ 788.282740] ? bust_spinlocks+0xe0/0xe0 [ 788.286706] ? kasprintf+0xab/0xe0 [ 788.290254] ? kvasprintf_const+0x190/0x190 [ 788.294565] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 788.300107] hwsim_new_radio_nl+0x7c0/0xa80 [ 788.304417] ? nla_parse+0x32b/0x4e0 [ 788.308141] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 788.313316] ? __netlink_ns_capable+0x100/0x130 [ 788.317974] genl_family_rcv_msg+0x8a3/0x1140 [ 788.322457] ? genl_unregister_family+0x8b0/0x8b0 [ 788.327292] ? netlink_deliver_tap+0x32d/0xfb0 [ 788.331861] ? lock_downgrade+0x8f0/0x8f0 [ 788.336001] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 788.341026] ? lock_release+0xa30/0xa30 [ 788.345178] ? __netlink_lookup+0x5e1/0xab0 [ 788.349488] ? lock_acquire+0x1e4/0x540 [ 788.353447] ? genl_rcv+0x19/0x40 [ 788.356891] genl_rcv_msg+0xc6/0x168 [ 788.360590] netlink_rcv_skb+0x172/0x440 [ 788.364647] ? genl_family_rcv_msg+0x1140/0x1140 [ 788.369389] ? netlink_ack+0xbe0/0xbe0 [ 788.373275] genl_rcv+0x28/0x40 [ 788.376538] netlink_unicast+0x5a0/0x760 [ 788.380585] ? netlink_attachskb+0x9a0/0x9a0 [ 788.384976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.390502] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 788.395506] netlink_sendmsg+0xa18/0xfc0 [ 788.399555] ? netlink_unicast+0x760/0x760 [ 788.403776] ? move_addr_to_kernel.part.20+0x100/0x100 [ 788.409052] ? security_socket_sendmsg+0x94/0xc0 [ 788.413791] ? netlink_unicast+0x760/0x760 [ 788.418009] sock_sendmsg+0xd5/0x120 [ 788.421711] ___sys_sendmsg+0x7fd/0x930 [ 788.425677] ? copy_msghdr_from_user+0x580/0x580 [ 788.430418] ? lock_acquire+0x1e4/0x540 [ 788.434377] ? __fd_install+0x2b2/0x880 [ 788.438340] ? lock_downgrade+0x8f0/0x8f0 [ 788.442506] ? select_collect+0x610/0x610 [ 788.446732] ? __fget_light+0x2f7/0x440 [ 788.450689] ? fget_raw+0x20/0x20 [ 788.454127] ? __fd_install+0x2db/0x880 [ 788.458090] ? get_unused_fd_flags+0x1a0/0x1a0 [ 788.462664] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 788.468185] ? sockfd_lookup_light+0xc5/0x160 [ 788.472666] __sys_sendmsg+0x11d/0x290 [ 788.476541] ? __ia32_sys_shutdown+0x80/0x80 [ 788.480951] ? __x64_sys_futex+0x47f/0x6a0 [ 788.485181] ? fd_install+0x4d/0x60 [ 788.488797] ? ksys_ioctl+0x81/0xd0 [ 788.492420] __x64_sys_sendmsg+0x78/0xb0 [ 788.496466] do_syscall_64+0x1b9/0x820 [ 788.500354] ? finish_task_switch+0x1d3/0x870 [ 788.504837] ? syscall_return_slowpath+0x5e0/0x5e0 [ 788.509760] ? syscall_return_slowpath+0x31d/0x5e0 [ 788.514677] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 788.519777] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 788.524623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 788.529809] RIP: 0033:0x456959 [ 788.533013] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 788.551899] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 788.559594] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 788.566859] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 788.574114] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 17:30:30 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e00000000000000"], 0x14}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:30 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:30 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000002d00050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 788.581378] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 788.588631] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:30 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xa000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:30 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f857140") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:30 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 788.682874] IPv6: Can't replace route, no match found [ 788.688239] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 788.723962] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 788.730979] CPU: 1 PID: 5482 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 788.739660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 788.749028] Call Trace: [ 788.751626] dump_stack+0x1c9/0x2b4 [ 788.755251] ? dump_stack_print_info.cold.2+0x52/0x52 [ 788.760440] ? trace_hardirqs_on+0xd/0x10 [ 788.764602] sysfs_warn_dup.cold.3+0x1c/0x2b [ 788.769000] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 788.774352] sysfs_create_link+0x65/0xc0 [ 788.778403] device_add+0x5d0/0x17b0 [ 788.782102] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 788.786583] ? genl_family_rcv_msg+0x8a3/0x1140 [ 788.791238] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 788.796329] ? do_syscall_64+0x1b9/0x820 [ 788.800381] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 788.805563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.811090] wiphy_register+0x1a21/0x2740 [ 788.815228] ? wiphy_unregister+0x12c0/0x12c0 [ 788.819712] ? kasan_unpoison_shadow+0x35/0x50 [ 788.824279] ? kasan_kmalloc+0xc4/0xe0 [ 788.828156] ? __kmalloc+0x315/0x760 [ 788.831857] ? __lockdep_init_map+0x105/0x590 [ 788.836348] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.841885] ? ieee80211_cs_list_valid+0x7c/0x440 [ 788.846719] ? ieee80211_register_hw+0xc61/0x3890 [ 788.851555] ieee80211_register_hw+0x146b/0x3890 [ 788.856302] ? init_timer_on_stack_key+0x31/0xe0 [ 788.861043] ? ieee80211_free_ack_frame+0x60/0x60 [ 788.865881] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 788.870899] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 788.877033] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 788.882557] ? vsnprintf+0x20d/0x1b60 [ 788.886343] ? pointer+0x990/0x990 [ 788.890045] ? do_raw_spin_unlock+0xa7/0x2f0 [ 788.894441] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 788.899454] ? kvasprintf+0xea/0x140 [ 788.903164] ? bust_spinlocks+0xe0/0xe0 [ 788.907136] ? kasprintf+0xab/0xe0 [ 788.910662] ? kvasprintf_const+0x190/0x190 [ 788.915058] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 788.920594] hwsim_new_radio_nl+0x7c0/0xa80 [ 788.924902] ? nla_parse+0x32b/0x4e0 [ 788.928603] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 788.933791] ? __netlink_ns_capable+0x100/0x130 [ 788.938456] genl_family_rcv_msg+0x8a3/0x1140 [ 788.942940] ? genl_unregister_family+0x8b0/0x8b0 [ 788.947770] ? netlink_deliver_tap+0x32d/0xfb0 [ 788.952359] ? lock_downgrade+0x8f0/0x8f0 [ 788.956497] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 788.961525] ? lock_release+0xa30/0xa30 [ 788.965499] ? lock_acquire+0x1e4/0x540 [ 788.969466] ? genl_rcv+0x19/0x40 [ 788.973086] genl_rcv_msg+0xc6/0x168 [ 788.976785] netlink_rcv_skb+0x172/0x440 [ 788.980830] ? genl_family_rcv_msg+0x1140/0x1140 [ 788.985593] ? netlink_ack+0xbe0/0xbe0 [ 788.989471] genl_rcv+0x28/0x40 [ 788.992734] netlink_unicast+0x5a0/0x760 [ 788.996780] ? netlink_attachskb+0x9a0/0x9a0 [ 789.001176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.006704] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 789.011711] netlink_sendmsg+0xa18/0xfc0 [ 789.015764] ? netlink_unicast+0x760/0x760 [ 789.019990] ? move_addr_to_kernel.part.20+0x100/0x100 [ 789.025257] ? security_socket_sendmsg+0x94/0xc0 [ 789.030002] ? netlink_unicast+0x760/0x760 [ 789.034244] sock_sendmsg+0xd5/0x120 [ 789.037945] ___sys_sendmsg+0x7fd/0x930 [ 789.041917] ? copy_msghdr_from_user+0x580/0x580 [ 789.046665] ? lock_acquire+0x1e4/0x540 [ 789.050627] ? __fd_install+0x2b2/0x880 [ 789.054848] ? lock_downgrade+0x8f0/0x8f0 [ 789.059172] ? select_collect+0x610/0x610 [ 789.063305] ? __fget_light+0x2f7/0x440 [ 789.067265] ? fget_raw+0x20/0x20 [ 789.070703] ? __fd_install+0x2db/0x880 [ 789.074664] ? get_unused_fd_flags+0x1a0/0x1a0 [ 789.079234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 789.084754] ? sockfd_lookup_light+0xc5/0x160 [ 789.089235] __sys_sendmsg+0x11d/0x290 [ 789.093110] ? __ia32_sys_shutdown+0x80/0x80 [ 789.097521] ? __x64_sys_futex+0x47f/0x6a0 [ 789.101739] ? fd_install+0x4d/0x60 [ 789.105366] ? ksys_ioctl+0x81/0xd0 [ 789.108982] __x64_sys_sendmsg+0x78/0xb0 [ 789.113028] do_syscall_64+0x1b9/0x820 [ 789.116920] ? finish_task_switch+0x1d3/0x870 [ 789.121402] ? syscall_return_slowpath+0x5e0/0x5e0 [ 789.126319] ? syscall_return_slowpath+0x31d/0x5e0 [ 789.131238] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 789.136242] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 789.141074] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 789.146296] RIP: 0033:0x456959 [ 789.149480] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 789.168457] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:31 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x4788}) 17:30:31 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffff80}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:31 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060800001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:31 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 789.176167] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 789.183428] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 789.190684] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 789.197941] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 789.205201] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:31 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e00000000000000"], 0x14}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:31 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x60}) [ 789.306096] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 789.345767] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 789.352757] CPU: 0 PID: 5504 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 789.361179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.370548] Call Trace: [ 789.373175] dump_stack+0x1c9/0x2b4 [ 789.376901] ? dump_stack_print_info.cold.2+0x52/0x52 [ 789.382137] ? trace_hardirqs_on+0xd/0x10 [ 789.386351] sysfs_warn_dup.cold.3+0x1c/0x2b [ 789.390785] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 789.396172] sysfs_create_link+0x65/0xc0 [ 789.400256] device_add+0x5d0/0x17b0 [ 789.403989] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 789.408512] ? genl_family_rcv_msg+0x8a3/0x1140 [ 789.413206] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 789.418332] ? do_syscall_64+0x1b9/0x820 [ 789.422420] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 789.427934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.433494] wiphy_register+0x1a21/0x2740 [ 789.437667] ? wiphy_unregister+0x12c0/0x12c0 [ 789.442181] ? kasan_unpoison_shadow+0x35/0x50 [ 789.446916] ? kasan_kmalloc+0xc4/0xe0 [ 789.450824] ? __kmalloc+0x315/0x760 17:30:31 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f857140") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:31 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:31 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xe4ffffff}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:31 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060200001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 789.454569] ? __lockdep_init_map+0x105/0x590 [ 789.459084] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.464646] ? ieee80211_cs_list_valid+0x7c/0x440 [ 789.469523] ? ieee80211_register_hw+0xc61/0x3890 [ 789.474390] ieee80211_register_hw+0x146b/0x3890 [ 789.479167] ? init_timer_on_stack_key+0x31/0xe0 [ 789.483991] ? ieee80211_free_ack_frame+0x60/0x60 [ 789.488873] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 789.493930] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 789.500091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 789.505624] ? vsnprintf+0x20d/0x1b60 [ 789.509418] ? pointer+0x990/0x990 [ 789.512959] ? do_raw_spin_unlock+0xa7/0x2f0 [ 789.517373] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 789.522385] ? kvasprintf+0xea/0x140 [ 789.526095] ? bust_spinlocks+0xe0/0xe0 [ 789.530064] ? kasprintf+0xab/0xe0 [ 789.533599] ? kvasprintf_const+0x190/0x190 [ 789.537920] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 789.543462] hwsim_new_radio_nl+0x7c0/0xa80 [ 789.547781] ? nla_parse+0x32b/0x4e0 [ 789.551507] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 789.556697] ? __netlink_ns_capable+0x100/0x130 [ 789.561373] genl_family_rcv_msg+0x8a3/0x1140 [ 789.565873] ? genl_unregister_family+0x8b0/0x8b0 [ 789.570722] ? netlink_deliver_tap+0x32d/0xfb0 [ 789.575299] ? lock_downgrade+0x8f0/0x8f0 [ 789.579435] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 789.584451] ? lock_release+0xa30/0xa30 [ 789.588414] ? lock_acquire+0x1e4/0x540 [ 789.592373] ? genl_rcv+0x19/0x40 [ 789.595815] genl_rcv_msg+0xc6/0x168 [ 789.599512] netlink_rcv_skb+0x172/0x440 [ 789.603571] ? genl_family_rcv_msg+0x1140/0x1140 [ 789.608322] ? netlink_ack+0xbe0/0xbe0 [ 789.612198] genl_rcv+0x28/0x40 [ 789.615464] netlink_unicast+0x5a0/0x760 [ 789.619514] ? netlink_attachskb+0x9a0/0x9a0 [ 789.623909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.629431] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 789.634437] netlink_sendmsg+0xa18/0xfc0 [ 789.638485] ? netlink_unicast+0x760/0x760 [ 789.642722] ? move_addr_to_kernel.part.20+0x100/0x100 [ 789.647989] ? security_socket_sendmsg+0x94/0xc0 [ 789.652732] ? netlink_unicast+0x760/0x760 [ 789.656953] sock_sendmsg+0xd5/0x120 [ 789.660651] ___sys_sendmsg+0x7fd/0x930 [ 789.664624] ? copy_msghdr_from_user+0x580/0x580 [ 789.669377] ? lock_acquire+0x1e4/0x540 [ 789.673337] ? __fd_install+0x2b2/0x880 [ 789.677299] ? lock_downgrade+0x8f0/0x8f0 [ 789.681429] ? select_collect+0x610/0x610 [ 789.685563] ? __fget_light+0x2f7/0x440 [ 789.689521] ? fget_raw+0x20/0x20 [ 789.692960] ? __fd_install+0x2db/0x880 [ 789.696921] ? get_unused_fd_flags+0x1a0/0x1a0 [ 789.701501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 789.707024] ? sockfd_lookup_light+0xc5/0x160 [ 789.711516] __sys_sendmsg+0x11d/0x290 [ 789.715388] ? __ia32_sys_shutdown+0x80/0x80 [ 789.719781] ? __x64_sys_futex+0x47f/0x6a0 [ 789.723999] ? fd_install+0x4d/0x60 [ 789.727613] ? ksys_ioctl+0x81/0xd0 [ 789.731224] __x64_sys_sendmsg+0x78/0xb0 [ 789.735273] do_syscall_64+0x1b9/0x820 [ 789.739160] ? finish_task_switch+0x1d3/0x870 [ 789.743644] ? syscall_return_slowpath+0x5e0/0x5e0 [ 789.748561] ? syscall_return_slowpath+0x31d/0x5e0 [ 789.753476] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 789.758479] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 789.763309] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 789.768484] RIP: 0033:0x456959 [ 789.771665] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 789.790643] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 789.798335] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 17:30:31 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 789.805588] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 789.812841] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 789.820092] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 789.827346] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 789.838572] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 789.870493] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 789.877599] CPU: 0 PID: 5540 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 789.886012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.895378] Call Trace: [ 789.898001] dump_stack+0x1c9/0x2b4 [ 789.901650] ? dump_stack_print_info.cold.2+0x52/0x52 [ 789.906853] ? trace_hardirqs_on+0xd/0x10 [ 789.911026] sysfs_warn_dup.cold.3+0x1c/0x2b [ 789.915434] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 789.920802] sysfs_create_link+0x65/0xc0 [ 789.924853] device_add+0x5d0/0x17b0 [ 789.928559] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 789.933062] ? genl_family_rcv_msg+0x8a3/0x1140 [ 789.937724] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 789.942813] ? do_syscall_64+0x1b9/0x820 [ 789.946867] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 789.952060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.957589] wiphy_register+0x1a21/0x2740 [ 789.961732] ? wiphy_unregister+0x12c0/0x12c0 [ 789.966225] ? kasan_unpoison_shadow+0x35/0x50 [ 789.970792] ? kasan_kmalloc+0xc4/0xe0 [ 789.974670] ? __kmalloc+0x315/0x760 [ 789.978374] ? __lockdep_init_map+0x105/0x590 [ 789.982889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.988414] ? ieee80211_cs_list_valid+0x7c/0x440 [ 789.993241] ? ieee80211_register_hw+0xc61/0x3890 [ 789.998073] ieee80211_register_hw+0x146b/0x3890 [ 790.002819] ? init_timer_on_stack_key+0x31/0xe0 [ 790.007562] ? ieee80211_free_ack_frame+0x60/0x60 [ 790.012399] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 790.017427] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 790.023563] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 790.029088] ? vsnprintf+0x20d/0x1b60 [ 790.032876] ? pointer+0x990/0x990 [ 790.036405] ? do_raw_spin_unlock+0xa7/0x2f0 [ 790.040799] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 790.045801] ? kvasprintf+0xea/0x140 [ 790.049500] ? bust_spinlocks+0xe0/0xe0 [ 790.053464] ? kasprintf+0xab/0xe0 [ 790.056991] ? kvasprintf_const+0x190/0x190 [ 790.061299] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 790.066825] hwsim_new_radio_nl+0x7c0/0xa80 [ 790.071138] ? nla_parse+0x32b/0x4e0 [ 790.074839] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 790.080021] ? __netlink_ns_capable+0x100/0x130 [ 790.084675] genl_family_rcv_msg+0x8a3/0x1140 [ 790.089177] ? genl_unregister_family+0x8b0/0x8b0 [ 790.094002] ? netlink_deliver_tap+0x32d/0xfb0 [ 790.098574] ? lock_downgrade+0x8f0/0x8f0 [ 790.102726] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 790.107731] ? lock_release+0xa30/0xa30 [ 790.111694] ? lock_acquire+0x1e4/0x540 [ 790.115671] ? genl_rcv+0x19/0x40 [ 790.119115] genl_rcv_msg+0xc6/0x168 [ 790.122813] netlink_rcv_skb+0x172/0x440 [ 790.126869] ? genl_family_rcv_msg+0x1140/0x1140 [ 790.131612] ? netlink_ack+0xbe0/0xbe0 [ 790.135488] genl_rcv+0x28/0x40 [ 790.138757] netlink_unicast+0x5a0/0x760 [ 790.142805] ? netlink_attachskb+0x9a0/0x9a0 [ 790.147202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.152738] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 790.157742] netlink_sendmsg+0xa18/0xfc0 [ 790.161788] ? netlink_unicast+0x760/0x760 [ 790.166009] ? move_addr_to_kernel.part.20+0x100/0x100 [ 790.171272] ? security_socket_sendmsg+0x94/0xc0 [ 790.176024] ? netlink_unicast+0x760/0x760 [ 790.180244] sock_sendmsg+0xd5/0x120 [ 790.183940] ___sys_sendmsg+0x7fd/0x930 [ 790.187916] ? copy_msghdr_from_user+0x580/0x580 [ 790.192658] ? __sched_text_start+0x8/0x8 [ 790.196795] ? __fget_light+0x2f7/0x440 [ 790.200866] ? fget_raw+0x20/0x20 [ 790.204305] ? __fd_install+0x2db/0x880 [ 790.208399] ? get_unused_fd_flags+0x1a0/0x1a0 [ 790.212979] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 790.218500] ? sockfd_lookup_light+0xc5/0x160 [ 790.223333] __sys_sendmsg+0x11d/0x290 [ 790.227491] ? __ia32_sys_shutdown+0x80/0x80 [ 790.231896] ? __x64_sys_futex+0x47f/0x6a0 [ 790.236122] ? fd_install+0x4d/0x60 [ 790.239755] ? syscall_slow_exit_work+0x500/0x500 [ 790.244589] ? ksys_ioctl+0x81/0xd0 [ 790.248203] __x64_sys_sendmsg+0x78/0xb0 [ 790.252252] do_syscall_64+0x1b9/0x820 [ 790.256127] ? finish_task_switch+0x1d3/0x870 [ 790.260612] ? syscall_return_slowpath+0x5e0/0x5e0 [ 790.265529] ? syscall_return_slowpath+0x31d/0x5e0 [ 790.270454] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 790.275464] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 790.280305] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 790.285483] RIP: 0033:0x456959 [ 790.288676] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 790.307573] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 790.315271] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 17:30:32 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={0xffffffffffffffff, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:32 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x90ffffff}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:32 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8847000000000000}) 17:30:32 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060005001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 790.322524] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 790.329776] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 790.337039] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 790.344294] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:32 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e00000000000000"], 0x14}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 790.415964] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 790.467884] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 790.474832] CPU: 1 PID: 5554 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 790.483250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 790.492617] Call Trace: [ 790.495251] dump_stack+0x1c9/0x2b4 [ 790.498874] ? dump_stack_print_info.cold.2+0x52/0x52 [ 790.504054] ? trace_hardirqs_on+0xd/0x10 [ 790.508205] sysfs_warn_dup.cold.3+0x1c/0x2b [ 790.512603] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 790.517955] sysfs_create_link+0x65/0xc0 [ 790.522003] device_add+0x5d0/0x17b0 [ 790.525705] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 790.530205] ? genl_family_rcv_msg+0x8a3/0x1140 [ 790.534862] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 790.539951] ? do_syscall_64+0x1b9/0x820 [ 790.544000] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 790.549180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.554711] wiphy_register+0x1a21/0x2740 [ 790.558852] ? wiphy_unregister+0x12c0/0x12c0 [ 790.563344] ? kasan_unpoison_shadow+0x35/0x50 [ 790.567913] ? kasan_kmalloc+0xc4/0xe0 [ 790.571798] ? __kmalloc+0x315/0x760 [ 790.575501] ? __lockdep_init_map+0x105/0x590 [ 790.579987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.585524] ? ieee80211_cs_list_valid+0x7c/0x440 [ 790.590444] ? ieee80211_register_hw+0xc61/0x3890 [ 790.595273] ieee80211_register_hw+0x146b/0x3890 [ 790.600020] ? init_timer_on_stack_key+0x31/0xe0 [ 790.604762] ? ieee80211_free_ack_frame+0x60/0x60 [ 790.609737] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 790.614797] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 790.620932] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 790.626467] ? vsnprintf+0x20d/0x1b60 [ 790.630266] ? pointer+0x990/0x990 [ 790.633793] ? check_same_owner+0x340/0x340 [ 790.638106] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 790.643111] ? kvasprintf+0xea/0x140 [ 790.646810] ? bust_spinlocks+0xe0/0xe0 [ 790.650773] ? kasprintf+0xab/0xe0 [ 790.654394] ? kvasprintf_const+0x190/0x190 [ 790.658717] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 790.664246] hwsim_new_radio_nl+0x7c0/0xa80 [ 790.668563] ? nla_parse+0x32b/0x4e0 [ 790.672348] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 790.677535] ? __netlink_ns_capable+0x100/0x130 [ 790.682199] genl_family_rcv_msg+0x8a3/0x1140 [ 790.686682] ? genl_unregister_family+0x8b0/0x8b0 [ 790.691513] ? netlink_deliver_tap+0x32d/0xfb0 [ 790.696093] ? lock_downgrade+0x8f0/0x8f0 [ 790.700234] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 790.705235] ? lock_release+0xa30/0xa30 [ 790.709206] ? __netlink_lookup+0x5e1/0xab0 [ 790.713513] ? lock_acquire+0x1e4/0x540 [ 790.717470] ? genl_rcv+0x19/0x40 [ 790.720912] genl_rcv_msg+0xc6/0x168 [ 790.724623] netlink_rcv_skb+0x172/0x440 [ 790.728681] ? genl_family_rcv_msg+0x1140/0x1140 [ 790.733424] ? netlink_ack+0xbe0/0xbe0 [ 790.737311] genl_rcv+0x28/0x40 [ 790.740575] netlink_unicast+0x5a0/0x760 [ 790.744632] ? netlink_attachskb+0x9a0/0x9a0 [ 790.749027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.754574] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 790.759578] netlink_sendmsg+0xa18/0xfc0 [ 790.763625] ? netlink_unicast+0x760/0x760 [ 790.767847] ? move_addr_to_kernel.part.20+0x100/0x100 [ 790.773113] ? security_socket_sendmsg+0x94/0xc0 [ 790.777866] ? netlink_unicast+0x760/0x760 [ 790.782088] sock_sendmsg+0xd5/0x120 [ 790.785793] ___sys_sendmsg+0x7fd/0x930 [ 790.789754] ? copy_msghdr_from_user+0x580/0x580 [ 790.794499] ? lock_acquire+0x1e4/0x540 [ 790.798488] ? __fd_install+0x2b2/0x880 [ 790.802447] ? lock_downgrade+0x8f0/0x8f0 [ 790.806582] ? select_collect+0x610/0x610 [ 790.810729] ? __fget_light+0x2f7/0x440 [ 790.814710] ? fget_raw+0x20/0x20 [ 790.818154] ? __fd_install+0x2db/0x880 [ 790.822125] ? get_unused_fd_flags+0x1a0/0x1a0 [ 790.826697] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 790.832222] ? sockfd_lookup_light+0xc5/0x160 [ 790.836718] __sys_sendmsg+0x11d/0x290 [ 790.840593] ? __ia32_sys_shutdown+0x80/0x80 [ 790.844991] ? __x64_sys_futex+0x47f/0x6a0 [ 790.849210] ? fd_install+0x4d/0x60 [ 790.852824] ? ksys_ioctl+0x81/0xd0 [ 790.856442] __x64_sys_sendmsg+0x78/0xb0 [ 790.860499] do_syscall_64+0x1b9/0x820 [ 790.864396] ? syscall_return_slowpath+0x5e0/0x5e0 [ 790.869310] ? syscall_return_slowpath+0x31d/0x5e0 [ 790.874226] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 790.879229] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 790.884071] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 790.889461] RIP: 0033:0x456959 [ 790.892642] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 790.911536] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:32 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={0xffffffffffffffff, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 790.919230] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 790.926753] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 790.934005] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 790.941259] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 790.948702] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:32 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8848000000000000}) [ 790.967522] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 790.997286] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 791.004225] CPU: 1 PID: 5574 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 17:30:32 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={0xffffffffffffffff, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:32 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006c0fe001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 791.012635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.022005] Call Trace: [ 791.024648] dump_stack+0x1c9/0x2b4 [ 791.028308] ? dump_stack_print_info.cold.2+0x52/0x52 [ 791.033516] ? trace_hardirqs_on+0xd/0x10 [ 791.037690] sysfs_warn_dup.cold.3+0x1c/0x2b [ 791.042131] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 791.047519] sysfs_create_link+0x65/0xc0 [ 791.051592] device_add+0x5d0/0x17b0 [ 791.055331] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 791.059848] ? genl_family_rcv_msg+0x8a3/0x1140 [ 791.064538] ? get_device_parent.isra.27+0x5a0/0x5a0 17:30:32 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:32 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e00000000000000"], 0x14}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:32 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x6300}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:32 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 791.069674] ? do_syscall_64+0x1b9/0x820 [ 791.073752] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 791.078963] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.084516] wiphy_register+0x1a21/0x2740 [ 791.088683] ? wiphy_unregister+0x12c0/0x12c0 [ 791.093189] ? kasan_unpoison_shadow+0x35/0x50 [ 791.097785] ? kasan_kmalloc+0xc4/0xe0 [ 791.101718] ? __kmalloc+0x315/0x760 [ 791.105447] ? __lockdep_init_map+0x105/0x590 [ 791.109959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.115516] ? ieee80211_cs_list_valid+0x7c/0x440 [ 791.120386] ? ieee80211_register_hw+0xc61/0x3890 [ 791.125277] ieee80211_register_hw+0x146b/0x3890 [ 791.130069] ? init_timer_on_stack_key+0x31/0xe0 [ 791.134936] ? ieee80211_free_ack_frame+0x60/0x60 [ 791.139807] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 791.144853] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 791.151023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 791.156575] ? vsnprintf+0x20d/0x1b60 [ 791.160405] ? pointer+0x990/0x990 [ 791.163968] ? do_raw_spin_unlock+0xa7/0x2f0 [ 791.168369] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 791.173387] ? kvasprintf+0xea/0x140 [ 791.177086] ? bust_spinlocks+0xe0/0xe0 [ 791.181058] ? kasprintf+0xab/0xe0 [ 791.184609] ? kvasprintf_const+0x190/0x190 [ 791.188939] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 791.194477] hwsim_new_radio_nl+0x7c0/0xa80 [ 791.198796] ? nla_parse+0x32b/0x4e0 [ 791.202509] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 791.207708] ? __netlink_ns_capable+0x100/0x130 [ 791.212387] genl_family_rcv_msg+0x8a3/0x1140 [ 791.216884] ? genl_unregister_family+0x8b0/0x8b0 [ 791.221723] ? netlink_deliver_tap+0x32d/0xfb0 [ 791.226307] ? lock_downgrade+0x8f0/0x8f0 [ 791.230454] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 791.235481] ? lock_release+0xa30/0xa30 [ 791.239447] ? lock_acquire+0x1e4/0x540 [ 791.243430] ? genl_rcv+0x19/0x40 [ 791.246884] genl_rcv_msg+0xc6/0x168 [ 791.250588] netlink_rcv_skb+0x172/0x440 [ 791.254637] ? genl_family_rcv_msg+0x1140/0x1140 [ 791.259380] ? netlink_ack+0xbe0/0xbe0 [ 791.263268] genl_rcv+0x28/0x40 [ 791.266536] netlink_unicast+0x5a0/0x760 [ 791.270587] ? netlink_attachskb+0x9a0/0x9a0 [ 791.275012] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.280559] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 791.285576] netlink_sendmsg+0xa18/0xfc0 [ 791.289648] ? netlink_unicast+0x760/0x760 [ 791.293889] ? move_addr_to_kernel.part.20+0x100/0x100 [ 791.299170] ? security_socket_sendmsg+0x94/0xc0 [ 791.303921] ? netlink_unicast+0x760/0x760 [ 791.308150] sock_sendmsg+0xd5/0x120 [ 791.311870] ___sys_sendmsg+0x7fd/0x930 [ 791.315831] ? copy_msghdr_from_user+0x580/0x580 [ 791.320584] ? __sched_text_start+0x8/0x8 [ 791.324721] ? __fget_light+0x2f7/0x440 [ 791.328690] ? fget_raw+0x20/0x20 [ 791.332135] ? __fd_install+0x2db/0x880 [ 791.336099] ? get_unused_fd_flags+0x1a0/0x1a0 [ 791.340681] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 791.346217] ? sockfd_lookup_light+0xc5/0x160 [ 791.350716] __sys_sendmsg+0x11d/0x290 [ 791.354613] ? __ia32_sys_shutdown+0x80/0x80 [ 791.359028] ? __x64_sys_futex+0x47f/0x6a0 [ 791.363268] ? fd_install+0x4d/0x60 [ 791.366888] ? syscall_slow_exit_work+0x500/0x500 [ 791.371730] ? ksys_ioctl+0x81/0xd0 [ 791.375347] __x64_sys_sendmsg+0x78/0xb0 [ 791.379405] do_syscall_64+0x1b9/0x820 [ 791.383286] ? finish_task_switch+0x1d3/0x870 [ 791.387793] ? syscall_return_slowpath+0x5e0/0x5e0 [ 791.392739] ? syscall_return_slowpath+0x31d/0x5e0 [ 791.397675] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 791.402687] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 791.407533] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 791.412714] RIP: 0033:0x456959 [ 791.415908] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 791.434800] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 791.442520] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 791.449789] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 791.457046] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 17:30:33 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xb9, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 791.465280] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 791.472567] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 791.488827] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:33 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x21000000}) [ 791.553980] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 791.561047] CPU: 0 PID: 5593 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 791.569456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.578931] Call Trace: [ 791.581539] dump_stack+0x1c9/0x2b4 [ 791.585209] ? dump_stack_print_info.cold.2+0x52/0x52 [ 791.590417] ? trace_hardirqs_on+0xd/0x10 [ 791.594584] sysfs_warn_dup.cold.3+0x1c/0x2b [ 791.599011] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:33 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r0, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:33 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e00000000000000"], 0x14}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000007e00), 0x136a88c83115ab7, 0x8005) 17:30:33 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00061000001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:33 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x7}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 791.604388] sysfs_create_link+0x65/0xc0 [ 791.608463] device_add+0x5d0/0x17b0 [ 791.612193] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 791.616706] ? genl_family_rcv_msg+0x8a3/0x1140 [ 791.621401] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 791.626538] ? do_syscall_64+0x1b9/0x820 [ 791.630628] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 791.635885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.641442] wiphy_register+0x1a21/0x2740 [ 791.645621] ? wiphy_unregister+0x12c0/0x12c0 [ 791.650140] ? kasan_unpoison_shadow+0x35/0x50 17:30:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xa, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:33 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r0, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 791.654752] ? kasan_kmalloc+0xc4/0xe0 [ 791.658653] ? __kmalloc+0x315/0x760 [ 791.662375] ? __lockdep_init_map+0x105/0x590 [ 791.666882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.672430] ? ieee80211_cs_list_valid+0x7c/0x440 [ 791.677286] ? ieee80211_register_hw+0xc61/0x3890 [ 791.682148] ieee80211_register_hw+0x146b/0x3890 [ 791.687186] ? init_timer_on_stack_key+0x31/0xe0 [ 791.692051] ? ieee80211_free_ack_frame+0x60/0x60 [ 791.696932] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:33 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r0, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x5f, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 791.701993] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 791.708165] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 791.713727] ? vsnprintf+0x20d/0x1b60 [ 791.717540] ? pointer+0x990/0x990 [ 791.721095] ? check_same_owner+0x340/0x340 [ 791.725433] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 791.730461] ? kvasprintf+0xea/0x140 [ 791.734182] ? bust_spinlocks+0xe0/0xe0 [ 791.738168] ? kasprintf+0xab/0xe0 [ 791.741722] ? kvasprintf_const+0x190/0x190 [ 791.746056] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 17:30:33 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r0, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x2f, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 791.751614] hwsim_new_radio_nl+0x7c0/0xa80 [ 791.755978] ? nla_parse+0x32b/0x4e0 [ 791.759736] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 791.764963] ? __netlink_ns_capable+0x100/0x130 [ 791.770168] genl_family_rcv_msg+0x8a3/0x1140 [ 791.774729] ? genl_unregister_family+0x8b0/0x8b0 [ 791.779581] ? netlink_deliver_tap+0x32d/0xfb0 [ 791.784178] ? lock_downgrade+0x8f0/0x8f0 [ 791.788365] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 791.793409] ? lock_release+0xa30/0xa30 [ 791.797388] ? __netlink_lookup+0x5e1/0xab0 17:30:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xc0, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 791.801743] ? lock_acquire+0x1e4/0x540 [ 791.805810] ? genl_rcv+0x19/0x40 [ 791.809278] genl_rcv_msg+0xc6/0x168 [ 791.813006] netlink_rcv_skb+0x172/0x440 [ 791.817076] ? genl_family_rcv_msg+0x1140/0x1140 [ 791.821839] ? netlink_ack+0xbe0/0xbe0 [ 791.825739] genl_rcv+0x28/0x40 [ 791.829025] netlink_unicast+0x5a0/0x760 [ 791.833086] ? netlink_attachskb+0x9a0/0x9a0 [ 791.837503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.843049] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 791.848079] netlink_sendmsg+0xa18/0xfc0 17:30:33 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r0, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 791.852157] ? netlink_unicast+0x760/0x760 [ 791.856402] ? move_addr_to_kernel.part.20+0x100/0x100 [ 791.861686] ? security_socket_sendmsg+0x94/0xc0 [ 791.866465] ? netlink_unicast+0x760/0x760 [ 791.870722] sock_sendmsg+0xd5/0x120 [ 791.874444] ___sys_sendmsg+0x7fd/0x930 [ 791.878426] ? copy_msghdr_from_user+0x580/0x580 [ 791.883193] ? lock_acquire+0x1e4/0x540 [ 791.887173] ? __fd_install+0x2b2/0x880 [ 791.891157] ? lock_downgrade+0x8f0/0x8f0 [ 791.895310] ? select_collect+0x610/0x610 [ 791.899461] ? __fget_light+0x2f7/0x440 [ 791.903443] ? fget_raw+0x20/0x20 [ 791.906938] ? __fd_install+0x2db/0x880 [ 791.910930] ? get_unused_fd_flags+0x1a0/0x1a0 [ 791.915548] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 791.921089] ? sockfd_lookup_light+0xc5/0x160 [ 791.925591] __sys_sendmsg+0x11d/0x290 [ 791.929490] ? __ia32_sys_shutdown+0x80/0x80 [ 791.933909] ? __x64_sys_futex+0x47f/0x6a0 [ 791.938154] ? fd_install+0x4d/0x60 [ 791.941786] ? ksys_ioctl+0x81/0xd0 [ 791.945427] __x64_sys_sendmsg+0x78/0xb0 [ 791.949475] do_syscall_64+0x1b9/0x820 [ 791.953363] ? finish_task_switch+0x1d3/0x870 [ 791.957843] ? syscall_return_slowpath+0x5e0/0x5e0 [ 791.962760] ? syscall_return_slowpath+0x31d/0x5e0 [ 791.967677] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 791.972694] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 791.977526] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 791.982710] RIP: 0033:0x456959 [ 791.985904] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 792.004801] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 792.012496] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 792.019751] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 792.027004] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 792.034265] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 792.041519] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:33 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x5e, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:33 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r0, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:33 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x81000000}) 17:30:33 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:33 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xff00000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:33 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") sendmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000290000003e00000000000000"], 0x14}}], 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c83115ab7, 0x0) 17:30:33 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060300001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x60, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:34 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 792.168437] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:34 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000680fe001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:34 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x73000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 792.233786] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 792.240893] CPU: 0 PID: 5666 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 792.249317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.258690] Call Trace: [ 792.261650] dump_stack+0x1c9/0x2b4 [ 792.265309] ? dump_stack_print_info.cold.2+0x52/0x52 [ 792.270520] ? trace_hardirqs_on+0xd/0x10 [ 792.274711] sysfs_warn_dup.cold.3+0x1c/0x2b 17:30:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xbf, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:34 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:34 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x806}) [ 792.279148] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 792.284537] sysfs_create_link+0x65/0xc0 [ 792.288617] device_add+0x5d0/0x17b0 [ 792.292345] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 792.296854] ? genl_family_rcv_msg+0x8a3/0x1140 [ 792.301543] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 792.306670] ? do_syscall_64+0x1b9/0x820 [ 792.310752] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 792.315959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.321515] wiphy_register+0x1a21/0x2740 [ 792.325699] ? wiphy_unregister+0x12c0/0x12c0 17:30:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xd9, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 792.330207] ? kasan_unpoison_shadow+0x35/0x50 [ 792.334801] ? kasan_kmalloc+0xc4/0xe0 [ 792.338708] ? __kmalloc+0x315/0x760 [ 792.342437] ? __lockdep_init_map+0x105/0x590 [ 792.346952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.352503] ? ieee80211_cs_list_valid+0x7c/0x440 [ 792.357376] ? ieee80211_register_hw+0xc61/0x3890 [ 792.362235] ieee80211_register_hw+0x146b/0x3890 [ 792.367009] ? init_timer_on_stack_key+0x31/0xe0 [ 792.371785] ? ieee80211_free_ack_frame+0x60/0x60 [ 792.376661] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 792.381709] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 792.387883] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 792.393438] ? vsnprintf+0x20d/0x1b60 [ 792.397258] ? pointer+0x990/0x990 [ 792.400816] ? check_same_owner+0x340/0x340 [ 792.405158] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 792.410185] ? kvasprintf+0xea/0x140 [ 792.413913] ? bust_spinlocks+0xe0/0xe0 [ 792.417901] ? kasprintf+0xab/0xe0 [ 792.421451] ? kvasprintf_const+0x190/0x190 [ 792.425787] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 792.431344] hwsim_new_radio_nl+0x7c0/0xa80 [ 792.435706] ? nla_parse+0x32b/0x4e0 [ 792.439452] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 792.444662] ? __netlink_ns_capable+0x100/0x130 [ 792.449348] genl_family_rcv_msg+0x8a3/0x1140 [ 792.453865] ? genl_unregister_family+0x8b0/0x8b0 [ 792.458714] ? netlink_deliver_tap+0x32d/0xfb0 [ 792.463392] ? lock_downgrade+0x8f0/0x8f0 [ 792.467552] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 792.472571] ? lock_release+0xa30/0xa30 [ 792.476548] ? __netlink_lookup+0x5e1/0xab0 [ 792.480858] ? lock_acquire+0x1e4/0x540 [ 792.484820] ? genl_rcv+0x19/0x40 [ 792.488263] genl_rcv_msg+0xc6/0x168 [ 792.491975] netlink_rcv_skb+0x172/0x440 [ 792.496027] ? genl_family_rcv_msg+0x1140/0x1140 [ 792.500784] ? netlink_ack+0xbe0/0xbe0 [ 792.504666] genl_rcv+0x28/0x40 [ 792.507931] netlink_unicast+0x5a0/0x760 [ 792.511978] ? netlink_attachskb+0x9a0/0x9a0 [ 792.516375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.521920] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 792.526932] netlink_sendmsg+0xa18/0xfc0 [ 792.530987] ? netlink_unicast+0x760/0x760 [ 792.535211] ? move_addr_to_kernel.part.20+0x100/0x100 [ 792.540486] ? security_socket_sendmsg+0x94/0xc0 [ 792.545229] ? netlink_unicast+0x760/0x760 [ 792.549448] sock_sendmsg+0xd5/0x120 [ 792.553149] ___sys_sendmsg+0x7fd/0x930 [ 792.557112] ? copy_msghdr_from_user+0x580/0x580 [ 792.561859] ? lock_acquire+0x1e4/0x540 [ 792.565833] ? __fd_install+0x2b2/0x880 [ 792.569804] ? lock_downgrade+0x8f0/0x8f0 [ 792.573997] ? select_collect+0x610/0x610 [ 792.578141] ? __fget_light+0x2f7/0x440 [ 792.582102] ? fget_raw+0x20/0x20 [ 792.585549] ? __fd_install+0x2db/0x880 [ 792.589520] ? get_unused_fd_flags+0x1a0/0x1a0 [ 792.594114] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 792.599663] ? sockfd_lookup_light+0xc5/0x160 [ 792.604158] __sys_sendmsg+0x11d/0x290 [ 792.608038] ? __ia32_sys_shutdown+0x80/0x80 [ 792.612438] ? __x64_sys_futex+0x47f/0x6a0 [ 792.616664] ? fd_install+0x4d/0x60 [ 792.620289] ? ksys_ioctl+0x81/0xd0 [ 792.623908] __x64_sys_sendmsg+0x78/0xb0 [ 792.628684] do_syscall_64+0x1b9/0x820 [ 792.632568] ? finish_task_switch+0x1d3/0x870 [ 792.637055] ? syscall_return_slowpath+0x5e0/0x5e0 [ 792.641984] ? syscall_return_slowpath+0x31d/0x5e0 [ 792.646913] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 792.651930] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 792.656772] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 792.661948] RIP: 0033:0x456959 [ 792.665147] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 792.684047] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 792.691755] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 792.699025] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 792.706281] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 792.713547] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 792.720834] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:34 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x3b, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:34 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:34 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:34 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x9cffffff}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:34 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:34 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xffffca88}) 17:30:34 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060600001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:34 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x6000000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:34 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xaa1414ac}) 17:30:34 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x3d, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 792.847571] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:34 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 792.936550] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 792.943518] CPU: 0 PID: 5722 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 792.951961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.961324] Call Trace: [ 792.963939] dump_stack+0x1c9/0x2b4 [ 792.967597] ? dump_stack_print_info.cold.2+0x52/0x52 [ 792.972815] ? trace_hardirqs_on+0xd/0x10 [ 792.976996] sysfs_warn_dup.cold.3+0x1c/0x2b [ 792.981437] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:34 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060003001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:34 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 792.986815] sysfs_create_link+0x65/0xc0 [ 792.990905] device_add+0x5d0/0x17b0 [ 792.994641] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 792.999151] ? genl_family_rcv_msg+0x8a3/0x1140 [ 793.003843] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 793.008968] ? do_syscall_64+0x1b9/0x820 [ 793.013053] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 793.018263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.023827] wiphy_register+0x1a21/0x2740 [ 793.028010] ? wiphy_unregister+0x12c0/0x12c0 [ 793.032524] ? kasan_unpoison_shadow+0x35/0x50 17:30:34 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 793.037129] ? kasan_kmalloc+0xc4/0xe0 [ 793.041055] ? __kmalloc+0x315/0x760 [ 793.044798] ? __lockdep_init_map+0x105/0x590 [ 793.049313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.054868] ? ieee80211_cs_list_valid+0x7c/0x440 [ 793.059750] ? ieee80211_register_hw+0xc61/0x3890 [ 793.064703] ieee80211_register_hw+0x146b/0x3890 [ 793.069483] ? init_timer_on_stack_key+0x31/0xe0 [ 793.074261] ? ieee80211_free_ack_frame+0x60/0x60 [ 793.079131] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 793.084179] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 793.090346] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 793.095907] ? vsnprintf+0x20d/0x1b60 [ 793.099739] ? pointer+0x990/0x990 [ 793.103293] ? check_same_owner+0x340/0x340 [ 793.107639] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 793.112668] ? kvasprintf+0xea/0x140 [ 793.116386] ? bust_spinlocks+0xe0/0xe0 [ 793.120366] ? kasprintf+0xab/0xe0 [ 793.123921] ? kvasprintf_const+0x190/0x190 [ 793.128257] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 793.133803] hwsim_new_radio_nl+0x7c0/0xa80 [ 793.138129] ? nla_parse+0x32b/0x4e0 [ 793.141935] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 793.147140] ? __netlink_ns_capable+0x100/0x130 [ 793.151826] genl_family_rcv_msg+0x8a3/0x1140 [ 793.156343] ? genl_unregister_family+0x8b0/0x8b0 [ 793.161187] ? netlink_deliver_tap+0x32d/0xfb0 [ 793.165774] ? lock_downgrade+0x8f0/0x8f0 [ 793.169913] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 793.174919] ? lock_release+0xa30/0xa30 [ 793.178894] ? __netlink_lookup+0x5e1/0xab0 [ 793.183208] ? lock_acquire+0x1e4/0x540 [ 793.187172] ? genl_rcv+0x19/0x40 [ 793.190617] genl_rcv_msg+0xc6/0x168 [ 793.194320] netlink_rcv_skb+0x172/0x440 [ 793.198378] ? genl_family_rcv_msg+0x1140/0x1140 [ 793.203134] ? netlink_ack+0xbe0/0xbe0 [ 793.207015] genl_rcv+0x28/0x40 [ 793.210282] netlink_unicast+0x5a0/0x760 [ 793.214331] ? netlink_attachskb+0x9a0/0x9a0 [ 793.218735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.224454] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 793.229475] netlink_sendmsg+0xa18/0xfc0 [ 793.233537] ? netlink_unicast+0x760/0x760 [ 793.237765] ? move_addr_to_kernel.part.20+0x100/0x100 [ 793.243044] ? security_socket_sendmsg+0x94/0xc0 [ 793.247787] ? netlink_unicast+0x760/0x760 [ 793.252022] sock_sendmsg+0xd5/0x120 [ 793.255737] ___sys_sendmsg+0x7fd/0x930 [ 793.259720] ? copy_msghdr_from_user+0x580/0x580 [ 793.264495] ? lock_acquire+0x1e4/0x540 [ 793.268457] ? __fd_install+0x2b2/0x880 [ 793.272419] ? lock_downgrade+0x8f0/0x8f0 [ 793.276558] ? select_collect+0x610/0x610 [ 793.280713] ? __fget_light+0x2f7/0x440 [ 793.284684] ? fget_raw+0x20/0x20 [ 793.288138] ? __fd_install+0x2db/0x880 [ 793.292101] ? get_unused_fd_flags+0x1a0/0x1a0 [ 793.296673] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 793.302199] ? sockfd_lookup_light+0xc5/0x160 [ 793.306683] __sys_sendmsg+0x11d/0x290 [ 793.310585] ? __ia32_sys_shutdown+0x80/0x80 [ 793.314994] ? __x64_sys_futex+0x47f/0x6a0 [ 793.319215] ? fd_install+0x4d/0x60 [ 793.322837] ? ksys_ioctl+0x81/0xd0 [ 793.326462] __x64_sys_sendmsg+0x78/0xb0 [ 793.330530] do_syscall_64+0x1b9/0x820 [ 793.334609] ? finish_task_switch+0x1d3/0x870 [ 793.339181] ? syscall_return_slowpath+0x5e0/0x5e0 [ 793.344101] ? syscall_return_slowpath+0x31d/0x5e0 [ 793.349118] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 793.354137] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 793.358982] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 793.364159] RIP: 0033:0x456959 [ 793.367339] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 793.386244] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 793.393946] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 793.401227] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 793.408502] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 793.415766] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 793.423039] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:35 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xa0ffffff00000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xa4, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:35 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:35 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:35 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000000300050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:35 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:35 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:35 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x4305000000000000}) 17:30:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x31, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 793.541864] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 793.589262] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 793.596225] CPU: 1 PID: 5772 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 793.604640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 793.614014] Call Trace: [ 793.616655] dump_stack+0x1c9/0x2b4 [ 793.620314] ? dump_stack_print_info.cold.2+0x52/0x52 [ 793.625528] ? trace_hardirqs_on+0xd/0x10 [ 793.629707] sysfs_warn_dup.cold.3+0x1c/0x2b [ 793.634143] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:35 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006fc00001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:35 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:35 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:35 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xd00000000000000}) 17:30:35 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 793.639533] sysfs_create_link+0x65/0xc0 [ 793.643618] device_add+0x5d0/0x17b0 [ 793.647346] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 793.651856] ? genl_family_rcv_msg+0x8a3/0x1140 [ 793.656649] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 793.661770] ? do_syscall_64+0x1b9/0x820 [ 793.665871] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 793.671089] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.676652] wiphy_register+0x1a21/0x2740 [ 793.680832] ? wiphy_unregister+0x12c0/0x12c0 [ 793.685340] ? kasan_unpoison_shadow+0x35/0x50 17:30:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xbe, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:35 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 793.689942] ? kasan_kmalloc+0xc4/0xe0 [ 793.693855] ? __kmalloc+0x315/0x760 [ 793.697586] ? __lockdep_init_map+0x105/0x590 [ 793.702104] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.707656] ? ieee80211_cs_list_valid+0x7c/0x440 [ 793.712518] ? ieee80211_register_hw+0xc61/0x3890 [ 793.717386] ieee80211_register_hw+0x146b/0x3890 [ 793.722171] ? init_timer_on_stack_key+0x31/0xe0 [ 793.726944] ? ieee80211_free_ack_frame+0x60/0x60 [ 793.731809] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 793.736859] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 793.743031] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 793.748597] ? vsnprintf+0x20d/0x1b60 [ 793.752431] ? pointer+0x990/0x990 [ 793.755991] ? check_same_owner+0x340/0x340 [ 793.760323] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 793.765354] ? kvasprintf+0xea/0x140 [ 793.769075] ? bust_spinlocks+0xe0/0xe0 [ 793.773067] ? kasprintf+0xab/0xe0 [ 793.776620] ? kvasprintf_const+0x190/0x190 [ 793.780962] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 17:30:35 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x200000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x2c, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:35 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 793.786520] hwsim_new_radio_nl+0x7c0/0xa80 [ 793.790859] ? nla_parse+0x32b/0x4e0 [ 793.794584] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 793.799792] ? __netlink_ns_capable+0x100/0x130 [ 793.804481] genl_family_rcv_msg+0x8a3/0x1140 [ 793.808993] ? genl_unregister_family+0x8b0/0x8b0 [ 793.813843] ? netlink_deliver_tap+0x32d/0xfb0 [ 793.818438] ? lock_downgrade+0x8f0/0x8f0 [ 793.822598] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 793.827634] ? lock_release+0xa30/0xa30 [ 793.831621] ? __netlink_lookup+0x5e1/0xab0 [ 793.835958] ? lock_acquire+0x1e4/0x540 17:30:35 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 793.839956] ? genl_rcv+0x19/0x40 [ 793.843432] genl_rcv_msg+0xc6/0x168 [ 793.847153] netlink_rcv_skb+0x172/0x440 [ 793.851311] ? genl_family_rcv_msg+0x1140/0x1140 [ 793.856076] ? netlink_ack+0xbe0/0xbe0 [ 793.859970] genl_rcv+0x28/0x40 [ 793.863266] netlink_unicast+0x5a0/0x760 [ 793.867342] ? netlink_attachskb+0x9a0/0x9a0 [ 793.871758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.877320] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 793.882397] netlink_sendmsg+0xa18/0xfc0 [ 793.886490] ? netlink_unicast+0x760/0x760 17:30:35 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 793.890753] ? move_addr_to_kernel.part.20+0x100/0x100 [ 793.896048] ? security_socket_sendmsg+0x94/0xc0 [ 793.900812] ? netlink_unicast+0x760/0x760 [ 793.905185] sock_sendmsg+0xd5/0x120 [ 793.908912] ___sys_sendmsg+0x7fd/0x930 [ 793.912898] ? copy_msghdr_from_user+0x580/0x580 [ 793.917664] ? lock_acquire+0x1e4/0x540 [ 793.921648] ? __fd_install+0x2b2/0x880 [ 793.925636] ? lock_downgrade+0x8f0/0x8f0 [ 793.929799] ? select_collect+0x610/0x610 [ 793.933963] ? __fget_light+0x2f7/0x440 17:30:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xb7, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 793.938043] ? fget_raw+0x20/0x20 [ 793.941509] ? __fd_install+0x2db/0x880 [ 793.945490] ? get_unused_fd_flags+0x1a0/0x1a0 [ 793.950076] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 793.955656] ? sockfd_lookup_light+0xc5/0x160 [ 793.960167] __sys_sendmsg+0x11d/0x290 [ 793.964073] ? __ia32_sys_shutdown+0x80/0x80 [ 793.968526] ? __x64_sys_futex+0x47f/0x6a0 [ 793.972765] ? fd_install+0x4d/0x60 [ 793.976415] ? ksys_ioctl+0x81/0xd0 [ 793.980050] __x64_sys_sendmsg+0x78/0xb0 [ 793.984103] do_syscall_64+0x1b9/0x820 [ 793.987978] ? finish_task_switch+0x1d3/0x870 [ 793.992479] ? syscall_return_slowpath+0x5e0/0x5e0 [ 793.997403] ? syscall_return_slowpath+0x31d/0x5e0 [ 794.002330] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 794.007340] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 794.012185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.017377] RIP: 0033:0x456959 [ 794.020557] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 794.039453] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 794.047155] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 794.054412] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 794.061669] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 794.068939] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 794.076308] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:36 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xa0, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:36 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:36 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006002c001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:36 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xac1414aa00000000}) 17:30:36 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:36 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:36 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x2000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:36 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x38, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 794.223888] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 794.286798] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 794.293866] CPU: 1 PID: 5834 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 794.302323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.311704] Call Trace: [ 794.314308] dump_stack+0x1c9/0x2b4 [ 794.317924] ? dump_stack_print_info.cold.2+0x52/0x52 [ 794.323103] ? trace_hardirqs_on+0xd/0x10 [ 794.327241] sysfs_warn_dup.cold.3+0x1c/0x2b [ 794.331727] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 794.337077] sysfs_create_link+0x65/0xc0 [ 794.341123] device_add+0x5d0/0x17b0 [ 794.344827] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 794.349310] ? genl_family_rcv_msg+0x8a3/0x1140 [ 794.353973] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 794.359069] ? do_syscall_64+0x1b9/0x820 [ 794.363117] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 794.368316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.373846] wiphy_register+0x1a21/0x2740 [ 794.377992] ? wiphy_unregister+0x12c0/0x12c0 [ 794.382474] ? kasan_unpoison_shadow+0x35/0x50 [ 794.387052] ? kasan_kmalloc+0xc4/0xe0 [ 794.390929] ? __kmalloc+0x315/0x760 [ 794.394637] ? __lockdep_init_map+0x105/0x590 [ 794.399122] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.404644] ? ieee80211_cs_list_valid+0x7c/0x440 [ 794.409476] ? ieee80211_register_hw+0xc61/0x3890 [ 794.414310] ieee80211_register_hw+0x146b/0x3890 [ 794.419060] ? init_timer_on_stack_key+0x31/0xe0 [ 794.423802] ? ieee80211_free_ack_frame+0x60/0x60 [ 794.428640] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 794.433651] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 794.439790] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 794.445314] ? vsnprintf+0x20d/0x1b60 [ 794.449130] ? pointer+0x990/0x990 [ 794.452658] ? check_same_owner+0x340/0x340 [ 794.456971] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 794.461988] ? kvasprintf+0xea/0x140 [ 794.465702] ? bust_spinlocks+0xe0/0xe0 [ 794.469669] ? kasprintf+0xab/0xe0 [ 794.473195] ? kvasprintf_const+0x190/0x190 [ 794.477508] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 794.483040] hwsim_new_radio_nl+0x7c0/0xa80 [ 794.487353] ? nla_parse+0x32b/0x4e0 [ 794.491056] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 794.496322] ? __netlink_ns_capable+0x100/0x130 [ 794.500981] genl_family_rcv_msg+0x8a3/0x1140 [ 794.505466] ? genl_unregister_family+0x8b0/0x8b0 [ 794.510294] ? netlink_deliver_tap+0x32d/0xfb0 [ 794.514863] ? lock_downgrade+0x8f0/0x8f0 [ 794.518996] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 794.524001] ? lock_release+0xa30/0xa30 [ 794.527979] ? __netlink_lookup+0x5e1/0xab0 [ 794.532300] ? lock_acquire+0x1e4/0x540 [ 794.536262] ? genl_rcv+0x19/0x40 [ 794.539704] genl_rcv_msg+0xc6/0x168 [ 794.543412] netlink_rcv_skb+0x172/0x440 [ 794.547463] ? genl_family_rcv_msg+0x1140/0x1140 [ 794.552206] ? netlink_ack+0xbe0/0xbe0 [ 794.556083] genl_rcv+0x28/0x40 [ 794.559357] netlink_unicast+0x5a0/0x760 [ 794.563407] ? netlink_attachskb+0x9a0/0x9a0 [ 794.567806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.573328] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 794.578330] netlink_sendmsg+0xa18/0xfc0 [ 794.582385] ? netlink_unicast+0x760/0x760 [ 794.586618] ? move_addr_to_kernel.part.20+0x100/0x100 [ 794.591882] ? security_socket_sendmsg+0x94/0xc0 [ 794.596627] ? netlink_unicast+0x760/0x760 [ 794.600854] sock_sendmsg+0xd5/0x120 [ 794.604563] ___sys_sendmsg+0x7fd/0x930 [ 794.608523] ? copy_msghdr_from_user+0x580/0x580 [ 794.613268] ? __sched_text_start+0x8/0x8 [ 794.617401] ? __fget_light+0x2f7/0x440 [ 794.621357] ? fget_raw+0x20/0x20 [ 794.624818] ? __fd_install+0x2db/0x880 [ 794.628796] ? get_unused_fd_flags+0x1a0/0x1a0 [ 794.633391] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 794.638911] ? sockfd_lookup_light+0xc5/0x160 [ 794.643394] __sys_sendmsg+0x11d/0x290 [ 794.647277] ? __ia32_sys_shutdown+0x80/0x80 [ 794.651684] ? __x64_sys_futex+0x47f/0x6a0 [ 794.655899] ? fd_install+0x4d/0x60 [ 794.659517] ? syscall_slow_exit_work+0x500/0x500 [ 794.664343] ? ksys_ioctl+0x81/0xd0 [ 794.667955] __x64_sys_sendmsg+0x78/0xb0 [ 794.672004] do_syscall_64+0x1b9/0x820 [ 794.675875] ? finish_task_switch+0x1d3/0x870 [ 794.680354] ? syscall_return_slowpath+0x5e0/0x5e0 [ 794.685625] ? syscall_return_slowpath+0x31d/0x5e0 [ 794.690541] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 794.695555] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 794.700402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.705579] RIP: 0033:0x456959 [ 794.708761] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 794.727659] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:36 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060700001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:36 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x21}) 17:30:36 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:36 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xa00}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 794.735363] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 794.742618] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 794.749871] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 794.757125] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 794.764387] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xc1, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:36 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:36 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x2100000000000000}) 17:30:36 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc8070014") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:36 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006b403001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:36 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:36 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:36 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffff9c}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x3e0, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:36 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:36 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8847}) 17:30:36 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x4000000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 794.998433] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x30, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:36 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc8070014") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:36 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060900001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 795.064879] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 795.071838] CPU: 1 PID: 5889 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 795.080251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.089618] Call Trace: [ 795.092220] dump_stack+0x1c9/0x2b4 [ 795.095961] ? dump_stack_print_info.cold.2+0x52/0x52 [ 795.101171] ? trace_hardirqs_on+0xd/0x10 [ 795.105337] sysfs_warn_dup.cold.3+0x1c/0x2b [ 795.109759] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:36 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x0, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:36 executing program 2: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r0, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 795.115137] sysfs_create_link+0x65/0xc0 [ 795.119209] device_add+0x5d0/0x17b0 [ 795.122942] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 795.127451] ? genl_family_rcv_msg+0x8a3/0x1140 [ 795.132150] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 795.137495] ? do_syscall_64+0x1b9/0x820 [ 795.141567] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 795.146770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.152337] wiphy_register+0x1a21/0x2740 [ 795.156506] ? wiphy_unregister+0x12c0/0x12c0 [ 795.161014] ? kasan_unpoison_shadow+0x35/0x50 17:30:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xa3, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 795.165607] ? kasan_kmalloc+0xc4/0xe0 [ 795.169515] ? __kmalloc+0x315/0x760 [ 795.173242] ? __lockdep_init_map+0x105/0x590 [ 795.177753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.183303] ? ieee80211_cs_list_valid+0x7c/0x440 [ 795.188159] ? ieee80211_register_hw+0xc61/0x3890 [ 795.193026] ieee80211_register_hw+0x146b/0x3890 [ 795.197890] ? init_timer_on_stack_key+0x31/0xe0 [ 795.202670] ? ieee80211_free_ack_frame+0x60/0x60 [ 795.207529] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x28, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x9, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 795.212570] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 795.218738] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 795.224291] ? vsnprintf+0x20d/0x1b60 [ 795.228111] ? pointer+0x990/0x990 [ 795.231662] ? check_same_owner+0x340/0x340 [ 795.235999] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 795.241021] ? kvasprintf+0xea/0x140 [ 795.244744] ? bust_spinlocks+0xe0/0xe0 [ 795.248733] ? kasprintf+0xab/0xe0 [ 795.252280] ? kvasprintf_const+0x190/0x190 [ 795.256621] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 17:30:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xec0, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 795.262167] hwsim_new_radio_nl+0x7c0/0xa80 [ 795.266494] ? nla_parse+0x32b/0x4e0 [ 795.270217] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 795.275419] ? __netlink_ns_capable+0x100/0x130 [ 795.280206] genl_family_rcv_msg+0x8a3/0x1140 [ 795.284714] ? genl_unregister_family+0x8b0/0x8b0 [ 795.289559] ? netlink_deliver_tap+0x32d/0xfb0 [ 795.294148] ? lock_downgrade+0x8f0/0x8f0 [ 795.298302] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 795.303378] ? lock_release+0xa30/0xa30 [ 795.307355] ? __netlink_lookup+0x5e1/0xab0 [ 795.311685] ? lock_acquire+0x1e4/0x540 [ 795.315671] ? genl_rcv+0x19/0x40 [ 795.319138] genl_rcv_msg+0xc6/0x168 [ 795.322862] netlink_rcv_skb+0x172/0x440 [ 795.326938] ? genl_family_rcv_msg+0x1140/0x1140 [ 795.331698] ? netlink_ack+0xbe0/0xbe0 [ 795.335603] genl_rcv+0x28/0x40 [ 795.338899] netlink_unicast+0x5a0/0x760 [ 795.342961] ? netlink_attachskb+0x9a0/0x9a0 [ 795.347358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.352896] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 795.357929] netlink_sendmsg+0xa18/0xfc0 [ 795.361980] ? netlink_unicast+0x760/0x760 [ 795.366213] ? move_addr_to_kernel.part.20+0x100/0x100 [ 795.371495] ? security_socket_sendmsg+0x94/0xc0 [ 795.376246] ? netlink_unicast+0x760/0x760 [ 795.380474] sock_sendmsg+0xd5/0x120 [ 795.384179] ___sys_sendmsg+0x7fd/0x930 [ 795.388142] ? copy_msghdr_from_user+0x580/0x580 [ 795.392888] ? lock_acquire+0x1e4/0x540 [ 795.396870] ? __fd_install+0x2b2/0x880 [ 795.400839] ? lock_downgrade+0x8f0/0x8f0 [ 795.404977] ? select_collect+0x610/0x610 [ 795.409113] ? __fget_light+0x2f7/0x440 [ 795.413071] ? fget_raw+0x20/0x20 [ 795.416525] ? __fd_install+0x2db/0x880 [ 795.420512] ? get_unused_fd_flags+0x1a0/0x1a0 [ 795.425096] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 795.430633] ? sockfd_lookup_light+0xc5/0x160 [ 795.435128] __sys_sendmsg+0x11d/0x290 [ 795.439006] ? __ia32_sys_shutdown+0x80/0x80 [ 795.443504] ? __x64_sys_futex+0x47f/0x6a0 [ 795.447748] ? fd_install+0x4d/0x60 [ 795.451382] ? ksys_ioctl+0x81/0xd0 [ 795.455007] __x64_sys_sendmsg+0x78/0xb0 [ 795.460051] do_syscall_64+0x1b9/0x820 [ 795.464024] ? finish_task_switch+0x1d3/0x870 [ 795.468511] ? syscall_return_slowpath+0x5e0/0x5e0 [ 795.473440] ? syscall_return_slowpath+0x31d/0x5e0 [ 795.478377] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 795.483391] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 795.488226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 795.493419] RIP: 0033:0x456959 [ 795.496606] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:30:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x4c, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 795.515509] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 795.523220] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 795.530484] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 795.537746] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 795.545011] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 795.552277] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:37 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x39, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:37 executing program 2: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r0, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:37 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00062c00001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:37 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1810}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:37 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x2}) 17:30:37 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc8070014") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:37 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x0, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:37 executing program 2: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r0, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xa2, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:37 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060040001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 795.715412] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:37 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x89060000}) 17:30:37 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f76") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x33, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:37 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x7900}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 795.817090] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 795.824075] CPU: 0 PID: 5953 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 795.832493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.841858] Call Trace: [ 795.844457] dump_stack+0x1c9/0x2b4 [ 795.848074] ? dump_stack_print_info.cold.2+0x52/0x52 [ 795.853279] ? trace_hardirqs_on+0xd/0x10 [ 795.857423] sysfs_warn_dup.cold.3+0x1c/0x2b [ 795.861837] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 795.867188] sysfs_create_link+0x65/0xc0 [ 795.871238] device_add+0x5d0/0x17b0 [ 795.874939] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 795.879422] ? genl_family_rcv_msg+0x8a3/0x1140 [ 795.884090] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 795.889187] ? do_syscall_64+0x1b9/0x820 [ 795.893233] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 795.898408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.903938] wiphy_register+0x1a21/0x2740 [ 795.908085] ? wiphy_unregister+0x12c0/0x12c0 [ 795.912570] ? kasan_unpoison_shadow+0x35/0x50 [ 795.917149] ? kasan_kmalloc+0xc4/0xe0 [ 795.921034] ? __kmalloc+0x315/0x760 [ 795.924737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.930262] ? ieee80211_cs_list_valid+0x7c/0x440 [ 795.935100] ? ieee80211_register_hw+0xc61/0x3890 [ 795.939933] ieee80211_register_hw+0x146b/0x3890 [ 795.944686] ? init_timer_on_stack_key+0x31/0xe0 [ 795.949438] ? ieee80211_free_ack_frame+0x60/0x60 [ 795.954276] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 795.959287] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 795.965435] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 795.970967] ? vsnprintf+0x20d/0x1b60 [ 795.974771] ? pointer+0x990/0x990 [ 795.978302] ? check_same_owner+0x340/0x340 [ 795.982615] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 795.987630] ? kvasprintf+0xea/0x140 [ 795.991328] ? bust_spinlocks+0xe0/0xe0 [ 795.995294] ? kasprintf+0xab/0xe0 [ 795.998831] ? kvasprintf_const+0x190/0x190 [ 796.003152] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 796.008680] hwsim_new_radio_nl+0x7c0/0xa80 [ 796.013005] ? nla_parse+0x32b/0x4e0 [ 796.016725] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 796.021901] ? __netlink_ns_capable+0x100/0x130 [ 796.026555] genl_family_rcv_msg+0x8a3/0x1140 [ 796.031037] ? genl_unregister_family+0x8b0/0x8b0 [ 796.035864] ? netlink_deliver_tap+0x32d/0xfb0 [ 796.040434] ? lock_downgrade+0x8f0/0x8f0 [ 796.044566] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 796.049567] ? lock_release+0xa30/0xa30 [ 796.053527] ? __netlink_lookup+0x5e1/0xab0 [ 796.057835] ? lock_acquire+0x1e4/0x540 [ 796.061794] ? genl_rcv+0x19/0x40 [ 796.065245] genl_rcv_msg+0xc6/0x168 [ 796.068955] netlink_rcv_skb+0x172/0x440 [ 796.073001] ? genl_family_rcv_msg+0x1140/0x1140 [ 796.077754] ? netlink_ack+0xbe0/0xbe0 [ 796.081636] genl_rcv+0x28/0x40 [ 796.084917] netlink_unicast+0x5a0/0x760 [ 796.088971] ? netlink_attachskb+0x9a0/0x9a0 [ 796.093401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.098930] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 796.103957] netlink_sendmsg+0xa18/0xfc0 [ 796.108104] ? netlink_unicast+0x760/0x760 [ 796.112333] ? move_addr_to_kernel.part.20+0x100/0x100 [ 796.117602] ? security_socket_sendmsg+0x94/0xc0 [ 796.122362] ? netlink_unicast+0x760/0x760 [ 796.126607] sock_sendmsg+0xd5/0x120 [ 796.130488] ___sys_sendmsg+0x7fd/0x930 [ 796.134463] ? copy_msghdr_from_user+0x580/0x580 [ 796.139226] ? lock_acquire+0x1e4/0x540 [ 796.143196] ? __fd_install+0x2b2/0x880 [ 796.147160] ? lock_downgrade+0x8f0/0x8f0 [ 796.151300] ? select_collect+0x610/0x610 [ 796.155439] ? __fget_light+0x2f7/0x440 [ 796.159399] ? fget_raw+0x20/0x20 [ 796.162853] ? __fd_install+0x2db/0x880 [ 796.166813] ? get_unused_fd_flags+0x1a0/0x1a0 [ 796.171406] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 796.176934] ? sockfd_lookup_light+0xc5/0x160 [ 796.181417] __sys_sendmsg+0x11d/0x290 [ 796.185302] ? __ia32_sys_shutdown+0x80/0x80 [ 796.189704] ? __x64_sys_futex+0x47f/0x6a0 [ 796.193928] ? fd_install+0x4d/0x60 [ 796.197550] ? ksys_ioctl+0x81/0xd0 [ 796.201175] __x64_sys_sendmsg+0x78/0xb0 [ 796.205232] do_syscall_64+0x1b9/0x820 [ 796.209105] ? finish_task_switch+0x1d3/0x870 [ 796.213604] ? syscall_return_slowpath+0x5e0/0x5e0 [ 796.218530] ? syscall_return_slowpath+0x31d/0x5e0 [ 796.224346] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 796.229359] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 796.234199] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 796.239391] RIP: 0033:0x456959 [ 796.242583] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 796.261472] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:38 executing program 2: ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r0 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r0, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 796.269179] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 796.276439] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 796.283706] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 796.290965] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 796.298222] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:38 executing program 2: ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r0 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r0, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:38 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060b00001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x7ffff000, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:38 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xff00}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:38 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f76") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:38 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x0, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:38 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x1c00}) 17:30:38 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:38 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f76") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xf2, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:38 executing program 2: ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r0 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r0, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:38 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060500001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 796.475160] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:38 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffffa0}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:38 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x1c}) [ 796.563412] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 796.570523] CPU: 1 PID: 6004 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 796.578938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.588304] Call Trace: [ 796.590924] dump_stack+0x1c9/0x2b4 [ 796.594623] ? dump_stack_print_info.cold.2+0x52/0x52 [ 796.599854] ? trace_hardirqs_on+0xd/0x10 [ 796.604025] sysfs_warn_dup.cold.3+0x1c/0x2b [ 796.608458] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:38 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x33fe0, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 796.613861] sysfs_create_link+0x65/0xc0 [ 796.617941] device_add+0x5d0/0x17b0 [ 796.621666] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 796.626180] ? genl_family_rcv_msg+0x8a3/0x1140 [ 796.630885] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 796.636014] ? do_syscall_64+0x1b9/0x820 [ 796.640104] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 796.645315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.650894] wiphy_register+0x1a21/0x2740 [ 796.655072] ? wiphy_unregister+0x12c0/0x12c0 [ 796.659580] ? kasan_unpoison_shadow+0x35/0x50 17:30:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 796.664179] ? kasan_kmalloc+0xc4/0xe0 [ 796.668087] ? __kmalloc+0x315/0x760 [ 796.671823] ? __lockdep_init_map+0x105/0x590 [ 796.676346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.681927] ? ieee80211_cs_list_valid+0x7c/0x440 [ 796.686794] ? ieee80211_register_hw+0xc61/0x3890 [ 796.691661] ieee80211_register_hw+0x146b/0x3890 [ 796.696436] ? init_timer_on_stack_key+0x31/0xe0 [ 796.701199] ? ieee80211_free_ack_frame+0x60/0x60 [ 796.706053] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 796.711080] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 796.717235] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 796.722773] ? vsnprintf+0x20d/0x1b60 [ 796.726564] ? pointer+0x990/0x990 [ 796.730097] ? check_same_owner+0x340/0x340 [ 796.734417] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 796.739437] ? kvasprintf+0xea/0x140 [ 796.743142] ? bust_spinlocks+0xe0/0xe0 [ 796.747120] ? kasprintf+0xab/0xe0 [ 796.750647] ? kvasprintf_const+0x190/0x190 [ 796.754972] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 796.760511] hwsim_new_radio_nl+0x7c0/0xa80 [ 796.764834] ? nla_parse+0x32b/0x4e0 [ 796.768549] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 796.774010] ? __netlink_ns_capable+0x100/0x130 [ 796.778673] genl_family_rcv_msg+0x8a3/0x1140 [ 796.783161] ? genl_unregister_family+0x8b0/0x8b0 [ 796.787991] ? netlink_deliver_tap+0x32d/0xfb0 [ 796.792566] ? lock_downgrade+0x8f0/0x8f0 [ 796.796703] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 796.801719] ? lock_release+0xa30/0xa30 [ 796.805694] ? __netlink_lookup+0x5e1/0xab0 [ 796.810011] ? lock_acquire+0x1e4/0x540 [ 796.813974] ? genl_rcv+0x19/0x40 [ 796.817425] genl_rcv_msg+0xc6/0x168 [ 796.821146] netlink_rcv_skb+0x172/0x440 [ 796.825205] ? genl_family_rcv_msg+0x1140/0x1140 [ 796.829949] ? netlink_ack+0xbe0/0xbe0 [ 796.833827] genl_rcv+0x28/0x40 [ 796.837090] netlink_unicast+0x5a0/0x760 [ 796.841146] ? netlink_attachskb+0x9a0/0x9a0 [ 796.845545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.851073] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 796.856094] netlink_sendmsg+0xa18/0xfc0 [ 796.860158] ? netlink_unicast+0x760/0x760 [ 796.864402] ? move_addr_to_kernel.part.20+0x100/0x100 [ 796.869671] ? security_socket_sendmsg+0x94/0xc0 [ 796.874434] ? netlink_unicast+0x760/0x760 [ 796.878758] sock_sendmsg+0xd5/0x120 [ 796.882651] ___sys_sendmsg+0x7fd/0x930 [ 796.886624] ? copy_msghdr_from_user+0x580/0x580 [ 796.891384] ? lock_acquire+0x1e4/0x540 [ 796.895363] ? __fd_install+0x2b2/0x880 [ 796.899335] ? lock_downgrade+0x8f0/0x8f0 [ 796.903483] ? select_collect+0x610/0x610 [ 796.907631] ? __fget_light+0x2f7/0x440 [ 796.911602] ? fget_raw+0x20/0x20 [ 796.915115] ? __fd_install+0x2db/0x880 [ 796.919086] ? get_unused_fd_flags+0x1a0/0x1a0 [ 796.923675] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 796.929209] ? sockfd_lookup_light+0xc5/0x160 [ 796.933701] __sys_sendmsg+0x11d/0x290 [ 796.937588] ? __ia32_sys_shutdown+0x80/0x80 [ 796.941998] ? __x64_sys_futex+0x47f/0x6a0 [ 796.946230] ? fd_install+0x4d/0x60 [ 796.949849] ? syscall_slow_exit_work+0x500/0x500 [ 796.954678] ? ksys_ioctl+0x81/0xd0 [ 796.958294] __x64_sys_sendmsg+0x78/0xb0 [ 796.962352] do_syscall_64+0x1b9/0x820 [ 796.966228] ? finish_task_switch+0x1d3/0x870 [ 796.970718] ? syscall_return_slowpath+0x5e0/0x5e0 [ 796.975664] ? syscall_return_slowpath+0x31d/0x5e0 [ 796.980592] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 796.985605] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 796.990452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 796.995636] RIP: 0033:0x456959 17:30:38 executing program 2: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 796.998816] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 797.017798] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 797.025498] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 797.032756] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 797.040021] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 797.047291] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 797.054552] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:38 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000051900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:38 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x3}) 17:30:38 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:38 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x800000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x25, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:38 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f7640") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:39 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x27, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:39 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x2100}) 17:30:39 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000ff1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 797.200374] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 797.264938] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 797.271874] CPU: 1 PID: 6051 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 797.280281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.289639] Call Trace: [ 797.292245] dump_stack+0x1c9/0x2b4 [ 797.295873] ? dump_stack_print_info.cold.2+0x52/0x52 [ 797.301061] ? trace_hardirqs_on+0xd/0x10 [ 797.305212] sysfs_warn_dup.cold.3+0x1c/0x2b [ 797.309621] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 797.314974] sysfs_create_link+0x65/0xc0 [ 797.319899] device_add+0x5d0/0x17b0 [ 797.323693] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 797.328180] ? genl_family_rcv_msg+0x8a3/0x1140 [ 797.332841] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 797.337932] ? do_syscall_64+0x1b9/0x820 [ 797.341984] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 797.347162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 797.352702] wiphy_register+0x1a21/0x2740 [ 797.356851] ? wiphy_unregister+0x12c0/0x12c0 [ 797.361344] ? kasan_unpoison_shadow+0x35/0x50 [ 797.365911] ? kasan_kmalloc+0xc4/0xe0 [ 797.369788] ? __kmalloc+0x315/0x760 [ 797.373490] ? __lockdep_init_map+0x105/0x590 [ 797.377997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 797.383530] ? ieee80211_cs_list_valid+0x7c/0x440 [ 797.388362] ? ieee80211_register_hw+0xc61/0x3890 [ 797.393194] ieee80211_register_hw+0x146b/0x3890 [ 797.397937] ? init_timer_on_stack_key+0x31/0xe0 [ 797.402683] ? ieee80211_free_ack_frame+0x60/0x60 [ 797.407530] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 797.412541] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 797.418684] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 797.424217] ? vsnprintf+0x20d/0x1b60 [ 797.428002] ? pointer+0x990/0x990 [ 797.431586] ? check_same_owner+0x340/0x340 [ 797.435895] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 797.440899] ? kvasprintf+0xea/0x140 [ 797.444596] ? bust_spinlocks+0xe0/0xe0 [ 797.448569] ? kasprintf+0xab/0xe0 [ 797.452095] ? kvasprintf_const+0x190/0x190 [ 797.456412] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 797.463021] hwsim_new_radio_nl+0x7c0/0xa80 [ 797.467336] ? nla_parse+0x32b/0x4e0 [ 797.471034] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 797.476221] ? __netlink_ns_capable+0x100/0x130 [ 797.480877] genl_family_rcv_msg+0x8a3/0x1140 [ 797.485360] ? genl_unregister_family+0x8b0/0x8b0 [ 797.490187] ? netlink_deliver_tap+0x32d/0xfb0 [ 797.494787] ? lock_downgrade+0x8f0/0x8f0 [ 797.498931] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 797.503934] ? lock_release+0xa30/0xa30 [ 797.507909] ? __netlink_lookup+0x5e1/0xab0 [ 797.512217] ? lock_acquire+0x1e4/0x540 [ 797.516175] ? genl_rcv+0x19/0x40 [ 797.519636] genl_rcv_msg+0xc6/0x168 [ 797.523359] netlink_rcv_skb+0x172/0x440 [ 797.527406] ? genl_family_rcv_msg+0x1140/0x1140 [ 797.532156] ? netlink_ack+0xbe0/0xbe0 [ 797.536034] genl_rcv+0x28/0x40 [ 797.539308] netlink_unicast+0x5a0/0x760 [ 797.543356] ? netlink_attachskb+0x9a0/0x9a0 [ 797.547763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 797.553284] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 797.558292] netlink_sendmsg+0xa18/0xfc0 [ 797.562351] ? netlink_unicast+0x760/0x760 [ 797.566583] ? move_addr_to_kernel.part.20+0x100/0x100 [ 797.571857] ? security_socket_sendmsg+0x94/0xc0 [ 797.576612] ? netlink_unicast+0x760/0x760 [ 797.580833] sock_sendmsg+0xd5/0x120 [ 797.584553] ___sys_sendmsg+0x7fd/0x930 [ 797.588519] ? copy_msghdr_from_user+0x580/0x580 [ 797.593263] ? lock_acquire+0x1e4/0x540 [ 797.597222] ? __fd_install+0x2b2/0x880 [ 797.601193] ? lock_downgrade+0x8f0/0x8f0 [ 797.605327] ? select_collect+0x610/0x610 [ 797.609470] ? __fget_light+0x2f7/0x440 [ 797.613430] ? fget_raw+0x20/0x20 [ 797.616881] ? __fd_install+0x2db/0x880 [ 797.620844] ? get_unused_fd_flags+0x1a0/0x1a0 [ 797.625412] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 797.630934] ? sockfd_lookup_light+0xc5/0x160 [ 797.635425] __sys_sendmsg+0x11d/0x290 [ 797.639298] ? __ia32_sys_shutdown+0x80/0x80 [ 797.643692] ? __x64_sys_futex+0x47f/0x6a0 [ 797.647918] ? fd_install+0x4d/0x60 [ 797.651533] ? ksys_ioctl+0x81/0xd0 [ 797.655144] __x64_sys_sendmsg+0x78/0xb0 [ 797.659193] do_syscall_64+0x1b9/0x820 [ 797.663067] ? finish_task_switch+0x1d3/0x870 [ 797.667550] ? syscall_return_slowpath+0x5e0/0x5e0 [ 797.672485] ? syscall_return_slowpath+0x31d/0x5e0 [ 797.677415] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 797.682432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 797.687272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 797.692553] RIP: 0033:0x456959 [ 797.695740] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:30:39 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f7640") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:39 executing program 2: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:39 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xc0ffffff}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 797.714638] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 797.722332] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 797.729597] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 797.736863] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 797.744380] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 797.751644] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xd8, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:39 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:30:39 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f7640") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20000020, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:39 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x69000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:39 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000401900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:39 executing program 2: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:39 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:39 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x6488}) 17:30:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x2d, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:39 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x0, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:39 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600b4031900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 797.974585] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 798.035602] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 798.042640] CPU: 0 PID: 6105 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 798.051055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.060418] Call Trace: [ 798.063033] dump_stack+0x1c9/0x2b4 [ 798.066695] ? dump_stack_print_info.cold.2+0x52/0x52 [ 798.071904] ? trace_hardirqs_on+0xd/0x10 [ 798.076073] sysfs_warn_dup.cold.3+0x1c/0x2b [ 798.080504] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 798.085912] sysfs_create_link+0x65/0xc0 [ 798.090024] device_add+0x5d0/0x17b0 [ 798.093759] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 798.098268] ? genl_family_rcv_msg+0x8a3/0x1140 [ 798.102958] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 798.108105] ? do_syscall_64+0x1b9/0x820 [ 798.112193] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 798.117412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.122975] wiphy_register+0x1a21/0x2740 [ 798.127143] ? wiphy_unregister+0x12c0/0x12c0 [ 798.131657] ? kasan_unpoison_shadow+0x35/0x50 17:30:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xf, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:39 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x69}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:39 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x88ffffff00000000}) 17:30:39 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635000800000f300f015b9d66b9800000c00f326635004000000f30652e0f01ca440f20c066350f000000440f22c00f009ba86df20f009400000f58c1ba95800f209f", 0x4b}], 0x1, 0x6d, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 17:30:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xb1, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 798.136270] ? kasan_kmalloc+0xc4/0xe0 [ 798.140193] ? __kmalloc+0x315/0x760 [ 798.143929] ? __lockdep_init_map+0x105/0x590 [ 798.148450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.154002] ? ieee80211_cs_list_valid+0x7c/0x440 [ 798.158870] ? ieee80211_register_hw+0xc61/0x3890 [ 798.163742] ieee80211_register_hw+0x146b/0x3890 [ 798.168643] ? init_timer_on_stack_key+0x31/0xe0 [ 798.173419] ? ieee80211_free_ack_frame+0x60/0x60 [ 798.178287] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x69, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 798.183423] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 798.189593] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 798.195174] ? vsnprintf+0x20d/0x1b60 [ 798.198997] ? pointer+0x990/0x990 [ 798.202557] ? check_same_owner+0x340/0x340 [ 798.206896] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 798.211928] ? kvasprintf+0xea/0x140 [ 798.215651] ? bust_spinlocks+0xe0/0xe0 [ 798.219633] ? kasprintf+0xab/0xe0 [ 798.223189] ? kvasprintf_const+0x190/0x190 [ 798.227531] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 17:30:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x14, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 798.233088] hwsim_new_radio_nl+0x7c0/0xa80 [ 798.237474] ? nla_parse+0x32b/0x4e0 [ 798.241197] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 798.246397] ? __netlink_ns_capable+0x100/0x130 [ 798.251086] genl_family_rcv_msg+0x8a3/0x1140 [ 798.255603] ? genl_unregister_family+0x8b0/0x8b0 [ 798.260449] ? netlink_deliver_tap+0x32d/0xfb0 [ 798.265045] ? lock_downgrade+0x8f0/0x8f0 [ 798.269186] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 798.274204] ? lock_release+0xa30/0xa30 [ 798.278173] ? __netlink_lookup+0x5e1/0xab0 [ 798.282505] ? lock_acquire+0x1e4/0x540 [ 798.286477] ? genl_rcv+0x19/0x40 [ 798.289923] genl_rcv_msg+0xc6/0x168 [ 798.293635] netlink_rcv_skb+0x172/0x440 [ 798.297894] ? genl_family_rcv_msg+0x1140/0x1140 [ 798.302745] ? netlink_ack+0xbe0/0xbe0 [ 798.306647] genl_rcv+0x28/0x40 [ 798.309932] netlink_unicast+0x5a0/0x760 [ 798.314079] ? netlink_attachskb+0x9a0/0x9a0 [ 798.318494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.324024] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 798.329030] netlink_sendmsg+0xa18/0xfc0 [ 798.333092] ? netlink_unicast+0x760/0x760 [ 798.337332] ? move_addr_to_kernel.part.20+0x100/0x100 [ 798.342611] ? security_socket_sendmsg+0x94/0xc0 [ 798.347374] ? netlink_unicast+0x760/0x760 [ 798.351604] sock_sendmsg+0xd5/0x120 [ 798.355312] ___sys_sendmsg+0x7fd/0x930 [ 798.359281] ? copy_msghdr_from_user+0x580/0x580 [ 798.364031] ? lock_acquire+0x1e4/0x540 [ 798.368004] ? __fd_install+0x2b2/0x880 [ 798.371970] ? lock_downgrade+0x8f0/0x8f0 [ 798.376108] ? select_collect+0x610/0x610 [ 798.380248] ? __fget_light+0x2f7/0x440 [ 798.384209] ? fget_raw+0x20/0x20 [ 798.387668] ? __fd_install+0x2db/0x880 [ 798.391628] ? get_unused_fd_flags+0x1a0/0x1a0 [ 798.396202] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 798.401752] ? sockfd_lookup_light+0xc5/0x160 [ 798.406244] __sys_sendmsg+0x11d/0x290 [ 798.410136] ? __ia32_sys_shutdown+0x80/0x80 [ 798.414548] ? __x64_sys_futex+0x47f/0x6a0 [ 798.418792] ? fd_install+0x4d/0x60 [ 798.422428] ? ksys_ioctl+0x81/0xd0 [ 798.426060] __x64_sys_sendmsg+0x78/0xb0 [ 798.430111] do_syscall_64+0x1b9/0x820 [ 798.434005] ? finish_task_switch+0x1d3/0x870 [ 798.438504] ? syscall_return_slowpath+0x5e0/0x5e0 [ 798.443431] ? syscall_return_slowpath+0x31d/0x5e0 [ 798.448350] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 798.453364] ? prepare_exit_to_usermode+0x291/0x3b0 [ 798.458369] ? perf_trace_sys_enter+0xb10/0xb10 [ 798.463025] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 798.467958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 798.473165] RIP: 0033:0x456959 [ 798.476375] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 798.495361] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 798.503103] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 798.510387] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 798.517649] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 798.524914] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 17:30:40 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 798.532185] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:40 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1018}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:40 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8100000000000000}) 17:30:40 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") setrlimit(0x2, &(0x7f0000e63ff0)={0x0, 0x20080000000}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) 17:30:40 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:40 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x0, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:40 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000031900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x56, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:40 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 798.674916] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:40 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffffc0}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:40 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x88640000}) 17:30:40 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:40 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x0, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 798.795185] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 798.802177] CPU: 0 PID: 6153 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 798.810622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.819984] Call Trace: [ 798.822578] dump_stack+0x1c9/0x2b4 [ 798.826217] ? dump_stack_print_info.cold.2+0x52/0x52 [ 798.831433] ? trace_hardirqs_on+0xd/0x10 [ 798.835607] sysfs_warn_dup.cold.3+0x1c/0x2b [ 798.840047] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xf2, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:40 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000061900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 798.845441] sysfs_create_link+0x65/0xc0 [ 798.849531] device_add+0x5d0/0x17b0 [ 798.853349] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 798.857858] ? genl_family_rcv_msg+0x8a3/0x1140 [ 798.862551] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 798.867677] ? do_syscall_64+0x1b9/0x820 [ 798.871924] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 798.877164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.882733] wiphy_register+0x1a21/0x2740 [ 798.886889] ? wiphy_unregister+0x12c0/0x12c0 [ 798.891378] ? kasan_unpoison_shadow+0x35/0x50 [ 798.895957] ? kasan_kmalloc+0xc4/0xe0 [ 798.899843] ? __kmalloc+0x315/0x760 [ 798.903557] ? __lockdep_init_map+0x105/0x590 [ 798.908074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.913622] ? ieee80211_cs_list_valid+0x7c/0x440 [ 798.918461] ? ieee80211_register_hw+0xc61/0x3890 [ 798.923297] ieee80211_register_hw+0x146b/0x3890 [ 798.928052] ? init_timer_on_stack_key+0x31/0xe0 [ 798.932815] ? ieee80211_free_ack_frame+0x60/0x60 [ 798.937671] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 798.942685] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 798.948829] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 798.954376] ? vsnprintf+0x20d/0x1b60 [ 798.958170] ? pointer+0x990/0x990 [ 798.961715] ? check_same_owner+0x340/0x340 [ 798.966040] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 798.971055] ? kvasprintf+0xea/0x140 [ 798.974757] ? bust_spinlocks+0xe0/0xe0 [ 798.978725] ? kasprintf+0xab/0xe0 [ 798.982252] ? kvasprintf_const+0x190/0x190 [ 798.986562] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 798.992116] hwsim_new_radio_nl+0x7c0/0xa80 [ 798.996429] ? nla_parse+0x32b/0x4e0 [ 799.000255] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 799.005443] ? __netlink_ns_capable+0x100/0x130 [ 799.010127] genl_family_rcv_msg+0x8a3/0x1140 [ 799.014623] ? genl_unregister_family+0x8b0/0x8b0 [ 799.019450] ? netlink_deliver_tap+0x32d/0xfb0 [ 799.024026] ? lock_downgrade+0x8f0/0x8f0 [ 799.028161] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 799.033175] ? lock_release+0xa30/0xa30 [ 799.037136] ? __netlink_lookup+0x5e1/0xab0 [ 799.041559] ? lock_acquire+0x1e4/0x540 [ 799.045536] ? genl_rcv+0x19/0x40 [ 799.048979] genl_rcv_msg+0xc6/0x168 [ 799.052686] netlink_rcv_skb+0x172/0x440 [ 799.056744] ? genl_family_rcv_msg+0x1140/0x1140 [ 799.061514] ? netlink_ack+0xbe0/0xbe0 [ 799.065399] genl_rcv+0x28/0x40 [ 799.068767] netlink_unicast+0x5a0/0x760 [ 799.072831] ? netlink_attachskb+0x9a0/0x9a0 [ 799.077236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.082766] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 799.087783] netlink_sendmsg+0xa18/0xfc0 [ 799.091841] ? netlink_unicast+0x760/0x760 [ 799.096066] ? move_addr_to_kernel.part.20+0x100/0x100 [ 799.101338] ? security_socket_sendmsg+0x94/0xc0 [ 799.106095] ? netlink_unicast+0x760/0x760 [ 799.110318] sock_sendmsg+0xd5/0x120 [ 799.114039] ___sys_sendmsg+0x7fd/0x930 [ 799.118016] ? copy_msghdr_from_user+0x580/0x580 [ 799.122773] ? lock_acquire+0x1e4/0x540 [ 799.126740] ? __fd_install+0x2b2/0x880 [ 799.130720] ? lock_downgrade+0x8f0/0x8f0 [ 799.134859] ? select_collect+0x610/0x610 [ 799.139000] ? __fget_light+0x2f7/0x440 [ 799.142968] ? fget_raw+0x20/0x20 [ 799.146548] ? __fd_install+0x2db/0x880 [ 799.150521] ? get_unused_fd_flags+0x1a0/0x1a0 [ 799.155115] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 799.160661] ? sockfd_lookup_light+0xc5/0x160 [ 799.165156] __sys_sendmsg+0x11d/0x290 [ 799.169048] ? __ia32_sys_shutdown+0x80/0x80 [ 799.173475] ? __x64_sys_futex+0x47f/0x6a0 [ 799.177709] ? fd_install+0x4d/0x60 [ 799.181333] ? ksys_ioctl+0x81/0xd0 [ 799.184948] __x64_sys_sendmsg+0x78/0xb0 [ 799.189007] do_syscall_64+0x1b9/0x820 [ 799.192996] ? finish_task_switch+0x1d3/0x870 [ 799.197529] ? syscall_return_slowpath+0x5e0/0x5e0 [ 799.202466] ? syscall_return_slowpath+0x31d/0x5e0 [ 799.207386] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 799.212402] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 799.217237] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.222423] RIP: 0033:0x456959 [ 799.225620] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:30:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x2d, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 799.244523] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 799.252231] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 799.259599] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 799.266868] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 799.274124] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 799.281387] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:41 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:41 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xd0ffffff}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:41 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x1100}) 17:30:41 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 799.331276] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 799.381518] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. [ 799.396898] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 799.403851] CPU: 0 PID: 6153 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 799.412270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.421625] Call Trace: [ 799.424244] dump_stack+0x1c9/0x2b4 [ 799.427896] ? dump_stack_print_info.cold.2+0x52/0x52 [ 799.433116] ? trace_hardirqs_on+0xd/0x10 [ 799.437304] sysfs_warn_dup.cold.3+0x1c/0x2b [ 799.441732] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 799.447117] sysfs_create_link+0x65/0xc0 [ 799.451193] device_add+0x5d0/0x17b0 [ 799.454915] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 799.459421] ? genl_family_rcv_msg+0x8a3/0x1140 [ 799.464117] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 799.469235] ? do_syscall_64+0x1b9/0x820 [ 799.473310] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 799.478525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.484072] wiphy_register+0x1a21/0x2740 [ 799.488212] ? wiphy_unregister+0x12c0/0x12c0 [ 799.492708] ? kasan_unpoison_shadow+0x35/0x50 [ 799.497284] ? kasan_kmalloc+0xc4/0xe0 [ 799.502030] ? __kmalloc+0x315/0x760 [ 799.505745] ? __lockdep_init_map+0x105/0x590 [ 799.510242] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.515771] ? ieee80211_cs_list_valid+0x7c/0x440 [ 799.520604] ? ieee80211_register_hw+0xc61/0x3890 [ 799.525443] ieee80211_register_hw+0x146b/0x3890 [ 799.530198] ? init_timer_on_stack_key+0x31/0xe0 [ 799.534939] ? ieee80211_free_ack_frame+0x60/0x60 [ 799.539776] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 799.544787] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 799.550931] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 799.556455] ? vsnprintf+0x20d/0x1b60 [ 799.560243] ? pointer+0x990/0x990 [ 799.563768] ? check_same_owner+0x340/0x340 [ 799.568085] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 799.573085] ? kvasprintf+0xea/0x140 [ 799.576781] ? bust_spinlocks+0xe0/0xe0 [ 799.580751] ? kasprintf+0xab/0xe0 [ 799.584285] ? kvasprintf_const+0x190/0x190 [ 799.588603] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 799.594125] hwsim_new_radio_nl+0x7c0/0xa80 [ 799.598434] ? nla_parse+0x32b/0x4e0 [ 799.602133] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 799.607324] ? __netlink_ns_capable+0x100/0x130 [ 799.611995] genl_family_rcv_msg+0x8a3/0x1140 [ 799.616482] ? genl_unregister_family+0x8b0/0x8b0 [ 799.621319] ? netlink_deliver_tap+0x32d/0xfb0 [ 799.625904] ? lock_downgrade+0x8f0/0x8f0 [ 799.630057] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 799.635059] ? lock_release+0xa30/0xa30 [ 799.639016] ? __netlink_lookup+0x5e1/0xab0 [ 799.643336] ? lock_acquire+0x1e4/0x540 [ 799.647294] ? genl_rcv+0x19/0x40 [ 799.650742] genl_rcv_msg+0xc6/0x168 [ 799.654451] netlink_rcv_skb+0x172/0x440 [ 799.658504] ? genl_family_rcv_msg+0x1140/0x1140 [ 799.663244] ? netlink_ack+0xbe0/0xbe0 [ 799.667118] genl_rcv+0x28/0x40 [ 799.670380] netlink_unicast+0x5a0/0x760 [ 799.674422] ? netlink_attachskb+0x9a0/0x9a0 [ 799.678819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.684342] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 799.689354] netlink_sendmsg+0xa18/0xfc0 [ 799.693403] ? netlink_unicast+0x760/0x760 [ 799.697620] ? move_addr_to_kernel.part.20+0x100/0x100 [ 799.702894] ? security_socket_sendmsg+0x94/0xc0 [ 799.707635] ? netlink_unicast+0x760/0x760 [ 799.711941] sock_sendmsg+0xd5/0x120 [ 799.715639] ___sys_sendmsg+0x7fd/0x930 [ 799.719599] ? copy_msghdr_from_user+0x580/0x580 [ 799.724342] ? lock_acquire+0x1e4/0x540 [ 799.728301] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 799.733488] ? __fget_light+0x2f7/0x440 [ 799.737446] ? fget_raw+0x20/0x20 [ 799.740881] ? __fd_install+0x2db/0x880 [ 799.744839] ? dlci_ioctl_set+0x40/0x40 [ 799.748801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.754325] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 799.759853] ? sockfd_lookup_light+0xc5/0x160 [ 799.764332] __sys_sendmsg+0x11d/0x290 [ 799.768204] ? __ia32_sys_shutdown+0x80/0x80 [ 799.772608] ? __x64_sys_futex+0x47f/0x6a0 [ 799.776836] ? fd_install+0x4d/0x60 [ 799.780455] ? ksys_ioctl+0x81/0xd0 [ 799.784073] __x64_sys_sendmsg+0x78/0xb0 [ 799.788133] do_syscall_64+0x1b9/0x820 [ 799.792010] ? finish_task_switch+0x1d3/0x870 [ 799.796494] ? syscall_return_slowpath+0x5e0/0x5e0 [ 799.801412] ? syscall_return_slowpath+0x31d/0x5e0 [ 799.806333] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 799.811331] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 799.816165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.821348] RIP: 0033:0x456959 [ 799.824539] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 799.843525] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 799.851227] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 799.858488] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 799.865745] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 799.872999] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 17:30:41 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:41 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x0, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:41 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000071900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:41 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x2000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xb7, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:41 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8035000000000000}) [ 799.880254] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:41 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:41 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x3b, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:41 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x0, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:41 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060060001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:41 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:41 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffffe4}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 799.993642] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:41 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:41 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x100000000000000}) 17:30:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x38, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 800.086269] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 800.093236] CPU: 0 PID: 6231 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 800.101653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.111023] Call Trace: [ 800.113655] dump_stack+0x1c9/0x2b4 [ 800.117322] ? dump_stack_print_info.cold.2+0x52/0x52 [ 800.122529] ? trace_hardirqs_on+0xd/0x10 [ 800.126697] sysfs_warn_dup.cold.3+0x1c/0x2b [ 800.131122] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 800.136509] sysfs_create_link+0x65/0xc0 [ 800.140590] device_add+0x5d0/0x17b0 [ 800.144332] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 800.148932] ? genl_family_rcv_msg+0x8a3/0x1140 [ 800.153617] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 800.158734] ? do_syscall_64+0x1b9/0x820 [ 800.162808] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 800.168041] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.173586] wiphy_register+0x1a21/0x2740 [ 800.177743] ? wiphy_unregister+0x12c0/0x12c0 [ 800.182228] ? kasan_unpoison_shadow+0x35/0x50 [ 800.186802] ? kasan_kmalloc+0xc4/0xe0 [ 800.190698] ? __kmalloc+0x315/0x760 [ 800.194418] ? __lockdep_init_map+0x105/0x590 [ 800.198918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.204592] ? ieee80211_cs_list_valid+0x7c/0x440 [ 800.209424] ? ieee80211_register_hw+0xc61/0x3890 [ 800.214362] ieee80211_register_hw+0x146b/0x3890 [ 800.219114] ? init_timer_on_stack_key+0x31/0xe0 [ 800.223864] ? ieee80211_free_ack_frame+0x60/0x60 [ 800.228703] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 800.233741] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 800.239901] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 800.245428] ? vsnprintf+0x20d/0x1b60 [ 800.249222] ? pointer+0x990/0x990 [ 800.252759] ? check_same_owner+0x340/0x340 [ 800.257070] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 800.262083] ? kvasprintf+0xea/0x140 [ 800.265782] ? bust_spinlocks+0xe0/0xe0 [ 800.269746] ? kasprintf+0xab/0xe0 [ 800.273279] ? kvasprintf_const+0x190/0x190 [ 800.277613] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 800.283161] hwsim_new_radio_nl+0x7c0/0xa80 [ 800.287488] ? nla_parse+0x32b/0x4e0 [ 800.291197] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 800.296385] ? __netlink_ns_capable+0x100/0x130 [ 800.301067] genl_family_rcv_msg+0x8a3/0x1140 [ 800.305557] ? genl_unregister_family+0x8b0/0x8b0 [ 800.310392] ? __sched_text_start+0x8/0x8 [ 800.314546] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 800.319546] ? lock_release+0xa30/0xa30 [ 800.323513] ? __netlink_lookup+0x5e1/0xab0 [ 800.327836] ? lock_acquire+0x1e4/0x540 [ 800.331802] ? genl_rcv+0x19/0x40 [ 800.335245] genl_rcv_msg+0xc6/0x168 [ 800.338944] netlink_rcv_skb+0x172/0x440 [ 800.342993] ? genl_family_rcv_msg+0x1140/0x1140 [ 800.347740] ? netlink_ack+0xbe0/0xbe0 [ 800.351616] genl_rcv+0x28/0x40 [ 800.354881] netlink_unicast+0x5a0/0x760 [ 800.358925] ? netlink_attachskb+0x9a0/0x9a0 [ 800.363322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.368842] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 800.373845] netlink_sendmsg+0xa18/0xfc0 [ 800.377905] ? netlink_unicast+0x760/0x760 [ 800.382152] ? move_addr_to_kernel.part.20+0x100/0x100 [ 800.387424] ? security_socket_sendmsg+0x94/0xc0 [ 800.392172] ? netlink_unicast+0x760/0x760 [ 800.396391] sock_sendmsg+0xd5/0x120 [ 800.400092] ___sys_sendmsg+0x7fd/0x930 [ 800.405112] ? copy_msghdr_from_user+0x580/0x580 [ 800.409866] ? lock_acquire+0x1e4/0x540 [ 800.413844] ? __fd_install+0x2b2/0x880 [ 800.417812] ? lock_downgrade+0x8f0/0x8f0 [ 800.421942] ? select_collect+0x610/0x610 [ 800.426085] ? __fget_light+0x2f7/0x440 [ 800.430056] ? fget_raw+0x20/0x20 [ 800.433508] ? __fd_install+0x2db/0x880 [ 800.437464] ? get_unused_fd_flags+0x1a0/0x1a0 [ 800.442038] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 800.447658] ? sockfd_lookup_light+0xc5/0x160 [ 800.452143] __sys_sendmsg+0x11d/0x290 [ 800.456031] ? __ia32_sys_shutdown+0x80/0x80 [ 800.460428] ? __x64_sys_futex+0x47f/0x6a0 [ 800.464652] ? fd_install+0x4d/0x60 [ 800.468268] ? ksys_ioctl+0x81/0xd0 [ 800.471908] __x64_sys_sendmsg+0x78/0xb0 [ 800.475962] do_syscall_64+0x1b9/0x820 [ 800.479854] ? finish_task_switch+0x1d3/0x870 [ 800.484356] ? syscall_return_slowpath+0x5e0/0x5e0 [ 800.489278] ? syscall_return_slowpath+0x31d/0x5e0 [ 800.494196] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 800.499212] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 800.504052] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.509229] RIP: 0033:0x456959 [ 800.512405] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 800.531294] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 800.538995] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 800.546252] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 800.553514] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 800.560781] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 800.568039] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:42 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:42 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600f0001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x3d, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:42 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) ioctl$FICLONE(0xffffffffffffffff, 0x5460, 0xffffffffffffffff) 17:30:42 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x0, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:42 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x543}) 17:30:42 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:42 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x24000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:42 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)) r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xd8, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:42 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x0, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 800.685293] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:42 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) ioctl$FICLONE(0xffffffffffffffff, 0x5460, 0xffffffffffffffff) 17:30:42 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8}) [ 800.741636] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 800.748583] CPU: 1 PID: 6276 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 800.757000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.766368] Call Trace: [ 800.768994] dump_stack+0x1c9/0x2b4 [ 800.772679] ? dump_stack_print_info.cold.2+0x52/0x52 [ 800.777896] ? trace_hardirqs_on+0xd/0x10 [ 800.782066] sysfs_warn_dup.cold.3+0x1c/0x2b [ 800.786496] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:42 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060080fe1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x28, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 800.791885] sysfs_create_link+0x65/0xc0 [ 800.795963] device_add+0x5d0/0x17b0 [ 800.799705] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 800.804215] ? genl_family_rcv_msg+0x8a3/0x1140 [ 800.808902] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 800.814017] ? do_syscall_64+0x1b9/0x820 [ 800.818097] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 800.823310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.828869] wiphy_register+0x1a21/0x2740 [ 800.833041] ? wiphy_unregister+0x12c0/0x12c0 [ 800.837728] ? kasan_unpoison_shadow+0x35/0x50 [ 800.842354] ? kasan_kmalloc+0xc4/0xe0 [ 800.846260] ? __kmalloc+0x315/0x760 [ 800.849992] ? __lockdep_init_map+0x105/0x590 [ 800.854501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.860049] ? ieee80211_cs_list_valid+0x7c/0x440 [ 800.865105] ? ieee80211_register_hw+0xc61/0x3890 [ 800.869982] ieee80211_register_hw+0x146b/0x3890 [ 800.874758] ? init_timer_on_stack_key+0x31/0xe0 [ 800.879555] ? ieee80211_free_ack_frame+0x60/0x60 [ 800.884423] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 800.889465] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 800.895620] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 800.901179] ? vsnprintf+0x20d/0x1b60 [ 800.904979] ? pointer+0x990/0x990 [ 800.908521] ? check_same_owner+0x340/0x340 [ 800.912832] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 800.917837] ? kvasprintf+0xea/0x140 [ 800.921545] ? bust_spinlocks+0xe0/0xe0 [ 800.925512] ? kasprintf+0xab/0xe0 [ 800.929070] ? kvasprintf_const+0x190/0x190 [ 800.933402] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 800.938943] hwsim_new_radio_nl+0x7c0/0xa80 [ 800.943254] ? nla_parse+0x32b/0x4e0 [ 800.946958] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 800.952147] ? __netlink_ns_capable+0x100/0x130 [ 800.956807] genl_family_rcv_msg+0x8a3/0x1140 [ 800.961310] ? genl_unregister_family+0x8b0/0x8b0 [ 800.966145] ? netlink_deliver_tap+0x32d/0xfb0 [ 800.970744] ? lock_downgrade+0x8f0/0x8f0 [ 800.974890] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 800.979911] ? lock_release+0xa30/0xa30 [ 800.983883] ? __netlink_lookup+0x5e1/0xab0 [ 800.988193] ? lock_acquire+0x1e4/0x540 [ 800.992152] ? genl_rcv+0x19/0x40 [ 800.995596] genl_rcv_msg+0xc6/0x168 [ 800.999297] netlink_rcv_skb+0x172/0x440 [ 801.003442] ? genl_family_rcv_msg+0x1140/0x1140 [ 801.008184] ? netlink_ack+0xbe0/0xbe0 [ 801.012059] genl_rcv+0x28/0x40 [ 801.015337] netlink_unicast+0x5a0/0x760 [ 801.019393] ? netlink_attachskb+0x9a0/0x9a0 [ 801.023807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.029335] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 801.034347] netlink_sendmsg+0xa18/0xfc0 [ 801.038404] ? netlink_unicast+0x760/0x760 [ 801.042628] ? move_addr_to_kernel.part.20+0x100/0x100 [ 801.047892] ? security_socket_sendmsg+0x94/0xc0 [ 801.052630] ? netlink_unicast+0x760/0x760 [ 801.056849] sock_sendmsg+0xd5/0x120 [ 801.060556] ___sys_sendmsg+0x7fd/0x930 [ 801.064534] ? copy_msghdr_from_user+0x580/0x580 [ 801.069289] ? lock_acquire+0x1e4/0x540 [ 801.073257] ? __fd_install+0x2b2/0x880 [ 801.077227] ? lock_downgrade+0x8f0/0x8f0 [ 801.081370] ? select_collect+0x610/0x610 [ 801.085508] ? __fget_light+0x2f7/0x440 [ 801.089469] ? fget_raw+0x20/0x20 [ 801.092909] ? __fd_install+0x2db/0x880 [ 801.096878] ? get_unused_fd_flags+0x1a0/0x1a0 [ 801.101458] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 801.106983] ? sockfd_lookup_light+0xc5/0x160 [ 801.111474] __sys_sendmsg+0x11d/0x290 [ 801.115354] ? __ia32_sys_shutdown+0x80/0x80 [ 801.119759] ? __x64_sys_futex+0x47f/0x6a0 [ 801.123987] ? fd_install+0x4d/0x60 [ 801.127603] ? ksys_ioctl+0x81/0xd0 [ 801.131232] __x64_sys_sendmsg+0x78/0xb0 [ 801.135384] do_syscall_64+0x1b9/0x820 [ 801.139262] ? finish_task_switch+0x1d3/0x870 [ 801.143769] ? syscall_return_slowpath+0x5e0/0x5e0 [ 801.148695] ? syscall_return_slowpath+0x31d/0x5e0 [ 801.153630] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 801.158645] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 801.163478] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 801.168664] RIP: 0033:0x456959 [ 801.171845] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 801.190742] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 801.198451] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 801.205714] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 801.212980] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 801.220238] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 801.227492] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:43 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xfffffffe}) 17:30:43 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:43 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x69951d00}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:43 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x0, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:43 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)) r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x30, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:43 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) ioctl$FICLONE(0xffffffffffffffff, 0x5460, 0xffffffffffffffff) 17:30:43 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060003b41900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:43 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x0, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) [ 801.345822] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 801.379865] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. 17:30:43 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x689}) 17:30:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xc1, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 801.409559] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 801.416611] CPU: 1 PID: 6313 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 801.425037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 801.434442] Call Trace: [ 801.437054] dump_stack+0x1c9/0x2b4 [ 801.440707] ? dump_stack_print_info.cold.2+0x52/0x52 [ 801.445914] ? trace_hardirqs_on+0xd/0x10 [ 801.450085] sysfs_warn_dup.cold.3+0x1c/0x2b 17:30:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xf, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:43 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)) r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 801.454512] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 801.460905] sysfs_create_link+0x65/0xc0 [ 801.464982] device_add+0x5d0/0x17b0 [ 801.468705] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 801.473203] ? genl_family_rcv_msg+0x8a3/0x1140 [ 801.477883] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 801.483004] ? do_syscall_64+0x1b9/0x820 [ 801.487085] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 801.492295] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.497850] wiphy_register+0x1a21/0x2740 [ 801.502018] ? wiphy_unregister+0x12c0/0x12c0 17:30:43 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1c00}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:43 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xa2, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 801.506521] ? kasan_unpoison_shadow+0x35/0x50 [ 801.511110] ? kasan_kmalloc+0xc4/0xe0 [ 801.515012] ? __kmalloc+0x315/0x760 [ 801.518755] ? __lockdep_init_map+0x105/0x590 [ 801.523264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.528819] ? ieee80211_cs_list_valid+0x7c/0x440 [ 801.533678] ? ieee80211_register_hw+0xc61/0x3890 [ 801.538539] ieee80211_register_hw+0x146b/0x3890 [ 801.543307] ? init_timer_on_stack_key+0x31/0xe0 [ 801.548080] ? ieee80211_free_ack_frame+0x60/0x60 [ 801.552948] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:43 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x69, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 801.558021] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 801.564199] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 801.569756] ? vsnprintf+0x20d/0x1b60 [ 801.573572] ? pointer+0x990/0x990 [ 801.577125] ? check_same_owner+0x340/0x340 [ 801.581459] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 801.586493] ? kvasprintf+0xea/0x140 [ 801.590214] ? bust_spinlocks+0xe0/0xe0 [ 801.594202] ? kasprintf+0xab/0xe0 [ 801.597749] ? kvasprintf_const+0x190/0x190 [ 801.602076] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 801.607607] hwsim_new_radio_nl+0x7c0/0xa80 [ 801.611919] ? nla_parse+0x32b/0x4e0 [ 801.615622] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 801.620808] ? __netlink_ns_capable+0x100/0x130 [ 801.625466] genl_family_rcv_msg+0x8a3/0x1140 [ 801.629961] ? genl_unregister_family+0x8b0/0x8b0 [ 801.634799] ? netlink_deliver_tap+0x32d/0xfb0 [ 801.639376] ? lock_downgrade+0x8f0/0x8f0 [ 801.643519] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 801.648543] ? lock_release+0xa30/0xa30 [ 801.652518] ? __netlink_lookup+0x5e1/0xab0 [ 801.656840] ? lock_acquire+0x1e4/0x540 [ 801.660808] ? genl_rcv+0x19/0x40 [ 801.664250] genl_rcv_msg+0xc6/0x168 [ 801.667956] netlink_rcv_skb+0x172/0x440 [ 801.672008] ? genl_family_rcv_msg+0x1140/0x1140 [ 801.676754] ? netlink_ack+0xbe0/0xbe0 [ 801.680641] genl_rcv+0x28/0x40 [ 801.683909] netlink_unicast+0x5a0/0x760 [ 801.687959] ? netlink_attachskb+0x9a0/0x9a0 [ 801.692357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.697884] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 801.702895] netlink_sendmsg+0xa18/0xfc0 [ 801.706954] ? netlink_unicast+0x760/0x760 [ 801.711189] ? move_addr_to_kernel.part.20+0x100/0x100 [ 801.716454] ? security_socket_sendmsg+0x94/0xc0 [ 801.721193] ? netlink_unicast+0x760/0x760 [ 801.725412] sock_sendmsg+0xd5/0x120 [ 801.729113] ___sys_sendmsg+0x7fd/0x930 [ 801.733075] ? copy_msghdr_from_user+0x580/0x580 [ 801.737819] ? lock_acquire+0x1e4/0x540 [ 801.741780] ? __fd_install+0x2b2/0x880 [ 801.745751] ? lock_downgrade+0x8f0/0x8f0 [ 801.749894] ? select_collect+0x610/0x610 [ 801.754028] ? __fget_light+0x2f7/0x440 [ 801.757987] ? fget_raw+0x20/0x20 [ 801.761426] ? __fd_install+0x2db/0x880 [ 801.765394] ? get_unused_fd_flags+0x1a0/0x1a0 [ 801.769975] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 801.775512] ? sockfd_lookup_light+0xc5/0x160 [ 801.780004] __sys_sendmsg+0x11d/0x290 [ 801.783882] ? __ia32_sys_shutdown+0x80/0x80 [ 801.788460] ? __x64_sys_futex+0x47f/0x6a0 [ 801.792698] ? fd_install+0x4d/0x60 [ 801.796333] ? ksys_ioctl+0x81/0xd0 [ 801.799959] __x64_sys_sendmsg+0x78/0xb0 [ 801.804013] do_syscall_64+0x1b9/0x820 [ 801.807896] ? syscall_return_slowpath+0x5e0/0x5e0 [ 801.812824] ? syscall_return_slowpath+0x31d/0x5e0 [ 801.817753] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 801.822779] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 801.827712] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 801.832916] RIP: 0033:0x456959 [ 801.836098] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 801.854998] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 801.862716] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 801.869994] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 801.877258] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 801.884524] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 801.891791] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 801.954693] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 801.984001] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 801.990946] CPU: 1 PID: 6313 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 801.999361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.008726] Call Trace: [ 802.011344] dump_stack+0x1c9/0x2b4 [ 802.014993] ? dump_stack_print_info.cold.2+0x52/0x52 [ 802.020208] ? trace_hardirqs_on+0xd/0x10 [ 802.024380] sysfs_warn_dup.cold.3+0x1c/0x2b [ 802.028807] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 802.034189] sysfs_create_link+0x65/0xc0 [ 802.038266] device_add+0x5d0/0x17b0 [ 802.041994] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 802.046502] ? genl_family_rcv_msg+0x8a3/0x1140 [ 802.051182] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 802.056286] ? do_syscall_64+0x1b9/0x820 [ 802.060337] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 802.065600] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.071126] wiphy_register+0x1a21/0x2740 [ 802.075273] ? wiphy_unregister+0x12c0/0x12c0 [ 802.079756] ? kasan_unpoison_shadow+0x35/0x50 [ 802.084320] ? kasan_kmalloc+0xc4/0xe0 [ 802.088196] ? __kmalloc+0x315/0x760 [ 802.091906] ? __lockdep_init_map+0x105/0x590 [ 802.096389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.101911] ? ieee80211_cs_list_valid+0x7c/0x440 [ 802.106746] ? ieee80211_register_hw+0xc61/0x3890 [ 802.111578] ieee80211_register_hw+0x146b/0x3890 [ 802.116320] ? init_timer_on_stack_key+0x31/0xe0 [ 802.121067] ? ieee80211_free_ack_frame+0x60/0x60 [ 802.125900] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 802.130905] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 802.137035] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 802.142555] ? vsnprintf+0x20d/0x1b60 [ 802.146349] ? pointer+0x990/0x990 [ 802.149967] ? check_same_owner+0x340/0x340 [ 802.154282] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 802.159283] ? kvasprintf+0xea/0x140 [ 802.162998] ? bust_spinlocks+0xe0/0xe0 [ 802.166959] ? kasprintf+0xab/0xe0 [ 802.170478] ? kvasprintf_const+0x190/0x190 [ 802.174793] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 802.180329] hwsim_new_radio_nl+0x7c0/0xa80 [ 802.184634] ? nla_parse+0x32b/0x4e0 [ 802.188332] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 802.193507] ? __netlink_ns_capable+0x100/0x130 [ 802.198156] genl_family_rcv_msg+0x8a3/0x1140 [ 802.202636] ? genl_unregister_family+0x8b0/0x8b0 [ 802.207465] ? netlink_deliver_tap+0x32d/0xfb0 [ 802.212035] ? lock_downgrade+0x8f0/0x8f0 [ 802.216168] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 802.221180] ? lock_release+0xa30/0xa30 [ 802.225141] ? __netlink_lookup+0x5e1/0xab0 [ 802.229443] ? lock_acquire+0x1e4/0x540 [ 802.233398] ? genl_rcv+0x19/0x40 [ 802.236836] genl_rcv_msg+0xc6/0x168 [ 802.240535] netlink_rcv_skb+0x172/0x440 [ 802.244577] ? genl_family_rcv_msg+0x1140/0x1140 [ 802.249313] ? netlink_ack+0xbe0/0xbe0 [ 802.253200] genl_rcv+0x28/0x40 [ 802.256460] netlink_unicast+0x5a0/0x760 [ 802.260503] ? netlink_attachskb+0x9a0/0x9a0 [ 802.264904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.270425] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 802.275428] netlink_sendmsg+0xa18/0xfc0 [ 802.279476] ? netlink_unicast+0x760/0x760 [ 802.283717] ? move_addr_to_kernel.part.20+0x100/0x100 [ 802.288989] ? security_socket_sendmsg+0x94/0xc0 [ 802.293737] ? netlink_unicast+0x760/0x760 [ 802.297962] sock_sendmsg+0xd5/0x120 [ 802.301662] ___sys_sendmsg+0x7fd/0x930 [ 802.305618] ? copy_msghdr_from_user+0x580/0x580 [ 802.310356] ? lock_acquire+0x1e4/0x540 [ 802.314317] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 802.319502] ? __fget_light+0x2f7/0x440 [ 802.323456] ? fget_raw+0x20/0x20 [ 802.326893] ? __fd_install+0x2db/0x880 [ 802.330851] ? dlci_ioctl_set+0x40/0x40 [ 802.334811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.340338] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 802.345870] ? sockfd_lookup_light+0xc5/0x160 [ 802.350351] __sys_sendmsg+0x11d/0x290 [ 802.354226] ? __ia32_sys_shutdown+0x80/0x80 [ 802.358630] ? __x64_sys_futex+0x47f/0x6a0 [ 802.362859] ? fd_install+0x4d/0x60 [ 802.366472] ? ksys_ioctl+0x81/0xd0 [ 802.370092] __x64_sys_sendmsg+0x78/0xb0 [ 802.374160] do_syscall_64+0x1b9/0x820 [ 802.378035] ? syscall_return_slowpath+0x5e0/0x5e0 [ 802.382955] ? syscall_return_slowpath+0x31d/0x5e0 [ 802.387867] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 802.392881] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 802.397730] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 802.402910] RIP: 0033:0x456959 [ 802.406088] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 802.426362] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 802.434069] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 802.441326] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 802.448579] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 17:30:44 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xb1, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:44 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:44 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc8070031") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:44 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:44 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060010001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:44 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xe80}) 17:30:44 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x70}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 802.455831] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 802.463084] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:44 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:44 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:44 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc8070031") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:44 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffffff00000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:44 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x88a8ffff00000000}) 17:30:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x31, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:44 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:44 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060009001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 802.627828] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 802.678019] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 802.684938] CPU: 1 PID: 6391 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 802.693346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.702709] Call Trace: [ 802.705323] dump_stack+0x1c9/0x2b4 [ 802.708976] ? dump_stack_print_info.cold.2+0x52/0x52 [ 802.714186] ? trace_hardirqs_on+0xd/0x10 [ 802.718358] sysfs_warn_dup.cold.3+0x1c/0x2b [ 802.722782] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 802.728162] sysfs_create_link+0x65/0xc0 [ 802.732241] device_add+0x5d0/0x17b0 [ 802.735982] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 802.740489] ? genl_family_rcv_msg+0x8a3/0x1140 [ 802.745172] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 802.750296] ? do_syscall_64+0x1b9/0x820 [ 802.754371] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 802.759576] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.765134] wiphy_register+0x1a21/0x2740 [ 802.769307] ? wiphy_unregister+0x12c0/0x12c0 [ 802.773814] ? kasan_unpoison_shadow+0x35/0x50 [ 802.778410] ? kasan_kmalloc+0xc4/0xe0 [ 802.782314] ? __kmalloc+0x315/0x760 [ 802.786036] ? __lockdep_init_map+0x105/0x590 [ 802.790521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.796053] ? ieee80211_cs_list_valid+0x7c/0x440 [ 802.800889] ? ieee80211_register_hw+0xc61/0x3890 [ 802.805730] ieee80211_register_hw+0x146b/0x3890 [ 802.810487] ? init_timer_on_stack_key+0x31/0xe0 [ 802.815242] ? ieee80211_free_ack_frame+0x60/0x60 [ 802.820085] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 802.825110] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 802.831250] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 802.836773] ? vsnprintf+0x20d/0x1b60 [ 802.840557] ? pointer+0x990/0x990 [ 802.844082] ? check_same_owner+0x340/0x340 [ 802.848392] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 802.853403] ? kvasprintf+0xea/0x140 [ 802.857105] ? bust_spinlocks+0xe0/0xe0 [ 802.861078] ? kasprintf+0xab/0xe0 [ 802.864620] ? kvasprintf_const+0x190/0x190 [ 802.868931] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 802.874464] hwsim_new_radio_nl+0x7c0/0xa80 [ 802.878784] ? nla_parse+0x32b/0x4e0 [ 802.882500] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 802.887678] ? __netlink_ns_capable+0x100/0x130 [ 802.892334] genl_family_rcv_msg+0x8a3/0x1140 [ 802.896836] ? genl_unregister_family+0x8b0/0x8b0 [ 802.901671] ? netlink_deliver_tap+0x32d/0xfb0 [ 802.906251] ? lock_downgrade+0x8f0/0x8f0 [ 802.910387] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 802.915387] ? lock_release+0xa30/0xa30 [ 802.919355] ? __netlink_lookup+0x5e1/0xab0 [ 802.923668] ? lock_acquire+0x1e4/0x540 [ 802.927621] ? genl_rcv+0x19/0x40 [ 802.931067] genl_rcv_msg+0xc6/0x168 [ 802.934776] netlink_rcv_skb+0x172/0x440 [ 802.938828] ? genl_family_rcv_msg+0x1140/0x1140 [ 802.943589] ? netlink_ack+0xbe0/0xbe0 [ 802.947463] genl_rcv+0x28/0x40 [ 802.950734] netlink_unicast+0x5a0/0x760 [ 802.954789] ? netlink_attachskb+0x9a0/0x9a0 [ 802.959187] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.964726] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 802.969737] netlink_sendmsg+0xa18/0xfc0 [ 802.973802] ? netlink_unicast+0x760/0x760 [ 802.978026] ? move_addr_to_kernel.part.20+0x100/0x100 [ 802.983300] ? security_socket_sendmsg+0x94/0xc0 [ 802.988038] ? netlink_unicast+0x760/0x760 [ 802.992261] sock_sendmsg+0xd5/0x120 [ 802.995957] ___sys_sendmsg+0x7fd/0x930 [ 802.999933] ? copy_msghdr_from_user+0x580/0x580 [ 803.004686] ? lock_acquire+0x1e4/0x540 [ 803.008657] ? __fd_install+0x2b2/0x880 [ 803.012612] ? lock_downgrade+0x8f0/0x8f0 [ 803.016745] ? select_collect+0x610/0x610 [ 803.020880] ? __fget_light+0x2f7/0x440 [ 803.024846] ? fget_raw+0x20/0x20 [ 803.028290] ? __fd_install+0x2db/0x880 [ 803.032247] ? get_unused_fd_flags+0x1a0/0x1a0 [ 803.036820] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 803.042341] ? sockfd_lookup_light+0xc5/0x160 [ 803.046820] __sys_sendmsg+0x11d/0x290 [ 803.050692] ? __ia32_sys_shutdown+0x80/0x80 [ 803.055096] ? __x64_sys_futex+0x47f/0x6a0 [ 803.059323] ? fd_install+0x4d/0x60 [ 803.062945] ? ksys_ioctl+0x81/0xd0 [ 803.066553] __x64_sys_sendmsg+0x78/0xb0 [ 803.070598] do_syscall_64+0x1b9/0x820 [ 803.074468] ? syscall_return_slowpath+0x5e0/0x5e0 [ 803.079379] ? syscall_return_slowpath+0x31d/0x5e0 [ 803.084292] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 803.089312] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 803.094151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.099333] RIP: 0033:0x456959 [ 803.102510] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 803.121485] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 803.129179] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 803.136440] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 803.143708] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 803.150981] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 803.158238] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 803.174060] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 803.183573] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 803.190483] CPU: 1 PID: 6391 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 803.198890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.208260] Call Trace: [ 803.210849] dump_stack+0x1c9/0x2b4 [ 803.214472] ? dump_stack_print_info.cold.2+0x52/0x52 [ 803.219649] ? trace_hardirqs_on+0xd/0x10 [ 803.225087] sysfs_warn_dup.cold.3+0x1c/0x2b [ 803.229496] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 803.234849] sysfs_create_link+0x65/0xc0 [ 803.238901] device_add+0x5d0/0x17b0 [ 803.242614] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 803.247097] ? genl_family_rcv_msg+0x8a3/0x1140 [ 803.251762] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 803.256867] ? do_syscall_64+0x1b9/0x820 [ 803.260933] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 803.266110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.271637] wiphy_register+0x1a21/0x2740 [ 803.275774] ? wiphy_unregister+0x12c0/0x12c0 [ 803.280266] ? kasan_unpoison_shadow+0x35/0x50 [ 803.284835] ? kasan_kmalloc+0xc4/0xe0 [ 803.288718] ? __kmalloc+0x315/0x760 [ 803.292422] ? __lockdep_init_map+0x105/0x590 [ 803.296915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.302441] ? ieee80211_cs_list_valid+0x7c/0x440 [ 803.307267] ? ieee80211_register_hw+0xc61/0x3890 [ 803.312093] ieee80211_register_hw+0x146b/0x3890 [ 803.316838] ? init_timer_on_stack_key+0x31/0xe0 [ 803.321577] ? ieee80211_free_ack_frame+0x60/0x60 [ 803.326411] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 803.331414] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 803.337545] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 803.343078] ? vsnprintf+0x20d/0x1b60 [ 803.346861] ? pointer+0x990/0x990 [ 803.350384] ? check_same_owner+0x340/0x340 [ 803.354693] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 803.359695] ? kvasprintf+0xea/0x140 [ 803.363393] ? bust_spinlocks+0xe0/0xe0 [ 803.367364] ? kasprintf+0xab/0xe0 [ 803.370894] ? kvasprintf_const+0x190/0x190 [ 803.375202] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 803.380746] hwsim_new_radio_nl+0x7c0/0xa80 [ 803.385054] ? nla_parse+0x32b/0x4e0 [ 803.388755] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 803.393930] ? __netlink_ns_capable+0x100/0x130 [ 803.398593] genl_family_rcv_msg+0x8a3/0x1140 [ 803.403080] ? genl_unregister_family+0x8b0/0x8b0 [ 803.407934] ? netlink_deliver_tap+0x32d/0xfb0 [ 803.412529] ? lock_downgrade+0x8f0/0x8f0 [ 803.416685] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 803.421706] ? lock_release+0xa30/0xa30 [ 803.425689] ? __netlink_lookup+0x5e1/0xab0 [ 803.429999] ? lock_acquire+0x1e4/0x540 [ 803.433957] ? genl_rcv+0x19/0x40 [ 803.437396] genl_rcv_msg+0xc6/0x168 [ 803.441108] netlink_rcv_skb+0x172/0x440 [ 803.445153] ? genl_family_rcv_msg+0x1140/0x1140 [ 803.449891] ? netlink_ack+0xbe0/0xbe0 [ 803.453772] genl_rcv+0x28/0x40 [ 803.457049] netlink_unicast+0x5a0/0x760 [ 803.461096] ? netlink_attachskb+0x9a0/0x9a0 [ 803.466399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.471928] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 803.476934] netlink_sendmsg+0xa18/0xfc0 [ 803.480980] ? netlink_unicast+0x760/0x760 [ 803.485210] ? move_addr_to_kernel.part.20+0x100/0x100 [ 803.490491] ? security_socket_sendmsg+0x94/0xc0 [ 803.495232] ? netlink_unicast+0x760/0x760 [ 803.499451] sock_sendmsg+0xd5/0x120 [ 803.503156] ___sys_sendmsg+0x7fd/0x930 [ 803.507213] ? copy_msghdr_from_user+0x580/0x580 [ 803.511969] ? lock_acquire+0x1e4/0x540 [ 803.515944] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 803.521119] ? __fget_light+0x2f7/0x440 [ 803.525075] ? fget_raw+0x20/0x20 [ 803.528511] ? __fd_install+0x2db/0x880 [ 803.532475] ? dlci_ioctl_set+0x40/0x40 [ 803.536523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.542061] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 803.547583] ? sockfd_lookup_light+0xc5/0x160 [ 803.552065] __sys_sendmsg+0x11d/0x290 [ 803.555937] ? __ia32_sys_shutdown+0x80/0x80 [ 803.560332] ? __x64_sys_futex+0x47f/0x6a0 [ 803.564563] ? fd_install+0x4d/0x60 [ 803.568183] ? ksys_ioctl+0x81/0xd0 [ 803.571811] __x64_sys_sendmsg+0x78/0xb0 [ 803.575858] do_syscall_64+0x1b9/0x820 [ 803.579739] ? syscall_return_slowpath+0x5e0/0x5e0 [ 803.584654] ? syscall_return_slowpath+0x31d/0x5e0 [ 803.589565] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 803.594564] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 803.599402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.604577] RIP: 0033:0x456959 [ 803.607765] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:30:45 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:45 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r1, 0x5460, r1) 17:30:45 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:45 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x6000000}) 17:30:45 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x2400000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:45 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc8070031") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xbf, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:45 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000a001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 803.626651] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 803.634344] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 803.641598] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 803.648849] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 803.656113] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 803.663367] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:45 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f8571") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 803.707232] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 803.748515] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 803.755457] CPU: 1 PID: 6420 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 803.763869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.773231] Call Trace: [ 803.775843] dump_stack+0x1c9/0x2b4 [ 803.779489] ? dump_stack_print_info.cold.2+0x52/0x52 [ 803.784702] ? trace_hardirqs_on+0xd/0x10 [ 803.788872] sysfs_warn_dup.cold.3+0x1c/0x2b [ 803.793300] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 803.798681] sysfs_create_link+0x65/0xc0 [ 803.802763] device_add+0x5d0/0x17b0 [ 803.806489] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 803.810997] ? genl_family_rcv_msg+0x8a3/0x1140 [ 803.815695] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 803.820816] ? do_syscall_64+0x1b9/0x820 [ 803.824893] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 803.830101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.835653] wiphy_register+0x1a21/0x2740 [ 803.839831] ? wiphy_unregister+0x12c0/0x12c0 [ 803.844349] ? kasan_unpoison_shadow+0x35/0x50 17:30:45 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r1, 0x5460, r1) 17:30:45 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080), &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={r1, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:45 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x9cffffff00000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xa4, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:45 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xfeffffff}) 17:30:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xb9, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:45 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006002c001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 803.848972] ? kasan_kmalloc+0xc4/0xe0 [ 803.852896] ? __kmalloc+0x315/0x760 [ 803.856630] ? __lockdep_init_map+0x105/0x590 [ 803.861140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.866684] ? ieee80211_cs_list_valid+0x7c/0x440 [ 803.871539] ? ieee80211_register_hw+0xc61/0x3890 [ 803.876411] ieee80211_register_hw+0x146b/0x3890 [ 803.881191] ? init_timer_on_stack_key+0x31/0xe0 [ 803.885959] ? ieee80211_free_ack_frame+0x60/0x60 [ 803.890904] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 803.895942] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 803.902105] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 803.907659] ? vsnprintf+0x20d/0x1b60 [ 803.911475] ? pointer+0x990/0x990 [ 803.915030] ? check_same_owner+0x340/0x340 [ 803.919361] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 803.924387] ? kvasprintf+0xea/0x140 [ 803.928108] ? bust_spinlocks+0xe0/0xe0 [ 803.932097] ? kasprintf+0xab/0xe0 [ 803.935641] ? kvasprintf_const+0x190/0x190 [ 803.939982] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 803.945534] hwsim_new_radio_nl+0x7c0/0xa80 [ 803.949871] ? nla_parse+0x32b/0x4e0 [ 803.953598] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 803.958803] ? __netlink_ns_capable+0x100/0x130 [ 803.963489] genl_family_rcv_msg+0x8a3/0x1140 [ 803.967998] ? genl_unregister_family+0x8b0/0x8b0 [ 803.972839] ? netlink_deliver_tap+0x32d/0xfb0 [ 803.977421] ? lock_downgrade+0x8f0/0x8f0 [ 803.981558] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 803.986571] ? lock_release+0xa30/0xa30 [ 803.990541] ? __netlink_lookup+0x5e1/0xab0 [ 803.994854] ? lock_acquire+0x1e4/0x540 [ 803.998819] ? genl_rcv+0x19/0x40 [ 804.002277] genl_rcv_msg+0xc6/0x168 [ 804.005987] netlink_rcv_skb+0x172/0x440 [ 804.010041] ? genl_family_rcv_msg+0x1140/0x1140 [ 804.014798] ? netlink_ack+0xbe0/0xbe0 [ 804.018676] genl_rcv+0x28/0x40 [ 804.021942] netlink_unicast+0x5a0/0x760 [ 804.025991] ? netlink_attachskb+0x9a0/0x9a0 [ 804.030388] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.035927] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 804.040949] netlink_sendmsg+0xa18/0xfc0 [ 804.045026] ? netlink_unicast+0x760/0x760 [ 804.049253] ? move_addr_to_kernel.part.20+0x100/0x100 [ 804.054519] ? security_socket_sendmsg+0x94/0xc0 [ 804.059271] ? netlink_unicast+0x760/0x760 [ 804.063493] sock_sendmsg+0xd5/0x120 [ 804.067209] ___sys_sendmsg+0x7fd/0x930 [ 804.071186] ? copy_msghdr_from_user+0x580/0x580 [ 804.075942] ? __sched_text_start+0x8/0x8 [ 804.080087] ? __fget_light+0x2f7/0x440 [ 804.084045] ? fget_raw+0x20/0x20 [ 804.087495] ? __fd_install+0x2db/0x880 [ 804.091462] ? get_unused_fd_flags+0x1a0/0x1a0 [ 804.096041] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 804.101573] ? sockfd_lookup_light+0xc5/0x160 [ 804.106075] __sys_sendmsg+0x11d/0x290 [ 804.109950] ? __ia32_sys_shutdown+0x80/0x80 [ 804.114347] ? __x64_sys_futex+0x47f/0x6a0 [ 804.118570] ? fd_install+0x4d/0x60 [ 804.122202] ? syscall_slow_exit_work+0x500/0x500 [ 804.127043] ? ksys_ioctl+0x81/0xd0 [ 804.130666] __x64_sys_sendmsg+0x78/0xb0 [ 804.134730] do_syscall_64+0x1b9/0x820 [ 804.138614] ? finish_task_switch+0x1d3/0x870 [ 804.143110] ? syscall_return_slowpath+0x5e0/0x5e0 [ 804.148034] ? syscall_return_slowpath+0x31d/0x5e0 [ 804.152954] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 804.157971] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 804.162807] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.167990] RIP: 0033:0x456959 [ 804.171193] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 804.190092] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 804.197791] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 804.205053] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 804.212315] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 804.219572] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 804.226839] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:46 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x5e, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:46 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x86ddffff}) 17:30:46 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={0xffffffffffffffff, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:46 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r1, 0x5460, r1) 17:30:46 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060002001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:46 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f8571") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:46 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x400000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:46 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x88a8ffff}) 17:30:46 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f8571") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:46 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1400}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 804.372104] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:46 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060006001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:46 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={0xffffffffffffffff, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:46 executing program 1: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r0, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r1, 0x5460, r1) 17:30:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x56, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 804.463505] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 804.470488] CPU: 1 PID: 6479 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 804.478899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.488262] Call Trace: [ 804.490875] dump_stack+0x1c9/0x2b4 [ 804.494525] ? dump_stack_print_info.cold.2+0x52/0x52 [ 804.499736] ? trace_hardirqs_on+0xd/0x10 [ 804.503907] sysfs_warn_dup.cold.3+0x1c/0x2b [ 804.508315] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 804.513665] sysfs_create_link+0x65/0xc0 [ 804.517718] device_add+0x5d0/0x17b0 [ 804.521427] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 804.525910] ? genl_family_rcv_msg+0x8a3/0x1140 [ 804.530564] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 804.535667] ? do_syscall_64+0x1b9/0x820 [ 804.539720] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 804.544904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.550428] wiphy_register+0x1a21/0x2740 [ 804.554571] ? wiphy_unregister+0x12c0/0x12c0 [ 804.559051] ? kasan_unpoison_shadow+0x35/0x50 [ 804.563618] ? kasan_kmalloc+0xc4/0xe0 [ 804.567503] ? __kmalloc+0x315/0x760 [ 804.571209] ? __lockdep_init_map+0x105/0x590 [ 804.575695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.581223] ? ieee80211_cs_list_valid+0x7c/0x440 [ 804.586098] ? ieee80211_register_hw+0xc61/0x3890 [ 804.590946] ieee80211_register_hw+0x146b/0x3890 [ 804.595691] ? init_timer_on_stack_key+0x31/0xe0 [ 804.600439] ? ieee80211_free_ack_frame+0x60/0x60 [ 804.605281] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:46 executing program 1: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r0, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r1, 0x5460, r1) [ 804.610298] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 804.616434] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 804.621974] ? vsnprintf+0x20d/0x1b60 [ 804.625784] ? pointer+0x990/0x990 [ 804.629329] ? check_same_owner+0x340/0x340 [ 804.633655] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 804.638697] ? kvasprintf+0xea/0x140 [ 804.642419] ? bust_spinlocks+0xe0/0xe0 [ 804.646410] ? kasprintf+0xab/0xe0 [ 804.649961] ? kvasprintf_const+0x190/0x190 [ 804.654294] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 804.659842] hwsim_new_radio_nl+0x7c0/0xa80 [ 804.664179] ? nla_parse+0x32b/0x4e0 [ 804.667902] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 804.673117] ? __netlink_ns_capable+0x100/0x130 [ 804.677796] genl_family_rcv_msg+0x8a3/0x1140 [ 804.682298] ? genl_unregister_family+0x8b0/0x8b0 [ 804.687149] ? netlink_deliver_tap+0x32d/0xfb0 [ 804.691749] ? lock_downgrade+0x8f0/0x8f0 [ 804.696009] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 804.701051] ? lock_release+0xa30/0xa30 [ 804.705032] ? __netlink_lookup+0x5e1/0xab0 [ 804.709351] ? lock_acquire+0x1e4/0x540 [ 804.713319] ? genl_rcv+0x19/0x40 [ 804.716769] genl_rcv_msg+0xc6/0x168 [ 804.720466] netlink_rcv_skb+0x172/0x440 [ 804.724508] ? genl_family_rcv_msg+0x1140/0x1140 [ 804.729248] ? netlink_ack+0xbe0/0xbe0 [ 804.733139] genl_rcv+0x28/0x40 [ 804.736400] netlink_unicast+0x5a0/0x760 [ 804.740446] ? netlink_attachskb+0x9a0/0x9a0 [ 804.744855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.750382] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 804.755394] netlink_sendmsg+0xa18/0xfc0 [ 804.759440] ? netlink_unicast+0x760/0x760 [ 804.763663] ? move_addr_to_kernel.part.20+0x100/0x100 [ 804.768934] ? security_socket_sendmsg+0x94/0xc0 [ 804.773684] ? netlink_unicast+0x760/0x760 [ 804.777905] sock_sendmsg+0xd5/0x120 [ 804.781614] ___sys_sendmsg+0x7fd/0x930 [ 804.785574] ? copy_msghdr_from_user+0x580/0x580 [ 804.790317] ? lock_acquire+0x1e4/0x540 [ 804.794285] ? __fd_install+0x2b2/0x880 [ 804.798246] ? lock_downgrade+0x8f0/0x8f0 [ 804.802390] ? select_collect+0x610/0x610 [ 804.806528] ? __fget_light+0x2f7/0x440 [ 804.810493] ? fget_raw+0x20/0x20 [ 804.813932] ? __fd_install+0x2db/0x880 [ 804.817894] ? get_unused_fd_flags+0x1a0/0x1a0 [ 804.822469] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 804.828093] ? sockfd_lookup_light+0xc5/0x160 [ 804.832597] __sys_sendmsg+0x11d/0x290 [ 804.836471] ? __ia32_sys_shutdown+0x80/0x80 [ 804.840869] ? __x64_sys_futex+0x47f/0x6a0 [ 804.845107] ? fd_install+0x4d/0x60 [ 804.848732] ? ksys_ioctl+0x81/0xd0 [ 804.852363] __x64_sys_sendmsg+0x78/0xb0 [ 804.856415] do_syscall_64+0x1b9/0x820 [ 804.860308] ? finish_task_switch+0x1d3/0x870 [ 804.864882] ? syscall_return_slowpath+0x5e0/0x5e0 [ 804.869805] ? syscall_return_slowpath+0x31d/0x5e0 [ 804.874750] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 804.879761] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 804.884594] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.889772] RIP: 0033:0x456959 [ 804.892962] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 804.911872] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 804.919580] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 804.926849] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 804.934107] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 804.941361] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 804.948614] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:46 executing program 1: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r0, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r1, 0x5460, r1) 17:30:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x27, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:46 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xffffa888}) 17:30:46 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f857140") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:46 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)={0x5, 0x8, 0x400000003, 0x2}, 0x18f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)='0', &(0x7f00000002c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f000051e000)={0xffffffffffffffff, &(0x7f0000fc5000), &(0x7f0000950000)}, 0x20) 17:30:46 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x14}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:46 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000091900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:46 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:46 executing program 1: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r0, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r1, 0x5460, r1) [ 805.048779] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 805.063570] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 805.100015] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 805.107030] CPU: 1 PID: 6527 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 805.115452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.124829] Call Trace: [ 805.127437] dump_stack+0x1c9/0x2b4 [ 805.131084] ? dump_stack_print_info.cold.2+0x52/0x52 [ 805.136290] ? trace_hardirqs_on+0xd/0x10 [ 805.140446] sysfs_warn_dup.cold.3+0x1c/0x2b [ 805.144862] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xd9, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 805.150269] sysfs_create_link+0x65/0xc0 [ 805.154346] device_add+0x5d0/0x17b0 [ 805.158078] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 805.162592] ? genl_family_rcv_msg+0x8a3/0x1140 [ 805.167283] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 805.172400] ? do_syscall_64+0x1b9/0x820 [ 805.176474] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 805.181684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.187240] wiphy_register+0x1a21/0x2740 [ 805.191406] ? wiphy_unregister+0x12c0/0x12c0 [ 805.195913] ? kasan_unpoison_shadow+0x35/0x50 17:30:47 executing program 1: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r0, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r1, 0x5460, r1) 17:30:47 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060008001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:47 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xe}) 17:30:47 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x61}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:47 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f857140") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x2c, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 805.200508] ? kasan_kmalloc+0xc4/0xe0 [ 805.204409] ? __kmalloc+0x315/0x760 [ 805.208135] ? __lockdep_init_map+0x105/0x590 [ 805.212649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.218208] ? ieee80211_cs_list_valid+0x7c/0x440 [ 805.223154] ? ieee80211_register_hw+0xc61/0x3890 [ 805.228014] ieee80211_register_hw+0x146b/0x3890 [ 805.232787] ? init_timer_on_stack_key+0x31/0xe0 [ 805.237559] ? ieee80211_free_ack_frame+0x60/0x60 [ 805.242421] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:47 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket(0x10, 0x80002, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4(r1, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000200)=0x80, 0x0) [ 805.247458] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 805.253620] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 805.259172] ? vsnprintf+0x20d/0x1b60 [ 805.262983] ? pointer+0x990/0x990 [ 805.266528] ? check_same_owner+0x340/0x340 [ 805.270857] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 805.275884] ? kvasprintf+0xea/0x140 [ 805.278917] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. [ 805.279602] ? bust_spinlocks+0xe0/0xe0 [ 805.279621] ? kasprintf+0xab/0xe0 [ 805.295506] ? kvasprintf_const+0x190/0x190 17:30:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x39, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 805.299836] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 805.305387] hwsim_new_radio_nl+0x7c0/0xa80 [ 805.309719] ? nla_parse+0x32b/0x4e0 [ 805.313440] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 805.318644] ? __netlink_ns_capable+0x100/0x130 [ 805.323326] genl_family_rcv_msg+0x8a3/0x1140 [ 805.327840] ? genl_unregister_family+0x8b0/0x8b0 [ 805.332694] ? netlink_deliver_tap+0x32d/0xfb0 [ 805.337291] ? lock_downgrade+0x8f0/0x8f0 [ 805.341446] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 805.346478] ? lock_release+0xa30/0xa30 17:30:47 executing program 1: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r0, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r1, 0x5460, r1) 17:30:47 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 805.350465] ? __netlink_lookup+0x5e1/0xab0 [ 805.354794] ? lock_acquire+0x1e4/0x540 [ 805.358772] ? genl_rcv+0x19/0x40 [ 805.362239] genl_rcv_msg+0xc6/0x168 [ 805.365960] netlink_rcv_skb+0x172/0x440 [ 805.370028] ? genl_family_rcv_msg+0x1140/0x1140 [ 805.374796] ? netlink_ack+0xbe0/0xbe0 [ 805.378693] genl_rcv+0x28/0x40 [ 805.381975] netlink_unicast+0x5a0/0x760 [ 805.386040] ? netlink_attachskb+0x9a0/0x9a0 [ 805.390456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.396002] ? __sanitizer_cov_trace_cmp4+0x16/0x20 17:30:47 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 805.401027] netlink_sendmsg+0xa18/0xfc0 [ 805.405099] ? netlink_unicast+0x760/0x760 [ 805.409340] ? move_addr_to_kernel.part.20+0x100/0x100 [ 805.414630] ? security_socket_sendmsg+0x94/0xc0 [ 805.419396] ? netlink_unicast+0x760/0x760 [ 805.423637] sock_sendmsg+0xd5/0x120 [ 805.427360] ___sys_sendmsg+0x7fd/0x930 [ 805.431340] ? copy_msghdr_from_user+0x580/0x580 [ 805.436102] ? lock_acquire+0x1e4/0x540 [ 805.440165] ? __fd_install+0x2b2/0x880 [ 805.444150] ? lock_downgrade+0x8f0/0x8f0 17:30:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xbe, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 805.448307] ? select_collect+0x610/0x610 [ 805.452463] ? __fget_light+0x2f7/0x440 [ 805.456444] ? fget_raw+0x20/0x20 [ 805.460967] ? __fd_install+0x2db/0x880 [ 805.464944] ? get_unused_fd_flags+0x1a0/0x1a0 [ 805.469538] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 805.475088] ? sockfd_lookup_light+0xc5/0x160 [ 805.479589] __sys_sendmsg+0x11d/0x290 [ 805.483498] ? __ia32_sys_shutdown+0x80/0x80 [ 805.487920] ? __x64_sys_futex+0x47f/0x6a0 [ 805.492686] ? fd_install+0x4d/0x60 [ 805.496324] ? ksys_ioctl+0x81/0xd0 [ 805.499961] __x64_sys_sendmsg+0x78/0xb0 [ 805.504033] do_syscall_64+0x1b9/0x820 [ 805.507937] ? syscall_return_slowpath+0x5e0/0x5e0 [ 805.512875] ? syscall_return_slowpath+0x31d/0x5e0 [ 805.517811] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 805.522831] ? prepare_exit_to_usermode+0x291/0x3b0 [ 805.527856] ? perf_trace_sys_enter+0xb10/0xb10 [ 805.532533] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 805.537376] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.542554] RIP: 0033:0x456959 [ 805.545741] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 805.564636] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 805.572334] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 805.579597] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 805.586868] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 805.594135] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 17:30:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xa3, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 805.601399] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:47 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:47 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8906000000000000}) 17:30:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x33, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:47 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f857140") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:47 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x5000000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:47 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:47 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600fe801900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:47 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:47 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0xa0, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:47 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000601900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 805.756900] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:47 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:47 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x3a000000}) [ 805.799437] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 805.806400] CPU: 1 PID: 6603 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 805.814826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.824188] Call Trace: [ 805.826804] dump_stack+0x1c9/0x2b4 [ 805.830462] ? dump_stack_print_info.cold.2+0x52/0x52 [ 805.835676] ? trace_hardirqs_on+0xd/0x10 [ 805.840292] sysfs_warn_dup.cold.3+0x1c/0x2b 17:30:47 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:47 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x80ffff00000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 805.844769] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 805.850164] sysfs_create_link+0x65/0xc0 [ 805.854230] device_add+0x5d0/0x17b0 [ 805.857960] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 805.862471] ? genl_family_rcv_msg+0x8a3/0x1140 [ 805.867171] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 805.872289] ? do_syscall_64+0x1b9/0x820 [ 805.876367] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 805.881583] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.887140] wiphy_register+0x1a21/0x2740 [ 805.891310] ? wiphy_unregister+0x12c0/0x12c0 17:30:47 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 805.895813] ? kasan_unpoison_shadow+0x35/0x50 [ 805.900410] ? kasan_kmalloc+0xc4/0xe0 [ 805.904403] ? __kmalloc+0x315/0x760 [ 805.908131] ? __lockdep_init_map+0x105/0x590 [ 805.912643] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.918215] ? ieee80211_cs_list_valid+0x7c/0x440 [ 805.923078] ? ieee80211_register_hw+0xc61/0x3890 [ 805.927938] ieee80211_register_hw+0x146b/0x3890 [ 805.932714] ? init_timer_on_stack_key+0x31/0xe0 [ 805.937492] ? ieee80211_free_ack_frame+0x60/0x60 [ 805.942358] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:47 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 805.947406] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 805.953568] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 805.959119] ? vsnprintf+0x20d/0x1b60 [ 805.962935] ? pointer+0x990/0x990 [ 805.966513] ? check_same_owner+0x340/0x340 [ 805.970844] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 805.975863] ? kvasprintf+0xea/0x140 [ 805.979589] ? bust_spinlocks+0xe0/0xe0 [ 805.983574] ? kasprintf+0xab/0xe0 [ 805.987121] ? kvasprintf_const+0x190/0x190 [ 805.991452] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 805.996998] hwsim_new_radio_nl+0x7c0/0xa80 [ 806.001337] ? nla_parse+0x32b/0x4e0 [ 806.005072] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 806.010273] ? __netlink_ns_capable+0x100/0x130 [ 806.014949] genl_family_rcv_msg+0x8a3/0x1140 [ 806.019455] ? genl_unregister_family+0x8b0/0x8b0 [ 806.024822] ? netlink_deliver_tap+0x32d/0xfb0 [ 806.029413] ? lock_downgrade+0x8f0/0x8f0 [ 806.033571] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 806.038602] ? lock_release+0xa30/0xa30 [ 806.042605] ? __netlink_lookup+0x5e1/0xab0 [ 806.046935] ? lock_acquire+0x1e4/0x540 [ 806.050917] ? genl_rcv+0x19/0x40 [ 806.054383] genl_rcv_msg+0xc6/0x168 [ 806.058112] netlink_rcv_skb+0x172/0x440 [ 806.062180] ? genl_family_rcv_msg+0x1140/0x1140 [ 806.066943] ? netlink_ack+0xbe0/0xbe0 [ 806.070833] genl_rcv+0x28/0x40 [ 806.074116] netlink_unicast+0x5a0/0x760 [ 806.078172] ? netlink_attachskb+0x9a0/0x9a0 [ 806.082595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.088140] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 806.093160] netlink_sendmsg+0xa18/0xfc0 [ 806.097217] ? netlink_unicast+0x760/0x760 [ 806.101444] ? move_addr_to_kernel.part.20+0x100/0x100 [ 806.106720] ? security_socket_sendmsg+0x94/0xc0 [ 806.111469] ? netlink_unicast+0x760/0x760 [ 806.115685] sock_sendmsg+0xd5/0x120 [ 806.119385] ___sys_sendmsg+0x7fd/0x930 [ 806.123352] ? copy_msghdr_from_user+0x580/0x580 [ 806.128110] ? __sched_text_start+0x8/0x8 [ 806.132248] ? __fget_light+0x2f7/0x440 [ 806.136207] ? fget_raw+0x20/0x20 [ 806.139675] ? __fd_install+0x2db/0x880 [ 806.143641] ? get_unused_fd_flags+0x1a0/0x1a0 [ 806.148221] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 806.153754] ? sockfd_lookup_light+0xc5/0x160 [ 806.158256] __sys_sendmsg+0x11d/0x290 [ 806.162136] ? __ia32_sys_shutdown+0x80/0x80 [ 806.166530] ? __x64_sys_futex+0x47f/0x6a0 [ 806.170752] ? fd_install+0x4d/0x60 [ 806.174379] ? syscall_slow_exit_work+0x500/0x500 [ 806.179216] ? ksys_ioctl+0x81/0xd0 [ 806.182830] __x64_sys_sendmsg+0x78/0xb0 [ 806.186902] do_syscall_64+0x1b9/0x820 [ 806.190790] ? finish_task_switch+0x1d3/0x870 [ 806.195276] ? syscall_return_slowpath+0x5e0/0x5e0 [ 806.200225] ? syscall_return_slowpath+0x31d/0x5e0 [ 806.205153] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 806.210171] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 806.215010] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.220191] RIP: 0033:0x456959 [ 806.223370] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 806.242265] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 806.249963] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 806.257222] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 806.264479] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 806.271745] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 806.279008] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:48 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x5f, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:48 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:48 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x9fffffff00000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:48 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600002c1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:48 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:48 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8060000}) 17:30:48 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:48 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x4c, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:48 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:48 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000fc1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:48 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x88caffff00000000}) [ 806.425515] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163d1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 806.483985] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 806.490950] CPU: 1 PID: 6662 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 806.499367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.508734] Call Trace: [ 806.511348] dump_stack+0x1c9/0x2b4 [ 806.515001] ? dump_stack_print_info.cold.2+0x52/0x52 [ 806.520239] ? trace_hardirqs_on+0xd/0x10 [ 806.524399] sysfs_warn_dup.cold.3+0x1c/0x2b [ 806.528798] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:48 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:48 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:48 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 806.534174] sysfs_create_link+0x65/0xc0 [ 806.538253] device_add+0x5d0/0x17b0 [ 806.541986] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 806.546499] ? genl_family_rcv_msg+0x8a3/0x1140 [ 806.551185] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 806.556302] ? do_syscall_64+0x1b9/0x820 [ 806.560376] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 806.565582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.571132] wiphy_register+0x1a21/0x2740 [ 806.575303] ? wiphy_unregister+0x12c0/0x12c0 [ 806.579813] ? kasan_unpoison_shadow+0x35/0x50 [ 806.584407] ? kasan_kmalloc+0xc4/0xe0 [ 806.588314] ? __kmalloc+0x315/0x760 [ 806.592044] ? __lockdep_init_map+0x105/0x590 [ 806.596556] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.602103] ? ieee80211_cs_list_valid+0x7c/0x440 [ 806.607073] ? ieee80211_register_hw+0xc61/0x3890 [ 806.611940] ieee80211_register_hw+0x146b/0x3890 [ 806.616727] ? init_timer_on_stack_key+0x31/0xe0 [ 806.621503] ? ieee80211_free_ack_frame+0x60/0x60 [ 806.626374] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:48 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 806.631415] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 806.637576] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 806.643126] ? vsnprintf+0x20d/0x1b60 [ 806.646939] ? pointer+0x990/0x990 [ 806.650494] ? check_same_owner+0x340/0x340 [ 806.654828] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 806.659850] ? kvasprintf+0xea/0x140 [ 806.663570] ? bust_spinlocks+0xe0/0xe0 [ 806.667557] ? kasprintf+0xab/0xe0 [ 806.671101] ? kvasprintf_const+0x190/0x190 [ 806.675438] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 806.680994] hwsim_new_radio_nl+0x7c0/0xa80 [ 806.685323] ? nla_parse+0x32b/0x4e0 [ 806.689030] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 806.694221] ? __netlink_ns_capable+0x100/0x130 [ 806.698894] genl_family_rcv_msg+0x8a3/0x1140 [ 806.703393] ? genl_unregister_family+0x8b0/0x8b0 [ 806.708233] ? netlink_deliver_tap+0x32d/0xfb0 [ 806.712817] ? lock_downgrade+0x8f0/0x8f0 [ 806.716964] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 806.721968] ? lock_release+0xa30/0xa30 [ 806.725942] ? __netlink_lookup+0x5e1/0xab0 [ 806.730259] ? lock_acquire+0x1e4/0x540 [ 806.734224] ? genl_rcv+0x19/0x40 [ 806.737684] genl_rcv_msg+0xc6/0x168 [ 806.741385] netlink_rcv_skb+0x172/0x440 [ 806.745429] ? genl_family_rcv_msg+0x1140/0x1140 [ 806.750176] ? netlink_ack+0xbe0/0xbe0 [ 806.754070] genl_rcv+0x28/0x40 [ 806.757334] netlink_unicast+0x5a0/0x760 [ 806.761392] ? netlink_attachskb+0x9a0/0x9a0 [ 806.765799] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.771332] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 806.776343] netlink_sendmsg+0xa18/0xfc0 [ 806.780400] ? netlink_unicast+0x760/0x760 [ 806.784632] ? move_addr_to_kernel.part.20+0x100/0x100 [ 806.789914] ? security_socket_sendmsg+0x94/0xc0 [ 806.794674] ? netlink_unicast+0x760/0x760 [ 806.798903] sock_sendmsg+0xd5/0x120 [ 806.802612] ___sys_sendmsg+0x7fd/0x930 [ 806.806583] ? copy_msghdr_from_user+0x580/0x580 [ 806.811336] ? lock_acquire+0x1e4/0x540 [ 806.815302] ? __fd_install+0x2b2/0x880 [ 806.819271] ? lock_downgrade+0x8f0/0x8f0 [ 806.823407] ? select_collect+0x610/0x610 [ 806.827551] ? __fget_light+0x2f7/0x440 [ 806.831512] ? fget_raw+0x20/0x20 [ 806.834979] ? __fd_install+0x2db/0x880 [ 806.838966] ? get_unused_fd_flags+0x1a0/0x1a0 [ 806.843550] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 806.849081] ? sockfd_lookup_light+0xc5/0x160 [ 806.853584] __sys_sendmsg+0x11d/0x290 [ 806.857461] ? __ia32_sys_shutdown+0x80/0x80 [ 806.861873] ? __x64_sys_futex+0x47f/0x6a0 [ 806.866107] ? fd_install+0x4d/0x60 [ 806.869730] ? ksys_ioctl+0x81/0xd0 [ 806.873349] __x64_sys_sendmsg+0x78/0xb0 [ 806.877411] do_syscall_64+0x1b9/0x820 [ 806.881292] ? finish_task_switch+0x1d3/0x870 [ 806.885779] ? syscall_return_slowpath+0x5e0/0x5e0 [ 806.890698] ? syscall_return_slowpath+0x31d/0x5e0 [ 806.895628] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 806.900635] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 806.905480] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.910658] RIP: 0033:0x456959 [ 806.913838] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:30:48 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xfeffffff00000000}) [ 806.932908] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 806.940634] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 806.947917] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 806.955184] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 806.962443] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 806.969708] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:48 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000f01900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:48 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xe4ffffff00000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:48 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:48 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:48 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:48 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x76744bdf, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:48 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x88caffff}) 17:30:48 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0x0, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xd8, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 807.131120] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 807.182035] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 807.188964] CPU: 0 PID: 6717 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 807.197421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.206791] Call Trace: [ 807.209507] dump_stack+0x1c9/0x2b4 [ 807.213159] ? dump_stack_print_info.cold.2+0x52/0x52 [ 807.218371] ? trace_hardirqs_on+0xd/0x10 [ 807.222561] sysfs_warn_dup.cold.3+0x1c/0x2b [ 807.226988] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:49 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x3000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:49 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:49 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:49 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600003f1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xa, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 807.232371] sysfs_create_link+0x65/0xc0 [ 807.236452] device_add+0x5d0/0x17b0 [ 807.240174] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 807.244681] ? genl_family_rcv_msg+0x8a3/0x1140 [ 807.249371] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 807.254504] ? do_syscall_64+0x1b9/0x820 [ 807.258651] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 807.263860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.269448] wiphy_register+0x1a21/0x2740 [ 807.273615] ? wiphy_unregister+0x12c0/0x12c0 [ 807.278124] ? kasan_unpoison_shadow+0x35/0x50 17:30:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1b, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 807.282717] ? kasan_kmalloc+0xc4/0xe0 [ 807.286620] ? __kmalloc+0x315/0x760 [ 807.290353] ? __lockdep_init_map+0x105/0x590 [ 807.294864] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.300420] ? ieee80211_cs_list_valid+0x7c/0x440 [ 807.305266] ? ieee80211_register_hw+0xc61/0x3890 [ 807.310124] ieee80211_register_hw+0x146b/0x3890 [ 807.314890] ? init_timer_on_stack_key+0x31/0xe0 [ 807.319661] ? ieee80211_free_ack_frame+0x60/0x60 [ 807.324527] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 807.329562] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 807.335723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 807.341274] ? vsnprintf+0x20d/0x1b60 [ 807.345176] ? pointer+0x990/0x990 [ 807.348727] ? check_same_owner+0x340/0x340 [ 807.353058] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 807.358167] ? kvasprintf+0xea/0x140 [ 807.361965] ? bust_spinlocks+0xe0/0xe0 [ 807.365940] ? kasprintf+0xab/0xe0 [ 807.369470] ? kvasprintf_const+0x190/0x190 [ 807.373798] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 807.379344] hwsim_new_radio_nl+0x7c0/0xa80 [ 807.383657] ? nla_parse+0x32b/0x4e0 [ 807.387359] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 807.392539] ? __netlink_ns_capable+0x100/0x130 [ 807.397198] genl_family_rcv_msg+0x8a3/0x1140 [ 807.401699] ? genl_unregister_family+0x8b0/0x8b0 [ 807.406548] ? netlink_deliver_tap+0x32d/0xfb0 [ 807.411130] ? lock_downgrade+0x8f0/0x8f0 [ 807.415269] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 807.420283] ? lock_release+0xa30/0xa30 [ 807.424253] ? __netlink_lookup+0x5e1/0xab0 [ 807.428570] ? lock_acquire+0x1e4/0x540 [ 807.432535] ? genl_rcv+0x19/0x40 [ 807.435988] genl_rcv_msg+0xc6/0x168 [ 807.439717] netlink_rcv_skb+0x172/0x440 [ 807.443782] ? genl_family_rcv_msg+0x1140/0x1140 [ 807.448525] ? netlink_ack+0xbe0/0xbe0 [ 807.452409] genl_rcv+0x28/0x40 [ 807.455680] netlink_unicast+0x5a0/0x760 [ 807.459748] ? netlink_attachskb+0x9a0/0x9a0 [ 807.464166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.469703] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 807.474727] netlink_sendmsg+0xa18/0xfc0 [ 807.478791] ? netlink_unicast+0x760/0x760 [ 807.483033] ? move_addr_to_kernel.part.20+0x100/0x100 [ 807.488303] ? security_socket_sendmsg+0x94/0xc0 [ 807.493057] ? netlink_unicast+0x760/0x760 [ 807.497303] sock_sendmsg+0xd5/0x120 [ 807.501016] ___sys_sendmsg+0x7fd/0x930 [ 807.505001] ? copy_msghdr_from_user+0x580/0x580 [ 807.509769] ? lock_acquire+0x1e4/0x540 [ 807.513761] ? __fd_install+0x2b2/0x880 [ 807.517748] ? lock_downgrade+0x8f0/0x8f0 [ 807.521886] ? select_collect+0x610/0x610 [ 807.526043] ? __fget_light+0x2f7/0x440 [ 807.530013] ? fget_raw+0x20/0x20 [ 807.533469] ? __fd_install+0x2db/0x880 [ 807.537437] ? get_unused_fd_flags+0x1a0/0x1a0 [ 807.542023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 807.547560] ? sockfd_lookup_light+0xc5/0x160 [ 807.552061] __sys_sendmsg+0x11d/0x290 [ 807.555954] ? __ia32_sys_shutdown+0x80/0x80 [ 807.560364] ? __x64_sys_futex+0x47f/0x6a0 [ 807.564597] ? fd_install+0x4d/0x60 [ 807.568230] ? syscall_slow_exit_work+0x500/0x500 [ 807.573064] ? ksys_ioctl+0x81/0xd0 [ 807.576691] __x64_sys_sendmsg+0x78/0xb0 [ 807.580756] do_syscall_64+0x1b9/0x820 [ 807.584637] ? syscall_return_slowpath+0x5e0/0x5e0 [ 807.589581] ? syscall_return_slowpath+0x31d/0x5e0 [ 807.594503] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 807.599515] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 807.604356] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.609550] RIP: 0033:0x456959 [ 807.612743] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 807.631651] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 807.639377] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 807.646646] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 807.653933] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 807.661198] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 807.668455] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:49 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060003001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 807.677956] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. 17:30:49 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 807.726942] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 807.733894] CPU: 0 PID: 6741 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 807.742305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.751666] Call Trace: [ 807.754277] dump_stack+0x1c9/0x2b4 [ 807.757917] ? dump_stack_print_info.cold.2+0x52/0x52 [ 807.763124] ? trace_hardirqs_on+0xd/0x10 [ 807.767291] sysfs_warn_dup.cold.3+0x1c/0x2b [ 807.771713] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:49 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffff9f}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:49 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:49 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0x0, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:49 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 807.777095] sysfs_create_link+0x65/0xc0 [ 807.781169] device_add+0x5d0/0x17b0 [ 807.784899] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 807.789404] ? genl_family_rcv_msg+0x8a3/0x1140 [ 807.794101] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 807.799228] ? do_syscall_64+0x1b9/0x820 [ 807.803306] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 807.808517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.814076] wiphy_register+0x1a21/0x2740 [ 807.818315] ? wiphy_unregister+0x12c0/0x12c0 [ 807.822828] ? kasan_unpoison_shadow+0x35/0x50 17:30:49 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8100}) [ 807.827417] ? kasan_kmalloc+0xc4/0xe0 [ 807.831319] ? __kmalloc+0x315/0x760 [ 807.835050] ? __lockdep_init_map+0x105/0x590 [ 807.839561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.845115] ? ieee80211_cs_list_valid+0x7c/0x440 [ 807.849972] ? ieee80211_register_hw+0xc61/0x3890 [ 807.854834] ieee80211_register_hw+0x146b/0x3890 [ 807.859606] ? init_timer_on_stack_key+0x31/0xe0 [ 807.864382] ? ieee80211_free_ack_frame+0x60/0x60 [ 807.869247] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 807.874359] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 807.880518] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 807.886065] ? vsnprintf+0x20d/0x1b60 [ 807.889875] ? pointer+0x990/0x990 [ 807.893421] ? do_raw_spin_unlock+0xa7/0x2f0 [ 807.897844] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 807.902874] ? kvasprintf+0xea/0x140 [ 807.906595] ? bust_spinlocks+0xe0/0xe0 [ 807.910576] ? kasprintf+0xab/0xe0 [ 807.914124] ? kvasprintf_const+0x190/0x190 [ 807.918466] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 807.924013] hwsim_new_radio_nl+0x7c0/0xa80 [ 807.928348] ? nla_parse+0x32b/0x4e0 [ 807.932067] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 807.937345] ? __netlink_ns_capable+0x100/0x130 [ 807.942004] genl_family_rcv_msg+0x8a3/0x1140 [ 807.946504] ? genl_unregister_family+0x8b0/0x8b0 [ 807.951352] ? netlink_deliver_tap+0x32d/0xfb0 [ 807.955930] ? lock_downgrade+0x8f0/0x8f0 [ 807.960085] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 807.965097] ? lock_release+0xa30/0xa30 [ 807.969072] ? lock_acquire+0x1e4/0x540 [ 807.973043] ? genl_rcv+0x19/0x40 [ 807.976509] genl_rcv_msg+0xc6/0x168 [ 807.980218] netlink_rcv_skb+0x172/0x440 [ 807.984265] ? genl_family_rcv_msg+0x1140/0x1140 [ 807.989008] ? netlink_ack+0xbe0/0xbe0 [ 807.992895] genl_rcv+0x28/0x40 [ 807.996179] netlink_unicast+0x5a0/0x760 [ 808.000237] ? netlink_attachskb+0x9a0/0x9a0 [ 808.004649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.010190] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 808.015194] netlink_sendmsg+0xa18/0xfc0 [ 808.019244] ? netlink_unicast+0x760/0x760 [ 808.023476] ? move_addr_to_kernel.part.20+0x100/0x100 [ 808.028751] ? security_socket_sendmsg+0x94/0xc0 [ 808.033492] ? netlink_unicast+0x760/0x760 [ 808.037736] sock_sendmsg+0xd5/0x120 [ 808.041456] ___sys_sendmsg+0x7fd/0x930 [ 808.045430] ? copy_msghdr_from_user+0x580/0x580 [ 808.050188] ? __sched_text_start+0x8/0x8 [ 808.054335] ? __fget_light+0x2f7/0x440 [ 808.058307] ? fget_raw+0x20/0x20 [ 808.061770] ? __fd_install+0x2db/0x880 [ 808.065749] ? get_unused_fd_flags+0x1a0/0x1a0 [ 808.070348] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 808.075886] ? sockfd_lookup_light+0xc5/0x160 [ 808.080380] __sys_sendmsg+0x11d/0x290 [ 808.084262] ? __ia32_sys_shutdown+0x80/0x80 [ 808.088679] ? __x64_sys_futex+0x47f/0x6a0 [ 808.092920] ? fd_install+0x4d/0x60 [ 808.096552] ? syscall_slow_exit_work+0x500/0x500 [ 808.101383] ? ksys_ioctl+0x81/0xd0 [ 808.104999] __x64_sys_sendmsg+0x78/0xb0 [ 808.109073] do_syscall_64+0x1b9/0x820 [ 808.112965] ? finish_task_switch+0x1d3/0x870 [ 808.117469] ? syscall_return_slowpath+0x5e0/0x5e0 [ 808.122397] ? syscall_return_slowpath+0x31d/0x5e0 [ 808.127332] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 808.132367] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 808.137291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 808.142473] RIP: 0033:0x456959 [ 808.145662] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 808.164557] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x393, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:50 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a0014") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:50 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 808.172279] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 808.179551] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 808.186834] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 808.194097] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 808.201357] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 808.218157] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:50 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0x0, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:50 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x600}) 17:30:50 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x6900}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 808.272036] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 808.278974] CPU: 1 PID: 6762 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 808.287386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.296829] Call Trace: [ 808.299455] dump_stack+0x1c9/0x2b4 [ 808.303106] ? dump_stack_print_info.cold.2+0x52/0x52 [ 808.308566] ? trace_hardirqs_on+0xd/0x10 [ 808.312741] sysfs_warn_dup.cold.3+0x1c/0x2b 17:30:50 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:50 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060005001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 808.317165] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 808.322544] sysfs_create_link+0x65/0xc0 [ 808.326622] device_add+0x5d0/0x17b0 [ 808.330361] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 808.334889] ? genl_family_rcv_msg+0x8a3/0x1140 [ 808.339582] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 808.344726] ? do_syscall_64+0x1b9/0x820 [ 808.348846] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 808.354053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.359613] wiphy_register+0x1a21/0x2740 [ 808.363789] ? wiphy_unregister+0x12c0/0x12c0 [ 808.368307] ? kasan_unpoison_shadow+0x35/0x50 [ 808.372905] ? kasan_kmalloc+0xc4/0xe0 [ 808.376864] ? __kmalloc+0x315/0x760 [ 808.380594] ? __lockdep_init_map+0x105/0x590 [ 808.385104] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.390651] ? ieee80211_cs_list_valid+0x7c/0x440 [ 808.395521] ? ieee80211_register_hw+0xc61/0x3890 [ 808.400401] ieee80211_register_hw+0x146b/0x3890 [ 808.405185] ? init_timer_on_stack_key+0x31/0xe0 [ 808.409961] ? ieee80211_free_ack_frame+0x60/0x60 [ 808.414832] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:50 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:50 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 808.419876] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 808.426039] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 808.431588] ? vsnprintf+0x20d/0x1b60 [ 808.435400] ? pointer+0x990/0x990 [ 808.438953] ? check_same_owner+0x340/0x340 [ 808.443292] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 808.448321] ? kvasprintf+0xea/0x140 [ 808.452044] ? bust_spinlocks+0xe0/0xe0 [ 808.456032] ? kasprintf+0xab/0xe0 [ 808.459574] ? kvasprintf_const+0x190/0x190 [ 808.463916] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 17:30:50 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 808.469465] hwsim_new_radio_nl+0x7c0/0xa80 [ 808.473807] ? nla_parse+0x32b/0x4e0 [ 808.477533] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 808.482735] ? __netlink_ns_capable+0x100/0x130 [ 808.487414] genl_family_rcv_msg+0x8a3/0x1140 [ 808.491916] ? genl_unregister_family+0x8b0/0x8b0 [ 808.496769] ? netlink_deliver_tap+0x32d/0xfb0 [ 808.501370] ? lock_downgrade+0x8f0/0x8f0 [ 808.505531] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 808.510562] ? lock_release+0xa30/0xa30 [ 808.514545] ? __netlink_lookup+0x5e1/0xab0 [ 808.518884] ? lock_acquire+0x1e4/0x540 17:30:50 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:50 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 808.522863] ? genl_rcv+0x19/0x40 [ 808.526332] genl_rcv_msg+0xc6/0x168 [ 808.530054] netlink_rcv_skb+0x172/0x440 [ 808.534124] ? genl_family_rcv_msg+0x1140/0x1140 [ 808.538891] ? netlink_ack+0xbe0/0xbe0 [ 808.542798] genl_rcv+0x28/0x40 [ 808.546089] netlink_unicast+0x5a0/0x760 [ 808.550160] ? netlink_attachskb+0x9a0/0x9a0 [ 808.554581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.560133] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 808.565161] netlink_sendmsg+0xa18/0xfc0 17:30:50 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 808.569231] ? netlink_unicast+0x760/0x760 [ 808.573477] ? move_addr_to_kernel.part.20+0x100/0x100 [ 808.578763] ? security_socket_sendmsg+0x94/0xc0 [ 808.583532] ? netlink_unicast+0x760/0x760 [ 808.587780] sock_sendmsg+0xd5/0x120 [ 808.591509] ___sys_sendmsg+0x7fd/0x930 [ 808.595494] ? copy_msghdr_from_user+0x580/0x580 [ 808.600269] ? lock_acquire+0x1e4/0x540 [ 808.604253] ? __fd_install+0x2b2/0x880 [ 808.608240] ? lock_downgrade+0x8f0/0x8f0 [ 808.612395] ? select_collect+0x610/0x610 [ 808.616550] ? __fget_light+0x2f7/0x440 [ 808.620541] ? fget_raw+0x20/0x20 [ 808.623997] ? __fd_install+0x2db/0x880 [ 808.627980] ? get_unused_fd_flags+0x1a0/0x1a0 [ 808.632588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 808.638158] ? sockfd_lookup_light+0xc5/0x160 [ 808.642666] __sys_sendmsg+0x11d/0x290 [ 808.646565] ? __ia32_sys_shutdown+0x80/0x80 [ 808.650985] ? __x64_sys_futex+0x47f/0x6a0 [ 808.655241] ? fd_install+0x4d/0x60 [ 808.658881] ? ksys_ioctl+0x81/0xd0 [ 808.662515] __x64_sys_sendmsg+0x78/0xb0 [ 808.666596] do_syscall_64+0x1b9/0x820 [ 808.670500] ? finish_task_switch+0x1d3/0x870 [ 808.674998] ? syscall_return_slowpath+0x5e0/0x5e0 [ 808.679924] ? syscall_return_slowpath+0x31d/0x5e0 [ 808.684856] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 808.689906] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 808.694752] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 808.699931] RIP: 0033:0x456959 [ 808.703122] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 808.722016] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 808.729724] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 808.736980] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 808.744254] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 808.751515] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 808.758775] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 808.809570] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 808.831374] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 808.838426] CPU: 1 PID: 6811 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 808.847018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.856381] Call Trace: [ 808.858989] dump_stack+0x1c9/0x2b4 [ 808.862637] ? dump_stack_print_info.cold.2+0x52/0x52 [ 808.867848] ? trace_hardirqs_on+0xd/0x10 [ 808.872018] sysfs_warn_dup.cold.3+0x1c/0x2b [ 808.876452] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 808.881837] sysfs_create_link+0x65/0xc0 [ 808.885922] device_add+0x5d0/0x17b0 [ 808.889653] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 808.894256] ? genl_family_rcv_msg+0x8a3/0x1140 [ 808.898941] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 808.904035] ? do_syscall_64+0x1b9/0x820 [ 808.908085] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 808.913383] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.918914] wiphy_register+0x1a21/0x2740 [ 808.923218] ? wiphy_unregister+0x12c0/0x12c0 [ 808.927718] ? kasan_unpoison_shadow+0x35/0x50 [ 808.932292] ? kasan_kmalloc+0xc4/0xe0 [ 808.936180] ? __kmalloc+0x315/0x760 [ 808.939919] ? __lockdep_init_map+0x105/0x590 [ 808.944406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.949940] ? ieee80211_cs_list_valid+0x7c/0x440 [ 808.954788] ? ieee80211_register_hw+0xc61/0x3890 [ 808.959635] ieee80211_register_hw+0x146b/0x3890 [ 808.964393] ? init_timer_on_stack_key+0x31/0xe0 [ 808.969137] ? ieee80211_free_ack_frame+0x60/0x60 [ 808.973972] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 808.978978] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 808.985127] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 808.990669] ? vsnprintf+0x20d/0x1b60 [ 808.994462] ? pointer+0x990/0x990 [ 808.997986] ? do_raw_spin_unlock+0xa7/0x2f0 [ 809.002386] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 809.007398] ? kvasprintf+0xea/0x140 [ 809.011093] ? bust_spinlocks+0xe0/0xe0 [ 809.015072] ? kasprintf+0xab/0xe0 [ 809.018594] ? kvasprintf_const+0x190/0x190 [ 809.022924] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 809.028467] hwsim_new_radio_nl+0x7c0/0xa80 [ 809.032787] ? nla_parse+0x32b/0x4e0 [ 809.036486] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 809.041681] ? __netlink_ns_capable+0x100/0x130 [ 809.046351] genl_family_rcv_msg+0x8a3/0x1140 [ 809.050834] ? genl_unregister_family+0x8b0/0x8b0 [ 809.055659] ? netlink_deliver_tap+0x32d/0xfb0 [ 809.060312] ? lock_downgrade+0x8f0/0x8f0 [ 809.064446] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 809.069444] ? lock_release+0xa30/0xa30 [ 809.073402] ? lock_acquire+0x1e4/0x540 [ 809.077369] ? genl_rcv+0x19/0x40 [ 809.080809] genl_rcv_msg+0xc6/0x168 [ 809.084505] netlink_rcv_skb+0x172/0x440 [ 809.088552] ? genl_family_rcv_msg+0x1140/0x1140 [ 809.093290] ? netlink_ack+0xbe0/0xbe0 [ 809.097165] genl_rcv+0x28/0x40 [ 809.100429] netlink_unicast+0x5a0/0x760 [ 809.104477] ? netlink_attachskb+0x9a0/0x9a0 [ 809.108885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.114419] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 809.119438] netlink_sendmsg+0xa18/0xfc0 [ 809.123488] ? netlink_unicast+0x760/0x760 [ 809.127731] ? move_addr_to_kernel.part.20+0x100/0x100 [ 809.133118] ? security_socket_sendmsg+0x94/0xc0 [ 809.137856] ? netlink_unicast+0x760/0x760 [ 809.142076] sock_sendmsg+0xd5/0x120 [ 809.145783] ___sys_sendmsg+0x7fd/0x930 [ 809.149754] ? copy_msghdr_from_user+0x580/0x580 [ 809.154506] ? lock_acquire+0x1e4/0x540 [ 809.158485] ? __fd_install+0x2b2/0x880 [ 809.162443] ? lock_downgrade+0x8f0/0x8f0 [ 809.166572] ? select_collect+0x610/0x610 [ 809.170709] ? __fget_light+0x2f7/0x440 [ 809.174675] ? fget_raw+0x20/0x20 [ 809.178112] ? __fd_install+0x2db/0x880 [ 809.182079] ? get_unused_fd_flags+0x1a0/0x1a0 [ 809.186655] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 809.192179] ? sockfd_lookup_light+0xc5/0x160 [ 809.196664] __sys_sendmsg+0x11d/0x290 [ 809.200538] ? __ia32_sys_shutdown+0x80/0x80 [ 809.204931] ? __x64_sys_futex+0x47f/0x6a0 [ 809.209147] ? fd_install+0x4d/0x60 [ 809.212766] ? ksys_ioctl+0x81/0xd0 [ 809.216376] __x64_sys_sendmsg+0x78/0xb0 [ 809.220421] do_syscall_64+0x1b9/0x820 [ 809.224301] ? finish_task_switch+0x1d3/0x870 [ 809.228784] ? syscall_return_slowpath+0x5e0/0x5e0 [ 809.233701] ? syscall_return_slowpath+0x31d/0x5e0 [ 809.238634] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 809.243641] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 809.248479] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 809.253652] RIP: 0033:0x456959 [ 809.256929] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 809.275812] RSP: 002b:00007fef28a2fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 809.283502] RAX: ffffffffffffffda RBX: 00007fef28a306d4 RCX: 0000000000456959 [ 809.290754] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 809.298006] RBP: 000000000072bfc0 R08: 0000000000000000 R09: 0000000000000000 17:30:51 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:51 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:51 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x3a}) 17:30:51 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600fec01900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3bd, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:51 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000), 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:51 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a0014") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:51 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x5000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:51 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000a1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 809.305271] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 809.312527] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000002 17:30:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3b6, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:51 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000), 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:51 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a0014") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:51 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x806000000000000}) 17:30:51 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x68ad1a0000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:51 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 809.431306] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:51 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600c0fe1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 809.497469] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 809.504437] CPU: 0 PID: 6842 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 809.513718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.523079] Call Trace: [ 809.525689] dump_stack+0x1c9/0x2b4 [ 809.529339] ? dump_stack_print_info.cold.2+0x52/0x52 [ 809.534552] ? trace_hardirqs_on+0xd/0x10 [ 809.538721] sysfs_warn_dup.cold.3+0x1c/0x2b [ 809.543148] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 809.548527] sysfs_create_link+0x65/0xc0 [ 809.552604] device_add+0x5d0/0x17b0 [ 809.556334] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 809.560847] ? genl_family_rcv_msg+0x8a3/0x1140 [ 809.565535] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 809.570652] ? do_syscall_64+0x1b9/0x820 [ 809.574733] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 809.579943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.585498] wiphy_register+0x1a21/0x2740 [ 809.589662] ? wiphy_unregister+0x12c0/0x12c0 [ 809.594172] ? kasan_unpoison_shadow+0x35/0x50 [ 809.598768] ? kasan_kmalloc+0xc4/0xe0 [ 809.602667] ? __kmalloc+0x315/0x760 [ 809.606397] ? __lockdep_init_map+0x105/0x590 [ 809.610905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.616454] ? ieee80211_cs_list_valid+0x7c/0x440 [ 809.621328] ? ieee80211_register_hw+0xc61/0x3890 [ 809.626186] ieee80211_register_hw+0x146b/0x3890 [ 809.630966] ? init_timer_on_stack_key+0x31/0xe0 [ 809.635742] ? ieee80211_free_ack_frame+0x60/0x60 [ 809.640611] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 809.645656] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 809.651796] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 809.657323] ? vsnprintf+0x20d/0x1b60 [ 809.661110] ? pointer+0x990/0x990 [ 809.664644] ? check_same_owner+0x340/0x340 [ 809.668968] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 809.673979] ? kvasprintf+0xea/0x140 [ 809.677685] ? bust_spinlocks+0xe0/0xe0 [ 809.681653] ? kasprintf+0xab/0xe0 [ 809.685176] ? kvasprintf_const+0x190/0x190 [ 809.689493] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 809.695019] hwsim_new_radio_nl+0x7c0/0xa80 [ 809.699360] ? nla_parse+0x32b/0x4e0 [ 809.703068] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 809.708243] ? __netlink_ns_capable+0x100/0x130 [ 809.712898] genl_family_rcv_msg+0x8a3/0x1140 [ 809.717377] ? genl_unregister_family+0x8b0/0x8b0 [ 809.722230] ? netlink_deliver_tap+0x32d/0xfb0 [ 809.726803] ? lock_downgrade+0x8f0/0x8f0 [ 809.730944] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 809.735958] ? lock_release+0xa30/0xa30 [ 809.739917] ? __netlink_lookup+0x5e1/0xab0 [ 809.744232] ? lock_acquire+0x1e4/0x540 [ 809.748197] ? genl_rcv+0x19/0x40 [ 809.751640] genl_rcv_msg+0xc6/0x168 [ 809.755348] netlink_rcv_skb+0x172/0x440 [ 809.759403] ? genl_family_rcv_msg+0x1140/0x1140 [ 809.764153] ? netlink_ack+0xbe0/0xbe0 [ 809.768029] genl_rcv+0x28/0x40 [ 809.771292] netlink_unicast+0x5a0/0x760 [ 809.775335] ? netlink_attachskb+0x9a0/0x9a0 [ 809.779737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.785266] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 809.790279] netlink_sendmsg+0xa18/0xfc0 [ 809.794327] ? netlink_unicast+0x760/0x760 [ 809.798557] ? move_addr_to_kernel.part.20+0x100/0x100 [ 809.803836] ? security_socket_sendmsg+0x94/0xc0 [ 809.808573] ? netlink_unicast+0x760/0x760 [ 809.812792] sock_sendmsg+0xd5/0x120 [ 809.816491] ___sys_sendmsg+0x7fd/0x930 [ 809.820459] ? copy_msghdr_from_user+0x580/0x580 [ 809.825213] ? lock_acquire+0x1e4/0x540 [ 809.829186] ? __fd_install+0x2b2/0x880 [ 809.833159] ? lock_downgrade+0x8f0/0x8f0 [ 809.837301] ? select_collect+0x610/0x610 [ 809.841440] ? __fget_light+0x2f7/0x440 [ 809.845400] ? fget_raw+0x20/0x20 [ 809.848843] ? __fd_install+0x2db/0x880 [ 809.852810] ? get_unused_fd_flags+0x1a0/0x1a0 [ 809.857379] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 809.862901] ? sockfd_lookup_light+0xc5/0x160 [ 809.867395] __sys_sendmsg+0x11d/0x290 [ 809.871267] ? __ia32_sys_shutdown+0x80/0x80 [ 809.875660] ? __x64_sys_futex+0x47f/0x6a0 [ 809.879877] ? fd_install+0x4d/0x60 [ 809.883493] ? ksys_ioctl+0x81/0xd0 [ 809.887105] __x64_sys_sendmsg+0x78/0xb0 [ 809.891160] do_syscall_64+0x1b9/0x820 [ 809.895053] ? finish_task_switch+0x1d3/0x870 [ 809.899531] ? syscall_return_slowpath+0x5e0/0x5e0 [ 809.904446] ? syscall_return_slowpath+0x31d/0x5e0 [ 809.909363] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 809.914363] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 809.919247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 809.924423] RIP: 0033:0x456959 [ 809.927604] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:30:51 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3ad, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:51 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000), 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:51 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f76") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:51 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x300000000000000}) 17:30:51 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1400000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:51 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 809.946493] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 809.954194] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 809.961459] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 809.968719] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 809.975981] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 809.983247] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:51 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600fc001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xffff88018715f3b8, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:51 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:51 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f76") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:51 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x60000000}) 17:30:51 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x19, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 810.095479] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:51 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x63000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:51 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000b001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 810.173207] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 810.180222] CPU: 1 PID: 6894 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 810.188634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.198301] Call Trace: [ 810.200916] dump_stack+0x1c9/0x2b4 [ 810.204560] ? dump_stack_print_info.cold.2+0x52/0x52 [ 810.209773] ? trace_hardirqs_on+0xd/0x10 [ 810.213939] sysfs_warn_dup.cold.3+0x1c/0x2b [ 810.218370] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 810.224881] sysfs_create_link+0x65/0xc0 [ 810.228959] device_add+0x5d0/0x17b0 [ 810.232697] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 810.237206] ? genl_family_rcv_msg+0x8a3/0x1140 [ 810.241892] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 810.247097] ? do_syscall_64+0x1b9/0x820 [ 810.251175] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 810.256381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.261934] wiphy_register+0x1a21/0x2740 [ 810.266107] ? wiphy_unregister+0x12c0/0x12c0 [ 810.270612] ? kasan_unpoison_shadow+0x35/0x50 [ 810.275203] ? kasan_kmalloc+0xc4/0xe0 [ 810.279104] ? __kmalloc+0x315/0x760 [ 810.282818] ? __lockdep_init_map+0x105/0x590 [ 810.287316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.292855] ? ieee80211_cs_list_valid+0x7c/0x440 [ 810.297690] ? ieee80211_register_hw+0xc61/0x3890 [ 810.302537] ieee80211_register_hw+0x146b/0x3890 [ 810.307301] ? init_timer_on_stack_key+0x31/0xe0 [ 810.312065] ? ieee80211_free_ack_frame+0x60/0x60 [ 810.316914] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 810.321940] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 810.328107] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 810.333639] ? vsnprintf+0x20d/0x1b60 [ 810.337429] ? pointer+0x990/0x990 [ 810.340963] ? check_same_owner+0x340/0x340 [ 810.345288] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 810.350305] ? kvasprintf+0xea/0x140 [ 810.354015] ? bust_spinlocks+0xe0/0xe0 [ 810.357989] ? kasprintf+0xab/0xe0 [ 810.361539] ? kvasprintf_const+0x190/0x190 [ 810.365877] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 810.371409] hwsim_new_radio_nl+0x7c0/0xa80 [ 810.375726] ? nla_parse+0x32b/0x4e0 [ 810.379447] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 810.384641] ? __netlink_ns_capable+0x100/0x130 [ 810.389386] genl_family_rcv_msg+0x8a3/0x1140 [ 810.393880] ? genl_unregister_family+0x8b0/0x8b0 [ 810.398721] ? __sched_text_start+0x8/0x8 [ 810.402863] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 810.407879] ? lock_release+0xa30/0xa30 [ 810.411840] ? __netlink_lookup+0x5e1/0xab0 [ 810.416148] ? lock_acquire+0x1e4/0x540 [ 810.420112] ? genl_rcv+0x19/0x40 [ 810.423565] genl_rcv_msg+0xc6/0x168 [ 810.427263] netlink_rcv_skb+0x172/0x440 [ 810.431313] ? genl_family_rcv_msg+0x1140/0x1140 [ 810.436064] ? netlink_ack+0xbe0/0xbe0 [ 810.439940] genl_rcv+0x28/0x40 [ 810.443204] netlink_unicast+0x5a0/0x760 [ 810.447254] ? netlink_attachskb+0x9a0/0x9a0 [ 810.451672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.457201] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 810.462238] netlink_sendmsg+0xa18/0xfc0 [ 810.466307] ? netlink_unicast+0x760/0x760 [ 810.470565] ? move_addr_to_kernel.part.20+0x100/0x100 [ 810.475849] ? security_socket_sendmsg+0x94/0xc0 [ 810.480613] ? netlink_unicast+0x760/0x760 [ 810.484858] sock_sendmsg+0xd5/0x120 [ 810.488562] ___sys_sendmsg+0x7fd/0x930 [ 810.492536] ? copy_msghdr_from_user+0x580/0x580 [ 810.497285] ? __sched_text_start+0x8/0x8 [ 810.501429] ? __fget_light+0x2f7/0x440 [ 810.505401] ? fget_raw+0x20/0x20 [ 810.508865] ? __fd_install+0x2db/0x880 [ 810.512840] ? get_unused_fd_flags+0x1a0/0x1a0 [ 810.517426] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 810.522970] ? sockfd_lookup_light+0xc5/0x160 [ 810.527470] __sys_sendmsg+0x11d/0x290 [ 810.531358] ? __ia32_sys_shutdown+0x80/0x80 [ 810.535762] ? __x64_sys_futex+0x47f/0x6a0 [ 810.539990] ? fd_install+0x4d/0x60 [ 810.543624] ? syscall_slow_exit_work+0x500/0x500 [ 810.548462] ? ksys_ioctl+0x81/0xd0 [ 810.552090] __x64_sys_sendmsg+0x78/0xb0 [ 810.556143] do_syscall_64+0x1b9/0x820 [ 810.560036] ? finish_task_switch+0x1d3/0x870 [ 810.564530] ? syscall_return_slowpath+0x5e0/0x5e0 [ 810.569446] ? syscall_return_slowpath+0x31d/0x5e0 [ 810.574362] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 810.579383] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 810.584217] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.589389] RIP: 0033:0x456959 [ 810.592581] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 810.611469] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 810.619176] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 810.626430] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 810.633692] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 810.640969] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 810.648251] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 810.658770] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 810.684328] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 810.691381] CPU: 1 PID: 6913 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 810.699784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.709135] Call Trace: [ 810.711739] dump_stack+0x1c9/0x2b4 [ 810.715383] ? dump_stack_print_info.cold.2+0x52/0x52 [ 810.720576] ? trace_hardirqs_on+0xd/0x10 [ 810.724732] sysfs_warn_dup.cold.3+0x1c/0x2b [ 810.729159] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 810.734541] sysfs_create_link+0x65/0xc0 [ 810.738623] device_add+0x5d0/0x17b0 [ 810.742350] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 810.746854] ? genl_family_rcv_msg+0x8a3/0x1140 [ 810.751537] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 810.756650] ? do_syscall_64+0x1b9/0x820 [ 810.760725] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 810.765927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.771481] wiphy_register+0x1a21/0x2740 [ 810.775651] ? wiphy_unregister+0x12c0/0x12c0 [ 810.780154] ? kasan_unpoison_shadow+0x35/0x50 [ 810.784746] ? kasan_kmalloc+0xc4/0xe0 [ 810.788647] ? __kmalloc+0x315/0x760 [ 810.792392] ? __lockdep_init_map+0x105/0x590 [ 810.796894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.802443] ? ieee80211_cs_list_valid+0x7c/0x440 [ 810.807295] ? ieee80211_register_hw+0xc61/0x3890 [ 810.812149] ieee80211_register_hw+0x146b/0x3890 [ 810.816937] ? init_timer_on_stack_key+0x31/0xe0 [ 810.821703] ? ieee80211_free_ack_frame+0x60/0x60 [ 810.826564] mac80211_hwsim_new_radio+0x1e55/0x3490 17:30:52 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:52 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:52 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f76") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:52 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:52 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060004001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:52 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x2000000}) 17:30:52 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x7000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:52 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 810.831616] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 810.837776] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 810.843409] ? vsnprintf+0x20d/0x1b60 [ 810.847217] ? pointer+0x990/0x990 [ 810.850759] ? do_raw_spin_unlock+0xa7/0x2f0 [ 810.855178] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 810.860201] ? kvasprintf+0xea/0x140 [ 810.863919] ? bust_spinlocks+0xe0/0xe0 [ 810.867899] ? kasprintf+0xab/0xe0 [ 810.871437] ? kvasprintf_const+0x190/0x190 [ 810.875768] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 17:30:52 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 810.881314] hwsim_new_radio_nl+0x7c0/0xa80 [ 810.885643] ? nla_parse+0x32b/0x4e0 [ 810.889365] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 810.894565] ? __netlink_ns_capable+0x100/0x130 [ 810.899258] genl_family_rcv_msg+0x8a3/0x1140 [ 810.903764] ? genl_unregister_family+0x8b0/0x8b0 [ 810.908611] ? netlink_deliver_tap+0x32d/0xfb0 [ 810.913210] ? lock_downgrade+0x8f0/0x8f0 [ 810.917365] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 810.922391] ? lock_release+0xa30/0xa30 [ 810.926402] ? lock_acquire+0x1e4/0x540 [ 810.930396] ? genl_rcv+0x19/0x40 17:30:52 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 810.933877] genl_rcv_msg+0xc6/0x168 [ 810.937612] netlink_rcv_skb+0x172/0x440 [ 810.941676] ? genl_family_rcv_msg+0x1140/0x1140 [ 810.946432] ? netlink_ack+0xbe0/0xbe0 [ 810.950324] genl_rcv+0x28/0x40 [ 810.953609] netlink_unicast+0x5a0/0x760 [ 810.957684] ? netlink_attachskb+0x9a0/0x9a0 [ 810.962096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.967669] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 810.972700] netlink_sendmsg+0xa18/0xfc0 [ 810.976753] ? netlink_unicast+0x760/0x760 [ 810.980986] ? move_addr_to_kernel.part.20+0x100/0x100 [ 810.986252] ? security_socket_sendmsg+0x94/0xc0 [ 810.990997] ? netlink_unicast+0x760/0x760 [ 810.995229] sock_sendmsg+0xd5/0x120 [ 810.998935] ___sys_sendmsg+0x7fd/0x930 [ 811.002898] ? copy_msghdr_from_user+0x580/0x580 [ 811.007648] ? lock_acquire+0x1e4/0x540 [ 811.011612] ? __fd_install+0x2b2/0x880 [ 811.015595] ? lock_downgrade+0x8f0/0x8f0 [ 811.019737] ? select_collect+0x610/0x610 [ 811.024005] ? __fget_light+0x2f7/0x440 [ 811.027983] ? fget_raw+0x20/0x20 [ 811.031432] ? __fd_install+0x2db/0x880 [ 811.035412] ? get_unused_fd_flags+0x1a0/0x1a0 [ 811.039992] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 811.045529] ? sockfd_lookup_light+0xc5/0x160 [ 811.050010] __sys_sendmsg+0x11d/0x290 [ 811.053887] ? __ia32_sys_shutdown+0x80/0x80 [ 811.058295] ? __x64_sys_futex+0x47f/0x6a0 [ 811.062522] ? fd_install+0x4d/0x60 [ 811.066149] ? ksys_ioctl+0x81/0xd0 [ 811.069769] __x64_sys_sendmsg+0x78/0xb0 [ 811.073847] do_syscall_64+0x1b9/0x820 [ 811.077734] ? finish_task_switch+0x1d3/0x870 [ 811.082225] ? syscall_return_slowpath+0x5e0/0x5e0 [ 811.087140] ? syscall_return_slowpath+0x31d/0x5e0 [ 811.092057] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 811.097075] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.101917] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.107194] RIP: 0033:0x456959 [ 811.110373] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 811.129267] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 811.136974] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 811.144231] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 811.151492] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 811.158753] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 811.166012] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163ce, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:53 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f7640") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:53 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000", 0x52, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 811.183652] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 811.226856] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 811.233792] CPU: 1 PID: 6935 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 811.242315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.252647] Call Trace: [ 811.255271] dump_stack+0x1c9/0x2b4 [ 811.258927] ? dump_stack_print_info.cold.2+0x52/0x52 [ 811.264124] ? trace_hardirqs_on+0xd/0x10 [ 811.268282] sysfs_warn_dup.cold.3+0x1c/0x2b 17:30:53 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:53 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x700}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:53 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000b1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 811.272707] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 811.278084] sysfs_create_link+0x65/0xc0 [ 811.282161] device_add+0x5d0/0x17b0 [ 811.285891] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 811.290402] ? genl_family_rcv_msg+0x8a3/0x1140 [ 811.295088] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 811.300208] ? do_syscall_64+0x1b9/0x820 [ 811.304289] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 811.309498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.315053] wiphy_register+0x1a21/0x2740 [ 811.319222] ? wiphy_unregister+0x12c0/0x12c0 [ 811.323728] ? kasan_unpoison_shadow+0x35/0x50 [ 811.328323] ? kasan_kmalloc+0xc4/0xe0 [ 811.332222] ? __kmalloc+0x315/0x760 [ 811.335951] ? __lockdep_init_map+0x105/0x590 [ 811.340485] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.346036] ? ieee80211_cs_list_valid+0x7c/0x440 [ 811.350896] ? ieee80211_register_hw+0xc61/0x3890 [ 811.355753] ieee80211_register_hw+0x146b/0x3890 [ 811.360523] ? init_timer_on_stack_key+0x31/0xe0 [ 811.365297] ? ieee80211_free_ack_frame+0x60/0x60 [ 811.370188] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 811.375232] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 811.381390] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 811.386936] ? vsnprintf+0x20d/0x1b60 [ 811.390749] ? pointer+0x990/0x990 [ 811.394291] ? check_same_owner+0x340/0x340 [ 811.398613] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 811.403625] ? kvasprintf+0xea/0x140 [ 811.407329] ? bust_spinlocks+0xe0/0xe0 [ 811.411298] ? kasprintf+0xab/0xe0 [ 811.414830] ? kvasprintf_const+0x190/0x190 [ 811.419149] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 811.424691] hwsim_new_radio_nl+0x7c0/0xa80 [ 811.429016] ? nla_parse+0x32b/0x4e0 [ 811.432731] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 811.437922] ? __netlink_ns_capable+0x100/0x130 [ 811.442584] genl_family_rcv_msg+0x8a3/0x1140 [ 811.447066] ? genl_unregister_family+0x8b0/0x8b0 [ 811.451906] ? netlink_deliver_tap+0x32d/0xfb0 [ 811.456498] ? lock_downgrade+0x8f0/0x8f0 [ 811.461536] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 811.466564] ? lock_release+0xa30/0xa30 [ 811.470529] ? __netlink_lookup+0x5e1/0xab0 [ 811.474853] ? lock_acquire+0x1e4/0x540 [ 811.478829] ? genl_rcv+0x19/0x40 [ 811.482281] genl_rcv_msg+0xc6/0x168 [ 811.485982] netlink_rcv_skb+0x172/0x440 [ 811.490053] ? genl_family_rcv_msg+0x1140/0x1140 [ 811.494811] ? netlink_ack+0xbe0/0xbe0 [ 811.498696] genl_rcv+0x28/0x40 [ 811.501972] netlink_unicast+0x5a0/0x760 [ 811.506027] ? netlink_attachskb+0x9a0/0x9a0 [ 811.510431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.515956] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 811.520960] netlink_sendmsg+0xa18/0xfc0 [ 811.525019] ? netlink_unicast+0x760/0x760 [ 811.529261] ? move_addr_to_kernel.part.20+0x100/0x100 [ 811.534525] ? security_socket_sendmsg+0x94/0xc0 [ 811.539277] ? netlink_unicast+0x760/0x760 [ 811.543518] sock_sendmsg+0xd5/0x120 [ 811.547233] ___sys_sendmsg+0x7fd/0x930 [ 811.551209] ? copy_msghdr_from_user+0x580/0x580 [ 811.555969] ? lock_acquire+0x1e4/0x540 [ 811.559928] ? __fd_install+0x2b2/0x880 [ 811.563890] ? lock_downgrade+0x8f0/0x8f0 [ 811.568020] ? select_collect+0x610/0x610 [ 811.572162] ? __fget_light+0x2f7/0x440 [ 811.576129] ? fget_raw+0x20/0x20 [ 811.579575] ? __fd_install+0x2db/0x880 [ 811.583543] ? get_unused_fd_flags+0x1a0/0x1a0 [ 811.588130] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 811.593753] ? sockfd_lookup_light+0xc5/0x160 [ 811.598246] __sys_sendmsg+0x11d/0x290 [ 811.602126] ? __ia32_sys_shutdown+0x80/0x80 [ 811.606521] ? __x64_sys_futex+0x47f/0x6a0 [ 811.610745] ? fd_install+0x4d/0x60 [ 811.614371] ? ksys_ioctl+0x81/0xd0 [ 811.618001] __x64_sys_sendmsg+0x78/0xb0 [ 811.622062] do_syscall_64+0x1b9/0x820 [ 811.625956] ? finish_task_switch+0x1d3/0x870 [ 811.630447] ? syscall_return_slowpath+0x5e0/0x5e0 [ 811.635378] ? syscall_return_slowpath+0x31d/0x5e0 [ 811.640293] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 811.645310] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.650144] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.655332] RIP: 0033:0x456959 [ 811.658513] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 811.677492] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 811.685193] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 811.692455] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 811.699721] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 811.706974] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 811.714237] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 811.737019] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 811.762536] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 811.769471] CPU: 0 PID: 6935 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 811.777883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.787246] Call Trace: [ 811.789856] dump_stack+0x1c9/0x2b4 [ 811.793504] ? dump_stack_print_info.cold.2+0x52/0x52 [ 811.798709] ? trace_hardirqs_on+0xd/0x10 [ 811.802880] sysfs_warn_dup.cold.3+0x1c/0x2b [ 811.807306] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 811.812694] sysfs_create_link+0x65/0xc0 [ 811.816767] device_add+0x5d0/0x17b0 [ 811.820486] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 811.824996] ? genl_family_rcv_msg+0x8a3/0x1140 [ 811.829710] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 811.834828] ? do_syscall_64+0x1b9/0x820 [ 811.838908] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 811.844108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.849638] wiphy_register+0x1a21/0x2740 [ 811.853776] ? wiphy_unregister+0x12c0/0x12c0 [ 811.858264] ? kasan_unpoison_shadow+0x35/0x50 [ 811.862844] ? kasan_kmalloc+0xc4/0xe0 [ 811.866728] ? __kmalloc+0x315/0x760 [ 811.870457] ? __lockdep_init_map+0x105/0x590 [ 811.874942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.880475] ? ieee80211_cs_list_valid+0x7c/0x440 [ 811.885314] ? ieee80211_register_hw+0xc61/0x3890 [ 811.890147] ieee80211_register_hw+0x146b/0x3890 [ 811.894894] ? init_timer_on_stack_key+0x31/0xe0 [ 811.899648] ? ieee80211_free_ack_frame+0x60/0x60 [ 811.904504] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 811.909523] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 811.915664] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 811.921204] ? vsnprintf+0x20d/0x1b60 [ 811.924990] ? pointer+0x990/0x990 [ 811.928518] ? check_same_owner+0x340/0x340 [ 811.932844] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 811.937847] ? kvasprintf+0xea/0x140 [ 811.941552] ? bust_spinlocks+0xe0/0xe0 [ 811.945529] ? kasprintf+0xab/0xe0 [ 811.949054] ? kvasprintf_const+0x190/0x190 [ 811.953361] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 811.958893] hwsim_new_radio_nl+0x7c0/0xa80 [ 811.963205] ? nla_parse+0x32b/0x4e0 [ 811.966904] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 811.972081] ? __netlink_ns_capable+0x100/0x130 [ 811.976739] genl_family_rcv_msg+0x8a3/0x1140 [ 811.981230] ? genl_unregister_family+0x8b0/0x8b0 [ 811.986053] ? netlink_deliver_tap+0x32d/0xfb0 [ 811.990623] ? lock_downgrade+0x8f0/0x8f0 [ 811.994755] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 811.999760] ? lock_release+0xa30/0xa30 [ 812.003721] ? __netlink_lookup+0x5e1/0xab0 [ 812.008029] ? lock_acquire+0x1e4/0x540 [ 812.011983] ? genl_rcv+0x19/0x40 [ 812.015424] genl_rcv_msg+0xc6/0x168 [ 812.019120] netlink_rcv_skb+0x172/0x440 [ 812.023184] ? genl_family_rcv_msg+0x1140/0x1140 [ 812.027929] ? netlink_ack+0xbe0/0xbe0 [ 812.031831] genl_rcv+0x28/0x40 [ 812.035097] netlink_unicast+0x5a0/0x760 [ 812.039140] ? netlink_attachskb+0x9a0/0x9a0 [ 812.043540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.049061] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 812.054072] netlink_sendmsg+0xa18/0xfc0 [ 812.058130] ? netlink_unicast+0x760/0x760 [ 812.062346] ? move_addr_to_kernel.part.20+0x100/0x100 [ 812.067606] ? security_socket_sendmsg+0x94/0xc0 [ 812.072340] ? netlink_unicast+0x760/0x760 [ 812.076558] sock_sendmsg+0xd5/0x120 [ 812.080267] ___sys_sendmsg+0x7fd/0x930 [ 812.084238] ? copy_msghdr_from_user+0x580/0x580 [ 812.088995] ? lock_acquire+0x1e4/0x540 [ 812.093041] ? __fd_install+0x2b2/0x880 [ 812.097021] ? lock_downgrade+0x8f0/0x8f0 [ 812.101152] ? select_collect+0x610/0x610 [ 812.105282] ? __fget_light+0x2f7/0x440 [ 812.109247] ? fget_raw+0x20/0x20 [ 812.112680] ? __fd_install+0x2db/0x880 [ 812.116636] ? get_unused_fd_flags+0x1a0/0x1a0 [ 812.121216] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 812.126748] ? sockfd_lookup_light+0xc5/0x160 [ 812.131236] __sys_sendmsg+0x11d/0x290 [ 812.135107] ? __ia32_sys_shutdown+0x80/0x80 [ 812.139506] ? __x64_sys_futex+0x47f/0x6a0 [ 812.143736] ? fd_install+0x4d/0x60 [ 812.147354] ? ksys_ioctl+0x81/0xd0 [ 812.150962] __x64_sys_sendmsg+0x78/0xb0 [ 812.155012] do_syscall_64+0x1b9/0x820 [ 812.158888] ? finish_task_switch+0x1d3/0x870 [ 812.163372] ? syscall_return_slowpath+0x5e0/0x5e0 [ 812.168300] ? syscall_return_slowpath+0x31d/0x5e0 [ 812.173222] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 812.178223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 812.183063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.188235] RIP: 0033:0x456959 [ 812.191427] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 812.210310] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 812.218113] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 812.225372] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 17:30:54 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:54 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x3000000}) 17:30:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x10, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:54 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f7640") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:54 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000", 0x52, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:54 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x79}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:54 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:54 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060007001900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 812.232637] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 812.239887] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 812.247146] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:54 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xe00}) 17:30:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x5e, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 812.306195] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 812.349022] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 812.355968] CPU: 1 PID: 6995 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 812.367949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.377308] Call Trace: [ 812.379920] dump_stack+0x1c9/0x2b4 [ 812.383567] ? dump_stack_print_info.cold.2+0x52/0x52 [ 812.388773] ? trace_hardirqs_on+0xd/0x10 [ 812.392943] sysfs_warn_dup.cold.3+0x1c/0x2b 17:30:54 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f7640") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:54 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000", 0x52, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:54 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000021900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:54 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x85ffffff00000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:54 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc8070031") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x7ffffffa, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 812.397360] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 812.402733] sysfs_create_link+0x65/0xc0 [ 812.406806] device_add+0x5d0/0x17b0 [ 812.410536] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 812.415046] ? genl_family_rcv_msg+0x8a3/0x1140 [ 812.419728] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 812.424844] ? do_syscall_64+0x1b9/0x820 [ 812.428918] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 812.434122] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.439673] wiphy_register+0x1a21/0x2740 [ 812.443845] ? wiphy_unregister+0x12c0/0x12c0 [ 812.448351] ? kasan_unpoison_shadow+0x35/0x50 [ 812.452941] ? kasan_kmalloc+0xc4/0xe0 [ 812.456841] ? __kmalloc+0x315/0x760 [ 812.460560] ? __lockdep_init_map+0x105/0x590 [ 812.465079] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.470636] ? ieee80211_cs_list_valid+0x7c/0x440 [ 812.475497] ? ieee80211_register_hw+0xc61/0x3890 [ 812.480356] ieee80211_register_hw+0x146b/0x3890 [ 812.485135] ? init_timer_on_stack_key+0x31/0xe0 [ 812.489905] ? ieee80211_free_ack_frame+0x60/0x60 [ 812.494773] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 812.499812] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 812.505973] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 812.511521] ? vsnprintf+0x20d/0x1b60 [ 812.515335] ? pointer+0x990/0x990 [ 812.518885] ? check_same_owner+0x340/0x340 [ 812.523266] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 812.528276] ? kvasprintf+0xea/0x140 [ 812.531980] ? bust_spinlocks+0xe0/0xe0 [ 812.536065] ? kasprintf+0xab/0xe0 [ 812.539617] ? kvasprintf_const+0x190/0x190 [ 812.543930] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 812.549466] hwsim_new_radio_nl+0x7c0/0xa80 [ 812.553785] ? nla_parse+0x32b/0x4e0 [ 812.557503] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 812.562699] ? __netlink_ns_capable+0x100/0x130 [ 812.567372] genl_family_rcv_msg+0x8a3/0x1140 [ 812.571866] ? genl_unregister_family+0x8b0/0x8b0 [ 812.576703] ? netlink_deliver_tap+0x32d/0xfb0 [ 812.581283] ? lock_downgrade+0x8f0/0x8f0 [ 812.585442] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 812.590487] ? lock_release+0xa30/0xa30 [ 812.594456] ? __netlink_lookup+0x5e1/0xab0 [ 812.598773] ? lock_acquire+0x1e4/0x540 [ 812.602746] ? genl_rcv+0x19/0x40 [ 812.606193] genl_rcv_msg+0xc6/0x168 [ 812.609897] netlink_rcv_skb+0x172/0x440 [ 812.613957] ? genl_family_rcv_msg+0x1140/0x1140 [ 812.618700] ? netlink_ack+0xbe0/0xbe0 [ 812.622580] genl_rcv+0x28/0x40 [ 812.625856] netlink_unicast+0x5a0/0x760 [ 812.629910] ? netlink_attachskb+0x9a0/0x9a0 [ 812.634322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.639851] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 812.644860] netlink_sendmsg+0xa18/0xfc0 [ 812.648907] ? netlink_unicast+0x760/0x760 [ 812.653131] ? move_addr_to_kernel.part.20+0x100/0x100 [ 812.658398] ? security_socket_sendmsg+0x94/0xc0 [ 812.663140] ? netlink_unicast+0x760/0x760 [ 812.667360] sock_sendmsg+0xd5/0x120 [ 812.671061] ___sys_sendmsg+0x7fd/0x930 [ 812.675034] ? copy_msghdr_from_user+0x580/0x580 [ 812.679784] ? lock_acquire+0x1e4/0x540 [ 812.683749] ? __fd_install+0x2b2/0x880 [ 812.687710] ? lock_downgrade+0x8f0/0x8f0 [ 812.691862] ? select_collect+0x610/0x610 [ 812.696006] ? __fget_light+0x2f7/0x440 [ 812.699962] ? fget_raw+0x20/0x20 [ 812.703400] ? __fd_install+0x2db/0x880 [ 812.707369] ? get_unused_fd_flags+0x1a0/0x1a0 [ 812.711956] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 812.717480] ? sockfd_lookup_light+0xc5/0x160 [ 812.721960] __sys_sendmsg+0x11d/0x290 [ 812.725834] ? __ia32_sys_shutdown+0x80/0x80 [ 812.730231] ? __x64_sys_futex+0x47f/0x6a0 [ 812.734469] ? fd_install+0x4d/0x60 [ 812.738095] ? ksys_ioctl+0x81/0xd0 [ 812.741724] __x64_sys_sendmsg+0x78/0xb0 [ 812.745780] do_syscall_64+0x1b9/0x820 [ 812.749653] ? finish_task_switch+0x1d3/0x870 [ 812.754144] ? syscall_return_slowpath+0x5e0/0x5e0 [ 812.759071] ? syscall_return_slowpath+0x31d/0x5e0 [ 812.763995] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 812.769014] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 812.773858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.779034] RIP: 0033:0x456959 [ 812.782210] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 812.801103] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 812.808809] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 812.816078] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 812.823332] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 812.830592] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 812.837868] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 812.878075] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 812.911473] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 812.918525] CPU: 1 PID: 6995 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 812.926962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.936329] Call Trace: [ 812.938949] dump_stack+0x1c9/0x2b4 [ 812.942602] ? dump_stack_print_info.cold.2+0x52/0x52 [ 812.947843] ? trace_hardirqs_on+0xd/0x10 [ 812.952014] sysfs_warn_dup.cold.3+0x1c/0x2b [ 812.956444] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 812.961795] sysfs_create_link+0x65/0xc0 [ 812.965854] device_add+0x5d0/0x17b0 [ 812.969564] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 812.974044] ? genl_family_rcv_msg+0x8a3/0x1140 [ 812.978700] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 812.983797] ? do_syscall_64+0x1b9/0x820 [ 812.987840] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 812.993013] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.998536] wiphy_register+0x1a21/0x2740 [ 813.002678] ? wiphy_unregister+0x12c0/0x12c0 [ 813.007156] ? kasan_unpoison_shadow+0x35/0x50 [ 813.011727] ? kasan_kmalloc+0xc4/0xe0 [ 813.015614] ? __kmalloc+0x315/0x760 [ 813.019309] ? __lockdep_init_map+0x105/0x590 [ 813.023811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.029362] ? ieee80211_cs_list_valid+0x7c/0x440 [ 813.034221] ? ieee80211_register_hw+0xc61/0x3890 [ 813.039081] ieee80211_register_hw+0x146b/0x3890 [ 813.043844] ? init_timer_on_stack_key+0x31/0xe0 [ 813.048590] ? ieee80211_free_ack_frame+0x60/0x60 [ 813.053426] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 813.058434] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 813.064596] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 813.070117] ? vsnprintf+0x20d/0x1b60 [ 813.073902] ? pointer+0x990/0x990 [ 813.077427] ? check_same_owner+0x340/0x340 [ 813.081742] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 813.086755] ? kvasprintf+0xea/0x140 [ 813.090461] ? bust_spinlocks+0xe0/0xe0 [ 813.094424] ? kasprintf+0xab/0xe0 [ 813.097945] ? kvasprintf_const+0x190/0x190 [ 813.102253] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 813.107777] hwsim_new_radio_nl+0x7c0/0xa80 [ 813.112087] ? nla_parse+0x32b/0x4e0 [ 813.115782] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 813.120956] ? __netlink_ns_capable+0x100/0x130 [ 813.125611] genl_family_rcv_msg+0x8a3/0x1140 [ 813.130090] ? genl_unregister_family+0x8b0/0x8b0 [ 813.134914] ? netlink_deliver_tap+0x32d/0xfb0 [ 813.139491] ? lock_downgrade+0x8f0/0x8f0 [ 813.143627] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 813.148628] ? lock_release+0xa30/0xa30 [ 813.152697] ? __netlink_lookup+0x5e1/0xab0 [ 813.157012] ? lock_acquire+0x1e4/0x540 [ 813.160966] ? genl_rcv+0x19/0x40 [ 813.164407] genl_rcv_msg+0xc6/0x168 [ 813.168103] netlink_rcv_skb+0x172/0x440 [ 813.172147] ? genl_family_rcv_msg+0x1140/0x1140 [ 813.176898] ? netlink_ack+0xbe0/0xbe0 [ 813.180778] genl_rcv+0x28/0x40 [ 813.184047] netlink_unicast+0x5a0/0x760 [ 813.188099] ? netlink_attachskb+0x9a0/0x9a0 [ 813.192491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.198011] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 813.203013] netlink_sendmsg+0xa18/0xfc0 [ 813.207071] ? netlink_unicast+0x760/0x760 [ 813.211296] ? move_addr_to_kernel.part.20+0x100/0x100 [ 813.216557] ? security_socket_sendmsg+0x94/0xc0 [ 813.221302] ? netlink_unicast+0x760/0x760 [ 813.225520] sock_sendmsg+0xd5/0x120 [ 813.229215] ___sys_sendmsg+0x7fd/0x930 [ 813.233184] ? copy_msghdr_from_user+0x580/0x580 [ 813.237938] ? lock_acquire+0x1e4/0x540 [ 813.241896] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 813.247070] ? __fget_light+0x2f7/0x440 [ 813.251036] ? fget_raw+0x20/0x20 [ 813.254477] ? __fd_install+0x2db/0x880 [ 813.258435] ? dlci_ioctl_set+0x40/0x40 [ 813.262407] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.267931] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 813.273454] ? sockfd_lookup_light+0xc5/0x160 [ 813.277931] __sys_sendmsg+0x11d/0x290 [ 813.281803] ? __ia32_sys_shutdown+0x80/0x80 [ 813.286197] ? __x64_sys_futex+0x47f/0x6a0 [ 813.290422] ? fd_install+0x4d/0x60 [ 813.294035] ? ksys_ioctl+0x81/0xd0 [ 813.297654] __x64_sys_sendmsg+0x78/0xb0 [ 813.301712] do_syscall_64+0x1b9/0x820 [ 813.305606] ? finish_task_switch+0x1d3/0x870 [ 813.310105] ? syscall_return_slowpath+0x5e0/0x5e0 [ 813.315020] ? syscall_return_slowpath+0x31d/0x5e0 [ 813.319933] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 813.324935] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 813.329762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.334946] RIP: 0033:0x456959 [ 813.338175] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 813.357147] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 813.364841] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 813.372105] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 17:30:55 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:55 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x7ffffffb, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:55 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000000300050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:55 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xa00000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:55 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc8070031") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:55 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b", 0x7b, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:55 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x3a00}) 17:30:55 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 813.379358] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 813.386616] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 813.393867] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:55 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x6300000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:55 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000fc1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:55 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:55 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b", 0x7b, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:55 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc8070031") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:55 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163cf, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:55 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xd}) [ 813.524892] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:55 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 813.585318] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 813.592277] CPU: 0 PID: 7047 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 813.600687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 813.610052] Call Trace: [ 813.612659] dump_stack+0x1c9/0x2b4 [ 813.616340] ? dump_stack_print_info.cold.2+0x52/0x52 [ 813.621550] ? trace_hardirqs_on+0xd/0x10 [ 813.625719] sysfs_warn_dup.cold.3+0x1c/0x2b [ 813.630152] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 813.635538] sysfs_create_link+0x65/0xc0 [ 813.639623] device_add+0x5d0/0x17b0 [ 813.643353] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 813.647868] ? genl_family_rcv_msg+0x8a3/0x1140 [ 813.652557] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 813.657674] ? do_syscall_64+0x1b9/0x820 [ 813.661750] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 813.666958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.672518] wiphy_register+0x1a21/0x2740 [ 813.676693] ? wiphy_unregister+0x12c0/0x12c0 [ 813.681210] ? kasan_unpoison_shadow+0x35/0x50 [ 813.685826] ? kasan_kmalloc+0xc4/0xe0 [ 813.689751] ? __kmalloc+0x315/0x760 [ 813.693462] ? __lockdep_init_map+0x105/0x590 [ 813.697948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.703472] ? ieee80211_cs_list_valid+0x7c/0x440 [ 813.708305] ? ieee80211_register_hw+0xc61/0x3890 [ 813.713133] ieee80211_register_hw+0x146b/0x3890 [ 813.717888] ? init_timer_on_stack_key+0x31/0xe0 [ 813.722630] ? ieee80211_free_ack_frame+0x60/0x60 [ 813.727469] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 813.732475] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 813.738618] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 813.744143] ? vsnprintf+0x20d/0x1b60 [ 813.747936] ? pointer+0x990/0x990 [ 813.751462] ? check_same_owner+0x340/0x340 [ 813.755769] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 813.760779] ? kvasprintf+0xea/0x140 [ 813.764486] ? bust_spinlocks+0xe0/0xe0 [ 813.768443] ? kasprintf+0xab/0xe0 [ 813.771963] ? kvasprintf_const+0x190/0x190 [ 813.780265] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 813.785816] hwsim_new_radio_nl+0x7c0/0xa80 [ 813.790127] ? nla_parse+0x32b/0x4e0 [ 813.793833] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 813.799022] ? __netlink_ns_capable+0x100/0x130 [ 813.803678] genl_family_rcv_msg+0x8a3/0x1140 [ 813.808594] ? genl_unregister_family+0x8b0/0x8b0 [ 813.813424] ? netlink_deliver_tap+0x32d/0xfb0 [ 813.817999] ? lock_downgrade+0x8f0/0x8f0 [ 813.822143] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 813.827153] ? lock_release+0xa30/0xa30 [ 813.831118] ? __netlink_lookup+0x5e1/0xab0 [ 813.835433] ? lock_acquire+0x1e4/0x540 [ 813.839397] ? genl_rcv+0x19/0x40 [ 813.842847] genl_rcv_msg+0xc6/0x168 [ 813.846548] netlink_rcv_skb+0x172/0x440 [ 813.850605] ? genl_family_rcv_msg+0x1140/0x1140 [ 813.855356] ? netlink_ack+0xbe0/0xbe0 [ 813.859274] genl_rcv+0x28/0x40 [ 813.862540] netlink_unicast+0x5a0/0x760 [ 813.866586] ? netlink_attachskb+0x9a0/0x9a0 [ 813.870984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.876506] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 813.881508] netlink_sendmsg+0xa18/0xfc0 [ 813.885564] ? netlink_unicast+0x760/0x760 [ 813.889793] ? move_addr_to_kernel.part.20+0x100/0x100 [ 813.895068] ? security_socket_sendmsg+0x94/0xc0 [ 813.899808] ? netlink_unicast+0x760/0x760 [ 813.904028] sock_sendmsg+0xd5/0x120 [ 813.907733] ___sys_sendmsg+0x7fd/0x930 [ 813.911705] ? copy_msghdr_from_user+0x580/0x580 [ 813.916452] ? __sched_text_start+0x8/0x8 [ 813.920580] ? __fget_light+0x2f7/0x440 [ 813.924545] ? fget_raw+0x20/0x20 [ 813.927984] ? __fd_install+0x2db/0x880 [ 813.931943] ? get_unused_fd_flags+0x1a0/0x1a0 [ 813.936512] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 813.942068] ? sockfd_lookup_light+0xc5/0x160 [ 813.946546] __sys_sendmsg+0x11d/0x290 [ 813.950434] ? __ia32_sys_shutdown+0x80/0x80 [ 813.954841] ? __x64_sys_futex+0x47f/0x6a0 [ 813.959147] ? fd_install+0x4d/0x60 [ 813.962766] ? syscall_slow_exit_work+0x500/0x500 [ 813.967592] ? ksys_ioctl+0x81/0xd0 [ 813.971206] __x64_sys_sendmsg+0x78/0xb0 [ 813.975257] do_syscall_64+0x1b9/0x820 [ 813.979130] ? finish_task_switch+0x1d3/0x870 [ 813.983611] ? syscall_return_slowpath+0x5e0/0x5e0 [ 813.988524] ? syscall_return_slowpath+0x31d/0x5e0 [ 813.993440] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 813.998442] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 814.003272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.008451] RIP: 0033:0x456959 [ 814.011638] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 814.030527] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 814.038223] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 814.045480] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 814.052745] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 814.060010] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 814.067283] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 814.084503] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 814.097393] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 814.104900] CPU: 0 PID: 7047 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 814.113317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.122685] Call Trace: [ 814.125292] dump_stack+0x1c9/0x2b4 [ 814.128950] ? dump_stack_print_info.cold.2+0x52/0x52 [ 814.134158] ? trace_hardirqs_on+0xd/0x10 [ 814.138332] sysfs_warn_dup.cold.3+0x1c/0x2b [ 814.142765] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 814.148151] sysfs_create_link+0x65/0xc0 [ 814.152240] device_add+0x5d0/0x17b0 [ 814.155959] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 814.160455] ? genl_family_rcv_msg+0x8a3/0x1140 [ 814.165200] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 814.170288] ? do_syscall_64+0x1b9/0x820 [ 814.174353] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 814.179528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.185059] wiphy_register+0x1a21/0x2740 [ 814.189197] ? wiphy_unregister+0x12c0/0x12c0 [ 814.193678] ? kasan_unpoison_shadow+0x35/0x50 [ 814.198245] ? kasan_kmalloc+0xc4/0xe0 [ 814.202127] ? __kmalloc+0x315/0x760 [ 814.205838] ? __lockdep_init_map+0x105/0x590 [ 814.210319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.215842] ? ieee80211_cs_list_valid+0x7c/0x440 [ 814.220673] ? ieee80211_register_hw+0xc61/0x3890 [ 814.225502] ieee80211_register_hw+0x146b/0x3890 [ 814.230253] ? init_timer_on_stack_key+0x31/0xe0 [ 814.235003] ? ieee80211_free_ack_frame+0x60/0x60 [ 814.239839] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 814.244846] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 814.250981] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 814.256501] ? vsnprintf+0x20d/0x1b60 [ 814.260284] ? pointer+0x990/0x990 [ 814.263824] ? check_same_owner+0x340/0x340 [ 814.268141] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 814.273146] ? kvasprintf+0xea/0x140 [ 814.276845] ? bust_spinlocks+0xe0/0xe0 [ 814.280811] ? kasprintf+0xab/0xe0 [ 814.284335] ? kvasprintf_const+0x190/0x190 [ 814.288650] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 814.294172] hwsim_new_radio_nl+0x7c0/0xa80 [ 814.298565] ? nla_parse+0x32b/0x4e0 [ 814.302263] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 814.307524] ? __netlink_ns_capable+0x100/0x130 [ 814.312175] genl_family_rcv_msg+0x8a3/0x1140 [ 814.316656] ? genl_unregister_family+0x8b0/0x8b0 [ 814.321480] ? netlink_deliver_tap+0x32d/0xfb0 [ 814.326056] ? lock_downgrade+0x8f0/0x8f0 [ 814.330217] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 814.335242] ? lock_release+0xa30/0xa30 [ 814.339202] ? __netlink_lookup+0x5e1/0xab0 [ 814.343504] ? lock_acquire+0x1e4/0x540 [ 814.347460] ? genl_rcv+0x19/0x40 [ 814.350899] genl_rcv_msg+0xc6/0x168 [ 814.354596] netlink_rcv_skb+0x172/0x440 [ 814.358641] ? genl_family_rcv_msg+0x1140/0x1140 [ 814.363378] ? netlink_ack+0xbe0/0xbe0 [ 814.367251] genl_rcv+0x28/0x40 [ 814.370512] netlink_unicast+0x5a0/0x760 [ 814.374558] ? netlink_attachskb+0x9a0/0x9a0 [ 814.378958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.384476] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 814.389475] netlink_sendmsg+0xa18/0xfc0 [ 814.393530] ? netlink_unicast+0x760/0x760 [ 814.397754] ? move_addr_to_kernel.part.20+0x100/0x100 [ 814.403041] ? security_socket_sendmsg+0x94/0xc0 [ 814.407799] ? netlink_unicast+0x760/0x760 [ 814.412022] sock_sendmsg+0xd5/0x120 [ 814.415733] ___sys_sendmsg+0x7fd/0x930 [ 814.419697] ? copy_msghdr_from_user+0x580/0x580 [ 814.424442] ? lock_acquire+0x1e4/0x540 [ 814.428398] ? __fd_install+0x2b2/0x880 [ 814.432355] ? lock_downgrade+0x8f0/0x8f0 [ 814.436484] ? select_collect+0x610/0x610 [ 814.440615] ? __fget_light+0x2f7/0x440 [ 814.444570] ? fget_raw+0x20/0x20 [ 814.448018] ? __fd_install+0x2db/0x880 [ 814.451983] ? get_unused_fd_flags+0x1a0/0x1a0 [ 814.456554] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 814.462092] ? sockfd_lookup_light+0xc5/0x160 [ 814.466568] __sys_sendmsg+0x11d/0x290 [ 814.470440] ? __ia32_sys_shutdown+0x80/0x80 [ 814.474833] ? __x64_sys_futex+0x47f/0x6a0 [ 814.479062] ? fd_install+0x4d/0x60 [ 814.482678] ? ksys_ioctl+0x81/0xd0 [ 814.486291] __x64_sys_sendmsg+0x78/0xb0 [ 814.490339] do_syscall_64+0x1b9/0x820 [ 814.494212] ? finish_task_switch+0x1d3/0x870 [ 814.498690] ? syscall_return_slowpath+0x5e0/0x5e0 [ 814.503604] ? syscall_return_slowpath+0x31d/0x5e0 [ 814.508517] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 814.513528] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 814.518356] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.523529] RIP: 0033:0x456959 17:30:56 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:56 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f8571") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:56 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000051900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:56 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x100000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:56 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b", 0x7b, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:56 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3b3, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:56 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0), 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:56 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x608}) [ 814.526710] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 814.545602] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 814.553294] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 814.560555] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 814.567810] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 814.575063] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 814.582320] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:56 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163c7, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:56 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0), 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:56 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2", 0x90, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:56 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f8571") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:56 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x50}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 814.648897] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 814.708082] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 814.715066] CPU: 1 PID: 7094 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 814.723479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.732935] Call Trace: [ 814.735554] dump_stack+0x1c9/0x2b4 [ 814.739229] ? dump_stack_print_info.cold.2+0x52/0x52 [ 814.744434] ? trace_hardirqs_on+0xd/0x10 [ 814.748602] sysfs_warn_dup.cold.3+0x1c/0x2b 17:30:56 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000b1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:56 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xffffff84}) [ 814.753302] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 814.758704] sysfs_create_link+0x65/0xc0 [ 814.762793] device_add+0x5d0/0x17b0 [ 814.766535] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 814.771047] ? genl_family_rcv_msg+0x8a3/0x1140 [ 814.775735] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 814.780869] ? do_syscall_64+0x1b9/0x820 [ 814.784947] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 814.790155] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.795711] wiphy_register+0x1a21/0x2740 [ 814.799880] ? wiphy_unregister+0x12c0/0x12c0 [ 814.804384] ? kasan_unpoison_shadow+0x35/0x50 [ 814.808982] ? kasan_kmalloc+0xc4/0xe0 [ 814.812887] ? __kmalloc+0x315/0x760 [ 814.816617] ? __lockdep_init_map+0x105/0x590 [ 814.821130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.826678] ? ieee80211_cs_list_valid+0x7c/0x440 [ 814.831521] ? ieee80211_register_hw+0xc61/0x3890 [ 814.836361] ieee80211_register_hw+0x146b/0x3890 [ 814.841124] ? init_timer_on_stack_key+0x31/0xe0 [ 814.845877] ? ieee80211_free_ack_frame+0x60/0x60 [ 814.850734] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 814.855769] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 814.861924] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 814.867461] ? vsnprintf+0x20d/0x1b60 [ 814.871256] ? pointer+0x990/0x990 [ 814.874792] ? check_same_owner+0x340/0x340 [ 814.879109] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 814.884112] ? kvasprintf+0xea/0x140 [ 814.887814] ? bust_spinlocks+0xe0/0xe0 [ 814.891785] ? kasprintf+0xab/0xe0 [ 814.895318] ? kvasprintf_const+0x190/0x190 [ 814.899647] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 814.905195] hwsim_new_radio_nl+0x7c0/0xa80 [ 814.909523] ? nla_parse+0x32b/0x4e0 [ 814.913226] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 814.918581] ? __netlink_ns_capable+0x100/0x130 [ 814.923261] genl_family_rcv_msg+0x8a3/0x1140 [ 814.927752] ? genl_unregister_family+0x8b0/0x8b0 [ 814.932577] ? netlink_deliver_tap+0x32d/0xfb0 [ 814.937159] ? lock_downgrade+0x8f0/0x8f0 [ 814.941292] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 814.946295] ? lock_release+0xa30/0xa30 [ 814.950269] ? __netlink_lookup+0x5e1/0xab0 [ 814.954586] ? lock_acquire+0x1e4/0x540 [ 814.958554] ? genl_rcv+0x19/0x40 [ 814.962006] genl_rcv_msg+0xc6/0x168 [ 814.965705] netlink_rcv_skb+0x172/0x440 [ 814.969768] ? genl_family_rcv_msg+0x1140/0x1140 [ 814.974513] ? netlink_ack+0xbe0/0xbe0 [ 814.978398] genl_rcv+0x28/0x40 [ 814.981680] netlink_unicast+0x5a0/0x760 [ 814.985746] ? netlink_attachskb+0x9a0/0x9a0 [ 814.990150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.995687] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 815.000695] netlink_sendmsg+0xa18/0xfc0 [ 815.004761] ? netlink_unicast+0x760/0x760 [ 815.009011] ? move_addr_to_kernel.part.20+0x100/0x100 [ 815.014281] ? security_socket_sendmsg+0x94/0xc0 [ 815.019030] ? netlink_unicast+0x760/0x760 [ 815.023266] sock_sendmsg+0xd5/0x120 [ 815.026983] ___sys_sendmsg+0x7fd/0x930 [ 815.030955] ? copy_msghdr_from_user+0x580/0x580 [ 815.035707] ? lock_acquire+0x1e4/0x540 [ 815.039682] ? __fd_install+0x2b2/0x880 [ 815.043673] ? lock_downgrade+0x8f0/0x8f0 [ 815.047819] ? select_collect+0x610/0x610 [ 815.051955] ? __fget_light+0x2f7/0x440 [ 815.056014] ? fget_raw+0x20/0x20 [ 815.059462] ? __fd_install+0x2db/0x880 [ 815.063432] ? get_unused_fd_flags+0x1a0/0x1a0 [ 815.068016] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 815.073558] ? sockfd_lookup_light+0xc5/0x160 [ 815.078051] __sys_sendmsg+0x11d/0x290 [ 815.081929] ? __ia32_sys_shutdown+0x80/0x80 [ 815.086330] ? __x64_sys_futex+0x47f/0x6a0 [ 815.090551] ? fd_install+0x4d/0x60 [ 815.094176] ? ksys_ioctl+0x81/0xd0 [ 815.097799] __x64_sys_sendmsg+0x78/0xb0 [ 815.101857] do_syscall_64+0x1b9/0x820 [ 815.105744] ? finish_task_switch+0x1d3/0x870 [ 815.110236] ? syscall_return_slowpath+0x5e0/0x5e0 [ 815.115163] ? syscall_return_slowpath+0x31d/0x5e0 [ 815.120090] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 815.125107] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 815.129948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 815.135124] RIP: 0033:0x456959 [ 815.138302] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 815.157189] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 815.164887] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 815.172144] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 815.179402] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 815.186662] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 815.193925] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:57 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x600000000000000}) 17:30:57 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2", 0x90, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:57 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0), 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:57 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000002d00050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:57 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f8571") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x8, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:57 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x7900000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:57 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:57 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2", 0x90, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:57 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xe, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:57 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x200000000000000}) [ 815.343840] IPv6: Can't replace route, no match found [ 815.355803] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:57 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x3000000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 815.402011] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 815.408955] CPU: 1 PID: 7139 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 815.417362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.426721] Call Trace: [ 815.429327] dump_stack+0x1c9/0x2b4 [ 815.432982] ? dump_stack_print_info.cold.2+0x52/0x52 [ 815.438189] ? trace_hardirqs_on+0xd/0x10 [ 815.442365] sysfs_warn_dup.cold.3+0x1c/0x2b [ 815.446788] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:57 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f857140") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x31, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 815.452169] sysfs_create_link+0x65/0xc0 [ 815.457470] device_add+0x5d0/0x17b0 [ 815.461193] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 815.465705] ? genl_family_rcv_msg+0x8a3/0x1140 [ 815.470393] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 815.475516] ? do_syscall_64+0x1b9/0x820 [ 815.479590] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 815.484798] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.490351] wiphy_register+0x1a21/0x2740 [ 815.494494] ? wiphy_unregister+0x12c0/0x12c0 [ 815.498993] ? kasan_unpoison_shadow+0x35/0x50 [ 815.503565] ? kasan_kmalloc+0xc4/0xe0 [ 815.507443] ? __kmalloc+0x315/0x760 [ 815.511150] ? __lockdep_init_map+0x105/0x590 [ 815.515648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.521182] ? ieee80211_cs_list_valid+0x7c/0x440 [ 815.526035] ? ieee80211_register_hw+0xc61/0x3890 [ 815.530884] ieee80211_register_hw+0x146b/0x3890 [ 815.535644] ? init_timer_on_stack_key+0x31/0xe0 [ 815.540391] ? ieee80211_free_ack_frame+0x60/0x60 [ 815.545236] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 815.550275] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 815.556439] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 815.561964] ? vsnprintf+0x20d/0x1b60 [ 815.565755] ? pointer+0x990/0x990 [ 815.569288] ? check_same_owner+0x340/0x340 [ 815.573599] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 815.578609] ? kvasprintf+0xea/0x140 [ 815.582316] ? bust_spinlocks+0xe0/0xe0 [ 815.586281] ? kasprintf+0xab/0xe0 [ 815.589816] ? kvasprintf_const+0x190/0x190 [ 815.594142] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 815.599678] hwsim_new_radio_nl+0x7c0/0xa80 [ 815.604006] ? nla_parse+0x32b/0x4e0 [ 815.607711] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 815.612903] ? __netlink_ns_capable+0x100/0x130 [ 815.617577] genl_family_rcv_msg+0x8a3/0x1140 [ 815.622069] ? genl_unregister_family+0x8b0/0x8b0 [ 815.626908] ? netlink_deliver_tap+0x32d/0xfb0 [ 815.631487] ? lock_downgrade+0x8f0/0x8f0 [ 815.635628] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 815.640639] ? lock_release+0xa30/0xa30 [ 815.644606] ? __netlink_lookup+0x5e1/0xab0 [ 815.649010] ? lock_acquire+0x1e4/0x540 [ 815.652970] ? genl_rcv+0x19/0x40 [ 815.657475] genl_rcv_msg+0xc6/0x168 [ 815.661176] netlink_rcv_skb+0x172/0x440 [ 815.665229] ? genl_family_rcv_msg+0x1140/0x1140 [ 815.669999] ? netlink_ack+0xbe0/0xbe0 [ 815.673890] genl_rcv+0x28/0x40 [ 815.677164] netlink_unicast+0x5a0/0x760 [ 815.681220] ? netlink_attachskb+0x9a0/0x9a0 [ 815.685625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.691147] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 815.696160] netlink_sendmsg+0xa18/0xfc0 [ 815.700228] ? netlink_unicast+0x760/0x760 [ 815.704465] ? move_addr_to_kernel.part.20+0x100/0x100 [ 815.709737] ? security_socket_sendmsg+0x94/0xc0 [ 815.714482] ? netlink_unicast+0x760/0x760 [ 815.718718] sock_sendmsg+0xd5/0x120 [ 815.722437] ___sys_sendmsg+0x7fd/0x930 [ 815.726407] ? copy_msghdr_from_user+0x580/0x580 [ 815.731167] ? __sched_text_start+0x8/0x8 [ 815.735320] ? __fget_light+0x2f7/0x440 [ 815.739277] ? fget_raw+0x20/0x20 [ 815.742739] ? __fd_install+0x2db/0x880 [ 815.746718] ? get_unused_fd_flags+0x1a0/0x1a0 17:30:57 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000081900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 815.751297] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 815.756841] ? sockfd_lookup_light+0xc5/0x160 [ 815.761375] __sys_sendmsg+0x11d/0x290 [ 815.765274] ? __ia32_sys_shutdown+0x80/0x80 [ 815.769694] ? __x64_sys_futex+0x47f/0x6a0 [ 815.773939] ? fd_install+0x4d/0x60 [ 815.777578] ? syscall_slow_exit_work+0x500/0x500 [ 815.782424] ? ksys_ioctl+0x81/0xd0 [ 815.786063] __x64_sys_sendmsg+0x78/0xb0 [ 815.790156] do_syscall_64+0x1b9/0x820 [ 815.794078] ? syscall_return_slowpath+0x5e0/0x5e0 [ 815.799019] ? syscall_return_slowpath+0x31d/0x5e0 [ 815.803972] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 815.809011] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 815.813873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 815.819068] RIP: 0033:0x456959 [ 815.822274] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 815.841354] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:57 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) [ 815.849082] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 815.856355] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 815.863621] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 815.870882] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 815.878159] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 815.888437] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 815.918505] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 815.925431] CPU: 1 PID: 7160 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 815.933834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.943206] Call Trace: [ 815.945799] dump_stack+0x1c9/0x2b4 [ 815.949425] ? dump_stack_print_info.cold.2+0x52/0x52 [ 815.954605] ? trace_hardirqs_on+0xd/0x10 [ 815.958744] sysfs_warn_dup.cold.3+0x1c/0x2b [ 815.963143] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 815.968518] sysfs_create_link+0x65/0xc0 [ 815.972569] device_add+0x5d0/0x17b0 [ 815.976269] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 815.980749] ? genl_family_rcv_msg+0x8a3/0x1140 [ 815.985409] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 815.990496] ? do_syscall_64+0x1b9/0x820 [ 815.994549] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 815.999727] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.005254] wiphy_register+0x1a21/0x2740 [ 816.009397] ? wiphy_unregister+0x12c0/0x12c0 [ 816.013878] ? kasan_unpoison_shadow+0x35/0x50 [ 816.018441] ? kasan_kmalloc+0xc4/0xe0 [ 816.022316] ? __kmalloc+0x315/0x760 [ 816.026014] ? __lockdep_init_map+0x105/0x590 [ 816.030500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.036022] ? ieee80211_cs_list_valid+0x7c/0x440 [ 816.040866] ? ieee80211_register_hw+0xc61/0x3890 [ 816.045694] ieee80211_register_hw+0x146b/0x3890 [ 816.050445] ? init_timer_on_stack_key+0x31/0xe0 [ 816.055192] ? ieee80211_free_ack_frame+0x60/0x60 [ 816.060027] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 816.065036] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 816.071176] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 816.076697] ? vsnprintf+0x20d/0x1b60 [ 816.080484] ? pointer+0x990/0x990 [ 816.084010] ? do_raw_spin_unlock+0xa7/0x2f0 [ 816.088404] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 816.093415] ? kvasprintf+0xea/0x140 [ 816.097296] ? bust_spinlocks+0xe0/0xe0 [ 816.101270] ? kasprintf+0xab/0xe0 [ 816.104796] ? kvasprintf_const+0x190/0x190 [ 816.109103] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 816.114629] hwsim_new_radio_nl+0x7c0/0xa80 [ 816.118938] ? nla_parse+0x32b/0x4e0 [ 816.122636] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 816.127812] ? __netlink_ns_capable+0x100/0x130 [ 816.132478] genl_family_rcv_msg+0x8a3/0x1140 [ 816.136975] ? genl_unregister_family+0x8b0/0x8b0 [ 816.141802] ? netlink_deliver_tap+0x32d/0xfb0 [ 816.146371] ? lock_downgrade+0x8f0/0x8f0 [ 816.150506] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 816.155509] ? lock_release+0xa30/0xa30 [ 816.159469] ? lock_acquire+0x1e4/0x540 [ 816.163427] ? genl_rcv+0x19/0x40 [ 816.166871] genl_rcv_msg+0xc6/0x168 [ 816.170574] netlink_rcv_skb+0x172/0x440 [ 816.174632] ? genl_family_rcv_msg+0x1140/0x1140 [ 816.179373] ? netlink_ack+0xbe0/0xbe0 [ 816.183251] genl_rcv+0x28/0x40 [ 816.186513] netlink_unicast+0x5a0/0x760 [ 816.190573] ? netlink_attachskb+0x9a0/0x9a0 [ 816.194969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.200490] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 816.205495] netlink_sendmsg+0xa18/0xfc0 [ 816.209541] ? netlink_unicast+0x760/0x760 [ 816.213763] ? move_addr_to_kernel.part.20+0x100/0x100 [ 816.219038] ? security_socket_sendmsg+0x94/0xc0 [ 816.223777] ? netlink_unicast+0x760/0x760 [ 816.227994] sock_sendmsg+0xd5/0x120 [ 816.231695] ___sys_sendmsg+0x7fd/0x930 [ 816.235669] ? copy_msghdr_from_user+0x580/0x580 [ 816.240421] ? __sched_text_start+0x8/0x8 [ 816.244555] ? __fget_light+0x2f7/0x440 [ 816.248514] ? fget_raw+0x20/0x20 [ 816.251954] ? __fd_install+0x2db/0x880 [ 816.255925] ? get_unused_fd_flags+0x1a0/0x1a0 [ 816.260504] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 816.266022] ? sockfd_lookup_light+0xc5/0x160 [ 816.270586] __sys_sendmsg+0x11d/0x290 [ 816.274468] ? __ia32_sys_shutdown+0x80/0x80 [ 816.278862] ? schedule+0xfb/0x450 [ 816.282391] ? __x64_sys_futex+0x47f/0x6a0 [ 816.286607] ? fd_install+0x4d/0x60 [ 816.290222] ? syscall_slow_exit_work+0x500/0x500 [ 816.295142] ? ksys_ioctl+0x81/0xd0 [ 816.298756] __x64_sys_sendmsg+0x78/0xb0 [ 816.302802] do_syscall_64+0x1b9/0x820 [ 816.306673] ? syscall_slow_exit_work+0x500/0x500 [ 816.311510] ? syscall_return_slowpath+0x5e0/0x5e0 [ 816.316435] ? syscall_return_slowpath+0x31d/0x5e0 [ 816.321348] ? prepare_exit_to_usermode+0x291/0x3b0 [ 816.326361] ? perf_trace_sys_enter+0xb10/0xb10 [ 816.331016] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 816.335845] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.341017] RIP: 0033:0x456959 [ 816.344208] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 816.363095] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:58 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e45", 0x9a, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:58 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x88ffffff}) 17:30:58 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000101900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:58 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f857140") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 816.370788] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 816.378042] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 816.385295] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 816.392551] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 816.399806] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:58 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x61000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:58 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:58 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, r2) 17:30:58 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e45", 0x9a, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 816.508174] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 816.544069] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 816.551007] CPU: 1 PID: 7193 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 816.559416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.568781] Call Trace: [ 816.571415] dump_stack+0x1c9/0x2b4 [ 816.575161] ? dump_stack_print_info.cold.2+0x52/0x52 [ 816.580370] ? trace_hardirqs_on+0xd/0x10 [ 816.584525] sysfs_warn_dup.cold.3+0x1c/0x2b [ 816.588940] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 816.594305] sysfs_create_link+0x65/0xc0 [ 816.598368] device_add+0x5d0/0x17b0 [ 816.602079] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 816.606576] ? genl_family_rcv_msg+0x8a3/0x1140 [ 816.611241] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 816.616335] ? do_syscall_64+0x1b9/0x820 [ 816.620390] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 816.625599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.631148] wiphy_register+0x1a21/0x2740 [ 816.635287] ? wiphy_unregister+0x12c0/0x12c0 [ 816.639777] ? kasan_unpoison_shadow+0x35/0x50 [ 816.644375] ? kasan_kmalloc+0xc4/0xe0 [ 816.648276] ? __kmalloc+0x315/0x760 [ 816.651985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 17:30:58 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f857140") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:58 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xd00}) [ 816.657515] ? ieee80211_cs_list_valid+0x7c/0x440 [ 816.662363] ? ieee80211_register_hw+0xc61/0x3890 [ 816.667218] ieee80211_register_hw+0x146b/0x3890 [ 816.672081] ? init_timer_on_stack_key+0x31/0xe0 [ 816.676861] ? ieee80211_free_ack_frame+0x60/0x60 [ 816.681725] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 816.686763] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 816.692929] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 816.698476] ? vsnprintf+0x20d/0x1b60 [ 816.702283] ? pointer+0x990/0x990 17:30:58 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 816.705829] ? check_same_owner+0x340/0x340 [ 816.710168] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 816.715196] ? kvasprintf+0xea/0x140 [ 816.718929] ? bust_spinlocks+0xe0/0xe0 [ 816.722928] ? kasprintf+0xab/0xe0 [ 816.726474] ? kvasprintf_const+0x190/0x190 [ 816.730804] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 816.736352] hwsim_new_radio_nl+0x7c0/0xa80 [ 816.740683] ? nla_parse+0x32b/0x4e0 [ 816.744407] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 816.749606] ? __netlink_ns_capable+0x100/0x130 [ 816.754289] genl_family_rcv_msg+0x8a3/0x1140 17:30:58 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x27, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:58 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000091900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 816.758800] ? genl_unregister_family+0x8b0/0x8b0 [ 816.763648] ? netlink_deliver_tap+0x32d/0xfb0 [ 816.768238] ? lock_downgrade+0x8f0/0x8f0 [ 816.772394] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 816.777422] ? lock_release+0xa30/0xa30 [ 816.781409] ? __netlink_lookup+0x5e1/0xab0 [ 816.785742] ? lock_acquire+0x1e4/0x540 [ 816.789721] ? genl_rcv+0x19/0x40 [ 816.793227] genl_rcv_msg+0xc6/0x168 [ 816.796985] netlink_rcv_skb+0x172/0x440 [ 816.801051] ? genl_family_rcv_msg+0x1140/0x1140 [ 816.805819] ? netlink_ack+0xbe0/0xbe0 [ 816.809747] genl_rcv+0x28/0x40 [ 816.813026] netlink_unicast+0x5a0/0x760 [ 816.817101] ? netlink_attachskb+0x9a0/0x9a0 [ 816.822021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.827632] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 816.832647] netlink_sendmsg+0xa18/0xfc0 [ 816.836723] ? netlink_unicast+0x760/0x760 [ 816.840962] ? move_addr_to_kernel.part.20+0x100/0x100 [ 816.846325] ? security_socket_sendmsg+0x94/0xc0 [ 816.851067] ? netlink_unicast+0x760/0x760 [ 816.855294] sock_sendmsg+0xd5/0x120 [ 816.858995] ___sys_sendmsg+0x7fd/0x930 [ 816.862969] ? copy_msghdr_from_user+0x580/0x580 [ 816.867717] ? lock_acquire+0x1e4/0x540 [ 816.871687] ? __fd_install+0x2b2/0x880 [ 816.876354] ? lock_downgrade+0x8f0/0x8f0 [ 816.880511] ? select_collect+0x610/0x610 [ 816.884647] ? __fget_light+0x2f7/0x440 [ 816.888606] ? fget_raw+0x20/0x20 [ 816.892057] ? __fd_install+0x2db/0x880 [ 816.896033] ? get_unused_fd_flags+0x1a0/0x1a0 [ 816.900616] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 816.906157] ? sockfd_lookup_light+0xc5/0x160 [ 816.910658] __sys_sendmsg+0x11d/0x290 [ 816.914538] ? __ia32_sys_shutdown+0x80/0x80 [ 816.918953] ? __x64_sys_futex+0x47f/0x6a0 [ 816.923190] ? fd_install+0x4d/0x60 [ 816.926806] ? ksys_ioctl+0x81/0xd0 [ 816.930440] __x64_sys_sendmsg+0x78/0xb0 [ 816.934500] do_syscall_64+0x1b9/0x820 [ 816.938385] ? finish_task_switch+0x1d3/0x870 [ 816.942869] ? syscall_return_slowpath+0x5e0/0x5e0 [ 816.947787] ? syscall_return_slowpath+0x31d/0x5e0 [ 816.952709] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 816.957726] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 816.962589] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.967772] RIP: 0033:0x456959 [ 816.970952] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 816.989844] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 816.997558] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 817.004831] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 817.012101] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 817.019369] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 817.026628] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 817.043030] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 817.058770] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 817.065730] CPU: 0 PID: 7216 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 817.074140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.083501] Call Trace: [ 817.086108] dump_stack+0x1c9/0x2b4 [ 817.089752] ? dump_stack_print_info.cold.2+0x52/0x52 [ 817.094957] ? trace_hardirqs_on+0xd/0x10 [ 817.099125] sysfs_warn_dup.cold.3+0x1c/0x2b [ 817.103548] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 817.108928] sysfs_create_link+0x65/0xc0 [ 817.113006] device_add+0x5d0/0x17b0 [ 817.116734] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 817.121346] ? genl_family_rcv_msg+0x8a3/0x1140 [ 817.126030] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 817.131148] ? do_syscall_64+0x1b9/0x820 [ 817.135399] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 817.140709] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.146263] wiphy_register+0x1a21/0x2740 [ 817.150426] ? down_read_non_owner+0x40/0x1b0 [ 817.154942] ? wiphy_unregister+0x12c0/0x12c0 17:30:58 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x800e}) 17:30:58 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(0xffffffffffffffff, 0x5460, r2) 17:30:58 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000601900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:58 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x5000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:58 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:58 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e45", 0x9a, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 817.159533] ? kasan_unpoison_shadow+0x35/0x50 [ 817.164126] ? kasan_kmalloc+0xc4/0xe0 [ 817.168028] ? __kmalloc+0x315/0x760 [ 817.171765] ? __lockdep_init_map+0x105/0x590 [ 817.176290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.181872] ? ieee80211_cs_list_valid+0x7c/0x440 [ 817.186730] ? ieee80211_register_hw+0xc61/0x3890 [ 817.191595] ieee80211_register_hw+0x146b/0x3890 [ 817.196371] ? init_timer_on_stack_key+0x31/0xe0 [ 817.201151] ? ieee80211_free_ack_frame+0x60/0x60 [ 817.206031] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 817.211085] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 817.217253] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 817.222802] ? vsnprintf+0x20d/0x1b60 [ 817.226620] ? pointer+0x990/0x990 [ 817.230171] ? do_raw_spin_unlock+0xa7/0x2f0 [ 817.234595] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 817.239624] ? kvasprintf+0xea/0x140 [ 817.243346] ? bust_spinlocks+0xe0/0xe0 [ 817.247322] ? kasprintf+0xab/0xe0 [ 817.250856] ? kvasprintf_const+0x190/0x190 [ 817.255184] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 817.260728] hwsim_new_radio_nl+0x7c0/0xa80 [ 817.265051] ? nla_parse+0x32b/0x4e0 [ 817.268768] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 817.273953] ? __netlink_ns_capable+0x100/0x130 [ 817.278629] genl_family_rcv_msg+0x8a3/0x1140 [ 817.283117] ? genl_unregister_family+0x8b0/0x8b0 [ 817.287953] ? netlink_deliver_tap+0x32d/0xfb0 [ 817.292536] ? lock_downgrade+0x8f0/0x8f0 [ 817.296692] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 817.301724] ? lock_release+0xa30/0xa30 [ 817.305702] ? lock_acquire+0x1e4/0x540 [ 817.309669] ? genl_rcv+0x19/0x40 [ 817.313122] genl_rcv_msg+0xc6/0x168 [ 817.316836] netlink_rcv_skb+0x172/0x440 [ 817.320907] ? genl_family_rcv_msg+0x1140/0x1140 [ 817.325665] ? netlink_ack+0xbe0/0xbe0 [ 817.329567] genl_rcv+0x28/0x40 [ 817.332851] netlink_unicast+0x5a0/0x760 [ 817.336906] ? netlink_attachskb+0x9a0/0x9a0 [ 817.341320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.346854] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 817.351860] netlink_sendmsg+0xa18/0xfc0 [ 817.355907] ? netlink_unicast+0x760/0x760 [ 817.360139] ? move_addr_to_kernel.part.20+0x100/0x100 [ 817.365411] ? security_socket_sendmsg+0x94/0xc0 [ 817.370167] ? netlink_unicast+0x760/0x760 [ 817.374394] sock_sendmsg+0xd5/0x120 [ 817.378090] ___sys_sendmsg+0x7fd/0x930 [ 817.382053] ? copy_msghdr_from_user+0x580/0x580 [ 817.386819] ? __sched_text_start+0x8/0x8 [ 817.390965] ? __fget_light+0x2f7/0x440 [ 817.394933] ? fget_raw+0x20/0x20 [ 817.398479] ? __fd_install+0x2db/0x880 [ 817.402457] ? get_unused_fd_flags+0x1a0/0x1a0 [ 817.407028] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 817.412557] ? sockfd_lookup_light+0xc5/0x160 [ 817.417047] __sys_sendmsg+0x11d/0x290 [ 817.420924] ? __ia32_sys_shutdown+0x80/0x80 [ 817.425332] ? __x64_sys_futex+0x47f/0x6a0 [ 817.429554] ? fd_install+0x4d/0x60 [ 817.433172] ? syscall_slow_exit_work+0x500/0x500 [ 817.438008] ? ksys_ioctl+0x81/0xd0 [ 817.441724] __x64_sys_sendmsg+0x78/0xb0 [ 817.445782] do_syscall_64+0x1b9/0x820 [ 817.449657] ? finish_task_switch+0x1d3/0x870 [ 817.454157] ? syscall_return_slowpath+0x5e0/0x5e0 [ 817.459093] ? syscall_return_slowpath+0x31d/0x5e0 [ 817.464021] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 817.469025] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 817.473858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 817.479037] RIP: 0033:0x456959 [ 817.482229] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 817.501130] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:30:59 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b1775106", 0x9f, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x69, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 817.508840] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 817.516104] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 817.523362] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 817.530626] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 817.537895] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:30:59 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:30:59 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x500}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:30:59 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:59 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(0xffffffffffffffff, 0x5460, r2) 17:30:59 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b1775106", 0x9f, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:30:59 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000a1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:30:59 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xffffdd86}) [ 817.659313] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:30:59 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x3580}) 17:30:59 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600002c1900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 817.721326] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 817.728282] CPU: 0 PID: 7248 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 817.736690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.746046] Call Trace: [ 817.748658] dump_stack+0x1c9/0x2b4 [ 817.752305] ? dump_stack_print_info.cold.2+0x52/0x52 [ 817.757524] ? trace_hardirqs_on+0xd/0x10 [ 817.761697] sysfs_warn_dup.cold.3+0x1c/0x2b [ 817.766121] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:30:59 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(0xffffffffffffffff, 0x5460, r2) 17:30:59 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 17:30:59 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x60}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 817.771500] sysfs_create_link+0x65/0xc0 [ 817.775581] device_add+0x5d0/0x17b0 [ 817.779306] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 817.783810] ? genl_family_rcv_msg+0x8a3/0x1140 [ 817.788499] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 817.793629] ? do_syscall_64+0x1b9/0x820 [ 817.797708] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 817.802914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.808473] wiphy_register+0x1a21/0x2740 [ 817.812638] ? wiphy_unregister+0x12c0/0x12c0 [ 817.817148] ? kasan_unpoison_shadow+0x35/0x50 [ 817.821741] ? kasan_kmalloc+0xc4/0xe0 [ 817.825640] ? __kmalloc+0x315/0x760 [ 817.829364] ? __lockdep_init_map+0x105/0x590 [ 817.833876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.839436] ? ieee80211_cs_list_valid+0x7c/0x440 [ 817.844311] ? ieee80211_register_hw+0xc61/0x3890 [ 817.849183] ieee80211_register_hw+0x146b/0x3890 [ 817.853962] ? init_timer_on_stack_key+0x31/0xe0 [ 817.858734] ? ieee80211_free_ack_frame+0x60/0x60 [ 817.863611] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 817.868652] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 817.874801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 817.880334] ? vsnprintf+0x20d/0x1b60 [ 817.884122] ? pointer+0x990/0x990 [ 817.887657] ? check_same_owner+0x340/0x340 [ 817.891989] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 817.897000] ? kvasprintf+0xea/0x140 [ 817.900700] ? bust_spinlocks+0xe0/0xe0 [ 817.904667] ? kasprintf+0xab/0xe0 [ 817.908205] ? kvasprintf_const+0x190/0x190 [ 817.912533] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 817.918068] hwsim_new_radio_nl+0x7c0/0xa80 [ 817.922396] ? nla_parse+0x32b/0x4e0 [ 817.926097] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 817.931284] ? __netlink_ns_capable+0x100/0x130 [ 817.935953] genl_family_rcv_msg+0x8a3/0x1140 [ 817.940451] ? genl_unregister_family+0x8b0/0x8b0 [ 817.945296] ? netlink_deliver_tap+0x32d/0xfb0 [ 817.949959] ? lock_downgrade+0x8f0/0x8f0 [ 817.954095] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 817.959110] ? lock_release+0xa30/0xa30 [ 817.963710] ? __netlink_lookup+0x5e1/0xab0 [ 817.968026] ? lock_acquire+0x1e4/0x540 [ 817.971984] ? genl_rcv+0x19/0x40 [ 817.975458] genl_rcv_msg+0xc6/0x168 [ 817.979176] netlink_rcv_skb+0x172/0x440 [ 817.983223] ? genl_family_rcv_msg+0x1140/0x1140 [ 817.987963] ? netlink_ack+0xbe0/0xbe0 [ 817.991924] genl_rcv+0x28/0x40 [ 817.995190] netlink_unicast+0x5a0/0x760 [ 817.999237] ? netlink_attachskb+0x9a0/0x9a0 [ 818.003634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.009159] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 818.014171] netlink_sendmsg+0xa18/0xfc0 [ 818.018231] ? netlink_unicast+0x760/0x760 [ 818.022452] ? move_addr_to_kernel.part.20+0x100/0x100 [ 818.027729] ? security_socket_sendmsg+0x94/0xc0 [ 818.032503] ? netlink_unicast+0x760/0x760 [ 818.036751] sock_sendmsg+0xd5/0x120 [ 818.040467] ___sys_sendmsg+0x7fd/0x930 [ 818.044446] ? copy_msghdr_from_user+0x580/0x580 [ 818.049211] ? lock_acquire+0x1e4/0x540 [ 818.053175] ? __fd_install+0x2b2/0x880 [ 818.057134] ? lock_downgrade+0x8f0/0x8f0 [ 818.061277] ? select_collect+0x610/0x610 [ 818.065432] ? __fget_light+0x2f7/0x440 [ 818.069389] ? fget_raw+0x20/0x20 [ 818.072828] ? __fd_install+0x2db/0x880 [ 818.076785] ? get_unused_fd_flags+0x1a0/0x1a0 [ 818.081358] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 818.086887] ? sockfd_lookup_light+0xc5/0x160 [ 818.091476] __sys_sendmsg+0x11d/0x290 [ 818.095375] ? __ia32_sys_shutdown+0x80/0x80 [ 818.099790] ? __x64_sys_futex+0x47f/0x6a0 [ 818.104028] ? fd_install+0x4d/0x60 [ 818.107651] ? ksys_ioctl+0x81/0xd0 [ 818.111281] __x64_sys_sendmsg+0x78/0xb0 [ 818.115331] do_syscall_64+0x1b9/0x820 [ 818.119205] ? finish_task_switch+0x1d3/0x870 [ 818.123696] ? syscall_return_slowpath+0x5e0/0x5e0 [ 818.128632] ? syscall_return_slowpath+0x31d/0x5e0 [ 818.133549] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 818.138551] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 818.143387] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 818.148586] RIP: 0033:0x456959 [ 818.151772] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 818.170860] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 818.178669] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 818.186015] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 818.193272] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 818.200528] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 818.207785] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 818.218514] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 818.242273] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 818.249209] CPU: 1 PID: 7249 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 818.257624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 818.266995] Call Trace: [ 818.269606] dump_stack+0x1c9/0x2b4 [ 818.273252] ? dump_stack_print_info.cold.2+0x52/0x52 [ 818.278462] ? trace_hardirqs_on+0xd/0x10 [ 818.282636] sysfs_warn_dup.cold.3+0x1c/0x2b [ 818.287066] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 818.292451] sysfs_create_link+0x65/0xc0 [ 818.296532] device_add+0x5d0/0x17b0 [ 818.300264] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 818.304781] ? genl_family_rcv_msg+0x8a3/0x1140 [ 818.309470] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 818.314616] ? do_syscall_64+0x1b9/0x820 [ 818.318693] ? __sanitizer_cov_trace_switch+0x53/0x90 17:31:00 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000071900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:00 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, 0xffffffffffffffff) 17:31:00 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b1775106", 0x9f, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 818.323899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.329460] wiphy_register+0x1a21/0x2740 [ 818.333630] ? wiphy_unregister+0x12c0/0x12c0 [ 818.338134] ? kasan_unpoison_shadow+0x35/0x50 [ 818.342725] ? kasan_kmalloc+0xc4/0xe0 [ 818.346651] ? __kmalloc+0x315/0x760 [ 818.350379] ? __lockdep_init_map+0x105/0x590 [ 818.354885] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.360438] ? ieee80211_cs_list_valid+0x7c/0x440 [ 818.365297] ? ieee80211_register_hw+0xc61/0x3890 [ 818.370168] ieee80211_register_hw+0x146b/0x3890 [ 818.374941] ? init_timer_on_stack_key+0x31/0xe0 [ 818.379715] ? ieee80211_free_ack_frame+0x60/0x60 [ 818.384579] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 818.389617] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 818.395778] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 818.401327] ? vsnprintf+0x20d/0x1b60 [ 818.405140] ? pointer+0x990/0x990 [ 818.408687] ? do_raw_spin_unlock+0xa7/0x2f0 [ 818.413103] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 818.418129] ? kvasprintf+0xea/0x140 [ 818.421850] ? bust_spinlocks+0xe0/0xe0 [ 818.425839] ? kasprintf+0xab/0xe0 [ 818.429386] ? kvasprintf_const+0x190/0x190 [ 818.433723] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 818.439283] hwsim_new_radio_nl+0x7c0/0xa80 [ 818.443604] ? nla_parse+0x32b/0x4e0 [ 818.447309] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 818.452497] ? __netlink_ns_capable+0x100/0x130 [ 818.457162] genl_family_rcv_msg+0x8a3/0x1140 [ 818.461646] ? genl_unregister_family+0x8b0/0x8b0 [ 818.466480] ? netlink_deliver_tap+0x32d/0xfb0 [ 818.471059] ? lock_downgrade+0x8f0/0x8f0 [ 818.475197] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 818.480209] ? lock_release+0xa30/0xa30 [ 818.484167] ? lock_acquire+0x1e4/0x540 [ 818.488123] ? genl_rcv+0x19/0x40 [ 818.491566] genl_rcv_msg+0xc6/0x168 [ 818.495286] netlink_rcv_skb+0x172/0x440 [ 818.499330] ? genl_family_rcv_msg+0x1140/0x1140 [ 818.504068] ? netlink_ack+0xbe0/0xbe0 [ 818.507941] genl_rcv+0x28/0x40 [ 818.511207] netlink_unicast+0x5a0/0x760 [ 818.515251] ? netlink_attachskb+0x9a0/0x9a0 [ 818.519666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.525201] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 818.530220] netlink_sendmsg+0xa18/0xfc0 [ 818.534276] ? netlink_unicast+0x760/0x760 [ 818.538501] ? move_addr_to_kernel.part.20+0x100/0x100 [ 818.543779] ? security_socket_sendmsg+0x94/0xc0 [ 818.548558] ? netlink_unicast+0x760/0x760 [ 818.552870] sock_sendmsg+0xd5/0x120 [ 818.556572] ___sys_sendmsg+0x7fd/0x930 [ 818.560534] ? copy_msghdr_from_user+0x580/0x580 [ 818.565292] ? __sched_text_start+0x8/0x8 [ 818.569440] ? __fget_light+0x2f7/0x440 [ 818.573403] ? fget_raw+0x20/0x20 [ 818.576849] ? __fd_install+0x2db/0x880 [ 818.580804] ? get_unused_fd_flags+0x1a0/0x1a0 [ 818.585384] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 818.590921] ? sockfd_lookup_light+0xc5/0x160 [ 818.595413] __sys_sendmsg+0x11d/0x290 [ 818.599287] ? __ia32_sys_shutdown+0x80/0x80 [ 818.603691] ? __x64_sys_futex+0x47f/0x6a0 [ 818.607920] ? fd_install+0x4d/0x60 [ 818.611552] ? syscall_slow_exit_work+0x500/0x500 [ 818.616388] ? ksys_ioctl+0x81/0xd0 [ 818.620002] __x64_sys_sendmsg+0x78/0xb0 [ 818.624052] do_syscall_64+0x1b9/0x820 [ 818.627941] ? syscall_return_slowpath+0x5e0/0x5e0 [ 818.632873] ? syscall_return_slowpath+0x31d/0x5e0 [ 818.638234] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 818.643249] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 818.648099] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 818.653272] RIP: 0033:0x456959 [ 818.656452] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:31:00 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3c1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:00 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:00 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x800e000000000000}) 17:31:00 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80), 0x0, 0x0) 17:31:00 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x7100000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 818.675345] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 818.683040] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 818.690293] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 818.697549] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 818.704821] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 818.712200] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:00 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163c3, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:00 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0", 0xa2, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:31:00 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, 0xffffffffffffffff) 17:31:00 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80), 0x0, 0x0) 17:31:00 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8000000}) [ 818.775996] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:31:00 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000031900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:00 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x30000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 818.820905] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 818.827895] CPU: 1 PID: 7308 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 818.836314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 818.845680] Call Trace: [ 818.848278] dump_stack+0x1c9/0x2b4 [ 818.851924] ? dump_stack_print_info.cold.2+0x52/0x52 [ 818.857139] ? trace_hardirqs_on+0xd/0x10 [ 818.861311] sysfs_warn_dup.cold.3+0x1c/0x2b [ 818.865736] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 818.871114] sysfs_create_link+0x65/0xc0 [ 818.875222] device_add+0x5d0/0x17b0 [ 818.878957] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 818.883835] ? genl_family_rcv_msg+0x8a3/0x1140 [ 818.888521] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 818.893636] ? do_syscall_64+0x1b9/0x820 [ 818.897710] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 818.902925] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.908484] wiphy_register+0x1a21/0x2740 [ 818.912650] ? wiphy_unregister+0x12c0/0x12c0 [ 818.917132] ? kasan_unpoison_shadow+0x35/0x50 [ 818.921701] ? kasan_kmalloc+0xc4/0xe0 [ 818.925586] ? __kmalloc+0x315/0x760 [ 818.929288] ? __lockdep_init_map+0x105/0x590 [ 818.933782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.939331] ? ieee80211_cs_list_valid+0x7c/0x440 [ 818.944161] ? ieee80211_register_hw+0xc61/0x3890 [ 818.948993] ieee80211_register_hw+0x146b/0x3890 [ 818.953763] ? init_timer_on_stack_key+0x31/0xe0 [ 818.958509] ? ieee80211_free_ack_frame+0x60/0x60 [ 818.963350] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 818.968365] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 818.974510] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 818.980048] ? vsnprintf+0x20d/0x1b60 [ 818.983843] ? pointer+0x990/0x990 [ 818.987374] ? check_same_owner+0x340/0x340 [ 818.991696] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 818.996704] ? kvasprintf+0xea/0x140 [ 819.000416] ? bust_spinlocks+0xe0/0xe0 [ 819.004390] ? kasprintf+0xab/0xe0 [ 819.007937] ? kvasprintf_const+0x190/0x190 [ 819.012256] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 819.017786] hwsim_new_radio_nl+0x7c0/0xa80 [ 819.022110] ? nla_parse+0x32b/0x4e0 [ 819.025812] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 819.030998] ? __netlink_ns_capable+0x100/0x130 [ 819.035655] genl_family_rcv_msg+0x8a3/0x1140 [ 819.040154] ? genl_unregister_family+0x8b0/0x8b0 [ 819.044986] ? netlink_deliver_tap+0x32d/0xfb0 [ 819.049557] ? lock_downgrade+0x8f0/0x8f0 [ 819.053688] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 819.058689] ? lock_release+0xa30/0xa30 [ 819.062659] ? __netlink_lookup+0x5e1/0xab0 [ 819.066972] ? lock_acquire+0x1e4/0x540 [ 819.070934] ? genl_rcv+0x19/0x40 [ 819.074384] genl_rcv_msg+0xc6/0x168 [ 819.078092] netlink_rcv_skb+0x172/0x440 [ 819.082142] ? genl_family_rcv_msg+0x1140/0x1140 [ 819.086917] ? netlink_ack+0xbe0/0xbe0 [ 819.090804] genl_rcv+0x28/0x40 [ 819.094066] netlink_unicast+0x5a0/0x760 [ 819.098111] ? netlink_attachskb+0x9a0/0x9a0 [ 819.102506] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.108030] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 819.113041] netlink_sendmsg+0xa18/0xfc0 [ 819.117108] ? netlink_unicast+0x760/0x760 [ 819.121418] ? move_addr_to_kernel.part.20+0x100/0x100 [ 819.126688] ? security_socket_sendmsg+0x94/0xc0 [ 819.131447] ? netlink_unicast+0x760/0x760 [ 819.135678] sock_sendmsg+0xd5/0x120 [ 819.139387] ___sys_sendmsg+0x7fd/0x930 [ 819.143350] ? copy_msghdr_from_user+0x580/0x580 [ 819.148114] ? __sched_text_start+0x8/0x8 [ 819.152274] ? __fget_light+0x2f7/0x440 [ 819.156244] ? fget_raw+0x20/0x20 [ 819.159684] ? __fd_install+0x2db/0x880 [ 819.163643] ? get_unused_fd_flags+0x1a0/0x1a0 [ 819.168228] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 819.173770] ? sockfd_lookup_light+0xc5/0x160 [ 819.178259] __sys_sendmsg+0x11d/0x290 [ 819.182143] ? __ia32_sys_shutdown+0x80/0x80 [ 819.186541] ? __x64_sys_futex+0x47f/0x6a0 [ 819.190772] ? fd_install+0x4d/0x60 [ 819.194415] ? syscall_slow_exit_work+0x500/0x500 [ 819.199264] ? ksys_ioctl+0x81/0xd0 [ 819.202882] __x64_sys_sendmsg+0x78/0xb0 [ 819.206946] do_syscall_64+0x1b9/0x820 [ 819.210829] ? syscall_return_slowpath+0x5e0/0x5e0 [ 819.215753] ? syscall_return_slowpath+0x31d/0x5e0 [ 819.220691] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 819.225707] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 819.230656] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 819.235833] RIP: 0033:0x456959 [ 819.239024] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 819.257927] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 819.265634] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 17:31:01 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="025c3f0a00145f8f764070") r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f00000000c0)=0x14, 0x4) getsockname(r1, &(0x7f0000000040)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, &(0x7f0000000100)=0x32) ioctl$FICLONE(r2, 0x5460, 0xffffffffffffffff) [ 819.272902] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 819.280175] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 819.287437] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 819.294693] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:01 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0", 0xa2, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 819.325539] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 819.357573] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 819.364542] CPU: 1 PID: 7308 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 819.372956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.382395] Call Trace: [ 819.385002] dump_stack+0x1c9/0x2b4 [ 819.388656] ? dump_stack_print_info.cold.2+0x52/0x52 [ 819.393902] ? trace_hardirqs_on+0xd/0x10 [ 819.398072] sysfs_warn_dup.cold.3+0x1c/0x2b [ 819.402490] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 819.407890] sysfs_create_link+0x65/0xc0 [ 819.411979] device_add+0x5d0/0x17b0 [ 819.415702] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 819.420207] ? genl_family_rcv_msg+0x8a3/0x1140 17:31:01 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80), 0x0, 0x0) 17:31:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xa2, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:01 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000041900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 819.424896] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 819.430012] ? do_syscall_64+0x1b9/0x820 [ 819.434091] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 819.439301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.444854] wiphy_register+0x1a21/0x2740 [ 819.449115] ? wiphy_unregister+0x12c0/0x12c0 [ 819.453628] ? kasan_unpoison_shadow+0x35/0x50 [ 819.459439] ? kasan_kmalloc+0xc4/0xe0 [ 819.463343] ? __kmalloc+0x315/0x760 [ 819.467074] ? __lockdep_init_map+0x105/0x590 [ 819.471589] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.477134] ? ieee80211_cs_list_valid+0x7c/0x440 [ 819.481990] ? ieee80211_register_hw+0xc61/0x3890 [ 819.486849] ieee80211_register_hw+0x146b/0x3890 [ 819.491629] ? init_timer_on_stack_key+0x31/0xe0 [ 819.496401] ? ieee80211_free_ack_frame+0x60/0x60 [ 819.501261] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 819.506330] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 819.512504] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 819.518034] ? vsnprintf+0x20d/0x1b60 [ 819.521836] ? pointer+0x990/0x990 [ 819.525372] ? check_same_owner+0x340/0x340 [ 819.529698] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 819.534705] ? kvasprintf+0xea/0x140 [ 819.538507] ? bust_spinlocks+0xe0/0xe0 [ 819.542476] ? kasprintf+0xab/0xe0 [ 819.546002] ? kvasprintf_const+0x190/0x190 [ 819.550322] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 819.555870] hwsim_new_radio_nl+0x7c0/0xa80 [ 819.560190] ? nla_parse+0x32b/0x4e0 [ 819.563906] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 819.569092] ? __netlink_ns_capable+0x100/0x130 [ 819.573758] genl_family_rcv_msg+0x8a3/0x1140 [ 819.578241] ? genl_unregister_family+0x8b0/0x8b0 [ 819.583421] ? netlink_deliver_tap+0x32d/0xfb0 [ 819.588003] ? lock_downgrade+0x8f0/0x8f0 [ 819.592144] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 819.597158] ? lock_release+0xa30/0xa30 [ 819.601113] ? __netlink_lookup+0x5e1/0xab0 [ 819.605418] ? lock_acquire+0x1e4/0x540 [ 819.609383] ? genl_rcv+0x19/0x40 [ 819.612831] genl_rcv_msg+0xc6/0x168 [ 819.616537] netlink_rcv_skb+0x172/0x440 [ 819.620592] ? genl_family_rcv_msg+0x1140/0x1140 [ 819.625333] ? netlink_ack+0xbe0/0xbe0 [ 819.629206] genl_rcv+0x28/0x40 [ 819.632470] netlink_unicast+0x5a0/0x760 [ 819.636522] ? netlink_attachskb+0x9a0/0x9a0 [ 819.640926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.646467] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 819.651470] netlink_sendmsg+0xa18/0xfc0 [ 819.655517] ? netlink_unicast+0x760/0x760 [ 819.659743] ? move_addr_to_kernel.part.20+0x100/0x100 [ 819.665007] ? security_socket_sendmsg+0x94/0xc0 [ 819.669746] ? netlink_unicast+0x760/0x760 [ 819.673963] sock_sendmsg+0xd5/0x120 [ 819.677669] ___sys_sendmsg+0x7fd/0x930 [ 819.681654] ? copy_msghdr_from_user+0x580/0x580 [ 819.686493] ? lock_acquire+0x1e4/0x540 [ 819.690460] ? __fd_install+0x2b2/0x880 [ 819.694418] ? lock_downgrade+0x8f0/0x8f0 [ 819.698549] ? select_collect+0x610/0x610 [ 819.702701] ? __fget_light+0x2f7/0x440 [ 819.706672] ? fget_raw+0x20/0x20 [ 819.710108] ? __fd_install+0x2db/0x880 [ 819.714085] ? get_unused_fd_flags+0x1a0/0x1a0 [ 819.718655] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 819.724176] ? sockfd_lookup_light+0xc5/0x160 [ 819.728667] __sys_sendmsg+0x11d/0x290 [ 819.732539] ? __ia32_sys_shutdown+0x80/0x80 [ 819.736934] ? __x64_sys_futex+0x47f/0x6a0 [ 819.741156] ? fd_install+0x4d/0x60 [ 819.744769] ? ksys_ioctl+0x81/0xd0 [ 819.748381] __x64_sys_sendmsg+0x78/0xb0 [ 819.752426] do_syscall_64+0x1b9/0x820 [ 819.756301] ? syscall_return_slowpath+0x5e0/0x5e0 [ 819.761213] ? syscall_return_slowpath+0x31d/0x5e0 [ 819.766227] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 819.771238] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 819.776079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 819.781261] RIP: 0033:0x456959 [ 819.784457] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 819.803370] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 819.811065] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 819.818329] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 17:31:01 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:01 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x84ffffff}) 17:31:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163d3, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:01 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x14000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:01 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0", 0xa2, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) [ 819.825590] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 819.832867] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 819.840129] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:01 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x4d000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:01 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) 17:31:01 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000061900050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:01 executing program 1: open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000380)=""/32, 0x20) 17:31:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x38f, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:01 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x88480000}) [ 819.961280] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 820.008330] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 820.015268] CPU: 1 PID: 7367 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 820.023678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.033039] Call Trace: [ 820.035651] dump_stack+0x1c9/0x2b4 [ 820.039297] ? dump_stack_print_info.cold.2+0x52/0x52 [ 820.044508] ? trace_hardirqs_on+0xd/0x10 [ 820.048676] sysfs_warn_dup.cold.3+0x1c/0x2b [ 820.053097] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 820.058470] sysfs_create_link+0x65/0xc0 [ 820.062542] device_add+0x5d0/0x17b0 [ 820.066267] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 820.070773] ? genl_family_rcv_msg+0x8a3/0x1140 [ 820.075459] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 820.080573] ? do_syscall_64+0x1b9/0x820 [ 820.084655] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 820.089873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.095428] wiphy_register+0x1a21/0x2740 [ 820.099594] ? wiphy_unregister+0x12c0/0x12c0 [ 820.104103] ? kasan_unpoison_shadow+0x35/0x50 [ 820.108698] ? kasan_kmalloc+0xc4/0xe0 [ 820.112600] ? __kmalloc+0x315/0x760 [ 820.116328] ? __lockdep_init_map+0x105/0x590 [ 820.120851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.126402] ? ieee80211_cs_list_valid+0x7c/0x440 [ 820.131263] ? ieee80211_register_hw+0xc61/0x3890 [ 820.136115] ieee80211_register_hw+0x146b/0x3890 [ 820.140867] ? init_timer_on_stack_key+0x31/0xe0 [ 820.145619] ? ieee80211_free_ack_frame+0x60/0x60 [ 820.150546] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 820.155558] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 820.161700] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 820.167225] ? vsnprintf+0x20d/0x1b60 [ 820.171021] ? pointer+0x990/0x990 [ 820.174551] ? check_same_owner+0x340/0x340 [ 820.178868] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 820.183868] ? kvasprintf+0xea/0x140 [ 820.187564] ? bust_spinlocks+0xe0/0xe0 [ 820.191538] ? kasprintf+0xab/0xe0 [ 820.195387] ? kvasprintf_const+0x190/0x190 [ 820.199695] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 820.205387] hwsim_new_radio_nl+0x7c0/0xa80 [ 820.209781] ? nla_parse+0x32b/0x4e0 [ 820.213485] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 820.218671] ? __netlink_ns_capable+0x100/0x130 [ 820.223499] genl_family_rcv_msg+0x8a3/0x1140 [ 820.227981] ? genl_unregister_family+0x8b0/0x8b0 [ 820.232809] ? netlink_deliver_tap+0x32d/0xfb0 [ 820.237375] ? lock_downgrade+0x8f0/0x8f0 [ 820.241505] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 820.246507] ? lock_release+0xa30/0xa30 [ 820.250467] ? __netlink_lookup+0x5e1/0xab0 [ 820.254776] ? lock_acquire+0x1e4/0x540 [ 820.258737] ? genl_rcv+0x19/0x40 [ 820.262178] genl_rcv_msg+0xc6/0x168 [ 820.265875] netlink_rcv_skb+0x172/0x440 [ 820.269918] ? genl_family_rcv_msg+0x1140/0x1140 [ 820.274655] ? netlink_ack+0xbe0/0xbe0 [ 820.278533] genl_rcv+0x28/0x40 [ 820.281819] netlink_unicast+0x5a0/0x760 [ 820.285869] ? netlink_attachskb+0x9a0/0x9a0 [ 820.290270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.295826] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 820.300845] netlink_sendmsg+0xa18/0xfc0 [ 820.304896] ? netlink_unicast+0x760/0x760 [ 820.309121] ? move_addr_to_kernel.part.20+0x100/0x100 [ 820.314387] ? security_socket_sendmsg+0x94/0xc0 [ 820.319135] ? netlink_unicast+0x760/0x760 [ 820.323366] sock_sendmsg+0xd5/0x120 [ 820.327064] ___sys_sendmsg+0x7fd/0x930 [ 820.331047] ? copy_msghdr_from_user+0x580/0x580 [ 820.335790] ? lock_acquire+0x1e4/0x540 [ 820.339754] ? __fd_install+0x2b2/0x880 [ 820.343713] ? lock_downgrade+0x8f0/0x8f0 [ 820.347846] ? select_collect+0x610/0x610 [ 820.351981] ? __fget_light+0x2f7/0x440 [ 820.355938] ? fget_raw+0x20/0x20 [ 820.359379] ? __fd_install+0x2db/0x880 [ 820.363354] ? get_unused_fd_flags+0x1a0/0x1a0 [ 820.367935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 820.373456] ? sockfd_lookup_light+0xc5/0x160 [ 820.377935] __sys_sendmsg+0x11d/0x290 [ 820.381810] ? __ia32_sys_shutdown+0x80/0x80 [ 820.386203] ? __x64_sys_futex+0x47f/0x6a0 [ 820.390428] ? fd_install+0x4d/0x60 [ 820.394041] ? ksys_ioctl+0x81/0xd0 [ 820.397663] __x64_sys_sendmsg+0x78/0xb0 [ 820.401712] do_syscall_64+0x1b9/0x820 [ 820.405605] ? finish_task_switch+0x1d3/0x870 [ 820.410083] ? syscall_return_slowpath+0x5e0/0x5e0 [ 820.414996] ? syscall_return_slowpath+0x31d/0x5e0 [ 820.419920] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 820.424924] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 820.429769] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 820.434965] RIP: 0033:0x456959 [ 820.438243] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:31:01 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d5", 0xa3, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:31:01 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000000300050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:01 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) 17:31:01 executing program 1: exit(0x0) r0 = eventfd(0x0) write$P9_RREAD(r0, &(0x7f0000000000)={0xb}, 0xb) 17:31:02 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xd9, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 820.457127] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 820.464832] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 820.472084] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 820.479346] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 820.486600] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 820.493863] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:02 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:02 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d5", 0xa3, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:31:02 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000100)}], 0x1, 0x0) 17:31:02 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x11}) 17:31:02 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000002d00050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:02 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x6100}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:02 executing program 5: [ 820.614532] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 820.644435] IPv6: Can't replace route, no match found [ 820.675144] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 820.682120] CPU: 0 PID: 7401 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 820.690625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.699984] Call Trace: [ 820.702596] dump_stack+0x1c9/0x2b4 [ 820.706232] ? dump_stack_print_info.cold.2+0x52/0x52 [ 820.711430] ? trace_hardirqs_on+0xd/0x10 [ 820.715614] sysfs_warn_dup.cold.3+0x1c/0x2b [ 820.720046] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:31:02 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x3c}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:02 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d5", 0xa3, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x1, @dev}, 0x1c) 17:31:02 executing program 5: 17:31:02 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900060000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:02 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xffffff88}) [ 820.725426] sysfs_create_link+0x65/0xc0 [ 820.729506] device_add+0x5d0/0x17b0 [ 820.733232] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 820.737749] ? genl_family_rcv_msg+0x8a3/0x1140 [ 820.742708] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 820.747826] ? do_syscall_64+0x1b9/0x820 [ 820.751901] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 820.757134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.762689] wiphy_register+0x1a21/0x2740 [ 820.766860] ? wiphy_unregister+0x12c0/0x12c0 [ 820.771366] ? kasan_unpoison_shadow+0x35/0x50 17:31:02 executing program 5: [ 820.775954] ? kasan_kmalloc+0xc4/0xe0 [ 820.779851] ? __kmalloc+0x315/0x760 [ 820.783593] ? __lockdep_init_map+0x105/0x590 [ 820.788096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.793732] ? ieee80211_cs_list_valid+0x7c/0x440 [ 820.798583] ? ieee80211_register_hw+0xc61/0x3890 [ 820.803439] ieee80211_register_hw+0x146b/0x3890 [ 820.808211] ? init_timer_on_stack_key+0x31/0xe0 [ 820.812983] ? ieee80211_free_ack_frame+0x60/0x60 [ 820.817843] mac80211_hwsim_new_radio+0x1e55/0x3490 17:31:02 executing program 5: [ 820.822883] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 820.829048] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 820.834598] ? vsnprintf+0x20d/0x1b60 [ 820.838413] ? pointer+0x990/0x990 [ 820.841958] ? check_same_owner+0x340/0x340 [ 820.846298] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 820.851322] ? kvasprintf+0xea/0x140 [ 820.855041] ? bust_spinlocks+0xe0/0xe0 [ 820.859020] ? kasprintf+0xab/0xe0 [ 820.862564] ? kvasprintf_const+0x190/0x190 [ 820.866895] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 820.872445] hwsim_new_radio_nl+0x7c0/0xa80 [ 820.876780] ? nla_parse+0x32b/0x4e0 [ 820.880509] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 820.885707] ? __netlink_ns_capable+0x100/0x130 [ 820.890389] genl_family_rcv_msg+0x8a3/0x1140 [ 820.894890] ? genl_unregister_family+0x8b0/0x8b0 [ 820.899732] ? netlink_deliver_tap+0x32d/0xfb0 [ 820.904332] ? lock_downgrade+0x8f0/0x8f0 [ 820.908489] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 820.913511] ? lock_release+0xa30/0xa30 [ 820.917477] ? __netlink_lookup+0x5e1/0xab0 [ 820.921799] ? lock_acquire+0x1e4/0x540 [ 820.925774] ? genl_rcv+0x19/0x40 [ 820.929215] genl_rcv_msg+0xc6/0x168 [ 820.932924] netlink_rcv_skb+0x172/0x440 [ 820.936979] ? genl_family_rcv_msg+0x1140/0x1140 [ 820.941726] ? netlink_ack+0xbe0/0xbe0 [ 820.945617] genl_rcv+0x28/0x40 [ 820.948878] netlink_unicast+0x5a0/0x760 [ 820.952923] ? netlink_attachskb+0x9a0/0x9a0 [ 820.957322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.962849] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 820.967863] netlink_sendmsg+0xa18/0xfc0 [ 820.971913] ? netlink_unicast+0x760/0x760 [ 820.976139] ? move_addr_to_kernel.part.20+0x100/0x100 [ 820.981411] ? security_socket_sendmsg+0x94/0xc0 [ 820.986169] ? netlink_unicast+0x760/0x760 [ 820.990393] sock_sendmsg+0xd5/0x120 [ 820.994104] ___sys_sendmsg+0x7fd/0x930 [ 820.998074] ? copy_msghdr_from_user+0x580/0x580 [ 821.002830] ? lock_acquire+0x1e4/0x540 [ 821.006806] ? __fd_install+0x2b2/0x880 [ 821.010772] ? lock_downgrade+0x8f0/0x8f0 [ 821.014910] ? select_collect+0x610/0x610 [ 821.019044] ? __fget_light+0x2f7/0x440 [ 821.023009] ? fget_raw+0x20/0x20 [ 821.026448] ? __fd_install+0x2db/0x880 [ 821.030411] ? get_unused_fd_flags+0x1a0/0x1a0 [ 821.034981] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 821.040502] ? sockfd_lookup_light+0xc5/0x160 [ 821.044981] __sys_sendmsg+0x11d/0x290 [ 821.048864] ? __ia32_sys_shutdown+0x80/0x80 [ 821.053281] ? __x64_sys_futex+0x47f/0x6a0 [ 821.057501] ? fd_install+0x4d/0x60 [ 821.061118] ? ksys_ioctl+0x81/0xd0 [ 821.064740] __x64_sys_sendmsg+0x78/0xb0 [ 821.068802] do_syscall_64+0x1b9/0x820 [ 821.072690] ? finish_task_switch+0x1d3/0x870 [ 821.077207] ? syscall_return_slowpath+0x5e0/0x5e0 [ 821.082161] ? syscall_return_slowpath+0x31d/0x5e0 [ 821.087080] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 821.092097] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 821.097219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 821.102408] RIP: 0033:0x456959 [ 821.105597] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 821.124492] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 821.132207] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 821.139468] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 821.147680] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 821.154942] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 821.162215] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:03 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00') pwritev(r1, &(0x7f0000001540)=[{&(0x7f0000000240)="b1cc66ae7a558c2a1d42f41ac7e04b80264b5f58d17cad4a0df5a6f6a43d305d0a858365209c", 0x26}], 0x1, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000500), 0x4) [ 821.171031] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 821.180645] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 821.187612] CPU: 0 PID: 7417 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 821.196017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.205468] Call Trace: [ 821.208079] dump_stack+0x1c9/0x2b4 [ 821.211729] ? dump_stack_print_info.cold.2+0x52/0x52 [ 821.216940] ? trace_hardirqs_on+0xd/0x10 [ 821.222060] sysfs_warn_dup.cold.3+0x1c/0x2b [ 821.226485] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 821.231864] sysfs_create_link+0x65/0xc0 [ 821.235943] device_add+0x5d0/0x17b0 [ 821.239671] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 821.244192] ? genl_family_rcv_msg+0x8a3/0x1140 [ 821.248901] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 821.253997] ? do_syscall_64+0x1b9/0x820 [ 821.258047] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 821.263235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.268767] wiphy_register+0x1a21/0x2740 [ 821.272931] ? wiphy_unregister+0x12c0/0x12c0 [ 821.277428] ? kasan_unpoison_shadow+0x35/0x50 [ 821.281996] ? kasan_kmalloc+0xc4/0xe0 [ 821.285871] ? __kmalloc+0x315/0x760 [ 821.289586] ? __lockdep_init_map+0x105/0x590 [ 821.294159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.299693] ? ieee80211_cs_list_valid+0x7c/0x440 [ 821.304530] ? ieee80211_register_hw+0xc61/0x3890 [ 821.309362] ieee80211_register_hw+0x146b/0x3890 [ 821.314122] ? init_timer_on_stack_key+0x31/0xe0 [ 821.318878] ? ieee80211_free_ack_frame+0x60/0x60 [ 821.323721] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 821.328749] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 821.335065] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 821.340597] ? vsnprintf+0x20d/0x1b60 [ 821.344400] ? pointer+0x990/0x990 [ 821.347931] ? do_raw_spin_unlock+0xa7/0x2f0 [ 821.352349] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 821.357369] ? kvasprintf+0xea/0x140 [ 821.361067] ? bust_spinlocks+0xe0/0xe0 [ 821.365029] ? kasprintf+0xab/0xe0 [ 821.368555] ? kvasprintf_const+0x190/0x190 [ 821.372865] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 821.378397] hwsim_new_radio_nl+0x7c0/0xa80 [ 821.382710] ? nla_parse+0x32b/0x4e0 [ 821.386420] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 821.391605] ? __netlink_ns_capable+0x100/0x130 [ 821.396278] genl_family_rcv_msg+0x8a3/0x1140 [ 821.400767] ? genl_unregister_family+0x8b0/0x8b0 [ 821.405605] ? netlink_deliver_tap+0x32d/0xfb0 [ 821.410190] ? lock_downgrade+0x8f0/0x8f0 [ 821.414350] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 821.419366] ? lock_release+0xa30/0xa30 [ 821.423334] ? lock_acquire+0x1e4/0x540 [ 821.427742] ? genl_rcv+0x19/0x40 [ 821.431186] genl_rcv_msg+0xc6/0x168 [ 821.434897] netlink_rcv_skb+0x172/0x440 [ 821.438943] ? genl_family_rcv_msg+0x1140/0x1140 [ 821.443684] ? netlink_ack+0xbe0/0xbe0 [ 821.447579] genl_rcv+0x28/0x40 [ 821.450843] netlink_unicast+0x5a0/0x760 [ 821.454889] ? netlink_attachskb+0x9a0/0x9a0 [ 821.459310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.464852] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 821.469854] netlink_sendmsg+0xa18/0xfc0 [ 821.473901] ? netlink_unicast+0x760/0x760 [ 821.478169] ? move_addr_to_kernel.part.20+0x100/0x100 [ 821.483440] ? security_socket_sendmsg+0x94/0xc0 [ 821.488181] ? netlink_unicast+0x760/0x760 [ 821.492411] sock_sendmsg+0xd5/0x120 [ 821.496124] ___sys_sendmsg+0x7fd/0x930 [ 821.500086] ? copy_msghdr_from_user+0x580/0x580 [ 821.504833] ? lock_acquire+0x1e4/0x540 [ 821.508792] ? __fd_install+0x2b2/0x880 [ 821.512750] ? lock_downgrade+0x8f0/0x8f0 [ 821.516880] ? select_collect+0x610/0x610 [ 821.521024] ? __fget_light+0x2f7/0x440 [ 821.524980] ? fget_raw+0x20/0x20 [ 821.528421] ? __fd_install+0x2db/0x880 [ 821.532384] ? get_unused_fd_flags+0x1a0/0x1a0 [ 821.536953] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 821.542470] ? sockfd_lookup_light+0xc5/0x160 [ 821.546950] __sys_sendmsg+0x11d/0x290 [ 821.550822] ? __ia32_sys_shutdown+0x80/0x80 [ 821.555225] ? __x64_sys_futex+0x47f/0x6a0 [ 821.559442] ? fd_install+0x4d/0x60 [ 821.563064] ? ksys_ioctl+0x81/0xd0 [ 821.566682] __x64_sys_sendmsg+0x78/0xb0 [ 821.570733] do_syscall_64+0x1b9/0x820 [ 821.574613] ? finish_task_switch+0x1d3/0x870 [ 821.579105] ? syscall_return_slowpath+0x5e0/0x5e0 [ 821.584021] ? syscall_return_slowpath+0x31d/0x5e0 [ 821.588935] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 821.593950] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 821.598779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 821.603951] RIP: 0033:0x456959 [ 821.607147] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:31:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x33, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 821.626030] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 821.633723] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 821.640974] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 821.648224] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 821.655473] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 821.662735] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 821.709742] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 821.750489] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 821.757437] CPU: 1 PID: 7457 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 821.765849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.775194] Call Trace: [ 821.777791] dump_stack+0x1c9/0x2b4 [ 821.781417] ? dump_stack_print_info.cold.2+0x52/0x52 [ 821.786600] ? trace_hardirqs_on+0xd/0x10 [ 821.790745] sysfs_warn_dup.cold.3+0x1c/0x2b [ 821.795143] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 821.800491] sysfs_create_link+0x65/0xc0 [ 821.804540] device_add+0x5d0/0x17b0 [ 821.808241] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 821.812730] ? genl_family_rcv_msg+0x8a3/0x1140 [ 821.817476] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 821.822578] ? do_syscall_64+0x1b9/0x820 [ 821.826680] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 821.831872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.837441] wiphy_register+0x1a21/0x2740 [ 821.841629] ? wiphy_unregister+0x12c0/0x12c0 [ 821.846115] ? kasan_unpoison_shadow+0x35/0x50 [ 821.850684] ? kasan_kmalloc+0xc4/0xe0 [ 821.854557] ? __kmalloc+0x315/0x760 [ 821.858268] ? __lockdep_init_map+0x105/0x590 [ 821.862753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.868281] ? ieee80211_cs_list_valid+0x7c/0x440 [ 821.873123] ? ieee80211_register_hw+0xc61/0x3890 [ 821.877959] ieee80211_register_hw+0x146b/0x3890 [ 821.882797] ? init_timer_on_stack_key+0x31/0xe0 [ 821.887551] ? ieee80211_free_ack_frame+0x60/0x60 [ 821.892385] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 821.897399] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 821.903531] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 821.909050] ? vsnprintf+0x20d/0x1b60 [ 821.912845] ? pointer+0x990/0x990 [ 821.916379] ? do_raw_spin_unlock+0xa7/0x2f0 [ 821.920775] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 821.925789] ? kvasprintf+0xea/0x140 [ 821.929574] ? bust_spinlocks+0xe0/0xe0 [ 821.933533] ? kasprintf+0xab/0xe0 [ 821.937055] ? kvasprintf_const+0x190/0x190 [ 821.941372] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 821.946916] hwsim_new_radio_nl+0x7c0/0xa80 [ 821.951226] ? nla_parse+0x32b/0x4e0 [ 821.954935] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 821.960121] ? __netlink_ns_capable+0x100/0x130 [ 821.964833] genl_family_rcv_msg+0x8a3/0x1140 [ 821.969314] ? genl_unregister_family+0x8b0/0x8b0 [ 821.974143] ? __sched_text_start+0x8/0x8 [ 821.978273] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 821.983291] ? lock_release+0xa30/0xa30 [ 821.987250] ? lock_acquire+0x1e4/0x540 [ 821.991205] ? genl_rcv+0x19/0x40 [ 821.994645] genl_rcv_msg+0xc6/0x168 [ 821.998355] netlink_rcv_skb+0x172/0x440 [ 822.003119] ? genl_family_rcv_msg+0x1140/0x1140 [ 822.007866] ? netlink_ack+0xbe0/0xbe0 [ 822.011742] genl_rcv+0x28/0x40 [ 822.015011] netlink_unicast+0x5a0/0x760 [ 822.019057] ? netlink_attachskb+0x9a0/0x9a0 [ 822.023449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.028980] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 822.033983] netlink_sendmsg+0xa18/0xfc0 [ 822.038040] ? netlink_unicast+0x760/0x760 [ 822.042272] ? move_addr_to_kernel.part.20+0x100/0x100 [ 822.047553] ? security_socket_sendmsg+0x94/0xc0 [ 822.052296] ? netlink_unicast+0x760/0x760 [ 822.056518] sock_sendmsg+0xd5/0x120 [ 822.060225] ___sys_sendmsg+0x7fd/0x930 [ 822.064186] ? copy_msghdr_from_user+0x580/0x580 [ 822.068932] ? __sched_text_start+0x8/0x8 [ 822.073077] ? __fget_light+0x2f7/0x440 [ 822.077051] ? fget_raw+0x20/0x20 [ 822.080490] ? __fd_install+0x2db/0x880 [ 822.084448] ? get_unused_fd_flags+0x1a0/0x1a0 [ 822.089036] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 822.094558] ? sockfd_lookup_light+0xc5/0x160 [ 822.099049] __sys_sendmsg+0x11d/0x290 [ 822.102930] ? __ia32_sys_shutdown+0x80/0x80 [ 822.107324] ? __x64_sys_futex+0x47f/0x6a0 [ 822.111629] ? fd_install+0x4d/0x60 [ 822.115254] ? syscall_slow_exit_work+0x500/0x500 [ 822.120175] ? ksys_ioctl+0x81/0xd0 [ 822.123788] __x64_sys_sendmsg+0x78/0xb0 [ 822.127846] do_syscall_64+0x1b9/0x820 [ 822.131724] ? finish_task_switch+0x1d3/0x870 [ 822.136211] ? syscall_return_slowpath+0x5e0/0x5e0 [ 822.141127] ? syscall_return_slowpath+0x31d/0x5e0 [ 822.146053] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 822.151057] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 822.155886] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 822.161066] RIP: 0033:0x456959 [ 822.164242] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 822.183134] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 822.191000] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 822.198255] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 822.205513] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 822.212765] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 822.220107] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 822.228481] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 822.237761] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 822.244690] CPU: 1 PID: 7417 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 822.253082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 822.262432] Call Trace: [ 822.265012] dump_stack+0x1c9/0x2b4 [ 822.268626] ? dump_stack_print_info.cold.2+0x52/0x52 [ 822.273815] ? trace_hardirqs_on+0xd/0x10 [ 822.277972] sysfs_warn_dup.cold.3+0x1c/0x2b [ 822.282365] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 822.287712] sysfs_create_link+0x65/0xc0 [ 822.291765] device_add+0x5d0/0x17b0 [ 822.295472] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 822.299958] ? genl_family_rcv_msg+0x8a3/0x1140 [ 822.304619] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 822.309726] ? do_syscall_64+0x1b9/0x820 [ 822.313781] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 822.318960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.324483] wiphy_register+0x1a21/0x2740 [ 822.328617] ? wiphy_unregister+0x12c0/0x12c0 [ 822.333095] ? kasan_unpoison_shadow+0x35/0x50 [ 822.337662] ? kasan_kmalloc+0xc4/0xe0 [ 822.341532] ? __kmalloc+0x315/0x760 [ 822.345236] ? __lockdep_init_map+0x105/0x590 [ 822.349728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.355254] ? ieee80211_cs_list_valid+0x7c/0x440 [ 822.360094] ? ieee80211_register_hw+0xc61/0x3890 [ 822.365011] ieee80211_register_hw+0x146b/0x3890 [ 822.369760] ? init_timer_on_stack_key+0x31/0xe0 [ 822.374502] ? ieee80211_free_ack_frame+0x60/0x60 [ 822.379343] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 822.384351] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 822.390485] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 822.396014] ? vsnprintf+0x20d/0x1b60 [ 822.399795] ? pointer+0x990/0x990 [ 822.403320] ? do_raw_spin_unlock+0xa7/0x2f0 [ 822.407733] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 822.412743] ? kvasprintf+0xea/0x140 [ 822.416438] ? bust_spinlocks+0xe0/0xe0 [ 822.420393] ? kasprintf+0xab/0xe0 [ 822.423928] ? kvasprintf_const+0x190/0x190 [ 822.428241] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 822.433775] hwsim_new_radio_nl+0x7c0/0xa80 [ 822.438114] ? nla_parse+0x32b/0x4e0 [ 822.441826] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 822.447091] ? __netlink_ns_capable+0x100/0x130 [ 822.451761] genl_family_rcv_msg+0x8a3/0x1140 [ 822.456256] ? genl_unregister_family+0x8b0/0x8b0 [ 822.461085] ? netlink_deliver_tap+0x32d/0xfb0 [ 822.465655] ? lock_downgrade+0x8f0/0x8f0 [ 822.469973] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 822.474976] ? lock_release+0xa30/0xa30 [ 822.478937] ? lock_acquire+0x1e4/0x540 [ 822.482893] ? genl_rcv+0x19/0x40 [ 822.486333] genl_rcv_msg+0xc6/0x168 [ 822.490051] netlink_rcv_skb+0x172/0x440 [ 822.494097] ? genl_family_rcv_msg+0x1140/0x1140 [ 822.498835] ? netlink_ack+0xbe0/0xbe0 [ 822.502741] genl_rcv+0x28/0x40 [ 822.506011] netlink_unicast+0x5a0/0x760 [ 822.510068] ? netlink_attachskb+0x9a0/0x9a0 [ 822.514467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.519988] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 822.524996] netlink_sendmsg+0xa18/0xfc0 [ 822.529052] ? netlink_unicast+0x760/0x760 [ 822.533274] ? move_addr_to_kernel.part.20+0x100/0x100 [ 822.538538] ? security_socket_sendmsg+0x94/0xc0 [ 822.543276] ? netlink_unicast+0x760/0x760 [ 822.547502] sock_sendmsg+0xd5/0x120 [ 822.551200] ___sys_sendmsg+0x7fd/0x930 [ 822.555159] ? copy_msghdr_from_user+0x580/0x580 [ 822.559996] ? lock_acquire+0x1e4/0x540 [ 822.563975] ? __fd_install+0x2b2/0x880 [ 822.568027] ? lock_downgrade+0x8f0/0x8f0 [ 822.572162] ? select_collect+0x610/0x610 [ 822.576305] ? __fget_light+0x2f7/0x440 [ 822.580270] ? fget_raw+0x20/0x20 [ 822.583709] ? __fd_install+0x2db/0x880 [ 822.587936] ? get_unused_fd_flags+0x1a0/0x1a0 [ 822.592508] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 822.598033] ? sockfd_lookup_light+0xc5/0x160 [ 822.602513] __sys_sendmsg+0x11d/0x290 [ 822.606394] ? __ia32_sys_shutdown+0x80/0x80 [ 822.610875] ? __x64_sys_futex+0x47f/0x6a0 [ 822.615097] ? fd_install+0x4d/0x60 [ 822.618714] ? ksys_ioctl+0x81/0xd0 [ 822.622345] __x64_sys_sendmsg+0x78/0xb0 [ 822.626412] do_syscall_64+0x1b9/0x820 [ 822.630296] ? finish_task_switch+0x1d3/0x870 [ 822.634785] ? syscall_return_slowpath+0x5e0/0x5e0 [ 822.639702] ? syscall_return_slowpath+0x31d/0x5e0 [ 822.644626] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 822.649641] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 822.654483] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 822.659657] RIP: 0033:0x456959 [ 822.662844] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 822.681735] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 822.689433] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 822.696686] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 17:31:04 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:04 executing program 5: 17:31:04 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x1, @dev}, 0x1c) 17:31:04 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x4888}) 17:31:04 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x6100000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:04 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900160000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:04 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x1, 0x0) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f00000002c0)) write$cgroup_int(r1, &(0x7f0000000080), 0x45c) [ 822.703948] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 822.711199] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 822.718545] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 822.730478] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 822.743374] sysfs: cannot create duplicate filename '/class/ieee80211/!' 17:31:04 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 822.750375] CPU: 0 PID: 7457 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 822.758780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 822.768149] Call Trace: [ 822.770801] dump_stack+0x1c9/0x2b4 [ 822.774462] ? dump_stack_print_info.cold.2+0x52/0x52 [ 822.779671] ? trace_hardirqs_on+0xd/0x10 [ 822.783846] sysfs_warn_dup.cold.3+0x1c/0x2b [ 822.788277] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 822.793664] sysfs_create_link+0x65/0xc0 [ 822.797741] device_add+0x5d0/0x17b0 [ 822.801470] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 822.806009] ? genl_family_rcv_msg+0x8a3/0x1140 [ 822.810707] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 822.815826] ? do_syscall_64+0x1b9/0x820 [ 822.819934] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 822.825159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.830748] wiphy_register+0x1a21/0x2740 [ 822.834945] ? wiphy_unregister+0x12c0/0x12c0 [ 822.839441] ? kasan_unpoison_shadow+0x35/0x50 [ 822.844023] ? kasan_kmalloc+0xc4/0xe0 [ 822.847918] ? __kmalloc+0x315/0x760 [ 822.851639] ? __lockdep_init_map+0x105/0x590 [ 822.856129] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.861666] ? ieee80211_cs_list_valid+0x7c/0x440 [ 822.866538] ? ieee80211_register_hw+0xc61/0x3890 [ 822.871391] ieee80211_register_hw+0x146b/0x3890 [ 822.876186] ? init_timer_on_stack_key+0x31/0xe0 [ 822.880965] ? ieee80211_free_ack_frame+0x60/0x60 [ 822.885912] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 822.890965] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 822.897127] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 822.902663] ? vsnprintf+0x20d/0x1b60 [ 822.906460] ? pointer+0x990/0x990 [ 822.909995] ? do_raw_spin_unlock+0xa7/0x2f0 [ 822.914421] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 822.919439] ? kvasprintf+0xea/0x140 [ 822.923141] ? bust_spinlocks+0xe0/0xe0 [ 822.927107] ? kasprintf+0xab/0xe0 [ 822.930658] ? kvasprintf_const+0x190/0x190 [ 822.934975] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 822.940524] hwsim_new_radio_nl+0x7c0/0xa80 [ 822.944852] ? nla_parse+0x32b/0x4e0 [ 822.948581] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 822.953774] ? __netlink_ns_capable+0x100/0x130 [ 822.958450] genl_family_rcv_msg+0x8a3/0x1140 [ 822.962937] ? genl_unregister_family+0x8b0/0x8b0 [ 822.967769] ? netlink_deliver_tap+0x32d/0xfb0 [ 822.972360] ? lock_downgrade+0x8f0/0x8f0 [ 822.976506] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 822.981553] ? lock_release+0xa30/0xa30 [ 822.985533] ? lock_acquire+0x1e4/0x540 [ 822.989509] ? genl_rcv+0x19/0x40 [ 822.993046] genl_rcv_msg+0xc6/0x168 [ 822.996770] netlink_rcv_skb+0x172/0x440 [ 823.000846] ? genl_family_rcv_msg+0x1140/0x1140 [ 823.005595] ? netlink_ack+0xbe0/0xbe0 [ 823.009472] genl_rcv+0x28/0x40 [ 823.012751] netlink_unicast+0x5a0/0x760 [ 823.016814] ? netlink_attachskb+0x9a0/0x9a0 [ 823.021221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.026755] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 823.031978] netlink_sendmsg+0xa18/0xfc0 [ 823.036046] ? netlink_unicast+0x760/0x760 [ 823.040326] ? move_addr_to_kernel.part.20+0x100/0x100 [ 823.045605] ? security_socket_sendmsg+0x94/0xc0 [ 823.050357] ? netlink_unicast+0x760/0x760 [ 823.054594] sock_sendmsg+0xd5/0x120 [ 823.058305] ___sys_sendmsg+0x7fd/0x930 [ 823.062311] ? copy_msghdr_from_user+0x580/0x580 [ 823.067083] ? lock_acquire+0x1e4/0x540 [ 823.071053] ? __fd_install+0x2b2/0x880 [ 823.075028] ? lock_downgrade+0x8f0/0x8f0 [ 823.079195] ? select_collect+0x610/0x610 [ 823.083349] ? __fget_light+0x2f7/0x440 [ 823.087334] ? fget_raw+0x20/0x20 [ 823.090793] ? __fd_install+0x2db/0x880 [ 823.094766] ? get_unused_fd_flags+0x1a0/0x1a0 [ 823.099342] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 823.104871] ? sockfd_lookup_light+0xc5/0x160 [ 823.109457] __sys_sendmsg+0x11d/0x290 [ 823.113338] ? __ia32_sys_shutdown+0x80/0x80 [ 823.117748] ? __x64_sys_futex+0x47f/0x6a0 [ 823.121981] ? fd_install+0x4d/0x60 [ 823.125613] ? syscall_slow_exit_work+0x500/0x500 [ 823.130450] ? ksys_ioctl+0x81/0xd0 [ 823.134084] __x64_sys_sendmsg+0x78/0xb0 [ 823.138142] do_syscall_64+0x1b9/0x820 [ 823.142017] ? finish_task_switch+0x1d3/0x870 [ 823.146513] ? syscall_return_slowpath+0x5e0/0x5e0 [ 823.151456] ? syscall_return_slowpath+0x31d/0x5e0 [ 823.156386] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 823.161397] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 823.166235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 823.171421] RIP: 0033:0x456959 [ 823.174613] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 823.193598] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 823.201318] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 823.208597] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 823.215858] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 823.223128] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 823.230406] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3bb, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 823.250047] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 823.281748] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 823.288685] CPU: 1 PID: 7471 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 823.297118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 823.306477] Call Trace: [ 823.309085] dump_stack+0x1c9/0x2b4 [ 823.312757] ? dump_stack_print_info.cold.2+0x52/0x52 [ 823.317992] ? trace_hardirqs_on+0xd/0x10 [ 823.322186] sysfs_warn_dup.cold.3+0x1c/0x2b [ 823.326667] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:31:05 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001903050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:05 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x1c000000}) 17:31:05 executing program 1: 17:31:05 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:05 executing program 1: 17:31:05 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x1, @dev}, 0x1c) [ 823.332059] sysfs_create_link+0x65/0xc0 [ 823.336136] device_add+0x5d0/0x17b0 [ 823.339884] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 823.344393] ? genl_family_rcv_msg+0x8a3/0x1140 [ 823.349090] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 823.354221] ? do_syscall_64+0x1b9/0x820 [ 823.358299] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 823.363506] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.369071] wiphy_register+0x1a21/0x2740 [ 823.373336] ? wiphy_unregister+0x12c0/0x12c0 [ 823.377845] ? kasan_unpoison_shadow+0x35/0x50 17:31:05 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xc0ffffff00000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 823.382443] ? kasan_kmalloc+0xc4/0xe0 [ 823.386395] ? __kmalloc+0x315/0x760 [ 823.390139] ? __lockdep_init_map+0x105/0x590 [ 823.394662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.400214] ? ieee80211_cs_list_valid+0x7c/0x440 [ 823.405074] ? ieee80211_register_hw+0xc61/0x3890 [ 823.409947] ieee80211_register_hw+0x146b/0x3890 [ 823.414743] ? init_timer_on_stack_key+0x31/0xe0 [ 823.419525] ? ieee80211_free_ack_frame+0x60/0x60 [ 823.424395] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 823.429437] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 823.435603] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 823.441161] ? vsnprintf+0x20d/0x1b60 [ 823.444984] ? pointer+0x990/0x990 [ 823.448550] ? check_same_owner+0x340/0x340 [ 823.452896] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 823.459156] ? kvasprintf+0xea/0x140 [ 823.462884] ? bust_spinlocks+0xe0/0xe0 [ 823.466874] ? kasprintf+0xab/0xe0 [ 823.470427] ? kvasprintf_const+0x190/0x190 [ 823.474763] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 823.480319] hwsim_new_radio_nl+0x7c0/0xa80 [ 823.484636] ? nla_parse+0x32b/0x4e0 [ 823.488343] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 823.493521] ? __netlink_ns_capable+0x100/0x130 [ 823.498199] genl_family_rcv_msg+0x8a3/0x1140 [ 823.502694] ? genl_unregister_family+0x8b0/0x8b0 [ 823.507552] ? netlink_deliver_tap+0x32d/0xfb0 [ 823.512145] ? lock_downgrade+0x8f0/0x8f0 [ 823.516289] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 823.521298] ? lock_release+0xa30/0xa30 [ 823.525272] ? __netlink_lookup+0x5e1/0xab0 [ 823.529584] ? lock_acquire+0x1e4/0x540 [ 823.533549] ? genl_rcv+0x19/0x40 [ 823.537002] genl_rcv_msg+0xc6/0x168 [ 823.540704] netlink_rcv_skb+0x172/0x440 [ 823.544759] ? genl_family_rcv_msg+0x1140/0x1140 [ 823.549507] ? netlink_ack+0xbe0/0xbe0 [ 823.553405] genl_rcv+0x28/0x40 [ 823.556671] netlink_unicast+0x5a0/0x760 [ 823.560740] ? netlink_attachskb+0x9a0/0x9a0 [ 823.565238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.570770] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 823.575785] netlink_sendmsg+0xa18/0xfc0 [ 823.579864] ? netlink_unicast+0x760/0x760 [ 823.584119] ? move_addr_to_kernel.part.20+0x100/0x100 [ 823.589657] ? security_socket_sendmsg+0x94/0xc0 [ 823.594401] ? netlink_unicast+0x760/0x760 [ 823.598623] sock_sendmsg+0xd5/0x120 [ 823.602332] ___sys_sendmsg+0x7fd/0x930 [ 823.606297] ? copy_msghdr_from_user+0x580/0x580 [ 823.611047] ? lock_acquire+0x1e4/0x540 [ 823.615018] ? __fd_install+0x2b2/0x880 [ 823.618988] ? lock_downgrade+0x8f0/0x8f0 [ 823.623122] ? select_collect+0x610/0x610 [ 823.627256] ? __fget_light+0x2f7/0x440 [ 823.631216] ? fget_raw+0x20/0x20 [ 823.634657] ? __fd_install+0x2db/0x880 [ 823.638619] ? get_unused_fd_flags+0x1a0/0x1a0 [ 823.643197] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 823.648731] ? sockfd_lookup_light+0xc5/0x160 [ 823.653570] __sys_sendmsg+0x11d/0x290 [ 823.657447] ? __ia32_sys_shutdown+0x80/0x80 [ 823.661943] ? __x64_sys_futex+0x47f/0x6a0 [ 823.666165] ? fd_install+0x4d/0x60 [ 823.669783] ? ksys_ioctl+0x81/0xd0 [ 823.673579] __x64_sys_sendmsg+0x78/0xb0 [ 823.677631] do_syscall_64+0x1b9/0x820 [ 823.681505] ? finish_task_switch+0x1d3/0x870 [ 823.686001] ? syscall_return_slowpath+0x5e0/0x5e0 [ 823.691021] ? syscall_return_slowpath+0x31d/0x5e0 [ 823.695948] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 823.700953] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 823.705798] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 823.710973] RIP: 0033:0x456959 [ 823.714157] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 823.733054] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 823.740749] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 823.748026] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 823.755482] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 823.762754] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 823.770029] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 823.807583] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 823.848306] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 823.855417] CPU: 0 PID: 7471 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 823.863846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 823.873204] Call Trace: [ 823.875828] dump_stack+0x1c9/0x2b4 [ 823.879487] ? dump_stack_print_info.cold.2+0x52/0x52 [ 823.884697] ? trace_hardirqs_on+0xd/0x10 [ 823.888869] sysfs_warn_dup.cold.3+0x1c/0x2b [ 823.893297] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 823.898683] sysfs_create_link+0x65/0xc0 [ 823.902768] device_add+0x5d0/0x17b0 [ 823.906513] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 823.911012] ? genl_family_rcv_msg+0x8a3/0x1140 [ 823.915675] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 823.920768] ? do_syscall_64+0x1b9/0x820 [ 823.924818] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 823.930007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.935629] wiphy_register+0x1a21/0x2740 [ 823.939770] ? wiphy_unregister+0x12c0/0x12c0 [ 823.944258] ? kasan_unpoison_shadow+0x35/0x50 [ 823.948840] ? kasan_kmalloc+0xc4/0xe0 [ 823.952731] ? __kmalloc+0x315/0x760 [ 823.956452] ? __lockdep_init_map+0x105/0x590 [ 823.960940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.966481] ? ieee80211_cs_list_valid+0x7c/0x440 [ 823.971322] ? ieee80211_register_hw+0xc61/0x3890 [ 823.976159] ieee80211_register_hw+0x146b/0x3890 [ 823.980914] ? init_timer_on_stack_key+0x31/0xe0 [ 823.985661] ? ieee80211_free_ack_frame+0x60/0x60 [ 823.990500] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 823.995545] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 824.001681] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 824.007214] ? vsnprintf+0x20d/0x1b60 [ 824.011021] ? pointer+0x990/0x990 [ 824.014559] ? check_same_owner+0x340/0x340 [ 824.018880] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 824.023884] ? kvasprintf+0xea/0x140 [ 824.027583] ? bust_spinlocks+0xe0/0xe0 [ 824.031545] ? kasprintf+0xab/0xe0 [ 824.035162] ? kvasprintf_const+0x190/0x190 [ 824.039479] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 824.045014] hwsim_new_radio_nl+0x7c0/0xa80 [ 824.049341] ? nla_parse+0x32b/0x4e0 [ 824.053049] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 824.058231] ? __netlink_ns_capable+0x100/0x130 [ 824.062891] genl_family_rcv_msg+0x8a3/0x1140 [ 824.067377] ? genl_unregister_family+0x8b0/0x8b0 [ 824.072308] ? netlink_deliver_tap+0x32d/0xfb0 [ 824.076891] ? lock_downgrade+0x8f0/0x8f0 [ 824.081031] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 824.086048] ? lock_release+0xa30/0xa30 [ 824.090024] ? __netlink_lookup+0x5e1/0xab0 [ 824.094432] ? lock_acquire+0x1e4/0x540 [ 824.098394] ? genl_rcv+0x19/0x40 [ 824.101859] genl_rcv_msg+0xc6/0x168 [ 824.105563] netlink_rcv_skb+0x172/0x440 [ 824.109627] ? genl_family_rcv_msg+0x1140/0x1140 [ 824.114379] ? netlink_ack+0xbe0/0xbe0 [ 824.118265] genl_rcv+0x28/0x40 [ 824.121531] netlink_unicast+0x5a0/0x760 [ 824.125577] ? netlink_attachskb+0x9a0/0x9a0 [ 824.129997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.135541] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 824.140550] netlink_sendmsg+0xa18/0xfc0 [ 824.144597] ? netlink_unicast+0x760/0x760 [ 824.148823] ? move_addr_to_kernel.part.20+0x100/0x100 [ 824.154111] ? security_socket_sendmsg+0x94/0xc0 [ 824.158884] ? netlink_unicast+0x760/0x760 [ 824.163106] sock_sendmsg+0xd5/0x120 [ 824.166801] ___sys_sendmsg+0x7fd/0x930 [ 824.170760] ? copy_msghdr_from_user+0x580/0x580 [ 824.175503] ? lock_acquire+0x1e4/0x540 [ 824.179654] ? __fd_install+0x2b2/0x880 [ 824.183622] ? lock_downgrade+0x8f0/0x8f0 [ 824.187763] ? select_collect+0x610/0x610 [ 824.191930] ? __fget_light+0x2f7/0x440 [ 824.195891] ? fget_raw+0x20/0x20 [ 824.199329] ? __fd_install+0x2db/0x880 [ 824.203288] ? get_unused_fd_flags+0x1a0/0x1a0 [ 824.207860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 824.213381] ? sockfd_lookup_light+0xc5/0x160 [ 824.217861] __sys_sendmsg+0x11d/0x290 [ 824.221744] ? __ia32_sys_shutdown+0x80/0x80 [ 824.226141] ? __x64_sys_futex+0x47f/0x6a0 [ 824.230372] ? fd_install+0x4d/0x60 [ 824.233989] ? ksys_ioctl+0x81/0xd0 [ 824.237602] __x64_sys_sendmsg+0x78/0xb0 [ 824.241648] do_syscall_64+0x1b9/0x820 [ 824.245522] ? finish_task_switch+0x1d3/0x870 [ 824.250012] ? syscall_return_slowpath+0x5e0/0x5e0 [ 824.254937] ? syscall_return_slowpath+0x31d/0x5e0 [ 824.259865] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 824.264869] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 824.269701] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 824.274879] RIP: 0033:0x456959 [ 824.278064] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:31:06 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:06 executing program 1: 17:31:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xffff8801c8c6c818, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:06 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x1, @dev}, 0x1c) 17:31:06 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:06 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x700000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:06 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8848}) 17:31:06 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001906050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:06 executing program 1: [ 824.296960] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 824.304918] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 824.312191] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 824.319461] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 824.326728] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 824.333991] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:06 executing program 1: 17:31:06 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000005c0)="0a5cc80700315f85714070") r1 = socket$packet(0x11, 0x1000000000003, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x100, 0xd4e9) sendto$inet6(r1, &(0x7f0000000080)="020400000700000000000000fff55b1dfa938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0f385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642494a7b50200000000000000e664f65bfc370ad3409d8b02209463abcebdbc956953902a536879a76840abe2aa09e7a11c0c49175e4570b17751062758c0d541", 0xa4, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x0, @dev}, 0x1c) 17:31:06 executing program 1: 17:31:06 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x20000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:06 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190a050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x4, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 824.412994] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:31:06 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 824.519350] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 824.526403] CPU: 1 PID: 7525 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 824.534934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.544304] Call Trace: [ 824.546918] dump_stack+0x1c9/0x2b4 [ 824.550570] ? dump_stack_print_info.cold.2+0x52/0x52 [ 824.555810] ? trace_hardirqs_on+0xd/0x10 [ 824.559979] sysfs_warn_dup.cold.3+0x1c/0x2b [ 824.564407] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 824.569891] sysfs_create_link+0x65/0xc0 [ 824.573966] device_add+0x5d0/0x17b0 [ 824.577701] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 824.582208] ? genl_family_rcv_msg+0x8a3/0x1140 [ 824.586899] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 824.592029] ? do_syscall_64+0x1b9/0x820 [ 824.596116] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 824.601334] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.606934] wiphy_register+0x1a21/0x2740 [ 824.611111] ? wiphy_unregister+0x12c0/0x12c0 [ 824.615627] ? kasan_unpoison_shadow+0x35/0x50 [ 824.620233] ? kasan_kmalloc+0xc4/0xe0 [ 824.624225] ? __kmalloc+0x315/0x760 [ 824.627941] ? __lockdep_init_map+0x105/0x590 [ 824.632451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.637992] ? ieee80211_cs_list_valid+0x7c/0x440 [ 824.642846] ? ieee80211_register_hw+0xc61/0x3890 [ 824.647693] ieee80211_register_hw+0x146b/0x3890 [ 824.652463] ? init_timer_on_stack_key+0x31/0xe0 [ 824.657239] ? ieee80211_free_ack_frame+0x60/0x60 [ 824.662096] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 824.667122] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 824.673274] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 824.678830] ? vsnprintf+0x20d/0x1b60 [ 824.682622] ? pointer+0x990/0x990 [ 824.686158] ? check_same_owner+0x340/0x340 [ 824.690476] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 824.695495] ? kvasprintf+0xea/0x140 [ 824.699204] ? bust_spinlocks+0xe0/0xe0 [ 824.703172] ? kasprintf+0xab/0xe0 [ 824.706705] ? kvasprintf_const+0x190/0x190 [ 824.711023] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 824.716568] hwsim_new_radio_nl+0x7c0/0xa80 [ 824.720885] ? nla_parse+0x32b/0x4e0 [ 824.724598] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 824.729780] ? __netlink_ns_capable+0x100/0x130 [ 824.734491] genl_family_rcv_msg+0x8a3/0x1140 [ 824.738983] ? genl_unregister_family+0x8b0/0x8b0 [ 824.743819] ? netlink_deliver_tap+0x32d/0xfb0 [ 824.748399] ? lock_downgrade+0x8f0/0x8f0 [ 824.752558] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 824.757574] ? lock_release+0xa30/0xa30 [ 824.761649] ? __netlink_lookup+0x5e1/0xab0 [ 824.765972] ? lock_acquire+0x1e4/0x540 [ 824.769943] ? genl_rcv+0x19/0x40 [ 824.773404] genl_rcv_msg+0xc6/0x168 [ 824.777120] netlink_rcv_skb+0x172/0x440 [ 824.781186] ? genl_family_rcv_msg+0x1140/0x1140 [ 824.785957] ? netlink_ack+0xbe0/0xbe0 [ 824.789838] genl_rcv+0x28/0x40 [ 824.793102] netlink_unicast+0x5a0/0x760 [ 824.797166] ? netlink_attachskb+0x9a0/0x9a0 [ 824.801581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.807132] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 824.812152] netlink_sendmsg+0xa18/0xfc0 [ 824.816224] ? netlink_unicast+0x760/0x760 [ 824.820473] ? move_addr_to_kernel.part.20+0x100/0x100 [ 824.825748] ? security_socket_sendmsg+0x94/0xc0 [ 824.830498] ? netlink_unicast+0x760/0x760 [ 824.834807] sock_sendmsg+0xd5/0x120 [ 824.838511] ___sys_sendmsg+0x7fd/0x930 [ 824.842491] ? copy_msghdr_from_user+0x580/0x580 [ 824.847353] ? lock_acquire+0x1e4/0x540 [ 824.851329] ? __fd_install+0x2b2/0x880 [ 824.855296] ? lock_downgrade+0x8f0/0x8f0 [ 824.859443] ? select_collect+0x610/0x610 [ 824.863583] ? __fget_light+0x2f7/0x440 [ 824.867546] ? fget_raw+0x20/0x20 [ 824.870985] ? __fd_install+0x2db/0x880 [ 824.874947] ? get_unused_fd_flags+0x1a0/0x1a0 [ 824.879541] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 824.885083] ? sockfd_lookup_light+0xc5/0x160 [ 824.889577] __sys_sendmsg+0x11d/0x290 [ 824.893459] ? __ia32_sys_shutdown+0x80/0x80 [ 824.897876] ? __x64_sys_futex+0x47f/0x6a0 [ 824.902120] ? fd_install+0x4d/0x60 [ 824.905747] ? ksys_ioctl+0x81/0xd0 [ 824.909382] __x64_sys_sendmsg+0x78/0xb0 [ 824.913442] do_syscall_64+0x1b9/0x820 [ 824.917315] ? finish_task_switch+0x1d3/0x870 [ 824.921810] ? syscall_return_slowpath+0x5e0/0x5e0 [ 824.926744] ? syscall_return_slowpath+0x31d/0x5e0 [ 824.931664] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 824.937022] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 824.941874] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 824.947060] RIP: 0033:0x456959 [ 824.950247] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 824.969147] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 824.976854] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 824.984116] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 824.991374] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 824.998632] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 825.005899] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:06 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:06 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x300}) 17:31:06 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000192c050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:06 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x3f00}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:06 executing program 1: 17:31:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x2, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:06 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:06 executing program 2: 17:31:06 executing program 2: 17:31:06 executing program 1: 17:31:06 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163c9, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:06 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x3a00000000000000}) [ 825.106160] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:31:07 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:07 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000019fc050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:07 executing program 2: 17:31:07 executing program 1: [ 825.183118] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 825.190166] CPU: 1 PID: 7567 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 825.198926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 825.208299] Call Trace: [ 825.210917] dump_stack+0x1c9/0x2b4 [ 825.214579] ? dump_stack_print_info.cold.2+0x52/0x52 [ 825.219788] ? trace_hardirqs_on+0xd/0x10 [ 825.223958] sysfs_warn_dup.cold.3+0x1c/0x2b [ 825.228403] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 825.233796] sysfs_create_link+0x65/0xc0 [ 825.237889] device_add+0x5d0/0x17b0 [ 825.241635] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 825.246162] ? genl_family_rcv_msg+0x8a3/0x1140 [ 825.250867] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 825.256001] ? do_syscall_64+0x1b9/0x820 [ 825.260090] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 825.265328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 825.270924] wiphy_register+0x1a21/0x2740 [ 825.275107] ? wiphy_unregister+0x12c0/0x12c0 [ 825.279627] ? kasan_unpoison_shadow+0x35/0x50 [ 825.284236] ? kasan_kmalloc+0xc4/0xe0 [ 825.288147] ? __kmalloc+0x315/0x760 [ 825.291883] ? __lockdep_init_map+0x105/0x590 [ 825.296424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 825.301988] ? ieee80211_cs_list_valid+0x7c/0x440 [ 825.306858] ? ieee80211_register_hw+0xc61/0x3890 [ 825.311770] ieee80211_register_hw+0x146b/0x3890 [ 825.316564] ? init_timer_on_stack_key+0x31/0xe0 [ 825.321363] ? ieee80211_free_ack_frame+0x60/0x60 [ 825.326262] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 825.331323] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 825.337496] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 825.343125] ? vsnprintf+0x20d/0x1b60 [ 825.346923] ? pointer+0x990/0x990 [ 825.350460] ? check_same_owner+0x340/0x340 [ 825.354870] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 825.359879] ? kvasprintf+0xea/0x140 [ 825.363688] ? bust_spinlocks+0xe0/0xe0 [ 825.367658] ? kasprintf+0xab/0xe0 [ 825.371183] ? kvasprintf_const+0x190/0x190 [ 825.375509] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 825.381051] hwsim_new_radio_nl+0x7c0/0xa80 [ 825.385377] ? nla_parse+0x32b/0x4e0 [ 825.389087] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 825.394267] ? __netlink_ns_capable+0x100/0x130 [ 825.398939] genl_family_rcv_msg+0x8a3/0x1140 [ 825.403437] ? genl_unregister_family+0x8b0/0x8b0 [ 825.408278] ? netlink_deliver_tap+0x32d/0xfb0 [ 825.412861] ? lock_downgrade+0x8f0/0x8f0 [ 825.417013] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 825.422026] ? lock_release+0xa30/0xa30 [ 825.426002] ? __netlink_lookup+0x5e1/0xab0 [ 825.430331] ? lock_acquire+0x1e4/0x540 [ 825.434314] ? genl_rcv+0x19/0x40 [ 825.437771] genl_rcv_msg+0xc6/0x168 [ 825.441478] netlink_rcv_skb+0x172/0x440 [ 825.445541] ? genl_family_rcv_msg+0x1140/0x1140 [ 825.450301] ? netlink_ack+0xbe0/0xbe0 [ 825.454194] genl_rcv+0x28/0x40 [ 825.458487] netlink_unicast+0x5a0/0x760 [ 825.462547] ? netlink_attachskb+0x9a0/0x9a0 [ 825.466949] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 825.472484] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 825.477495] netlink_sendmsg+0xa18/0xfc0 [ 825.481568] ? netlink_unicast+0x760/0x760 [ 825.485803] ? move_addr_to_kernel.part.20+0x100/0x100 [ 825.491096] ? security_socket_sendmsg+0x94/0xc0 [ 825.495855] ? netlink_unicast+0x760/0x760 [ 825.500090] sock_sendmsg+0xd5/0x120 [ 825.503804] ___sys_sendmsg+0x7fd/0x930 [ 825.507792] ? copy_msghdr_from_user+0x580/0x580 [ 825.512550] ? lock_acquire+0x1e4/0x540 [ 825.516517] ? __fd_install+0x2b2/0x880 [ 825.520484] ? lock_downgrade+0x8f0/0x8f0 [ 825.524627] ? select_collect+0x610/0x610 [ 825.528787] ? __fget_light+0x2f7/0x440 [ 825.532754] ? fget_raw+0x20/0x20 [ 825.536222] ? __fd_install+0x2db/0x880 [ 825.540214] ? get_unused_fd_flags+0x1a0/0x1a0 [ 825.544806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 825.550342] ? sockfd_lookup_light+0xc5/0x160 [ 825.554852] __sys_sendmsg+0x11d/0x290 [ 825.558837] ? __ia32_sys_shutdown+0x80/0x80 [ 825.563431] ? __x64_sys_futex+0x47f/0x6a0 [ 825.567664] ? fd_install+0x4d/0x60 [ 825.571294] ? ksys_ioctl+0x81/0xd0 [ 825.574949] __x64_sys_sendmsg+0x78/0xb0 [ 825.579029] do_syscall_64+0x1b9/0x820 [ 825.582909] ? finish_task_switch+0x1d3/0x870 [ 825.587402] ? syscall_return_slowpath+0x5e0/0x5e0 [ 825.592334] ? syscall_return_slowpath+0x31d/0x5e0 [ 825.597268] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 825.602284] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 825.607129] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 825.612309] RIP: 0033:0x456959 [ 825.615493] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 825.634396] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 825.642120] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 825.649388] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 825.656669] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 825.663942] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 825.671203] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:07 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:07 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x30}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:07 executing program 1: 17:31:07 executing program 2: 17:31:07 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x7ffffff9, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:07 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x800000000000000}) 17:31:07 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:07 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900150000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:07 executing program 2: 17:31:07 executing program 1: 17:31:07 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3be, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:07 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0xd000000}) [ 825.789836] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:31:07 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1d9569}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 825.846383] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 825.853358] CPU: 1 PID: 7613 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 825.861829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 825.871235] Call Trace: [ 825.873855] dump_stack+0x1c9/0x2b4 [ 825.877512] ? dump_stack_print_info.cold.2+0x52/0x52 [ 825.882783] ? trace_hardirqs_on+0xd/0x10 [ 825.886969] sysfs_warn_dup.cold.3+0x1c/0x2b [ 825.891490] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:31:07 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001907050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:07 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:07 executing program 2: [ 825.896869] sysfs_create_link+0x65/0xc0 [ 825.900938] device_add+0x5d0/0x17b0 [ 825.904670] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 825.909184] ? genl_family_rcv_msg+0x8a3/0x1140 [ 825.913878] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 825.919003] ? do_syscall_64+0x1b9/0x820 [ 825.923108] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 825.928414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 825.933987] wiphy_register+0x1a21/0x2740 [ 825.938186] ? wiphy_unregister+0x12c0/0x12c0 [ 825.942735] ? kasan_unpoison_shadow+0x35/0x50 [ 825.947346] ? kasan_kmalloc+0xc4/0xe0 [ 825.951261] ? __kmalloc+0x315/0x760 [ 825.954997] ? __lockdep_init_map+0x105/0x590 [ 825.959778] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 825.965514] ? ieee80211_cs_list_valid+0x7c/0x440 [ 825.970395] ? ieee80211_register_hw+0xc61/0x3890 [ 825.975258] ieee80211_register_hw+0x146b/0x3890 [ 825.980040] ? init_timer_on_stack_key+0x31/0xe0 [ 825.984844] ? ieee80211_free_ack_frame+0x60/0x60 [ 825.989704] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 825.994753] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 826.001017] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 826.006566] ? vsnprintf+0x20d/0x1b60 [ 826.010380] ? pointer+0x990/0x990 [ 826.013934] ? check_same_owner+0x340/0x340 [ 826.018270] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 826.023296] ? kvasprintf+0xea/0x140 [ 826.027031] ? bust_spinlocks+0xe0/0xe0 [ 826.031019] ? kasprintf+0xab/0xe0 [ 826.034598] ? kvasprintf_const+0x190/0x190 [ 826.038912] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 826.044440] hwsim_new_radio_nl+0x7c0/0xa80 [ 826.048760] ? nla_parse+0x32b/0x4e0 [ 826.052465] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 826.057646] ? __netlink_ns_capable+0x100/0x130 [ 826.062321] genl_family_rcv_msg+0x8a3/0x1140 [ 826.066811] ? genl_unregister_family+0x8b0/0x8b0 [ 826.071647] ? netlink_deliver_tap+0x32d/0xfb0 [ 826.076233] ? lock_downgrade+0x8f0/0x8f0 [ 826.080380] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 826.085390] ? lock_release+0xa30/0xa30 [ 826.089359] ? __netlink_lookup+0x5e1/0xab0 [ 826.093679] ? lock_acquire+0x1e4/0x540 [ 826.097637] ? genl_rcv+0x19/0x40 [ 826.101086] genl_rcv_msg+0xc6/0x168 [ 826.104789] netlink_rcv_skb+0x172/0x440 [ 826.108858] ? genl_family_rcv_msg+0x1140/0x1140 [ 826.113625] ? netlink_ack+0xbe0/0xbe0 [ 826.117506] genl_rcv+0x28/0x40 [ 826.120775] netlink_unicast+0x5a0/0x760 [ 826.124824] ? netlink_attachskb+0x9a0/0x9a0 [ 826.129222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 826.134832] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 826.139846] netlink_sendmsg+0xa18/0xfc0 [ 826.143909] ? netlink_unicast+0x760/0x760 [ 826.148139] ? move_addr_to_kernel.part.20+0x100/0x100 [ 826.153409] ? security_socket_sendmsg+0x94/0xc0 [ 826.158161] ? netlink_unicast+0x760/0x760 [ 826.162396] sock_sendmsg+0xd5/0x120 [ 826.166105] ___sys_sendmsg+0x7fd/0x930 [ 826.170068] ? copy_msghdr_from_user+0x580/0x580 [ 826.174822] ? lock_acquire+0x1e4/0x540 [ 826.178783] ? __fd_install+0x2b2/0x880 [ 826.182753] ? lock_downgrade+0x8f0/0x8f0 [ 826.186896] ? select_collect+0x610/0x610 [ 826.191057] ? __fget_light+0x2f7/0x440 [ 826.195025] ? fget_raw+0x20/0x20 [ 826.198469] ? __fd_install+0x2db/0x880 [ 826.202435] ? get_unused_fd_flags+0x1a0/0x1a0 [ 826.207026] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 826.212643] ? sockfd_lookup_light+0xc5/0x160 [ 826.217140] __sys_sendmsg+0x11d/0x290 [ 826.221017] ? __ia32_sys_shutdown+0x80/0x80 [ 826.225425] ? __x64_sys_futex+0x47f/0x6a0 [ 826.229647] ? fd_install+0x4d/0x60 [ 826.233275] ? ksys_ioctl+0x81/0xd0 [ 826.236921] __x64_sys_sendmsg+0x78/0xb0 [ 826.240981] do_syscall_64+0x1b9/0x820 [ 826.244869] ? finish_task_switch+0x1d3/0x870 [ 826.249353] ? syscall_return_slowpath+0x5e0/0x5e0 [ 826.254307] ? syscall_return_slowpath+0x31d/0x5e0 [ 826.259237] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 826.264261] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 826.269096] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 826.274270] RIP: 0033:0x456959 [ 826.277563] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 826.296476] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 826.304201] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 826.311470] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 826.318732] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 826.325996] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 826.333251] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1300, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:08 executing program 1: 17:31:08 executing program 2: 17:31:08 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001910050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:08 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:08 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x8906}) 17:31:08 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:08 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xd0ffffff00000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:08 executing program 2: [ 826.441046] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 826.485049] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 826.492040] CPU: 0 PID: 7651 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 826.500539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 826.509964] Call Trace: [ 826.512577] dump_stack+0x1c9/0x2b4 [ 826.516228] ? dump_stack_print_info.cold.2+0x52/0x52 [ 826.521445] ? trace_hardirqs_on+0xd/0x10 [ 826.525614] sysfs_warn_dup.cold.3+0x1c/0x2b [ 826.530046] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 826.535690] sysfs_create_link+0x65/0xc0 [ 826.539792] device_add+0x5d0/0x17b0 [ 826.543525] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 826.548056] ? genl_family_rcv_msg+0x8a3/0x1140 [ 826.552753] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 826.557898] ? do_syscall_64+0x1b9/0x820 [ 826.561998] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 826.567206] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 826.572805] wiphy_register+0x1a21/0x2740 [ 826.576977] ? wiphy_unregister+0x12c0/0x12c0 17:31:08 executing program 2: 17:31:08 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x6000000]}) 17:31:08 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x10000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:08 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001905050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:08 executing program 1: 17:31:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x38, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 826.581486] ? kasan_unpoison_shadow+0x35/0x50 [ 826.586090] ? kasan_kmalloc+0xc4/0xe0 [ 826.590002] ? __kmalloc+0x315/0x760 [ 826.593740] ? __lockdep_init_map+0x105/0x590 [ 826.598283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 826.603846] ? ieee80211_cs_list_valid+0x7c/0x440 [ 826.608708] ? ieee80211_register_hw+0xc61/0x3890 [ 826.613579] ieee80211_register_hw+0x146b/0x3890 [ 826.618444] ? init_timer_on_stack_key+0x31/0xe0 [ 826.623944] ? ieee80211_free_ack_frame+0x60/0x60 [ 826.628812] mac80211_hwsim_new_radio+0x1e55/0x3490 17:31:08 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket(0x840000000002, 0x3, 0xff) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x2c, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:08 executing program 1: [ 826.633872] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 826.640045] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 826.645608] ? vsnprintf+0x20d/0x1b60 [ 826.649423] ? pointer+0x990/0x990 [ 826.653003] ? check_same_owner+0x340/0x340 [ 826.657352] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 826.662380] ? kvasprintf+0xea/0x140 [ 826.666100] ? bust_spinlocks+0xe0/0xe0 [ 826.670101] ? kasprintf+0xab/0xe0 [ 826.673650] ? kvasprintf_const+0x190/0x190 [ 826.677982] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 17:31:08 executing program 2: [ 826.683535] hwsim_new_radio_nl+0x7c0/0xa80 [ 826.687869] ? nla_parse+0x32b/0x4e0 [ 826.691593] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 826.696799] ? __netlink_ns_capable+0x100/0x130 [ 826.701482] genl_family_rcv_msg+0x8a3/0x1140 [ 826.706093] ? genl_unregister_family+0x8b0/0x8b0 [ 826.710943] ? netlink_deliver_tap+0x32d/0xfb0 [ 826.715534] ? lock_downgrade+0x8f0/0x8f0 [ 826.719694] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 826.724719] ? lock_release+0xa30/0xa30 [ 826.728706] ? __netlink_lookup+0x5e1/0xab0 17:31:08 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:08 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) [ 826.733048] ? lock_acquire+0x1e4/0x540 [ 826.737027] ? genl_rcv+0x19/0x40 [ 826.740499] genl_rcv_msg+0xc6/0x168 [ 826.744231] netlink_rcv_skb+0x172/0x440 [ 826.748305] ? genl_family_rcv_msg+0x1140/0x1140 [ 826.753074] ? netlink_ack+0xbe0/0xbe0 [ 826.756977] genl_rcv+0x28/0x40 [ 826.760263] netlink_unicast+0x5a0/0x760 [ 826.764342] ? netlink_attachskb+0x9a0/0x9a0 [ 826.768774] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 826.774321] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 826.779372] netlink_sendmsg+0xa18/0xfc0 [ 826.783451] ? netlink_unicast+0x760/0x760 [ 826.787716] ? move_addr_to_kernel.part.20+0x100/0x100 [ 826.793026] ? security_socket_sendmsg+0x94/0xc0 [ 826.797857] ? netlink_unicast+0x760/0x760 [ 826.802105] sock_sendmsg+0xd5/0x120 [ 826.805827] ___sys_sendmsg+0x7fd/0x930 [ 826.809816] ? copy_msghdr_from_user+0x580/0x580 [ 826.814587] ? lock_acquire+0x1e4/0x540 [ 826.818573] ? __fd_install+0x2b2/0x880 [ 826.822565] ? lock_downgrade+0x8f0/0x8f0 [ 826.826727] ? select_collect+0x610/0x610 [ 826.830892] ? __fget_light+0x2f7/0x440 17:31:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x30, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 826.834877] ? fget_raw+0x20/0x20 [ 826.838337] ? __fd_install+0x2db/0x880 [ 826.842319] ? get_unused_fd_flags+0x1a0/0x1a0 [ 826.846923] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 826.852476] ? sockfd_lookup_light+0xc5/0x160 [ 826.856985] __sys_sendmsg+0x11d/0x290 [ 826.860899] ? __ia32_sys_shutdown+0x80/0x80 [ 826.867057] ? __x64_sys_futex+0x47f/0x6a0 [ 826.871300] ? fd_install+0x4d/0x60 [ 826.874952] ? syscall_slow_exit_work+0x500/0x500 [ 826.879794] ? ksys_ioctl+0x81/0xd0 [ 826.883413] __x64_sys_sendmsg+0x78/0xb0 [ 826.887467] do_syscall_64+0x1b9/0x820 [ 826.891345] ? finish_task_switch+0x1d3/0x870 [ 826.895850] ? syscall_return_slowpath+0x5e0/0x5e0 [ 826.900781] ? syscall_return_slowpath+0x31d/0x5e0 [ 826.905699] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 826.910716] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 826.915567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 826.920762] RIP: 0033:0x456959 [ 826.923942] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 826.942851] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 826.950579] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 826.957847] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 826.965284] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 826.972658] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 826.979929] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:08 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xa4, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:08 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x85ffffff}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:08 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:08 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xe000000]}) 17:31:08 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:08 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001909050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 827.098576] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:31:08 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:09 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xc1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:09 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 827.164874] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 827.171873] CPU: 1 PID: 7706 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 827.180379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.189744] Call Trace: [ 827.192360] dump_stack+0x1c9/0x2b4 [ 827.196041] ? dump_stack_print_info.cold.2+0x52/0x52 [ 827.201260] ? trace_hardirqs_on+0xd/0x10 [ 827.205426] sysfs_warn_dup.cold.3+0x1c/0x2b [ 827.209859] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:31:09 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x806]}) 17:31:09 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x4000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 827.215268] sysfs_create_link+0x65/0xc0 [ 827.219350] device_add+0x5d0/0x17b0 [ 827.223083] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 827.227689] ? genl_family_rcv_msg+0x8a3/0x1140 [ 827.232486] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 827.237603] ? do_syscall_64+0x1b9/0x820 [ 827.241781] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 827.246992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.252554] wiphy_register+0x1a21/0x2740 [ 827.256730] ? wiphy_unregister+0x12c0/0x12c0 [ 827.261340] ? kasan_unpoison_shadow+0x35/0x50 [ 827.265949] ? kasan_kmalloc+0xc4/0xe0 [ 827.269946] ? __kmalloc+0x315/0x760 [ 827.273689] ? __lockdep_init_map+0x105/0x590 [ 827.278216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.283783] ? ieee80211_cs_list_valid+0x7c/0x440 [ 827.288656] ? ieee80211_register_hw+0xc61/0x3890 [ 827.293523] ieee80211_register_hw+0x146b/0x3890 [ 827.298305] ? init_timer_on_stack_key+0x31/0xe0 [ 827.303082] ? ieee80211_free_ack_frame+0x60/0x60 [ 827.307933] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 827.313045] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 827.319206] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 827.324754] ? vsnprintf+0x20d/0x1b60 [ 827.328546] ? pointer+0x990/0x990 [ 827.332106] ? check_same_owner+0x340/0x340 [ 827.336468] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 827.341496] ? kvasprintf+0xea/0x140 [ 827.345330] ? bust_spinlocks+0xe0/0xe0 [ 827.349321] ? kasprintf+0xab/0xe0 [ 827.352881] ? kvasprintf_const+0x190/0x190 [ 827.357221] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 827.362779] hwsim_new_radio_nl+0x7c0/0xa80 [ 827.367103] ? nla_parse+0x32b/0x4e0 [ 827.370809] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 827.376004] ? __netlink_ns_capable+0x100/0x130 [ 827.380683] genl_family_rcv_msg+0x8a3/0x1140 [ 827.385184] ? genl_unregister_family+0x8b0/0x8b0 [ 827.390024] ? netlink_deliver_tap+0x32d/0xfb0 [ 827.394599] ? lock_downgrade+0x8f0/0x8f0 [ 827.398751] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 827.403760] ? lock_release+0xa30/0xa30 [ 827.407854] ? __netlink_lookup+0x5e1/0xab0 [ 827.412186] ? lock_acquire+0x1e4/0x540 [ 827.416155] ? genl_rcv+0x19/0x40 [ 827.419611] genl_rcv_msg+0xc6/0x168 [ 827.423321] netlink_rcv_skb+0x172/0x440 [ 827.427380] ? genl_family_rcv_msg+0x1140/0x1140 [ 827.432225] ? netlink_ack+0xbe0/0xbe0 [ 827.436109] genl_rcv+0x28/0x40 [ 827.439397] netlink_unicast+0x5a0/0x760 [ 827.443457] ? netlink_attachskb+0x9a0/0x9a0 [ 827.447857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.453398] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 827.459368] netlink_sendmsg+0xa18/0xfc0 [ 827.463429] ? netlink_unicast+0x760/0x760 [ 827.467690] ? move_addr_to_kernel.part.20+0x100/0x100 [ 827.472957] ? security_socket_sendmsg+0x94/0xc0 [ 827.477702] ? netlink_unicast+0x760/0x760 [ 827.481941] sock_sendmsg+0xd5/0x120 [ 827.485671] ___sys_sendmsg+0x7fd/0x930 [ 827.489645] ? copy_msghdr_from_user+0x580/0x580 [ 827.494394] ? lock_acquire+0x1e4/0x540 [ 827.498373] ? __fd_install+0x2b2/0x880 [ 827.502605] ? lock_downgrade+0x8f0/0x8f0 [ 827.506840] ? select_collect+0x610/0x610 [ 827.510981] ? __fget_light+0x2f7/0x440 [ 827.514954] ? fget_raw+0x20/0x20 [ 827.518405] ? __fd_install+0x2db/0x880 [ 827.522374] ? get_unused_fd_flags+0x1a0/0x1a0 [ 827.526965] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 827.532585] ? sockfd_lookup_light+0xc5/0x160 [ 827.537068] __sys_sendmsg+0x11d/0x290 [ 827.540956] ? __ia32_sys_shutdown+0x80/0x80 [ 827.545390] ? __x64_sys_futex+0x47f/0x6a0 [ 827.549634] ? fd_install+0x4d/0x60 [ 827.553253] ? ksys_ioctl+0x81/0xd0 [ 827.556877] __x64_sys_sendmsg+0x78/0xb0 [ 827.560931] do_syscall_64+0x1b9/0x820 [ 827.564808] ? syscall_return_slowpath+0x5e0/0x5e0 [ 827.569737] ? syscall_return_slowpath+0x31d/0x5e0 [ 827.574664] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 827.579679] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 827.584536] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.589720] RIP: 0033:0x456959 [ 827.592921] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 827.611861] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 827.619582] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 827.626893] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 827.634222] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 827.641506] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 827.648787] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 827.660260] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 827.687360] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 827.694381] CPU: 0 PID: 7725 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 827.702811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.712176] Call Trace: [ 827.714786] dump_stack+0x1c9/0x2b4 [ 827.718439] ? dump_stack_print_info.cold.2+0x52/0x52 [ 827.723652] ? trace_hardirqs_on+0xd/0x10 [ 827.727831] sysfs_warn_dup.cold.3+0x1c/0x2b [ 827.732266] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 827.737658] sysfs_create_link+0x65/0xc0 [ 827.741745] device_add+0x5d0/0x17b0 [ 827.745477] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 827.749986] ? genl_family_rcv_msg+0x8a3/0x1140 [ 827.754683] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 827.759814] ? do_syscall_64+0x1b9/0x820 [ 827.763895] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 827.769198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.774761] wiphy_register+0x1a21/0x2740 [ 827.778938] ? wiphy_unregister+0x12c0/0x12c0 [ 827.783450] ? kasan_unpoison_shadow+0x35/0x50 [ 827.788077] ? kasan_kmalloc+0xc4/0xe0 [ 827.792010] ? __kmalloc+0x315/0x760 [ 827.795741] ? __lockdep_init_map+0x105/0x590 [ 827.800277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.805837] ? ieee80211_cs_list_valid+0x7c/0x440 [ 827.810704] ? ieee80211_register_hw+0xc61/0x3890 [ 827.815566] ieee80211_register_hw+0x146b/0x3890 [ 827.820343] ? init_timer_on_stack_key+0x31/0xe0 [ 827.825119] ? ieee80211_free_ack_frame+0x60/0x60 [ 827.829984] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 827.835031] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 827.841201] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 827.846757] ? vsnprintf+0x20d/0x1b60 [ 827.850571] ? pointer+0x990/0x990 [ 827.854124] ? do_raw_spin_unlock+0xa7/0x2f0 [ 827.858547] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 827.863583] ? kvasprintf+0xea/0x140 17:31:09 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001904050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:09 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") close(0xffffffffffffffff) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:09 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:09 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 827.867309] ? bust_spinlocks+0xe0/0xe0 [ 827.871304] ? kasprintf+0xab/0xe0 [ 827.874865] ? kvasprintf_const+0x190/0x190 [ 827.879201] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 827.884755] hwsim_new_radio_nl+0x7c0/0xa80 [ 827.889090] ? nla_parse+0x32b/0x4e0 [ 827.892815] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 827.898017] ? __netlink_ns_capable+0x100/0x130 [ 827.902726] genl_family_rcv_msg+0x8a3/0x1140 [ 827.907242] ? genl_unregister_family+0x8b0/0x8b0 [ 827.912105] ? netlink_deliver_tap+0x32d/0xfb0 [ 827.916877] ? lock_downgrade+0x8f0/0x8f0 [ 827.921053] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 827.926083] ? lock_release+0xa30/0xa30 [ 827.930072] ? lock_acquire+0x1e4/0x540 [ 827.934047] ? genl_rcv+0x19/0x40 [ 827.937516] genl_rcv_msg+0xc6/0x168 [ 827.941233] netlink_rcv_skb+0x172/0x440 [ 827.945310] ? genl_family_rcv_msg+0x1140/0x1140 [ 827.950234] ? netlink_ack+0xbe0/0xbe0 [ 827.954142] genl_rcv+0x28/0x40 [ 827.957412] netlink_unicast+0x5a0/0x760 [ 827.961486] ? netlink_attachskb+0x9a0/0x9a0 [ 827.965886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.971418] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 827.976443] netlink_sendmsg+0xa18/0xfc0 [ 827.980532] ? netlink_unicast+0x760/0x760 [ 827.984786] ? move_addr_to_kernel.part.20+0x100/0x100 [ 827.990064] ? security_socket_sendmsg+0x94/0xc0 [ 827.994827] ? netlink_unicast+0x760/0x760 [ 827.999070] sock_sendmsg+0xd5/0x120 [ 828.002784] ___sys_sendmsg+0x7fd/0x930 [ 828.006765] ? copy_msghdr_from_user+0x580/0x580 [ 828.011531] ? lock_acquire+0x1e4/0x540 [ 828.015503] ? __fd_install+0x2b2/0x880 [ 828.019466] ? lock_downgrade+0x8f0/0x8f0 [ 828.023615] ? select_collect+0x610/0x610 [ 828.027767] ? __fget_light+0x2f7/0x440 [ 828.031751] ? fget_raw+0x20/0x20 [ 828.035195] ? __fd_install+0x2db/0x880 [ 828.039161] ? get_unused_fd_flags+0x1a0/0x1a0 [ 828.043750] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 828.049391] ? sockfd_lookup_light+0xc5/0x160 [ 828.053889] __sys_sendmsg+0x11d/0x290 [ 828.057774] ? __ia32_sys_shutdown+0x80/0x80 [ 828.062190] ? __x64_sys_futex+0x47f/0x6a0 [ 828.066420] ? fd_install+0x4d/0x60 [ 828.070036] ? ksys_ioctl+0x81/0xd0 [ 828.073658] __x64_sys_sendmsg+0x78/0xb0 [ 828.077719] do_syscall_64+0x1b9/0x820 [ 828.081613] ? finish_task_switch+0x1d3/0x870 [ 828.086195] ? syscall_return_slowpath+0x5e0/0x5e0 [ 828.091118] ? syscall_return_slowpath+0x31d/0x5e0 [ 828.096043] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 828.101058] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 828.105902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 828.111092] RIP: 0033:0x456959 [ 828.114281] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 828.133203] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 828.140931] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 828.148304] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 828.155672] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 828.162949] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 828.170214] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:10 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3c7, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:10 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xe00]}) 17:31:10 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x79000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:10 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r0, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:10 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:10 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900140000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 828.276869] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 828.319156] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 828.326240] CPU: 1 PID: 7766 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 828.334650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 828.344009] Call Trace: [ 828.346620] dump_stack+0x1c9/0x2b4 [ 828.350275] ? dump_stack_print_info.cold.2+0x52/0x52 [ 828.355511] ? trace_hardirqs_on+0xd/0x10 [ 828.359686] sysfs_warn_dup.cold.3+0x1c/0x2b [ 828.364137] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 828.369519] sysfs_create_link+0x65/0xc0 [ 828.373607] device_add+0x5d0/0x17b0 [ 828.377336] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 828.381846] ? genl_family_rcv_msg+0x8a3/0x1140 [ 828.386537] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 828.391657] ? do_syscall_64+0x1b9/0x820 [ 828.395735] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 828.400943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.406509] wiphy_register+0x1a21/0x2740 [ 828.410784] ? wiphy_unregister+0x12c0/0x12c0 [ 828.415315] ? kasan_unpoison_shadow+0x35/0x50 17:31:10 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x8906000000000000]}) 17:31:10 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r0, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:10 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190b050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:10 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x7100}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:10 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 828.419921] ? kasan_kmalloc+0xc4/0xe0 [ 828.423872] ? __kmalloc+0x315/0x760 [ 828.427604] ? __lockdep_init_map+0x105/0x590 [ 828.432134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.437725] ? ieee80211_cs_list_valid+0x7c/0x440 [ 828.442591] ? ieee80211_register_hw+0xc61/0x3890 [ 828.447482] ieee80211_register_hw+0x146b/0x3890 [ 828.452265] ? init_timer_on_stack_key+0x31/0xe0 [ 828.457047] ? ieee80211_free_ack_frame+0x60/0x60 [ 828.462021] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 828.467529] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 828.473701] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 828.479259] ? vsnprintf+0x20d/0x1b60 [ 828.483067] ? pointer+0x990/0x990 [ 828.486618] ? check_same_owner+0x340/0x340 [ 828.490935] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 828.495949] ? kvasprintf+0xea/0x140 [ 828.499656] ? bust_spinlocks+0xe0/0xe0 [ 828.503628] ? kasprintf+0xab/0xe0 [ 828.507163] ? kvasprintf_const+0x190/0x190 [ 828.511501] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 828.517037] hwsim_new_radio_nl+0x7c0/0xa80 [ 828.521360] ? nla_parse+0x32b/0x4e0 [ 828.525068] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 828.530254] ? __netlink_ns_capable+0x100/0x130 [ 828.534908] genl_family_rcv_msg+0x8a3/0x1140 [ 828.539394] ? genl_unregister_family+0x8b0/0x8b0 [ 828.544230] ? netlink_deliver_tap+0x32d/0xfb0 [ 828.548807] ? lock_downgrade+0x8f0/0x8f0 [ 828.552953] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 828.557960] ? lock_release+0xa30/0xa30 [ 828.561922] ? __netlink_lookup+0x5e1/0xab0 [ 828.566240] ? lock_acquire+0x1e4/0x540 [ 828.570227] ? genl_rcv+0x19/0x40 [ 828.573681] genl_rcv_msg+0xc6/0x168 [ 828.577392] netlink_rcv_skb+0x172/0x440 [ 828.581448] ? genl_family_rcv_msg+0x1140/0x1140 [ 828.586208] ? netlink_ack+0xbe0/0xbe0 [ 828.590085] genl_rcv+0x28/0x40 [ 828.593357] netlink_unicast+0x5a0/0x760 [ 828.597407] ? netlink_attachskb+0x9a0/0x9a0 [ 828.601807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.607339] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 828.612350] netlink_sendmsg+0xa18/0xfc0 [ 828.616410] ? netlink_unicast+0x760/0x760 [ 828.620733] ? move_addr_to_kernel.part.20+0x100/0x100 [ 828.626018] ? security_socket_sendmsg+0x94/0xc0 [ 828.630806] ? netlink_unicast+0x760/0x760 [ 828.635036] sock_sendmsg+0xd5/0x120 [ 828.638754] ___sys_sendmsg+0x7fd/0x930 [ 828.642733] ? copy_msghdr_from_user+0x580/0x580 [ 828.647501] ? lock_acquire+0x1e4/0x540 [ 828.651481] ? __fd_install+0x2b2/0x880 [ 828.655450] ? lock_downgrade+0x8f0/0x8f0 [ 828.659598] ? select_collect+0x610/0x610 [ 828.663750] ? __fget_light+0x2f7/0x440 [ 828.667755] ? fget_raw+0x20/0x20 17:31:10 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) [ 828.671214] ? __fd_install+0x2db/0x880 [ 828.675205] ? get_unused_fd_flags+0x1a0/0x1a0 [ 828.679795] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 828.685339] ? sockfd_lookup_light+0xc5/0x160 [ 828.689844] __sys_sendmsg+0x11d/0x290 [ 828.693824] ? __ia32_sys_shutdown+0x80/0x80 [ 828.698240] ? __x64_sys_futex+0x47f/0x6a0 [ 828.702482] ? fd_install+0x4d/0x60 [ 828.706130] __x64_sys_sendmsg+0x78/0xb0 [ 828.710205] do_syscall_64+0x1b9/0x820 [ 828.714106] ? finish_task_switch+0x1d3/0x870 [ 828.718621] ? syscall_return_slowpath+0x5e0/0x5e0 [ 828.723576] ? syscall_return_slowpath+0x31d/0x5e0 [ 828.728538] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 828.733568] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 828.738413] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 828.743602] RIP: 0033:0x456959 [ 828.746791] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:31:10 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 828.765708] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 828.773430] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 828.780708] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 828.787978] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 828.795236] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 828.802496] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x76744bd9, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:10 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r0, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:10 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xa}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:10 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x3000000]}) 17:31:10 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001960050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:10 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3b, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:10 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r0, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:10 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 828.976944] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:31:10 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x4d}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:10 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001902050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:10 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 829.031347] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 829.038286] CPU: 1 PID: 7819 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 829.046698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.056069] Call Trace: [ 829.058690] dump_stack+0x1c9/0x2b4 [ 829.062339] ? dump_stack_print_info.cold.2+0x52/0x52 [ 829.067554] ? trace_hardirqs_on+0xd/0x10 [ 829.071737] sysfs_warn_dup.cold.3+0x1c/0x2b [ 829.076178] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 829.081562] sysfs_create_link+0x65/0xc0 [ 829.085651] device_add+0x5d0/0x17b0 [ 829.089385] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 829.093903] ? genl_family_rcv_msg+0x8a3/0x1140 [ 829.098592] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 829.103689] ? do_syscall_64+0x1b9/0x820 [ 829.107753] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 829.112937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.118542] wiphy_register+0x1a21/0x2740 [ 829.122701] ? wiphy_unregister+0x12c0/0x12c0 [ 829.127199] ? kasan_unpoison_shadow+0x35/0x50 [ 829.131774] ? kasan_kmalloc+0xc4/0xe0 [ 829.135667] ? __kmalloc+0x315/0x760 [ 829.139373] ? __lockdep_init_map+0x105/0x590 [ 829.143867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.149410] ? ieee80211_cs_list_valid+0x7c/0x440 [ 829.154261] ? ieee80211_register_hw+0xc61/0x3890 [ 829.159102] ieee80211_register_hw+0x146b/0x3890 [ 829.163862] ? init_timer_on_stack_key+0x31/0xe0 [ 829.168625] ? ieee80211_free_ack_frame+0x60/0x60 [ 829.173496] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 829.178618] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 829.184771] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 829.190323] ? vsnprintf+0x20d/0x1b60 [ 829.194112] ? pointer+0x990/0x990 [ 829.197643] ? check_same_owner+0x340/0x340 [ 829.201974] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 829.207092] ? kvasprintf+0xea/0x140 [ 829.210808] ? bust_spinlocks+0xe0/0xe0 [ 829.214788] ? kasprintf+0xab/0xe0 [ 829.218333] ? kvasprintf_const+0x190/0x190 [ 829.222764] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 829.228301] hwsim_new_radio_nl+0x7c0/0xa80 [ 829.232616] ? nla_parse+0x32b/0x4e0 [ 829.236325] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 829.241729] ? __netlink_ns_capable+0x100/0x130 [ 829.246405] genl_family_rcv_msg+0x8a3/0x1140 [ 829.250902] ? genl_unregister_family+0x8b0/0x8b0 [ 829.255744] ? netlink_deliver_tap+0x32d/0xfb0 [ 829.260335] ? lock_downgrade+0x8f0/0x8f0 [ 829.264493] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 829.269507] ? lock_release+0xa30/0xa30 [ 829.273477] ? __netlink_lookup+0x5e1/0xab0 [ 829.277786] ? lock_acquire+0x1e4/0x540 [ 829.281749] ? genl_rcv+0x19/0x40 [ 829.285372] genl_rcv_msg+0xc6/0x168 [ 829.289083] netlink_rcv_skb+0x172/0x440 [ 829.293143] ? genl_family_rcv_msg+0x1140/0x1140 [ 829.297888] ? netlink_ack+0xbe0/0xbe0 [ 829.301775] genl_rcv+0x28/0x40 [ 829.305054] netlink_unicast+0x5a0/0x760 [ 829.309101] ? netlink_attachskb+0x9a0/0x9a0 [ 829.313499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.319022] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 829.324056] netlink_sendmsg+0xa18/0xfc0 [ 829.328107] ? netlink_unicast+0x760/0x760 [ 829.332344] ? move_addr_to_kernel.part.20+0x100/0x100 [ 829.337629] ? security_socket_sendmsg+0x94/0xc0 [ 829.342380] ? netlink_unicast+0x760/0x760 [ 829.346602] sock_sendmsg+0xd5/0x120 [ 829.350308] ___sys_sendmsg+0x7fd/0x930 [ 829.354274] ? copy_msghdr_from_user+0x580/0x580 [ 829.359026] ? lock_acquire+0x1e4/0x540 [ 829.363006] ? __fd_install+0x2b2/0x880 [ 829.366980] ? lock_downgrade+0x8f0/0x8f0 [ 829.371132] ? select_collect+0x610/0x610 [ 829.375282] ? __fget_light+0x2f7/0x440 [ 829.379243] ? fget_raw+0x20/0x20 [ 829.382684] ? __fd_install+0x2db/0x880 [ 829.386657] ? get_unused_fd_flags+0x1a0/0x1a0 [ 829.391259] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 829.396786] ? sockfd_lookup_light+0xc5/0x160 [ 829.401281] __sys_sendmsg+0x11d/0x290 [ 829.405162] ? __ia32_sys_shutdown+0x80/0x80 [ 829.409586] ? __x64_sys_futex+0x47f/0x6a0 [ 829.413818] ? fd_install+0x4d/0x60 [ 829.417458] ? syscall_slow_exit_work+0x500/0x500 [ 829.422288] ? ksys_ioctl+0x81/0xd0 [ 829.425915] __x64_sys_sendmsg+0x78/0xb0 [ 829.429975] do_syscall_64+0x1b9/0x820 [ 829.433854] ? syscall_return_slowpath+0x5e0/0x5e0 [ 829.438786] ? syscall_return_slowpath+0x31d/0x5e0 [ 829.443712] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 829.448741] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 829.453600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 829.459776] RIP: 0033:0x456959 [ 829.462967] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:31:11 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x88480000]}) 17:31:11 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r0, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 829.481877] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 829.489585] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 829.496965] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 829.504414] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 829.511674] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 829.518942] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:11 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:11 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 829.590914] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 829.617550] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 829.624521] CPU: 1 PID: 7826 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 17:31:11 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r0, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 829.632938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.642307] Call Trace: [ 829.644929] dump_stack+0x1c9/0x2b4 [ 829.648596] ? dump_stack_print_info.cold.2+0x52/0x52 [ 829.653816] ? trace_hardirqs_on+0xd/0x10 [ 829.657987] sysfs_warn_dup.cold.3+0x1c/0x2b [ 829.662454] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 829.667844] sysfs_create_link+0x65/0xc0 [ 829.671927] device_add+0x5d0/0x17b0 [ 829.675664] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 829.680180] ? genl_family_rcv_msg+0x8a3/0x1140 [ 829.684875] ? get_device_parent.isra.27+0x5a0/0x5a0 17:31:11 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 829.690011] ? do_syscall_64+0x1b9/0x820 [ 829.694102] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 829.699312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.704877] wiphy_register+0x1a21/0x2740 [ 829.709055] ? wiphy_unregister+0x12c0/0x12c0 [ 829.713563] ? kasan_unpoison_shadow+0x35/0x50 [ 829.718158] ? kasan_kmalloc+0xc4/0xe0 [ 829.722071] ? __kmalloc+0x315/0x760 [ 829.725797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.731350] ? ieee80211_cs_list_valid+0x7c/0x440 [ 829.736223] ? ieee80211_register_hw+0xc61/0x3890 17:31:11 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x3c000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:11 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x89060000]}) [ 829.741087] ieee80211_register_hw+0x146b/0x3890 [ 829.745865] ? init_timer_on_stack_key+0x31/0xe0 [ 829.750657] ? ieee80211_free_ack_frame+0x60/0x60 [ 829.755531] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 829.760567] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 829.766731] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 829.772284] ? vsnprintf+0x20d/0x1b60 [ 829.776362] ? pointer+0x990/0x990 [ 829.779925] ? do_raw_spin_unlock+0xa7/0x2f0 [ 829.784358] ? __sanitizer_cov_trace_cmp4+0x16/0x20 17:31:11 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001908050000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 829.789442] ? kvasprintf+0xea/0x140 [ 829.793180] ? bust_spinlocks+0xe0/0xe0 [ 829.797168] ? kasprintf+0xab/0xe0 [ 829.800721] ? kvasprintf_const+0x190/0x190 [ 829.805055] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 829.810610] hwsim_new_radio_nl+0x7c0/0xa80 [ 829.814947] ? nla_parse+0x32b/0x4e0 [ 829.818697] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 829.823902] ? __netlink_ns_capable+0x100/0x130 [ 829.828590] genl_family_rcv_msg+0x8a3/0x1140 [ 829.833099] ? genl_unregister_family+0x8b0/0x8b0 [ 829.837937] ? netlink_deliver_tap+0x32d/0xfb0 [ 829.842519] ? lock_downgrade+0x8f0/0x8f0 [ 829.846670] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 829.851774] ? lock_release+0xa30/0xa30 [ 829.855853] ? lock_acquire+0x1e4/0x540 [ 829.859845] ? genl_rcv+0x19/0x40 [ 829.863304] genl_rcv_msg+0xc6/0x168 [ 829.867027] netlink_rcv_skb+0x172/0x440 [ 829.871088] ? genl_family_rcv_msg+0x1140/0x1140 [ 829.875845] ? netlink_ack+0xbe0/0xbe0 [ 829.879732] genl_rcv+0x28/0x40 [ 829.883267] netlink_unicast+0x5a0/0x760 [ 829.887320] ? netlink_attachskb+0x9a0/0x9a0 [ 829.891731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.897266] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 829.902286] netlink_sendmsg+0xa18/0xfc0 [ 829.906350] ? netlink_unicast+0x760/0x760 [ 829.910582] ? move_addr_to_kernel.part.20+0x100/0x100 [ 829.915865] ? security_socket_sendmsg+0x94/0xc0 [ 829.920631] ? netlink_unicast+0x760/0x760 [ 829.924875] sock_sendmsg+0xd5/0x120 [ 829.928584] ___sys_sendmsg+0x7fd/0x930 [ 829.932561] ? copy_msghdr_from_user+0x580/0x580 [ 829.937316] ? lock_acquire+0x1e4/0x540 [ 829.941284] ? __fd_install+0x2b2/0x880 [ 829.945267] ? lock_downgrade+0x8f0/0x8f0 [ 829.949419] ? select_collect+0x610/0x610 [ 829.953557] ? __fget_light+0x2f7/0x440 [ 829.957536] ? fget_raw+0x20/0x20 [ 829.961009] ? __fd_install+0x2db/0x880 [ 829.964984] ? get_unused_fd_flags+0x1a0/0x1a0 [ 829.969574] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 829.975122] ? sockfd_lookup_light+0xc5/0x160 [ 829.979612] __sys_sendmsg+0x11d/0x290 [ 829.983588] ? __ia32_sys_shutdown+0x80/0x80 [ 829.988001] ? __x64_sys_futex+0x47f/0x6a0 [ 829.992238] ? fd_install+0x4d/0x60 [ 829.995881] ? ksys_ioctl+0x81/0xd0 [ 829.999496] __x64_sys_sendmsg+0x78/0xb0 [ 830.003560] do_syscall_64+0x1b9/0x820 [ 830.007434] ? finish_task_switch+0x1d3/0x870 [ 830.011937] ? syscall_return_slowpath+0x5e0/0x5e0 [ 830.016874] ? syscall_return_slowpath+0x31d/0x5e0 [ 830.021791] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 830.026806] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 830.031767] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 830.036947] RIP: 0033:0x456959 [ 830.040136] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 830.059124] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 830.066841] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 830.074103] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 830.081366] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 17:31:11 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163d4, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 830.088637] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 830.095908] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:11 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(0x0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:12 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x21]}) 17:31:12 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900150000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:12 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xff000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:12 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:12 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(0x0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xbe, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 830.260265] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 830.310003] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 830.316989] CPU: 1 PID: 7885 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 830.325577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 830.334939] Call Trace: [ 830.337565] dump_stack+0x1c9/0x2b4 [ 830.341240] ? dump_stack_print_info.cold.2+0x52/0x52 [ 830.346496] ? trace_hardirqs_on+0xd/0x10 [ 830.350668] sysfs_warn_dup.cold.3+0x1c/0x2b [ 830.355097] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 830.360484] sysfs_create_link+0x65/0xc0 [ 830.364572] device_add+0x5d0/0x17b0 [ 830.368307] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 830.372825] ? genl_family_rcv_msg+0x8a3/0x1140 [ 830.377517] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 830.382639] ? do_syscall_64+0x1b9/0x820 [ 830.386730] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 830.391960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.397524] wiphy_register+0x1a21/0x2740 [ 830.401690] ? wiphy_unregister+0x12c0/0x12c0 [ 830.406198] ? kasan_unpoison_shadow+0x35/0x50 [ 830.410801] ? kasan_kmalloc+0xc4/0xe0 [ 830.414712] ? __kmalloc+0x315/0x760 [ 830.418447] ? __lockdep_init_map+0x105/0x590 [ 830.422966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.428519] ? ieee80211_cs_list_valid+0x7c/0x440 [ 830.433377] ? ieee80211_register_hw+0xc61/0x3890 [ 830.438249] ieee80211_register_hw+0x146b/0x3890 [ 830.443038] ? init_timer_on_stack_key+0x31/0xe0 [ 830.447815] ? ieee80211_free_ack_frame+0x60/0x60 [ 830.452667] mac80211_hwsim_new_radio+0x1e55/0x3490 17:31:12 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, &(0x7f0000000040)) 17:31:12 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x8848000000000000]}) 17:31:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3b9, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:12 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900160000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:12 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 830.457875] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 830.464033] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 830.469574] ? vsnprintf+0x20d/0x1b60 [ 830.473391] ? pointer+0x990/0x990 [ 830.476946] ? check_same_owner+0x340/0x340 [ 830.481277] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 830.486299] ? kvasprintf+0xea/0x140 [ 830.490018] ? bust_spinlocks+0xe0/0xe0 [ 830.493992] ? kasprintf+0xab/0xe0 [ 830.497531] ? kvasprintf_const+0x190/0x190 [ 830.501865] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 830.507413] hwsim_new_radio_nl+0x7c0/0xa80 [ 830.511748] ? nla_parse+0x32b/0x4e0 [ 830.515578] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 830.520775] ? __netlink_ns_capable+0x100/0x130 [ 830.525458] genl_family_rcv_msg+0x8a3/0x1140 [ 830.529987] ? genl_unregister_family+0x8b0/0x8b0 [ 830.534946] ? netlink_deliver_tap+0x32d/0xfb0 [ 830.539537] ? lock_downgrade+0x8f0/0x8f0 [ 830.543694] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 830.548700] ? lock_release+0xa30/0xa30 [ 830.552677] ? __netlink_lookup+0x5e1/0xab0 [ 830.557006] ? lock_acquire+0x1e4/0x540 [ 830.560973] ? genl_rcv+0x19/0x40 [ 830.564421] genl_rcv_msg+0xc6/0x168 [ 830.568143] netlink_rcv_skb+0x172/0x440 [ 830.572211] ? genl_family_rcv_msg+0x1140/0x1140 [ 830.576961] ? netlink_ack+0xbe0/0xbe0 [ 830.580839] genl_rcv+0x28/0x40 [ 830.584104] netlink_unicast+0x5a0/0x760 [ 830.588157] ? netlink_attachskb+0x9a0/0x9a0 [ 830.592588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.598117] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 830.603121] netlink_sendmsg+0xa18/0xfc0 [ 830.607188] ? netlink_unicast+0x760/0x760 [ 830.611431] ? move_addr_to_kernel.part.20+0x100/0x100 [ 830.616710] ? security_socket_sendmsg+0x94/0xc0 [ 830.621471] ? netlink_unicast+0x760/0x760 [ 830.625717] sock_sendmsg+0xd5/0x120 [ 830.629428] ___sys_sendmsg+0x7fd/0x930 [ 830.633396] ? copy_msghdr_from_user+0x580/0x580 [ 830.638164] ? lock_acquire+0x1e4/0x540 [ 830.642135] ? __fd_install+0x2b2/0x880 [ 830.646106] ? lock_downgrade+0x8f0/0x8f0 [ 830.650247] ? select_collect+0x610/0x610 [ 830.654785] ? __fget_light+0x2f7/0x440 17:31:12 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 830.658756] ? fget_raw+0x20/0x20 [ 830.662225] ? __fd_install+0x2db/0x880 [ 830.666190] ? get_unused_fd_flags+0x1a0/0x1a0 [ 830.670779] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 830.676334] ? sockfd_lookup_light+0xc5/0x160 [ 830.680853] __sys_sendmsg+0x11d/0x290 [ 830.684764] ? __ia32_sys_shutdown+0x80/0x80 [ 830.689206] ? __x64_sys_futex+0x47f/0x6a0 [ 830.693449] ? fd_install+0x4d/0x60 [ 830.697086] ? ksys_ioctl+0x81/0xd0 [ 830.700804] __x64_sys_sendmsg+0x78/0xb0 [ 830.704867] do_syscall_64+0x1b9/0x820 17:31:12 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 830.708768] ? syscall_return_slowpath+0x5e0/0x5e0 [ 830.713714] ? syscall_return_slowpath+0x31d/0x5e0 [ 830.718669] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 830.723708] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 830.728575] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 830.733771] RIP: 0033:0x456959 [ 830.736974] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 830.755884] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 830.763701] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 830.770998] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 830.778279] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 830.785575] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 830.792858] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 830.854067] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 830.875560] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 830.882510] CPU: 1 PID: 7885 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 830.890931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 830.900391] Call Trace: [ 830.902990] dump_stack+0x1c9/0x2b4 [ 830.906652] ? dump_stack_print_info.cold.2+0x52/0x52 [ 830.911876] ? trace_hardirqs_on+0xd/0x10 [ 830.916055] sysfs_warn_dup.cold.3+0x1c/0x2b [ 830.920516] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 830.925908] sysfs_create_link+0x65/0xc0 [ 830.929985] device_add+0x5d0/0x17b0 [ 830.933687] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 830.938195] ? genl_family_rcv_msg+0x8a3/0x1140 [ 830.942868] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 830.948071] ? do_syscall_64+0x1b9/0x820 [ 830.952132] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 830.957321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.962862] wiphy_register+0x1a21/0x2740 [ 830.967005] ? wiphy_unregister+0x12c0/0x12c0 [ 830.971493] ? kasan_unpoison_shadow+0x35/0x50 [ 830.976075] ? kasan_kmalloc+0xc4/0xe0 [ 830.979966] ? __kmalloc+0x315/0x760 [ 830.983678] ? __lockdep_init_map+0x105/0x590 [ 830.988182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.993725] ? ieee80211_cs_list_valid+0x7c/0x440 [ 830.998582] ? ieee80211_register_hw+0xc61/0x3890 [ 831.003480] ieee80211_register_hw+0x146b/0x3890 [ 831.008233] ? init_timer_on_stack_key+0x31/0xe0 [ 831.012985] ? ieee80211_free_ack_frame+0x60/0x60 [ 831.017835] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 831.022857] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 831.029009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 831.034535] ? vsnprintf+0x20d/0x1b60 [ 831.038326] ? pointer+0x990/0x990 [ 831.041872] ? check_same_owner+0x340/0x340 [ 831.046203] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 831.051225] ? kvasprintf+0xea/0x140 [ 831.054922] ? bust_spinlocks+0xe0/0xe0 [ 831.058898] ? kasprintf+0xab/0xe0 [ 831.062427] ? kvasprintf_const+0x190/0x190 [ 831.066754] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 831.072289] hwsim_new_radio_nl+0x7c0/0xa80 [ 831.076609] ? nla_parse+0x32b/0x4e0 [ 831.080319] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 831.085499] ? __netlink_ns_capable+0x100/0x130 [ 831.090160] genl_family_rcv_msg+0x8a3/0x1140 [ 831.094653] ? genl_unregister_family+0x8b0/0x8b0 [ 831.099495] ? netlink_deliver_tap+0x32d/0xfb0 [ 831.104079] ? lock_downgrade+0x8f0/0x8f0 [ 831.108223] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 831.113225] ? lock_release+0xa30/0xa30 [ 831.117193] ? __netlink_lookup+0x5e1/0xab0 [ 831.121513] ? lock_acquire+0x1e4/0x540 [ 831.125476] ? genl_rcv+0x19/0x40 [ 831.128925] genl_rcv_msg+0xc6/0x168 [ 831.132628] netlink_rcv_skb+0x172/0x440 [ 831.136673] ? genl_family_rcv_msg+0x1140/0x1140 [ 831.141421] ? netlink_ack+0xbe0/0xbe0 [ 831.145306] genl_rcv+0x28/0x40 [ 831.148582] netlink_unicast+0x5a0/0x760 [ 831.152630] ? netlink_attachskb+0x9a0/0x9a0 [ 831.157031] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 831.162558] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 831.167567] netlink_sendmsg+0xa18/0xfc0 [ 831.171625] ? netlink_unicast+0x760/0x760 [ 831.175855] ? move_addr_to_kernel.part.20+0x100/0x100 [ 831.181134] ? security_socket_sendmsg+0x94/0xc0 [ 831.185891] ? netlink_unicast+0x760/0x760 [ 831.190115] sock_sendmsg+0xd5/0x120 [ 831.193817] ___sys_sendmsg+0x7fd/0x930 [ 831.197782] ? copy_msghdr_from_user+0x580/0x580 [ 831.202534] ? lock_acquire+0x1e4/0x540 [ 831.206499] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 831.211685] ? __fget_light+0x2f7/0x440 [ 831.215647] ? fget_raw+0x20/0x20 [ 831.219092] ? __fd_install+0x2db/0x880 [ 831.223068] ? dlci_ioctl_set+0x40/0x40 [ 831.227032] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.232559] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 831.238085] ? sockfd_lookup_light+0xc5/0x160 [ 831.242570] __sys_sendmsg+0x11d/0x290 [ 831.246451] ? __ia32_sys_shutdown+0x80/0x80 [ 831.250877] ? __x64_sys_futex+0x47f/0x6a0 [ 831.255103] ? fd_install+0x4d/0x60 [ 831.258741] ? ksys_ioctl+0x81/0xd0 [ 831.262367] __x64_sys_sendmsg+0x78/0xb0 [ 831.266515] do_syscall_64+0x1b9/0x820 [ 831.270399] ? syscall_return_slowpath+0x5e0/0x5e0 [ 831.275314] ? syscall_return_slowpath+0x31d/0x5e0 [ 831.280239] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 831.285245] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 831.290081] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 831.295263] RIP: 0033:0x456959 [ 831.298457] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 831.317351] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 831.325635] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 831.332905] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 831.340172] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 831.347428] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 17:31:13 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:13 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:13 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(0x0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:13 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x4305000000000000]}) 17:31:13 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900060000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:13 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xa0ffffff}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xc, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 831.354683] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 831.386132] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 831.397203] sysfs: cannot create duplicate filename '/class/ieee80211/!' 17:31:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xffff88018715f2d8, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xbf, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 831.404218] CPU: 1 PID: 7942 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 831.412647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 831.422016] Call Trace: [ 831.424634] dump_stack+0x1c9/0x2b4 [ 831.428374] ? dump_stack_print_info.cold.2+0x52/0x52 [ 831.433593] ? trace_hardirqs_on+0xd/0x10 [ 831.437772] sysfs_warn_dup.cold.3+0x1c/0x2b [ 831.442210] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 831.447595] sysfs_create_link+0x65/0xc0 [ 831.451681] device_add+0x5d0/0x17b0 17:31:13 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, &(0x7f0000000040)) [ 831.456565] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 831.461085] ? genl_family_rcv_msg+0x8a3/0x1140 [ 831.465779] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 831.470915] ? do_syscall_64+0x1b9/0x820 [ 831.475013] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 831.480241] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.485797] wiphy_register+0x1a21/0x2740 [ 831.489971] ? wiphy_unregister+0x12c0/0x12c0 [ 831.494482] ? kasan_unpoison_shadow+0x35/0x50 [ 831.499087] ? kasan_kmalloc+0xc4/0xe0 [ 831.503005] ? __kmalloc+0x315/0x760 17:31:13 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 831.506752] ? __lockdep_init_map+0x105/0x590 [ 831.511265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.516816] ? ieee80211_cs_list_valid+0x7c/0x440 [ 831.521671] ? ieee80211_register_hw+0xc61/0x3890 [ 831.526534] ieee80211_register_hw+0x146b/0x3890 [ 831.531320] ? init_timer_on_stack_key+0x31/0xe0 [ 831.536100] ? ieee80211_free_ack_frame+0x60/0x60 [ 831.540975] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 831.546032] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 17:31:13 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 831.552216] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 831.557784] ? vsnprintf+0x20d/0x1b60 [ 831.561601] ? pointer+0x990/0x990 [ 831.565151] ? check_same_owner+0x340/0x340 [ 831.569510] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 831.574550] ? kvasprintf+0xea/0x140 [ 831.578278] ? bust_spinlocks+0xe0/0xe0 [ 831.582266] ? kasprintf+0xab/0xe0 [ 831.585812] ? kvasprintf_const+0x190/0x190 [ 831.590185] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 831.595827] hwsim_new_radio_nl+0x7c0/0xa80 [ 831.600186] ? nla_parse+0x32b/0x4e0 17:31:13 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:13 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 831.604030] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 831.609233] ? __netlink_ns_capable+0x100/0x130 [ 831.613918] genl_family_rcv_msg+0x8a3/0x1140 [ 831.618445] ? genl_unregister_family+0x8b0/0x8b0 [ 831.623296] ? netlink_deliver_tap+0x32d/0xfb0 [ 831.627893] ? lock_downgrade+0x8f0/0x8f0 [ 831.632339] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 831.637377] ? lock_release+0xa30/0xa30 [ 831.641370] ? __netlink_lookup+0x5e1/0xab0 [ 831.645699] ? lock_acquire+0x1e4/0x540 [ 831.649682] ? genl_rcv+0x19/0x40 [ 831.653149] genl_rcv_msg+0xc6/0x168 [ 831.656880] netlink_rcv_skb+0x172/0x440 [ 831.660948] ? genl_family_rcv_msg+0x1140/0x1140 [ 831.665713] ? netlink_ack+0xbe0/0xbe0 [ 831.669615] genl_rcv+0x28/0x40 [ 831.672904] netlink_unicast+0x5a0/0x760 [ 831.676971] ? netlink_attachskb+0x9a0/0x9a0 [ 831.681372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.686897] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 831.691900] netlink_sendmsg+0xa18/0xfc0 [ 831.695967] ? netlink_unicast+0x760/0x760 [ 831.700193] ? move_addr_to_kernel.part.20+0x100/0x100 [ 831.705462] ? security_socket_sendmsg+0x94/0xc0 [ 831.710214] ? netlink_unicast+0x760/0x760 [ 831.714445] sock_sendmsg+0xd5/0x120 [ 831.718170] ___sys_sendmsg+0x7fd/0x930 [ 831.722161] ? copy_msghdr_from_user+0x580/0x580 [ 831.726918] ? __sched_text_start+0x8/0x8 [ 831.731075] ? __fget_light+0x2f7/0x440 [ 831.735038] ? fget_raw+0x20/0x20 [ 831.738492] ? __fd_install+0x2db/0x880 [ 831.742462] ? get_unused_fd_flags+0x1a0/0x1a0 [ 831.747034] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 831.752568] ? sockfd_lookup_light+0xc5/0x160 [ 831.757050] __sys_sendmsg+0x11d/0x290 [ 831.760947] ? __ia32_sys_shutdown+0x80/0x80 [ 831.765350] ? __x64_sys_futex+0x47f/0x6a0 [ 831.769581] ? fd_install+0x4d/0x60 [ 831.773219] ? syscall_slow_exit_work+0x500/0x500 [ 831.778084] ? ksys_ioctl+0x81/0xd0 [ 831.781713] __x64_sys_sendmsg+0x78/0xb0 [ 831.785773] do_syscall_64+0x1b9/0x820 [ 831.789662] ? finish_task_switch+0x1d3/0x870 [ 831.794161] ? syscall_return_slowpath+0x5e0/0x5e0 [ 831.800137] ? syscall_return_slowpath+0x31d/0x5e0 [ 831.805066] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 831.810090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 831.814934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 831.820109] RIP: 0033:0x456959 [ 831.823298] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 831.842200] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 831.849921] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 17:31:13 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:13 executing program 1: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:13 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x200000000000000]}) 17:31:13 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900140000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 831.857280] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 831.864546] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 831.871810] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 831.879183] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 831.889205] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 831.985229] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 831.992211] CPU: 0 PID: 7956 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 832.000670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 832.010031] Call Trace: [ 832.012623] dump_stack+0x1c9/0x2b4 [ 832.016267] ? dump_stack_print_info.cold.2+0x52/0x52 [ 832.021483] ? trace_hardirqs_on+0xd/0x10 [ 832.025661] sysfs_warn_dup.cold.3+0x1c/0x2b [ 832.030100] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:31:13 executing program 1: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:13 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:13 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffffb0}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 832.035480] sysfs_create_link+0x65/0xc0 [ 832.039560] device_add+0x5d0/0x17b0 [ 832.043293] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 832.047905] ? genl_family_rcv_msg+0x8a3/0x1140 [ 832.052612] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 832.057824] ? do_syscall_64+0x1b9/0x820 [ 832.061995] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 832.067208] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.072773] wiphy_register+0x1a21/0x2740 [ 832.076974] ? wiphy_unregister+0x12c0/0x12c0 17:31:13 executing program 1: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 832.081505] ? kasan_unpoison_shadow+0x35/0x50 [ 832.086122] ? kasan_kmalloc+0xc4/0xe0 [ 832.090036] ? __kmalloc+0x315/0x760 [ 832.093761] ? __lockdep_init_map+0x105/0x590 [ 832.098271] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.103833] ? ieee80211_cs_list_valid+0x7c/0x440 [ 832.108694] ? ieee80211_register_hw+0xc61/0x3890 [ 832.113560] ieee80211_register_hw+0x146b/0x3890 [ 832.118342] ? init_timer_on_stack_key+0x31/0xe0 [ 832.123118] ? ieee80211_free_ack_frame+0x60/0x60 [ 832.127983] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 832.133028] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 832.139202] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 832.144758] ? vsnprintf+0x20d/0x1b60 [ 832.148666] ? pointer+0x990/0x990 [ 832.152229] ? do_raw_spin_unlock+0xa7/0x2f0 [ 832.156659] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 832.161684] ? kvasprintf+0xea/0x140 [ 832.165402] ? bust_spinlocks+0xe0/0xe0 [ 832.169393] ? kasprintf+0xab/0xe0 [ 832.172938] ? kvasprintf_const+0x190/0x190 [ 832.177267] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 832.182819] hwsim_new_radio_nl+0x7c0/0xa80 [ 832.187146] ? nla_parse+0x32b/0x4e0 [ 832.190868] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 832.196073] ? __netlink_ns_capable+0x100/0x130 [ 832.200778] genl_family_rcv_msg+0x8a3/0x1140 [ 832.205322] ? genl_unregister_family+0x8b0/0x8b0 [ 832.210195] ? netlink_deliver_tap+0x32d/0xfb0 [ 832.214794] ? lock_downgrade+0x8f0/0x8f0 [ 832.218959] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 832.224090] ? lock_release+0xa30/0xa30 [ 832.228057] ? lock_acquire+0x1e4/0x540 [ 832.232032] ? genl_rcv+0x19/0x40 [ 832.235495] genl_rcv_msg+0xc6/0x168 [ 832.239226] netlink_rcv_skb+0x172/0x440 [ 832.243275] ? genl_family_rcv_msg+0x1140/0x1140 [ 832.248021] ? netlink_ack+0xbe0/0xbe0 [ 832.251912] genl_rcv+0x28/0x40 [ 832.255181] netlink_unicast+0x5a0/0x760 [ 832.259231] ? netlink_attachskb+0x9a0/0x9a0 [ 832.263636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.269181] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 832.274191] netlink_sendmsg+0xa18/0xfc0 [ 832.278261] ? netlink_unicast+0x760/0x760 [ 832.282521] ? move_addr_to_kernel.part.20+0x100/0x100 [ 832.287786] ? security_socket_sendmsg+0x94/0xc0 [ 832.292539] ? netlink_unicast+0x760/0x760 [ 832.296771] sock_sendmsg+0xd5/0x120 [ 832.300482] ___sys_sendmsg+0x7fd/0x930 [ 832.304537] ? copy_msghdr_from_user+0x580/0x580 [ 832.309286] ? __sched_text_start+0x8/0x8 [ 832.313427] ? __fget_light+0x2f7/0x440 [ 832.317398] ? fget_raw+0x20/0x20 [ 832.320841] ? __fd_install+0x2db/0x880 [ 832.324800] ? get_unused_fd_flags+0x1a0/0x1a0 [ 832.329373] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 832.334987] ? sockfd_lookup_light+0xc5/0x160 [ 832.339482] __sys_sendmsg+0x11d/0x290 [ 832.343360] ? __ia32_sys_shutdown+0x80/0x80 [ 832.347759] ? __x64_sys_futex+0x47f/0x6a0 [ 832.351981] ? fd_install+0x4d/0x60 [ 832.355600] ? syscall_slow_exit_work+0x500/0x500 [ 832.360431] ? ksys_ioctl+0x81/0xd0 [ 832.364064] __x64_sys_sendmsg+0x78/0xb0 [ 832.369411] do_syscall_64+0x1b9/0x820 [ 832.375677] ? finish_task_switch+0x1d3/0x870 [ 832.380214] ? syscall_return_slowpath+0x5e0/0x5e0 17:31:14 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, &(0x7f0000000040)) [ 832.385132] ? syscall_return_slowpath+0x31d/0x5e0 [ 832.390053] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 832.395068] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 832.399907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 832.405082] RIP: 0033:0x456959 [ 832.408262] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 832.427162] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 832.434883] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 832.442194] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 832.449478] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 832.456754] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 832.464023] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 832.476702] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:31:14 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 832.502022] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 832.508972] CPU: 0 PID: 7984 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 832.517395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 832.526759] Call Trace: [ 832.529392] dump_stack+0x1c9/0x2b4 [ 832.533038] ? dump_stack_print_info.cold.2+0x52/0x52 [ 832.538250] ? trace_hardirqs_on+0xd/0x10 [ 832.542432] sysfs_warn_dup.cold.3+0x1c/0x2b [ 832.546858] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 832.552235] sysfs_create_link+0x65/0xc0 [ 832.556315] device_add+0x5d0/0x17b0 [ 832.560042] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 832.564549] ? genl_family_rcv_msg+0x8a3/0x1140 [ 832.569238] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 832.574355] ? do_syscall_64+0x1b9/0x820 [ 832.578429] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 832.583627] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.589181] wiphy_register+0x1a21/0x2740 [ 832.593365] ? wiphy_unregister+0x12c0/0x12c0 [ 832.597882] ? kasan_unpoison_shadow+0x35/0x50 [ 832.602472] ? kasan_kmalloc+0xc4/0xe0 [ 832.606403] ? __kmalloc+0x315/0x760 [ 832.610122] ? __lockdep_init_map+0x105/0x590 [ 832.614618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.620150] ? ieee80211_cs_list_valid+0x7c/0x440 [ 832.625686] ? ieee80211_register_hw+0xc61/0x3890 [ 832.630523] ieee80211_register_hw+0x146b/0x3890 [ 832.635284] ? init_timer_on_stack_key+0x31/0xe0 [ 832.640046] ? ieee80211_free_ack_frame+0x60/0x60 [ 832.644884] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 832.649898] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 832.656037] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 832.661567] ? vsnprintf+0x20d/0x1b60 [ 832.665354] ? pointer+0x990/0x990 [ 832.668883] ? do_raw_spin_unlock+0xa7/0x2f0 [ 832.673279] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 832.678281] ? kvasprintf+0xea/0x140 [ 832.681982] ? bust_spinlocks+0xe0/0xe0 [ 832.685942] ? kasprintf+0xab/0xe0 [ 832.689476] ? kvasprintf_const+0x190/0x190 [ 832.693788] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 832.699336] hwsim_new_radio_nl+0x7c0/0xa80 [ 832.703743] ? nla_parse+0x32b/0x4e0 [ 832.707446] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 832.712633] ? __netlink_ns_capable+0x100/0x130 [ 832.717293] genl_family_rcv_msg+0x8a3/0x1140 [ 832.721790] ? genl_unregister_family+0x8b0/0x8b0 [ 832.726635] ? netlink_deliver_tap+0x32d/0xfb0 [ 832.731223] ? lock_downgrade+0x8f0/0x8f0 [ 832.735371] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 832.740379] ? lock_release+0xa30/0xa30 [ 832.744358] ? lock_acquire+0x1e4/0x540 [ 832.748333] ? genl_rcv+0x19/0x40 [ 832.751785] genl_rcv_msg+0xc6/0x168 [ 832.755487] netlink_rcv_skb+0x172/0x440 [ 832.759536] ? genl_family_rcv_msg+0x1140/0x1140 [ 832.764288] ? netlink_ack+0xbe0/0xbe0 [ 832.768169] genl_rcv+0x28/0x40 [ 832.771429] netlink_unicast+0x5a0/0x760 [ 832.775475] ? netlink_attachskb+0x9a0/0x9a0 [ 832.779868] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.785391] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 832.790402] netlink_sendmsg+0xa18/0xfc0 [ 832.794459] ? netlink_unicast+0x760/0x760 [ 832.798682] ? move_addr_to_kernel.part.20+0x100/0x100 [ 832.803948] ? security_socket_sendmsg+0x94/0xc0 [ 832.808690] ? netlink_unicast+0x760/0x760 [ 832.812915] sock_sendmsg+0xd5/0x120 [ 832.816619] ___sys_sendmsg+0x7fd/0x930 [ 832.820594] ? copy_msghdr_from_user+0x580/0x580 [ 832.825357] ? lock_acquire+0x1e4/0x540 [ 832.829417] ? __fd_install+0x2b2/0x880 [ 832.833397] ? lock_downgrade+0x8f0/0x8f0 [ 832.837531] ? select_collect+0x610/0x610 [ 832.841756] ? __fget_light+0x2f7/0x440 [ 832.845721] ? fget_raw+0x20/0x20 [ 832.849180] ? __fd_install+0x2db/0x880 [ 832.853147] ? get_unused_fd_flags+0x1a0/0x1a0 [ 832.857734] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 832.863278] ? sockfd_lookup_light+0xc5/0x160 [ 832.867762] __sys_sendmsg+0x11d/0x290 [ 832.871638] ? __ia32_sys_shutdown+0x80/0x80 [ 832.876044] ? __x64_sys_futex+0x47f/0x6a0 [ 832.880277] ? fd_install+0x4d/0x60 [ 832.883899] ? ksys_ioctl+0x81/0xd0 [ 832.887514] __x64_sys_sendmsg+0x78/0xb0 [ 832.891560] do_syscall_64+0x1b9/0x820 [ 832.895442] ? finish_task_switch+0x1d3/0x870 [ 832.899931] ? syscall_return_slowpath+0x5e0/0x5e0 [ 832.904846] ? syscall_return_slowpath+0x31d/0x5e0 [ 832.909773] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 832.914777] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 832.919660] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 832.924837] RIP: 0033:0x456959 [ 832.928015] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 832.946908] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 832.954615] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 832.961967] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 832.969232] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 832.976496] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 832.983752] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:14 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163c8, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:14 executing program 1: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:14 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x3c00000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:14 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:14 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x43050000]}) 17:31:14 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050000000800000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:14 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc8070031") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:14 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc8070031") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:14 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x800e0000]}) [ 833.108859] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 833.108955] IPv6: Can't replace route, no match found 17:31:15 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000019000500000000000000dcdc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 833.175243] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 833.182209] CPU: 1 PID: 8029 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 833.190628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 833.199998] Call Trace: [ 833.202608] dump_stack+0x1c9/0x2b4 [ 833.206252] ? dump_stack_print_info.cold.2+0x52/0x52 [ 833.211442] ? trace_hardirqs_on+0xd/0x10 [ 833.215604] sysfs_warn_dup.cold.3+0x1c/0x2b [ 833.220016] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:31:15 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163cd, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 833.225379] sysfs_create_link+0x65/0xc0 [ 833.229537] device_add+0x5d0/0x17b0 [ 833.233252] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 833.237752] ? genl_family_rcv_msg+0x8a3/0x1140 [ 833.242422] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 833.247514] ? do_syscall_64+0x1b9/0x820 [ 833.251588] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 833.256773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.262319] wiphy_register+0x1a21/0x2740 [ 833.266499] ? wiphy_unregister+0x12c0/0x12c0 [ 833.271025] ? kasan_unpoison_shadow+0x35/0x50 17:31:15 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x7000000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:15 executing program 1: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 833.275622] ? kasan_kmalloc+0xc4/0xe0 [ 833.279526] ? __kmalloc+0x315/0x760 [ 833.283255] ? __lockdep_init_map+0x105/0x590 [ 833.287770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.293323] ? ieee80211_cs_list_valid+0x7c/0x440 [ 833.298177] ? ieee80211_register_hw+0xc61/0x3890 [ 833.303032] ieee80211_register_hw+0x146b/0x3890 [ 833.307813] ? init_timer_on_stack_key+0x31/0xe0 [ 833.312590] ? ieee80211_free_ack_frame+0x60/0x60 [ 833.317452] mac80211_hwsim_new_radio+0x1e55/0x3490 17:31:15 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) [ 833.322495] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 833.328658] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 833.334202] ? vsnprintf+0x20d/0x1b60 [ 833.338088] ? pointer+0x990/0x990 [ 833.341615] ? check_same_owner+0x340/0x340 [ 833.345936] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 833.350949] ? kvasprintf+0xea/0x140 [ 833.354655] ? bust_spinlocks+0xe0/0xe0 [ 833.358641] ? kasprintf+0xab/0xe0 [ 833.362185] ? kvasprintf_const+0x190/0x190 [ 833.366518] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 833.372066] hwsim_new_radio_nl+0x7c0/0xa80 [ 833.376395] ? nla_parse+0x32b/0x4e0 [ 833.380115] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 833.385316] ? __netlink_ns_capable+0x100/0x130 [ 833.389999] genl_family_rcv_msg+0x8a3/0x1140 [ 833.394503] ? genl_unregister_family+0x8b0/0x8b0 [ 833.399335] ? netlink_deliver_tap+0x32d/0xfb0 [ 833.403933] ? lock_downgrade+0x8f0/0x8f0 [ 833.408095] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 833.413111] ? lock_release+0xa30/0xa30 [ 833.417075] ? __netlink_lookup+0x5e1/0xab0 [ 833.421384] ? lock_acquire+0x1e4/0x540 [ 833.425353] ? genl_rcv+0x19/0x40 [ 833.428806] genl_rcv_msg+0xc6/0x168 [ 833.432517] netlink_rcv_skb+0x172/0x440 [ 833.436658] ? genl_family_rcv_msg+0x1140/0x1140 [ 833.441399] ? netlink_ack+0xbe0/0xbe0 [ 833.445286] genl_rcv+0x28/0x40 [ 833.448563] netlink_unicast+0x5a0/0x760 [ 833.452612] ? netlink_attachskb+0x9a0/0x9a0 [ 833.457911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.463533] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 833.468549] netlink_sendmsg+0xa18/0xfc0 [ 833.472604] ? netlink_unicast+0x760/0x760 [ 833.476836] ? move_addr_to_kernel.part.20+0x100/0x100 [ 833.482116] ? security_socket_sendmsg+0x94/0xc0 [ 833.486861] ? netlink_unicast+0x760/0x760 [ 833.491104] sock_sendmsg+0xd5/0x120 [ 833.494810] ___sys_sendmsg+0x7fd/0x930 [ 833.498781] ? copy_msghdr_from_user+0x580/0x580 [ 833.503537] ? lock_acquire+0x1e4/0x540 [ 833.507506] ? __fd_install+0x2b2/0x880 [ 833.511466] ? lock_downgrade+0x8f0/0x8f0 [ 833.515606] ? select_collect+0x610/0x610 [ 833.519755] ? __fget_light+0x2f7/0x440 [ 833.523727] ? fget_raw+0x20/0x20 [ 833.527185] ? __fd_install+0x2db/0x880 [ 833.531145] ? get_unused_fd_flags+0x1a0/0x1a0 [ 833.535746] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 833.541275] ? sockfd_lookup_light+0xc5/0x160 [ 833.545764] __sys_sendmsg+0x11d/0x290 [ 833.549641] ? __ia32_sys_shutdown+0x80/0x80 [ 833.554037] ? __x64_sys_futex+0x47f/0x6a0 [ 833.558259] ? fd_install+0x4d/0x60 [ 833.561881] ? ksys_ioctl+0x81/0xd0 [ 833.565512] __x64_sys_sendmsg+0x78/0xb0 [ 833.569580] do_syscall_64+0x1b9/0x820 [ 833.573464] ? finish_task_switch+0x1d3/0x870 [ 833.577965] ? syscall_return_slowpath+0x5e0/0x5e0 [ 833.582898] ? syscall_return_slowpath+0x31d/0x5e0 [ 833.587827] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 833.592834] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 833.597670] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 833.602857] RIP: 0033:0x456959 [ 833.606047] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 833.624938] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 833.632644] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 833.639921] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 833.647175] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 833.654444] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 833.661701] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 833.675814] IPv6: Can't replace route, no match found 17:31:15 executing program 1: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:15 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc8070031") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:15 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xffffff84]}) 17:31:15 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900052c00000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:15 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xffff88018715f578, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 833.722149] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 833.818491] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 833.825454] CPU: 1 PID: 8029 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 833.833876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 833.843247] Call Trace: [ 833.845867] dump_stack+0x1c9/0x2b4 [ 833.849524] ? dump_stack_print_info.cold.2+0x52/0x52 [ 833.854724] ? trace_hardirqs_on+0xd/0x10 [ 833.858909] sysfs_warn_dup.cold.3+0x1c/0x2b [ 833.863329] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 833.868700] sysfs_create_link+0x65/0xc0 [ 833.872769] device_add+0x5d0/0x17b0 [ 833.876496] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 833.881008] ? genl_family_rcv_msg+0x8a3/0x1140 [ 833.885701] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 833.890824] ? do_syscall_64+0x1b9/0x820 [ 833.894908] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 833.900115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.905767] wiphy_register+0x1a21/0x2740 [ 833.909953] ? wiphy_unregister+0x12c0/0x12c0 [ 833.914480] ? kasan_unpoison_shadow+0x35/0x50 [ 833.919101] ? kasan_kmalloc+0xc4/0xe0 [ 833.923013] ? __kmalloc+0x315/0x760 [ 833.926752] ? __lockdep_init_map+0x105/0x590 [ 833.931268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 833.936829] ? ieee80211_cs_list_valid+0x7c/0x440 [ 833.941704] ? ieee80211_register_hw+0xc61/0x3890 [ 833.946593] ieee80211_register_hw+0x146b/0x3890 [ 833.951421] ? ieee80211_free_ack_frame+0x60/0x60 [ 833.956294] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 833.961339] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 833.967496] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 833.973028] ? vsnprintf+0x20d/0x1b60 [ 833.976837] ? pointer+0x990/0x990 [ 833.980387] ? check_same_owner+0x340/0x340 [ 833.984703] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 833.989731] ? kvasprintf+0xea/0x140 [ 833.993449] ? bust_spinlocks+0xe0/0xe0 [ 833.997448] ? kasprintf+0xab/0xe0 [ 834.001002] ? kvasprintf_const+0x190/0x190 [ 834.005315] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 834.010844] hwsim_new_radio_nl+0x7c0/0xa80 [ 834.015175] ? nla_parse+0x32b/0x4e0 [ 834.018875] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 834.024062] ? __netlink_ns_capable+0x100/0x130 [ 834.028723] genl_family_rcv_msg+0x8a3/0x1140 [ 834.033215] ? genl_unregister_family+0x8b0/0x8b0 [ 834.038051] ? netlink_deliver_tap+0x32d/0xfb0 [ 834.042655] ? lock_downgrade+0x8f0/0x8f0 [ 834.046794] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 834.051813] ? lock_release+0xa30/0xa30 [ 834.055781] ? __netlink_lookup+0x5e1/0xab0 [ 834.060090] ? lock_acquire+0x1e4/0x540 [ 834.064058] ? genl_rcv+0x19/0x40 [ 834.067508] genl_rcv_msg+0xc6/0x168 [ 834.071226] netlink_rcv_skb+0x172/0x440 [ 834.075273] ? genl_family_rcv_msg+0x1140/0x1140 [ 834.080028] ? netlink_ack+0xbe0/0xbe0 [ 834.083900] genl_rcv+0x28/0x40 [ 834.087165] netlink_unicast+0x5a0/0x760 [ 834.091222] ? netlink_attachskb+0x9a0/0x9a0 [ 834.095622] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.101152] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 834.106155] netlink_sendmsg+0xa18/0xfc0 [ 834.110218] ? netlink_unicast+0x760/0x760 [ 834.114437] ? move_addr_to_kernel.part.20+0x100/0x100 [ 834.119700] ? security_socket_sendmsg+0x94/0xc0 [ 834.124445] ? netlink_unicast+0x760/0x760 [ 834.128950] sock_sendmsg+0xd5/0x120 [ 834.132657] ___sys_sendmsg+0x7fd/0x930 [ 834.136618] ? copy_msghdr_from_user+0x580/0x580 [ 834.141559] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 834.146746] ? __fget_light+0x2f7/0x440 [ 834.150705] ? fget_raw+0x20/0x20 [ 834.154159] ? __fd_install+0x2db/0x880 [ 834.158121] ? dlci_ioctl_set+0x40/0x40 [ 834.162102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.167649] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 834.173176] ? sockfd_lookup_light+0xc5/0x160 [ 834.177658] __sys_sendmsg+0x11d/0x290 [ 834.181540] ? __ia32_sys_shutdown+0x80/0x80 [ 834.185956] ? __x64_sys_futex+0x47f/0x6a0 [ 834.190185] ? fd_install+0x4d/0x60 [ 834.193812] ? ksys_ioctl+0x81/0xd0 [ 834.197437] __x64_sys_sendmsg+0x78/0xb0 [ 834.201508] do_syscall_64+0x1b9/0x820 [ 834.205387] ? finish_task_switch+0x1d3/0x870 [ 834.209880] ? syscall_return_slowpath+0x5e0/0x5e0 [ 834.214795] ? syscall_return_slowpath+0x31d/0x5e0 [ 834.219729] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 834.224747] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 834.229588] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 834.234770] RIP: 0033:0x456959 [ 834.238045] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 834.257030] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:31:16 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000019000500f0ffff00000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:16 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x7000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:16 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x60]}) 17:31:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xb1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:16 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:16 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:16 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f8571") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:16 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) [ 834.264743] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 834.272020] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 834.279285] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 834.286539] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 834.293804] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 834.351292] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 834.378693] IPv6: Can't replace route, no match found 17:31:16 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x800000000000000]}) 17:31:16 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f8571") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:16 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x3}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 834.401282] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 834.408249] CPU: 1 PID: 8091 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 834.416657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 834.426017] Call Trace: [ 834.428636] dump_stack+0x1c9/0x2b4 [ 834.432298] ? dump_stack_print_info.cold.2+0x52/0x52 [ 834.437515] ? trace_hardirqs_on+0xd/0x10 [ 834.441689] sysfs_warn_dup.cold.3+0x1c/0x2b [ 834.446120] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 834.451507] sysfs_create_link+0x65/0xc0 [ 834.455583] device_add+0x5d0/0x17b0 [ 834.459316] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 834.463832] ? genl_family_rcv_msg+0x8a3/0x1140 [ 834.468524] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 834.473648] ? do_syscall_64+0x1b9/0x820 [ 834.477735] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 834.482949] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.488510] wiphy_register+0x1a21/0x2740 [ 834.492674] ? wiphy_unregister+0x12c0/0x12c0 [ 834.497184] ? kasan_unpoison_shadow+0x35/0x50 17:31:16 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 834.501787] ? kasan_kmalloc+0xc4/0xe0 [ 834.505788] ? __kmalloc+0x315/0x760 [ 834.509539] ? __lockdep_init_map+0x105/0x590 [ 834.514071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.519647] ? ieee80211_cs_list_valid+0x7c/0x440 [ 834.524508] ? ieee80211_register_hw+0xc61/0x3890 [ 834.529452] ieee80211_register_hw+0x146b/0x3890 [ 834.534222] ? init_timer_on_stack_key+0x31/0xe0 [ 834.538995] ? ieee80211_free_ack_frame+0x60/0x60 [ 834.543947] mac80211_hwsim_new_radio+0x1e55/0x3490 17:31:16 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050000000000000060dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 834.548989] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 834.555152] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 834.560704] ? vsnprintf+0x20d/0x1b60 [ 834.564517] ? pointer+0x990/0x990 [ 834.568063] ? check_same_owner+0x340/0x340 [ 834.572394] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 834.577440] ? kvasprintf+0xea/0x140 [ 834.581188] ? bust_spinlocks+0xe0/0xe0 [ 834.585179] ? kasprintf+0xab/0xe0 [ 834.588727] ? kvasprintf_const+0x190/0x190 [ 834.593063] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 17:31:16 executing program 1: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 834.598639] hwsim_new_radio_nl+0x7c0/0xa80 [ 834.603057] ? nla_parse+0x32b/0x4e0 [ 834.606780] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 834.611981] ? __netlink_ns_capable+0x100/0x130 [ 834.616661] genl_family_rcv_msg+0x8a3/0x1140 [ 834.621166] ? genl_unregister_family+0x8b0/0x8b0 [ 834.626015] ? netlink_deliver_tap+0x32d/0xfb0 [ 834.630614] ? lock_downgrade+0x8f0/0x8f0 [ 834.634766] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 834.639999] ? lock_release+0xa30/0xa30 [ 834.643984] ? __netlink_lookup+0x5e1/0xab0 [ 834.648319] ? lock_acquire+0x1e4/0x540 [ 834.652291] ? genl_rcv+0x19/0x40 [ 834.655745] genl_rcv_msg+0xc6/0x168 [ 834.659452] netlink_rcv_skb+0x172/0x440 [ 834.663590] ? genl_family_rcv_msg+0x1140/0x1140 [ 834.668339] ? netlink_ack+0xbe0/0xbe0 [ 834.672226] genl_rcv+0x28/0x40 [ 834.675524] netlink_unicast+0x5a0/0x760 [ 834.679597] ? netlink_attachskb+0x9a0/0x9a0 [ 834.683999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 834.689535] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 834.694557] netlink_sendmsg+0xa18/0xfc0 [ 834.698640] ? netlink_unicast+0x760/0x760 [ 834.702873] ? move_addr_to_kernel.part.20+0x100/0x100 [ 834.708167] ? security_socket_sendmsg+0x94/0xc0 [ 834.712924] ? netlink_unicast+0x760/0x760 [ 834.717151] sock_sendmsg+0xd5/0x120 [ 834.720859] ___sys_sendmsg+0x7fd/0x930 [ 834.724832] ? copy_msghdr_from_user+0x580/0x580 [ 834.729596] ? __sched_text_start+0x8/0x8 [ 834.733751] ? __fget_light+0x2f7/0x440 [ 834.737729] ? fget_raw+0x20/0x20 [ 834.741210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 834.745961] ? retint_kernel+0x10/0x10 [ 834.749862] __sys_sendmsg+0x11d/0x290 [ 834.753759] ? __ia32_sys_shutdown+0x80/0x80 [ 834.758159] ? __x64_sys_futex+0x47f/0x6a0 [ 834.762391] ? fd_install+0x4d/0x60 [ 834.766016] ? syscall_slow_exit_work+0x500/0x500 [ 834.770856] ? ksys_ioctl+0x81/0xd0 [ 834.774483] __x64_sys_sendmsg+0x78/0xb0 [ 834.778536] do_syscall_64+0x1b9/0x820 [ 834.782424] ? finish_task_switch+0x1d3/0x870 [ 834.786909] ? syscall_return_slowpath+0x5e0/0x5e0 [ 834.791839] ? syscall_return_slowpath+0x31d/0x5e0 [ 834.796758] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 834.801768] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 834.806609] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 834.811793] RIP: 0033:0x456959 [ 834.814971] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 834.833874] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 834.841586] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 834.848868] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 834.856128] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 834.863392] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 834.870651] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 834.880518] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 834.897309] IPv6: Can't replace route, no match found [ 834.915993] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 834.922931] CPU: 0 PID: 8103 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 834.931423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 834.940810] Call Trace: [ 834.943423] dump_stack+0x1c9/0x2b4 [ 834.947079] ? dump_stack_print_info.cold.2+0x52/0x52 [ 834.952315] ? trace_hardirqs_on+0xd/0x10 [ 834.956493] sysfs_warn_dup.cold.3+0x1c/0x2b [ 834.960921] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 834.966307] sysfs_create_link+0x65/0xc0 [ 834.970390] device_add+0x5d0/0x17b0 [ 834.974150] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 834.978659] ? genl_family_rcv_msg+0x8a3/0x1140 [ 834.983435] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 834.988571] ? do_syscall_64+0x1b9/0x820 [ 834.992664] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 834.997870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.003440] wiphy_register+0x1a21/0x2740 [ 835.007610] ? wiphy_unregister+0x12c0/0x12c0 [ 835.012205] ? kasan_unpoison_shadow+0x35/0x50 17:31:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163d2, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:16 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x40000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:16 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005000000000000c0fedc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:16 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f8571") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:16 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x800e000000000000]}) 17:31:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xffff8801b7597118, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xb7, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 835.016804] ? kasan_kmalloc+0xc4/0xe0 [ 835.020710] ? __kmalloc+0x315/0x760 [ 835.024443] ? __lockdep_init_map+0x105/0x590 [ 835.029743] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.035300] ? ieee80211_cs_list_valid+0x7c/0x440 [ 835.040179] ? ieee80211_register_hw+0xc61/0x3890 [ 835.045043] ieee80211_register_hw+0x146b/0x3890 [ 835.049935] ? init_timer_on_stack_key+0x31/0xe0 [ 835.054715] ? ieee80211_free_ack_frame+0x60/0x60 [ 835.059589] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 835.064722] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 835.070917] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 835.076471] ? vsnprintf+0x20d/0x1b60 [ 835.080315] ? pointer+0x990/0x990 [ 835.083880] ? do_raw_spin_unlock+0xa7/0x2f0 [ 835.088304] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 835.093338] ? kvasprintf+0xea/0x140 [ 835.097111] ? bust_spinlocks+0xe0/0xe0 [ 835.101115] ? kasprintf+0xab/0xe0 [ 835.104660] ? kvasprintf_const+0x190/0x190 [ 835.109867] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 835.115421] hwsim_new_radio_nl+0x7c0/0xa80 [ 835.119759] ? nla_parse+0x32b/0x4e0 [ 835.123483] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 835.128687] ? __netlink_ns_capable+0x100/0x130 [ 835.133373] genl_family_rcv_msg+0x8a3/0x1140 [ 835.137897] ? genl_unregister_family+0x8b0/0x8b0 [ 835.142756] ? netlink_deliver_tap+0x32d/0xfb0 [ 835.147338] ? lock_downgrade+0x8f0/0x8f0 [ 835.151484] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 835.156495] ? lock_release+0xa30/0xa30 [ 835.160482] ? lock_acquire+0x1e4/0x540 [ 835.164453] ? genl_rcv+0x19/0x40 [ 835.168078] genl_rcv_msg+0xc6/0x168 [ 835.171781] netlink_rcv_skb+0x172/0x440 [ 835.175842] ? genl_family_rcv_msg+0x1140/0x1140 [ 835.180585] ? netlink_ack+0xbe0/0xbe0 [ 835.184464] genl_rcv+0x28/0x40 [ 835.187736] netlink_unicast+0x5a0/0x760 [ 835.191787] ? netlink_attachskb+0x9a0/0x9a0 [ 835.196182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.201705] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 835.206721] netlink_sendmsg+0xa18/0xfc0 [ 835.210771] ? netlink_unicast+0x760/0x760 [ 835.214993] ? move_addr_to_kernel.part.20+0x100/0x100 [ 835.220256] ? security_socket_sendmsg+0x94/0xc0 [ 835.225005] ? netlink_unicast+0x760/0x760 [ 835.229225] sock_sendmsg+0xd5/0x120 [ 835.232922] ___sys_sendmsg+0x7fd/0x930 [ 835.236901] ? copy_msghdr_from_user+0x580/0x580 [ 835.241659] ? __sched_text_start+0x8/0x8 [ 835.245795] ? __fget_light+0x2f7/0x440 [ 835.249761] ? fget_raw+0x20/0x20 [ 835.253202] ? __fd_install+0x2db/0x880 [ 835.257163] ? get_unused_fd_flags+0x1a0/0x1a0 [ 835.261735] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 835.267255] ? sockfd_lookup_light+0xc5/0x160 [ 835.271747] __sys_sendmsg+0x11d/0x290 [ 835.275621] ? __ia32_sys_shutdown+0x80/0x80 [ 835.280019] ? __x64_sys_futex+0x47f/0x6a0 [ 835.284242] ? fd_install+0x4d/0x60 [ 835.287857] ? syscall_slow_exit_work+0x500/0x500 [ 835.292696] ? ksys_ioctl+0x81/0xd0 [ 835.296323] __x64_sys_sendmsg+0x78/0xb0 [ 835.300400] do_syscall_64+0x1b9/0x820 [ 835.304283] ? finish_task_switch+0x1d3/0x870 [ 835.308764] ? syscall_return_slowpath+0x5e0/0x5e0 [ 835.313688] ? syscall_return_slowpath+0x31d/0x5e0 [ 835.318604] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 835.323618] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 835.328451] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 835.333624] RIP: 0033:0x456959 [ 835.336804] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 835.355775] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 835.363472] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 835.370736] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 835.377996] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 835.385259] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 835.392510] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 835.420201] IPv6: Can't replace route, no match found [ 835.440398] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 835.467160] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 835.474127] CPU: 1 PID: 8149 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 835.482536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 835.491904] Call Trace: [ 835.494523] dump_stack+0x1c9/0x2b4 [ 835.498173] ? dump_stack_print_info.cold.2+0x52/0x52 [ 835.503409] ? trace_hardirqs_on+0xd/0x10 [ 835.507596] sysfs_warn_dup.cold.3+0x1c/0x2b [ 835.512023] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:31:17 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:17 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:17 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:17 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x10000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:17 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x84ffffff00000000]}) 17:31:17 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005ffffff9e00000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:17 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f857140") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 835.517409] sysfs_create_link+0x65/0xc0 [ 835.521501] device_add+0x5d0/0x17b0 [ 835.525253] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 835.529762] ? genl_family_rcv_msg+0x8a3/0x1140 [ 835.534450] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 835.539567] ? do_syscall_64+0x1b9/0x820 [ 835.543644] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 835.548848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.554404] wiphy_register+0x1a21/0x2740 [ 835.558571] ? wiphy_unregister+0x12c0/0x12c0 [ 835.563083] ? kasan_unpoison_shadow+0x35/0x50 17:31:17 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 835.567678] ? kasan_kmalloc+0xc4/0xe0 [ 835.571584] ? __kmalloc+0x315/0x760 [ 835.575326] ? __lockdep_init_map+0x105/0x590 [ 835.579844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.585415] ? ieee80211_cs_list_valid+0x7c/0x440 [ 835.590279] ? ieee80211_register_hw+0xc61/0x3890 [ 835.595144] ieee80211_register_hw+0x146b/0x3890 [ 835.599919] ? init_timer_on_stack_key+0x31/0xe0 [ 835.604698] ? ieee80211_free_ack_frame+0x60/0x60 [ 835.609562] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 835.614602] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 17:31:17 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 835.620766] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 835.626317] ? vsnprintf+0x20d/0x1b60 [ 835.630161] ? pointer+0x990/0x990 [ 835.633710] ? do_raw_spin_unlock+0xa7/0x2f0 [ 835.638130] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 835.643158] ? kvasprintf+0xea/0x140 [ 835.646882] ? bust_spinlocks+0xe0/0xe0 [ 835.650873] ? kasprintf+0xab/0xe0 [ 835.654423] ? kvasprintf_const+0x190/0x190 [ 835.658763] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 835.664311] hwsim_new_radio_nl+0x7c0/0xa80 [ 835.668639] ? nla_parse+0x32b/0x4e0 [ 835.672362] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 835.677553] ? __netlink_ns_capable+0x100/0x130 [ 835.682215] genl_family_rcv_msg+0x8a3/0x1140 [ 835.686699] ? genl_unregister_family+0x8b0/0x8b0 [ 835.691540] ? netlink_deliver_tap+0x32d/0xfb0 [ 835.696114] ? lock_downgrade+0x8f0/0x8f0 [ 835.700249] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 835.705253] ? lock_release+0xa30/0xa30 [ 835.709227] ? lock_acquire+0x1e4/0x540 [ 835.713200] ? genl_rcv+0x19/0x40 [ 835.716702] genl_rcv_msg+0xc6/0x168 [ 835.720414] netlink_rcv_skb+0x172/0x440 [ 835.724472] ? genl_family_rcv_msg+0x1140/0x1140 [ 835.729220] ? netlink_ack+0xbe0/0xbe0 [ 835.733096] genl_rcv+0x28/0x40 [ 835.736373] netlink_unicast+0x5a0/0x760 [ 835.740521] ? netlink_attachskb+0x9a0/0x9a0 [ 835.744927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.750480] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 835.755501] netlink_sendmsg+0xa18/0xfc0 [ 835.759550] ? netlink_unicast+0x760/0x760 [ 835.763777] ? move_addr_to_kernel.part.20+0x100/0x100 [ 835.769043] ? security_socket_sendmsg+0x94/0xc0 [ 835.773784] ? netlink_unicast+0x760/0x760 [ 835.778032] sock_sendmsg+0xd5/0x120 [ 835.781742] ___sys_sendmsg+0x7fd/0x930 [ 835.786574] ? copy_msghdr_from_user+0x580/0x580 [ 835.791368] ? __sched_text_start+0x8/0x8 [ 835.795523] ? __fget_light+0x2f7/0x440 [ 835.799500] ? fget_raw+0x20/0x20 [ 835.802949] ? __fd_install+0x2db/0x880 [ 835.806931] ? get_unused_fd_flags+0x1a0/0x1a0 [ 835.811530] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 835.817072] ? sockfd_lookup_light+0xc5/0x160 [ 835.821558] __sys_sendmsg+0x11d/0x290 [ 835.825434] ? __ia32_sys_shutdown+0x80/0x80 [ 835.829854] ? schedule+0xfb/0x450 [ 835.833391] ? __x64_sys_futex+0x47f/0x6a0 [ 835.837618] ? fd_install+0x4d/0x60 [ 835.841244] ? syscall_slow_exit_work+0x500/0x500 [ 835.846451] ? ksys_ioctl+0x81/0xd0 [ 835.850069] __x64_sys_sendmsg+0x78/0xb0 [ 835.854136] do_syscall_64+0x1b9/0x820 [ 835.858029] ? syscall_slow_exit_work+0x500/0x500 [ 835.862874] ? syscall_return_slowpath+0x5e0/0x5e0 [ 835.867804] ? syscall_return_slowpath+0x31d/0x5e0 [ 835.872743] ? prepare_exit_to_usermode+0x291/0x3b0 [ 835.877753] ? perf_trace_sys_enter+0xb10/0xb10 [ 835.882423] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 835.887348] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 835.892524] RIP: 0033:0x456959 [ 835.895734] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 835.914638] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:31:17 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:17 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x88ffffff]}) 17:31:17 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x3f00000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 835.922335] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 835.929593] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 835.936858] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 835.944298] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 835.951573] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:17 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x800e]}) 17:31:17 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f857140") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 836.029234] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 836.063402] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 836.070360] CPU: 0 PID: 8167 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 836.078900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 836.088272] Call Trace: [ 836.090875] dump_stack+0x1c9/0x2b4 [ 836.094512] ? dump_stack_print_info.cold.2+0x52/0x52 [ 836.099715] ? trace_hardirqs_on+0xd/0x10 [ 836.103888] sysfs_warn_dup.cold.3+0x1c/0x2b [ 836.108314] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 836.113693] sysfs_create_link+0x65/0xc0 [ 836.117779] device_add+0x5d0/0x17b0 [ 836.121508] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 836.126013] ? genl_family_rcv_msg+0x8a3/0x1140 [ 836.130693] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 836.135801] ? do_syscall_64+0x1b9/0x820 [ 836.139871] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 836.145081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.150629] wiphy_register+0x1a21/0x2740 [ 836.154792] ? wiphy_unregister+0x12c0/0x12c0 [ 836.159302] ? kasan_unpoison_shadow+0x35/0x50 [ 836.164005] ? kasan_kmalloc+0xc4/0xe0 [ 836.168083] ? __kmalloc+0x315/0x760 [ 836.171816] ? __lockdep_init_map+0x105/0x590 17:31:18 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:18 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3d, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 836.176358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.181917] ? ieee80211_cs_list_valid+0x7c/0x440 [ 836.186999] ? ieee80211_register_hw+0xc61/0x3890 [ 836.191889] ieee80211_register_hw+0x146b/0x3890 [ 836.196669] ? init_timer_on_stack_key+0x31/0xe0 [ 836.201462] ? ieee80211_free_ack_frame+0x60/0x60 [ 836.206348] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 836.211390] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 836.217563] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 836.224076] ? vsnprintf+0x20d/0x1b60 [ 836.227899] ? pointer+0x990/0x990 [ 836.231455] ? do_raw_spin_unlock+0xa7/0x2f0 [ 836.235912] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 836.240978] ? kvasprintf+0xea/0x140 [ 836.244732] ? bust_spinlocks+0xe0/0xe0 [ 836.248723] ? kasprintf+0xab/0xe0 [ 836.252265] ? kvasprintf_const+0x190/0x190 [ 836.256601] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 836.262161] hwsim_new_radio_nl+0x7c0/0xa80 [ 836.266498] ? nla_parse+0x32b/0x4e0 [ 836.270225] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 836.275408] ? __netlink_ns_capable+0x100/0x130 [ 836.280067] genl_family_rcv_msg+0x8a3/0x1140 [ 836.284565] ? genl_unregister_family+0x8b0/0x8b0 [ 836.289411] ? netlink_deliver_tap+0x32d/0xfb0 [ 836.293991] ? lock_downgrade+0x8f0/0x8f0 [ 836.298138] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 836.303155] ? lock_release+0xa30/0xa30 [ 836.307135] ? lock_acquire+0x1e4/0x540 [ 836.311116] ? genl_rcv+0x19/0x40 [ 836.314572] genl_rcv_msg+0xc6/0x168 [ 836.318331] netlink_rcv_skb+0x172/0x440 [ 836.322387] ? genl_family_rcv_msg+0x1140/0x1140 [ 836.327144] ? netlink_ack+0xbe0/0xbe0 [ 836.331022] genl_rcv+0x28/0x40 [ 836.334288] netlink_unicast+0x5a0/0x760 [ 836.338334] ? netlink_attachskb+0x9a0/0x9a0 [ 836.342842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.348365] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 836.353366] netlink_sendmsg+0xa18/0xfc0 [ 836.357412] ? netlink_unicast+0x760/0x760 [ 836.361632] ? move_addr_to_kernel.part.20+0x100/0x100 [ 836.366896] ? security_socket_sendmsg+0x94/0xc0 [ 836.371647] ? netlink_unicast+0x760/0x760 [ 836.375864] sock_sendmsg+0xd5/0x120 [ 836.379570] ___sys_sendmsg+0x7fd/0x930 [ 836.383530] ? copy_msghdr_from_user+0x580/0x580 [ 836.388274] ? lock_acquire+0x1e4/0x540 [ 836.392415] ? __fd_install+0x2b2/0x880 [ 836.396383] ? lock_downgrade+0x8f0/0x8f0 [ 836.400516] ? select_collect+0x610/0x610 [ 836.404665] ? __fget_light+0x2f7/0x440 [ 836.408632] ? fget_raw+0x20/0x20 [ 836.412072] ? __fd_install+0x2db/0x880 [ 836.416033] ? get_unused_fd_flags+0x1a0/0x1a0 [ 836.420604] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 836.426124] ? sockfd_lookup_light+0xc5/0x160 [ 836.430613] __sys_sendmsg+0x11d/0x290 [ 836.434593] ? __ia32_sys_shutdown+0x80/0x80 [ 836.438997] ? __x64_sys_futex+0x47f/0x6a0 [ 836.443214] ? fd_install+0x4d/0x60 [ 836.446832] ? ksys_ioctl+0x81/0xd0 [ 836.450448] __x64_sys_sendmsg+0x78/0xb0 [ 836.454506] do_syscall_64+0x1b9/0x820 [ 836.458383] ? finish_task_switch+0x1d3/0x870 [ 836.462890] ? syscall_return_slowpath+0x5e0/0x5e0 [ 836.467825] ? syscall_return_slowpath+0x31d/0x5e0 [ 836.472762] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 836.477775] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 836.482613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 836.487792] RIP: 0033:0x456959 [ 836.490996] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 836.509895] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 836.517612] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 836.524883] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 836.532138] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 836.539408] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 836.546669] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 836.557118] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 836.586887] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 836.593955] CPU: 1 PID: 8208 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 836.602388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 836.611769] Call Trace: [ 836.614388] dump_stack+0x1c9/0x2b4 [ 836.618052] ? dump_stack_print_info.cold.2+0x52/0x52 [ 836.623268] ? trace_hardirqs_on+0xd/0x10 [ 836.627466] sysfs_warn_dup.cold.3+0x1c/0x2b [ 836.631904] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 836.637298] sysfs_create_link+0x65/0xc0 [ 836.641389] device_add+0x5d0/0x17b0 [ 836.645139] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 836.649675] ? genl_family_rcv_msg+0x8a3/0x1140 [ 836.654360] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 836.659482] ? do_syscall_64+0x1b9/0x820 [ 836.663558] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 836.668764] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.674334] wiphy_register+0x1a21/0x2740 [ 836.678510] ? wiphy_unregister+0x12c0/0x12c0 [ 836.683026] ? kasan_unpoison_shadow+0x35/0x50 [ 836.687630] ? kasan_kmalloc+0xc4/0xe0 [ 836.691554] ? __kmalloc+0x315/0x760 [ 836.695300] ? __lockdep_init_map+0x105/0x590 [ 836.699798] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.705356] ? ieee80211_cs_list_valid+0x7c/0x440 [ 836.710204] ? ieee80211_register_hw+0xc61/0x3890 [ 836.715042] ieee80211_register_hw+0x146b/0x3890 [ 836.719884] ? init_timer_on_stack_key+0x31/0xe0 [ 836.724632] ? ieee80211_free_ack_frame+0x60/0x60 [ 836.729483] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 836.734673] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 836.740837] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 836.746379] ? vsnprintf+0x20d/0x1b60 [ 836.750170] ? pointer+0x990/0x990 [ 836.753698] ? do_raw_spin_unlock+0xa7/0x2f0 [ 836.758097] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 836.763202] ? kvasprintf+0xea/0x140 [ 836.766911] ? bust_spinlocks+0xe0/0xe0 [ 836.770875] ? kasprintf+0xab/0xe0 [ 836.774431] ? kvasprintf_const+0x190/0x190 [ 836.778769] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 836.784297] hwsim_new_radio_nl+0x7c0/0xa80 [ 836.788607] ? nla_parse+0x32b/0x4e0 [ 836.792318] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 836.797503] ? __netlink_ns_capable+0x100/0x130 [ 836.802160] genl_family_rcv_msg+0x8a3/0x1140 [ 836.806652] ? genl_unregister_family+0x8b0/0x8b0 [ 836.811487] ? netlink_deliver_tap+0x32d/0xfb0 [ 836.816061] ? lock_downgrade+0x8f0/0x8f0 [ 836.820203] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 836.825223] ? lock_release+0xa30/0xa30 [ 836.829189] ? lock_acquire+0x1e4/0x540 [ 836.833156] ? genl_rcv+0x19/0x40 [ 836.836599] genl_rcv_msg+0xc6/0x168 [ 836.840307] netlink_rcv_skb+0x172/0x440 [ 836.844360] ? genl_family_rcv_msg+0x1140/0x1140 [ 836.849096] ? netlink_ack+0xbe0/0xbe0 [ 836.852968] genl_rcv+0x28/0x40 [ 836.856229] netlink_unicast+0x5a0/0x760 [ 836.860297] ? netlink_attachskb+0x9a0/0x9a0 [ 836.864692] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.870216] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 836.875221] netlink_sendmsg+0xa18/0xfc0 [ 836.879281] ? netlink_unicast+0x760/0x760 [ 836.883499] ? move_addr_to_kernel.part.20+0x100/0x100 [ 836.888765] ? security_socket_sendmsg+0x94/0xc0 [ 836.893524] ? netlink_unicast+0x760/0x760 [ 836.897748] sock_sendmsg+0xd5/0x120 [ 836.901446] ___sys_sendmsg+0x7fd/0x930 [ 836.905419] ? copy_msghdr_from_user+0x580/0x580 [ 836.910174] ? __sched_text_start+0x8/0x8 [ 836.914306] ? __fget_light+0x2f7/0x440 [ 836.918272] ? fget_raw+0x20/0x20 [ 836.921719] ? __fd_install+0x2db/0x880 [ 836.925685] ? get_unused_fd_flags+0x1a0/0x1a0 [ 836.930259] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 836.935778] ? sockfd_lookup_light+0xc5/0x160 [ 836.940262] __sys_sendmsg+0x11d/0x290 [ 836.944136] ? __ia32_sys_shutdown+0x80/0x80 [ 836.948545] ? __x64_sys_futex+0x47f/0x6a0 [ 836.952786] ? fd_install+0x4d/0x60 [ 836.956416] ? syscall_slow_exit_work+0x500/0x500 [ 836.961246] ? ksys_ioctl+0x81/0xd0 [ 836.964863] __x64_sys_sendmsg+0x78/0xb0 [ 836.968907] do_syscall_64+0x1b9/0x820 [ 836.972776] ? finish_task_switch+0x1d3/0x870 [ 836.977263] ? syscall_return_slowpath+0x5e0/0x5e0 [ 836.982184] ? syscall_return_slowpath+0x31d/0x5e0 [ 836.987107] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 836.992111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 836.996943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 837.002115] RIP: 0033:0x456959 [ 837.005303] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 837.024201] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 837.031909] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 837.040551] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 837.047827] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 837.055097] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 837.062390] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 837.070558] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 837.080583] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 837.087495] CPU: 1 PID: 8167 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 837.095898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 837.105253] Call Trace: [ 837.107837] dump_stack+0x1c9/0x2b4 [ 837.111453] ? dump_stack_print_info.cold.2+0x52/0x52 [ 837.116636] ? trace_hardirqs_on+0xd/0x10 [ 837.120787] sysfs_warn_dup.cold.3+0x1c/0x2b [ 837.125194] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 837.130549] sysfs_create_link+0x65/0xc0 [ 837.134604] device_add+0x5d0/0x17b0 [ 837.138309] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 837.142804] ? genl_family_rcv_msg+0x8a3/0x1140 [ 837.147484] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 837.152584] ? do_syscall_64+0x1b9/0x820 [ 837.156633] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 837.161820] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.167348] wiphy_register+0x1a21/0x2740 [ 837.171516] ? wiphy_unregister+0x12c0/0x12c0 [ 837.176016] ? kasan_unpoison_shadow+0x35/0x50 [ 837.180602] ? kasan_kmalloc+0xc4/0xe0 [ 837.184589] ? __kmalloc+0x315/0x760 [ 837.188293] ? __lockdep_init_map+0x105/0x590 [ 837.192781] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.198308] ? ieee80211_cs_list_valid+0x7c/0x440 [ 837.203134] ? ieee80211_register_hw+0xc61/0x3890 [ 837.208051] ieee80211_register_hw+0x146b/0x3890 [ 837.212813] ? init_timer_on_stack_key+0x31/0xe0 [ 837.217834] ? ieee80211_free_ack_frame+0x60/0x60 [ 837.222671] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 837.227687] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 837.233840] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 837.239373] ? vsnprintf+0x20d/0x1b60 [ 837.243174] ? pointer+0x990/0x990 [ 837.246721] ? do_raw_spin_unlock+0xa7/0x2f0 [ 837.251123] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 837.256145] ? kvasprintf+0xea/0x140 [ 837.259852] ? bust_spinlocks+0xe0/0xe0 [ 837.263827] ? kasprintf+0xab/0xe0 [ 837.267358] ? kvasprintf_const+0x190/0x190 [ 837.271685] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 837.277224] hwsim_new_radio_nl+0x7c0/0xa80 [ 837.281540] ? nla_parse+0x32b/0x4e0 [ 837.285243] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 837.290422] ? __netlink_ns_capable+0x100/0x130 [ 837.295091] genl_family_rcv_msg+0x8a3/0x1140 [ 837.299572] ? genl_unregister_family+0x8b0/0x8b0 [ 837.304398] ? netlink_deliver_tap+0x32d/0xfb0 [ 837.308981] ? lock_downgrade+0x8f0/0x8f0 [ 837.313116] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 837.318118] ? lock_release+0xa30/0xa30 [ 837.322087] ? lock_acquire+0x1e4/0x540 [ 837.326044] ? genl_rcv+0x19/0x40 [ 837.329487] genl_rcv_msg+0xc6/0x168 [ 837.333197] netlink_rcv_skb+0x172/0x440 [ 837.337251] ? genl_family_rcv_msg+0x1140/0x1140 [ 837.341992] ? netlink_ack+0xbe0/0xbe0 [ 837.345926] genl_rcv+0x28/0x40 [ 837.349199] netlink_unicast+0x5a0/0x760 [ 837.353255] ? netlink_attachskb+0x9a0/0x9a0 [ 837.357649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.363179] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 837.368184] netlink_sendmsg+0xa18/0xfc0 [ 837.372241] ? netlink_unicast+0x760/0x760 [ 837.376470] ? move_addr_to_kernel.part.20+0x100/0x100 [ 837.381822] ? security_socket_sendmsg+0x94/0xc0 [ 837.386562] ? netlink_unicast+0x760/0x760 [ 837.390783] sock_sendmsg+0xd5/0x120 [ 837.394484] ___sys_sendmsg+0x7fd/0x930 [ 837.398444] ? copy_msghdr_from_user+0x580/0x580 [ 837.403196] ? lock_acquire+0x1e4/0x540 [ 837.407158] ? __fd_install+0x2b2/0x880 [ 837.411112] ? lock_downgrade+0x8f0/0x8f0 [ 837.415254] ? select_collect+0x610/0x610 [ 837.419388] ? __fget_light+0x2f7/0x440 [ 837.423362] ? fget_raw+0x20/0x20 [ 837.426800] ? __fd_install+0x2db/0x880 [ 837.430783] ? get_unused_fd_flags+0x1a0/0x1a0 [ 837.435376] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 837.440901] ? sockfd_lookup_light+0xc5/0x160 [ 837.445380] __sys_sendmsg+0x11d/0x290 [ 837.449262] ? __ia32_sys_shutdown+0x80/0x80 [ 837.453656] ? __x64_sys_futex+0x47f/0x6a0 [ 837.458755] ? fd_install+0x4d/0x60 [ 837.462375] ? ksys_ioctl+0x81/0xd0 [ 837.465989] __x64_sys_sendmsg+0x78/0xb0 [ 837.470039] do_syscall_64+0x1b9/0x820 [ 837.473911] ? finish_task_switch+0x1d3/0x870 [ 837.478389] ? syscall_return_slowpath+0x5e0/0x5e0 [ 837.483303] ? syscall_return_slowpath+0x31d/0x5e0 [ 837.488217] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 837.493222] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 837.498086] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 837.503263] RIP: 0033:0x456959 [ 837.506441] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 837.525421] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 837.533123] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 17:31:19 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x300000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:19 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900051000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:19 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:19 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:19 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:19 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xffffa888]}) 17:31:19 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f857140") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3de, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:19 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050000000a00000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 837.540372] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 837.547715] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 837.554998] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 837.562273] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:19 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x9, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:19 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:19 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:19 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x689]}) 17:31:19 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x9fffffff}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 837.682288] IPv6: Can't replace route, no match found [ 837.692383] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 837.746403] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 837.753477] CPU: 1 PID: 8245 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 837.761988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 837.771372] Call Trace: [ 837.773991] dump_stack+0x1c9/0x2b4 [ 837.777639] ? dump_stack_print_info.cold.2+0x52/0x52 [ 837.782857] ? trace_hardirqs_on+0xd/0x10 [ 837.787038] sysfs_warn_dup.cold.3+0x1c/0x2b [ 837.791475] sysfs_do_create_link_sd.isra.2+0x116/0x130 17:31:19 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:19 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000019000500ff000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:19 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 837.796879] sysfs_create_link+0x65/0xc0 [ 837.800962] device_add+0x5d0/0x17b0 [ 837.804708] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 837.809398] ? genl_family_rcv_msg+0x8a3/0x1140 [ 837.814089] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 837.819213] ? do_syscall_64+0x1b9/0x820 [ 837.823295] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 837.828509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.834068] wiphy_register+0x1a21/0x2740 [ 837.838238] ? wiphy_unregister+0x12c0/0x12c0 [ 837.842776] ? kasan_unpoison_shadow+0x35/0x50 [ 837.847374] ? kasan_kmalloc+0xc4/0xe0 [ 837.851273] ? __kmalloc+0x315/0x760 [ 837.855016] ? __lockdep_init_map+0x105/0x590 [ 837.859524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 837.865068] ? ieee80211_cs_list_valid+0x7c/0x440 [ 837.869919] ? ieee80211_register_hw+0xc61/0x3890 [ 837.874775] ieee80211_register_hw+0x146b/0x3890 [ 837.880137] ? init_timer_on_stack_key+0x31/0xe0 [ 837.884888] ? ieee80211_free_ack_frame+0x60/0x60 [ 837.889741] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 837.894776] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 837.900921] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 837.906460] ? vsnprintf+0x20d/0x1b60 [ 837.910270] ? pointer+0x990/0x990 [ 837.913821] ? check_same_owner+0x340/0x340 [ 837.918136] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 837.923154] ? kvasprintf+0xea/0x140 [ 837.926965] ? bust_spinlocks+0xe0/0xe0 [ 837.931384] ? kasprintf+0xab/0xe0 [ 837.934935] ? kvasprintf_const+0x190/0x190 [ 837.939259] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 837.944813] hwsim_new_radio_nl+0x7c0/0xa80 [ 837.949333] ? nla_parse+0x32b/0x4e0 [ 837.953059] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 837.958362] ? __netlink_ns_capable+0x100/0x130 [ 837.963029] genl_family_rcv_msg+0x8a3/0x1140 [ 837.967661] ? genl_unregister_family+0x8b0/0x8b0 [ 837.972500] ? netlink_deliver_tap+0x32d/0xfb0 [ 837.977093] ? lock_downgrade+0x8f0/0x8f0 [ 837.981260] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 837.986285] ? lock_release+0xa30/0xa30 [ 837.990446] ? __netlink_lookup+0x5e1/0xab0 [ 837.994775] ? lock_acquire+0x1e4/0x540 [ 837.998750] ? genl_rcv+0x19/0x40 [ 838.002212] genl_rcv_msg+0xc6/0x168 [ 838.005911] netlink_rcv_skb+0x172/0x440 [ 838.009980] ? genl_family_rcv_msg+0x1140/0x1140 [ 838.014741] ? netlink_ack+0xbe0/0xbe0 [ 838.018645] genl_rcv+0x28/0x40 [ 838.021913] netlink_unicast+0x5a0/0x760 [ 838.026329] ? netlink_attachskb+0x9a0/0x9a0 [ 838.030748] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.036287] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 838.041312] netlink_sendmsg+0xa18/0xfc0 [ 838.045377] ? netlink_unicast+0x760/0x760 [ 838.049606] ? move_addr_to_kernel.part.20+0x100/0x100 [ 838.054869] ? security_socket_sendmsg+0x94/0xc0 [ 838.059616] ? netlink_unicast+0x760/0x760 [ 838.063842] sock_sendmsg+0xd5/0x120 [ 838.067564] ___sys_sendmsg+0x7fd/0x930 [ 838.071528] ? copy_msghdr_from_user+0x580/0x580 [ 838.076293] ? lock_acquire+0x1e4/0x540 [ 838.080270] ? __fd_install+0x2b2/0x880 [ 838.084238] ? lock_downgrade+0x8f0/0x8f0 [ 838.088396] ? select_collect+0x610/0x610 [ 838.092534] ? __fget_light+0x2f7/0x440 [ 838.096492] ? fget_raw+0x20/0x20 [ 838.099933] ? __fd_install+0x2db/0x880 [ 838.103895] ? get_unused_fd_flags+0x1a0/0x1a0 [ 838.108477] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 838.114012] ? sockfd_lookup_light+0xc5/0x160 [ 838.118499] __sys_sendmsg+0x11d/0x290 [ 838.122376] ? __ia32_sys_shutdown+0x80/0x80 [ 838.126771] ? __x64_sys_futex+0x47f/0x6a0 [ 838.131006] ? fd_install+0x4d/0x60 [ 838.134638] ? ksys_ioctl+0x81/0xd0 [ 838.138273] __x64_sys_sendmsg+0x78/0xb0 [ 838.142331] do_syscall_64+0x1b9/0x820 [ 838.146212] ? finish_task_switch+0x1d3/0x870 [ 838.150728] ? syscall_return_slowpath+0x5e0/0x5e0 [ 838.155651] ? syscall_return_slowpath+0x31d/0x5e0 [ 838.160669] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 838.165694] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 838.170536] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.175806] RIP: 0033:0x456959 [ 838.179004] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.197915] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 838.205629] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 838.212995] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 838.220272] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 838.227542] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 838.234801] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 838.279264] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 838.327856] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 838.334823] CPU: 0 PID: 8260 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 838.343586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 838.352951] Call Trace: [ 838.355564] dump_stack+0x1c9/0x2b4 [ 838.359210] ? dump_stack_print_info.cold.2+0x52/0x52 [ 838.364408] ? trace_hardirqs_on+0xd/0x10 [ 838.368555] sysfs_warn_dup.cold.3+0x1c/0x2b [ 838.372970] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 838.378343] sysfs_create_link+0x65/0xc0 [ 838.382405] device_add+0x5d0/0x17b0 [ 838.386107] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 838.390601] ? genl_family_rcv_msg+0x8a3/0x1140 [ 838.395271] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 838.400367] ? do_syscall_64+0x1b9/0x820 [ 838.404438] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 838.409630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.415157] wiphy_register+0x1a21/0x2740 [ 838.419295] ? wiphy_unregister+0x12c0/0x12c0 [ 838.423800] ? kasan_unpoison_shadow+0x35/0x50 [ 838.428366] ? kasan_kmalloc+0xc4/0xe0 [ 838.432239] ? __kmalloc+0x315/0x760 [ 838.435955] ? __lockdep_init_map+0x105/0x590 [ 838.440449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.445990] ? ieee80211_cs_list_valid+0x7c/0x440 [ 838.450843] ? ieee80211_register_hw+0xc61/0x3890 [ 838.455672] ieee80211_register_hw+0x146b/0x3890 [ 838.460431] ? init_timer_on_stack_key+0x31/0xe0 [ 838.465278] ? ieee80211_free_ack_frame+0x60/0x60 [ 838.470121] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 838.475139] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 838.481290] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 838.487019] ? vsnprintf+0x20d/0x1b60 [ 838.490805] ? pointer+0x990/0x990 [ 838.494332] ? do_raw_spin_unlock+0xa7/0x2f0 [ 838.498739] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 838.503755] ? kvasprintf+0xea/0x140 [ 838.507458] ? bust_spinlocks+0xe0/0xe0 [ 838.511437] ? kasprintf+0xab/0xe0 [ 838.514968] ? kvasprintf_const+0x190/0x190 [ 838.519278] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 838.524817] hwsim_new_radio_nl+0x7c0/0xa80 [ 838.529166] ? nla_parse+0x32b/0x4e0 [ 838.532874] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 838.538055] ? __netlink_ns_capable+0x100/0x130 [ 838.542719] genl_family_rcv_msg+0x8a3/0x1140 [ 838.547209] ? genl_unregister_family+0x8b0/0x8b0 [ 838.552043] ? netlink_deliver_tap+0x32d/0xfb0 [ 838.556610] ? lock_downgrade+0x8f0/0x8f0 [ 838.560830] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 838.565831] ? lock_release+0xa30/0xa30 [ 838.569972] ? lock_acquire+0x1e4/0x540 [ 838.573937] ? genl_rcv+0x19/0x40 [ 838.577377] genl_rcv_msg+0xc6/0x168 [ 838.581084] netlink_rcv_skb+0x172/0x440 [ 838.585130] ? genl_family_rcv_msg+0x1140/0x1140 [ 838.589879] ? netlink_ack+0xbe0/0xbe0 [ 838.593760] genl_rcv+0x28/0x40 [ 838.597024] netlink_unicast+0x5a0/0x760 [ 838.601069] ? netlink_attachskb+0x9a0/0x9a0 [ 838.605461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.610982] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 838.615983] netlink_sendmsg+0xa18/0xfc0 [ 838.620027] ? netlink_unicast+0x760/0x760 [ 838.624775] ? move_addr_to_kernel.part.20+0x100/0x100 [ 838.630048] ? security_socket_sendmsg+0x94/0xc0 [ 838.634787] ? netlink_unicast+0x760/0x760 [ 838.639007] sock_sendmsg+0xd5/0x120 [ 838.642722] ___sys_sendmsg+0x7fd/0x930 [ 838.646710] ? copy_msghdr_from_user+0x580/0x580 [ 838.651462] ? __sched_text_start+0x8/0x8 [ 838.655595] ? __fget_light+0x2f7/0x440 [ 838.659576] ? fget_raw+0x20/0x20 [ 838.663024] ? __fd_install+0x2db/0x880 [ 838.666985] ? get_unused_fd_flags+0x1a0/0x1a0 [ 838.672349] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 838.677871] ? sockfd_lookup_light+0xc5/0x160 [ 838.682360] __sys_sendmsg+0x11d/0x290 [ 838.686242] ? __ia32_sys_shutdown+0x80/0x80 [ 838.690733] ? __x64_sys_futex+0x47f/0x6a0 [ 838.694976] ? fd_install+0x4d/0x60 [ 838.698601] ? syscall_slow_exit_work+0x500/0x500 [ 838.703429] ? ksys_ioctl+0x81/0xd0 [ 838.707042] __x64_sys_sendmsg+0x78/0xb0 [ 838.711193] do_syscall_64+0x1b9/0x820 [ 838.715083] ? finish_task_switch+0x1d3/0x870 [ 838.719575] ? syscall_return_slowpath+0x5e0/0x5e0 [ 838.724497] ? syscall_return_slowpath+0x31d/0x5e0 [ 838.729430] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 838.734448] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 838.739282] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.744454] RIP: 0033:0x456959 [ 838.747633] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.766522] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 838.774220] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 838.781562] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 838.788828] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 838.796081] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 838.803336] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 838.811906] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 838.824284] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 838.831217] CPU: 0 PID: 8245 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 838.839721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 838.849085] Call Trace: [ 838.851699] dump_stack+0x1c9/0x2b4 [ 838.855365] ? dump_stack_print_info.cold.2+0x52/0x52 [ 838.860570] ? trace_hardirqs_on+0xd/0x10 [ 838.865008] sysfs_warn_dup.cold.3+0x1c/0x2b [ 838.870151] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 838.875555] sysfs_create_link+0x65/0xc0 [ 838.879627] device_add+0x5d0/0x17b0 [ 838.883351] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 838.887855] ? genl_family_rcv_msg+0x8a3/0x1140 [ 838.892755] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 838.897866] ? do_syscall_64+0x1b9/0x820 [ 838.901946] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 838.907150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.912707] wiphy_register+0x1a21/0x2740 [ 838.916884] ? wiphy_unregister+0x12c0/0x12c0 [ 838.921390] ? kasan_unpoison_shadow+0x35/0x50 [ 838.925977] ? kasan_kmalloc+0xc4/0xe0 [ 838.929875] ? __kmalloc+0x315/0x760 [ 838.933598] ? __lockdep_init_map+0x105/0x590 [ 838.938107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.943654] ? ieee80211_cs_list_valid+0x7c/0x440 [ 838.948506] ? ieee80211_register_hw+0xc61/0x3890 [ 838.953362] ieee80211_register_hw+0x146b/0x3890 [ 838.958132] ? init_timer_on_stack_key+0x31/0xe0 [ 838.962896] ? ieee80211_free_ack_frame+0x60/0x60 [ 838.967930] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 838.972965] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 838.979144] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 838.984706] ? vsnprintf+0x20d/0x1b60 [ 838.988613] ? pointer+0x990/0x990 [ 838.992172] ? do_raw_spin_unlock+0xa7/0x2f0 [ 838.996607] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 839.001632] ? kvasprintf+0xea/0x140 [ 839.005354] ? bust_spinlocks+0xe0/0xe0 [ 839.009339] ? kasprintf+0xab/0xe0 [ 839.012887] ? kvasprintf_const+0x190/0x190 [ 839.017316] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 839.022870] hwsim_new_radio_nl+0x7c0/0xa80 [ 839.027211] ? nla_parse+0x32b/0x4e0 [ 839.030937] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 839.036264] ? __netlink_ns_capable+0x100/0x130 [ 839.040951] genl_family_rcv_msg+0x8a3/0x1140 [ 839.045464] ? genl_unregister_family+0x8b0/0x8b0 [ 839.050312] ? netlink_deliver_tap+0x32d/0xfb0 [ 839.054907] ? lock_downgrade+0x8f0/0x8f0 [ 839.059124] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 839.064151] ? lock_release+0xa30/0xa30 [ 839.068136] ? lock_acquire+0x1e4/0x540 [ 839.072130] ? genl_rcv+0x19/0x40 [ 839.075594] genl_rcv_msg+0xc6/0x168 [ 839.079312] netlink_rcv_skb+0x172/0x440 [ 839.083377] ? genl_family_rcv_msg+0x1140/0x1140 [ 839.088137] ? netlink_ack+0xbe0/0xbe0 [ 839.092047] genl_rcv+0x28/0x40 [ 839.095327] netlink_unicast+0x5a0/0x760 [ 839.099389] ? netlink_attachskb+0x9a0/0x9a0 [ 839.103802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 839.109346] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 839.114398] netlink_sendmsg+0xa18/0xfc0 [ 839.118469] ? netlink_unicast+0x760/0x760 [ 839.122884] ? move_addr_to_kernel.part.20+0x100/0x100 [ 839.128166] ? security_socket_sendmsg+0x94/0xc0 [ 839.132926] ? netlink_unicast+0x760/0x760 [ 839.137686] sock_sendmsg+0xd5/0x120 [ 839.141416] ___sys_sendmsg+0x7fd/0x930 [ 839.145418] ? copy_msghdr_from_user+0x580/0x580 [ 839.150183] ? __sched_text_start+0x8/0x8 [ 839.154420] ? __fget_light+0x2f7/0x440 [ 839.158392] ? fget_raw+0x20/0x20 [ 839.161944] ? __fd_install+0x2db/0x880 [ 839.165918] ? dlci_ioctl_set+0x40/0x40 [ 839.169913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 839.175459] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 839.181000] ? sockfd_lookup_light+0xc5/0x160 [ 839.185497] __sys_sendmsg+0x11d/0x290 [ 839.189387] ? __ia32_sys_shutdown+0x80/0x80 [ 839.193797] ? __x64_sys_futex+0x47f/0x6a0 [ 839.198054] ? fd_install+0x4d/0x60 [ 839.201687] ? syscall_slow_exit_work+0x500/0x500 [ 839.206534] ? ksys_ioctl+0x81/0xd0 [ 839.210163] __x64_sys_sendmsg+0x78/0xb0 [ 839.214227] do_syscall_64+0x1b9/0x820 [ 839.218115] ? finish_task_switch+0x1d3/0x870 [ 839.222623] ? syscall_return_slowpath+0x5e0/0x5e0 [ 839.227557] ? syscall_return_slowpath+0x31d/0x5e0 [ 839.232489] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 839.237546] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 839.242388] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 839.247560] RIP: 0033:0x456959 [ 839.250745] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 839.269990] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:31:21 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:21 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x0, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:21 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050006000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:21 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:21 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xac1414aa]}) 17:31:21 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") write$binfmt_script(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) 17:31:21 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x1c000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3a5, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 839.277776] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 839.285130] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 [ 839.292399] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 839.299666] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 839.306919] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:21 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x0, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xa3, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:21 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc8070031") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:21 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x6000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:21 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") write$binfmt_script(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) [ 839.363874] IPv6: Can't replace route, no match found [ 839.375434] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 17:31:21 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xaa1414ac]}) 17:31:21 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050b00000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 839.462925] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 839.470047] CPU: 1 PID: 8298 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 839.478544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 839.487904] Call Trace: [ 839.490532] dump_stack+0x1c9/0x2b4 [ 839.494200] ? dump_stack_print_info.cold.2+0x52/0x52 [ 839.499431] ? trace_hardirqs_on+0xd/0x10 [ 839.503658] sysfs_warn_dup.cold.3+0x1c/0x2b [ 839.508080] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 839.513458] sysfs_create_link+0x65/0xc0 [ 839.517545] device_add+0x5d0/0x17b0 [ 839.521285] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 839.525794] ? genl_family_rcv_msg+0x8a3/0x1140 [ 839.530466] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 839.535565] ? do_syscall_64+0x1b9/0x820 [ 839.539623] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 839.544814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 839.550362] wiphy_register+0x1a21/0x2740 [ 839.554524] ? wiphy_unregister+0x12c0/0x12c0 [ 839.559018] ? kasan_unpoison_shadow+0x35/0x50 [ 839.563603] ? kasan_kmalloc+0xc4/0xe0 [ 839.567483] ? __kmalloc+0x315/0x760 [ 839.571209] ? __lockdep_init_map+0x105/0x590 [ 839.575712] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 839.581334] ? ieee80211_cs_list_valid+0x7c/0x440 [ 839.586175] ? ieee80211_register_hw+0xc61/0x3890 [ 839.591029] ieee80211_register_hw+0x146b/0x3890 [ 839.595782] ? init_timer_on_stack_key+0x31/0xe0 [ 839.600570] ? ieee80211_free_ack_frame+0x60/0x60 [ 839.605416] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 839.610440] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 839.616593] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 839.622123] ? vsnprintf+0x20d/0x1b60 [ 839.625909] ? pointer+0x990/0x990 [ 839.629445] ? check_same_owner+0x340/0x340 [ 839.633767] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 839.638780] ? kvasprintf+0xea/0x140 [ 839.642477] ? bust_spinlocks+0xe0/0xe0 [ 839.646449] ? kasprintf+0xab/0xe0 [ 839.649983] ? kvasprintf_const+0x190/0x190 [ 839.654299] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 839.659824] hwsim_new_radio_nl+0x7c0/0xa80 [ 839.664134] ? nla_parse+0x32b/0x4e0 [ 839.667848] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 839.673040] ? __netlink_ns_capable+0x100/0x130 [ 839.677704] genl_family_rcv_msg+0x8a3/0x1140 [ 839.682209] ? genl_unregister_family+0x8b0/0x8b0 [ 839.687041] ? netlink_deliver_tap+0x32d/0xfb0 [ 839.691714] ? lock_downgrade+0x8f0/0x8f0 [ 839.695872] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 839.700910] ? lock_release+0xa30/0xa30 [ 839.704890] ? __netlink_lookup+0x5e1/0xab0 [ 839.709214] ? lock_acquire+0x1e4/0x540 [ 839.713180] ? genl_rcv+0x19/0x40 [ 839.716622] genl_rcv_msg+0xc6/0x168 [ 839.720322] netlink_rcv_skb+0x172/0x440 [ 839.724388] ? genl_family_rcv_msg+0x1140/0x1140 [ 839.729138] ? netlink_ack+0xbe0/0xbe0 [ 839.733014] genl_rcv+0x28/0x40 [ 839.736277] netlink_unicast+0x5a0/0x760 [ 839.740335] ? netlink_attachskb+0x9a0/0x9a0 [ 839.744741] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 839.750264] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 839.755278] netlink_sendmsg+0xa18/0xfc0 [ 839.759338] ? netlink_unicast+0x760/0x760 [ 839.763568] ? move_addr_to_kernel.part.20+0x100/0x100 [ 839.768842] ? security_socket_sendmsg+0x94/0xc0 [ 839.773677] ? netlink_unicast+0x760/0x760 [ 839.777905] sock_sendmsg+0xd5/0x120 [ 839.781609] ___sys_sendmsg+0x7fd/0x930 [ 839.785588] ? copy_msghdr_from_user+0x580/0x580 [ 839.790346] ? lock_acquire+0x1e4/0x540 [ 839.794319] ? __fd_install+0x2b2/0x880 [ 839.798285] ? lock_downgrade+0x8f0/0x8f0 [ 839.802514] ? select_collect+0x610/0x610 [ 839.806647] ? __fget_light+0x2f7/0x440 [ 839.810615] ? fget_raw+0x20/0x20 [ 839.814065] ? __fd_install+0x2db/0x880 [ 839.818128] ? get_unused_fd_flags+0x1a0/0x1a0 [ 839.822701] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 839.828239] ? sockfd_lookup_light+0xc5/0x160 [ 839.832734] __sys_sendmsg+0x11d/0x290 [ 839.836638] ? __ia32_sys_shutdown+0x80/0x80 [ 839.841037] ? __x64_sys_futex+0x47f/0x6a0 [ 839.845258] ? fd_install+0x4d/0x60 [ 839.848886] ? ksys_ioctl+0x81/0xd0 [ 839.852516] __x64_sys_sendmsg+0x78/0xb0 [ 839.856578] do_syscall_64+0x1b9/0x820 [ 839.860478] ? finish_task_switch+0x1d3/0x870 [ 839.864966] ? syscall_return_slowpath+0x5e0/0x5e0 [ 839.869891] ? syscall_return_slowpath+0x31d/0x5e0 [ 839.874822] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 839.879835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 839.884667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 839.889850] RIP: 0033:0x456959 [ 839.893044] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 839.912547] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 839.920254] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 839.927513] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 839.934783] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 839.942047] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 839.949418] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 839.963435] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 839.974883] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 839.981834] CPU: 0 PID: 8317 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 839.990238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 839.999597] Call Trace: [ 840.002209] dump_stack+0x1c9/0x2b4 [ 840.005859] ? dump_stack_print_info.cold.2+0x52/0x52 [ 840.011065] ? trace_hardirqs_on+0xd/0x10 [ 840.015240] sysfs_warn_dup.cold.3+0x1c/0x2b [ 840.019694] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 840.025079] sysfs_create_link+0x65/0xc0 [ 840.029155] device_add+0x5d0/0x17b0 [ 840.032886] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 840.037395] ? genl_family_rcv_msg+0x8a3/0x1140 [ 840.042086] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 840.047207] ? do_syscall_64+0x1b9/0x820 [ 840.051461] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 840.056672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 17:31:21 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050300000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 840.062227] wiphy_register+0x1a21/0x2740 [ 840.066392] ? wiphy_unregister+0x12c0/0x12c0 [ 840.071011] ? kasan_unpoison_shadow+0x35/0x50 [ 840.075604] ? kasan_kmalloc+0xc4/0xe0 [ 840.079525] ? __kmalloc+0x315/0x760 [ 840.083250] ? __lockdep_init_map+0x105/0x590 [ 840.087760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.093311] ? ieee80211_cs_list_valid+0x7c/0x440 [ 840.098166] ? ieee80211_register_hw+0xc61/0x3890 [ 840.103025] ieee80211_register_hw+0x146b/0x3890 [ 840.107797] ? init_timer_on_stack_key+0x31/0xe0 17:31:21 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:21 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") write$binfmt_script(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) 17:31:21 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc8070031") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:21 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x4}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:21 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xd00000000000000]}) [ 840.112571] ? ieee80211_free_ack_frame+0x60/0x60 [ 840.117437] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 840.122485] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 840.128685] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 840.134235] ? vsnprintf+0x20d/0x1b60 [ 840.138138] ? pointer+0x990/0x990 [ 840.141685] ? do_raw_spin_unlock+0xa7/0x2f0 [ 840.146104] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 840.151128] ? kvasprintf+0xea/0x140 [ 840.154851] ? bust_spinlocks+0xe0/0xe0 [ 840.158836] ? kasprintf+0xab/0xe0 17:31:22 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 840.162385] ? kvasprintf_const+0x190/0x190 [ 840.166720] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 840.172270] hwsim_new_radio_nl+0x7c0/0xa80 [ 840.176605] ? nla_parse+0x32b/0x4e0 [ 840.180347] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 840.185579] ? __netlink_ns_capable+0x100/0x130 [ 840.190262] genl_family_rcv_msg+0x8a3/0x1140 [ 840.194877] ? genl_unregister_family+0x8b0/0x8b0 [ 840.199752] ? netlink_deliver_tap+0x32d/0xfb0 [ 840.204346] ? lock_downgrade+0x8f0/0x8f0 [ 840.208687] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 840.213723] ? lock_release+0xa30/0xa30 [ 840.217703] ? lock_acquire+0x1e4/0x540 [ 840.221686] ? genl_rcv+0x19/0x40 [ 840.225154] genl_rcv_msg+0xc6/0x168 [ 840.228881] netlink_rcv_skb+0x172/0x440 [ 840.232952] ? genl_family_rcv_msg+0x1140/0x1140 [ 840.237705] ? netlink_ack+0xbe0/0xbe0 [ 840.241600] genl_rcv+0x28/0x40 [ 840.244892] netlink_unicast+0x5a0/0x760 [ 840.248966] ? netlink_attachskb+0x9a0/0x9a0 [ 840.253381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.258933] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 840.263938] netlink_sendmsg+0xa18/0xfc0 [ 840.268004] ? netlink_unicast+0x760/0x760 [ 840.272225] ? move_addr_to_kernel.part.20+0x100/0x100 [ 840.277492] ? security_socket_sendmsg+0x94/0xc0 [ 840.282246] ? netlink_unicast+0x760/0x760 [ 840.286475] sock_sendmsg+0xd5/0x120 [ 840.290175] ___sys_sendmsg+0x7fd/0x930 [ 840.294152] ? copy_msghdr_from_user+0x580/0x580 [ 840.298915] ? __sched_text_start+0x8/0x8 [ 840.303078] ? __fget_light+0x2f7/0x440 [ 840.307047] ? fget_raw+0x20/0x20 [ 840.310587] ? __fd_install+0x2db/0x880 [ 840.314567] ? get_unused_fd_flags+0x1a0/0x1a0 [ 840.319146] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 840.324684] ? sockfd_lookup_light+0xc5/0x160 [ 840.329180] __sys_sendmsg+0x11d/0x290 [ 840.333062] ? __ia32_sys_shutdown+0x80/0x80 [ 840.337474] ? __x64_sys_futex+0x47f/0x6a0 [ 840.341704] ? fd_install+0x4d/0x60 [ 840.345335] ? syscall_slow_exit_work+0x500/0x500 [ 840.350272] ? ksys_ioctl+0x81/0xd0 [ 840.353898] __x64_sys_sendmsg+0x78/0xb0 [ 840.357989] do_syscall_64+0x1b9/0x820 [ 840.361867] ? finish_task_switch+0x1d3/0x870 [ 840.366364] ? syscall_return_slowpath+0x5e0/0x5e0 [ 840.371293] ? syscall_return_slowpath+0x31d/0x5e0 [ 840.376213] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 840.381228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 840.386093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 840.391284] RIP: 0033:0x456959 [ 840.394470] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 17:31:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x2d, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 840.413360] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 840.421062] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 840.428335] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 840.435630] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 840.442893] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 840.450157] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:22 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc8070031") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:22 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x4d00}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:22 executing program 2: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) 17:31:22 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005fec0000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 840.477644] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 840.528633] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 840.535584] CPU: 1 PID: 8342 Comm: syz-executor4 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 840.543991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.553384] Call Trace: [ 840.555995] dump_stack+0x1c9/0x2b4 [ 840.559639] ? dump_stack_print_info.cold.2+0x52/0x52 [ 840.564850] ? trace_hardirqs_on+0xd/0x10 [ 840.569021] sysfs_warn_dup.cold.3+0x1c/0x2b [ 840.573449] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 840.578831] sysfs_create_link+0x65/0xc0 [ 840.582906] device_add+0x5d0/0x17b0 [ 840.586635] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 840.591148] ? genl_family_rcv_msg+0x8a3/0x1140 [ 840.595845] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 840.600972] ? do_syscall_64+0x1b9/0x820 [ 840.605051] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 840.610250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.615807] wiphy_register+0x1a21/0x2740 [ 840.619973] ? wiphy_unregister+0x12c0/0x12c0 [ 840.624481] ? kasan_unpoison_shadow+0x35/0x50 17:31:22 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:22 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xe00000000000000]}) [ 840.629088] ? kasan_kmalloc+0xc4/0xe0 [ 840.633133] ? __kmalloc+0x315/0x760 [ 840.636859] ? __lockdep_init_map+0x105/0x590 [ 840.641369] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.646913] ? ieee80211_cs_list_valid+0x7c/0x440 [ 840.651762] ? ieee80211_register_hw+0xc61/0x3890 [ 840.656611] ieee80211_register_hw+0x146b/0x3890 [ 840.661470] ? init_timer_on_stack_key+0x31/0xe0 [ 840.666236] ? ieee80211_free_ack_frame+0x60/0x60 [ 840.671108] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 840.676147] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 840.682299] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 840.687830] ? vsnprintf+0x20d/0x1b60 [ 840.691618] ? pointer+0x990/0x990 [ 840.695153] ? check_same_owner+0x340/0x340 [ 840.699485] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 840.704495] ? kvasprintf+0xea/0x140 [ 840.708206] ? bust_spinlocks+0xe0/0xe0 [ 840.712185] ? kasprintf+0xab/0xe0 [ 840.715712] ? kvasprintf_const+0x190/0x190 [ 840.720039] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 840.725572] hwsim_new_radio_nl+0x7c0/0xa80 [ 840.729888] ? nla_parse+0x32b/0x4e0 [ 840.733610] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 840.738791] ? __netlink_ns_capable+0x100/0x130 [ 840.743458] genl_family_rcv_msg+0x8a3/0x1140 [ 840.747951] ? genl_unregister_family+0x8b0/0x8b0 [ 840.752779] ? netlink_deliver_tap+0x32d/0xfb0 [ 840.757353] ? lock_downgrade+0x8f0/0x8f0 [ 840.761496] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 840.766499] ? lock_release+0xa30/0xa30 [ 840.770457] ? __netlink_lookup+0x5e1/0xab0 [ 840.774776] ? lock_acquire+0x1e4/0x540 [ 840.778744] ? genl_rcv+0x19/0x40 [ 840.782197] genl_rcv_msg+0xc6/0x168 [ 840.785915] netlink_rcv_skb+0x172/0x440 [ 840.789975] ? genl_family_rcv_msg+0x1140/0x1140 [ 840.794736] ? netlink_ack+0xbe0/0xbe0 [ 840.798624] genl_rcv+0x28/0x40 [ 840.801899] netlink_unicast+0x5a0/0x760 [ 840.805954] ? netlink_attachskb+0x9a0/0x9a0 [ 840.810374] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 840.815908] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 840.820996] netlink_sendmsg+0xa18/0xfc0 [ 840.825055] ? netlink_unicast+0x760/0x760 [ 840.829290] ? move_addr_to_kernel.part.20+0x100/0x100 [ 840.834555] ? security_socket_sendmsg+0x94/0xc0 [ 840.839307] ? netlink_unicast+0x760/0x760 [ 840.843653] sock_sendmsg+0xd5/0x120 [ 840.847365] ___sys_sendmsg+0x7fd/0x930 [ 840.851419] ? copy_msghdr_from_user+0x580/0x580 [ 840.856173] ? lock_acquire+0x1e4/0x540 [ 840.860144] ? __fd_install+0x2b2/0x880 [ 840.864109] ? lock_downgrade+0x8f0/0x8f0 [ 840.868244] ? select_collect+0x610/0x610 [ 840.872390] ? __fget_light+0x2f7/0x440 [ 840.876362] ? fget_raw+0x20/0x20 [ 840.879819] ? __fd_install+0x2db/0x880 [ 840.883787] ? get_unused_fd_flags+0x1a0/0x1a0 [ 840.888386] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 840.893941] ? sockfd_lookup_light+0xc5/0x160 [ 840.898431] __sys_sendmsg+0x11d/0x290 [ 840.902322] ? __ia32_sys_shutdown+0x80/0x80 [ 840.906735] ? __x64_sys_futex+0x47f/0x6a0 [ 840.910960] ? fd_install+0x4d/0x60 [ 840.914585] ? ksys_ioctl+0x81/0xd0 [ 840.918210] __x64_sys_sendmsg+0x78/0xb0 [ 840.922283] do_syscall_64+0x1b9/0x820 [ 840.926258] ? finish_task_switch+0x1d3/0x870 [ 840.930751] ? syscall_return_slowpath+0x5e0/0x5e0 [ 840.935679] ? syscall_return_slowpath+0x31d/0x5e0 [ 840.940598] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 840.945708] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 840.950564] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 840.955748] RIP: 0033:0x456959 [ 840.959025] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 840.977946] RSP: 002b:00007fef28a71c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 840.985646] RAX: ffffffffffffffda RBX: 00007fef28a726d4 RCX: 0000000000456959 [ 840.992898] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 841.000411] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 841.007675] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 841.016059] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:22 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) [ 841.033952] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 841.054714] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 841.061700] CPU: 1 PID: 8357 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 841.070126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.079489] Call Trace: 17:31:22 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f8571") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:22 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000019000503b4000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) [ 841.082102] dump_stack+0x1c9/0x2b4 [ 841.085842] ? dump_stack_print_info.cold.2+0x52/0x52 [ 841.091060] ? trace_hardirqs_on+0xd/0x10 [ 841.095234] sysfs_warn_dup.cold.3+0x1c/0x2b [ 841.099667] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 841.105062] sysfs_create_link+0x65/0xc0 [ 841.109143] device_add+0x5d0/0x17b0 [ 841.112875] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 841.117391] ? genl_family_rcv_msg+0x8a3/0x1140 [ 841.122135] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 841.127410] ? do_syscall_64+0x1b9/0x820 17:31:22 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x2c, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 841.131482] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 841.136698] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.142303] wiphy_register+0x1a21/0x2740 [ 841.146502] ? wiphy_unregister+0x12c0/0x12c0 [ 841.151279] ? kasan_unpoison_shadow+0x35/0x50 [ 841.155877] ? kasan_kmalloc+0xc4/0xe0 [ 841.159785] ? __kmalloc+0x315/0x760 [ 841.163613] ? __lockdep_init_map+0x105/0x590 [ 841.168130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.173693] ? ieee80211_cs_list_valid+0x7c/0x440 [ 841.178570] ? ieee80211_register_hw+0xc61/0x3890 17:31:23 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x1000000]}) 17:31:23 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x3f000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 841.183451] ieee80211_register_hw+0x146b/0x3890 [ 841.188228] ? init_timer_on_stack_key+0x31/0xe0 [ 841.193015] ? ieee80211_free_ack_frame+0x60/0x60 [ 841.198006] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 841.203065] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 841.209237] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 841.214793] ? vsnprintf+0x20d/0x1b60 [ 841.218611] ? pointer+0x990/0x990 [ 841.222254] ? do_raw_spin_unlock+0xa7/0x2f0 [ 841.226703] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 841.231731] ? kvasprintf+0xea/0x140 [ 841.235463] ? bust_spinlocks+0xe0/0xe0 [ 841.239448] ? kasprintf+0xab/0xe0 [ 841.242995] ? kvasprintf_const+0x190/0x190 [ 841.247331] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 841.252881] hwsim_new_radio_nl+0x7c0/0xa80 [ 841.257212] ? nla_parse+0x32b/0x4e0 [ 841.260936] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 841.266167] ? __netlink_ns_capable+0x100/0x130 [ 841.270831] genl_family_rcv_msg+0x8a3/0x1140 [ 841.275330] ? genl_unregister_family+0x8b0/0x8b0 [ 841.280167] ? netlink_deliver_tap+0x32d/0xfb0 [ 841.284747] ? lock_downgrade+0x8f0/0x8f0 [ 841.288984] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 841.294021] ? lock_release+0xa30/0xa30 [ 841.298098] ? lock_acquire+0x1e4/0x540 [ 841.302060] ? genl_rcv+0x19/0x40 [ 841.305505] genl_rcv_msg+0xc6/0x168 [ 841.309233] netlink_rcv_skb+0x172/0x440 [ 841.313300] ? genl_family_rcv_msg+0x1140/0x1140 [ 841.318076] ? netlink_ack+0xbe0/0xbe0 [ 841.321961] genl_rcv+0x28/0x40 [ 841.325226] netlink_unicast+0x5a0/0x760 [ 841.329273] ? netlink_attachskb+0x9a0/0x9a0 [ 841.333681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.339299] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 841.344422] netlink_sendmsg+0xa18/0xfc0 [ 841.348666] ? netlink_unicast+0x760/0x760 [ 841.352904] ? move_addr_to_kernel.part.20+0x100/0x100 [ 841.358168] ? security_socket_sendmsg+0x94/0xc0 [ 841.362931] ? netlink_unicast+0x760/0x760 [ 841.367189] sock_sendmsg+0xd5/0x120 [ 841.370909] ___sys_sendmsg+0x7fd/0x930 [ 841.374886] ? copy_msghdr_from_user+0x580/0x580 [ 841.379641] ? __sched_text_start+0x8/0x8 [ 841.383791] ? __fget_light+0x2f7/0x440 [ 841.387782] ? fget_raw+0x20/0x20 [ 841.391235] ? __fd_install+0x2db/0x880 [ 841.395207] ? get_unused_fd_flags+0x1a0/0x1a0 [ 841.399782] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 841.405316] ? sockfd_lookup_light+0xc5/0x160 [ 841.409814] __sys_sendmsg+0x11d/0x290 [ 841.413698] ? __ia32_sys_shutdown+0x80/0x80 [ 841.418098] ? __x64_sys_futex+0x47f/0x6a0 [ 841.422318] ? fd_install+0x4d/0x60 [ 841.425946] ? syscall_slow_exit_work+0x500/0x500 [ 841.430790] ? ksys_ioctl+0x81/0xd0 17:31:23 executing program 2: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) [ 841.434413] __x64_sys_sendmsg+0x78/0xb0 [ 841.438481] do_syscall_64+0x1b9/0x820 [ 841.442375] ? finish_task_switch+0x1d3/0x870 [ 841.446871] ? syscall_return_slowpath+0x5e0/0x5e0 [ 841.451823] ? syscall_return_slowpath+0x31d/0x5e0 [ 841.457816] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 841.462932] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 841.467809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.472999] RIP: 0033:0x456959 [ 841.476242] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 841.495249] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 841.502969] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 841.510245] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 841.517516] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 841.524787] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 841.532058] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:23 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f8571") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xffffffffffffffff, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:23 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x0, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:23 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xa2, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:23 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x71000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:23 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x21000000]}) 17:31:23 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005c0fe000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:23 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xffffff88]}) 17:31:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xffff8801c8c6c8f8, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:23 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080), 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:23 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f8571") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:23 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xa, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:23 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x80ffffff}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 841.735259] IPv6: Can't replace route, no match found 17:31:23 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x1c00000000000000]}) 17:31:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xb9, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 841.856973] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 841.894161] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 841.901128] CPU: 1 PID: 8455 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 841.909541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.918932] Call Trace: [ 841.921568] dump_stack+0x1c9/0x2b4 [ 841.925240] ? dump_stack_print_info.cold.2+0x52/0x52 [ 841.930456] ? trace_hardirqs_on+0xd/0x10 [ 841.934626] sysfs_warn_dup.cold.3+0x1c/0x2b [ 841.939052] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 841.944433] sysfs_create_link+0x65/0xc0 [ 841.948510] device_add+0x5d0/0x17b0 [ 841.952236] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 841.956752] ? genl_family_rcv_msg+0x8a3/0x1140 [ 841.961507] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 841.966625] ? do_syscall_64+0x1b9/0x820 [ 841.970684] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 841.975873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.981413] wiphy_register+0x1a21/0x2740 [ 841.985568] ? wiphy_unregister+0x12c0/0x12c0 [ 841.990064] ? kasan_unpoison_shadow+0x35/0x50 [ 841.994738] ? kasan_kmalloc+0xc4/0xe0 [ 841.998626] ? __kmalloc+0x315/0x760 [ 842.002331] ? __lockdep_init_map+0x105/0x590 [ 842.006816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.012440] ? ieee80211_cs_list_valid+0x7c/0x440 [ 842.017285] ? ieee80211_register_hw+0xc61/0x3890 [ 842.022131] ieee80211_register_hw+0x146b/0x3890 [ 842.026900] ? init_timer_on_stack_key+0x31/0xe0 [ 842.031669] ? ieee80211_free_ack_frame+0x60/0x60 [ 842.036503] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 842.041522] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 842.047670] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 842.053205] ? vsnprintf+0x20d/0x1b60 [ 842.056997] ? pointer+0x990/0x990 [ 842.060533] ? check_same_owner+0x340/0x340 [ 842.064862] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 842.069888] ? kvasprintf+0xea/0x140 [ 842.073597] ? bust_spinlocks+0xe0/0xe0 [ 842.077556] ? kasprintf+0xab/0xe0 [ 842.081091] ? kvasprintf_const+0x190/0x190 [ 842.085410] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 842.090933] hwsim_new_radio_nl+0x7c0/0xa80 [ 842.095251] ? nla_parse+0x32b/0x4e0 [ 842.098948] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 842.104222] ? __netlink_ns_capable+0x100/0x130 [ 842.108879] genl_family_rcv_msg+0x8a3/0x1140 [ 842.113361] ? genl_unregister_family+0x8b0/0x8b0 [ 842.118197] ? netlink_deliver_tap+0x32d/0xfb0 [ 842.122766] ? lock_downgrade+0x8f0/0x8f0 [ 842.126909] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 842.131912] ? lock_release+0xa30/0xa30 [ 842.135870] ? __netlink_lookup+0x5e1/0xab0 [ 842.140182] ? lock_acquire+0x1e4/0x540 [ 842.144146] ? genl_rcv+0x19/0x40 [ 842.147686] genl_rcv_msg+0xc6/0x168 [ 842.151391] netlink_rcv_skb+0x172/0x440 [ 842.155436] ? genl_family_rcv_msg+0x1140/0x1140 [ 842.160184] ? netlink_ack+0xbe0/0xbe0 [ 842.164065] genl_rcv+0x28/0x40 [ 842.167327] netlink_unicast+0x5a0/0x760 [ 842.171372] ? netlink_attachskb+0x9a0/0x9a0 [ 842.175765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.181291] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 842.186398] netlink_sendmsg+0xa18/0xfc0 [ 842.190445] ? netlink_unicast+0x760/0x760 [ 842.194675] ? move_addr_to_kernel.part.20+0x100/0x100 [ 842.199939] ? security_socket_sendmsg+0x94/0xc0 [ 842.204693] ? netlink_unicast+0x760/0x760 [ 842.208915] sock_sendmsg+0xd5/0x120 [ 842.212616] ___sys_sendmsg+0x7fd/0x930 [ 842.216587] ? copy_msghdr_from_user+0x580/0x580 [ 842.221365] ? lock_acquire+0x1e4/0x540 [ 842.225334] ? __fd_install+0x2b2/0x880 [ 842.229301] ? lock_downgrade+0x8f0/0x8f0 [ 842.233445] ? select_collect+0x610/0x610 [ 842.237586] ? __fget_light+0x2f7/0x440 [ 842.241552] ? fget_raw+0x20/0x20 [ 842.244991] ? __fd_install+0x2db/0x880 [ 842.248956] ? get_unused_fd_flags+0x1a0/0x1a0 [ 842.253534] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 842.259060] ? sockfd_lookup_light+0xc5/0x160 [ 842.263553] __sys_sendmsg+0x11d/0x290 [ 842.267440] ? __ia32_sys_shutdown+0x80/0x80 [ 842.271847] ? __x64_sys_futex+0x47f/0x6a0 [ 842.276069] ? fd_install+0x4d/0x60 [ 842.279694] ? ksys_ioctl+0x81/0xd0 [ 842.283321] __x64_sys_sendmsg+0x78/0xb0 [ 842.287370] do_syscall_64+0x1b9/0x820 [ 842.291270] ? finish_task_switch+0x1d3/0x870 [ 842.295779] ? syscall_return_slowpath+0x5e0/0x5e0 [ 842.300709] ? syscall_return_slowpath+0x31d/0x5e0 17:31:24 executing program 2: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) 17:31:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005b403000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:24 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(r1, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:24 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xfffffffe]}) 17:31:24 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x31, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:24 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x300}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:24 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f857140") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 842.305644] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 842.310667] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 842.315518] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 842.320707] RIP: 0033:0x456959 [ 842.323903] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 842.342809] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 842.350542] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 842.357826] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 842.365105] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 842.372385] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 842.379744] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:24 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85714070") r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x7) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4) connect$inet(r1, &(0x7f0000593000)={0x2, 0x0, @broadcast}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, 0x1c) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0), 0x366, 0x0, 0x0, 0x4e) 17:31:24 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f857140") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x39, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050000000000000004dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:24 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x69951d0000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:24 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xf, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:24 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x8847000000000000]}) 17:31:24 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) [ 842.558315] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 842.569540] IPv6: Can't replace route, no match found [ 842.606623] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 842.613572] CPU: 0 PID: 8497 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 842.623170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 842.632539] Call Trace: [ 842.635158] dump_stack+0x1c9/0x2b4 [ 842.638807] ? dump_stack_print_info.cold.2+0x52/0x52 [ 842.644019] ? trace_hardirqs_on+0xd/0x10 [ 842.648211] sysfs_warn_dup.cold.3+0x1c/0x2b 17:31:24 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f857140") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 842.652639] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 842.658058] sysfs_create_link+0x65/0xc0 [ 842.662146] device_add+0x5d0/0x17b0 [ 842.665874] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 842.670490] ? genl_family_rcv_msg+0x8a3/0x1140 [ 842.675179] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 842.680321] ? do_syscall_64+0x1b9/0x820 [ 842.684412] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 842.689637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.695217] wiphy_register+0x1a21/0x2740 [ 842.699388] ? wiphy_unregister+0x12c0/0x12c0 [ 842.703901] ? kasan_unpoison_shadow+0x35/0x50 [ 842.708499] ? kasan_kmalloc+0xc4/0xe0 [ 842.712402] ? __kmalloc+0x315/0x760 [ 842.716152] ? __lockdep_init_map+0x105/0x590 [ 842.720670] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.726226] ? ieee80211_cs_list_valid+0x7c/0x440 [ 842.731086] ? ieee80211_register_hw+0xc61/0x3890 [ 842.736070] ieee80211_register_hw+0x146b/0x3890 [ 842.740852] ? init_timer_on_stack_key+0x31/0xe0 [ 842.745626] ? ieee80211_free_ack_frame+0x60/0x60 [ 842.750502] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 842.755543] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 842.761700] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 842.767233] ? vsnprintf+0x20d/0x1b60 [ 842.771022] ? pointer+0x990/0x990 [ 842.774553] ? check_same_owner+0x340/0x340 [ 842.778876] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 842.783888] ? kvasprintf+0xea/0x140 [ 842.787589] ? bust_spinlocks+0xe0/0xe0 [ 842.791742] ? kasprintf+0xab/0xe0 [ 842.795265] ? kvasprintf_const+0x190/0x190 [ 842.799575] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 842.805112] hwsim_new_radio_nl+0x7c0/0xa80 [ 842.809440] ? nla_parse+0x32b/0x4e0 [ 842.813146] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 842.818326] ? __netlink_ns_capable+0x100/0x130 [ 842.822991] genl_family_rcv_msg+0x8a3/0x1140 [ 842.827484] ? genl_unregister_family+0x8b0/0x8b0 [ 842.832321] ? netlink_deliver_tap+0x32d/0xfb0 [ 842.836915] ? lock_downgrade+0x8f0/0x8f0 [ 842.841073] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 842.846136] ? lock_release+0xa30/0xa30 [ 842.850211] ? __netlink_lookup+0x5e1/0xab0 [ 842.854538] ? lock_acquire+0x1e4/0x540 [ 842.858519] ? genl_rcv+0x19/0x40 [ 842.861973] genl_rcv_msg+0xc6/0x168 [ 842.865695] netlink_rcv_skb+0x172/0x440 [ 842.869749] ? genl_family_rcv_msg+0x1140/0x1140 [ 842.874501] ? netlink_ack+0xbe0/0xbe0 [ 842.878398] genl_rcv+0x28/0x40 [ 842.881673] netlink_unicast+0x5a0/0x760 [ 842.885731] ? netlink_attachskb+0x9a0/0x9a0 [ 842.890133] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.895666] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 842.900673] netlink_sendmsg+0xa18/0xfc0 [ 842.904740] ? netlink_unicast+0x760/0x760 [ 842.908975] ? move_addr_to_kernel.part.20+0x100/0x100 [ 842.914241] ? security_socket_sendmsg+0x94/0xc0 [ 842.918994] ? netlink_unicast+0x760/0x760 [ 842.923318] sock_sendmsg+0xd5/0x120 [ 842.927027] ___sys_sendmsg+0x7fd/0x930 [ 842.930999] ? copy_msghdr_from_user+0x580/0x580 [ 842.935758] ? lock_acquire+0x1e4/0x540 [ 842.939742] ? __fd_install+0x2b2/0x880 [ 842.943719] ? lock_downgrade+0x8f0/0x8f0 [ 842.947859] ? select_collect+0x610/0x610 [ 842.952007] ? __fget_light+0x2f7/0x440 [ 842.955979] ? fget_raw+0x20/0x20 [ 842.959512] ? __fd_install+0x2db/0x880 [ 842.963474] ? get_unused_fd_flags+0x1a0/0x1a0 [ 842.968056] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 842.973591] ? sockfd_lookup_light+0xc5/0x160 [ 842.978082] __sys_sendmsg+0x11d/0x290 [ 842.981966] ? __ia32_sys_shutdown+0x80/0x80 [ 842.986366] ? __x64_sys_futex+0x47f/0x6a0 [ 842.990603] ? fd_install+0x4d/0x60 [ 842.994237] ? ksys_ioctl+0x81/0xd0 [ 842.997863] __x64_sys_sendmsg+0x78/0xb0 [ 843.001921] do_syscall_64+0x1b9/0x820 [ 843.005818] ? syscall_return_slowpath+0x5e0/0x5e0 [ 843.010749] ? syscall_return_slowpath+0x31d/0x5e0 [ 843.015760] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 843.020769] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 843.025605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 843.030783] RIP: 0033:0x456959 [ 843.033978] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 843.053023] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 843.060742] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 843.068001] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 843.075263] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 843.082522] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 843.089794] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:25 executing program 2: ioctl(0xffffffffffffffff, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) 17:31:25 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x18100000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:25 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xbe, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:25 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x88470000]}) 17:31:25 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000019000500f0000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:25 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x7ffffffc, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:25 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x68ad1a00}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163c4, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 843.231290] IPv6: Can't replace route, no match found 17:31:25 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:25 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x60000000]}) 17:31:25 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xa3, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:25 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005000000000000000adc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x5f, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 843.419841] IPv6: Can't replace route, no match found [ 843.435107] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 843.456526] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 843.463479] CPU: 1 PID: 8561 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 843.471997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 843.481368] Call Trace: [ 843.483982] dump_stack+0x1c9/0x2b4 [ 843.487640] ? dump_stack_print_info.cold.2+0x52/0x52 [ 843.492950] ? trace_hardirqs_on+0xd/0x10 [ 843.497228] sysfs_warn_dup.cold.3+0x1c/0x2b [ 843.501639] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 843.507010] sysfs_create_link+0x65/0xc0 [ 843.511080] device_add+0x5d0/0x17b0 [ 843.514799] ? hwsim_new_radio_nl+0x7c0/0xa80 17:31:25 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:25 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x500000000000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 843.519298] ? genl_family_rcv_msg+0x8a3/0x1140 [ 843.524068] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 843.529173] ? do_syscall_64+0x1b9/0x820 [ 843.533252] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 843.538462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.544016] wiphy_register+0x1a21/0x2740 [ 843.548186] ? wiphy_unregister+0x12c0/0x12c0 [ 843.552699] ? kasan_unpoison_shadow+0x35/0x50 [ 843.557290] ? kasan_kmalloc+0xc4/0xe0 [ 843.561206] ? __kmalloc+0x315/0x760 [ 843.564925] ? __lockdep_init_map+0x105/0x590 [ 843.569434] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.574985] ? ieee80211_cs_list_valid+0x7c/0x440 [ 843.579838] ? ieee80211_register_hw+0xc61/0x3890 [ 843.584692] ieee80211_register_hw+0x146b/0x3890 [ 843.589460] ? ieee80211_free_ack_frame+0x60/0x60 [ 843.594306] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 843.599335] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 843.605485] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 843.611024] ? vsnprintf+0x20d/0x1b60 [ 843.614816] ? pointer+0x990/0x990 [ 843.618362] ? check_same_owner+0x340/0x340 [ 843.622692] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 843.627702] ? kvasprintf+0xea/0x140 [ 843.631416] ? bust_spinlocks+0xe0/0xe0 [ 843.635399] ? kasprintf+0xab/0xe0 [ 843.638937] ? kvasprintf_const+0x190/0x190 [ 843.643263] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 843.648805] hwsim_new_radio_nl+0x7c0/0xa80 [ 843.653125] ? nla_parse+0x32b/0x4e0 [ 843.656849] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 843.662039] ? __netlink_ns_capable+0x100/0x130 [ 843.666703] genl_family_rcv_msg+0x8a3/0x1140 [ 843.671211] ? genl_unregister_family+0x8b0/0x8b0 [ 843.676040] ? netlink_deliver_tap+0x32d/0xfb0 [ 843.680612] ? lock_downgrade+0x8f0/0x8f0 [ 843.684749] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 843.689764] ? lock_release+0xa30/0xa30 [ 843.693735] ? __netlink_lookup+0x5e1/0xab0 [ 843.698056] ? lock_acquire+0x1e4/0x540 [ 843.702034] ? genl_rcv+0x19/0x40 [ 843.705475] genl_rcv_msg+0xc6/0x168 [ 843.709177] netlink_rcv_skb+0x172/0x440 [ 843.713234] ? genl_family_rcv_msg+0x1140/0x1140 [ 843.717984] ? netlink_ack+0xbe0/0xbe0 [ 843.721858] genl_rcv+0x28/0x40 [ 843.725132] netlink_unicast+0x5a0/0x760 [ 843.729201] ? netlink_attachskb+0x9a0/0x9a0 [ 843.733605] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 843.739137] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 843.744143] netlink_sendmsg+0xa18/0xfc0 [ 843.748188] ? netlink_unicast+0x760/0x760 [ 843.752436] ? move_addr_to_kernel.part.20+0x100/0x100 [ 843.757712] ? security_socket_sendmsg+0x94/0xc0 [ 843.762464] ? netlink_unicast+0x760/0x760 [ 843.766684] sock_sendmsg+0xd5/0x120 [ 843.770392] ___sys_sendmsg+0x7fd/0x930 [ 843.774365] ? copy_msghdr_from_user+0x580/0x580 [ 843.779108] ? __sched_text_start+0x8/0x8 [ 843.783244] ? __fget_light+0x2f7/0x440 [ 843.787209] ? fget_raw+0x20/0x20 [ 843.790665] ? __fd_install+0x2db/0x880 [ 843.794627] ? get_unused_fd_flags+0x1a0/0x1a0 [ 843.799216] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 843.804743] ? sockfd_lookup_light+0xc5/0x160 [ 843.809231] __sys_sendmsg+0x11d/0x290 [ 843.813106] ? __ia32_sys_shutdown+0x80/0x80 [ 843.817518] ? __x64_sys_futex+0x47f/0x6a0 [ 843.821756] ? fd_install+0x4d/0x60 [ 843.825382] ? syscall_slow_exit_work+0x500/0x500 [ 843.830223] ? ksys_ioctl+0x81/0xd0 [ 843.833854] __x64_sys_sendmsg+0x78/0xb0 [ 843.837920] do_syscall_64+0x1b9/0x820 [ 843.841818] ? syscall_return_slowpath+0x5e0/0x5e0 [ 843.846746] ? syscall_return_slowpath+0x31d/0x5e0 [ 843.851667] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 843.856682] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 843.861514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 843.866698] RIP: 0033:0x456959 [ 843.869880] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 843.888775] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 843.896491] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 843.903751] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 843.911016] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 843.918281] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 843.925539] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 843.947453] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 843.964896] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 843.971862] CPU: 1 PID: 8561 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 843.980267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 843.989616] Call Trace: [ 843.992217] dump_stack+0x1c9/0x2b4 [ 843.995856] ? dump_stack_print_info.cold.2+0x52/0x52 [ 844.001052] ? trace_hardirqs_on+0xd/0x10 [ 844.005211] sysfs_warn_dup.cold.3+0x1c/0x2b [ 844.009621] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 844.015003] sysfs_create_link+0x65/0xc0 [ 844.019091] device_add+0x5d0/0x17b0 [ 844.022826] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 844.027329] ? genl_family_rcv_msg+0x8a3/0x1140 [ 844.031996] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 844.037096] ? do_syscall_64+0x1b9/0x820 [ 844.041339] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 844.046536] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.052083] wiphy_register+0x1a21/0x2740 [ 844.056240] ? wiphy_unregister+0x12c0/0x12c0 [ 844.060734] ? kasan_unpoison_shadow+0x35/0x50 [ 844.065318] ? kasan_kmalloc+0xc4/0xe0 [ 844.069233] ? __kmalloc+0x315/0x760 17:31:25 executing program 2: ioctl(0xffffffffffffffff, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) 17:31:25 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:25 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x8000000]}) 17:31:25 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xb1, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:25 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050400000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:25 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x50000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 844.072959] ? __lockdep_init_map+0x105/0x590 [ 844.077476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.083118] ? ieee80211_cs_list_valid+0x7c/0x440 [ 844.087980] ? ieee80211_register_hw+0xc61/0x3890 [ 844.092844] ieee80211_register_hw+0x146b/0x3890 [ 844.097628] ? init_timer_on_stack_key+0x31/0xe0 [ 844.102435] ? ieee80211_free_ack_frame+0x60/0x60 [ 844.107313] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 844.112372] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 844.118543] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 844.124087] ? vsnprintf+0x20d/0x1b60 [ 844.127904] ? pointer+0x990/0x990 [ 844.131450] ? check_same_owner+0x340/0x340 [ 844.135790] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 844.140817] ? kvasprintf+0xea/0x140 [ 844.144552] ? bust_spinlocks+0xe0/0xe0 [ 844.148533] ? kasprintf+0xab/0xe0 [ 844.152078] ? kvasprintf_const+0x190/0x190 [ 844.156406] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 844.161963] hwsim_new_radio_nl+0x7c0/0xa80 [ 844.166290] ? nla_parse+0x32b/0x4e0 [ 844.170024] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 844.175248] ? __netlink_ns_capable+0x100/0x130 [ 844.179925] genl_family_rcv_msg+0x8a3/0x1140 [ 844.184428] ? genl_unregister_family+0x8b0/0x8b0 [ 844.189272] ? netlink_deliver_tap+0x32d/0xfb0 [ 844.193878] ? lock_downgrade+0x8f0/0x8f0 [ 844.198037] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 844.203095] ? lock_release+0xa30/0xa30 [ 844.207088] ? __netlink_lookup+0x5e1/0xab0 [ 844.211452] ? lock_acquire+0x1e4/0x540 [ 844.215429] ? genl_rcv+0x19/0x40 [ 844.218874] genl_rcv_msg+0xc6/0x168 [ 844.222586] netlink_rcv_skb+0x172/0x440 [ 844.226654] ? genl_family_rcv_msg+0x1140/0x1140 [ 844.231405] ? netlink_ack+0xbe0/0xbe0 [ 844.235301] genl_rcv+0x28/0x40 [ 844.238567] netlink_unicast+0x5a0/0x760 [ 844.242628] ? netlink_attachskb+0x9a0/0x9a0 [ 844.247034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.252560] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 844.257597] netlink_sendmsg+0xa18/0xfc0 [ 844.261659] ? netlink_unicast+0x760/0x760 [ 844.265894] ? move_addr_to_kernel.part.20+0x100/0x100 [ 844.271165] ? security_socket_sendmsg+0x94/0xc0 [ 844.275909] ? netlink_unicast+0x760/0x760 [ 844.280133] sock_sendmsg+0xd5/0x120 [ 844.284388] ___sys_sendmsg+0x7fd/0x930 [ 844.288351] ? copy_msghdr_from_user+0x580/0x580 [ 844.293103] ? lock_acquire+0x1e4/0x540 [ 844.297063] ? __fd_install+0x2b2/0x880 [ 844.301032] ? lock_downgrade+0x8f0/0x8f0 [ 844.305167] ? select_collect+0x610/0x610 [ 844.309303] ? __fget_light+0x2f7/0x440 [ 844.313262] ? fget_raw+0x20/0x20 [ 844.316706] ? __fd_install+0x2db/0x880 [ 844.320673] ? get_unused_fd_flags+0x1a0/0x1a0 [ 844.325247] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 844.330776] ? sockfd_lookup_light+0xc5/0x160 [ 844.335274] __sys_sendmsg+0x11d/0x290 [ 844.339175] ? __ia32_sys_shutdown+0x80/0x80 [ 844.343572] ? __x64_sys_futex+0x47f/0x6a0 [ 844.347895] ? fd_install+0x4d/0x60 [ 844.351513] ? syscall_slow_exit_work+0x500/0x500 [ 844.356340] ? ksys_ioctl+0x81/0xd0 [ 844.359956] __x64_sys_sendmsg+0x78/0xb0 [ 844.364040] do_syscall_64+0x1b9/0x820 [ 844.367943] ? syscall_return_slowpath+0x5e0/0x5e0 17:31:26 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) [ 844.372875] ? syscall_return_slowpath+0x31d/0x5e0 [ 844.377806] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 844.382834] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 844.387705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 844.392898] RIP: 0033:0x456959 [ 844.396099] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 844.415002] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:31:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163c5, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:26 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(0x0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 844.422722] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 844.430006] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 844.437390] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 844.444657] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 844.451923] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 17:31:26 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x8060000]}) 17:31:26 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x28, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:26 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005f0ffffff00000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:26 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x71}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:26 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x39, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163c6, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:26 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x608]}) 17:31:26 executing program 2: ioctl(0xffffffffffffffff, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)) 17:31:26 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005000000000000000bdc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:26 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(0x0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3c2, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:26 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xd9, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:26 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0xffffffd0}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 844.967207] IPv6: Can't replace route, no match found 17:31:27 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) syz_open_pts(r1, 0x0) 17:31:27 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xffffca88]}) 17:31:27 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(0x0, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:27 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x27, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x56, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:27 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050000000b00000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:27 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x60000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:27 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040), 0x0, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 845.323379] IPv6: Can't replace route, no match found 17:31:27 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x63}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3b5, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:27 executing program 2: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:27 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x30, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:27 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x300]}) 17:31:27 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c00060000001900050000000400000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xffff8801c8c6cab8, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:27 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040), 0x0, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) [ 845.845473] IPv6: Can't replace route, no match found 17:31:28 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) syz_open_pts(r1, 0x0) 17:31:28 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x61}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:28 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040), 0x0, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x385, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:28 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005f000000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:28 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x2100]}) 17:31:28 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xb9, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:28 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005000003b400000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:28 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080), 0x0, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:28 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x33, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 846.360494] IPv6: Can't replace route, no match found [ 846.424904] IPv6: Can't replace route, no match found 17:31:28 executing program 2: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:28 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x3b1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:28 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x18100000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:28 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x88a8ffff]}) 17:31:28 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080), 0x0, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:28 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xf2, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:29 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) syz_open_pts(r1, 0x0) 17:31:29 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005000000ff00000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0xa0, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:29 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x8848]}) 17:31:29 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x2f, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:29 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080), 0x0, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 17:31:29 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x3000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x4c, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:29 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0xfeffffff]}) [ 847.212193] IPv6: Can't replace route, no match found 17:31:29 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x0) 17:31:29 executing program 2: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:29 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0xb7, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:29 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x20000000}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:29 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005000a000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:29 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x0) 17:31:29 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x3a00]}) [ 847.606183] IPv6: Can't replace route, no match found 17:31:29 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, &(0x7f0000000040)) 17:31:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x6, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:29 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x4305]}) 17:31:29 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r1, &(0x7f0000000040)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000080)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x0) 17:31:29 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x3f00}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:29 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x3e0, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:29 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005002c000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:29 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x28, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:30 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x2d, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) [ 848.145971] IPv6: Can't replace route, no match found 17:31:30 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x10}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 17:31:30 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:30 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x600]}) 17:31:30 executing program 1: 17:31:30 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c0006000000190005fe80000000000000dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:30 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x63, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:30 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x73}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 848.465836] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 848.500965] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 848.507940] CPU: 0 PID: 8871 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 848.516417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.525780] Call Trace: [ 848.528389] dump_stack+0x1c9/0x2b4 [ 848.532039] ? dump_stack_print_info.cold.2+0x52/0x52 [ 848.537336] ? trace_hardirqs_on+0xd/0x10 [ 848.541508] sysfs_warn_dup.cold.3+0x1c/0x2b [ 848.545944] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 848.551329] sysfs_create_link+0x65/0xc0 [ 848.555411] device_add+0x5d0/0x17b0 [ 848.559140] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 848.563651] ? genl_family_rcv_msg+0x8a3/0x1140 [ 848.568335] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 848.573473] ? do_syscall_64+0x1b9/0x820 [ 848.577561] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 848.582778] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.588325] wiphy_register+0x1a21/0x2740 [ 848.592744] ? wiphy_unregister+0x12c0/0x12c0 [ 848.597243] ? kasan_unpoison_shadow+0x35/0x50 [ 848.601813] ? kasan_kmalloc+0xc4/0xe0 [ 848.605687] ? __kmalloc+0x315/0x760 [ 848.609395] ? __lockdep_init_map+0x105/0x590 [ 848.613893] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.619436] ? ieee80211_cs_list_valid+0x7c/0x440 [ 848.624890] ? ieee80211_register_hw+0xc61/0x3890 [ 848.629737] ieee80211_register_hw+0x146b/0x3890 [ 848.634490] ? init_timer_on_stack_key+0x31/0xe0 [ 848.639238] ? ieee80211_free_ack_frame+0x60/0x60 [ 848.644094] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 848.649305] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 848.655451] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 848.660987] ? vsnprintf+0x20d/0x1b60 [ 848.664781] ? pointer+0x990/0x990 [ 848.668317] ? check_same_owner+0x340/0x340 [ 848.672629] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 848.677654] ? kvasprintf+0xea/0x140 [ 848.681368] ? bust_spinlocks+0xe0/0xe0 [ 848.685343] ? kasprintf+0xab/0xe0 [ 848.688867] ? kvasprintf_const+0x190/0x190 [ 848.693177] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 848.698702] hwsim_new_radio_nl+0x7c0/0xa80 [ 848.703019] ? nla_parse+0x32b/0x4e0 [ 848.706746] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 848.711942] ? __netlink_ns_capable+0x100/0x130 [ 848.716687] genl_family_rcv_msg+0x8a3/0x1140 [ 848.721178] ? genl_unregister_family+0x8b0/0x8b0 [ 848.726015] ? netlink_deliver_tap+0x32d/0xfb0 [ 848.730588] ? lock_downgrade+0x8f0/0x8f0 [ 848.734733] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 848.739753] ? lock_release+0xa30/0xa30 [ 848.743737] ? __netlink_lookup+0x5e1/0xab0 [ 848.748053] ? lock_acquire+0x1e4/0x540 [ 848.752020] ? genl_rcv+0x19/0x40 [ 848.755478] genl_rcv_msg+0xc6/0x168 [ 848.759176] netlink_rcv_skb+0x172/0x440 [ 848.763223] ? genl_family_rcv_msg+0x1140/0x1140 [ 848.767966] ? netlink_ack+0xbe0/0xbe0 [ 848.771850] genl_rcv+0x28/0x40 [ 848.775109] netlink_unicast+0x5a0/0x760 [ 848.779156] ? netlink_attachskb+0x9a0/0x9a0 [ 848.783551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.789076] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 848.794077] netlink_sendmsg+0xa18/0xfc0 [ 848.798137] ? netlink_unicast+0x760/0x760 [ 848.802646] ? move_addr_to_kernel.part.20+0x100/0x100 [ 848.807923] ? security_socket_sendmsg+0x94/0xc0 [ 848.812675] ? netlink_unicast+0x760/0x760 [ 848.816997] sock_sendmsg+0xd5/0x120 [ 848.820697] ___sys_sendmsg+0x7fd/0x930 [ 848.824670] ? copy_msghdr_from_user+0x580/0x580 [ 848.829414] ? __sched_text_start+0x8/0x8 [ 848.833561] ? __fget_light+0x2f7/0x440 [ 848.837523] ? fget_raw+0x20/0x20 [ 848.840972] ? __fd_install+0x2db/0x880 [ 848.844953] ? get_unused_fd_flags+0x1a0/0x1a0 [ 848.849527] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 848.855053] ? sockfd_lookup_light+0xc5/0x160 [ 848.859535] __sys_sendmsg+0x11d/0x290 [ 848.863426] ? __ia32_sys_shutdown+0x80/0x80 [ 848.867827] ? __x64_sys_futex+0x47f/0x6a0 [ 848.872047] ? fd_install+0x4d/0x60 [ 848.875675] ? syscall_slow_exit_work+0x500/0x500 [ 848.880514] ? ksys_ioctl+0x81/0xd0 [ 848.884131] __x64_sys_sendmsg+0x78/0xb0 [ 848.888199] do_syscall_64+0x1b9/0x820 [ 848.892081] ? finish_task_switch+0x1d3/0x870 [ 848.896582] ? syscall_return_slowpath+0x5e0/0x5e0 [ 848.901500] ? syscall_return_slowpath+0x31d/0x5e0 [ 848.906505] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 848.911510] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 848.916346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 848.921521] RIP: 0033:0x456959 [ 848.924709] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 848.943617] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 848.951318] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 848.958685] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000013 [ 848.965947] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 848.973215] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 848.980473] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 848.994088] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'. [ 849.003664] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 849.010580] CPU: 0 PID: 8871 Comm: syz-executor0 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 849.018980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.028338] Call Trace: [ 849.030931] dump_stack+0x1c9/0x2b4 [ 849.034557] ? dump_stack_print_info.cold.2+0x52/0x52 [ 849.039771] ? trace_hardirqs_on+0xd/0x10 [ 849.043923] sysfs_warn_dup.cold.3+0x1c/0x2b [ 849.048323] sysfs_do_create_link_sd.isra.2+0x116/0x130 [ 849.053772] sysfs_create_link+0x65/0xc0 [ 849.057824] device_add+0x5d0/0x17b0 [ 849.061561] ? hwsim_new_radio_nl+0x7c0/0xa80 [ 849.066054] ? genl_family_rcv_msg+0x8a3/0x1140 [ 849.070730] ? get_device_parent.isra.27+0x5a0/0x5a0 [ 849.075846] ? do_syscall_64+0x1b9/0x820 [ 849.079919] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 849.085111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.090647] wiphy_register+0x1a21/0x2740 [ 849.094810] ? wiphy_unregister+0x12c0/0x12c0 [ 849.099308] ? kasan_unpoison_shadow+0x35/0x50 [ 849.103910] ? kasan_kmalloc+0xc4/0xe0 [ 849.107799] ? __kmalloc+0x315/0x760 [ 849.111515] ? __lockdep_init_map+0x105/0x590 [ 849.116009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.121625] ? ieee80211_cs_list_valid+0x7c/0x440 [ 849.126475] ? ieee80211_register_hw+0xc61/0x3890 [ 849.131318] ieee80211_register_hw+0x146b/0x3890 [ 849.136072] ? init_timer_on_stack_key+0x31/0xe0 [ 849.140825] ? ieee80211_free_ack_frame+0x60/0x60 [ 849.145678] mac80211_hwsim_new_radio+0x1e55/0x3490 [ 849.150691] ? __rhashtable_insert_fast.constprop.52+0xf60/0xf60 [ 849.156857] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 849.162392] ? vsnprintf+0x20d/0x1b60 17:31:31 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, &(0x7f0000000040)) 17:31:31 executing program 4: r0 = socket$inet6(0xa, 0x80806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x38, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:31 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x6488]}) 17:31:31 executing program 1: 17:31:31 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r1 = socket$inet6(0x10, 0x4000000000000002, 0x0) sendmsg(r1, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl, 0x80, &(0x7f0000000080)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2a4a280930a602c0fffa84302910000003900090035000c000600000019000500000000000003b4dc1338d54400009bcdc66ef75afb83de448daa7227c43ab8220000060cec4fab91cf", 0x55}], 0x1, &(0x7f0000001480)}, 0x0) 17:31:31 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x13, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x69}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x18}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) [ 849.166186] ? pointer+0x990/0x990 [ 849.169719] ? check_same_owner+0x340/0x340 [ 849.174058] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 849.179084] ? kvasprintf+0xea/0x140 [ 849.182803] ? bust_spinlocks+0xe0/0xe0 [ 849.186818] ? kasprintf+0xab/0xe0 [ 849.190365] ? kvasprintf_const+0x190/0x190 [ 849.194729] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 849.200279] hwsim_new_radio_nl+0x7c0/0xa80 [ 849.204616] ? nla_parse+0x32b/0x4e0 [ 849.208345] ? mac80211_hwsim_new_radio+0x3490/0x3490 [ 849.213548] ? __netlink_ns_capable+0x100/0x130 17:31:31 executing program 1: 17:31:31 executing program 1: [ 849.218410] genl_family_rcv_msg+0x8a3/0x1140 [ 849.222959] ? genl_unregister_family+0x8b0/0x8b0 [ 849.227825] ? netlink_deliver_tap+0x32d/0xfb0 [ 849.232426] ? lock_downgrade+0x8f0/0x8f0 [ 849.236587] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 849.241619] ? lock_release+0xa30/0xa30 [ 849.245603] ? __netlink_lookup+0x5e1/0xab0 [ 849.249942] ? lock_acquire+0x1e4/0x540 [ 849.253933] ? genl_rcv+0x19/0x40 [ 849.257408] genl_rcv_msg+0xc6/0x168 [ 849.261217] netlink_rcv_skb+0x172/0x440 17:31:31 executing program 1: [ 849.265292] ? genl_family_rcv_msg+0x1140/0x1140 [ 849.270501] ? netlink_ack+0xbe0/0xbe0 [ 849.274402] genl_rcv+0x28/0x40 [ 849.277688] netlink_unicast+0x5a0/0x760 [ 849.281785] ? netlink_attachskb+0x9a0/0x9a0 [ 849.286208] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.291759] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 849.296790] netlink_sendmsg+0xa18/0xfc0 [ 849.300884] ? netlink_unicast+0x760/0x760 [ 849.305140] ? move_addr_to_kernel.part.20+0x100/0x100 [ 849.310433] ? security_socket_sendmsg+0x94/0xc0 [ 849.315206] ? netlink_unicast+0x760/0x760 17:31:31 executing program 1: [ 849.319455] sock_sendmsg+0xd5/0x120 [ 849.323178] ___sys_sendmsg+0x7fd/0x930 [ 849.327164] ? copy_msghdr_from_user+0x580/0x580 [ 849.331937] ? lock_acquire+0x1e4/0x540 [ 849.335946] ? __fd_install+0x2b2/0x880 [ 849.339936] ? lock_downgrade+0x8f0/0x8f0 [ 849.344118] ? select_collect+0x610/0x610 [ 849.348276] ? __fget_light+0x2f7/0x440 [ 849.352255] ? fget_raw+0x20/0x20 [ 849.355712] ? __fd_install+0x2db/0x880 [ 849.359692] ? get_unused_fd_flags+0x1a0/0x1a0 [ 849.364989] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 849.370544] ? sockfd_lookup_light+0xc5/0x160 [ 849.375057] __sys_sendmsg+0x11d/0x290 [ 849.378948] ? __ia32_sys_shutdown+0x80/0x80 [ 849.383350] ? __x64_sys_futex+0x47f/0x6a0 [ 849.387585] ? fd_install+0x4d/0x60 [ 849.391210] ? syscall_slow_exit_work+0x500/0x500 [ 849.396049] ? ksys_ioctl+0x81/0xd0 [ 849.399671] __x64_sys_sendmsg+0x78/0xb0 [ 849.403732] do_syscall_64+0x1b9/0x820 [ 849.407675] ? finish_task_switch+0x1d3/0x870 [ 849.412288] ? syscall_return_slowpath+0x5e0/0x5e0 17:31:31 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x8c8b) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)) 17:31:31 executing program 1: 17:31:31 executing program 1: [ 849.417227] ? syscall_return_slowpath+0x31d/0x5e0 [ 849.422254] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 849.427279] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 849.432144] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 849.437340] RIP: 0033:0x456959 [ 849.440543] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 849.459446] RSP: 002b:00007fdec3076c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 17:31:31 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RUNLINKAT(r2, &(0x7f0000000040)={0x7}, 0x7) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) write$P9_RREADDIR(r2, &(0x7f0000000480)={0x2a, 0x29, 0x1, {0x0, [{{}, 0x0, 0x0, 0x7, './file0'}]}}, 0x2a) write$P9_RGETATTR(r2, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0) write$P9_RWALK(r2, &(0x7f0000000140)={0x23, 0x6f, 0x1, {0x2, [{}, {}]}}, 0x23) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000900)='9p\x00', 0x0, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_uid={'access'}}]}}) r3 = open$dir(&(0x7f0000000580)='./file0\x00', 0x200000, 0x0) symlinkat(&(0x7f0000000540)='./file0\x00', r3, &(0x7f00000005c0)='./file0\x00') [ 849.467170] RAX: ffffffffffffffda RBX: 00007fdec30776d4 RCX: 0000000000456959 [ 849.474451] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 849.481748] RBP: 000000000072be80 R08: 0000000000000000 R09: 0000000000000000 [ 849.489028] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 849.496304] R13: 00000000004d2fb8 R14: 00000000004c7c9c R15: 0000000000000000 [ 849.516736] IPv6: Can't replace route, no match found 17:31:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x20, 0x22, 0x163cb, 0x0, 0x0, {0x4}, [@nested={0x5, 0x11, [@typed={0x2f, 0x0, @fd}]}]}, 0x20}}, 0x0) 17:31:31 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000280)="6f33bc153035cab9764070") syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @dev, @local}}}}, &(0x7f0000000100)={0x0, 0x0, [0x88a8ffff00000000]}) [ 849.604658] ================================================================== [ 849.612098] BUG: KASAN: slab-out-of-bounds in pdu_read+0x90/0xd0 [ 849.618261] Read of size 65414 at addr ffff8801d887a2ed by task syz-executor1/8910 [ 849.625981] [ 849.627635] CPU: 0 PID: 8910 Comm: syz-executor1 Not tainted 4.18.0-rc6-next-20180724+ #17 [ 849.636042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.645401] Call Trace: [ 849.648008] dump_stack+0x1c9/0x2b4 [ 849.651652] ? dump_stack_print_inf