0305839, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x1, &(0x7f0000000040)=@raw=[@jmp={0x5, 0x0, 0x4, 0x5, 0x8, 0xffffffffffffffe0, 0x10}], &(0x7f0000000180)='GPL\x00', 0x6f92ad17, 0x66, &(0x7f00000001c0)=""/102, 0x41000, 0x4, [], 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x400004}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x7, 0x2}, 0x10, r5, r6}, 0x78) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x40042409, 0x1) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() [ 2846.724114][T26953] sysfs: cannot create duplicate filename '/class/ieee80211/!' 22:18:46 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010040000000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2846.778025][T26953] CPU: 0 PID: 26953 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2846.786721][T26953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2846.796759][T26953] Call Trace: [ 2846.800037][T26953] dump_stack+0x18f/0x20d [ 2846.804355][T26953] sysfs_warn_dup.cold+0x1c/0x2d [ 2846.809329][T26953] sysfs_do_create_link_sd+0x11e/0x140 [ 2846.814787][T26953] sysfs_create_link+0x5f/0xc0 [ 2846.819563][T26953] device_add+0x6ff/0x1b00 [ 2846.824001][T26953] ? device_check_offline+0x280/0x280 [ 2846.829381][T26953] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2846.835462][T26953] wiphy_register+0x1d5b/0x2840 [ 2846.840334][T26953] ? wiphy_unregister+0xc10/0xc10 [ 2846.845366][T26953] ? ieee80211_register_hw+0x18a4/0x3950 [ 2846.851038][T26953] ? check_memory_region+0x55/0x180 [ 2846.856239][T26953] ieee80211_register_hw+0x2291/0x3950 [ 2846.861724][T26953] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2846.867115][T26953] ? lock_downgrade+0x820/0x820 [ 2846.871978][T26953] ? lock_is_held_type+0xb0/0xe0 [ 2846.876959][T26953] ? memset+0x20/0x40 [ 2846.880993][T26953] ? __hrtimer_init+0x12c/0x260 [ 2846.885859][T26953] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2846.891605][T26953] ? hwsim_virtio_rx_work+0x350/0x350 [ 2846.897001][T26953] ? memcpy+0x39/0x60 [ 2846.901000][T26953] hwsim_new_radio_nl+0x93e/0xf8c [ 2846.906044][T26953] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2846.912036][T26953] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2846.917178][T26953] genl_rcv_msg+0x61d/0x980 [ 2846.921704][T26953] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2846.928663][T26953] ? lock_release+0x8d0/0x8d0 [ 2846.933350][T26953] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2846.938657][T26953] netlink_rcv_skb+0x15a/0x430 [ 2846.943438][T26953] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2846.950404][T26953] ? netlink_ack+0xa10/0xa10 [ 2846.955083][T26953] genl_rcv+0x24/0x40 [ 2846.959080][T26953] netlink_unicast+0x533/0x7d0 [ 2846.963865][T26953] ? netlink_attachskb+0x810/0x810 [ 2846.968983][T26953] ? _copy_from_iter_full+0x247/0x890 [ 2846.974362][T26953] ? __phys_addr+0x9a/0x110 22:18:46 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2846.978875][T26953] ? __phys_addr_symbol+0x2c/0x70 [ 2846.983913][T26953] ? __check_object_size+0x171/0x3e4 [ 2846.989230][T26953] netlink_sendmsg+0x856/0xd90 [ 2846.994016][T26953] ? netlink_unicast+0x7d0/0x7d0 [ 2846.998980][T26953] ? netlink_unicast+0x7d0/0x7d0 [ 2847.004030][T26953] sock_sendmsg+0xcf/0x120 [ 2847.008458][T26953] ____sys_sendmsg+0x6e8/0x810 [ 2847.013236][T26953] ? kernel_sendmsg+0x50/0x50 [ 2847.017922][T26953] ? do_recvmmsg+0x6d0/0x6d0 [ 2847.022536][T26953] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2847.028525][T26953] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2847.034520][T26953] ? debug_object_activate+0x287/0x3e0 [ 2847.039996][T26953] ___sys_sendmsg+0xf3/0x170 [ 2847.044600][T26953] ? sendmsg_copy_msghdr+0x160/0x160 [ 2847.049896][T26953] ? __fget_files+0x272/0x400 [ 2847.054595][T26953] ? lock_downgrade+0x820/0x820 [ 2847.059456][T26953] ? __might_fault+0x11f/0x1d0 [ 2847.064238][T26953] ? __fget_files+0x294/0x400 [ 2847.068930][T26953] ? __fget_light+0xea/0x280 [ 2847.073529][T26953] __sys_sendmsg+0xe5/0x1b0 [ 2847.078046][T26953] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2847.083099][T26953] ? do_syscall_64+0x1c/0xe0 [ 2847.087703][T26953] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2847.093696][T26953] do_syscall_64+0x60/0xe0 [ 2847.098131][T26953] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2847.104031][T26953] RIP: 0033:0x45c369 [ 2847.107927][T26953] Code: Bad RIP value. [ 2847.111996][T26953] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2847.120411][T26953] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2847.128389][T26953] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2847.136369][T26953] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2847.144348][T26953] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2847.152328][T26953] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2847.230367][T26966] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:46 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:46 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906006800000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:46 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/189, &(0x7f0000000100)="c1ce9984f3dd68b778a372f72456c52161cca42e6fbb2451fc1cf94ac178fdb811d92e73be9600151b9013f48db443839c5d10f1c2425ff9f3ce84cdc4e2e6", &(0x7f00000002c0)="9bc6135850e8a6b91626c07f5ffa48932d30994b5581d4b27893ced131aad2cacc0069498f30efc95db74478886672061bf3c57574ca2d4dc77448d7c39e47d66d40471d172ed45ab3eaf26ee83430933fe94cabd0ac6906e04f130e0745fb6972cc", 0x0, 0xffffffffffffffff, 0x4}, 0x38) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:46 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x102}) close(r0) r1 = socket$kcm(0x2b, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r2, 0x0, 0x0) recvmsg$kcm(r1, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r3, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r4, r2}, 0x78) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000000)=r3) r5 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:46 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000300000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:46 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1400000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:47 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2847.445812][T26989] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2847.479908][T26991] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2847.540280][T26991] CPU: 0 PID: 26991 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2847.548999][T26991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2847.559054][T26991] Call Trace: [ 2847.562361][T26991] dump_stack+0x18f/0x20d [ 2847.566712][T26991] sysfs_warn_dup.cold+0x1c/0x2d [ 2847.571666][T26991] sysfs_do_create_link_sd+0x11e/0x140 [ 2847.577145][T26991] sysfs_create_link+0x5f/0xc0 [ 2847.581925][T26991] device_add+0x6ff/0x1b00 [ 2847.586362][T26991] ? device_check_offline+0x280/0x280 [ 2847.591749][T26991] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2847.597757][T26991] wiphy_register+0x1d5b/0x2840 [ 2847.602634][T26991] ? wiphy_unregister+0xc10/0xc10 [ 2847.607671][T26991] ? default_device_exit_batch+0x3d0/0x3d0 [ 2847.613498][T26991] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2847.619588][T26991] ieee80211_register_hw+0x2291/0x3950 [ 2847.625082][T26991] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2847.630478][T26991] ? lock_downgrade+0x820/0x820 [ 2847.635349][T26991] ? lock_is_held_type+0xb0/0xe0 [ 2847.640307][T26991] ? memset+0x20/0x40 [ 2847.644333][T26991] ? __hrtimer_init+0x12c/0x260 [ 2847.649196][T26991] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2847.654941][T26991] ? hwsim_virtio_rx_work+0x350/0x350 [ 2847.660341][T26991] ? memcpy+0x39/0x60 [ 2847.664345][T26991] hwsim_new_radio_nl+0x93e/0xf8c [ 2847.669391][T26991] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2847.675332][T26991] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2847.682286][T26991] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2847.689156][T26991] genl_rcv_msg+0x61d/0x980 [ 2847.693690][T26991] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2847.700644][T26991] ? lock_release+0x8d0/0x8d0 [ 2847.705327][T26991] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2847.710626][T26991] netlink_rcv_skb+0x15a/0x430 [ 2847.715420][T26991] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2847.722381][T26991] ? netlink_ack+0xa10/0xa10 [ 2847.727003][T26991] genl_rcv+0x24/0x40 [ 2847.731003][T26991] netlink_unicast+0x533/0x7d0 [ 2847.735843][T26991] ? netlink_attachskb+0x810/0x810 [ 2847.740964][T26991] ? _copy_from_iter_full+0x247/0x890 [ 2847.746349][T26991] ? __phys_addr+0x9a/0x110 [ 2847.750863][T26991] ? __phys_addr_symbol+0x2c/0x70 [ 2847.755899][T26991] ? __check_object_size+0x171/0x3e4 [ 2847.761217][T26991] netlink_sendmsg+0x856/0xd90 [ 2847.766001][T26991] ? netlink_unicast+0x7d0/0x7d0 [ 2847.770967][T26991] ? netlink_unicast+0x7d0/0x7d0 [ 2847.775918][T26991] sock_sendmsg+0xcf/0x120 [ 2847.780351][T26991] ____sys_sendmsg+0x6e8/0x810 [ 2847.785133][T26991] ? kernel_sendmsg+0x50/0x50 [ 2847.789822][T26991] ? do_recvmmsg+0x6d0/0x6d0 [ 2847.794454][T26991] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2847.800449][T26991] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2847.806440][T26991] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2847.811570][T26991] ___sys_sendmsg+0xf3/0x170 [ 2847.816172][T26991] ? sendmsg_copy_msghdr+0x160/0x160 [ 2847.821465][T26991] ? __fget_files+0x272/0x400 [ 2847.826154][T26991] ? lock_downgrade+0x820/0x820 [ 2847.831017][T26991] ? find_held_lock+0x2d/0x110 [ 2847.835803][T26991] ? __might_fault+0x11f/0x1d0 [ 2847.840589][T26991] ? __fget_files+0x294/0x400 [ 2847.845286][T26991] ? __fget_light+0xea/0x280 [ 2847.849897][T26991] __sys_sendmsg+0xe5/0x1b0 [ 2847.854474][T26991] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2847.859505][T26991] ? kcov_ioctl+0x192/0x640 [ 2847.864027][T26991] ? do_syscall_64+0x1c/0xe0 [ 2847.868643][T26991] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2847.874632][T26991] do_syscall_64+0x60/0xe0 [ 2847.879054][T26991] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2847.884947][T26991] RIP: 0033:0x45c369 22:18:47 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000500000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:47 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000400000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2847.888838][T26991] Code: Bad RIP value. [ 2847.892906][T26991] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2847.901324][T26991] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2847.909303][T26991] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2847.917284][T26991] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2847.925286][T26991] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2847.933266][T26991] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac 22:18:47 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2848.021733][T27011] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:47 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/189, &(0x7f0000000100)="c1ce9984f3dd68b778a372f72456c52161cca42e6fbb2451fc1cf94ac178fdb811d92e73be9600151b9013f48db443839c5d10f1c2425ff9f3ce84cdc4e2e6", &(0x7f00000002c0)="9bc6135850e8a6b91626c07f5ffa48932d30994b5581d4b27893ced131aad2cacc0069498f30efc95db74478886672061bf3c57574ca2d4dc77448d7c39e47d66d40471d172ed45ab3eaf26ee83430933fe94cabd0ac6906e04f130e0745fb6972cc", 0x0, 0xffffffffffffffff, 0x4}, 0x38) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:47 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1500000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2848.082454][T27014] validate_nla: 10 callbacks suppressed [ 2848.082463][T27014] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:18:47 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000600000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2848.136729][T27014] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:18:47 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000600000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:47 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2848.196137][T26997] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 2848.279060][T27021] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2848.297277][T27021] CPU: 1 PID: 27021 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2848.305985][T27021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2848.316132][T27021] Call Trace: [ 2848.319443][T27021] dump_stack+0x18f/0x20d [ 2848.323932][T27021] sysfs_warn_dup.cold+0x1c/0x2d [ 2848.328884][T27021] sysfs_do_create_link_sd+0x11e/0x140 [ 2848.334380][T27021] sysfs_create_link+0x5f/0xc0 [ 2848.339161][T27021] device_add+0x6ff/0x1b00 [ 2848.343606][T27021] ? device_check_offline+0x280/0x280 [ 2848.348994][T27021] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2848.354997][T27021] wiphy_register+0x1d5b/0x2840 [ 2848.359879][T27021] ? wiphy_unregister+0xc10/0xc10 [ 2848.364929][T27021] ? default_device_exit_batch+0x3d0/0x3d0 [ 2848.370778][T27021] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2848.376895][T27021] ieee80211_register_hw+0x2291/0x3950 [ 2848.382394][T27021] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2848.387793][T27021] ? lock_downgrade+0x820/0x820 [ 2848.392664][T27021] ? lock_is_held_type+0xb0/0xe0 [ 2848.397620][T27021] ? memset+0x20/0x40 [ 2848.401623][T27021] ? __hrtimer_init+0x12c/0x260 [ 2848.406499][T27021] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2848.412267][T27021] ? hwsim_virtio_rx_work+0x350/0x350 [ 2848.417664][T27021] ? memcpy+0x39/0x60 [ 2848.421672][T27021] hwsim_new_radio_nl+0x93e/0xf8c [ 2848.426718][T27021] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2848.432637][T27021] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2848.439603][T27021] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2848.446479][T27021] genl_rcv_msg+0x61d/0x980 [ 2848.451018][T27021] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2848.458005][T27021] ? lock_release+0x8d0/0x8d0 [ 2848.462718][T27021] ? sched_clock+0x2a/0x40 [ 2848.467150][T27021] ? sched_clock_cpu+0x18/0x1b0 [ 2848.472017][T27021] ? sched_clock_cpu+0x18/0x1b0 [ 2848.476896][T27021] netlink_rcv_skb+0x15a/0x430 [ 2848.481679][T27021] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2848.488640][T27021] ? netlink_ack+0xa10/0xa10 [ 2848.493340][T27021] genl_rcv+0x24/0x40 [ 2848.497338][T27021] netlink_unicast+0x533/0x7d0 [ 2848.502127][T27021] ? netlink_attachskb+0x810/0x810 [ 2848.507338][T27021] ? _copy_from_iter_full+0x247/0x890 [ 2848.512727][T27021] ? __phys_addr+0x9a/0x110 [ 2848.517257][T27021] ? __phys_addr_symbol+0x2c/0x70 [ 2848.522300][T27021] ? __check_object_size+0x171/0x3e4 [ 2848.527610][T27021] netlink_sendmsg+0x856/0xd90 [ 2848.532421][T27021] ? netlink_unicast+0x7d0/0x7d0 [ 2848.537385][T27021] ? netlink_unicast+0x7d0/0x7d0 [ 2848.542336][T27021] sock_sendmsg+0xcf/0x120 [ 2848.546765][T27021] ____sys_sendmsg+0x6e8/0x810 [ 2848.551542][T27021] ? kernel_sendmsg+0x50/0x50 [ 2848.556241][T27021] ? do_recvmmsg+0x6d0/0x6d0 [ 2848.560848][T27021] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2848.566853][T27021] ___sys_sendmsg+0xf3/0x170 [ 2848.571471][T27021] ? sendmsg_copy_msghdr+0x160/0x160 [ 2848.576787][T27021] ? __fget_files+0x272/0x400 [ 2848.581501][T27021] ? lock_downgrade+0x820/0x820 [ 2848.586392][T27021] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2848.592561][T27021] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2848.598565][T27021] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2848.603695][T27021] ? __fget_files+0x294/0x400 [ 2848.608394][T27021] ? __fget_light+0xea/0x280 [ 2848.613003][T27021] __sys_sendmsg+0xe5/0x1b0 [ 2848.617526][T27021] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2848.622595][T27021] ? do_syscall_64+0x1c/0xe0 [ 2848.627200][T27021] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2848.633203][T27021] do_syscall_64+0x60/0xe0 [ 2848.637669][T27021] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2848.643571][T27021] RIP: 0033:0x45c369 [ 2848.647481][T27021] Code: Bad RIP value. [ 2848.651580][T27021] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2848.660001][T27021] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2848.667984][T27021] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2848.675992][T27021] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2848.683965][T27021] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2848.691944][T27021] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2848.754300][T27032] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2848.789498][T27035] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2848.821226][T27035] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2848.888192][T27026] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.1'. 22:18:48 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r0}) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$kcm(0x2b, 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r4, 0x0, 0x0) recvmsg$kcm(r3, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r5, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r7, r4}, 0x78) r8 = openat$cgroup_ro(r6, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r8, &(0x7f0000000200)=0xfeffffff00000000, 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(r8, 0x40305839, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x1, &(0x7f0000000040)=@raw=[@jmp={0x5, 0x0, 0x4, 0x5, 0x8, 0xffffffffffffffe0, 0x10}], &(0x7f0000000180)='GPL\x00', 0x6f92ad17, 0x66, &(0x7f00000001c0)=""/102, 0x41000, 0x4, [], 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x400004}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x7, 0x2}, 0x10, r7, r8}, 0x78) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r2, r8}) 22:18:48 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000900000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:48 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:48 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/189, &(0x7f0000000100)="c1ce9984f3dd68b778a372f72456c52161cca42e6fbb2451fc1cf94ac178fdb811d92e73be9600151b9013f48db443839c5d10f1c2425ff9f3ce84cdc4e2e6", &(0x7f00000002c0)="9bc6135850e8a6b91626c07f5ffa48932d30994b5581d4b27893ced131aad2cacc0069498f30efc95db74478886672061bf3c57574ca2d4dc77448d7c39e47d66d40471d172ed45ab3eaf26ee83430933fe94cabd0ac6906e04f130e0745fb6972cc", 0x0, 0xffffffffffffffff, 0x4}, 0x38) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:48 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000700000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2849.015801][T27036] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2849.034556][T27051] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:48 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:48 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906006800000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2849.144497][T27061] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2849.153989][T27063] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 2849.202629][T27061] CPU: 0 PID: 27061 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2849.211448][T27061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2849.221513][T27061] Call Trace: [ 2849.224818][T27061] dump_stack+0x18f/0x20d [ 2849.229177][T27061] sysfs_warn_dup.cold+0x1c/0x2d [ 2849.234129][T27061] sysfs_do_create_link_sd+0x11e/0x140 [ 2849.239601][T27061] sysfs_create_link+0x5f/0xc0 [ 2849.244375][T27061] device_add+0x6ff/0x1b00 [ 2849.248808][T27061] ? device_check_offline+0x280/0x280 [ 2849.254196][T27061] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2849.260200][T27061] wiphy_register+0x1d5b/0x2840 [ 2849.265077][T27061] ? wiphy_unregister+0xc10/0xc10 [ 2849.270122][T27061] ? default_device_exit_batch+0x3d0/0x3d0 [ 2849.275966][T27061] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2849.282056][T27061] ieee80211_register_hw+0x2291/0x3950 [ 2849.287546][T27061] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2849.292938][T27061] ? lock_downgrade+0x820/0x820 [ 2849.297802][T27061] ? lock_is_held_type+0xb0/0xe0 [ 2849.302750][T27061] ? memset+0x20/0x40 [ 2849.306742][T27061] ? __hrtimer_init+0x12c/0x260 [ 2849.311611][T27061] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2849.317361][T27061] ? hwsim_virtio_rx_work+0x350/0x350 [ 2849.322756][T27061] ? memcpy+0x39/0x60 [ 2849.326759][T27061] hwsim_new_radio_nl+0x93e/0xf8c [ 2849.331808][T27061] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2849.337729][T27061] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2849.344684][T27061] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2849.351555][T27061] genl_rcv_msg+0x61d/0x980 [ 2849.356084][T27061] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2849.363060][T27061] ? lock_release+0x8d0/0x8d0 [ 2849.367755][T27061] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2849.373051][T27061] netlink_rcv_skb+0x15a/0x430 [ 2849.377839][T27061] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2849.384789][T27061] ? netlink_ack+0xa10/0xa10 [ 2849.389410][T27061] genl_rcv+0x24/0x40 [ 2849.393411][T27061] netlink_unicast+0x533/0x7d0 [ 2849.398196][T27061] ? netlink_attachskb+0x810/0x810 [ 2849.403324][T27061] ? _copy_from_iter_full+0x247/0x890 [ 2849.408711][T27061] ? __phys_addr+0x9a/0x110 [ 2849.413226][T27061] ? __phys_addr_symbol+0x2c/0x70 [ 2849.418260][T27061] ? __check_object_size+0x171/0x3e4 [ 2849.423560][T27061] netlink_sendmsg+0x856/0xd90 [ 2849.428341][T27061] ? netlink_unicast+0x7d0/0x7d0 [ 2849.433304][T27061] ? netlink_unicast+0x7d0/0x7d0 [ 2849.438258][T27061] sock_sendmsg+0xcf/0x120 [ 2849.442687][T27061] ____sys_sendmsg+0x6e8/0x810 [ 2849.447469][T27061] ? kernel_sendmsg+0x50/0x50 [ 2849.452156][T27061] ? do_recvmmsg+0x6d0/0x6d0 [ 2849.456768][T27061] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2849.462766][T27061] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2849.468846][T27061] ? __lock_acquire+0xc1e/0x56e0 [ 2849.473801][T27061] ___sys_sendmsg+0xf3/0x170 [ 2849.478409][T27061] ? sendmsg_copy_msghdr+0x160/0x160 [ 2849.483709][T27061] ? __fget_files+0x272/0x400 [ 2849.488401][T27061] ? lock_downgrade+0x820/0x820 [ 2849.493332][T27061] ? find_held_lock+0x2d/0x110 [ 2849.498108][T27061] ? __might_fault+0x11f/0x1d0 22:18:49 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1600000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2849.502898][T27061] ? __fget_files+0x294/0x400 [ 2849.507602][T27061] ? __fget_light+0xea/0x280 [ 2849.512212][T27061] __sys_sendmsg+0xe5/0x1b0 [ 2849.516752][T27061] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2849.521801][T27061] ? __x64_sys_futex+0x382/0x4e0 [ 2849.526757][T27061] ? do_syscall_64+0x1c/0xe0 [ 2849.531356][T27061] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2849.537351][T27061] do_syscall_64+0x60/0xe0 [ 2849.541788][T27061] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2849.547717][T27061] RIP: 0033:0x45c369 [ 2849.551609][T27061] Code: Bad RIP value. [ 2849.555677][T27061] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2849.564095][T27061] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2849.572071][T27061] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2849.580048][T27061] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2849.588107][T27061] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2849.596077][T27061] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2849.809856][T27064] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2849.844260][T27064] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2849.847041][T27084] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2849.868756][T27078] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:49 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:49 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/189, &(0x7f0000000100)="c1ce9984f3dd68b778a372f72456c52161cca42e6fbb2451fc1cf94ac178fdb811d92e73be9600151b9013f48db443839c5d10f1c2425ff9f3ce84cdc4e2e6", &(0x7f00000002c0)="9bc6135850e8a6b91626c07f5ffa48932d30994b5581d4b27893ced131aad2cacc0069498f30efc95db74478886672061bf3c57574ca2d4dc77448d7c39e47d66d40471d172ed45ab3eaf26ee83430933fe94cabd0ac6906e04f130e0745fb6972cc", 0x0, 0xffffffffffffffff, 0x4}, 0x38) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:49 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000900000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:49 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8020}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r1, 0x0, 0x0) recvmsg$kcm(r0, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r2, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r3, r1}, 0x78) openat$cgroup_type(r1, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0) r4 = socket$kcm(0x2b, 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r5, 0x0, 0x0) recvmsg$kcm(r4, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r6, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r7, r5}, 0x78) openat$cgroup_ro(r5, &(0x7f0000000040)='memory.stat\x00', 0x0, 0x0) r8 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r8, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:49 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000502000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2850.075470][T27104] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2850.102093][T27104] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:18:49 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:49 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1700000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2850.119119][T27107] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:49 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2850.172200][T27108] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2850.180017][T27108] CPU: 0 PID: 27108 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2850.188726][T27108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2850.198785][T27108] Call Trace: [ 2850.202087][T27108] dump_stack+0x18f/0x20d [ 2850.206429][T27108] sysfs_warn_dup.cold+0x1c/0x2d [ 2850.211392][T27108] sysfs_do_create_link_sd+0x11e/0x140 [ 2850.216867][T27108] sysfs_create_link+0x5f/0xc0 22:18:49 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000503000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2850.221647][T27108] device_add+0x6ff/0x1b00 [ 2850.226083][T27108] ? device_check_offline+0x280/0x280 [ 2850.231472][T27108] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2850.237476][T27108] wiphy_register+0x1d5b/0x2840 [ 2850.242480][T27108] ? wiphy_unregister+0xc10/0xc10 [ 2850.247526][T27108] ? default_device_exit_batch+0x3d0/0x3d0 [ 2850.253353][T27108] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2850.259438][T27108] ieee80211_register_hw+0x2291/0x3950 [ 2850.264939][T27108] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2850.270335][T27108] ? lock_downgrade+0x820/0x820 [ 2850.275211][T27108] ? lock_is_held_type+0xb0/0xe0 [ 2850.280160][T27108] ? memset+0x20/0x40 [ 2850.284154][T27108] ? __hrtimer_init+0x12c/0x260 [ 2850.289023][T27108] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2850.294772][T27108] ? hwsim_virtio_rx_work+0x350/0x350 [ 2850.300155][T27108] ? memcpy+0x39/0x60 [ 2850.304154][T27108] hwsim_new_radio_nl+0x93e/0xf8c [ 2850.309201][T27108] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2850.315120][T27108] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2850.322096][T27108] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2850.328971][T27108] genl_rcv_msg+0x61d/0x980 [ 2850.333499][T27108] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2850.340459][T27108] ? lock_release+0x8d0/0x8d0 [ 2850.345149][T27108] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2850.350454][T27108] netlink_rcv_skb+0x15a/0x430 [ 2850.355250][T27108] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2850.362202][T27108] ? netlink_ack+0xa10/0xa10 [ 2850.366830][T27108] genl_rcv+0x24/0x40 [ 2850.370836][T27108] netlink_unicast+0x533/0x7d0 [ 2850.375621][T27108] ? netlink_attachskb+0x810/0x810 [ 2850.380743][T27108] ? _copy_from_iter_full+0x247/0x890 [ 2850.386128][T27108] ? __phys_addr+0x9a/0x110 [ 2850.390657][T27108] ? __phys_addr_symbol+0x2c/0x70 [ 2850.395697][T27108] ? __check_object_size+0x171/0x3e4 [ 2850.401002][T27108] netlink_sendmsg+0x856/0xd90 [ 2850.405792][T27108] ? netlink_unicast+0x7d0/0x7d0 [ 2850.410751][T27108] ? netlink_unicast+0x7d0/0x7d0 [ 2850.415702][T27108] sock_sendmsg+0xcf/0x120 [ 2850.420136][T27108] ____sys_sendmsg+0x6e8/0x810 [ 2850.424913][T27108] ? kernel_sendmsg+0x50/0x50 [ 2850.429599][T27108] ? do_recvmmsg+0x6d0/0x6d0 [ 2850.434205][T27108] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2850.440199][T27108] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2850.446178][T27108] ? __lock_acquire+0xc1e/0x56e0 [ 2850.451114][T27108] ___sys_sendmsg+0xf3/0x170 [ 2850.455730][T27108] ? sendmsg_copy_msghdr+0x160/0x160 [ 2850.461003][T27108] ? __fget_files+0x272/0x400 [ 2850.465680][T27108] ? lock_downgrade+0x820/0x820 [ 2850.470535][T27108] ? find_held_lock+0x2d/0x110 [ 2850.475307][T27108] ? __might_fault+0x11f/0x1d0 [ 2850.480089][T27108] ? __fget_files+0x294/0x400 [ 2850.484781][T27108] ? __fget_light+0xea/0x280 [ 2850.489389][T27108] __sys_sendmsg+0xe5/0x1b0 [ 2850.493928][T27108] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2850.498962][T27108] ? __x64_sys_futex+0x382/0x4e0 [ 2850.503917][T27108] ? do_syscall_64+0x1c/0xe0 [ 2850.508512][T27108] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2850.514501][T27108] do_syscall_64+0x60/0xe0 [ 2850.518927][T27108] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2850.524828][T27108] RIP: 0033:0x45c369 [ 2850.528720][T27108] Code: Bad RIP value. [ 2850.532790][T27108] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2850.541218][T27108] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2850.549193][T27108] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2850.557170][T27108] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2850.565149][T27108] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2850.573128][T27108] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2850.597480][T27118] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:50 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2850.637017][T27113] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'. 22:18:50 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000504000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:50 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000b00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:50 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/189, &(0x7f0000000100)="c1ce9984f3dd68b778a372f72456c52161cca42e6fbb2451fc1cf94ac178fdb811d92e73be9600151b9013f48db443839c5d10f1c2425ff9f3ce84cdc4e2e6", &(0x7f00000002c0)="9bc6135850e8a6b91626c07f5ffa48932d30994b5581d4b27893ced131aad2cacc0069498f30efc95db74478886672061bf3c57574ca2d4dc77448d7c39e47d66d40471d172ed45ab3eaf26ee83430933fe94cabd0ac6906e04f130e0745fb6972cc", 0x0, 0xffffffffffffffff, 0x4}, 0x38) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 22:18:50 executing program 3: r0 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) perf_event_open(&(0x7f0000000140)={0x5, 0x70, 0x8, 0x8, 0xff, 0x40, 0x0, 0xffffffff80000001, 0x8a22, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000000), 0x5}, 0x0, 0x1ff, 0x0, 0x4, 0x0, 0x5, 0x7ff}, r0, 0xc, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:50 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:50 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/189, &(0x7f0000000100)="c1ce9984f3dd68b778a372f72456c52161cca42e6fbb2451fc1cf94ac178fdb811d92e73be9600151b9013f48db443839c5d10f1c2425ff9f3ce84cdc4e2e6", &(0x7f00000002c0)="9bc6135850e8a6b91626c07f5ffa48932d30994b5581d4b27893ced131aad2cacc0069498f30efc95db74478886672061bf3c57574ca2d4dc77448d7c39e47d66d40471d172ed45ab3eaf26ee83430933fe94cabd0ac6906e04f130e0745fb6972cc", 0x0, 0xffffffffffffffff, 0x4}, 0x38) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 22:18:50 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000505000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:50 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1800000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:50 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x203, 0x41140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open$cgroup(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5, 0x13002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000600)=ANY=[@ANYBLOB="b7020000e6000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7499cde2bbaf4b06d3585a09a87507ebf4e43bc56000000070ac4b1e228bd52878f6e78498f3cb87a2c91c20385bbf1515761bba957bc21125e6373a532642d2510456bf4eb3429a6ab4330f223103065df7d65eca489c3f9f76a723652c2ce0d902ec38d2ead98240e1946a47c5cc4a8f31157"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0x69, 0x20000000, &(0x7f00000004c0)="b95b03b700030000009e40f086dd1fff060000000000000177fbac141412e0000001c699da153f08e0e6e380f60108f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0xfd, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c250021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2add19b18ed8a25312a2e2c49e8020a69644a2f57ba32e8cf1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546020677b0c5077da80fb982c1eea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef809606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec28b48b45ef413f634be763289d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468972089b302d7bf6023cdcedb5e0125ebbcebdde510cb2364141215106bf04f658333719acd97cfa107d40224edc5465a932b77e74e80220d42bc6099ad2300000080006ef6c1ff0900000000000000c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a99630200a04d5bb924cfe5f3185418d60532af9c4d2ec7c3272095e63c80aff9fa740b5b7632f32030910800000000000000a2a790d62c6faec2fed44da4928b3014ab2f70344e16cb9a6298060d6b2ba11de6c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c0200000000000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46493ba585a4b2d02edc3e28dd271c896249ed85b980680b6c294c8320002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad897ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2633398631c7771429d120000003341bf4a00fcffffffffffffffe09fec2271fe01589646efd1cf870cd7bb2366fde4a59429738fcc917a57f94f6c453cea793cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d5bc8955778567bc79e13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c366e3a06fb99e0aa7f23a054b0060477e005cbf6b1844ade2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3e90e5c708ce65cd6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9aa3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191ebd7d439205991dcfa2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2d466483c17a65fc85fa3bce109b60000000000000000009cee560cb4c23d3a8d6550058dfaf622502aae9482aaacd503d876327283dde4368cc987a0ad0aa37f32544c74d06fa13a23268c022d39f1b7bf90b258daa4714f11b9349a1bfe16660000000000000000d8263c92777303c86adc75ad2339d9cf6fc9683148432fb25e7922da48e61bba99087bfc9455131cd79f63402d3b89c4140815713e904a4608c682"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x0, 0x2e, 0x0, &(0x7f0000000040)="e1865d0d", 0x0, 0xac1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000540)='#.\'G\xe7/\x00\xb5\xf3\x8f\xfd\xb9\x98\x80\xcd\xf7\xf1J\xad\xf8N\xaa>\x82\xaf\xf6\x8f\xd3\x00\x19U5\xb8\xc0\xa5r\bf\x9f\xf6\xe7\x038\x12]M\xa1PE\x157\xce\x9a\xb2\xe9\x1a\xe1\xfe\x83n\x9d:\xda\xcc\x12/u17<\x12\xa3:\v\x1d\xdbd\xa8\xbc_\xf4dJ\x88\x05\"\x98\xe5U\xfc^D\x98\xb6\x98co=\x92gB@J*IK\xb4\xfe\xa2\xa3\x98\xd9(\ne\xad\xff\xa5\xd8,\xca\x122\x96\x05\xaf\x848n\x03\x87\x9f\xba\xc4/Ap:Q$\xb9\xf0\xc9\x8f\x9a\x91J\xc3\xc1\xb6db;\x93\x8cGQ\xc7O\xb8\xb0\x9e\xe3\xca\tI\xf4AiAA\xb9\xf9\xd6#\xab\xa7p\xb7O\xfc|\x9f\xb0\t\xf1\x8e\xaf\x84\x14#]\xb9\xf1Bw\x1d\xf3\x1a|\xe9;\xc8J\xdf\x05\xab\xb9l\x88xa\x1f!&\xe0(\x10\xe9Y\x05U\x80\x9b\xf2;\xbfe\'G\x98\x98J\xbaG\xaf') ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000740)='cgroup.subtree_control\x00', 0x2, 0x0) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, 0x0) 22:18:50 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000506000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:50 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000c00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:50 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:50 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/189, &(0x7f0000000100)="c1ce9984f3dd68b778a372f72456c52161cca42e6fbb2451fc1cf94ac178fdb811d92e73be9600151b9013f48db443839c5d10f1c2425ff9f3ce84cdc4e2e6", &(0x7f00000002c0)="9bc6135850e8a6b91626c07f5ffa48932d30994b5581d4b27893ced131aad2cacc0069498f30efc95db74478886672061bf3c57574ca2d4dc77448d7c39e47d66d40471d172ed45ab3eaf26ee83430933fe94cabd0ac6906e04f130e0745fb6972cc", 0x0, 0xffffffffffffffff, 0x4}, 0x38) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 22:18:50 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000507000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:50 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000d00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:50 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424", 0x12}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:51 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:51 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000508000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:51 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1900000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:51 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000e00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:51 executing program 3: r0 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8001, 0x7}, 0x8400, 0x0, 0x0, 0x1, 0xfffffffffffffffc, 0x0, 0xfffc}, r0, 0x6, 0xffffffffffffffff, 0x3) socket$kcm(0x10, 0x2, 0x10) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc6010370900018004001d00d1bd0000000000", 0x25}], 0x1, 0x0, 0x0, 0x4c}, 0x20004040) gettid() 22:18:51 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424", 0x12}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2851.659914][T27207] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2851.699164][T27207] CPU: 1 PID: 27207 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2851.707881][T27207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2851.717922][T27207] Call Trace: [ 2851.721197][T27207] dump_stack+0x18f/0x20d [ 2851.725528][T27207] sysfs_warn_dup.cold+0x1c/0x2d [ 2851.730551][T27207] sysfs_do_create_link_sd+0x11e/0x140 [ 2851.736002][T27207] sysfs_create_link+0x5f/0xc0 [ 2851.740761][T27207] device_add+0x6ff/0x1b00 [ 2851.745173][T27207] ? device_check_offline+0x280/0x280 [ 2851.750522][T27207] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2851.756505][T27207] wiphy_register+0x1d5b/0x2840 [ 2851.761344][T27207] ? wiphy_unregister+0xc10/0xc10 [ 2851.766345][T27207] ? default_device_exit_batch+0x3d0/0x3d0 [ 2851.772153][T27207] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2851.778215][T27207] ieee80211_register_hw+0x2291/0x3950 [ 2851.783680][T27207] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2851.789045][T27207] ? lock_downgrade+0x820/0x820 [ 2851.793872][T27207] ? lock_is_held_type+0xb0/0xe0 [ 2851.798872][T27207] ? memset+0x20/0x40 [ 2851.802835][T27207] ? __hrtimer_init+0x12c/0x260 [ 2851.807690][T27207] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2851.813394][T27207] ? hwsim_virtio_rx_work+0x350/0x350 [ 2851.818758][T27207] ? memcpy+0x39/0x60 [ 2851.822724][T27207] hwsim_new_radio_nl+0x93e/0xf8c [ 2851.827729][T27207] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2851.833620][T27207] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2851.840539][T27207] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2851.847377][T27207] genl_rcv_msg+0x61d/0x980 [ 2851.851873][T27207] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2851.858794][T27207] ? lock_release+0x8d0/0x8d0 [ 2851.863446][T27207] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2851.868711][T27207] netlink_rcv_skb+0x15a/0x430 [ 2851.873452][T27207] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2851.880363][T27207] ? netlink_ack+0xa10/0xa10 [ 2851.884953][T27207] genl_rcv+0x24/0x40 [ 2851.888910][T27207] netlink_unicast+0x533/0x7d0 [ 2851.893651][T27207] ? netlink_attachskb+0x810/0x810 [ 2851.898739][T27207] ? _copy_from_iter_full+0x247/0x890 [ 2851.904095][T27207] ? __phys_addr+0x9a/0x110 [ 2851.908575][T27207] ? __phys_addr_symbol+0x2c/0x70 [ 2851.913580][T27207] ? __check_object_size+0x171/0x3e4 [ 2851.918847][T27207] netlink_sendmsg+0x856/0xd90 [ 2851.923595][T27207] ? netlink_unicast+0x7d0/0x7d0 [ 2851.928530][T27207] ? netlink_unicast+0x7d0/0x7d0 [ 2851.933446][T27207] sock_sendmsg+0xcf/0x120 [ 2851.937862][T27207] ____sys_sendmsg+0x6e8/0x810 [ 2851.942603][T27207] ? kernel_sendmsg+0x50/0x50 [ 2851.947254][T27207] ? do_recvmmsg+0x6d0/0x6d0 [ 2851.951824][T27207] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2851.957786][T27207] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2851.963744][T27207] ? __lock_acquire+0xc1e/0x56e0 [ 2851.968682][T27207] ___sys_sendmsg+0xf3/0x170 [ 2851.973250][T27207] ? sendmsg_copy_msghdr+0x160/0x160 [ 2851.978737][T27207] ? __fget_files+0x272/0x400 [ 2851.983394][T27207] ? lock_downgrade+0x820/0x820 [ 2851.988233][T27207] ? find_held_lock+0x2d/0x110 [ 2851.992975][T27207] ? __might_fault+0x11f/0x1d0 [ 2851.997732][T27207] ? __fget_files+0x294/0x400 [ 2852.002388][T27207] ? __fget_light+0xea/0x280 [ 2852.006957][T27207] __sys_sendmsg+0xe5/0x1b0 [ 2852.011449][T27207] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2852.016448][T27207] ? __x64_sys_futex+0x382/0x4e0 [ 2852.021370][T27207] ? do_syscall_64+0x1c/0xe0 [ 2852.025937][T27207] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2852.031906][T27207] do_syscall_64+0x60/0xe0 [ 2852.036302][T27207] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2852.042173][T27207] RIP: 0033:0x45c369 [ 2852.046038][T27207] Code: Bad RIP value. [ 2852.050082][T27207] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2852.058483][T27207] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2852.066429][T27207] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2852.074379][T27207] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2852.082336][T27207] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2852.090282][T27207] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:18:51 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000509000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:51 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424", 0x12}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:51 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:51 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000f00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:51 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvmsg$kcm(r2, &(0x7f00000003c0)={&(0x7f0000000300)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000380)=""/17, 0x11}, 0x0) write$cgroup_subtree(r1, 0x0, 0x0) recvmsg$kcm(r0, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r3, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r4, r1}, 0x78) ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000000)={0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}) perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x1, 0x4, 0x20, 0x5, 0x0, 0x2, 0x10, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={&(0x7f0000000040), 0x4}, 0x40520, 0x100000000, 0x56b, 0x4, 0x4, 0x5, 0x8}, 0x0, 0x0, r1, 0x2) r5 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:51 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1a00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:51 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba90600050a000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2852.396459][T27249] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2852.444749][T27249] CPU: 0 PID: 27249 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2852.453493][T27249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2852.463551][T27249] Call Trace: [ 2852.466857][T27249] dump_stack+0x18f/0x20d [ 2852.471210][T27249] sysfs_warn_dup.cold+0x1c/0x2d [ 2852.476174][T27249] sysfs_do_create_link_sd+0x11e/0x140 [ 2852.481651][T27249] sysfs_create_link+0x5f/0xc0 [ 2852.486427][T27249] device_add+0x6ff/0x1b00 [ 2852.490951][T27249] ? device_check_offline+0x280/0x280 [ 2852.496347][T27249] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2852.502438][T27249] wiphy_register+0x1d5b/0x2840 [ 2852.507315][T27249] ? wiphy_unregister+0xc10/0xc10 [ 2852.512352][T27249] ? default_device_exit_batch+0x3d0/0x3d0 [ 2852.518189][T27249] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2852.524275][T27249] ieee80211_register_hw+0x2291/0x3950 [ 2852.529763][T27249] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2852.535145][T27249] ? lock_downgrade+0x820/0x820 [ 2852.540010][T27249] ? lock_is_held_type+0xb0/0xe0 [ 2852.544972][T27249] ? memset+0x20/0x40 [ 2852.548966][T27249] ? __hrtimer_init+0x12c/0x260 [ 2852.553827][T27249] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2852.559575][T27249] ? hwsim_virtio_rx_work+0x350/0x350 [ 2852.564961][T27249] ? memcpy+0x39/0x60 [ 2852.568959][T27249] hwsim_new_radio_nl+0x93e/0xf8c [ 2852.574002][T27249] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2852.579919][T27249] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2852.586869][T27249] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2852.593732][T27249] genl_rcv_msg+0x61d/0x980 [ 2852.598254][T27249] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2852.605317][T27249] ? lock_release+0x8d0/0x8d0 [ 2852.610008][T27249] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2852.615308][T27249] netlink_rcv_skb+0x15a/0x430 [ 2852.620086][T27249] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2852.627049][T27249] ? netlink_ack+0xa10/0xa10 [ 2852.631686][T27249] genl_rcv+0x24/0x40 [ 2852.635687][T27249] netlink_unicast+0x533/0x7d0 [ 2852.640495][T27249] ? netlink_attachskb+0x810/0x810 [ 2852.645618][T27249] ? _copy_from_iter_full+0x247/0x890 [ 2852.651024][T27249] ? __phys_addr+0x9a/0x110 [ 2852.655539][T27249] ? __phys_addr_symbol+0x2c/0x70 [ 2852.660683][T27249] ? __check_object_size+0x171/0x3e4 [ 2852.665984][T27249] netlink_sendmsg+0x856/0xd90 [ 2852.670764][T27249] ? netlink_unicast+0x7d0/0x7d0 [ 2852.675740][T27249] ? netlink_unicast+0x7d0/0x7d0 [ 2852.680713][T27249] sock_sendmsg+0xcf/0x120 [ 2852.685173][T27249] ____sys_sendmsg+0x6e8/0x810 [ 2852.689963][T27249] ? kernel_sendmsg+0x50/0x50 [ 2852.694642][T27249] ? do_recvmmsg+0x6d0/0x6d0 [ 2852.699257][T27249] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2852.705245][T27249] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2852.711233][T27249] ? __lock_acquire+0xc1e/0x56e0 [ 2852.716185][T27249] ___sys_sendmsg+0xf3/0x170 [ 2852.720785][T27249] ? sendmsg_copy_msghdr+0x160/0x160 [ 2852.726078][T27249] ? __fget_files+0x272/0x400 [ 2852.730769][T27249] ? lock_downgrade+0x820/0x820 [ 2852.735624][T27249] ? find_held_lock+0x2d/0x110 [ 2852.740404][T27249] ? __might_fault+0x11f/0x1d0 [ 2852.745214][T27249] ? __fget_files+0x294/0x400 [ 2852.749905][T27249] ? __fget_light+0xea/0x280 [ 2852.754544][T27249] __sys_sendmsg+0xe5/0x1b0 [ 2852.759057][T27249] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2852.764091][T27249] ? __x64_sys_futex+0x382/0x4e0 [ 2852.769051][T27249] ? do_syscall_64+0x1c/0xe0 [ 2852.773650][T27249] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2852.779678][T27249] do_syscall_64+0x60/0xe0 [ 2852.784108][T27249] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2852.790003][T27249] RIP: 0033:0x45c369 22:18:52 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a0011", 0x1b}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2852.793891][T27249] Code: Bad RIP value. [ 2852.797957][T27249] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2852.806376][T27249] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2852.814359][T27249] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2852.822362][T27249] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2852.830353][T27249] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2852.838459][T27249] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:18:52 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba90600050c000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:52 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001100000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:52 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a0011", 0x1b}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2853.038902][T27265] __nla_validate_parse: 9 callbacks suppressed [ 2853.038912][T27265] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.1'. 22:18:52 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r2, 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={0xffffffffffffffff, 0xc0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r3, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r4, r2}, 0x78) openat$cgroup_ro(r1, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x0, 0x0) 22:18:52 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2853.157559][T27279] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:52 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba90600050e000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2853.217507][T27286] validate_nla: 17 callbacks suppressed [ 2853.217516][T27286] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 2853.222515][T27285] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:18:52 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a0011", 0x1b}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2853.260604][T27262] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2853.281916][T27285] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:18:52 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:52 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001200000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2853.398576][T27299] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2853.425976][T27293] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2853.453344][T27293] CPU: 1 PID: 27293 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2853.462183][T27293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2853.472239][T27293] Call Trace: [ 2853.475541][T27293] dump_stack+0x18f/0x20d [ 2853.479888][T27293] sysfs_warn_dup.cold+0x1c/0x2d [ 2853.484848][T27293] sysfs_do_create_link_sd+0x11e/0x140 [ 2853.490320][T27293] sysfs_create_link+0x5f/0xc0 [ 2853.495097][T27293] device_add+0x6ff/0x1b00 [ 2853.499525][T27293] ? device_check_offline+0x280/0x280 [ 2853.504903][T27293] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2853.510902][T27293] wiphy_register+0x1d5b/0x2840 [ 2853.515790][T27293] ? wiphy_unregister+0xc10/0xc10 [ 2853.520829][T27293] ? default_device_exit_batch+0x3d0/0x3d0 [ 2853.526656][T27293] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2853.532736][T27293] ieee80211_register_hw+0x2291/0x3950 [ 2853.538215][T27293] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2853.543598][T27293] ? lock_downgrade+0x820/0x820 [ 2853.548457][T27293] ? lock_is_held_type+0xb0/0xe0 [ 2853.553403][T27293] ? memset+0x20/0x40 [ 2853.557411][T27293] ? __hrtimer_init+0x12c/0x260 [ 2853.562283][T27293] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2853.568023][T27293] ? hwsim_virtio_rx_work+0x350/0x350 [ 2853.573410][T27293] ? memcpy+0x39/0x60 [ 2853.577411][T27293] hwsim_new_radio_nl+0x93e/0xf8c [ 2853.582458][T27293] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2853.588466][T27293] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2853.595412][T27293] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2853.602283][T27293] genl_rcv_msg+0x61d/0x980 [ 2853.606805][T27293] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2853.613755][T27293] ? lock_release+0x8d0/0x8d0 [ 2853.618438][T27293] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2853.623735][T27293] netlink_rcv_skb+0x15a/0x430 [ 2853.628524][T27293] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2853.635473][T27293] ? netlink_ack+0xa10/0xa10 [ 2853.640085][T27293] genl_rcv+0x24/0x40 [ 2853.644078][T27293] netlink_unicast+0x533/0x7d0 [ 2853.648865][T27293] ? netlink_attachskb+0x810/0x810 [ 2853.653985][T27293] ? _copy_from_iter_full+0x247/0x890 [ 2853.659369][T27293] ? __phys_addr+0x9a/0x110 [ 2853.663884][T27293] ? __phys_addr_symbol+0x2c/0x70 [ 2853.668923][T27293] ? __check_object_size+0x171/0x3e4 [ 2853.674308][T27293] netlink_sendmsg+0x856/0xd90 [ 2853.679090][T27293] ? netlink_unicast+0x7d0/0x7d0 [ 2853.684048][T27293] ? netlink_unicast+0x7d0/0x7d0 [ 2853.689013][T27293] sock_sendmsg+0xcf/0x120 [ 2853.693440][T27293] ____sys_sendmsg+0x6e8/0x810 [ 2853.698211][T27293] ? kernel_sendmsg+0x50/0x50 [ 2853.702889][T27293] ? do_recvmmsg+0x6d0/0x6d0 [ 2853.707489][T27293] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2853.713481][T27293] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2853.719467][T27293] ? __lock_acquire+0xc1e/0x56e0 [ 2853.724435][T27293] ___sys_sendmsg+0xf3/0x170 [ 2853.729036][T27293] ? sendmsg_copy_msghdr+0x160/0x160 [ 2853.734324][T27293] ? __fget_files+0x272/0x400 [ 2853.739009][T27293] ? lock_downgrade+0x820/0x820 [ 2853.743870][T27293] ? find_held_lock+0x2d/0x110 [ 2853.748644][T27293] ? __might_fault+0x11f/0x1d0 [ 2853.753422][T27293] ? __fget_files+0x294/0x400 [ 2853.758118][T27293] ? __fget_light+0xea/0x280 [ 2853.762729][T27293] __sys_sendmsg+0xe5/0x1b0 [ 2853.767247][T27293] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2853.772284][T27293] ? __x64_sys_futex+0x382/0x4e0 [ 2853.777259][T27293] ? do_syscall_64+0x1c/0xe0 [ 2853.781860][T27293] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2853.787855][T27293] do_syscall_64+0x60/0xe0 [ 2853.792284][T27293] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2853.798175][T27293] RIP: 0033:0x45c369 22:18:52 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1b00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:53 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba90600050f000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2853.802064][T27293] Code: Bad RIP value. [ 2853.806128][T27293] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2853.814544][T27293] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2853.822523][T27293] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2853.830514][T27293] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2853.836406][T27324] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 2853.838481][T27293] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2853.838490][T27293] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2853.898447][T27315] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:18:53 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00", 0x1f}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2853.939978][T27315] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2853.948551][T27323] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:53 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001300000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2853.982621][T27316] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2853.991256][T27324] netlink: 'syz-executor.3': attribute type 2 has an invalid length. 22:18:53 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:53 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000510000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:53 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(r0, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:53 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00", 0x1f}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2854.134482][T27341] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2854.154579][T27345] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2854.164814][T27345] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2854.175232][T27346] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:53 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001400000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:53 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000548000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2854.280987][T27343] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2854.288754][T27343] CPU: 0 PID: 27343 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2854.297429][T27343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2854.299171][T27366] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 2854.307531][T27343] Call Trace: [ 2854.307557][T27343] dump_stack+0x18f/0x20d [ 2854.307577][T27343] sysfs_warn_dup.cold+0x1c/0x2d [ 2854.307592][T27343] sysfs_do_create_link_sd+0x11e/0x140 [ 2854.307607][T27343] sysfs_create_link+0x5f/0xc0 [ 2854.307622][T27343] device_add+0x6ff/0x1b00 [ 2854.307640][T27343] ? device_check_offline+0x280/0x280 [ 2854.307658][T27343] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2854.307680][T27343] wiphy_register+0x1d5b/0x2840 [ 2854.307703][T27343] ? wiphy_unregister+0xc10/0xc10 [ 2854.307724][T27343] ? default_device_exit_batch+0x3d0/0x3d0 [ 2854.370010][T27343] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2854.376108][T27343] ieee80211_register_hw+0x2291/0x3950 [ 2854.381592][T27343] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2854.386975][T27343] ? lock_downgrade+0x820/0x820 [ 2854.391979][T27343] ? lock_is_held_type+0xb0/0xe0 [ 2854.396920][T27343] ? memset+0x20/0x40 [ 2854.400908][T27343] ? __hrtimer_init+0x12c/0x260 [ 2854.405774][T27343] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2854.411530][T27343] ? hwsim_virtio_rx_work+0x350/0x350 [ 2854.416912][T27343] ? memcpy+0x39/0x60 [ 2854.420920][T27343] hwsim_new_radio_nl+0x93e/0xf8c [ 2854.425963][T27343] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2854.431913][T27343] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2854.438863][T27343] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2854.445758][T27343] genl_rcv_msg+0x61d/0x980 [ 2854.450283][T27343] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2854.457279][T27343] ? lock_release+0x8d0/0x8d0 [ 2854.461963][T27343] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2854.467266][T27343] netlink_rcv_skb+0x15a/0x430 [ 2854.472048][T27343] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2854.478999][T27343] ? netlink_ack+0xa10/0xa10 [ 2854.483631][T27343] genl_rcv+0x24/0x40 [ 2854.487624][T27343] netlink_unicast+0x533/0x7d0 [ 2854.492407][T27343] ? netlink_attachskb+0x810/0x810 [ 2854.497531][T27343] ? _copy_from_iter_full+0x247/0x890 [ 2854.502910][T27343] ? __phys_addr+0x9a/0x110 [ 2854.507426][T27343] ? __phys_addr_symbol+0x2c/0x70 [ 2854.512463][T27343] ? __check_object_size+0x171/0x3e4 [ 2854.517793][T27343] netlink_sendmsg+0x856/0xd90 [ 2854.522571][T27343] ? netlink_unicast+0x7d0/0x7d0 [ 2854.527552][T27343] ? netlink_unicast+0x7d0/0x7d0 [ 2854.532496][T27343] sock_sendmsg+0xcf/0x120 [ 2854.536957][T27343] ____sys_sendmsg+0x6e8/0x810 [ 2854.541725][T27343] ? kernel_sendmsg+0x50/0x50 [ 2854.546400][T27343] ? do_recvmmsg+0x6d0/0x6d0 [ 2854.550996][T27343] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2854.556981][T27343] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2854.562950][T27343] ? __lock_acquire+0xc1e/0x56e0 [ 2854.567887][T27343] ___sys_sendmsg+0xf3/0x170 [ 2854.572482][T27343] ? sendmsg_copy_msghdr+0x160/0x160 [ 2854.577773][T27343] ? __fget_files+0x272/0x400 [ 2854.582462][T27343] ? lock_downgrade+0x820/0x820 [ 2854.587319][T27343] ? find_held_lock+0x2d/0x110 [ 2854.592089][T27343] ? __might_fault+0x11f/0x1d0 [ 2854.596878][T27343] ? __fget_files+0x294/0x400 [ 2854.601571][T27343] ? __fget_light+0xea/0x280 [ 2854.606173][T27343] __sys_sendmsg+0xe5/0x1b0 [ 2854.610690][T27343] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2854.615785][T27343] ? __x64_sys_futex+0x382/0x4e0 [ 2854.620741][T27343] ? do_syscall_64+0x1c/0xe0 [ 2854.625341][T27343] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2854.631340][T27343] do_syscall_64+0x60/0xe0 [ 2854.635771][T27343] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2854.641669][T27343] RIP: 0033:0x45c369 [ 2854.645559][T27343] Code: Bad RIP value. [ 2854.649620][T27343] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2854.658034][T27343] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2854.666010][T27343] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2854.673991][T27343] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 22:18:54 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1c00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2854.681972][T27343] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2854.689953][T27343] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:18:54 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00", 0x1f}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:54 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001500000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:54 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x1, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() [ 2854.767505][T27376] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2854.791449][T27377] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:54 executing program 5: r0 = socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:54 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba90600054c000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:54 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001600000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:54 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837", 0x21}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:54 executing program 5: r0 = socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:54 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1d00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:54 executing program 3: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r2, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) perf_event_open(&(0x7f0000000000)={0x3, 0x70, 0x7f, 0x40, 0x4, 0x2, 0x0, 0x3, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_config_ext={0x1f, 0x10000}, 0x88000, 0x3, 0x40, 0xd, 0x9, 0x80}, r2, 0x1, r0, 0x8) gettid() 22:18:54 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000560000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:54 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000568000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:54 executing program 3: r0 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, r0, 0x0, 0xffffffffffffffff, 0x8) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:54 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837", 0x21}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:54 executing program 5: r0 = socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:54 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba90600056c000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:54 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001700000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:55 executing program 3: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x10) r1 = socket$kcm(0x2b, 0x1, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000300)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a00000000c013de8c0000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r2, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r4}, 0x78) r5 = openat$cgroup_ro(r3, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r5, &(0x7f0000000200)=0xfeffffff00000000, 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x1, &(0x7f0000000040)=@raw=[@jmp={0x5, 0x0, 0x4, 0x5, 0x8, 0xffffffffffffffe0, 0x10}], &(0x7f0000000180)='GPL\x00', 0x6f92ad17, 0x66, &(0x7f00000001c0)=""/102, 0x41000, 0x4, [], 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x400004}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x7, 0x2}, 0x10, r4, r5}, 0x78) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x2400, 0x6) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r6 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r6, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x1f, 0x2, 0x8, 0x6, 0x0, 0x0, 0x41, 0xa, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x80, 0x5, 0x800, 0x9, 0x40, 0x5, 0xe6}, r6, 0x2, r0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x4c}, 0x48840) gettid() 22:18:55 executing program 5: socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 22:18:55 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837", 0x21}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:55 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="1e00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:55 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000574000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:55 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001800000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:55 executing program 5: socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 22:18:55 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x7) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:55 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00483715", 0x22}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:55 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba90600057a000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:55 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001900000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:55 executing program 5: socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 22:18:55 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005f0000f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:55 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="cd4bb15723db3f60496c4a6ec6da99ea2bbb73b267b11ebbe0cc106dfa0bcc2737dbc1021753ef1cdc33ae230805c29e138d0a24739f720a2bc9343cb64c3b1ad7e0e78c7b830e7e20f95a5f811f065eba41a79dc9b520a26ae49afb7f7c6c06daf80e8636eb718f8338b7af624b8891acbd253bbda210458c01d7d07f49a13e97c8c1a22cbbfd7ef9f63ecc8b3a6e6530cbd289", 0x44}, {&(0x7f0000000100)="7bdddad8f68246a8fb966a9f1cdabcfae39c9490c586fad19e20c3b34b659a91bc82fa81c2ead717e4562362dbc1d904b77dc14e7d23576c5bf2882dc7d519aac2ba4f47e6f02a81dbca6db0771979c72a74e2c856595d75a6bed27297f8a2a907220922ae23eeb5dab8736bec46a32d14a6f9b9d16b86b39f2255d8edf640a047d861ea5b2a80a28f0a4325209357e48a7b086627d4b5", 0x97}, {&(0x7f0000000300)="cf3b22c8948c57155fbd346a4adbef5459302cf558e118e2b664a8f2afa6908dacdb392f10ac05fd22cd4d61a5f3d460b4b25205d0d160e59fbd37665f072d98f72746492080f81ac19ab23df067c9afe2fa6a15eb2575041b9c", 0xfffffffffffffed5}], 0x3, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:55 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00483715", 0x22}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:55 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2100000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:55 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:55 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500030f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:55 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, 0x0, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:55 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00483715", 0x22}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:18:55 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0xfeffffff00000000, 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x1, &(0x7f0000000040)=@raw=[@jmp={0x5, 0x0, 0x4, 0x5, 0x8, 0xffffffffffffffe0, 0x10}], &(0x7f0000000180)='GPL\x00', 0x6f92ad17, 0x66, &(0x7f00000001c0)=""/102, 0x41000, 0x4, [], 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x400004}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x7, 0x2}, 0x10}, 0x78) r1 = socket$kcm(0x2b, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r2, 0x0, 0x0) recvmsg$kcm(r1, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r3, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r5, r2}, 0x78) r6 = openat$cgroup_ro(r4, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000200)=0xfeffffff00000000, 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40305839, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x23, 0x2, &(0x7f0000000140)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x9}], &(0x7f0000000180)='GPL\x00', 0x6f92ad17, 0x66, &(0x7f0000000300)=""/102, 0x41000, 0x4, [], 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x400004}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x7, 0x2}, 0x10, r5}, 0x78) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r6) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:55 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001b00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:55 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500050f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:55 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, 0x0, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:55 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2200000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:56 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:56 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001c00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:56 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000}, 0x0, 0x0, 0x0, 0xa757d72cc21bf96e}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(r3, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_freezer_state(r3, &(0x7f0000000240)='FREEZING\x00', 0x9) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000500)={&(0x7f0000000300)="7baadca50f436591ea64701cc542b9691b4dc5b13fc8d6b82fecf371079ceba6c99d8ff95be21b8449016602744c7dc8f912004dd4d991e8f5201269d666f2b2f7f14d465acf7bc3271b8707646083d3c0f9176fee4bfe9073c083a3803d74cc33888a312919e1b86db691d7021fc2366b1fc55699856f2d5dabe8338bd6db591bf9e28043f8454420afb0bc6073fc36b6ed90af380a79a1951a73afe77a678278e2b8ab604af5d89cda499125d2296fbb10e467abba97d059bc226330406b96c019c04af5daea676e5634beb169ef3a4f58d6d2ba6f701edfdd53112b839b", &(0x7f0000000080)=""/33, &(0x7f0000000400)="dc8301746c377c055d5b94ca0d59832b3d0398e7e18eb6222d7fdd90fca7bb901b095f0508dfca633bfea267a58f7e413547199820d7461a18c3ec8529312984630ea3f5a171fb5ab3a1e16cfcafa2219be052ad655443b8ff4e26a57e225685c6917f0ac4d534fedbec94e03e5e6173e53ee694d392d4b12576802293923dd940c2912aaf1b586239a8eed5eccff8820a291126113359a22014b3125aee7a0b5a6b4d0ebf2e6cc68a9f05b9853be782d22031396f88c58496aba455eca4241090c21c6ffa3e9b749db01804d1", &(0x7f0000000540)="970d26ed644f5eb0b380416f0eae0925e3b0e4eba10100000000000000004dfb9dd5079c4c48bf1a8f3f53f97b0ab4c1c0ce1e3bc3f18b1fce23ca10440fabeb6c41cedff21b95", 0xa9c, r1}, 0x38) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}, {&(0x7f0000000140)="37c33114c874141f8dad18ff539e25bd38f64c1b48e3ff12252487666ee28cb0a7fb1d33dfd02eafacb1ac11dcdfb03a531baef82964d3d2281639ac7d634facbf4c968b4779a94ab9ca1cac1482110b44458690f6568d06aa6d37dff6a8fe9e7b1abffc50f3d904518d6ff7034741002eef3aa102169d11f1adf1028bb3b92974f5ab", 0x83}], 0x2, 0x0, 0x0, 0x4c}, 0x4) gettid() recvmsg$kcm(0xffffffffffffffff, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xc0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f00000006c0)=ANY=[@ANYRESHEX=r2], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x0, [], r4, 0x4, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r6}, 0x78) r7 = openat$cgroup_ro(r5, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r7, &(0x7f0000000200)=0xfeffffff00000000, 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x40305839, &(0x7f0000000000)) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="021794859f8a1ab01db8238e03d358590533693abcf7dd5b0baae31883167f00d25b4d2dc0fdc0ef89948c8660edc94889c3af8e33933dae4299d51c4897193cbcfca717e985d8f322f73728221d2b13acde4db94a8c6f3fb20eb44d7b612cfa2f7baac9e82820f11867e917087c5c1a7a4fbfae7ec8edded3beeb8eea5c00b443be472519507ac5fab470c1257355806e14d4f05f6a01406a0e57bd63d9520eba0f6e29a956d99b028ceae8ca70028711ebafe075afc402afe7fa7bc78986dd732af51f385db77f7e0e4d6614c305d5f357105be5b445a3fe0476e078835ac34a3fc587ebbdd830a0bb79ef9a9c81af53a496455241c3c3645da837fa8fcbba681b0600e67cea2d7c3a6e2522d10a05207fc82fd74cb84f8ac3951d52be5e581b62d9ac7d7e581b919f29ca117a6c3a1f6047c2762d479015bff7277492f356737780ada28eba51c97bc852668f5588c7dac182117a0a489b604b9796f11782cada3815b491779fbb5eb382d56f2568634bf651d4d9dcd9bc8ad97fb5cd02034aef24247c3ad059b2a589b8759fad5246c7ddf4b21858a4e791dce4be11ead3483d9e6b5bb77adafde23badcdeb82c3530dd27adf28df328ec2023399af28bbda0fe18bf267aea68eade522faff6b2034a191202a3c23ec414878056871eb1ef545202631b111b95710bd4c5b865aac9404fbf0e585f354439c09bada0592754b96b4e0d879aa676569"], &(0x7f0000000180)='GPL\x00', 0x6f92ad17, 0x66, &(0x7f00000001c0)=""/102, 0x41000, 0x4, [], 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x400004}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x7, 0x2}, 0x10, r6, r7}, 0x78) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup, r8, 0x5}, 0x10) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r8) 22:18:56 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, 0x0, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2856.568011][T27551] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2856.597618][T27551] CPU: 0 PID: 27551 Comm: syz-executor.1 Not tainted 5.8.0-rc4-syzkaller #0 [ 2856.606327][T27551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2856.616387][T27551] Call Trace: [ 2856.619691][T27551] dump_stack+0x18f/0x20d [ 2856.624037][T27551] sysfs_warn_dup.cold+0x1c/0x2d [ 2856.628990][T27551] sysfs_do_create_link_sd+0x11e/0x140 [ 2856.634463][T27551] sysfs_create_link+0x5f/0xc0 [ 2856.639248][T27551] device_add+0x6ff/0x1b00 [ 2856.643679][T27551] ? device_check_offline+0x280/0x280 [ 2856.649080][T27551] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2856.655178][T27551] wiphy_register+0x1d5b/0x2840 [ 2856.660054][T27551] ? wiphy_unregister+0xc10/0xc10 [ 2856.665092][T27551] ? default_device_exit_batch+0x3d0/0x3d0 [ 2856.670920][T27551] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2856.677000][T27551] ieee80211_register_hw+0x2291/0x3950 [ 2856.682480][T27551] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2856.687875][T27551] ? lock_downgrade+0x820/0x820 [ 2856.692738][T27551] ? lock_is_held_type+0xb0/0xe0 [ 2856.697689][T27551] ? memset+0x20/0x40 [ 2856.701685][T27551] ? __hrtimer_init+0x12c/0x260 [ 2856.706555][T27551] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2856.712305][T27551] ? hwsim_virtio_rx_work+0x350/0x350 [ 2856.717691][T27551] ? memcpy+0x39/0x60 [ 2856.721692][T27551] hwsim_new_radio_nl+0x93e/0xf8c [ 2856.726735][T27551] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2856.732650][T27551] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2856.739594][T27551] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2856.746458][T27551] genl_rcv_msg+0x61d/0x980 [ 2856.750986][T27551] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2856.757946][T27551] ? lock_release+0x8d0/0x8d0 [ 2856.762633][T27551] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2856.767947][T27551] netlink_rcv_skb+0x15a/0x430 [ 2856.772738][T27551] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2856.779687][T27551] ? netlink_ack+0xa10/0xa10 [ 2856.784307][T27551] genl_rcv+0x24/0x40 [ 2856.788305][T27551] netlink_unicast+0x533/0x7d0 [ 2856.793117][T27551] ? netlink_attachskb+0x810/0x810 [ 2856.798246][T27551] ? _copy_from_iter_full+0x247/0x890 [ 2856.803635][T27551] ? __phys_addr+0x9a/0x110 [ 2856.808152][T27551] ? __phys_addr_symbol+0x2c/0x70 [ 2856.813194][T27551] ? __check_object_size+0x171/0x3e4 [ 2856.818508][T27551] netlink_sendmsg+0x856/0xd90 [ 2856.823291][T27551] ? netlink_unicast+0x7d0/0x7d0 [ 2856.828257][T27551] ? netlink_unicast+0x7d0/0x7d0 [ 2856.833211][T27551] sock_sendmsg+0xcf/0x120 [ 2856.837646][T27551] ____sys_sendmsg+0x6e8/0x810 [ 2856.842424][T27551] ? kernel_sendmsg+0x50/0x50 [ 2856.847108][T27551] ? do_recvmmsg+0x6d0/0x6d0 [ 2856.851740][T27551] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2856.857747][T27551] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2856.863735][T27551] ? __lock_acquire+0xc1e/0x56e0 [ 2856.868689][T27551] ___sys_sendmsg+0xf3/0x170 [ 2856.873293][T27551] ? sendmsg_copy_msghdr+0x160/0x160 [ 2856.878588][T27551] ? __fget_files+0x272/0x400 [ 2856.883283][T27551] ? lock_downgrade+0x820/0x820 [ 2856.888141][T27551] ? find_held_lock+0x2d/0x110 [ 2856.892918][T27551] ? __might_fault+0x11f/0x1d0 [ 2856.897703][T27551] ? __fget_files+0x294/0x400 [ 2856.902405][T27551] ? __fget_light+0xea/0x280 [ 2856.907014][T27551] __sys_sendmsg+0xe5/0x1b0 [ 2856.911532][T27551] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2856.916568][T27551] ? __x64_sys_futex+0x382/0x4e0 [ 2856.921520][T27551] ? do_syscall_64+0x1c/0xe0 [ 2856.926210][T27551] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2856.932216][T27551] do_syscall_64+0x60/0xe0 [ 2856.936648][T27551] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2856.942684][T27551] RIP: 0033:0x45c369 [ 2856.946577][T27551] Code: Bad RIP value. [ 2856.950649][T27551] RSP: 002b:00007f40c39bdc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2856.959067][T27551] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2856.967045][T27551] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2856.975031][T27551] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2856.983020][T27551] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2856.990993][T27551] R13: 00007ffe63cf4cdf R14: 00007f40c39be9c0 R15: 000000000078bf0c 22:18:56 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001d00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:56 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2857.119404][T27563] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2857.150896][T27563] CPU: 0 PID: 27563 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2857.159709][T27563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2857.169769][T27563] Call Trace: [ 2857.173076][T27563] dump_stack+0x18f/0x20d [ 2857.177427][T27563] sysfs_warn_dup.cold+0x1c/0x2d [ 2857.182401][T27563] sysfs_do_create_link_sd+0x11e/0x140 [ 2857.187886][T27563] sysfs_create_link+0x5f/0xc0 [ 2857.192660][T27563] device_add+0x6ff/0x1b00 [ 2857.197092][T27563] ? device_check_offline+0x280/0x280 [ 2857.202488][T27563] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2857.208499][T27563] wiphy_register+0x1d5b/0x2840 [ 2857.213377][T27563] ? wiphy_unregister+0xc10/0xc10 [ 2857.218429][T27563] ? default_device_exit_batch+0x3d0/0x3d0 [ 2857.224264][T27563] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2857.230348][T27563] ieee80211_register_hw+0x2291/0x3950 [ 2857.235835][T27563] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2857.241224][T27563] ? lock_downgrade+0x820/0x820 [ 2857.246092][T27563] ? lock_is_held_type+0xb0/0xe0 [ 2857.251045][T27563] ? memset+0x20/0x40 [ 2857.255046][T27563] ? __hrtimer_init+0x12c/0x260 [ 2857.259917][T27563] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2857.265688][T27563] ? hwsim_virtio_rx_work+0x350/0x350 [ 2857.271092][T27563] ? memcpy+0x39/0x60 [ 2857.275099][T27563] hwsim_new_radio_nl+0x93e/0xf8c [ 2857.280154][T27563] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2857.286083][T27563] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2857.293036][T27563] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2857.300030][T27563] genl_rcv_msg+0x61d/0x980 [ 2857.304554][T27563] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2857.311510][T27563] ? lock_release+0x8d0/0x8d0 [ 2857.316199][T27563] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2857.321594][T27563] netlink_rcv_skb+0x15a/0x430 [ 2857.326395][T27563] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2857.333347][T27563] ? netlink_ack+0xa10/0xa10 [ 2857.337983][T27563] genl_rcv+0x24/0x40 [ 2857.341984][T27563] netlink_unicast+0x533/0x7d0 [ 2857.346769][T27563] ? netlink_attachskb+0x810/0x810 [ 2857.352004][T27563] ? _copy_from_iter_full+0x247/0x890 [ 2857.357390][T27563] ? __phys_addr+0x9a/0x110 [ 2857.361913][T27563] ? __phys_addr_symbol+0x2c/0x70 [ 2857.366949][T27563] ? __check_object_size+0x171/0x3e4 [ 2857.372251][T27563] netlink_sendmsg+0x856/0xd90 [ 2857.377034][T27563] ? netlink_unicast+0x7d0/0x7d0 [ 2857.381997][T27563] ? netlink_unicast+0x7d0/0x7d0 [ 2857.386944][T27563] sock_sendmsg+0xcf/0x120 [ 2857.391372][T27563] ____sys_sendmsg+0x6e8/0x810 [ 2857.396151][T27563] ? kernel_sendmsg+0x50/0x50 [ 2857.400838][T27563] ? do_recvmmsg+0x6d0/0x6d0 [ 2857.405443][T27563] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2857.411439][T27563] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2857.417433][T27563] ? do_user_addr_fault+0x8ce/0xd00 [ 2857.422642][T27563] ___sys_sendmsg+0xf3/0x170 [ 2857.427257][T27563] ? sendmsg_copy_msghdr+0x160/0x160 [ 2857.432553][T27563] ? __fget_files+0x272/0x400 [ 2857.437254][T27563] ? lock_downgrade+0x820/0x820 [ 2857.442111][T27563] ? find_held_lock+0x2d/0x110 [ 2857.446880][T27563] ? __might_fault+0x11f/0x1d0 [ 2857.451655][T27563] ? __fget_files+0x294/0x400 [ 2857.456344][T27563] ? __fget_light+0xea/0x280 [ 2857.460947][T27563] __sys_sendmsg+0xe5/0x1b0 [ 2857.465460][T27563] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2857.470491][T27563] ? __x64_sys_futex+0x382/0x4e0 [ 2857.475449][T27563] ? do_syscall_64+0x1c/0xe0 [ 2857.480045][T27563] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2857.486031][T27563] do_syscall_64+0x60/0xe0 [ 2857.490468][T27563] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2857.496367][T27563] RIP: 0033:0x45c369 [ 2857.500256][T27563] Code: Bad RIP value. [ 2857.504319][T27563] RSP: 002b:00007f9b67248c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2857.512737][T27563] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:18:57 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500060f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:57 executing program 3: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x29, 0x7, 0x0) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) perf_event_open(&(0x7f0000000140)={0x5, 0x70, 0x4, 0x2, 0xa2, 0x40, 0x0, 0x1, 0x1200, 0xd, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x81, 0x4, @perf_bp, 0x800, 0xc, 0x1000, 0x7, 0x0, 0x20, 0x135}, 0x0, 0x6, r0, 0xa) gettid() [ 2857.520712][T27563] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2857.528689][T27563] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2857.536667][T27563] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2857.544647][T27563] R13: 00007ffdc138b63f R14: 00007f9b672499c0 R15: 000000000078bfac [ 2857.780721][T27571] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2857.788405][T27571] CPU: 0 PID: 27571 Comm: syz-executor.1 Not tainted 5.8.0-rc4-syzkaller #0 [ 2857.797076][T27571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2857.807130][T27571] Call Trace: [ 2857.810437][T27571] dump_stack+0x18f/0x20d [ 2857.814779][T27571] sysfs_warn_dup.cold+0x1c/0x2d [ 2857.819835][T27571] sysfs_do_create_link_sd+0x11e/0x140 [ 2857.825320][T27571] sysfs_create_link+0x5f/0xc0 [ 2857.830104][T27571] device_add+0x6ff/0x1b00 [ 2857.834538][T27571] ? device_check_offline+0x280/0x280 [ 2857.839927][T27571] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2857.845928][T27571] wiphy_register+0x1d5b/0x2840 [ 2857.850832][T27571] ? wiphy_unregister+0xc10/0xc10 [ 2857.855871][T27571] ? default_device_exit_batch+0x3d0/0x3d0 [ 2857.861701][T27571] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2857.867777][T27571] ieee80211_register_hw+0x2291/0x3950 [ 2857.873234][T27571] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2857.878588][T27571] ? lock_downgrade+0x820/0x820 [ 2857.883415][T27571] ? lock_is_held_type+0xb0/0xe0 [ 2857.888328][T27571] ? memset+0x20/0x40 [ 2857.892286][T27571] ? __hrtimer_init+0x12c/0x260 [ 2857.897115][T27571] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2857.902817][T27571] ? hwsim_virtio_rx_work+0x350/0x350 [ 2857.908182][T27571] ? memcpy+0x39/0x60 [ 2857.912142][T27571] hwsim_new_radio_nl+0x93e/0xf8c [ 2857.917160][T27571] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2857.923054][T27571] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2857.929984][T27571] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2857.936812][T27571] genl_rcv_msg+0x61d/0x980 [ 2857.941310][T27571] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2857.948224][T27571] ? lock_release+0x8d0/0x8d0 [ 2857.952878][T27571] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2857.958139][T27571] netlink_rcv_skb+0x15a/0x430 [ 2857.962879][T27571] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2857.969805][T27571] ? netlink_ack+0xa10/0xa10 [ 2857.974475][T27571] genl_rcv+0x24/0x40 [ 2857.978435][T27571] netlink_unicast+0x533/0x7d0 [ 2857.983179][T27571] ? netlink_attachskb+0x810/0x810 [ 2857.988281][T27571] ? _copy_from_iter_full+0x247/0x890 [ 2857.993627][T27571] ? __phys_addr+0x9a/0x110 [ 2857.998106][T27571] ? __phys_addr_symbol+0x2c/0x70 [ 2858.003107][T27571] ? __check_object_size+0x171/0x3e4 [ 2858.008382][T27571] netlink_sendmsg+0x856/0xd90 [ 2858.013127][T27571] ? netlink_unicast+0x7d0/0x7d0 [ 2858.018048][T27571] ? netlink_unicast+0x7d0/0x7d0 [ 2858.022971][T27571] sock_sendmsg+0xcf/0x120 [ 2858.027363][T27571] ____sys_sendmsg+0x6e8/0x810 [ 2858.032107][T27571] ? kernel_sendmsg+0x50/0x50 [ 2858.036758][T27571] ? do_recvmmsg+0x6d0/0x6d0 [ 2858.041326][T27571] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2858.047382][T27571] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2858.053335][T27571] ? __lock_acquire+0xc1e/0x56e0 [ 2858.058252][T27571] ___sys_sendmsg+0xf3/0x170 [ 2858.062833][T27571] ? sendmsg_copy_msghdr+0x160/0x160 [ 2858.068104][T27571] ? __fget_files+0x272/0x400 [ 2858.072758][T27571] ? lock_downgrade+0x820/0x820 [ 2858.077600][T27571] ? find_held_lock+0x2d/0x110 [ 2858.082340][T27571] ? __might_fault+0x11f/0x1d0 [ 2858.087089][T27571] ? __fget_files+0x294/0x400 [ 2858.091756][T27571] ? __fget_light+0xea/0x280 [ 2858.096324][T27571] __sys_sendmsg+0xe5/0x1b0 [ 2858.100804][T27571] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2858.105824][T27571] ? __x64_sys_futex+0x382/0x4e0 [ 2858.110741][T27571] ? do_syscall_64+0x1c/0xe0 [ 2858.115306][T27571] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2858.121276][T27571] do_syscall_64+0x60/0xe0 [ 2858.125672][T27571] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2858.131539][T27571] RIP: 0033:0x45c369 [ 2858.135406][T27571] Code: Bad RIP value. [ 2858.139447][T27571] RSP: 002b:00007f40c399cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2858.147833][T27571] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2858.155805][T27571] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2858.163750][T27571] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2858.171696][T27571] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac 22:18:57 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:57 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001e00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:57 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500070f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2858.179643][T27571] R13: 00007ffe63cf4cdf R14: 00007f40c399d9c0 R15: 000000000078bfac [ 2858.222562][T27591] validate_nla: 32 callbacks suppressed [ 2858.222585][T27591] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 2858.400294][T27601] __nla_validate_parse: 18 callbacks suppressed [ 2858.400304][T27601] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2858.436482][T27602] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2858.447043][T27602] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:18:58 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2600000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:58 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:58 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:58 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket$kcm(0x2b, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r2, 0x0, 0x0) recvmsg$kcm(r1, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r3, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r5, r2}, 0x78) r6 = openat$cgroup_ro(r4, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000200)=0xfeffffff00000000, 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40305839, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x1, &(0x7f0000000040)=@raw=[@jmp={0x5, 0x0, 0x4, 0x5, 0x8, 0xffffffffffffffe0, 0x10}], &(0x7f0000000180)='GPL\x00', 0x6f92ad17, 0x66, &(0x7f00000001c0)=""/102, 0x41000, 0x4, [], 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x400004}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x7, 0x2}, 0x10, r5, r6}, 0x78) openat$cgroup_ro(r6, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:58 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500090f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:58 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001f00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2858.634611][T27613] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2858.666867][T27616] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2858.672008][T27615] netlink: 'syz-executor.3': attribute type 2 has an invalid length. 22:18:58 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:58 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000a0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2858.687912][T27616] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2858.722180][T27611] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2858.743853][T27611] CPU: 1 PID: 27611 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2858.752560][T27611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2858.762621][T27611] Call Trace: [ 2858.765928][T27611] dump_stack+0x18f/0x20d [ 2858.770297][T27611] sysfs_warn_dup.cold+0x1c/0x2d [ 2858.775256][T27611] sysfs_do_create_link_sd+0x11e/0x140 [ 2858.780739][T27611] sysfs_create_link+0x5f/0xc0 [ 2858.785520][T27611] device_add+0x6ff/0x1b00 [ 2858.789955][T27611] ? device_check_offline+0x280/0x280 [ 2858.795338][T27611] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2858.801342][T27611] wiphy_register+0x1d5b/0x2840 [ 2858.806224][T27611] ? wiphy_unregister+0xc10/0xc10 [ 2858.811271][T27611] ? default_device_exit_batch+0x3d0/0x3d0 [ 2858.817117][T27611] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2858.823215][T27611] ieee80211_register_hw+0x2291/0x3950 [ 2858.828704][T27611] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2858.834095][T27611] ? lock_downgrade+0x820/0x820 [ 2858.838965][T27611] ? lock_is_held_type+0xb0/0xe0 [ 2858.844127][T27611] ? memset+0x20/0x40 [ 2858.848123][T27611] ? __hrtimer_init+0x12c/0x260 [ 2858.852997][T27611] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2858.858754][T27611] ? hwsim_virtio_rx_work+0x350/0x350 [ 2858.864149][T27611] ? memcpy+0x39/0x60 [ 2858.868154][T27611] hwsim_new_radio_nl+0x93e/0xf8c [ 2858.873200][T27611] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2858.879123][T27611] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2858.886073][T27611] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2858.892940][T27611] genl_rcv_msg+0x61d/0x980 [ 2858.897467][T27611] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2858.904426][T27611] ? lock_release+0x8d0/0x8d0 [ 2858.909113][T27611] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2858.914416][T27611] netlink_rcv_skb+0x15a/0x430 [ 2858.919201][T27611] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2858.926153][T27611] ? netlink_ack+0xa10/0xa10 [ 2858.930770][T27611] genl_rcv+0x24/0x40 [ 2858.934764][T27611] netlink_unicast+0x533/0x7d0 [ 2858.939546][T27611] ? netlink_attachskb+0x810/0x810 [ 2858.944668][T27611] ? _copy_from_iter_full+0x247/0x890 [ 2858.950056][T27611] ? __phys_addr+0x9a/0x110 [ 2858.954663][T27611] ? __phys_addr_symbol+0x2c/0x70 [ 2858.959707][T27611] ? __check_object_size+0x171/0x3e4 [ 2858.965020][T27611] netlink_sendmsg+0x856/0xd90 [ 2858.969806][T27611] ? netlink_unicast+0x7d0/0x7d0 [ 2858.974767][T27611] ? netlink_unicast+0x7d0/0x7d0 [ 2858.979720][T27611] sock_sendmsg+0xcf/0x120 [ 2858.984175][T27611] ____sys_sendmsg+0x6e8/0x810 [ 2858.988972][T27611] ? kernel_sendmsg+0x50/0x50 [ 2858.993664][T27611] ? do_recvmmsg+0x6d0/0x6d0 [ 2858.998281][T27611] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2859.004285][T27611] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2859.010284][T27611] ? do_user_addr_fault+0x8ce/0xd00 [ 2859.015502][T27611] ___sys_sendmsg+0xf3/0x170 [ 2859.020114][T27611] ? sendmsg_copy_msghdr+0x160/0x160 [ 2859.025417][T27611] ? __fget_files+0x272/0x400 [ 2859.030117][T27611] ? lock_downgrade+0x820/0x820 [ 2859.034980][T27611] ? find_held_lock+0x2d/0x110 [ 2859.039761][T27611] ? __might_fault+0x11f/0x1d0 [ 2859.044563][T27611] ? __fget_files+0x294/0x400 [ 2859.049279][T27611] ? __fget_light+0xea/0x280 [ 2859.053893][T27611] __sys_sendmsg+0xe5/0x1b0 [ 2859.058427][T27611] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2859.063469][T27611] ? __x64_sys_futex+0x382/0x4e0 [ 2859.068430][T27611] ? do_syscall_64+0x1c/0xe0 [ 2859.073035][T27611] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2859.079053][T27611] do_syscall_64+0x60/0xe0 [ 2859.083508][T27611] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2859.089410][T27611] RIP: 0033:0x45c369 [ 2859.093307][T27611] Code: Bad RIP value. [ 2859.097378][T27611] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2859.105795][T27611] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2859.113773][T27611] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2859.121770][T27611] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2859.129754][T27611] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2859.137739][T27611] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c 22:18:58 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002000000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2859.362365][T27624] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2859.391590][T27628] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2859.401889][T27615] netlink: 'syz-executor.3': attribute type 2 has an invalid length. 22:18:58 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000c0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:18:58 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2859.434924][T27628] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:18:59 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x3) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:18:59 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2700000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:59 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:18:59 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002100000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:18:59 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2859.608598][T27637] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:18:59 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000e0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2859.677584][T27643] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:18:59 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2800000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2859.751246][T27645] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2859.782717][T27645] CPU: 0 PID: 27645 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2859.791419][T27645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2859.801474][T27645] Call Trace: [ 2859.804779][T27645] dump_stack+0x18f/0x20d [ 2859.809132][T27645] sysfs_warn_dup.cold+0x1c/0x2d [ 2859.814110][T27645] sysfs_do_create_link_sd+0x11e/0x140 [ 2859.819590][T27645] sysfs_create_link+0x5f/0xc0 [ 2859.824348][T27645] device_add+0x6ff/0x1b00 [ 2859.828764][T27645] ? device_check_offline+0x280/0x280 [ 2859.834204][T27645] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2859.840166][T27645] wiphy_register+0x1d5b/0x2840 [ 2859.845018][T27645] ? wiphy_unregister+0xc10/0xc10 [ 2859.850026][T27645] ? default_device_exit_batch+0x3d0/0x3d0 [ 2859.855959][T27645] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2859.862009][T27645] ieee80211_register_hw+0x2291/0x3950 [ 2859.867453][T27645] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2859.872809][T27645] ? lock_downgrade+0x820/0x820 [ 2859.877638][T27645] ? lock_is_held_type+0xb0/0xe0 [ 2859.882554][T27645] ? memset+0x20/0x40 [ 2859.886515][T27645] ? __hrtimer_init+0x12c/0x260 [ 2859.891346][T27645] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2859.897054][T27645] ? hwsim_virtio_rx_work+0x350/0x350 [ 2859.902408][T27645] ? memcpy+0x39/0x60 [ 2859.906370][T27645] hwsim_new_radio_nl+0x93e/0xf8c [ 2859.911376][T27645] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2859.917253][T27645] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2859.924165][T27645] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2859.931015][T27645] genl_rcv_msg+0x61d/0x980 [ 2859.935514][T27645] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2859.942430][T27645] ? lock_release+0x8d0/0x8d0 [ 2859.947084][T27645] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2859.952349][T27645] netlink_rcv_skb+0x15a/0x430 [ 2859.957094][T27645] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2859.964007][T27645] ? netlink_ack+0xa10/0xa10 [ 2859.968587][T27645] genl_rcv+0x24/0x40 [ 2859.972548][T27645] netlink_unicast+0x533/0x7d0 [ 2859.977308][T27645] ? netlink_attachskb+0x810/0x810 [ 2859.982412][T27645] ? _copy_from_iter_full+0x247/0x890 [ 2859.987847][T27645] ? __phys_addr+0x9a/0x110 [ 2859.992356][T27645] ? __phys_addr_symbol+0x2c/0x70 [ 2859.997360][T27645] ? __check_object_size+0x171/0x3e4 [ 2860.002628][T27645] netlink_sendmsg+0x856/0xd90 [ 2860.007384][T27645] ? netlink_unicast+0x7d0/0x7d0 [ 2860.012310][T27645] ? netlink_unicast+0x7d0/0x7d0 [ 2860.017233][T27645] sock_sendmsg+0xcf/0x120 [ 2860.021638][T27645] ____sys_sendmsg+0x6e8/0x810 [ 2860.026380][T27645] ? kernel_sendmsg+0x50/0x50 [ 2860.031033][T27645] ? do_recvmmsg+0x6d0/0x6d0 [ 2860.035605][T27645] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2860.041580][T27645] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2860.047535][T27645] ? do_user_addr_fault+0x8ce/0xd00 [ 2860.052718][T27645] ___sys_sendmsg+0xf3/0x170 [ 2860.057318][T27645] ? sendmsg_copy_msghdr+0x160/0x160 [ 2860.062597][T27645] ? __fget_files+0x272/0x400 [ 2860.067251][T27645] ? lock_downgrade+0x820/0x820 [ 2860.072088][T27645] ? find_held_lock+0x2d/0x110 [ 2860.076845][T27645] ? __might_fault+0x11f/0x1d0 [ 2860.081590][T27645] ? __fget_files+0x294/0x400 [ 2860.086278][T27645] ? __fget_light+0xea/0x280 [ 2860.090847][T27645] __sys_sendmsg+0xe5/0x1b0 [ 2860.095325][T27645] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2860.100326][T27645] ? __x64_sys_futex+0x382/0x4e0 [ 2860.105243][T27645] ? do_syscall_64+0x1c/0xe0 [ 2860.109816][T27645] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2860.115883][T27645] do_syscall_64+0x60/0xe0 [ 2860.120292][T27645] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2860.126167][T27645] RIP: 0033:0x45c369 [ 2860.130042][T27645] Code: Bad RIP value. [ 2860.134107][T27645] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2860.142490][T27645] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2860.150435][T27645] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2860.158381][T27645] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2860.166326][T27645] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2860.174274][T27645] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c 22:18:59 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002200000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2860.523053][T27650] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:00 executing program 3: r0 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}}, r0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(r2, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000040)={[{0x2b, 'io'}, {0x2b, 'rdma'}, {0x2b, 'rdma'}, {0x2b, 'memory'}]}, 0x18) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:19:00 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:00 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000f0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:00 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2900000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:00 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002300000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:00 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2860.765362][T27678] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:00 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:00 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002400000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2860.817965][T27683] sysfs: cannot create duplicate filename '/class/ieee80211/!' 22:19:00 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2a00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:00 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) r1 = gettid() r2 = socket$kcm(0x2b, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r3, 0x0, 0x0) recvmsg$kcm(r2, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(r6, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) openat$cgroup_ro(r6, &(0x7f0000000040)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r4, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r5, r3}, 0x78) perf_event_open(&(0x7f0000000300)={0x2, 0x70, 0x4, 0x0, 0x1, 0x43, 0x0, 0x6, 0x410, 0x6, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x35657a6c, 0x4, @perf_bp={&(0x7f0000000240), 0xc}, 0xc001, 0x0, 0x3, 0x2, 0x9, 0x0, 0x8}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0xb) perf_event_open(&(0x7f0000000140)={0x5, 0x70, 0x80, 0x7, 0x1, 0x6, 0x0, 0x3, 0x200, 0xe, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x386, 0x2, @perf_bp={&(0x7f0000000000), 0x4}, 0x4000, 0x1, 0x5, 0x1, 0xbbf, 0x1}, r1, 0xa, 0xffffffffffffffff, 0x0) r7 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) close(r7) 22:19:00 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500200f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2860.913045][T27683] CPU: 0 PID: 27683 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2860.921848][T27683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2860.931908][T27683] Call Trace: [ 2860.935216][T27683] dump_stack+0x18f/0x20d [ 2860.939566][T27683] sysfs_warn_dup.cold+0x1c/0x2d [ 2860.944520][T27683] sysfs_do_create_link_sd+0x11e/0x140 [ 2860.950005][T27683] sysfs_create_link+0x5f/0xc0 [ 2860.954879][T27683] device_add+0x6ff/0x1b00 [ 2860.959316][T27683] ? device_check_offline+0x280/0x280 [ 2860.964705][T27683] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2860.970707][T27683] wiphy_register+0x1d5b/0x2840 [ 2860.975584][T27683] ? wiphy_unregister+0xc10/0xc10 [ 2860.980625][T27683] ? default_device_exit_batch+0x3d0/0x3d0 [ 2860.986454][T27683] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2860.992623][T27683] ieee80211_register_hw+0x2291/0x3950 [ 2860.998102][T27683] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2861.003494][T27683] ? lock_downgrade+0x820/0x820 [ 2861.008360][T27683] ? lock_is_held_type+0xb0/0xe0 [ 2861.013390][T27683] ? memset+0x20/0x40 [ 2861.017385][T27683] ? __hrtimer_init+0x12c/0x260 [ 2861.022254][T27683] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2861.028009][T27683] ? hwsim_virtio_rx_work+0x350/0x350 [ 2861.033394][T27683] ? memcpy+0x39/0x60 [ 2861.037397][T27683] hwsim_new_radio_nl+0x93e/0xf8c [ 2861.042440][T27683] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2861.048363][T27683] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2861.055413][T27683] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2861.062299][T27683] genl_rcv_msg+0x61d/0x980 [ 2861.066826][T27683] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2861.073807][T27683] ? lock_release+0x8d0/0x8d0 [ 2861.078498][T27683] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2861.083804][T27683] netlink_rcv_skb+0x15a/0x430 [ 2861.088584][T27683] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2861.095532][T27683] ? netlink_ack+0xa10/0xa10 [ 2861.100184][T27683] genl_rcv+0x24/0x40 [ 2861.104182][T27683] netlink_unicast+0x533/0x7d0 [ 2861.108978][T27683] ? netlink_attachskb+0x810/0x810 [ 2861.114123][T27683] ? _copy_from_iter_full+0x247/0x890 [ 2861.119512][T27683] ? __phys_addr+0x9a/0x110 [ 2861.124028][T27683] ? __phys_addr_symbol+0x2c/0x70 [ 2861.129067][T27683] ? __check_object_size+0x171/0x3e4 [ 2861.134374][T27683] netlink_sendmsg+0x856/0xd90 [ 2861.139159][T27683] ? netlink_unicast+0x7d0/0x7d0 [ 2861.144126][T27683] ? netlink_unicast+0x7d0/0x7d0 [ 2861.149092][T27683] sock_sendmsg+0xcf/0x120 [ 2861.153525][T27683] ____sys_sendmsg+0x6e8/0x810 [ 2861.158303][T27683] ? kernel_sendmsg+0x50/0x50 [ 2861.162991][T27683] ? do_recvmmsg+0x6d0/0x6d0 [ 2861.167601][T27683] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2861.173593][T27683] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2861.179605][T27683] ? do_user_addr_fault+0x8ce/0xd00 [ 2861.184815][T27683] ___sys_sendmsg+0xf3/0x170 [ 2861.189427][T27683] ? sendmsg_copy_msghdr+0x160/0x160 [ 2861.194720][T27683] ? __fget_files+0x272/0x400 [ 2861.199412][T27683] ? lock_downgrade+0x820/0x820 [ 2861.204270][T27683] ? find_held_lock+0x2d/0x110 [ 2861.209046][T27683] ? __might_fault+0x11f/0x1d0 [ 2861.213828][T27683] ? __fget_files+0x294/0x400 [ 2861.218517][T27683] ? __fget_light+0xea/0x280 [ 2861.223127][T27683] __sys_sendmsg+0xe5/0x1b0 [ 2861.227641][T27683] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2861.232790][T27683] ? __x64_sys_futex+0x382/0x4e0 [ 2861.237748][T27683] ? do_syscall_64+0x1c/0xe0 [ 2861.242352][T27683] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2861.248348][T27683] do_syscall_64+0x60/0xe0 [ 2861.252781][T27683] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2861.258682][T27683] RIP: 0033:0x45c369 [ 2861.262578][T27683] Code: Bad RIP value. [ 2861.266644][T27683] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2861.275061][T27683] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2861.283043][T27683] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2861.291026][T27683] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2861.299008][T27683] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2861.306988][T27683] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c [ 2861.504080][T27700] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:01 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:01 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002500000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:01 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:01 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005003f0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:01 executing program 3: perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x203}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r1, 0x0, 0x0) recvmsg$kcm(r0, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x1c, 0x9, &(0x7f0000000300)=ANY=[@ANYBLOB="1d609c60078804952480ddc90e10000000030300000000000000060000001808000006c76a0000e6000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a000013f2fa8b69f22603263dacc8e6e8f343d4456529a392bd156855e0f86fcec0b60d755010a09d772519dedef31b8cd1f7406572ad7b1fa94c5297d24972c145da6dca531bc403dabe7b58aeb6d26018ce3940674873a39aff8a923464bd478410e3cbd6977999518eda00000000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r2, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r3, r1}, 0x78) ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x1) r4 = socket$kcm(0x2b, 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r5, 0x0, 0x0) recvmsg$kcm(r4, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r6, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r7, r5}, 0x78) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r5, 0x4008240b, &(0x7f0000000200)={0x2, 0x70, 0x1f, 0x7, 0x81, 0x40, 0x0, 0x0, 0xc5a, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000, 0x4, @perf_bp={&(0x7f0000000040), 0xc}, 0x10201, 0x9e, 0x2, 0x8, 0x2e6, 0x7, 0x1}) r8 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r8, &(0x7f00000000c0)={0x0, 0x2, &(0x7f00000006c0)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0xffffffffffffffc1}, {&(0x7f0000001580)="cded5b4571e0bd6dba1717e156e2038f4a49d8d295639379d8c88396168e693678ff357c58732979d956482052a0da60dcd39df5a8cb96acfbbf436aaaa8d69d80a405a8d7b32633242f92b74e385a39e1e6ddbed0e890478a1fd96f546ae8b1a088839f35e6844134c3262179cdc6cd269d41e135cdf5907a6a2e3e78d37290a16021eaa748343706a6098df599cd85e6af7c4cc160d6d5470102f55d2756ffc7957a4b1cbbae4462bd9360974811608e99952fc3e1aa930b34bb641f7260d717577e6df66cb8d181334a22dff4ee1f926b407f58f3def7702449b8fa53bb6e5683e720bde29ec7c3f999bcdc8456eb9704a6171ca86cd5cefa7feb2eef9165ab5832f569f42564268bb1bb8b6ebc9569c735032b4aae4fab1720ec70a9e824f729647005bc4c8835c88295358daba424725c959f5c4bab8b9cd9f6e10ec1e2e045146fe5fc2f537874ff7f39a5363f44bab43c78f0b317b1d97fbe5505e7da797649851728a201fed3e628d416bee4c4c0a428ba488bdd42f4812246b9dde09d769bb5983a9dfd909e3d8aca0cf0d32d0268a9ee3d6db515d0b4e30636dde077e13ae53ee763fd13f3c9e8def0e56b671d7572baeb7c6552d80ea40134bf377a6c78894b50b2a1d471a768df3e1bad29af29c8dfb7b2923f4c8665e6e2cfad9aeb1af652b90bac31b08c912b9eeebbf8e9b84bdd0a3046af0b7ea99fa85aee64305634f18036fd8e6cb6a97d5ce66a59ef2d785a92979d187a3f652c268f053547cb9d240e4c476eafaec012151cbb5333a65482fcfb7312e40fc068952c28318897a65b66f3bce446d68a7ba9ec8ccfe7c54bc8d7bc94cd4f69a754d731032ca000261c355e6d2ec8bbd5a0599532235148dfe8aaa27bca8169fdb63d4d36e3f93cfc9ce3c164338b15d3c22119b9b33b6b43812fe698bdd408e832a0a9717732aa3f5d147191e4a787031b616fbfc7559f0bcece2eee1cec631d52c6a185f3ebbdab593f2db02879f98772c702e5d4bc4dad5740e12c0b03af1f3b51cfbc0d4b99d01013eeb83848d97bffb467b55c1737db57288e53ad33a5eab8829db6507234d5078b4f9203426b15f1b109e888fa6019159c13413249d0d61bde33fdc2d75c23e4136419d1629c1e591a45217175c723900206bd6cb767a914ce84723f3b53643720c4be6daca0ec44bf80c32cd8a0b34fc83cc2b66431047a0d0f98e502dc2f40ee3ce2207e0af415116c9bcb61a32c70ca840a854fb52c7e897d8d5b88c24d9b3532d7444c179e8a61e272a83f8edb59e88e4c010d81f6e28404faffc7aa513fb1825f0dbd54428d69e0ee2c2c6f232f102b226a6365dd09023be83510dbb63371d02dc10314373411ab6646981477f3e41d6fa5a99b40414fa8a05c6f72e5e7f43e72ca498d7a2b2c24fcbf75f5870d7dc90488ed2ce0b1dc95df9697fc76c2bb25a247771b83da9dee05d3c6e5efc083f0a16a11e76d4ab1e983550084ab69c73ee8b3d9b1af15378b5daceba03bda96a5a36557c8830029c7e00d8b6c19dd9caf376df849934702897c5bf887306f676673caeb5640949fade5f4820c923485c6ca2f6d0daf6060786887137a37c2d78b545c5fe4361ba516a2e396ffc83abd12f3b9330fc8429b44d1c002dc444a97a945bc530c7f33b78a13fb3fe6ea424da47392d798fd9fce11d3e1c4137328fb4550ae7664a819bf6d0d8e2c528b598d7e5aea253906369e345f397eefc460d5ec9aae2b01cb7582478e5f8395b15bb44951faba7c5d615b095bdbc8b2f315ce8dfb47d331c01ad59d9c2f69b5529c7e0eadab10f04741209b5c3435a2cb45f1a9428eaa956e4a7c23e1f090713e2fed34191a649959354c97bd3fa2addbec4bf449eb62f9ed01e4f499a846bcb04fc94fddec3fd3c73767de24f74566c3426bef5c6a12e20215e5b8daef90cd8ebcbef96ab6360148f29d8835e0559c222e48c7f8140043298d945e3a40e3365e4a27f15db7f87d3e5160c78717aaba8fcb407a7eab20dd2396c60e830c136714650f5616f25d3f513eb47bb6eb9bf335b37f0f5bd8c4dc120aae67f6d5bef4536164dd65cfb96a7ab9855a386f3259c256dd9703a9a051b88fb42c90e7fbcb8bfa93ad30e7c6c98c2d57f4f0ceed5fee99ea004a5e7cb15fe2665608238519f2a5972d9ab89b15bf29fac3c9c99e8de463c8a1791111edf94a7d09d16c10ecd63c151e6b46a3e2c97ff5e26a7a050765234c5dd9c2b6a4dba8ddedf42db18895d02abdbf9378dc241926e1b30f9dcdca2e18cdd7ca191f84a3cd4775bcf4bb287e670d37d48696bd9f03eb8ca1d4808e11ad60637c9ea34cfadb21dd35640106ea6c307ad2c6b0586018f20b25e01e11f5efcb57b47f7c7e671940d41383c3972c7a77e777f4b324261f426a7b9343d77bcc832002489dd4f0ec997039f82d27bb794a3fc8e5733d738217ee0950f6b72bedb93ac5b3f0851fd0283dcf6efa937f68d15037b9689353d486ec93c4401622a3d96a84f345fd44b76aef30b5d7a23b3e5d9322f779512df33938cd37f842edeae7dc101d442e7e960751f61b2ae672e2228c9f4b1724987fdc434f5cd54cac29afcd96476e574cc78441ed0fb662196c9e58943f140637b239c8bce0a59d635e260492c539f7fab7c2111dc4f06a483dc678e8ba6060a53f297cab5fbf001a28aa9ce169f5e039c3e5dc1c1313af7c45c67bc816f8d99991986080e340ee51deb61bdccbb3b13d55b19a51e1916dda44cdb8968746b4e6463e381a794705031cd7e2fa5af7c80adffa32fa4922009575373a5604919071782279c5d51a5c6f82725e3f0b0f00d1d1bd57d240ae40de1c4a703342f142e6e6583fe889fec6d3f9e77c7114ddfe5a61589300fbd8a62578bacbc7c44484b2bf6e568a24ea8a214b993657fe09840095e90ff6c18a5aa7cb50b6957b97fdb4d9cf76844fde80c40ae5cc2cf003a7d8c410c43f1be7cfdf5959969360d39bae40b7532f4cfe4f4c1ab7fdd4459ff66c8dba5d4ed6d24a3591f8dfa0a78462f1bd818bb0aaa95332eab7d88ad5b4abdeae11968c9735fb163893f03fc43275d61c2d5fe1247837fcda1e89316cf2a1b78685c612097911190f9d4a94b9f0cdd81f08c1381fabc086a81c97d1b50cea812dbbfa2cd5a1c66d1153ab69911796ccf66b9b077bd833adf6d9b3d8fa508b6b935658dec7db04c8a0fc4425f0647019c4dde237f151a430a973fef0afc0585b27bb6bc3ac212a404be15e712539031e9dcbd42744d25472a999bd14659835704b2fa74fb84ca5046c8a611cca3c7d071784f35fec78b6476106156a8501b6cedc179ee57ee35ee9955a1d859484577b5fb1a4887f310a73b8c3de8ad95d17521930e80807ee398eaaaddaf44e96cde9a6c587944719c0351d6d09fce4d503f9f90f78a7da911c3555765623a1fa4d2abbf260f261e3e125c6062938ad1c7e3d5a5e1a6f978691a49a32b3c945722953f04e42a6b8a7dd6f3f132f0fcdb0ea859a3026852989f4fd4c2104523116b12aaaa96659ebd6bcee18ad35145f72515ab1d288ae1b2a54787371a1cad1d4ea1c04f4d63b1fb52de37fbbd910d8a2a1c5cb5f2ec4c95e2ce8fd6209863664a79e995fd5e40bb12446172edbb868ed44e318cfc61d494468c9a9e3f0c1a5f50aad92c5f57d6914bc2876caca6d2bcb0e4fc46e56330e2d57d291d139585bc7e89d271cff27e345b758d012cc326293dfb9d4f2b29f612657822d848ba2cf5d0fd7c070bb0cf392108427e005d9fed29662d3b6bb481ea1c08c86d3038593e289dcc87093c8855a55261b22a2472749d3123b80317bda31c33b7e5d9a890b48cabff5ad8d676de7d3ab5c9807f8683bdfb60d4d9c197903dc6f681fb4d6942fa2a80626e0d12f7cbcdfb424abda07ddf4603b4136fe8ee7ecf58108edf947d4486e8710b4ac2652272e97fca20dbc728b70a2ca06dfb531ce3c80c94f9301a67ac1ce8c974d7089e4d5049533be9221e5d45a938bab86d11f3699c3976dd0ffba3a4eb3d641f67cf15ea25dbceb1230609d03eaa4bd586edd5c24bbefbad19be4d22ca6a64785b25e014690c2e919b4230f5893e0ab490d8502392e84f16b66b17c85a819f671b598001ceb98f03b04cd5b0767bf735899967c0f88fdcf157cd9aee6c715a8c1d4e821929c3d89874ab166f3665512abe343eb8139a837cb7fc532c4df08b1ade4a47cff5de773e7239be4efddb69456a6757d59368c558f3525857b95e2e3323938f9dc721b98ac97299cb87fcebb624bb212550a474dd45408b0539b3497e1700cb3fbab409a15c612a3cca27f4b32b8f7c2614ac6e880e5c67cbfe570be8792a10e50b0d91c44eb2b15f2f512c0d6658631f609e865d5444b907dc1ed768242c037e3cfd7f6df21596b0dd762f16c4bf465cf43278dbffd4d6591da26c47286515c17fecbc85c7361b0315a6b70a6b29b5c635016f94dc053bd6f2e77eb5d6d549d3015e7eddfb04aca4b4cc6623bd97e42e40cad3de546b26021fce5288714c10d47d9f6289b23cb9d1d3dfb24d619a77af3ccf599506fe7d882f38e3957623c13fe4d6b0bcaaa389924767e6ad70467d2008affb7d0f7fb5b54aae9a927672b9c5e5e0f8b282697f93b37de0085f2c6bfcde0f7af7b3673f10d4b475416b871ce34f8516f96a767433084170ec8a5ab8b1095354ce3e0850751590aec330663535a69432e245f9cd3ca5bfeeac16301092d04876e4ce694323bd3c6413d93443b55a1e3ef42c9a586d1b3bf7c5e6f374240d0c91fcb2790e17cc1838844937a8b617251e4ff4a6df02f98badcf541c2d2266691cc6fd634303cc8a8dcf98b87a0f1960fa81a3295ad51fadafebd7da4ee60c882b7ec99ea997e228dbcde2c38219fa0f7c06e46e4b64ac5ba3e976470e6c83793c7c480f5f844c38480d7341aee0ab5b60e4e747f406b629ed747dd657542823fd6727c27be413d6df01f700583bd987a3bbc9e5202c3131e4142bee43a255c2e240702d47ec051e09fd56d14595b0b697ff92c9d6758625ef2385aa4f207dd2f1dee5bd92b233935c5f26d21abe8f8081c707fc475e407ee6093a883bc89e7bed26449e51769ac3f3123fa5dde7b499d330575834cb1098e298df0a59a469deeb8444a79f822064ba0ec6a2233ed816bdfe5ddca5c83fb0db6413b56dbd6285ad1cac5c72cd5a057416f964f12820083d5b89aec26254f897f4280bc7da9dafbe4ed66c3126e3e715c417db587bd38bf61d94604f870e014fa07d3920765c72db6bdbbab7691718a2cc4e9c188e49400f03b26302653b0332b3372907d3f20ae03cfa131ee6fe34efc459b7a968b296f1e86bc46720a089fa8ca9eb2e98f6ad660816ffe73ffa93ca55603cb2b131b85c947d2a0f1bbbb76b6b97de8072550a5baefe1051f5ae69cb655746ea24072e8f9c827f4fda1a2a30cca593f2135e7afd9136bdb1920cdb016c8be45e21a9972e7f9fc43204f47acc424eab92bbe73f8186a79679098f85da4e2febeda92980d8560ab8eaa7c3a14144598f532c922ce4fbf6be41cb68de840bca48fb04419567e3166999188d48a19a571a07d17096ecfbc4dcd27faeb90c71286bb121f8dc93eae92ec95c62dbacfcc79bff65886588b89692780b9f369588e815ff47ab6ab2d012aabdb0e4b4d806e86bbe8ef76616fc76f566deffb8c2db7ba1282144fc9c936644f82e949e20b79e989db5e0de15cb87155c49498c47ed502bf528a872a44a765264939b9e7"}, {&(0x7f0000000480)="e99463a7e3494a3dcbe4b5403c4debd36cf2bddb5ff32e6e227082f9bde393bae9b0257f495a75efe6363b0e92c37ccfddfcbab0226c77666e9f2c3e0ff2d4acf96b3e49be79e9cd7a04722fe782323843153628f2f24507e0bff3f7eb95fe86f1c6b7c1b5fbe039d6b1e3b1ff07816743dd2ad13f3fcf84e0c923a5ee7be94061189703ebbbc8167e023dc705ae13024f1cc6b43c734540997e3188151db7b82102af0e460e89288a0f9b12cea739eeacad78c4653d6954c5ab7cc7a9aa94e45d351cd48875"}, {&(0x7f0000000580)="817b668cbc17bd993de8724c1a09b3967bbc797acead7338bc5d1033b62ff977bec15aa623892f7147141e6fbaa3bd69c5a5a993cc51670a2419b73ee80053dbb7bac4e6abbdcc4fce2863971e707b641e95e96b6fbf7c"}, {&(0x7f0000000080)="6cdf2e94605d9254d0f6037e0e5075da949dd0"}, {&(0x7f0000000600)="f13edbb75d612fb96c679011a4db75da6d4869e465f69fd80d87c312064c89bf36bfe8e6a0001a406866dbe2e1d44a273ba58fad400a6c293139a0ba7e23d437785386beca61c08879c5daaa52abaa9d0196d3bbb63a2f227cb20aebe4b70c37cd4a"}, {&(0x7f0000000140)="98cd2d0e90bfcda7edacd032778f2df71c7693b39abc93a6ba17d2064aaf26143f2f2176d0461425a9"}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:19:01 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2b00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2861.695461][T27710] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2861.744193][T27710] CPU: 0 PID: 27710 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2861.752903][T27710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2861.762965][T27710] Call Trace: [ 2861.766268][T27710] dump_stack+0x18f/0x20d [ 2861.770616][T27710] sysfs_warn_dup.cold+0x1c/0x2d [ 2861.775565][T27710] sysfs_do_create_link_sd+0x11e/0x140 [ 2861.781030][T27710] sysfs_create_link+0x5f/0xc0 [ 2861.785792][T27710] device_add+0x6ff/0x1b00 22:19:01 executing program 3: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x70, 0x5, 0x3, 0x20, 0x0, 0x0, 0xee09, 0x24, 0x8, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000140), 0x4}, 0x4109, 0x4, 0xffffffff, 0x0, 0x3, 0x1, 0x401}, 0x0, 0xf, r0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() [ 2861.790205][T27710] ? device_check_offline+0x280/0x280 [ 2861.795578][T27710] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2861.801575][T27710] wiphy_register+0x1d5b/0x2840 [ 2861.806456][T27710] ? wiphy_unregister+0xc10/0xc10 [ 2861.811489][T27710] ? default_device_exit_batch+0x3d0/0x3d0 [ 2861.817311][T27710] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2861.823389][T27710] ieee80211_register_hw+0x2291/0x3950 [ 2861.828893][T27710] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2861.834279][T27710] ? lock_downgrade+0x820/0x820 [ 2861.839138][T27710] ? lock_is_held_type+0xb0/0xe0 [ 2861.844078][T27710] ? memset+0x20/0x40 [ 2861.848064][T27710] ? __hrtimer_init+0x12c/0x260 [ 2861.852925][T27710] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2861.858675][T27710] ? hwsim_virtio_rx_work+0x350/0x350 [ 2861.864062][T27710] ? memcpy+0x39/0x60 [ 2861.868051][T27710] hwsim_new_radio_nl+0x93e/0xf8c [ 2861.873084][T27710] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2861.879012][T27710] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2861.885959][T27710] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2861.892826][T27710] genl_rcv_msg+0x61d/0x980 [ 2861.897352][T27710] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2861.904305][T27710] ? lock_release+0x8d0/0x8d0 [ 2861.909019][T27710] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2861.914316][T27710] netlink_rcv_skb+0x15a/0x430 [ 2861.919090][T27710] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2861.926038][T27710] ? netlink_ack+0xa10/0xa10 [ 2861.930654][T27710] genl_rcv+0x24/0x40 [ 2861.934642][T27710] netlink_unicast+0x533/0x7d0 [ 2861.939425][T27710] ? netlink_attachskb+0x810/0x810 [ 2861.944545][T27710] ? _copy_from_iter_full+0x247/0x890 [ 2861.949927][T27710] ? __phys_addr+0x9a/0x110 [ 2861.954437][T27710] ? __phys_addr_symbol+0x2c/0x70 [ 2861.959472][T27710] ? __check_object_size+0x171/0x3e4 [ 2861.964773][T27710] netlink_sendmsg+0x856/0xd90 [ 2861.969557][T27710] ? netlink_unicast+0x7d0/0x7d0 [ 2861.974512][T27710] ? netlink_unicast+0x7d0/0x7d0 [ 2861.979457][T27710] sock_sendmsg+0xcf/0x120 [ 2861.983913][T27710] ____sys_sendmsg+0x6e8/0x810 [ 2861.988690][T27710] ? kernel_sendmsg+0x50/0x50 [ 2861.993373][T27710] ? do_recvmmsg+0x6d0/0x6d0 [ 2861.997978][T27710] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2862.003968][T27710] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2862.009954][T27710] ? do_user_addr_fault+0x8ce/0xd00 [ 2862.015174][T27710] ___sys_sendmsg+0xf3/0x170 [ 2862.019862][T27710] ? sendmsg_copy_msghdr+0x160/0x160 [ 2862.025155][T27710] ? __fget_files+0x272/0x400 [ 2862.029843][T27710] ? lock_downgrade+0x820/0x820 [ 2862.034693][T27710] ? find_held_lock+0x2d/0x110 [ 2862.039461][T27710] ? __might_fault+0x11f/0x1d0 [ 2862.044243][T27710] ? __fget_files+0x294/0x400 [ 2862.048943][T27710] ? __fget_light+0xea/0x280 [ 2862.053545][T27710] __sys_sendmsg+0xe5/0x1b0 [ 2862.058052][T27710] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2862.063080][T27710] ? __x64_sys_futex+0x382/0x4e0 [ 2862.068037][T27710] ? do_syscall_64+0x1c/0xe0 [ 2862.072636][T27710] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2862.078626][T27710] do_syscall_64+0x60/0xe0 [ 2862.083066][T27710] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2862.088961][T27710] RIP: 0033:0x45c369 [ 2862.092853][T27710] Code: Bad RIP value. [ 2862.096920][T27710] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2862.105339][T27710] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2862.113314][T27710] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2862.121290][T27710] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2862.129268][T27710] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2862.137355][T27710] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c 22:19:01 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2862.246094][T27720] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:01 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002600000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:01 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x40, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa4}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:19:01 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:01 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2d00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:01 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500400f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:01 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002700000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2862.477668][T27745] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:02 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:02 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500480f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2862.563066][T27746] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2862.614714][T27746] CPU: 0 PID: 27746 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2862.623415][T27746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2862.633463][T27746] Call Trace: [ 2862.636747][T27746] dump_stack+0x18f/0x20d [ 2862.641060][T27746] sysfs_warn_dup.cold+0x1c/0x2d [ 2862.646001][T27746] sysfs_do_create_link_sd+0x11e/0x140 [ 2862.651442][T27746] sysfs_create_link+0x5f/0xc0 [ 2862.656200][T27746] device_add+0x6ff/0x1b00 [ 2862.660599][T27746] ? device_check_offline+0x280/0x280 [ 2862.665949][T27746] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2862.671949][T27746] wiphy_register+0x1d5b/0x2840 [ 2862.676785][T27746] ? wiphy_unregister+0xc10/0xc10 [ 2862.681790][T27746] ? default_device_exit_batch+0x3d0/0x3d0 [ 2862.687605][T27746] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2862.693656][T27746] ieee80211_register_hw+0x2291/0x3950 [ 2862.699100][T27746] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2862.704452][T27746] ? lock_downgrade+0x820/0x820 [ 2862.709303][T27746] ? lock_is_held_type+0xb0/0xe0 [ 2862.714237][T27746] ? memset+0x20/0x40 [ 2862.718199][T27746] ? __hrtimer_init+0x12c/0x260 [ 2862.723032][T27746] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2862.728737][T27746] ? hwsim_virtio_rx_work+0x350/0x350 [ 2862.734087][T27746] ? memcpy+0x39/0x60 [ 2862.738048][T27746] hwsim_new_radio_nl+0x93e/0xf8c [ 2862.743052][T27746] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2862.748930][T27746] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2862.755841][T27746] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2862.762673][T27746] genl_rcv_msg+0x61d/0x980 [ 2862.767163][T27746] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2862.774102][T27746] ? lock_release+0x8d0/0x8d0 [ 2862.778757][T27746] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2862.784023][T27746] netlink_rcv_skb+0x15a/0x430 [ 2862.788780][T27746] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2862.795698][T27746] ? netlink_ack+0xa10/0xa10 [ 2862.800394][T27746] genl_rcv+0x24/0x40 [ 2862.804354][T27746] netlink_unicast+0x533/0x7d0 [ 2862.809099][T27746] ? netlink_attachskb+0x810/0x810 [ 2862.814301][T27746] netlink_sendmsg+0x856/0xd90 [ 2862.819064][T27746] ? netlink_unicast+0x7d0/0x7d0 [ 2862.823986][T27746] ? netlink_unicast+0x7d0/0x7d0 [ 2862.828918][T27746] sock_sendmsg+0xcf/0x120 [ 2862.833315][T27746] ____sys_sendmsg+0x6e8/0x810 [ 2862.838055][T27746] ? kernel_sendmsg+0x50/0x50 [ 2862.842704][T27746] ? do_recvmmsg+0x6d0/0x6d0 [ 2862.847292][T27746] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2862.853252][T27746] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2862.859213][T27746] ? do_user_addr_fault+0x8ce/0xd00 [ 2862.864404][T27746] ___sys_sendmsg+0xf3/0x170 [ 2862.868971][T27746] ? sendmsg_copy_msghdr+0x160/0x160 [ 2862.874233][T27746] ? __fget_files+0x272/0x400 [ 2862.878902][T27746] ? lock_downgrade+0x820/0x820 [ 2862.883729][T27746] ? find_held_lock+0x2d/0x110 [ 2862.888471][T27746] ? __might_fault+0x11f/0x1d0 [ 2862.893226][T27746] ? __fget_files+0x294/0x400 [ 2862.897886][T27746] ? __fget_light+0xea/0x280 [ 2862.902461][T27746] __sys_sendmsg+0xe5/0x1b0 [ 2862.906951][T27746] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2862.911951][T27746] ? __x64_sys_futex+0x382/0x4e0 [ 2862.916875][T27746] ? do_syscall_64+0x1c/0xe0 [ 2862.921443][T27746] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2862.927412][T27746] do_syscall_64+0x60/0xe0 [ 2862.931811][T27746] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2862.937678][T27746] RIP: 0033:0x45c369 [ 2862.941545][T27746] Code: Bad RIP value. [ 2862.945599][T27746] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2862.953987][T27746] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2862.961935][T27746] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2862.969884][T27746] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2862.977834][T27746] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2862.985781][T27746] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c 22:19:02 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002800000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2863.083454][T27759] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:02 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2f00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:02 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:02 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002900000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:02 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r2, 0x0, 0x0) recvmsg$kcm(r1, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r3, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r5, r2}, 0x78) r6 = openat$cgroup_ro(r4, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000200)=0xfeffffff00000000, 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40305839, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x1, &(0x7f0000000040)=@raw=[@jmp={0x5, 0x0, 0x4, 0x5, 0x8, 0xffffffffffffffe0, 0x10}], &(0x7f0000000180)='GPL\x00', 0x6f92ad17, 0x66, &(0x7f00000001c0)=""/102, 0x41000, 0x4, [], 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x400004}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x7, 0x2}, 0x10, r5, r6}, 0x78) openat$cgroup(r6, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0) gettid() 22:19:02 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:02 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005e44a0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2863.327898][T27777] validate_nla: 23 callbacks suppressed [ 2863.327908][T27777] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2863.356900][T27777] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2863.401180][T27780] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2863.408946][T27780] CPU: 0 PID: 27780 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2863.417630][T27780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2863.427692][T27780] Call Trace: [ 2863.430996][T27780] dump_stack+0x18f/0x20d [ 2863.435343][T27780] sysfs_warn_dup.cold+0x1c/0x2d [ 2863.440309][T27780] sysfs_do_create_link_sd+0x11e/0x140 [ 2863.445796][T27780] sysfs_create_link+0x5f/0xc0 [ 2863.450604][T27780] device_add+0x6ff/0x1b00 [ 2863.455056][T27780] ? device_check_offline+0x280/0x280 [ 2863.460446][T27780] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2863.466544][T27780] wiphy_register+0x1d5b/0x2840 [ 2863.471413][T27780] ? wiphy_unregister+0xc10/0xc10 [ 2863.476451][T27780] ? default_device_exit_batch+0x3d0/0x3d0 [ 2863.482307][T27780] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2863.488387][T27780] ieee80211_register_hw+0x2291/0x3950 [ 2863.493876][T27780] ? ieee80211_restart_hw+0x2f0/0x2f0 22:19:03 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424", 0x12}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2863.499262][T27780] ? lock_downgrade+0x820/0x820 [ 2863.504132][T27780] ? lock_is_held_type+0xb0/0xe0 [ 2863.509082][T27780] ? memset+0x20/0x40 [ 2863.513081][T27780] ? __hrtimer_init+0x12c/0x260 [ 2863.517948][T27780] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2863.523689][T27780] ? hwsim_virtio_rx_work+0x350/0x350 [ 2863.529077][T27780] ? memcpy+0x39/0x60 [ 2863.533078][T27780] hwsim_new_radio_nl+0x93e/0xf8c [ 2863.538125][T27780] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2863.544039][T27780] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2863.550982][T27780] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2863.557848][T27780] genl_rcv_msg+0x61d/0x980 [ 2863.562366][T27780] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2863.569320][T27780] ? lock_release+0x8d0/0x8d0 [ 2863.574010][T27780] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2863.579309][T27780] netlink_rcv_skb+0x15a/0x430 [ 2863.584083][T27780] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2863.591048][T27780] ? netlink_ack+0xa10/0xa10 [ 2863.595656][T27780] genl_rcv+0x24/0x40 22:19:03 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2863.599646][T27780] netlink_unicast+0x533/0x7d0 [ 2863.604419][T27780] ? netlink_attachskb+0x810/0x810 [ 2863.609540][T27780] ? _copy_from_iter_full+0x247/0x890 [ 2863.614926][T27780] ? __phys_addr+0x9a/0x110 [ 2863.619437][T27780] ? __phys_addr_symbol+0x2c/0x70 [ 2863.624464][T27780] ? __check_object_size+0x171/0x3e4 [ 2863.629756][T27780] netlink_sendmsg+0x856/0xd90 [ 2863.634533][T27780] ? netlink_unicast+0x7d0/0x7d0 [ 2863.639481][T27780] ? netlink_unicast+0x7d0/0x7d0 [ 2863.644422][T27780] sock_sendmsg+0xcf/0x120 [ 2863.648839][T27780] ____sys_sendmsg+0x6e8/0x810 [ 2863.653610][T27780] ? kernel_sendmsg+0x50/0x50 [ 2863.658294][T27780] ? do_recvmmsg+0x6d0/0x6d0 [ 2863.662930][T27780] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2863.668939][T27780] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2863.674930][T27780] ? do_user_addr_fault+0x8ce/0xd00 [ 2863.680167][T27780] ___sys_sendmsg+0xf3/0x170 [ 2863.684771][T27780] ? sendmsg_copy_msghdr+0x160/0x160 [ 2863.690067][T27780] ? __fget_files+0x272/0x400 [ 2863.694768][T27780] ? lock_downgrade+0x820/0x820 [ 2863.699628][T27780] ? find_held_lock+0x2d/0x110 [ 2863.704400][T27780] ? __might_fault+0x11f/0x1d0 [ 2863.709182][T27780] ? __fget_files+0x294/0x400 [ 2863.713873][T27780] ? __fget_light+0xea/0x280 [ 2863.718477][T27780] __sys_sendmsg+0xe5/0x1b0 [ 2863.722979][T27780] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2863.728008][T27780] ? __x64_sys_futex+0x382/0x4e0 [ 2863.733055][T27780] ? do_syscall_64+0x1c/0xe0 [ 2863.737659][T27780] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2863.743653][T27780] do_syscall_64+0x60/0xe0 [ 2863.748081][T27780] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2863.753975][T27780] RIP: 0033:0x45c369 [ 2863.757867][T27780] Code: Bad RIP value. [ 2863.761932][T27780] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2863.770344][T27780] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2863.778321][T27780] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2863.786295][T27780] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2863.794271][T27780] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2863.802249][T27780] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c [ 2863.816271][T27790] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 2863.843030][T27779] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:03 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="3000000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2863.902081][T27792] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2863.940736][T27790] netlink: 'syz-executor.3': attribute type 2 has an invalid length. 22:19:03 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005004c0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:03 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424", 0x12}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2863.958220][T27792] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:03 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:19:03 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:03 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002b00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2864.143552][T27803] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:03 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="3400000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:03 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424", 0x12}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:03 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005554e0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2864.230475][T27809] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 2864.232405][T27810] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2864.324730][T27810] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2864.366175][T27808] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2864.394793][T27808] CPU: 1 PID: 27808 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2864.403502][T27808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2864.413592][T27808] Call Trace: [ 2864.416896][T27808] dump_stack+0x18f/0x20d [ 2864.421243][T27808] sysfs_warn_dup.cold+0x1c/0x2d [ 2864.426210][T27808] sysfs_do_create_link_sd+0x11e/0x140 [ 2864.431695][T27808] sysfs_create_link+0x5f/0xc0 [ 2864.436491][T27808] device_add+0x6ff/0x1b00 [ 2864.440925][T27808] ? device_check_offline+0x280/0x280 [ 2864.446312][T27808] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2864.452319][T27808] wiphy_register+0x1d5b/0x2840 [ 2864.457202][T27808] ? wiphy_unregister+0xc10/0xc10 [ 2864.462239][T27808] ? default_device_exit_batch+0x3d0/0x3d0 [ 2864.468065][T27808] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2864.474148][T27808] ieee80211_register_hw+0x2291/0x3950 [ 2864.479645][T27808] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2864.485041][T27808] ? lock_downgrade+0x820/0x820 [ 2864.489916][T27808] ? lock_is_held_type+0xb0/0xe0 [ 2864.494871][T27808] ? memset+0x20/0x40 [ 2864.498869][T27808] ? __hrtimer_init+0x12c/0x260 [ 2864.503741][T27808] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2864.509502][T27808] ? hwsim_virtio_rx_work+0x350/0x350 [ 2864.514893][T27808] ? memcpy+0x39/0x60 [ 2864.518891][T27808] hwsim_new_radio_nl+0x93e/0xf8c [ 2864.523935][T27808] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2864.529853][T27808] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2864.536802][T27808] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2864.543684][T27808] genl_rcv_msg+0x61d/0x980 [ 2864.548220][T27808] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2864.555199][T27808] ? lock_release+0x8d0/0x8d0 [ 2864.559889][T27808] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2864.565185][T27808] netlink_rcv_skb+0x15a/0x430 [ 2864.569943][T27808] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2864.576912][T27808] ? netlink_ack+0xa10/0xa10 [ 2864.581490][T27808] genl_rcv+0x24/0x40 [ 2864.585470][T27808] netlink_unicast+0x533/0x7d0 [ 2864.590221][T27808] ? netlink_attachskb+0x810/0x810 [ 2864.595308][T27808] ? _copy_from_iter_full+0x247/0x890 [ 2864.600662][T27808] ? __phys_addr+0x9a/0x110 [ 2864.605145][T27808] ? __phys_addr_symbol+0x2c/0x70 [ 2864.610196][T27808] ? __check_object_size+0x171/0x3e4 [ 2864.615474][T27808] netlink_sendmsg+0x856/0xd90 [ 2864.620234][T27808] ? netlink_unicast+0x7d0/0x7d0 [ 2864.625163][T27808] ? netlink_unicast+0x7d0/0x7d0 [ 2864.630086][T27808] sock_sendmsg+0xcf/0x120 [ 2864.634494][T27808] ____sys_sendmsg+0x6e8/0x810 [ 2864.639265][T27808] ? kernel_sendmsg+0x50/0x50 [ 2864.643931][T27808] ? do_recvmmsg+0x6d0/0x6d0 [ 2864.648547][T27808] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2864.654508][T27808] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2864.660470][T27808] ? do_user_addr_fault+0x8ce/0xd00 [ 2864.665659][T27808] ___sys_sendmsg+0xf3/0x170 [ 2864.670240][T27808] ? sendmsg_copy_msghdr+0x160/0x160 [ 2864.675527][T27808] ? __fget_files+0x272/0x400 [ 2864.680202][T27808] ? lock_downgrade+0x820/0x820 [ 2864.685041][T27808] ? find_held_lock+0x2d/0x110 [ 2864.689833][T27808] ? __might_fault+0x11f/0x1d0 [ 2864.694592][T27808] ? __fget_files+0x294/0x400 [ 2864.699253][T27808] ? __fget_light+0xea/0x280 [ 2864.703829][T27808] __sys_sendmsg+0xe5/0x1b0 [ 2864.708311][T27808] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2864.713323][T27808] ? __x64_sys_futex+0x382/0x4e0 [ 2864.718253][T27808] ? do_syscall_64+0x1c/0xe0 [ 2864.722865][T27808] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2864.728858][T27808] do_syscall_64+0x60/0xe0 [ 2864.733276][T27808] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2864.739171][T27808] RIP: 0033:0x45c369 [ 2864.743049][T27808] Code: Bad RIP value. [ 2864.747145][T27808] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2864.755543][T27808] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2864.763504][T27808] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2864.771461][T27808] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2864.779412][T27808] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2864.787411][T27808] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c 22:19:04 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002c00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2864.891902][T27820] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:04 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x80001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xd6, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="2e00001ddc000535a4abe12b8018007a0124fc60100002b2affed40000400c000200053582c137153e370900260004001d00d1bd1037cf809f66133a7c0c0493a96259bdc602cab62e2f6a43a94e78a2ddaf12b25cf48f6382f7f4851023028950a52d5424923cf2cd95cddf66beb5fe6423a1414bfc74b328e4a3fcdf3cf71e9884bc47bcb0f3db935b21efd7126e46431700fbf7824143e01b78b8fcca5ee230b0f38adbe442b9887f5050d1e6ff8cc5a7b9", 0xb3}], 0x1, 0x0, 0x0, 0x4c}, 0x4) gettid() r0 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r1 = socket$kcm(0x2b, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r2, 0x0, 0x0) recvmsg$kcm(r1, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x44a00, 0x0) ioctl$TUNSETNOCSUM(r4, 0x400454c8, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r3, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r5, r2}, 0x78) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x4, &(0x7f0000000240)=@framed={{}, [@alu={0x8000000201a7fe3, 0x0, 0x7, 0x61, 0x0, 0x43}]}, &(0x7f0000000000)='GPL\x00', 0x5, 0x3e2, &(0x7f00001a7f05)=""/251}, 0x34) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r6, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r7}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r2, 0x0, 0x6, &(0x7f0000000000)='),\xe4{+\x00', r7}, 0x30) 22:19:04 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a0011", 0x1b}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:04 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:04 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="3500000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:04 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba90600054e550f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2865.034408][T27830] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2865.097915][T27834] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2865.142006][T27834] CPU: 0 PID: 27834 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2865.150718][T27834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2865.160782][T27834] Call Trace: [ 2865.164065][T27834] dump_stack+0x18f/0x20d [ 2865.168388][T27834] sysfs_warn_dup.cold+0x1c/0x2d [ 2865.173318][T27834] sysfs_do_create_link_sd+0x11e/0x140 [ 2865.178782][T27834] sysfs_create_link+0x5f/0xc0 [ 2865.183529][T27834] device_add+0x6ff/0x1b00 [ 2865.187945][T27834] ? device_check_offline+0x280/0x280 [ 2865.193294][T27834] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2865.199256][T27834] wiphy_register+0x1d5b/0x2840 [ 2865.204095][T27834] ? wiphy_unregister+0xc10/0xc10 [ 2865.209103][T27834] ? default_device_exit_batch+0x3d0/0x3d0 [ 2865.214889][T27834] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2865.220937][T27834] ieee80211_register_hw+0x2291/0x3950 [ 2865.226382][T27834] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2865.231747][T27834] ? lock_downgrade+0x820/0x820 [ 2865.236574][T27834] ? lock_is_held_type+0xb0/0xe0 [ 2865.241504][T27834] ? memset+0x20/0x40 [ 2865.245490][T27834] ? __hrtimer_init+0x12c/0x260 [ 2865.250340][T27834] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2865.256061][T27834] ? hwsim_virtio_rx_work+0x350/0x350 [ 2865.261428][T27834] ? memcpy+0x39/0x60 [ 2865.265392][T27834] hwsim_new_radio_nl+0x93e/0xf8c [ 2865.270400][T27834] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2865.276282][T27834] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2865.283196][T27834] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2865.290035][T27834] genl_rcv_msg+0x61d/0x980 [ 2865.294519][T27834] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2865.301450][T27834] ? lock_release+0x8d0/0x8d0 [ 2865.306103][T27834] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2865.311407][T27834] netlink_rcv_skb+0x15a/0x430 [ 2865.316173][T27834] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2865.323103][T27834] ? netlink_ack+0xa10/0xa10 [ 2865.327790][T27834] genl_rcv+0x24/0x40 [ 2865.331751][T27834] netlink_unicast+0x533/0x7d0 [ 2865.336497][T27834] ? netlink_attachskb+0x810/0x810 [ 2865.341587][T27834] ? _copy_from_iter_full+0x247/0x890 [ 2865.346937][T27834] ? __phys_addr+0x9a/0x110 [ 2865.351422][T27834] ? __phys_addr_symbol+0x2c/0x70 [ 2865.356437][T27834] ? __check_object_size+0x171/0x3e4 [ 2865.361705][T27834] netlink_sendmsg+0x856/0xd90 [ 2865.366471][T27834] ? netlink_unicast+0x7d0/0x7d0 [ 2865.371399][T27834] ? netlink_unicast+0x7d0/0x7d0 [ 2865.376318][T27834] sock_sendmsg+0xcf/0x120 [ 2865.380717][T27834] ____sys_sendmsg+0x6e8/0x810 [ 2865.385461][T27834] ? kernel_sendmsg+0x50/0x50 [ 2865.390129][T27834] ? do_recvmmsg+0x6d0/0x6d0 [ 2865.394702][T27834] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2865.400680][T27834] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2865.406654][T27834] ? do_user_addr_fault+0x8ce/0xd00 [ 2865.411890][T27834] ___sys_sendmsg+0xf3/0x170 [ 2865.416478][T27834] ? sendmsg_copy_msghdr+0x160/0x160 [ 2865.421763][T27834] ? __fget_files+0x272/0x400 [ 2865.426425][T27834] ? lock_downgrade+0x820/0x820 [ 2865.431254][T27834] ? find_held_lock+0x2d/0x110 [ 2865.436010][T27834] ? __might_fault+0x11f/0x1d0 [ 2865.440767][T27834] ? __fget_files+0x294/0x400 [ 2865.445434][T27834] ? __fget_light+0xea/0x280 [ 2865.450007][T27834] __sys_sendmsg+0xe5/0x1b0 [ 2865.454506][T27834] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2865.459541][T27834] ? __x64_sys_futex+0x382/0x4e0 [ 2865.464467][T27834] ? do_syscall_64+0x1c/0xe0 [ 2865.469041][T27834] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2865.475013][T27834] do_syscall_64+0x60/0xe0 [ 2865.479410][T27834] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2865.485416][T27834] RIP: 0033:0x45c369 [ 2865.489316][T27834] Code: Bad RIP value. 22:19:05 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002d00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2865.493365][T27834] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2865.501750][T27834] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2865.509717][T27834] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2865.517663][T27834] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2865.525611][T27834] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2865.533560][T27834] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c [ 2865.942384][T27844] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:05 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a0011", 0x1b}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:05 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000565580f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:05 executing program 3: socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:19:05 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002e00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:05 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:19:05 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="3600000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2866.150474][T27862] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:05 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a0011", 0x1b}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2866.207379][T27867] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2866.236165][T27867] CPU: 0 PID: 27867 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2866.244873][T27867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2866.254925][T27867] Call Trace: [ 2866.258224][T27867] dump_stack+0x18f/0x20d [ 2866.262580][T27867] sysfs_warn_dup.cold+0x1c/0x2d [ 2866.267538][T27867] sysfs_do_create_link_sd+0x11e/0x140 [ 2866.273017][T27867] sysfs_create_link+0x5f/0xc0 [ 2866.277814][T27867] device_add+0x6ff/0x1b00 [ 2866.282269][T27867] ? device_check_offline+0x280/0x280 [ 2866.287768][T27867] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2866.293772][T27867] wiphy_register+0x1d5b/0x2840 [ 2866.298662][T27867] ? wiphy_unregister+0xc10/0xc10 [ 2866.303710][T27867] ? default_device_exit_batch+0x3d0/0x3d0 [ 2866.309546][T27867] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2866.315639][T27867] ieee80211_register_hw+0x2291/0x3950 [ 2866.321141][T27867] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2866.326543][T27867] ? lock_downgrade+0x820/0x820 [ 2866.331414][T27867] ? lock_is_held_type+0xb0/0xe0 [ 2866.336370][T27867] ? memset+0x20/0x40 [ 2866.340372][T27867] ? __hrtimer_init+0x12c/0x260 [ 2866.345245][T27867] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2866.351020][T27867] ? hwsim_virtio_rx_work+0x350/0x350 [ 2866.356411][T27867] ? memcpy+0x39/0x60 [ 2866.360443][T27867] hwsim_new_radio_nl+0x93e/0xf8c [ 2866.365481][T27867] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2866.371400][T27867] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2866.378349][T27867] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2866.385228][T27867] genl_rcv_msg+0x61d/0x980 [ 2866.389754][T27867] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2866.396724][T27867] ? lock_release+0x8d0/0x8d0 [ 2866.401417][T27867] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2866.406732][T27867] netlink_rcv_skb+0x15a/0x430 [ 2866.411522][T27867] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2866.418487][T27867] ? netlink_ack+0xa10/0xa10 [ 2866.423107][T27867] genl_rcv+0x24/0x40 [ 2866.427111][T27867] netlink_unicast+0x533/0x7d0 [ 2866.431906][T27867] ? netlink_attachskb+0x810/0x810 [ 2866.437030][T27867] ? _copy_from_iter_full+0x247/0x890 [ 2866.442426][T27867] ? __phys_addr+0x9a/0x110 [ 2866.447038][T27867] ? __phys_addr_symbol+0x2c/0x70 [ 2866.452079][T27867] ? __check_object_size+0x171/0x3e4 [ 2866.457394][T27867] netlink_sendmsg+0x856/0xd90 [ 2866.462177][T27867] ? netlink_unicast+0x7d0/0x7d0 [ 2866.467138][T27867] ? netlink_unicast+0x7d0/0x7d0 [ 2866.472109][T27867] sock_sendmsg+0xcf/0x120 [ 2866.476541][T27867] ____sys_sendmsg+0x6e8/0x810 [ 2866.481323][T27867] ? kernel_sendmsg+0x50/0x50 [ 2866.486026][T27867] ? do_recvmmsg+0x6d0/0x6d0 [ 2866.490635][T27867] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2866.496638][T27867] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2866.502630][T27867] ? do_user_addr_fault+0x8ce/0xd00 [ 2866.507846][T27867] ___sys_sendmsg+0xf3/0x170 [ 2866.512455][T27867] ? sendmsg_copy_msghdr+0x160/0x160 [ 2866.517749][T27867] ? __fget_files+0x272/0x400 [ 2866.522439][T27867] ? lock_downgrade+0x820/0x820 [ 2866.527299][T27867] ? find_held_lock+0x2d/0x110 [ 2866.532072][T27867] ? __might_fault+0x11f/0x1d0 [ 2866.536859][T27867] ? __fget_files+0x294/0x400 [ 2866.541557][T27867] ? __fget_light+0xea/0x280 [ 2866.546164][T27867] __sys_sendmsg+0xe5/0x1b0 [ 2866.550689][T27867] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2866.555752][T27867] ? __x64_sys_futex+0x382/0x4e0 [ 2866.560717][T27867] ? do_syscall_64+0x1c/0xe0 [ 2866.565319][T27867] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2866.571331][T27867] do_syscall_64+0x60/0xe0 [ 2866.575783][T27867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2866.581690][T27867] RIP: 0033:0x45c369 [ 2866.585568][T27867] Code: Bad RIP value. [ 2866.589621][T27867] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2866.598040][T27867] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:19:06 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010002f00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:06 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500600f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2866.606017][T27867] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2866.613997][T27867] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2866.621975][T27867] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2866.629955][T27867] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c 22:19:06 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="3700000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2866.730916][T27882] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:06 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00", 0x1f}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:06 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000080), 0x1, 0x0, 0x0, 0x4c}, 0x4000) gettid() r1 = socket$kcm(0x2b, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r2, 0x0, 0x0) recvmsg$kcm(r1, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x119, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xffffffffffffff42) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r4, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r5}, 0x78) r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(r6, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x4, 0x4, &(0x7f0000000040)=@raw=[@jmp={0x5, 0x1, 0xc, 0x5, 0x3, 0x20}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xbd87}, @ldst={0x0, 0x0, 0x2, 0x7, 0x4, 0x18}], &(0x7f0000000140)='syzkaller\x00', 0x2cd, 0xf8, &(0x7f0000000300)=""/248, 0x40f00, 0xe, [], r4, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x0, 0x7, 0x5, 0x3}, 0x10, r3, r6}, 0x78) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000100)=ANY=[@ANYBLOB="dc1c44712522a11548f1b43fb297d828abca6af04bcff5988bec89d4701f6a56809dc5b36d1728"], &(0x7f0000000180)='GPL\x00', 0x2, 0xffffffffffffffe1, &(0x7f0000000480)=""/107, 0x41000, 0x7, [], 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0xfffffffffffffd2d, r3, r2}, 0x78) r7 = openat$cgroup_ro(r2, &(0x7f0000000000)='memory.events\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x2400, 0x10000) 22:19:06 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:19:06 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000558650f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:06 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003000000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2866.953562][T27895] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2866.997842][T27895] CPU: 1 PID: 27895 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2867.006558][T27895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2867.016706][T27895] Call Trace: [ 2867.020008][T27895] dump_stack+0x18f/0x20d [ 2867.024352][T27895] sysfs_warn_dup.cold+0x1c/0x2d [ 2867.029302][T27895] sysfs_do_create_link_sd+0x11e/0x140 [ 2867.034768][T27895] sysfs_create_link+0x5f/0xc0 [ 2867.039541][T27895] device_add+0x6ff/0x1b00 [ 2867.043975][T27895] ? device_check_offline+0x280/0x280 [ 2867.049361][T27895] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2867.055368][T27895] wiphy_register+0x1d5b/0x2840 [ 2867.060241][T27895] ? wiphy_unregister+0xc10/0xc10 [ 2867.065277][T27895] ? default_device_exit_batch+0x3d0/0x3d0 [ 2867.071113][T27895] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2867.077201][T27895] ieee80211_register_hw+0x2291/0x3950 [ 2867.082690][T27895] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2867.088074][T27895] ? lock_downgrade+0x820/0x820 [ 2867.092933][T27895] ? lock_is_held_type+0xb0/0xe0 [ 2867.097879][T27895] ? memset+0x20/0x40 [ 2867.101870][T27895] ? __hrtimer_init+0x12c/0x260 [ 2867.106730][T27895] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2867.112471][T27895] ? hwsim_virtio_rx_work+0x350/0x350 [ 2867.117850][T27895] ? memcpy+0x39/0x60 [ 2867.121839][T27895] hwsim_new_radio_nl+0x93e/0xf8c [ 2867.126874][T27895] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2867.132785][T27895] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2867.139731][T27895] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2867.146596][T27895] genl_rcv_msg+0x61d/0x980 [ 2867.151127][T27895] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2867.158084][T27895] ? lock_release+0x8d0/0x8d0 [ 2867.162778][T27895] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2867.168083][T27895] netlink_rcv_skb+0x15a/0x430 [ 2867.172869][T27895] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2867.179815][T27895] ? netlink_ack+0xa10/0xa10 [ 2867.184430][T27895] genl_rcv+0x24/0x40 [ 2867.188420][T27895] netlink_unicast+0x533/0x7d0 [ 2867.193206][T27895] ? netlink_attachskb+0x810/0x810 [ 2867.198427][T27895] ? _copy_from_iter_full+0x247/0x890 [ 2867.203817][T27895] ? __phys_addr+0x9a/0x110 [ 2867.208335][T27895] ? __phys_addr_symbol+0x2c/0x70 [ 2867.213372][T27895] ? __check_object_size+0x171/0x3e4 [ 2867.218660][T27895] netlink_sendmsg+0x856/0xd90 [ 2867.223412][T27895] ? netlink_unicast+0x7d0/0x7d0 [ 2867.228357][T27895] ? netlink_unicast+0x7d0/0x7d0 [ 2867.233301][T27895] sock_sendmsg+0xcf/0x120 [ 2867.237733][T27895] ____sys_sendmsg+0x6e8/0x810 [ 2867.242515][T27895] ? kernel_sendmsg+0x50/0x50 [ 2867.247203][T27895] ? do_recvmmsg+0x6d0/0x6d0 [ 2867.251809][T27895] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2867.257804][T27895] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2867.263801][T27895] ? do_user_addr_fault+0x8ce/0xd00 [ 2867.269034][T27895] ___sys_sendmsg+0xf3/0x170 [ 2867.273643][T27895] ? sendmsg_copy_msghdr+0x160/0x160 [ 2867.278945][T27895] ? __fget_files+0x272/0x400 [ 2867.283645][T27895] ? lock_downgrade+0x820/0x820 [ 2867.288520][T27895] ? find_held_lock+0x2d/0x110 [ 2867.293312][T27895] ? __might_fault+0x11f/0x1d0 [ 2867.298101][T27895] ? __fget_files+0x294/0x400 [ 2867.302805][T27895] ? __fget_light+0xea/0x280 [ 2867.307418][T27895] __sys_sendmsg+0xe5/0x1b0 [ 2867.311943][T27895] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2867.316987][T27895] ? __x64_sys_futex+0x382/0x4e0 [ 2867.321954][T27895] ? do_syscall_64+0x1c/0xe0 [ 2867.326567][T27895] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2867.332570][T27895] do_syscall_64+0x60/0xe0 [ 2867.337007][T27895] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2867.342913][T27895] RIP: 0033:0x45c369 22:19:06 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="3b00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2867.346820][T27895] Code: Bad RIP value. [ 2867.350884][T27895] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2867.359401][T27895] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2867.367381][T27895] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2867.375363][T27895] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2867.383344][T27895] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2867.391321][T27895] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c 22:19:06 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00", 0x1f}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:06 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0xc) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() 22:19:07 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 2867.503493][T27901] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:07 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003100000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:07 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00", 0x1f}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:07 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500680f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:07 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="3c00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:07 executing program 3: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200}, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() r1 = socket$kcm(0x2b, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r2, 0x0, 0x0) recvmsg$kcm(r1, &(0x7f0000013fc0)={&(0x7f0000013c00)=@can={0x1d, 0x0}, 0x80, &(0x7f0000013e80)=[{&(0x7f0000013c80)=""/137, 0x89}, {&(0x7f0000000940)=""/204, 0xcc}, {&(0x7f0000013e40)=""/21, 0x15}], 0x3, &(0x7f0000013ec0)=""/246, 0xf6}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xc0, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000014080)={0x18, 0x9, &(0x7f0000000a40)=ANY=[@ANYBLOB="10000000030300000000000000060000001808000006c76a000000000000000000000000000000000000a8c11dcf000000000000000000000000000000000000000000000d005d7a0000"], &(0x7f0000000180)='GPL\x00', 0x2, 0x5e, &(0x7f0000000280)=""/94, 0x41000, 0x7, [], r3, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000014000)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000014040)={0x3, 0x6, 0x1, 0x7}, 0x10, r5, r2}, 0x78) r6 = openat$cgroup_ro(r4, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000200)=0xfeffffff00000000, 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40305839, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x1, &(0x7f0000000040)=@raw=[@jmp={0x5, 0x0, 0x4, 0x5, 0x8, 0xffffffffffffffe0, 0x10}], &(0x7f0000000180)='GPL\x00', 0x6f92ad17, 0x66, &(0x7f00000001c0)=""/102, 0x41000, 0x4, [], 0x0, 0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x400004}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x7, 0x2}, 0x10, r5, r6}, 0x78) write$cgroup_int(r6, &(0x7f0000000000)=0x3, 0x12) [ 2867.660075][T27919] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2867.667830][T27919] CPU: 0 PID: 27919 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2867.676503][T27919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2867.686565][T27919] Call Trace: [ 2867.689874][T27919] dump_stack+0x18f/0x20d [ 2867.694227][T27919] sysfs_warn_dup.cold+0x1c/0x2d [ 2867.699182][T27919] sysfs_do_create_link_sd+0x11e/0x140 [ 2867.704657][T27919] sysfs_create_link+0x5f/0xc0 [ 2867.709435][T27919] device_add+0x6ff/0x1b00 [ 2867.713869][T27919] ? device_check_offline+0x280/0x280 [ 2867.719259][T27919] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2867.725257][T27919] wiphy_register+0x1d5b/0x2840 [ 2867.730128][T27919] ? wiphy_unregister+0xc10/0xc10 [ 2867.735178][T27919] ? default_device_exit_batch+0x3d0/0x3d0 [ 2867.741012][T27919] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2867.747097][T27919] ieee80211_register_hw+0x2291/0x3950 [ 2867.752562][T27919] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2867.757941][T27919] ? lock_downgrade+0x820/0x820 [ 2867.762800][T27919] ? lock_is_held_type+0xb0/0xe0 [ 2867.767746][T27919] ? memset+0x20/0x40 [ 2867.771734][T27919] ? __hrtimer_init+0x12c/0x260 [ 2867.776593][T27919] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2867.782335][T27919] ? hwsim_virtio_rx_work+0x350/0x350 [ 2867.787721][T27919] ? memcpy+0x39/0x60 [ 2867.791721][T27919] hwsim_new_radio_nl+0x93e/0xf8c [ 2867.796764][T27919] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2867.802792][T27919] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2867.809745][T27919] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2867.816615][T27919] genl_rcv_msg+0x61d/0x980 [ 2867.821143][T27919] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2867.828140][T27919] ? lock_release+0x8d0/0x8d0 [ 2867.832830][T27919] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2867.838136][T27919] netlink_rcv_skb+0x15a/0x430 [ 2867.842930][T27919] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2867.849889][T27919] ? netlink_ack+0xa10/0xa10 [ 2867.854508][T27919] genl_rcv+0x24/0x40 [ 2867.858506][T27919] netlink_unicast+0x533/0x7d0 [ 2867.863292][T27919] ? netlink_attachskb+0x810/0x810 [ 2867.868416][T27919] ? _copy_from_iter_full+0x247/0x890 [ 2867.873804][T27919] ? __phys_addr+0x9a/0x110 [ 2867.878324][T27919] ? __phys_addr_symbol+0x2c/0x70 [ 2867.883363][T27919] ? __check_object_size+0x171/0x3e4 [ 2867.888665][T27919] netlink_sendmsg+0x856/0xd90 [ 2867.893470][T27919] ? netlink_unicast+0x7d0/0x7d0 [ 2867.898433][T27919] ? netlink_unicast+0x7d0/0x7d0 [ 2867.903383][T27919] sock_sendmsg+0xcf/0x120 [ 2867.907819][T27919] ____sys_sendmsg+0x6e8/0x810 [ 2867.912601][T27919] ? kernel_sendmsg+0x50/0x50 [ 2867.917289][T27919] ? do_recvmmsg+0x6d0/0x6d0 [ 2867.921914][T27919] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2867.927921][T27919] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2867.933921][T27919] ? do_user_addr_fault+0x8ce/0xd00 [ 2867.939145][T27919] ___sys_sendmsg+0xf3/0x170 [ 2867.943770][T27919] ? sendmsg_copy_msghdr+0x160/0x160 [ 2867.949071][T27919] ? __fget_files+0x272/0x400 [ 2867.953768][T27919] ? lock_downgrade+0x820/0x820 [ 2867.958627][T27919] ? find_held_lock+0x2d/0x110 [ 2867.963396][T27919] ? __might_fault+0x11f/0x1d0 [ 2867.968176][T27919] ? __fget_files+0x294/0x400 [ 2867.972876][T27919] ? __fget_light+0xea/0x280 [ 2867.977483][T27919] __sys_sendmsg+0xe5/0x1b0 [ 2867.981994][T27919] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2867.987048][T27919] ? __x64_sys_futex+0x382/0x4e0 [ 2867.992005][T27919] ? do_syscall_64+0x1c/0xe0 [ 2867.996609][T27919] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2868.002624][T27919] do_syscall_64+0x60/0xe0 [ 2868.007057][T27919] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2868.012957][T27919] RIP: 0033:0x45c369 [ 2868.016870][T27919] Code: Bad RIP value. [ 2868.020942][T27919] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2868.029363][T27919] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2868.037342][T27919] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2868.045322][T27919] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2868.053304][T27919] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2868.061281][T27919] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c [ 2868.233883][T27930] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:07 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837", 0x21}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:07 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) 22:19:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8}, @exit={0x95, 0x0, 0x1200}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x70) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) 22:19:07 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003200000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:07 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005006c0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:07 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="4200000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2868.452148][T27947] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2868.502695][T27947] CPU: 0 PID: 27947 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2868.511400][T27947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2868.521467][T27947] Call Trace: [ 2868.524764][T27947] dump_stack+0x18f/0x20d [ 2868.529104][T27947] sysfs_warn_dup.cold+0x1c/0x2d [ 2868.534066][T27947] sysfs_do_create_link_sd+0x11e/0x140 [ 2868.539546][T27947] sysfs_create_link+0x5f/0xc0 [ 2868.544337][T27947] device_add+0x6ff/0x1b00 [ 2868.548777][T27947] ? device_check_offline+0x280/0x280 [ 2868.554166][T27947] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2868.560174][T27947] wiphy_register+0x1d5b/0x2840 [ 2868.565060][T27947] ? wiphy_unregister+0xc10/0xc10 [ 2868.570104][T27947] ? default_device_exit_batch+0x3d0/0x3d0 [ 2868.575939][T27947] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2868.582033][T27947] ieee80211_register_hw+0x2291/0x3950 [ 2868.587525][T27947] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2868.592920][T27947] ? lock_downgrade+0x820/0x820 [ 2868.597789][T27947] ? lock_is_held_type+0xb0/0xe0 [ 2868.602748][T27947] ? memset+0x20/0x40 [ 2868.606751][T27947] ? __hrtimer_init+0x12c/0x260 [ 2868.611625][T27947] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2868.617383][T27947] ? hwsim_virtio_rx_work+0x350/0x350 [ 2868.622773][T27947] ? memcpy+0x39/0x60 [ 2868.626778][T27947] hwsim_new_radio_nl+0x93e/0xf8c [ 2868.631823][T27947] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2868.637749][T27947] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2868.644707][T27947] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2868.651580][T27947] genl_rcv_msg+0x61d/0x980 [ 2868.656143][T27947] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2868.663127][T27947] ? lock_release+0x8d0/0x8d0 [ 2868.667818][T27947] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2868.673128][T27947] netlink_rcv_skb+0x15a/0x430 [ 2868.677915][T27947] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2868.684868][T27947] ? netlink_ack+0xa10/0xa10 [ 2868.689491][T27947] genl_rcv+0x24/0x40 [ 2868.693489][T27947] netlink_unicast+0x533/0x7d0 [ 2868.698277][T27947] ? netlink_attachskb+0x810/0x810 [ 2868.703406][T27947] ? _copy_from_iter_full+0x247/0x890 [ 2868.708788][T27947] ? __phys_addr+0x9a/0x110 [ 2868.713317][T27947] ? __phys_addr_symbol+0x2c/0x70 [ 2868.718359][T27947] ? __check_object_size+0x171/0x3e4 [ 2868.723668][T27947] netlink_sendmsg+0x856/0xd90 [ 2868.728453][T27947] ? netlink_unicast+0x7d0/0x7d0 [ 2868.733415][T27947] ? netlink_unicast+0x7d0/0x7d0 [ 2868.738367][T27947] sock_sendmsg+0xcf/0x120 [ 2868.742798][T27947] ____sys_sendmsg+0x6e8/0x810 [ 2868.747578][T27947] ? kernel_sendmsg+0x50/0x50 [ 2868.752265][T27947] ? do_recvmmsg+0x6d0/0x6d0 [ 2868.756881][T27947] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2868.762881][T27947] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2868.768873][T27947] ? do_user_addr_fault+0x8ce/0xd00 [ 2868.774098][T27947] ___sys_sendmsg+0xf3/0x170 [ 2868.778704][T27947] ? sendmsg_copy_msghdr+0x160/0x160 [ 2868.783999][T27947] ? __fget_files+0x272/0x400 [ 2868.788692][T27947] ? lock_downgrade+0x820/0x820 [ 2868.793554][T27947] ? find_held_lock+0x2d/0x110 [ 2868.798340][T27947] ? __might_fault+0x11f/0x1d0 [ 2868.803126][T27947] ? __fget_files+0x294/0x400 [ 2868.807824][T27947] ? __fget_light+0xea/0x280 [ 2868.812437][T27947] __sys_sendmsg+0xe5/0x1b0 [ 2868.816974][T27947] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2868.822016][T27947] ? __x64_sys_futex+0x382/0x4e0 [ 2868.826986][T27947] ? do_syscall_64+0x1c/0xe0 [ 2868.831593][T27947] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2868.837592][T27947] do_syscall_64+0x60/0xe0 [ 2868.842030][T27947] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2868.847934][T27947] RIP: 0033:0x45c369 22:19:08 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b70200000b400000bfa300000000000024020000fffeffff7a03f0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000007504faff07cd02020404000001007d60b7030000001000126a0a00fe000000008500000026000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c72821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf36628dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdb9a2eeb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b783ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a62d79b4c34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75bb32935f542127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367e0a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c4364333af9a9d91c3e41ac37a63f85ad8f32b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c984c2406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45577c205c70631e8ad585951950e521f4e210b6494e3c52d927195402245cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922691d49e2bc408a5a37d2fe7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e757bae30b356521df06f995cb57f97052fc4158250c3313b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c08000000000000002e93a314a5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f7600000000f8b32b518e01ffb985f8054d37959c529e99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c4d69e5749901b09e4902a6f5addc0103756b894418e4591c624a9b2ccabbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08956a2618a05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b775152786118384eebd5fc19b308dde002491fcf0ae8977537498f5671f27e5e844e74ca144f436946380a7103e0734cde25c9e97b9a4e58c804190043c7f333347f819f95c8cc0de7daedb53c140e2de4e37d0e2f16f70eb176321e477a2a25be145bd1072abbf686dad4d95ac870ef10d8ceff1c2897ecfc413e769e17dd0ae8fa9479320f332e95b3e6d6e42d77b427fa336d811d8ba5bb5e418c1192c5b28a6633d74f74cbf6c21cb8f29a750c50f8caa2fd"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x171}, 0x48) [ 2868.851838][T27947] Code: Bad RIP value. [ 2868.855906][T27947] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2868.864355][T27947] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2868.872336][T27947] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2868.880316][T27947] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2868.888298][T27947] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2868.896279][T27947] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c 22:19:09 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837", 0x21}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2869.720029][T27954] validate_nla: 17 callbacks suppressed [ 2869.720038][T27954] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:19:09 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) 22:19:09 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000fa747011ac5c20dc5631f454002913f766a40a8c79025f552391de6fc2f11fb6464c274706dcb7021609df57723ba914237cea343bbb9533316aded3dff2208a5b016eec7dd10000efffffffffff905400000000000000000000000000416cfe49d7068b9ed4e68c85c94d24e1f27347728203ad5f2b97577cfa3d400d23592484d79989d651d99b2dfe238b422121c318fcae5660c39b257aab8ae13c99841fa22f945a4d92d9bfe11e55bc7c1bab0e274fc52909871aa5cb88bd7c846cc1f93db8790ff44ad10ce8c0e00650b09267b2df13a27919090b4ece1e2822abc152b2e8141b2a8006ef710e59d04588e43795453af0ed4100167e35e42592801490b17cdd4a0f04b859d7f69884c54cbeacb897c6bcebf9b8a73e8180a580a8690d96b1fd3f806ae2aec42ccba6cd2d41f750c5c0e91d22cac5411cebab9f031ff8737a2f3ed9b1e927ac406278f235286ffce9144c6b9251402fcdae993800e4cf64bb4405f42d8a1e10ba02c074d18e8c954fc5a3afd4bd1d8e2999e4eca90de3c0bab18f4d7138920192b5b94fae6c4560e326d2fae92eac0686a8d2119c32930da126a8fe67024cb25776a57b28238a9708f8b2e959fe292e6a712824e9761e71c5721816ef5c2982acd168131a52c90154f9be89c1a2c947051a7c44ec18472c7e9ee9cd86e9d95ad8ab8084e6dac58406b3a313a95ac7aaf5e2f5b62776e6926c908e065665dc1e0ecd079df6bdf2ed6f2fdf9fa5a0a60599aca15f576ca57683176ee49144422a6e15c8833bf65a22d00b4a91a8cae1442f5b32a3de112293ef6b5c3221d7a000000000000000009ef3920cc463c50f4f9f25e5963b38f2e563acce577731171069ef7ea080bac42d7991cf440ffb81750187b294bb2c994350b509dbc6a5966306c2a46a96a351a8336fab6261352fa3c4656dd32f468d622e3bce7153c1d75fbf2dce66102bfe15bba125f0f21e3a1366d063710800f965c40a590877c5aa88d2101d1b45b6297b3e35dcc76869132ca2683c602461603c41dcd92ae30fd050e614d12d47a27d74f88a3da350ca4c34a1dc88f139860939b688171db8e9580d31ee199f854f0af26b73837d7b3ce470f388e935ac0d2aaa000000000000000000"], &(0x7f0000281ffc)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0xe, 0x0, &(0x7f00000001c0)="5cdd30c37f3e0a6633c9f7b988a8", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) [ 2869.781475][T27954] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2869.816609][T27959] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:09 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="5000000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:09 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003300000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:09 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500740f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:09 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837", 0x21}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2869.998099][T27987] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2870.045846][T27987] CPU: 1 PID: 27987 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2870.054550][T27987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2870.064605][T27987] Call Trace: [ 2870.067908][T27987] dump_stack+0x18f/0x20d [ 2870.072258][T27987] sysfs_warn_dup.cold+0x1c/0x2d [ 2870.077208][T27987] sysfs_do_create_link_sd+0x11e/0x140 [ 2870.082681][T27987] sysfs_create_link+0x5f/0xc0 [ 2870.087471][T27987] device_add+0x6ff/0x1b00 [ 2870.091903][T27987] ? device_check_offline+0x280/0x280 [ 2870.097288][T27987] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2870.103288][T27987] wiphy_register+0x1d5b/0x2840 [ 2870.108167][T27987] ? wiphy_unregister+0xc10/0xc10 [ 2870.113209][T27987] ? default_device_exit_batch+0x3d0/0x3d0 [ 2870.119040][T27987] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2870.125125][T27987] ieee80211_register_hw+0x2291/0x3950 [ 2870.130614][T27987] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2870.136024][T27987] ? lock_downgrade+0x820/0x820 [ 2870.140901][T27987] ? lock_is_held_type+0xb0/0xe0 [ 2870.145861][T27987] ? memset+0x20/0x40 [ 2870.149861][T27987] ? __hrtimer_init+0x12c/0x260 [ 2870.154729][T27987] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2870.160500][T27987] ? hwsim_virtio_rx_work+0x350/0x350 [ 2870.165980][T27987] ? memcpy+0x39/0x60 [ 2870.169980][T27987] hwsim_new_radio_nl+0x93e/0xf8c [ 2870.175029][T27987] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2870.180953][T27987] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2870.187898][T27987] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2870.194762][T27987] genl_rcv_msg+0x61d/0x980 [ 2870.199289][T27987] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2870.206249][T27987] ? lock_release+0x8d0/0x8d0 [ 2870.210977][T27987] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2870.216280][T27987] netlink_rcv_skb+0x15a/0x430 [ 2870.221066][T27987] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2870.228014][T27987] ? netlink_ack+0xa10/0xa10 [ 2870.232628][T27987] genl_rcv+0x24/0x40 [ 2870.236624][T27987] netlink_unicast+0x533/0x7d0 [ 2870.241403][T27987] ? netlink_attachskb+0x810/0x810 [ 2870.246524][T27987] ? _copy_from_iter_full+0x247/0x890 [ 2870.251923][T27987] ? __phys_addr+0x9a/0x110 [ 2870.256439][T27987] ? __phys_addr_symbol+0x2c/0x70 [ 2870.261477][T27987] ? __check_object_size+0x171/0x3e4 [ 2870.266778][T27987] netlink_sendmsg+0x856/0xd90 [ 2870.271571][T27987] ? netlink_unicast+0x7d0/0x7d0 [ 2870.276531][T27987] ? netlink_unicast+0x7d0/0x7d0 [ 2870.281483][T27987] sock_sendmsg+0xcf/0x120 [ 2870.285921][T27987] ____sys_sendmsg+0x6e8/0x810 [ 2870.290702][T27987] ? kernel_sendmsg+0x50/0x50 [ 2870.295400][T27987] ? do_recvmmsg+0x6d0/0x6d0 [ 2870.300006][T27987] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2870.306002][T27987] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2870.311986][T27987] ? do_user_addr_fault+0x8ce/0xd00 [ 2870.317192][T27987] ___sys_sendmsg+0xf3/0x170 [ 2870.321794][T27987] ? sendmsg_copy_msghdr+0x160/0x160 [ 2870.327087][T27987] ? __fget_files+0x272/0x400 [ 2870.331778][T27987] ? lock_downgrade+0x820/0x820 [ 2870.336642][T27987] ? find_held_lock+0x2d/0x110 [ 2870.341416][T27987] ? __might_fault+0x11f/0x1d0 [ 2870.346203][T27987] ? __fget_files+0x294/0x400 [ 2870.350907][T27987] ? __fget_light+0xea/0x280 [ 2870.355522][T27987] __sys_sendmsg+0xe5/0x1b0 [ 2870.360035][T27987] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2870.365066][T27987] ? __x64_sys_futex+0x382/0x4e0 [ 2870.370016][T27987] ? do_syscall_64+0x1c/0xe0 [ 2870.374614][T27987] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2870.380608][T27987] do_syscall_64+0x60/0xe0 [ 2870.385144][T27987] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2870.391042][T27987] RIP: 0033:0x45c369 22:19:09 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="5500000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2870.394939][T27987] Code: Bad RIP value. [ 2870.399008][T27987] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2870.407430][T27987] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2870.415410][T27987] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2870.423491][T27987] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2870.431472][T27987] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2870.439550][T27987] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c 22:19:09 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000fa747011ac5c20dc5631f454002913f766a40a8c79025f552391de6fc2f11fb6464c274706dcb7021609df57723ba914237cea343bbb9533316aded3dff2208a5b016eec7dd10000efffffffffff905400000000000000000000000000416cfe49d7068b9ed4e68c85c94d24e1f27347728203ad5f2b97577cfa3d400d23592484d79989d651d99b2dfe238b422121c318fcae5660c39b257aab8ae13c99841fa22f945a4d92d9bfe11e55bc7c1bab0e274fc52909871aa5cb88bd7c846cc1f93db8790ff44ad10ce8c0e00650b09267b2df13a27919090b4ece1e2822abc152b2e8141b2a8006ef710e59d04588e43795453af0ed4100167e35e42592801490b17cdd4a0f04b859d7f69884c54cbeacb897c6bcebf9b8a73e8180a580a8690d96b1fd3f806ae2aec42ccba6cd2d41f750c5c0e91d22cac5411cebab9f031ff8737a2f3ed9b1e927ac406278f235286ffce9144c6b9251402fcdae993800e4cf64bb4405f42d8a1e10ba02c074d18e8c954fc5a3afd4bd1d8e2999e4eca90de3c0bab18f4d7138920192b5b94fae6c4560e326d2fae92eac0686a8d2119c32930da126a8fe67024cb25776a57b28238a9708f8b2e959fe292e6a712824e9761e71c5721816ef5c2982acd168131a52c90154f9be89c1a2c947051a7c44ec18472c7e9ee9cd86e9d95ad8ab8084e6dac58406b3a313a95ac7aaf5e2f5b62776e6926c908e065665dc1e0ecd079df6bdf2ed6f2fdf9fa5a0a60599aca15f576ca57683176ee49144422a6e15c8833bf65a22d00b4a91a8cae1442f5b32a3de112293ef6b5c3221d7a000000000000000009ef3920cc463c50f4f9f25e5963b38f2e563acce577731171069ef7ea080bac42d7991cf440ffb81750187b294bb2c994350b509dbc6a5966306c2a46a96a351a8336fab6261352fa3c4656dd32f468d622e3bce7153c1d75fbf2dce66102bfe15bba125f0f21e3a1366d063710800f965c40a590877c5aa88d2101d1b45b6297b3e35dcc76869132ca2683c602461603c41dcd92ae30fd050e614d12d47a27d74f88a3da350ca4c34a1dc88f139860939b688171db8e9580d31ee199f854f0af26b73837d7b3ce470f388e935ac0d2aaa000000000000000000"], &(0x7f0000281ffc)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0xe, 0x0, &(0x7f00000001c0)="5cdd30c37f3e0a6633c9f7b988a8", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 22:19:10 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003400000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:10 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00483715", 0x22}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2870.833735][T28002] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2870.860610][T28008] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:19:10 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005007a0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2870.898959][T28008] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:10 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b702000003070000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000100000004040000f5067d60b7030000000000006a0a00fe18000000850000002b000000b70000000000000095000000000000000d7a28073a4102e4aeb54e36633e27c279341bf489903cfdb4c05e96e3046f04e77949c306340ee6af0d499a0d063518598e7e290b39f2fc2a5e019bc6b45684f002cf57bf887e83fbb2215b8a34e6bdc4dc1af6d3c6958da4bddac602e0048bec11e874602f060000002af21b753af0a0cc85ae281993bfa2139a3bb755c1f1abd1964007000000e27b2121a5f03dff9787dfd6e7608eb638e6fc4e0bc6bd5ff35928a5b5fa723028eb6ddd35ea79b92beeb52265a4b04ba50fd46a504116fb8ef84c2be021a6c9daf3f24ad7b965af8f522371c9a43c80ee6b397bea247e2d714090d43fe66b5d4f4ffe410bd701d035f867de2a20695033d91ee238c824e0b7a0aeffb9843947c3bc96e1f95c245168d2aeed2e00463d9c039bfdd58709e898c7ebad73fc48673c75c8b50db852621ad19c854622f7c7d79ec3ab4494353b458c718021442bbc6456bf0c9f6b822211eb1aa488fcaebb109382c7ab6db9c100f24e466494e7b8549cc139a74b5aaaf261f35e8347eaabe01afe21d7b7a958e9cd04b5bfa5cf78dd2fa958dbb605cd1a99613369185b2bcfe0bf0e31c83fdcb254da7cd3b68983d0798b455c8c5a5a8565d83d28437895929fa0896cf45eda77c4feae29d96568c487a74dd4f9e8465f09818c12dfc93fdb09a1d04a087d3bf219efab764d3cd676f101d3b6c9177c57340b245f15af472f1b837081969db2d58ceab0b432005a86e6c450ae4241c0066469ac65af64737af961cc90132cd2ccb6d7adf63846af1554cfcaa4eb357142a5b525a18d9d88d42520c0903bc444dc0eec4d26e586eff7c432cd12be4c796f9ebe4481f971c52a8cc7b0edab7ae8185bb7cd1fb78ff9e194e17c65acd8d015443a21815bf56f08f1d2293c49e16b060000005d362cde82509ead8932869d3d9b527c9e53c5c41f4d711c8b68a0a16c018ce2a24832cddb18bec414d78f886d1ebf7300384b13efefa03ad55fbaefc026eaa571d5deb4495ebd6fc7d457af008e74855562bbb4f255c5a6819ab19d332f067ed70f69cf784bafb5e0ccfdd7403d13938b4bae98b98b621c309b18df38a1cd779bf479096c09851c1f2e17212094ffb97ebf972e48871f76b5e0cdfda81df28e5f721f8a63c0fbd8ac992d7535452f7af68f5ae22020afd0a6036d51cda98fef44b69139315832d49fef81198f15ebe3a7548ba46451d93da03b99becd85851e7157d7e23b2803358d060fc4fa989796900a9d76008d537275a8fb1d419408248ddc98113e884991726bf05401000000a5e4f6bc373e438df8508198cb61a4640684d02f9f97cedee66fb92098eaa9ee8dedc0003731c511efcfa620075518635230b3467b92bf76b271bdab823dc284323acc4fc92e8fe452351272730702208f63ebf791adae9111d09727ed1d6fa159ee87aed74e5bfc1c93da96da4f3d0d8c03273b474bd194d2579541f86370d3f5258941e49285191261a6139090e32cd51089d136548ccdabfe3eeff28de6ca3c021b91551eabca418e41289498d659f2ab89bbe5d40ed966b5ff74b12db521c36ce6c1daaafd9dca802bac19ed4e70a64d2a99092098493764662cc153f57deaff4f68ae76f3451daf9b27a11744b9b69f6ce477d6ee279bba72df0f04e22eb2650df6cde761917dea7c34e113ee765bb5fa0c71b8c2e25f001118fbc496a153a0d6e08a8f9117165e01044cb9fb0bb4026372effb9490290541a3930b38705e05758b90f8cf42b48869417da85e8ab3c9efb8ad688491ba005eb7a798e935f7308ddbd001e478ccb308bc6596ccae90f5037c4dc020cf21bacc3cfa51db4e4ab6f92a355d4382802fdd9d746a1495489de7c21e3c6055d8a2dae048c10942fa9fe7a02dabf2c563dc4b81afa900000000d72299776a348fe7cce33e4138e7b26ab7630d407b82ee3ef340fb5794faf22c63c309ce6d3f0f292bee2f1172674fe921ae2300af352d85541c902f0a9209d558642ef490017d4f37e21a501dd5e39a5b0cfc9cb1b638459b65a2b2d5a7a5b95c877eee4c8c88d370433bc227749e1b870dd742d569da8d372d2af0f1fd3490dca52f4cb8bae142859e0650f3b958201491529569e27f3d7079f9df47af3eda8f7090d27826f61cee56063c23bae60d932e84e1f26519b3e1d34fa4a386c1ba82ba0b5778c717a20a99498be4f239d70b4789b9237df3ae59fcf96b68709257b5bc83e29738281a06bc2a4dcd6a21deecb2440166b74a617dbfeaaf17bc57f2967650f6dd757b803408ce3ede97303e626b42966b613ff68c807cdace36b2977edee0847182dacf6f543185be2cbf90030c41c260b2d0057748c9f1650d6a5c692b1c82112f65b2c713a02b9ed0f28b22cafa1cabf3270e230f1a8456295e078a6ee96ea37458817d0bc27cd0a3274a0cca3eb07b8c65cf474263a5c7fb7174bacbf853bec6a7ceee35c51dfa636021dab8f8f08d81211510655c312cfdf03d2650c9fa5c242a4a292af63fde85ca71afad2d68bf5b3e2010b9e2ed1c22f4680927a2b5793f9c1b6f8e4cc64486dbaae3880f260781e5475ce2dfcd46ddd323eb9b4dca301731d44b9172f3fc35a975f25e7a1930922b403199d5a50885fcc6ecd49610a33432a8f6cb86ed147698191306ed63f80fdc2d1e6745564c9ba93920fe7556bd452f685296b3926bc26d57520c92f0f71af76f9dc4b267ffeeb0156085f663a382b379d58d7c566e8087c46db6b206a166c3dbb34c350c11ecbe000000000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r0, 0x703, 0xe, 0x4d2f, &(0x7f0000000080)="1c04ff01de6da9725f90c5a06d0f9f2400844d0044a98db225a47ecb10b429441dec77009050d9560e58f2e162226d4fe467a890b6c4c556c6894acf3d4cd49c4dd5a2d05d6ce642e3abc0e0cb0a7de568fb3f30013c74eb73383ebaf4257042ec5277fa18a9b201882996c7b8de5080c75756094ac8e258ff1673c27fb2f2bffc290edbc5dec9e44b6fab8d5fcbd12ae8339b04701b316bd5eccc3961ce80", 0x0, 0xf0, 0x0, 0x0, 0xfffffffffffffe19}, 0x28) 22:19:10 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) 22:19:10 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="6100000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:10 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003500000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2871.040471][T28019] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:10 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00483715", 0x22}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:10 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500810f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2871.138026][T28025] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2871.172462][T28025] CPU: 1 PID: 28025 Comm: syz-executor.2 Not tainted 5.8.0-rc4-syzkaller #0 [ 2871.181165][T28025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2871.191304][T28025] Call Trace: [ 2871.194597][T28025] dump_stack+0x18f/0x20d [ 2871.198923][T28025] sysfs_warn_dup.cold+0x1c/0x2d [ 2871.203836][T28025] sysfs_do_create_link_sd+0x11e/0x140 [ 2871.209271][T28025] sysfs_create_link+0x5f/0xc0 [ 2871.214012][T28025] device_add+0x6ff/0x1b00 [ 2871.218408][T28025] ? device_check_offline+0x280/0x280 [ 2871.223773][T28025] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2871.229739][T28025] wiphy_register+0x1d5b/0x2840 [ 2871.234573][T28025] ? wiphy_unregister+0xc10/0xc10 [ 2871.239589][T28025] ? default_device_exit_batch+0x3d0/0x3d0 [ 2871.245375][T28025] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2871.251437][T28025] ieee80211_register_hw+0x2291/0x3950 [ 2871.256927][T28025] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2871.262306][T28025] ? lock_downgrade+0x820/0x820 [ 2871.267139][T28025] ? lock_is_held_type+0xb0/0xe0 [ 2871.272056][T28025] ? memset+0x20/0x40 [ 2871.276018][T28025] ? __hrtimer_init+0x12c/0x260 [ 2871.280852][T28025] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2871.286557][T28025] ? hwsim_virtio_rx_work+0x350/0x350 [ 2871.291909][T28025] ? memcpy+0x39/0x60 [ 2871.295889][T28025] hwsim_new_radio_nl+0x93e/0xf8c [ 2871.300895][T28025] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2871.306773][T28025] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2871.313685][T28025] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2871.320511][T28025] genl_rcv_msg+0x61d/0x980 [ 2871.324998][T28025] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2871.331923][T28025] ? lock_release+0x8d0/0x8d0 [ 2871.336585][T28025] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2871.341847][T28025] netlink_rcv_skb+0x15a/0x430 [ 2871.346589][T28025] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2871.353512][T28025] ? netlink_ack+0xa10/0xa10 [ 2871.358090][T28025] genl_rcv+0x24/0x40 [ 2871.362060][T28025] netlink_unicast+0x533/0x7d0 [ 2871.366823][T28025] ? netlink_attachskb+0x810/0x810 [ 2871.371909][T28025] ? _copy_from_iter_full+0x247/0x890 [ 2871.377253][T28025] ? __phys_addr+0x9a/0x110 [ 2871.381734][T28025] ? __phys_addr_symbol+0x2c/0x70 [ 2871.386734][T28025] ? __check_object_size+0x171/0x3e4 [ 2871.391996][T28025] netlink_sendmsg+0x856/0xd90 [ 2871.396752][T28025] ? netlink_unicast+0x7d0/0x7d0 [ 2871.401671][T28025] ? netlink_unicast+0x7d0/0x7d0 [ 2871.406585][T28025] sock_sendmsg+0xcf/0x120 [ 2871.410993][T28025] ____sys_sendmsg+0x6e8/0x810 [ 2871.415774][T28025] ? kernel_sendmsg+0x50/0x50 [ 2871.420603][T28025] ? do_recvmmsg+0x6d0/0x6d0 [ 2871.425198][T28025] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2871.431162][T28025] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2871.437118][T28025] ? do_user_addr_fault+0x8ce/0xd00 [ 2871.442411][T28025] ___sys_sendmsg+0xf3/0x170 [ 2871.447003][T28025] ? sendmsg_copy_msghdr+0x160/0x160 [ 2871.452283][T28025] ? __fget_files+0x272/0x400 [ 2871.456968][T28025] ? lock_downgrade+0x820/0x820 [ 2871.461798][T28025] ? find_held_lock+0x2d/0x110 [ 2871.466538][T28025] ? __might_fault+0x11f/0x1d0 [ 2871.471284][T28025] ? __fget_files+0x294/0x400 [ 2871.476052][T28025] ? __fget_light+0xea/0x280 [ 2871.480642][T28025] __sys_sendmsg+0xe5/0x1b0 [ 2871.485126][T28025] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2871.490136][T28025] ? __x64_sys_futex+0x382/0x4e0 [ 2871.495077][T28025] ? do_syscall_64+0x1c/0xe0 [ 2871.499667][T28025] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2871.505631][T28025] do_syscall_64+0x60/0xe0 [ 2871.510038][T28025] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2871.515907][T28025] RIP: 0033:0x45c369 [ 2871.519772][T28025] Code: Bad RIP value. [ 2871.523808][T28025] RSP: 002b:00007f9b67269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2871.532195][T28025] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2871.540142][T28025] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2871.548098][T28025] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2871.556049][T28025] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2871.564008][T28025] R13: 00007ffdc138b63f R14: 00007f9b6726a9c0 R15: 000000000078bf0c [ 2871.608669][T28031] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2871.625892][T28031] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:11 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="6300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:11 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003600000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:11 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f00483715", 0x22}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:11 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7baf4b06d3585a09a87507ebf4e43bc0609b1f4ecdc78eb2b57c099b6ed90e0ebcdac5f7a860c00269c781f6428457253e89ad528d985636a86ec0f60f5a6d1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81070545cab5d5b0da0f0575cc2727e8d974927676468582d8621c3ac94712ed9cf6b40b3cf252a47c05af3a30d57cc3ed67d1867b54d24e2da1856ad3b0f24b52616bf84d3b00127473e6ba922aff649609d40b47ec349ccba3ce8d530ffff19a6471bf3abc742d9cbcfb964b13831034694a6aad86cf08a2c7b2235dc99de9aa3e6b77c7a2877261ed713eec3b86836ae504479f60b0ec9204d2b85627aa5a79f670000000000000000000000008f02712c3d8fc4e2686e21a855e823887196d4f4e9f2013d2aef4a3b5092be4d6852b88317c5adbbdb001bafe5725c8a4047b91da3768c1ca6a4410009f95d4ba21068285afa8d3b4a6893d3626ab5becbcdb887af2c85c2d9ab09b5dd4406d273650bf7b2ff4602aec5eea2000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0x69, 0x20000000, &(0x7f00000004c0)="b95b03b700030003009e40f086dd1fff060000000000000177fbac141412e0000001c699da153f08e0e6e380f60108f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0xfd, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000ac0), 0xc) [ 2871.688234][T28040] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:11 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba90600054ae40f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2871.796731][T28047] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:19:11 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="7100000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2871.846878][T28047] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:11 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2871.972771][T28053] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2872.145314][T28058] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2872.198357][T28058] CPU: 0 PID: 28058 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2872.207058][T28058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2872.217117][T28058] Call Trace: [ 2872.220424][T28058] dump_stack+0x18f/0x20d [ 2872.224770][T28058] sysfs_warn_dup.cold+0x1c/0x2d [ 2872.229731][T28058] sysfs_do_create_link_sd+0x11e/0x140 [ 2872.235211][T28058] sysfs_create_link+0x5f/0xc0 [ 2872.239990][T28058] device_add+0x6ff/0x1b00 [ 2872.244416][T28058] ? device_check_offline+0x280/0x280 [ 2872.249803][T28058] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2872.255825][T28058] wiphy_register+0x1d5b/0x2840 [ 2872.260707][T28058] ? wiphy_unregister+0xc10/0xc10 [ 2872.265761][T28058] ? default_device_exit_batch+0x3d0/0x3d0 [ 2872.271586][T28058] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2872.277674][T28058] ieee80211_register_hw+0x2291/0x3950 [ 2872.283162][T28058] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2872.288554][T28058] ? lock_downgrade+0x820/0x820 [ 2872.293416][T28058] ? lock_is_held_type+0xb0/0xe0 [ 2872.298371][T28058] ? memset+0x20/0x40 [ 2872.302359][T28058] ? __hrtimer_init+0x12c/0x260 [ 2872.307225][T28058] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2872.312974][T28058] ? hwsim_virtio_rx_work+0x350/0x350 [ 2872.318366][T28058] ? memcpy+0x39/0x60 [ 2872.322367][T28058] hwsim_new_radio_nl+0x93e/0xf8c [ 2872.327412][T28058] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2872.333338][T28058] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2872.340290][T28058] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2872.347173][T28058] genl_rcv_msg+0x61d/0x980 [ 2872.351701][T28058] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2872.358660][T28058] ? lock_release+0x8d0/0x8d0 [ 2872.363429][T28058] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2872.368726][T28058] netlink_rcv_skb+0x15a/0x430 [ 2872.373520][T28058] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2872.380485][T28058] ? netlink_ack+0xa10/0xa10 [ 2872.385098][T28058] genl_rcv+0x24/0x40 [ 2872.389127][T28058] netlink_unicast+0x533/0x7d0 [ 2872.393907][T28058] ? netlink_attachskb+0x810/0x810 [ 2872.399028][T28058] ? _copy_from_iter_full+0x247/0x890 [ 2872.404406][T28058] ? __phys_addr+0x9a/0x110 [ 2872.409005][T28058] ? __phys_addr_symbol+0x2c/0x70 [ 2872.414053][T28058] ? __check_object_size+0x171/0x3e4 [ 2872.419363][T28058] netlink_sendmsg+0x856/0xd90 [ 2872.424143][T28058] ? netlink_unicast+0x7d0/0x7d0 [ 2872.429104][T28058] ? netlink_unicast+0x7d0/0x7d0 [ 2872.434053][T28058] sock_sendmsg+0xcf/0x120 [ 2872.438484][T28058] ____sys_sendmsg+0x6e8/0x810 [ 2872.443265][T28058] ? kernel_sendmsg+0x50/0x50 [ 2872.447951][T28058] ? do_recvmmsg+0x6d0/0x6d0 [ 2872.452569][T28058] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2872.458559][T28058] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2872.464545][T28058] ? __lock_acquire+0xc1e/0x56e0 [ 2872.469498][T28058] ___sys_sendmsg+0xf3/0x170 [ 2872.474095][T28058] ? sendmsg_copy_msghdr+0x160/0x160 [ 2872.479479][T28058] ? __fget_files+0x272/0x400 [ 2872.484321][T28058] ? lock_downgrade+0x820/0x820 [ 2872.489185][T28058] ? find_held_lock+0x2d/0x110 [ 2872.493964][T28058] ? __might_fault+0x11f/0x1d0 [ 2872.498749][T28058] ? __fget_files+0x294/0x400 [ 2872.503457][T28058] ? __fget_light+0xea/0x280 [ 2872.508068][T28058] __sys_sendmsg+0xe5/0x1b0 [ 2872.512581][T28058] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2872.517616][T28058] ? __x64_sys_futex+0x382/0x4e0 [ 2872.522574][T28058] ? do_syscall_64+0x1c/0xe0 [ 2872.527177][T28058] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2872.533183][T28058] do_syscall_64+0x60/0xe0 [ 2872.537616][T28058] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2872.543521][T28058] RIP: 0033:0x45c369 [ 2872.547425][T28058] Code: Bad RIP value. [ 2872.551491][T28058] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2872.559913][T28058] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2872.567890][T28058] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2872.575870][T28058] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2872.583858][T28058] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2872.591930][T28058] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:12 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="ae00000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:12 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003700000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:12 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500f00f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:12 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffe3dc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0xe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) 22:19:12 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7baf4b06d3585a09a87507ebf4e43bc0609b1f4ecdc78eb2b57c099b6ed90e0ebcdac5f7a860c00269c781f6428457253e89ad528d985636a86ec0f60f5a6d1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81070545cab5d5b0da0f0575cc2727e8d974927676468582d8621c3ac94712ed9cf6b40b3cf252a47c05af3a30d57cc3ed67d1867b54d24e2da1856ad3b0f24b52616bf84d3b00127473e6ba922aff649609d40b47ec349ccba3ce8d530ffff19a6471bf3abc742d9cbcfb964b13831034694a6aad86cf08a2c7b2235dc99de9aa3e6b77c7a2877261ed713eec3b86836ae504479f60b0ec9204d2b85627aa5a79f670000000000000000000000008f02712c3d8fc4e2686e21a855e823887196d4f4e9f2013d2aef4a3b5092be4d6852b88317c5adbbdb001bafe5725c8a4047b91da3768c1ca6a4410009f95d4ba21068285afa8d3b4a6893d3626ab5becbcdb887af2c85c2d9ab09b5dd4406d273650bf7b2ff4602aec5eea2000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0x69, 0x20000000, &(0x7f00000004c0)="b95b03b700030003009e40f086dd1fff060000000000000177fbac141412e0000001c699da153f08e0e6e380f60108f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0xfd, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) 22:19:12 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2872.784678][T28073] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2872.820299][T28072] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:19:12 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="c000000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:12 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000003", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2872.888390][T28072] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2872.960394][T28081] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2872.974895][T28081] CPU: 0 PID: 28081 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2872.983603][T28081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2872.993660][T28081] Call Trace: [ 2872.996964][T28081] dump_stack+0x18f/0x20d [ 2873.001308][T28081] sysfs_warn_dup.cold+0x1c/0x2d [ 2873.006261][T28081] sysfs_do_create_link_sd+0x11e/0x140 [ 2873.011736][T28081] sysfs_create_link+0x5f/0xc0 [ 2873.016522][T28081] device_add+0x6ff/0x1b00 [ 2873.020961][T28081] ? device_check_offline+0x280/0x280 [ 2873.026350][T28081] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2873.032351][T28081] wiphy_register+0x1d5b/0x2840 [ 2873.037258][T28081] ? wiphy_unregister+0xc10/0xc10 [ 2873.042385][T28081] ? default_device_exit_batch+0x3d0/0x3d0 [ 2873.048198][T28081] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2873.054280][T28081] ieee80211_register_hw+0x2291/0x3950 [ 2873.059770][T28081] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2873.065160][T28081] ? lock_downgrade+0x820/0x820 [ 2873.070026][T28081] ? lock_is_held_type+0xb0/0xe0 [ 2873.074992][T28081] ? memset+0x20/0x40 [ 2873.078986][T28081] ? __hrtimer_init+0x12c/0x260 [ 2873.083853][T28081] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2873.089602][T28081] ? hwsim_virtio_rx_work+0x350/0x350 [ 2873.094985][T28081] ? memcpy+0x39/0x60 [ 2873.098976][T28081] hwsim_new_radio_nl+0x93e/0xf8c [ 2873.103995][T28081] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2873.109908][T28081] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2873.116852][T28081] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2873.123717][T28081] genl_rcv_msg+0x61d/0x980 [ 2873.128235][T28081] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2873.135213][T28081] ? lock_release+0x8d0/0x8d0 [ 2873.139906][T28081] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2873.145231][T28081] netlink_rcv_skb+0x15a/0x430 [ 2873.150016][T28081] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2873.156971][T28081] ? netlink_ack+0xa10/0xa10 [ 2873.161600][T28081] genl_rcv+0x24/0x40 [ 2873.165611][T28081] netlink_unicast+0x533/0x7d0 [ 2873.170388][T28081] ? netlink_attachskb+0x810/0x810 [ 2873.175505][T28081] ? _copy_from_iter_full+0x247/0x890 [ 2873.180876][T28081] ? __phys_addr+0x9a/0x110 [ 2873.185367][T28081] ? __phys_addr_symbol+0x2c/0x70 [ 2873.190374][T28081] ? __check_object_size+0x171/0x3e4 [ 2873.195653][T28081] netlink_sendmsg+0x856/0xd90 [ 2873.200401][T28081] ? netlink_unicast+0x7d0/0x7d0 [ 2873.205331][T28081] ? netlink_unicast+0x7d0/0x7d0 [ 2873.210245][T28081] sock_sendmsg+0xcf/0x120 [ 2873.214655][T28081] ____sys_sendmsg+0x6e8/0x810 [ 2873.219421][T28081] ? kernel_sendmsg+0x50/0x50 [ 2873.224071][T28081] ? do_recvmmsg+0x6d0/0x6d0 [ 2873.228641][T28081] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2873.234598][T28081] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2873.240552][T28081] ? __lock_acquire+0xc1e/0x56e0 [ 2873.245468][T28081] ___sys_sendmsg+0xf3/0x170 [ 2873.250035][T28081] ? sendmsg_copy_msghdr+0x160/0x160 [ 2873.255298][T28081] ? __fget_files+0x272/0x400 [ 2873.259953][T28081] ? lock_downgrade+0x820/0x820 [ 2873.264778][T28081] ? find_held_lock+0x2d/0x110 [ 2873.269519][T28081] ? __might_fault+0x11f/0x1d0 [ 2873.274265][T28081] ? __fget_files+0x294/0x400 [ 2873.278924][T28081] ? __fget_light+0xea/0x280 [ 2873.283514][T28081] __sys_sendmsg+0xe5/0x1b0 [ 2873.287996][T28081] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2873.293007][T28081] ? __x64_sys_futex+0x382/0x4e0 [ 2873.297926][T28081] ? do_syscall_64+0x1c/0xe0 [ 2873.302505][T28081] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2873.308491][T28081] do_syscall_64+0x60/0xe0 [ 2873.312915][T28081] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2873.318783][T28081] RIP: 0033:0x45c369 [ 2873.322777][T28081] Code: Bad RIP value. [ 2873.326841][T28081] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2873.335231][T28081] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2873.343181][T28081] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2873.351126][T28081] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 22:19:12 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003800000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2873.359070][T28081] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2873.367013][T28081] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:12 executing program 3: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x76, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x0, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) 22:19:12 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000005", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:13 executing program 2: r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2c, 0x3, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89a0, &(0x7f0000000000)='&@[\x00') perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4000, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89a1, &(0x7f0000000680)='&@[\x00') [ 2873.682558][T28093] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:13 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:13 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="f300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:13 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000006", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:13 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000fe6000)={0x3, 0x4, 0x4, 0x100000009}, 0x2c) 22:19:13 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003900000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:13 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2874.025935][T28111] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2874.064302][T28113] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2874.096445][T28113] CPU: 0 PID: 28113 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2874.105149][T28113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2874.115207][T28113] Call Trace: [ 2874.118513][T28113] dump_stack+0x18f/0x20d [ 2874.122857][T28113] sysfs_warn_dup.cold+0x1c/0x2d [ 2874.127810][T28113] sysfs_do_create_link_sd+0x11e/0x140 [ 2874.133283][T28113] sysfs_create_link+0x5f/0xc0 [ 2874.138062][T28113] device_add+0x6ff/0x1b00 [ 2874.142512][T28113] ? device_check_offline+0x280/0x280 [ 2874.147898][T28113] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2874.153903][T28113] wiphy_register+0x1d5b/0x2840 [ 2874.158806][T28113] ? wiphy_unregister+0xc10/0xc10 [ 2874.163849][T28113] ? default_device_exit_batch+0x3d0/0x3d0 [ 2874.169684][T28113] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2874.175794][T28113] ieee80211_register_hw+0x2291/0x3950 [ 2874.181287][T28113] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2874.186682][T28113] ? lock_downgrade+0x820/0x820 [ 2874.191548][T28113] ? lock_is_held_type+0xb0/0xe0 [ 2874.196516][T28113] ? memset+0x20/0x40 [ 2874.200516][T28113] ? __hrtimer_init+0x12c/0x260 [ 2874.205385][T28113] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2874.211138][T28113] ? hwsim_virtio_rx_work+0x350/0x350 [ 2874.216529][T28113] ? memcpy+0x39/0x60 [ 2874.220532][T28113] hwsim_new_radio_nl+0x93e/0xf8c [ 2874.225576][T28113] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2874.231494][T28113] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2874.238446][T28113] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 22:19:13 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000007", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2874.245315][T28113] genl_rcv_msg+0x61d/0x980 [ 2874.249846][T28113] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2874.256809][T28113] ? lock_release+0x8d0/0x8d0 [ 2874.261503][T28113] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2874.266808][T28113] netlink_rcv_skb+0x15a/0x430 [ 2874.271609][T28113] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2874.278567][T28113] ? netlink_ack+0xa10/0xa10 [ 2874.283322][T28113] genl_rcv+0x24/0x40 [ 2874.287324][T28113] netlink_unicast+0x533/0x7d0 [ 2874.292114][T28113] ? netlink_attachskb+0x810/0x810 [ 2874.297235][T28113] ? _copy_from_iter_full+0x247/0x890 [ 2874.302623][T28113] ? __phys_addr+0x9a/0x110 [ 2874.307139][T28113] ? __phys_addr_symbol+0x2c/0x70 [ 2874.312283][T28113] ? __check_object_size+0x171/0x3e4 [ 2874.317585][T28113] netlink_sendmsg+0x856/0xd90 [ 2874.322368][T28113] ? netlink_unicast+0x7d0/0x7d0 [ 2874.327338][T28113] ? netlink_unicast+0x7d0/0x7d0 [ 2874.332287][T28113] sock_sendmsg+0xcf/0x120 [ 2874.336852][T28113] ____sys_sendmsg+0x6e8/0x810 [ 2874.341641][T28113] ? kernel_sendmsg+0x50/0x50 [ 2874.346337][T28113] ? do_recvmmsg+0x6d0/0x6d0 [ 2874.350946][T28113] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2874.356955][T28113] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2874.363136][T28113] ? __lock_acquire+0xc1e/0x56e0 [ 2874.368084][T28113] ___sys_sendmsg+0xf3/0x170 [ 2874.372680][T28113] ? sendmsg_copy_msghdr+0x160/0x160 [ 2874.377974][T28113] ? __fget_files+0x272/0x400 [ 2874.382675][T28113] ? lock_downgrade+0x820/0x820 [ 2874.387539][T28113] ? find_held_lock+0x2d/0x110 [ 2874.392315][T28113] ? __might_fault+0x11f/0x1d0 [ 2874.397101][T28113] ? __fget_files+0x294/0x400 [ 2874.401799][T28113] ? __fget_light+0xea/0x280 [ 2874.406413][T28113] __sys_sendmsg+0xe5/0x1b0 [ 2874.410928][T28113] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2874.415964][T28113] ? __x64_sys_futex+0x382/0x4e0 [ 2874.420932][T28113] ? do_syscall_64+0x1c/0xe0 [ 2874.425551][T28113] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2874.431666][T28113] do_syscall_64+0x60/0xe0 [ 2874.436101][T28113] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2874.442003][T28113] RIP: 0033:0x45c369 [ 2874.445915][T28113] Code: Bad RIP value. [ 2874.449982][T28113] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2874.458399][T28113] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2874.466382][T28113] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2874.474363][T28113] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2874.482357][T28113] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2874.490340][T28113] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:14 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:14 executing program 3: r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) 22:19:14 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000009", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:14 executing program 2: r0 = socket$kcm(0x11, 0x0, 0x300) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0xf, &(0x7f00000015c0)=[{&(0x7f0000001600)="fa0c000043008152915a115267d7d137ab2ff96e27bf28b285fe3903a44a6017edcaa3a2b4dade3baee72569b51366463fedf5e787c05b0cb5927a3a7edfb4d011e9ae1504d489e058be9fafaa633705b6d4bf6a58f2cd9ebf1972111b0b9760612582bccd3983ce4474844c065e914dab8bbd52a45f431678bfe28633bf7c8dc83df809238ed87f1e393883ef750ce79c6f84e5e5de176e2f26024e4e3a3d8fbdaf3254022f265d8ccc5fd7205d9d9c2c4076c58162523082d81a39c43f782332ba8e82b4107a049cb82bba8b5edd80473844291437b8d22edca68047582e6be601e9df5e60a32c7cd202c5a30b8b606e43362739551cbb013b65e238f41cc00d7900140cf06b7bc9030f2563bcf9d4f4b7f48c79ec1a323d06276a0a3f8846b7c62b66f9709cabcaad234c53f3bc9b11165a6321f1db1057f076cfaebf8fbfa033fdc1dc2c3e314b36b3b3dd50425447da8bc5938ff7a17361100ab0b1ffeab7ac487411824224781eb9cdd4edef57ae91cd61f56a56c0599cfc3a491447207610f242da6cd6b030ae5f35e3181c44ae68665a023759b9ef4358db46107edc49194aed72b62600ec0ae4fc9065be059fc010cd6e6c9ea77c666b5e25693fbcf595e3e57113ff3a0e0c63d0604a16ea5adb8b7b54d47d4d8804612fde571863064528a49bf684d8a880a11afd819f186c177c49cac3ba1e9d1aa7ad0ff36b9e36d73c05b8abcaf96df0aacd2c9653f30ec29e1284af8749a9b2803c2727e992a6e65df192e1875c3e6d3553ffb7cb34ffee8f8ac0123c390454b42a0316952cbc9949376d9320ec207f77c2d5eb9e86d720cf8e9008a9a51932b45cd4cab21414c92d1c20f9e15e3fc16c7ce181e9ab19b01b70343934c823b1215e173405dd225233823cd4a604a77f06b14eb05b860e6cf8790335788c43abe9de1598e9952e5c7e6b2f8b17b1788ff3033e7d1635b008834bdf4054e6195e55000827c6202b227dde06f23ae21c00b371bdb6b7ea47b2e78844b52a77f9f0929790dcd7df2752e4af092d539c87c18751a5eb3eb4d38a2a0e070064b4ffaacff0543b115cc89f6c7e78f12147ebfcf1c80bac8f98deb59cbe670adb4cd1882a7e0ca4ba85ae9d445223ffb32301d46c0c9b05a830cbea0f72294ab3b539e4ed7cac2e22b235e8ceedeb643fb90b061a58368e76036ff3c1828d8a4e21288662afb6f2acab00d734db7ffc8373a928571819ce9ea6cb0956a6093b2b1f65662b76bc6ac8a19008cf08a6342d64674271451714e1d0e4ff7647fe7551d3cf16f37cb5547317e4fef51e4fb471de6ffbb90c2dd4a64266c4c2f75fc62e58ec306fb92212fb262d8b138899a3b53e67cde2f97d94cd2265cc04d32b29edf77e75b1f88372495cb2937f183bfc8604d72efb3af5c1f41b665b25592676b0ad2185478eade7e663e743e0e09cce6224c787ce1d789dc4a9b350bfe3a75f551341b11dd96cdaea17989dad565b16324a69842dc29a0ed16744ea5935598ac8238e146139189927a14d3b2863044b63b468ae75f48fab68ad235c36daffebfe4b468fc9b13198b1a683dcd3b3b4294ba22caddbacf8792d5783bc12e2538e4609e6bb6e9eeab98a06452c252a657f400260458c29fae8879097698c9aba2b2d889fc78f00d0d8271e09e8542b71018be6ff8cb03cb423e79303047d6ce124a00f64461b899bbddc4fe87ff677533391e16c01fa9cd6420bdc856c4c7f057b249ee9817efd6ab2cd02eb887d2631435ef2d5a1c7e57ac046ef615a1285ca89ade18ae69af3b3f8f76ca8aa060e373c0f99424fe1c5fadc72fe145fd2d4e4da4b78597890516857de188fcdaf15e3b0871b346cd39ab772cc25fab49e60c818cde934b137144adfc4fbde3ddbeccce9679f02b66746e822c67b3ed5fdafb4a936a2683b39a002115ecd62220605ca542610a80f2e3530aa89d3ed6ed9c57bbfd5db3a0b62786a608309a355443c616032008f9458b2f10db93e29470192370084e9322c309c9b23333b46d04e79176659503ad4b05deebb3c67d715ee6e84a89002ea6f7f71bf41ad36b42c8ae01c97174dbb641e50641aba60c291a84e906c013087370a5043e07d36fcead378f6c1e6ed3f5ac695124b82b20261cf7c9b82172e09c81d7d39eed72aee5678613a3c671ddd44f2c7c75a3b5d316aa165d56594fccab20903d7f503a08928e76c779918b2463b720ee6367a43e494a1db3ed1a80690e665570c01ce7eb979cdd95d4e1ca51730eb2cd63ffb2a56049601627c9788254945142dce85adbe1eb5997d16cdfe2a3758b13dc6bb121e2206ae64206868c1c5e89a101bc121719ac435dcad093f5f67cefd863cc7c8f3fc8a9dc62a83c115f1ce714b18af067951aa06dd9bb4ed98a820bf4704d156977caa4e6415b2a0df0386e2f6a061bf44abc8a397cf4abdafc51b78ebec9831f3c60fde6e62a1fd082903080aef20ff8de8bc0dced06f627514600539ca7114a088848da4244a85b4cf5b976d3a698c9a568d417e276917baba05d1a02181db2e6cc35986da4ccc63f8cd8e85a4a923dd27e2f499664601fdc44fdf46e2d2880cd5a7ece89c370234c438dcc0b43865cc62bad21e9dc37da758cbe01752f02fd9cbfe98630a30a78bb1239e25cdaba3d45d13cd3e7216d9d8070f3ff1a0cd9a0c91f29974c98f2677ba88c1091bde4be0cd37ea5eeb3b9cbb0360a00ddd40bbd60ffb8d4daa973ef0977c18dd4b38a605cee957872dca85787c37b6931293eddb77015faf143d1d28d24822d1a5d134799e8175a38b255aaf0e39b68c7f734e2e1e7044626daa84c9113e86d86ef63c863703703ea163319261dcf516c32d49478f7af30d52baa18ea6b0fc286c06b7e4ee019bf3fe74845a652d4a52aaa241a189c411e90e2953863a2bc4124e573607b94cdff19e280731824931a83f056cb5857672619b97ce38081592c0c319ce72e04e9eadce89775cfb5a4b2842663bc79bde565435cbcd46c4d505ceef7dde86512d39d4cb270deb7e79ebf8602bdc0d76c3e833d36ee08be10be634f44056c2f3fd6a328c7cd562e9c96ff7845fc3df81a876bb07f1cc833bed6ca1dc5cf935a4e959db6a4fae6edbc45357d8758faa9cd04cd41eb6efcfbd91658519bf520b90107f767d126854818485e98cb7ef56804de6950bf4e72098a949d14ea0e4e9f2534cf16cac0aeb970fc5c39f37e93910d5c99ac163792260d2280ec5c9a79bf295588ec23f524aae65f800f9c39e338f3d66b1a69e5488e04823eab36ae6ec6a2c5ce133ccd819a2b217b1ab7f4afd1697bb42929b3131358b5421c83f925571934442d0fd0ce3990d4e5d31d8b956f76df3c2f8533e46b892c88692ce009155dd5c7dbe4c86874b95762650f63e4b4aabb41320978b05b80cfe8fa2830904ef6b5c4f7ad46ca5dac151c9077c4d2c6adfe5066a8eb09a9bc6892330ea2b259a53c7137f8498254e1b04bf920c35c5333c4d640b11da60917ae921037b4aedbd6a0fbeeaf88ef6defc830552b4cbe3fe2a844806a48923dd428ea1c8d797bd8e6aabd1d1a8c97c8038b627120a77f4e47fa1f788aa9da268b0ec10fc453cb722685df76547dbf55a16663aa2b2a51e9c52456cccdf682592d1369dd12e3d3cb504e0f2d7004e60c297d5a25d0298045dae8fca8cb795ea57288b85a7e705820087d55ca6c42e920e2aa1174e128622cf64a197fd728cb2949536ba63e8bda8589261f1377caea37302e47228d3708a5666c66ba711d3c0b310a8c47e86d26597299d523c28c90e4feab43e950f398f7b61ccf7e6490d75ba6d8214e2d5ef2d7a088db490e1ebacf4e6eecc896cb1c704f0a8fcdf4ccb5dfa53eaf43d709287f36c10188c19fd59da7d73494de089c1b0a69ee22dcb847001c5317846a876bee1685d11c4db0673ec4c3a12008bb719650525b3c39e2b0469edda93830b3f1bde3e5b0b4637197866bb08c5858cf0d9876e3c7cad54169887bf9c80f9f4be362e1bc8c27f3434e9a918bac355c184bd899b9aebe6be20e70c0c69234342eb8b57aa9ffb7797a32df91cec2bbc90201658ca227abf1fe68e65363867e1f6ad79b827f363d64fbd3b188d95307d011c4ce5bf4407908c058eeb97ec98dd0ebfdab6b348fa387f2a7573cac25344c983e8fd526c30ee6d59fe99a30c7d7e2864aa22bfa49df5f32da68309cab3ed9c2ce69b6ecb8508ce28a43ebd6c809b8afd07a4606e664965d316f3707a3abee9bcdc32a78031b0171fb565d90c16cd56e5792c0cf618b799715f32538e38f493d4e19ec76fc8a07576a13975706bfc2bb1516c2d18a4385cc37a206eac6c9fb8d073572ba2671d2198abf24fdd0c40d079ae44962c26743b4bf5950ac5ee34c5d7bd60b364ce670958112c37b9829bed7e1327356d6b94af3ba020c2337b2dba37d00af8a128a614390cdde62ce871f948427fb5c187df9a1540a5cc71da1a86144acbfd94bf433f744f0c4f2a675eba3ed251c5b11b08dfefc726c0394a9b75121d88467ed4b2cd69819dfe50693a4a4c8370d3af12f41c0067283bbb5a90044a340fc357a11081a6c13bb9c32d9caa448479fd5f0302b6729ca7233094540b14546d6bcc15771c2686279b34f9c0914f5306d0fabd5979266ea01a17a22507e560dbf904dd62c40e2bcc", 0xcfa}], 0x1, 0x0, 0x0, 0x3f000000}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000003c0)={0xffffffffffffffff, r1}) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000380)}, {&(0x7f00000004c0)="3b0fc477609942b5b5e2bf121cb3d23a978e86500fd3a9e2b9efc034bbcbac5c14758f0521394c5875854c655e98b41778fdb4ac772da54fbde01a03ce3d40f4a4ed58430be80d040c99b79fad72f2ad496339e4b5998047420bb36b8c7bbd3f44582f19d682e0756a6c41d46a6f630cb107edc6c3a7c827033a694af062081b445e98c23c4dfc1ad01054bdebbba4ff6bd3848298f87f7768410f2b31b84cdc3d1d90610c0915753c133b7e07217e9793995daf294e60564c339b4e7a1b85", 0xbf}], 0x2, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x138}, 0x0) socket$kcm(0x2c, 0x3, 0x0) r4 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) socket$kcm(0x2c, 0x3, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89a0, &(0x7f0000000000)='&@[\x00') 22:19:14 executing program 3: [ 2874.806655][T28131] validate_nla: 4 callbacks suppressed [ 2874.806664][T28131] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2874.868918][T28131] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2874.877132][T28135] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2874.899109][T28139] netlink: 3302 bytes leftover after parsing attributes in process `syz-executor.2'. 22:19:14 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:19:14 executing program 3: 22:19:14 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="f400000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:14 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000a", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:14 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003b00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2874.948514][T28139] netlink: 3302 bytes leftover after parsing attributes in process `syz-executor.2'. 22:19:14 executing program 2: 22:19:14 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) [ 2875.078740][T28152] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:14 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="c00e000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:14 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200000d000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b700000000000000950000000000000056ce36b68b0f334d6c37d03057c90000866f55e3376e4a82071d7827af040000007f00b3f31672797fc00300533324f871d94768e25851d3162c1bde856ed69b673e5b8d861ff207c0eb4b60a82fc3c0e2085d6add5893b223f703b454af0805f231eb8474953f640e3d490cdc0448ecf21b205768e34ab95b6ef820398c1ba4b81cee61a98d7df3768db9bd084623ca56c82b205eca4d90628aeacbd4654eb4371861a98bb8fc00000000bf8e94d4429449cd85af76d9929b318c989bead2f9921120246508110f32ac7e33f22d0fe919adb2ab814b38f9cac8fea1a8c4712b53306c00a649a62720cd26b621ab5d7a8b9f974b4f5da4862c01b4cbe5f279fe779d5f9f366ec0aee3344d712d35edc17c209296c3db7ff279c9bc5ab356c3471399f860fef75f37888d0b0968f5a8fcdf57cc5c62f45fcaccb1a3401d604f415840873a0e1df38c8c23c3fec525a5471ec0a371f32b43ca53ee679b14707e936955544af8b17d499a044873aec39d066a9b17a9ed3403417e44183ecfee7eb632f5d3a30a2fbe37d0012b927614b7f59fb09afb2d13c1f421cd03edd0cfc004e0c45b8bca731e4bbb5595779e14582d52242026fbe0628a9f01d68d2606771c9ad91620b616e0f3ce4a42a5e82767009cecb0e1bcef50384b2c3b4ca4db01e49f627c7c102a07ca108d9e771beb66acb888a8afc20b8c0ce0f377e65e85ad7978978269bb8cd2992e6c8926ead8d19415be6b88f316d290d89d01b93e76709d1a24bc383b0985e5f7b509213d39e138e141b8093b5ab1d35f437b2a9300b6d9ac552d488dda676d0aadbde4ca8f4c7a2a238c7f102d38ad90df3fe3b06e0e7552584c3f8bc589ae73d384248455ec7d0251f2225de20acdc9a4d6ea4297f44314a121f6f6b5cfed18aa52d59fd241d14b8ad3da7e7704d494faa4f43b10c83ee4256bce231b6be22bc9c5f70c1812b9efc33495f36b0ec585ba2cd0b0107c53d822f19c677991e77422c40dee38dee16d92a6de84aaddfd85e4ceff67585567daa020e58177e415a183c107c3e10ff50fa42dae17529c6c9441fa7c6bedff933567e98b237730033457d600aaa46f45ed48a91c6dc81f7f1b838999ec40590bafc86557826b3aef847e9adc73756849d1a3376d3237e6e67c3a4cbd61304046c483f97d6c29f0e789da00a06c504071de5efe56afe7e0552bfd505d365d931ab197f19c810e69920cb3778320efc00f222f6fb0a5cc891f65f8d46ef1e7cc8dbd7e1f5a0c1bfcc8b58547f939"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0xe, 0x0, &(0x7f0000000780)="b95b03b708030009000000e086dd", 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x40) [ 2875.140159][T28156] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2875.173361][T28156] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2875.209363][T28154] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2875.227493][T28154] CPU: 1 PID: 28154 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2875.236204][T28154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2875.246285][T28154] Call Trace: [ 2875.249601][T28154] dump_stack+0x18f/0x20d [ 2875.253987][T28154] sysfs_warn_dup.cold+0x1c/0x2d [ 2875.258986][T28154] sysfs_do_create_link_sd+0x11e/0x140 [ 2875.264472][T28154] sysfs_create_link+0x5f/0xc0 [ 2875.269256][T28154] device_add+0x6ff/0x1b00 [ 2875.273832][T28154] ? device_check_offline+0x280/0x280 [ 2875.279231][T28154] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2875.285235][T28154] wiphy_register+0x1d5b/0x2840 [ 2875.290117][T28154] ? wiphy_unregister+0xc10/0xc10 [ 2875.295161][T28154] ? default_device_exit_batch+0x3d0/0x3d0 [ 2875.300995][T28154] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2875.307082][T28154] ieee80211_register_hw+0x2291/0x3950 [ 2875.312577][T28154] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2875.317978][T28154] ? lock_downgrade+0x820/0x820 [ 2875.322841][T28154] ? lock_is_held_type+0xb0/0xe0 [ 2875.327786][T28154] ? memset+0x20/0x40 [ 2875.331793][T28154] ? __hrtimer_init+0x12c/0x260 [ 2875.336754][T28154] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2875.342499][T28154] ? hwsim_virtio_rx_work+0x350/0x350 [ 2875.347902][T28154] ? memcpy+0x39/0x60 [ 2875.351894][T28154] hwsim_new_radio_nl+0x93e/0xf8c [ 2875.356929][T28154] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2875.362838][T28154] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2875.369786][T28154] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2875.376658][T28154] genl_rcv_msg+0x61d/0x980 [ 2875.381189][T28154] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2875.388150][T28154] ? lock_release+0x8d0/0x8d0 [ 2875.392840][T28154] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2875.398145][T28154] netlink_rcv_skb+0x15a/0x430 [ 2875.402929][T28154] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2875.409881][T28154] ? netlink_ack+0xa10/0xa10 [ 2875.414529][T28154] genl_rcv+0x24/0x40 [ 2875.418522][T28154] netlink_unicast+0x533/0x7d0 [ 2875.423300][T28154] ? netlink_attachskb+0x810/0x810 [ 2875.428426][T28154] ? _copy_from_iter_full+0x247/0x890 [ 2875.433810][T28154] ? __phys_addr+0x9a/0x110 [ 2875.438328][T28154] ? __phys_addr_symbol+0x2c/0x70 [ 2875.443366][T28154] ? __check_object_size+0x171/0x3e4 [ 2875.448721][T28154] netlink_sendmsg+0x856/0xd90 [ 2875.453511][T28154] ? netlink_unicast+0x7d0/0x7d0 [ 2875.458477][T28154] ? netlink_unicast+0x7d0/0x7d0 [ 2875.463431][T28154] sock_sendmsg+0xcf/0x120 [ 2875.467863][T28154] ____sys_sendmsg+0x6e8/0x810 [ 2875.472645][T28154] ? kernel_sendmsg+0x50/0x50 [ 2875.477336][T28154] ? do_recvmmsg+0x6d0/0x6d0 [ 2875.481945][T28154] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2875.487941][T28154] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2875.493936][T28154] ? __lock_acquire+0xc1e/0x56e0 [ 2875.498894][T28154] ___sys_sendmsg+0xf3/0x170 [ 2875.503496][T28154] ? sendmsg_copy_msghdr+0x160/0x160 [ 2875.508792][T28154] ? __fget_files+0x272/0x400 [ 2875.513482][T28154] ? lock_downgrade+0x820/0x820 [ 2875.518341][T28154] ? find_held_lock+0x2d/0x110 [ 2875.523118][T28154] ? __might_fault+0x11f/0x1d0 [ 2875.527901][T28154] ? __fget_files+0x294/0x400 [ 2875.532596][T28154] ? __fget_light+0xea/0x280 [ 2875.537203][T28154] __sys_sendmsg+0xe5/0x1b0 [ 2875.541728][T28154] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2875.546768][T28154] ? __x64_sys_futex+0x382/0x4e0 [ 2875.551820][T28154] ? do_syscall_64+0x1c/0xe0 [ 2875.556431][T28154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2875.562428][T28154] do_syscall_64+0x60/0xe0 [ 2875.566869][T28154] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2875.572772][T28154] RIP: 0033:0x45c369 [ 2875.576681][T28154] Code: Bad RIP value. [ 2875.580859][T28154] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2875.589276][T28154] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2875.597256][T28154] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:19:15 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003c00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2875.605248][T28154] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2875.613222][T28154] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2875.621200][T28154] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:15 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000b", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:15 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000000c0)=0xfffffffffffffe00) [ 2875.757965][T28172] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2875.774475][T28172] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2875.796675][T28173] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:15 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:19:15 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="e03f030025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2875.852409][T28162] debugfs: Directory '!' with parent 'ieee80211' already present! 22:19:15 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003d00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:15 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000c", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:15 executing program 2: 22:19:15 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) [ 2876.025108][T28192] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2876.072166][T28192] CPU: 1 PID: 28192 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2876.080870][T28192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2876.090930][T28192] Call Trace: [ 2876.094230][T28192] dump_stack+0x18f/0x20d [ 2876.098570][T28192] sysfs_warn_dup.cold+0x1c/0x2d [ 2876.103517][T28192] sysfs_do_create_link_sd+0x11e/0x140 [ 2876.108982][T28192] sysfs_create_link+0x5f/0xc0 [ 2876.113749][T28192] device_add+0x6ff/0x1b00 [ 2876.118177][T28192] ? device_check_offline+0x280/0x280 [ 2876.123557][T28192] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2876.129553][T28192] wiphy_register+0x1d5b/0x2840 [ 2876.134442][T28192] ? wiphy_unregister+0xc10/0xc10 [ 2876.139489][T28192] ? default_device_exit_batch+0x3d0/0x3d0 [ 2876.145408][T28192] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2876.151493][T28192] ieee80211_register_hw+0x2291/0x3950 [ 2876.156985][T28192] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2876.162395][T28192] ? lock_downgrade+0x820/0x820 [ 2876.167268][T28192] ? lock_is_held_type+0xb0/0xe0 [ 2876.172233][T28192] ? memset+0x20/0x40 [ 2876.176229][T28192] ? __hrtimer_init+0x12c/0x260 [ 2876.181097][T28192] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2876.186860][T28192] ? hwsim_virtio_rx_work+0x350/0x350 [ 2876.192248][T28192] ? memcpy+0x39/0x60 [ 2876.196245][T28192] hwsim_new_radio_nl+0x93e/0xf8c [ 2876.201281][T28192] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2876.207193][T28192] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2876.214141][T28192] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2876.221004][T28192] genl_rcv_msg+0x61d/0x980 [ 2876.225529][T28192] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2876.232484][T28192] ? lock_release+0x8d0/0x8d0 [ 2876.237259][T28192] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2876.242560][T28192] netlink_rcv_skb+0x15a/0x430 [ 2876.247355][T28192] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2876.254303][T28192] ? netlink_ack+0xa10/0xa10 [ 2876.258919][T28192] genl_rcv+0x24/0x40 [ 2876.262909][T28192] netlink_unicast+0x533/0x7d0 [ 2876.267689][T28192] ? netlink_attachskb+0x810/0x810 [ 2876.272818][T28192] ? _copy_from_iter_full+0x247/0x890 [ 2876.278207][T28192] ? __phys_addr+0x9a/0x110 [ 2876.282729][T28192] ? __phys_addr_symbol+0x2c/0x70 [ 2876.287772][T28192] ? __check_object_size+0x171/0x3e4 [ 2876.293121][T28192] netlink_sendmsg+0x856/0xd90 [ 2876.297910][T28192] ? netlink_unicast+0x7d0/0x7d0 [ 2876.302885][T28192] ? netlink_unicast+0x7d0/0x7d0 [ 2876.307842][T28192] sock_sendmsg+0xcf/0x120 [ 2876.312280][T28192] ____sys_sendmsg+0x6e8/0x810 [ 2876.317070][T28192] ? kernel_sendmsg+0x50/0x50 [ 2876.321768][T28192] ? do_recvmmsg+0x6d0/0x6d0 [ 2876.326379][T28192] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2876.332388][T28192] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2876.338390][T28192] ? __lock_acquire+0xc1e/0x56e0 [ 2876.343353][T28192] ___sys_sendmsg+0xf3/0x170 [ 2876.347964][T28192] ? sendmsg_copy_msghdr+0x160/0x160 [ 2876.353262][T28192] ? __fget_files+0x272/0x400 [ 2876.357959][T28192] ? lock_downgrade+0x820/0x820 [ 2876.362821][T28192] ? find_held_lock+0x2d/0x110 [ 2876.367604][T28192] ? __might_fault+0x11f/0x1d0 [ 2876.372390][T28192] ? __fget_files+0x294/0x400 [ 2876.377084][T28192] ? __fget_light+0xea/0x280 [ 2876.381708][T28192] __sys_sendmsg+0xe5/0x1b0 [ 2876.386231][T28192] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2876.391270][T28192] ? __x64_sys_futex+0x382/0x4e0 [ 2876.396230][T28192] ? do_syscall_64+0x1c/0xe0 [ 2876.400833][T28192] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2876.406815][T28192] do_syscall_64+0x60/0xe0 [ 2876.411237][T28192] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2876.417266][T28192] RIP: 0033:0x45c369 [ 2876.421157][T28192] Code: Bad RIP value. [ 2876.425222][T28192] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2876.433639][T28192] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2876.441621][T28192] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2876.449606][T28192] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2876.457593][T28192] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2876.465609][T28192] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:16 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) [ 2876.527159][T28197] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2876.540074][T28199] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2876.550078][T28199] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:16 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000d", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:16 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 22:19:16 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="6308002025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:16 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003e00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:16 executing program 2: [ 2876.729549][T28214] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:16 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000e", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:16 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="00f0ff7f25000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2876.782763][T28220] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:19:16 executing program 2: [ 2876.830333][T28220] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2876.894695][T28215] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2876.931700][T28215] CPU: 1 PID: 28215 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2876.940410][T28215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2876.950478][T28215] Call Trace: [ 2876.953793][T28215] dump_stack+0x18f/0x20d [ 2876.958141][T28215] sysfs_warn_dup.cold+0x1c/0x2d [ 2876.963092][T28215] sysfs_do_create_link_sd+0x11e/0x140 [ 2876.968566][T28215] sysfs_create_link+0x5f/0xc0 [ 2876.973346][T28215] device_add+0x6ff/0x1b00 [ 2876.977787][T28215] ? device_check_offline+0x280/0x280 [ 2876.983190][T28215] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2876.989202][T28215] wiphy_register+0x1d5b/0x2840 [ 2876.994085][T28215] ? wiphy_unregister+0xc10/0xc10 [ 2876.999128][T28215] ? default_device_exit_batch+0x3d0/0x3d0 [ 2877.004963][T28215] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2877.011053][T28215] ieee80211_register_hw+0x2291/0x3950 [ 2877.016546][T28215] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2877.021940][T28215] ? lock_downgrade+0x820/0x820 [ 2877.026809][T28215] ? lock_is_held_type+0xb0/0xe0 [ 2877.031765][T28215] ? memset+0x20/0x40 [ 2877.035770][T28215] ? __hrtimer_init+0x12c/0x260 [ 2877.040647][T28215] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2877.046404][T28215] ? hwsim_virtio_rx_work+0x350/0x350 [ 2877.051808][T28215] ? memcpy+0x39/0x60 [ 2877.055822][T28215] hwsim_new_radio_nl+0x93e/0xf8c [ 2877.060872][T28215] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2877.066793][T28215] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2877.074096][T28215] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2877.080968][T28215] genl_rcv_msg+0x61d/0x980 [ 2877.085496][T28215] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2877.092456][T28215] ? lock_release+0x8d0/0x8d0 [ 2877.097141][T28215] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2877.102446][T28215] netlink_rcv_skb+0x15a/0x430 [ 2877.107223][T28215] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2877.114177][T28215] ? netlink_ack+0xa10/0xa10 [ 2877.118793][T28215] genl_rcv+0x24/0x40 [ 2877.122789][T28215] netlink_unicast+0x533/0x7d0 [ 2877.127576][T28215] ? netlink_attachskb+0x810/0x810 [ 2877.132699][T28215] ? _copy_from_iter_full+0x247/0x890 [ 2877.138064][T28215] ? __phys_addr+0x9a/0x110 [ 2877.142658][T28215] ? __phys_addr_symbol+0x2c/0x70 [ 2877.147699][T28215] ? __check_object_size+0x171/0x3e4 [ 2877.153008][T28215] netlink_sendmsg+0x856/0xd90 [ 2877.157798][T28215] ? netlink_unicast+0x7d0/0x7d0 [ 2877.162767][T28215] ? netlink_unicast+0x7d0/0x7d0 [ 2877.167726][T28215] sock_sendmsg+0xcf/0x120 [ 2877.172176][T28215] ____sys_sendmsg+0x6e8/0x810 [ 2877.176954][T28215] ? kernel_sendmsg+0x50/0x50 [ 2877.181641][T28215] ? do_recvmmsg+0x6d0/0x6d0 [ 2877.186246][T28215] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2877.192241][T28215] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2877.198340][T28215] ? __lock_acquire+0xc1e/0x56e0 [ 2877.203301][T28215] ___sys_sendmsg+0xf3/0x170 [ 2877.207910][T28215] ? sendmsg_copy_msghdr+0x160/0x160 [ 2877.213214][T28215] ? __fget_files+0x272/0x400 [ 2877.217913][T28215] ? lock_downgrade+0x820/0x820 [ 2877.222895][T28215] ? find_held_lock+0x2d/0x110 [ 2877.227678][T28215] ? __might_fault+0x11f/0x1d0 [ 2877.232473][T28215] ? __fget_files+0x294/0x400 [ 2877.237179][T28215] ? __fget_light+0xea/0x280 [ 2877.241789][T28215] __sys_sendmsg+0xe5/0x1b0 [ 2877.246307][T28215] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2877.251351][T28215] ? __x64_sys_futex+0x382/0x4e0 [ 2877.256314][T28215] ? do_syscall_64+0x1c/0xe0 [ 2877.260919][T28215] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2877.266918][T28215] do_syscall_64+0x60/0xe0 [ 2877.271356][T28215] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2877.277258][T28215] RIP: 0033:0x45c369 [ 2877.281165][T28215] Code: Bad RIP value. [ 2877.285231][T28215] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 22:19:16 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010003f00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2877.293649][T28215] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2877.301630][T28215] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2877.309615][T28215] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2877.317685][T28215] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2877.325667][T28215] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c 22:19:16 executing program 2: 22:19:17 executing program 2: [ 2877.438650][T28228] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2877.477217][T28216] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2877.552471][T28216] CPU: 1 PID: 28216 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2877.561186][T28216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2877.571367][T28216] Call Trace: [ 2877.574678][T28216] dump_stack+0x18f/0x20d [ 2877.579026][T28216] sysfs_warn_dup.cold+0x1c/0x2d [ 2877.583983][T28216] sysfs_do_create_link_sd+0x11e/0x140 [ 2877.589479][T28216] sysfs_create_link+0x5f/0xc0 [ 2877.594260][T28216] device_add+0x6ff/0x1b00 [ 2877.598722][T28216] ? device_check_offline+0x280/0x280 [ 2877.604117][T28216] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2877.610123][T28216] wiphy_register+0x1d5b/0x2840 [ 2877.615012][T28216] ? wiphy_unregister+0xc10/0xc10 [ 2877.620052][T28216] ? default_device_exit_batch+0x3d0/0x3d0 [ 2877.625882][T28216] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2877.631972][T28216] ieee80211_register_hw+0x2291/0x3950 [ 2877.637465][T28216] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2877.642854][T28216] ? lock_downgrade+0x820/0x820 [ 2877.647720][T28216] ? lock_is_held_type+0xb0/0xe0 [ 2877.652757][T28216] ? memset+0x20/0x40 [ 2877.656750][T28216] ? __hrtimer_init+0x12c/0x260 [ 2877.661619][T28216] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2877.667382][T28216] ? hwsim_virtio_rx_work+0x350/0x350 [ 2877.672767][T28216] ? memcpy+0x39/0x60 [ 2877.676764][T28216] hwsim_new_radio_nl+0x93e/0xf8c [ 2877.681800][T28216] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2877.687712][T28216] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2877.694655][T28216] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2877.701607][T28216] genl_rcv_msg+0x61d/0x980 [ 2877.706150][T28216] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2877.713118][T28216] ? lock_release+0x8d0/0x8d0 [ 2877.717804][T28216] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2877.723110][T28216] netlink_rcv_skb+0x15a/0x430 [ 2877.727891][T28216] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2877.734843][T28216] ? netlink_ack+0xa10/0xa10 [ 2877.739463][T28216] genl_rcv+0x24/0x40 [ 2877.743452][T28216] netlink_unicast+0x533/0x7d0 [ 2877.748232][T28216] ? netlink_attachskb+0x810/0x810 22:19:17 executing program 3: 22:19:17 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004000000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2877.753360][T28216] ? _copy_from_iter_full+0x247/0x890 [ 2877.758747][T28216] ? __phys_addr+0x9a/0x110 [ 2877.763248][T28216] ? __phys_addr_symbol+0x2c/0x70 [ 2877.768270][T28216] ? __check_object_size+0x171/0x3e4 [ 2877.773564][T28216] netlink_sendmsg+0x856/0xd90 [ 2877.778345][T28216] ? netlink_unicast+0x7d0/0x7d0 [ 2877.783313][T28216] ? netlink_unicast+0x7d0/0x7d0 [ 2877.788255][T28216] sock_sendmsg+0xcf/0x120 [ 2877.792686][T28216] ____sys_sendmsg+0x6e8/0x810 [ 2877.797464][T28216] ? kernel_sendmsg+0x50/0x50 [ 2877.802146][T28216] ? do_recvmmsg+0x6d0/0x6d0 [ 2877.806750][T28216] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2877.812746][T28216] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2877.818734][T28216] ? __lock_acquire+0xc1e/0x56e0 [ 2877.823689][T28216] ___sys_sendmsg+0xf3/0x170 [ 2877.828292][T28216] ? sendmsg_copy_msghdr+0x160/0x160 [ 2877.833582][T28216] ? __fget_files+0x272/0x400 [ 2877.838270][T28216] ? lock_downgrade+0x820/0x820 [ 2877.843135][T28216] ? find_held_lock+0x2d/0x110 [ 2877.847925][T28216] ? __might_fault+0x11f/0x1d0 [ 2877.852709][T28216] ? __fget_files+0x294/0x400 [ 2877.857406][T28216] ? __fget_light+0xea/0x280 [ 2877.862011][T28216] __sys_sendmsg+0xe5/0x1b0 [ 2877.866527][T28216] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2877.871563][T28216] ? __x64_sys_futex+0x382/0x4e0 [ 2877.876526][T28216] ? do_syscall_64+0x1c/0xe0 [ 2877.881137][T28216] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2877.887137][T28216] do_syscall_64+0x60/0xe0 [ 2877.891592][T28216] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2877.897497][T28216] RIP: 0033:0x45c369 [ 2877.901392][T28216] Code: Bad RIP value. [ 2877.905464][T28216] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2877.913885][T28216] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2877.921867][T28216] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2877.929847][T28216] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2877.937830][T28216] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2877.945817][T28216] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:17 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) 22:19:17 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500020f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:17 executing program 2: socket$kcm(0xa, 0x0, 0x88) perf_event_open(0x0, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7baf4b06d3585a09a87507ebf4e43bc0609b1f4ecdc78eb2b57c099b6ed90e0ebcdac5f7a860c00269c781f6428457253e89ad528d985636a86ec0f60f5a6d1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81070545cab5d5b0da0f0575cc2727e8d974927676468582d8621c3ac94712ed9cf6b40b3cf252a47c05af3a30d57cc3ed67d1867b54d24e2da1856ad3b0f24b52616bf84d3b00127473e6ba922aff649609d40b47ec349ccba3ce8d530ffff19a6471bf3abc742d9cbcfb964b13831034694a6aad86cf08a2c7b2235dc99de9aa3e6b77c7a2877261ed713eec3b86836ae504479f60b0ec9204d2b85627aa5a79f670000000000000000000000008f02712c3d8fc4e2686e21a855e823887196d4f4e9f2013d2aef4a3b5092be4d6852b88317c5adbbdb001bafe5725c8a4047b91da3768c1ca6a4410009f95d4ba21068285afa8d3b4a6893d3626ab5becbcdb887af2c85c2d9ab09b5dd4406d273650bf7b2ff4602aec5eea2000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0x69, 0x20000000, &(0x7f00000004c0)="b95b03b700030003009e40f086dd1fff060000000000000177fbac141412e0000001c699da153f08e0e6e380f60108f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0xfd, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) 22:19:17 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) 22:19:17 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="230000000f000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:17 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004100000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2878.107075][T28258] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:17 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500030f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:17 executing program 3: 22:19:17 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004200000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2878.243052][T28270] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2878.266657][T28270] CPU: 1 PID: 28270 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2878.275391][T28270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2878.285453][T28270] Call Trace: [ 2878.288744][T28270] dump_stack+0x18f/0x20d [ 2878.293090][T28270] sysfs_warn_dup.cold+0x1c/0x2d [ 2878.298004][T28270] sysfs_do_create_link_sd+0x11e/0x140 [ 2878.303467][T28270] sysfs_create_link+0x5f/0xc0 [ 2878.308219][T28270] device_add+0x6ff/0x1b00 [ 2878.312627][T28270] ? device_check_offline+0x280/0x280 [ 2878.317983][T28270] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2878.323950][T28270] wiphy_register+0x1d5b/0x2840 [ 2878.328790][T28270] ? wiphy_unregister+0xc10/0xc10 [ 2878.333794][T28270] ? default_device_exit_batch+0x3d0/0x3d0 [ 2878.339587][T28270] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2878.345723][T28270] ieee80211_register_hw+0x2291/0x3950 [ 2878.351176][T28270] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2878.356530][T28270] ? lock_downgrade+0x820/0x820 [ 2878.361361][T28270] ? lock_is_held_type+0xb0/0xe0 [ 2878.366276][T28270] ? memset+0x20/0x40 [ 2878.370240][T28270] ? __hrtimer_init+0x12c/0x260 [ 2878.375076][T28270] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2878.380782][T28270] ? hwsim_virtio_rx_work+0x350/0x350 [ 2878.386134][T28270] ? memcpy+0x39/0x60 [ 2878.390099][T28270] hwsim_new_radio_nl+0x93e/0xf8c [ 2878.395103][T28270] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2878.400980][T28270] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2878.407893][T28270] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2878.414742][T28270] genl_rcv_msg+0x61d/0x980 [ 2878.419251][T28270] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2878.426190][T28270] ? lock_release+0x8d0/0x8d0 [ 2878.430856][T28270] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2878.436141][T28270] netlink_rcv_skb+0x15a/0x430 [ 2878.440890][T28270] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2878.447802][T28270] ? netlink_ack+0xa10/0xa10 [ 2878.452381][T28270] genl_rcv+0x24/0x40 [ 2878.456362][T28270] netlink_unicast+0x533/0x7d0 [ 2878.461139][T28270] ? netlink_attachskb+0x810/0x810 [ 2878.466236][T28270] ? _copy_from_iter_full+0x247/0x890 [ 2878.471589][T28270] ? __phys_addr+0x9a/0x110 [ 2878.476069][T28270] ? __phys_addr_symbol+0x2c/0x70 [ 2878.481079][T28270] ? __check_object_size+0x171/0x3e4 [ 2878.486344][T28270] netlink_sendmsg+0x856/0xd90 [ 2878.491090][T28270] ? netlink_unicast+0x7d0/0x7d0 [ 2878.496097][T28270] ? netlink_unicast+0x7d0/0x7d0 [ 2878.501011][T28270] sock_sendmsg+0xcf/0x120 [ 2878.505399][T28270] ____sys_sendmsg+0x6e8/0x810 [ 2878.510138][T28270] ? kernel_sendmsg+0x50/0x50 [ 2878.514786][T28270] ? do_recvmmsg+0x6d0/0x6d0 [ 2878.519358][T28270] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2878.525316][T28270] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2878.531270][T28270] ? __lock_acquire+0xc1e/0x56e0 [ 2878.536189][T28270] ___sys_sendmsg+0xf3/0x170 [ 2878.540761][T28270] ? sendmsg_copy_msghdr+0x160/0x160 [ 2878.546023][T28270] ? __fget_files+0x272/0x400 [ 2878.550681][T28270] ? lock_downgrade+0x820/0x820 [ 2878.555519][T28270] ? find_held_lock+0x2d/0x110 [ 2878.560257][T28270] ? __might_fault+0x11f/0x1d0 [ 2878.565000][T28270] ? __fget_files+0x294/0x400 [ 2878.569663][T28270] ? __fget_light+0xea/0x280 [ 2878.574232][T28270] __sys_sendmsg+0xe5/0x1b0 [ 2878.578723][T28270] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2878.583727][T28270] ? __x64_sys_futex+0x382/0x4e0 [ 2878.588656][T28270] ? do_syscall_64+0x1c/0xe0 [ 2878.593236][T28270] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2878.599193][T28270] do_syscall_64+0x60/0xe0 [ 2878.603591][T28270] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2878.609459][T28270] RIP: 0033:0x45c369 [ 2878.613322][T28270] Code: Bad RIP value. [ 2878.617362][T28270] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2878.625768][T28270] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2878.633715][T28270] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:19:18 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2302000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2878.641664][T28270] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2878.649613][T28270] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2878.657648][T28270] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2878.719409][T28278] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:18 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500040f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:18 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2303000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:18 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) 22:19:18 executing program 3: [ 2878.977125][T28296] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2879.032525][T28296] CPU: 1 PID: 28296 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2879.041234][T28296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2879.051295][T28296] Call Trace: [ 2879.054598][T28296] dump_stack+0x18f/0x20d [ 2879.058943][T28296] sysfs_warn_dup.cold+0x1c/0x2d [ 2879.063892][T28296] sysfs_do_create_link_sd+0x11e/0x140 [ 2879.069362][T28296] sysfs_create_link+0x5f/0xc0 [ 2879.074226][T28296] device_add+0x6ff/0x1b00 [ 2879.078661][T28296] ? device_check_offline+0x280/0x280 [ 2879.084050][T28296] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2879.090068][T28296] wiphy_register+0x1d5b/0x2840 [ 2879.095034][T28296] ? wiphy_unregister+0xc10/0xc10 [ 2879.100076][T28296] ? default_device_exit_batch+0x3d0/0x3d0 [ 2879.105899][T28296] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2879.111978][T28296] ieee80211_register_hw+0x2291/0x3950 [ 2879.117464][T28296] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2879.122850][T28296] ? lock_downgrade+0x820/0x820 [ 2879.127713][T28296] ? lock_is_held_type+0xb0/0xe0 [ 2879.132662][T28296] ? memset+0x20/0x40 [ 2879.136656][T28296] ? __hrtimer_init+0x12c/0x260 [ 2879.141529][T28296] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2879.147274][T28296] ? hwsim_virtio_rx_work+0x350/0x350 [ 2879.152658][T28296] ? memcpy+0x39/0x60 [ 2879.156655][T28296] hwsim_new_radio_nl+0x93e/0xf8c [ 2879.161689][T28296] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2879.167604][T28296] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2879.174546][T28296] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2879.181406][T28296] genl_rcv_msg+0x61d/0x980 [ 2879.185930][T28296] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2879.192883][T28296] ? lock_release+0x8d0/0x8d0 [ 2879.197564][T28296] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2879.202863][T28296] netlink_rcv_skb+0x15a/0x430 [ 2879.207642][T28296] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2879.214631][T28296] ? netlink_ack+0xa10/0xa10 [ 2879.219249][T28296] genl_rcv+0x24/0x40 [ 2879.223237][T28296] netlink_unicast+0x533/0x7d0 [ 2879.228012][T28296] ? netlink_attachskb+0x810/0x810 [ 2879.233127][T28296] ? _copy_from_iter_full+0x247/0x890 [ 2879.238514][T28296] ? __phys_addr+0x9a/0x110 [ 2879.243125][T28296] ? __phys_addr_symbol+0x2c/0x70 [ 2879.248153][T28296] ? __check_object_size+0x171/0x3e4 [ 2879.253452][T28296] netlink_sendmsg+0x856/0xd90 [ 2879.258230][T28296] ? netlink_unicast+0x7d0/0x7d0 [ 2879.263182][T28296] ? netlink_unicast+0x7d0/0x7d0 [ 2879.268241][T28296] sock_sendmsg+0xcf/0x120 [ 2879.272661][T28296] ____sys_sendmsg+0x6e8/0x810 [ 2879.277432][T28296] ? kernel_sendmsg+0x50/0x50 [ 2879.282120][T28296] ? do_recvmmsg+0x6d0/0x6d0 [ 2879.286737][T28296] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2879.292753][T28296] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2879.298751][T28296] ? __lock_acquire+0xc1e/0x56e0 [ 2879.303707][T28296] ___sys_sendmsg+0xf3/0x170 [ 2879.308411][T28296] ? sendmsg_copy_msghdr+0x160/0x160 [ 2879.313708][T28296] ? __fget_files+0x272/0x400 [ 2879.318501][T28296] ? lock_downgrade+0x820/0x820 [ 2879.323389][T28296] ? find_held_lock+0x2d/0x110 [ 2879.328293][T28296] ? __might_fault+0x11f/0x1d0 [ 2879.333093][T28296] ? __fget_files+0x294/0x400 [ 2879.337794][T28296] ? __fget_light+0xea/0x280 [ 2879.342413][T28296] __sys_sendmsg+0xe5/0x1b0 [ 2879.346934][T28296] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2879.351973][T28296] ? __x64_sys_futex+0x382/0x4e0 [ 2879.356960][T28296] ? do_syscall_64+0x1c/0xe0 [ 2879.361560][T28296] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2879.367555][T28296] do_syscall_64+0x60/0xe0 [ 2879.371987][T28296] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2879.377890][T28296] RIP: 0033:0x45c369 22:19:18 executing program 2: 22:19:18 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004300000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:18 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500050f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:18 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2304000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:18 executing program 3: [ 2879.381785][T28296] Code: Bad RIP value. [ 2879.385859][T28296] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2879.394280][T28296] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2879.402269][T28296] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2879.410254][T28296] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2879.418235][T28296] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2879.426215][T28296] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:19 executing program 2: 22:19:19 executing program 3: 22:19:19 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500060f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:19 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) 22:19:19 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2305000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:19 executing program 2: 22:19:19 executing program 3: 22:19:19 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004400000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:19 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500070f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:19 executing program 3: [ 2879.785063][T28325] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2879.830366][T28325] CPU: 0 PID: 28325 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2879.839072][T28325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2879.849137][T28325] Call Trace: [ 2879.852441][T28325] dump_stack+0x18f/0x20d [ 2879.856793][T28325] sysfs_warn_dup.cold+0x1c/0x2d [ 2879.861749][T28325] sysfs_do_create_link_sd+0x11e/0x140 [ 2879.867228][T28325] sysfs_create_link+0x5f/0xc0 [ 2879.872011][T28325] device_add+0x6ff/0x1b00 [ 2879.876448][T28325] ? device_check_offline+0x280/0x280 [ 2879.881846][T28325] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2879.887851][T28325] wiphy_register+0x1d5b/0x2840 [ 2879.892731][T28325] ? wiphy_unregister+0xc10/0xc10 [ 2879.897776][T28325] ? default_device_exit_batch+0x3d0/0x3d0 [ 2879.903610][T28325] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2879.909700][T28325] ieee80211_register_hw+0x2291/0x3950 [ 2879.915190][T28325] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2879.920595][T28325] ? lock_downgrade+0x820/0x820 [ 2879.925462][T28325] ? lock_is_held_type+0xb0/0xe0 [ 2879.930414][T28325] ? memset+0x20/0x40 [ 2879.934412][T28325] ? __hrtimer_init+0x12c/0x260 [ 2879.939281][T28325] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2879.945025][T28325] ? hwsim_virtio_rx_work+0x350/0x350 [ 2879.950405][T28325] ? memcpy+0x39/0x60 [ 2879.954401][T28325] hwsim_new_radio_nl+0x93e/0xf8c [ 2879.959448][T28325] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2879.965374][T28325] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2879.972332][T28325] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2879.979206][T28325] genl_rcv_msg+0x61d/0x980 [ 2879.983740][T28325] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2879.990702][T28325] ? lock_release+0x8d0/0x8d0 [ 2879.995391][T28325] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2880.000697][T28325] netlink_rcv_skb+0x15a/0x430 [ 2880.005483][T28325] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2880.012434][T28325] ? netlink_ack+0xa10/0xa10 [ 2880.017067][T28325] genl_rcv+0x24/0x40 [ 2880.021070][T28325] netlink_unicast+0x533/0x7d0 [ 2880.025852][T28325] ? netlink_attachskb+0x810/0x810 [ 2880.030978][T28325] ? _copy_from_iter_full+0x247/0x890 [ 2880.036372][T28325] ? __phys_addr+0x9a/0x110 [ 2880.040892][T28325] ? __phys_addr_symbol+0x2c/0x70 [ 2880.045924][T28325] ? __check_object_size+0x171/0x3e4 [ 2880.051222][T28325] netlink_sendmsg+0x856/0xd90 [ 2880.056007][T28325] ? netlink_unicast+0x7d0/0x7d0 [ 2880.060975][T28325] ? netlink_unicast+0x7d0/0x7d0 [ 2880.065927][T28325] sock_sendmsg+0xcf/0x120 [ 2880.070373][T28325] ____sys_sendmsg+0x6e8/0x810 [ 2880.075167][T28325] ? kernel_sendmsg+0x50/0x50 [ 2880.079855][T28325] ? do_recvmmsg+0x6d0/0x6d0 [ 2880.084464][T28325] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2880.090460][T28325] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2880.096541][T28325] ? __lock_acquire+0xc1e/0x56e0 [ 2880.101495][T28325] ___sys_sendmsg+0xf3/0x170 [ 2880.106102][T28325] ? sendmsg_copy_msghdr+0x160/0x160 [ 2880.111397][T28325] ? __fget_files+0x272/0x400 [ 2880.121296][T28325] ? lock_downgrade+0x820/0x820 [ 2880.126163][T28325] ? find_held_lock+0x2d/0x110 [ 2880.130959][T28325] ? __might_fault+0x11f/0x1d0 [ 2880.135768][T28325] ? __fget_files+0x294/0x400 [ 2880.140465][T28325] ? __fget_light+0xea/0x280 [ 2880.145082][T28325] __sys_sendmsg+0xe5/0x1b0 [ 2880.149601][T28325] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2880.154652][T28325] ? __x64_sys_futex+0x382/0x4e0 [ 2880.159608][T28325] ? do_syscall_64+0x1c/0xe0 [ 2880.164304][T28325] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2880.170290][T28325] do_syscall_64+0x60/0xe0 [ 2880.174717][T28325] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2880.180609][T28325] RIP: 0033:0x45c369 [ 2880.184505][T28325] Code: Bad RIP value. [ 2880.188575][T28325] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2880.197012][T28325] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2880.204995][T28325] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2880.212978][T28325] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2880.220966][T28325] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c 22:19:19 executing program 2: 22:19:19 executing program 3: 22:19:19 executing program 2: 22:19:19 executing program 3: 22:19:19 executing program 2: [ 2880.228950][T28325] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2880.258142][T28331] validate_nla: 6 callbacks suppressed [ 2880.258151][T28331] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:19:19 executing program 2: 22:19:19 executing program 3: 22:19:19 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500080f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:19 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2306000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2880.322782][T28331] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:19 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004500000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:19 executing program 5: [ 2880.430734][T28348] __nla_validate_parse: 3 callbacks suppressed [ 2880.430745][T28348] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:20 executing program 3: 22:19:20 executing program 2: 22:19:20 executing program 5: 22:19:20 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500090f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2880.585984][T28355] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:19:20 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2307000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:20 executing program 2: [ 2880.637049][T28355] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:20 executing program 3: 22:19:20 executing program 5: 22:19:20 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004600000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2880.742094][T28360] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:20 executing program 2: 22:19:20 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000a0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:20 executing program 3: 22:19:20 executing program 5: 22:19:20 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2308000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2880.907051][T28368] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:19:20 executing program 2: [ 2880.950514][T28368] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:20 executing program 5: [ 2880.994466][T28373] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:20 executing program 3: 22:19:20 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004700000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:20 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2309000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:20 executing program 2: 22:19:20 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000c0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:20 executing program 5: 22:19:20 executing program 3: 22:19:20 executing program 2: [ 2881.262543][T28386] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2881.300991][T28385] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2881.326660][T28385] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:20 executing program 5: 22:19:20 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000e0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:20 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="230b000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:20 executing program 3: 22:19:21 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004800000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:21 executing program 2: 22:19:21 executing program 5: [ 2881.570020][T28398] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:21 executing program 3: 22:19:21 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000f0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:21 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="230e000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:21 executing program 2: [ 2881.656386][T28402] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2881.716416][T28402] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:21 executing program 3: 22:19:21 executing program 5: 22:19:21 executing program 2: [ 2881.792363][T28409] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:21 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004900000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:21 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500100f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:21 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2310000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:21 executing program 3: 22:19:21 executing program 2: 22:19:21 executing program 5: 22:19:21 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2882.089600][T28421] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:21 executing program 2: 22:19:21 executing program 3: 22:19:21 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2348000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:21 executing program 5: 22:19:21 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500480f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:21 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004b00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:21 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7baf4b06d3585a09a87507ebf4e43bc0609b1f4ecdc78eb2b57c099b6ed90e0ebcdac5f7a860c00269c781f6428457253e89ad528d985636a86ec0f60f5a6d1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81070545cab5d5b0da0f0575cc2727e8d974927676468582d8621c3ac94712ed9cf6b40b3cf252a47c05af3a30d57cc3ed67d1867b54d24e2da1856ad3b0f24b52616bf84d3b00127473e6ba922aff649609d40b47ec349ccba3ce8d530ffff19a6471bf3abc742d9cbcfb964b13831034694a6aad86cf08a2c7b2235dc99de9aa3e6b77c7a2877261ed713eec3b86836ae504479f60b0ec9204d2b85627aa5a79f670000000000000000000000008f02712c3d8fc4e2686e21a855e823887196d4f4e9f2013d2aef4a3b5092be4d6852b88317c5adbbdb001bafe5725c8a4047b91da3768c1ca6a4410009f95d4ba21068285afa8d3b4a6893d3626ab5becbcdb887af2c85c2d9ab09b5dd4406d273650bf7b2ff4602aec5eea2000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0x69, 0x20000000, &(0x7f00000004c0)="b95b03b700030003009e40f086dd1fff060000000000000177fbac141412e0000001c699da153f08e0e6e380f60108f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0xfd, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) 22:19:21 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x40000d) 22:19:21 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xa7, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) write$cgroup_type(r0, &(0x7f0000000140)='threaded\x00', 0x12000005f) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0}, 0x20) [ 2882.355623][T28435] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:21 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004c00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:21 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="234c000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:22 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005004c0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:22 executing program 5: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x1, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000100)="2e00000033000535a4abd32b8018007a0124fc60100002400c000200053582c137153e370900018004001d00d1bd", 0x2e}], 0x1, 0x0, 0x0, 0x4c}, 0x0) gettid() [ 2882.638539][T28450] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:22 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004d00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:22 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000280)='syz1\x00', 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000340)={0x0, &(0x7f0000000200)=""/189, &(0x7f0000000100)="c1ce9984f3dd68b778a372f72456c52161cca42e6fbb2451fc1cf94ac178fdb811d92e73be9600151b9013f48db443839c5d10f1c2425ff9f3ce84cdc4e2e6", &(0x7f00000002c0)="9bc6135850e8a6b91626c07f5ffa48932d30994b5581d4b27893ced131aad2cacc0069498f30efc95db74478886672061bf3c57574ca2d4dc77448d7c39e47d66d40471d172ed45ab3eaf26ee83430933fe94cabd0ac6906e04f130e0745fb6972cc", 0x0, 0xffffffffffffffff, 0x4}, 0x38) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x0, 0x0, 0x7f, 0x40, 0x0, 0x3c43, 0x81021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x6}, 0x42028}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000003c0)) socket$kcm(0x2b, 0x1, 0x0) 22:19:22 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500600f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:22 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2360000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:22 executing program 5 (fault-call:1 fault-nth:0): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2882.923631][T28464] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2882.963205][T28463] sysfs: cannot create duplicate filename '/class/ieee80211/!' 22:19:22 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004e00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2882.983625][T28463] CPU: 1 PID: 28463 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 22:19:22 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500680f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2882.983643][T28463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2882.983648][T28463] Call Trace: [ 2882.983675][T28463] dump_stack+0x18f/0x20d [ 2882.983705][T28463] sysfs_warn_dup.cold+0x1c/0x2d [ 2882.983720][T28463] sysfs_do_create_link_sd+0x11e/0x140 [ 2882.983735][T28463] sysfs_create_link+0x5f/0xc0 [ 2882.983753][T28463] device_add+0x6ff/0x1b00 [ 2882.983773][T28463] ? __sanitizer_cov_trace_switch+0x4b/0x70 [ 2882.983786][T28463] ? device_check_offline+0x280/0x280 [ 2882.983807][T28463] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2882.983830][T28463] wiphy_register+0x1d5b/0x2840 [ 2882.983863][T28463] ? wiphy_unregister+0xc10/0xc10 [ 2882.983884][T28463] ? default_device_exit_batch+0x3d0/0x3d0 [ 2882.983911][T28463] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2882.983931][T28463] ieee80211_register_hw+0x2291/0x3950 [ 2882.983957][T28463] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2882.983976][T28463] ? lock_downgrade+0x820/0x820 [ 2882.983992][T28463] ? lock_is_held_type+0xb0/0xe0 [ 2882.984006][T28463] ? memset+0x20/0x40 [ 2882.984021][T28463] ? __hrtimer_init+0x12c/0x260 [ 2882.984041][T28463] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2882.984073][T28463] ? hwsim_virtio_rx_work+0x350/0x350 [ 2882.984106][T28463] ? memcpy+0x39/0x60 [ 2882.984132][T28463] hwsim_new_radio_nl+0x93e/0xf8c [ 2882.984159][T28463] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2882.984203][T28463] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2882.984223][T28463] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2882.984244][T28463] genl_rcv_msg+0x61d/0x980 [ 2882.984270][T28463] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2882.984296][T28463] ? lock_release+0x8d0/0x8d0 [ 2882.984309][T28463] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2882.984324][T28463] ? lockdep_hardirqs_on_prepare+0x320/0x590 [ 2882.984344][T28463] netlink_rcv_skb+0x15a/0x430 [ 2882.984362][T28463] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2882.984379][T28463] ? netlink_ack+0xa10/0xa10 [ 2882.984408][T28463] genl_rcv+0x24/0x40 [ 2882.984441][T28463] netlink_unicast+0x533/0x7d0 [ 2882.984463][T28463] ? netlink_attachskb+0x810/0x810 [ 2882.984478][T28463] ? _copy_from_iter_full+0x247/0x890 [ 2882.984492][T28463] ? __phys_addr+0x9a/0x110 [ 2882.984506][T28463] ? __phys_addr_symbol+0x2c/0x70 [ 2882.984521][T28463] ? __check_object_size+0x171/0x3e4 [ 2882.984541][T28463] netlink_sendmsg+0x856/0xd90 [ 2882.984563][T28463] ? netlink_unicast+0x7d0/0x7d0 [ 2882.984588][T28463] ? netlink_unicast+0x7d0/0x7d0 [ 2882.984602][T28463] sock_sendmsg+0xcf/0x120 [ 2882.984618][T28463] ____sys_sendmsg+0x6e8/0x810 [ 2882.984635][T28463] ? kernel_sendmsg+0x50/0x50 [ 2882.984648][T28463] ? do_recvmmsg+0x6d0/0x6d0 [ 2882.984667][T28463] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2882.984691][T28463] ___sys_sendmsg+0xf3/0x170 [ 2882.984707][T28463] ? sendmsg_copy_msghdr+0x160/0x160 [ 2882.984722][T28463] ? __fget_files+0x272/0x400 [ 2882.984740][T28463] ? lock_downgrade+0x820/0x820 [ 2882.984757][T28463] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2882.984771][T28463] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2882.984793][T28463] ? __fget_files+0x294/0x400 [ 2882.984815][T28463] ? __fget_light+0xea/0x280 [ 2882.984836][T28463] __sys_sendmsg+0xe5/0x1b0 [ 2882.984851][T28463] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2882.984878][T28463] ? do_syscall_64+0x1c/0xe0 [ 2882.984893][T28463] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2882.984911][T28463] do_syscall_64+0x60/0xe0 [ 2882.984928][T28463] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2882.984940][T28463] RIP: 0033:0x45c369 [ 2882.984945][T28463] Code: Bad RIP value. [ 2882.984954][T28463] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2882.984968][T28463] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2882.984977][T28463] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2882.984985][T28463] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2882.984994][T28463] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2882.985003][T28463] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2883.059008][T28474] FAULT_INJECTION: forcing a failure. [ 2883.059008][T28474] name failslab, interval 1, probability 0, space 0, times 0 [ 2883.059027][T28474] CPU: 0 PID: 28474 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2883.059034][T28474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2883.059038][T28474] Call Trace: [ 2883.059058][T28474] dump_stack+0x18f/0x20d [ 2883.059078][T28474] should_fail.cold+0x5/0x14 [ 2883.059096][T28474] should_failslab+0x5/0xf [ 2883.059112][T28474] kmem_cache_alloc_node+0x257/0x3c0 [ 2883.059128][T28474] __alloc_skb+0x71/0x550 [ 2883.059147][T28474] netlink_sendmsg+0x94f/0xd90 [ 2883.059165][T28474] ? netlink_unicast+0x7d0/0x7d0 [ 2883.059185][T28474] ? netlink_unicast+0x7d0/0x7d0 [ 2883.059198][T28474] sock_sendmsg+0xcf/0x120 [ 2883.059211][T28474] ____sys_sendmsg+0x6e8/0x810 [ 2883.059226][T28474] ? kernel_sendmsg+0x50/0x50 [ 2883.059238][T28474] ? do_recvmmsg+0x6d0/0x6d0 [ 2883.059253][T28474] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2883.059264][T28474] ? _parse_integer+0x132/0x180 [ 2883.059275][T28474] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2883.059288][T28474] ___sys_sendmsg+0xf3/0x170 [ 2883.059306][T28474] ? sendmsg_copy_msghdr+0x160/0x160 [ 2883.059319][T28474] ? __fget_files+0x272/0x400 [ 2883.059334][T28474] ? lock_downgrade+0x820/0x820 [ 2883.059346][T28474] ? find_held_lock+0x2d/0x110 [ 2883.059358][T28474] ? ksys_write+0x212/0x250 [ 2883.059373][T28474] ? __fget_files+0x294/0x400 [ 2883.059390][T28474] ? __fget_light+0xea/0x280 [ 2883.059407][T28474] __sys_sendmsg+0xe5/0x1b0 [ 2883.059419][T28474] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2883.059440][T28474] ? do_syscall_64+0x1c/0xe0 [ 2883.059453][T28474] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2883.059469][T28474] do_syscall_64+0x60/0xe0 [ 2883.059486][T28474] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2883.059497][T28474] RIP: 0033:0x45c369 [ 2883.059502][T28474] Code: Bad RIP value. [ 2883.059509][T28474] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2883.059522][T28474] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2883.059529][T28474] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2883.059536][T28474] RBP: 00007f08d42abca0 R08: 0000000000000000 R09: 0000000000000000 [ 2883.059544][T28474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2883.059551][T28474] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:24 executing program 2: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001400)={r0}) sendmsg$kcm(r1, &(0x7f0000001d80)={&(0x7f0000001440)=@phonet={0x23, 0xff, 0x5}, 0x80, &(0x7f0000001940)=[{&(0x7f00000014c0)="b3ff72bbea125e4d6c99979ed63ef9dfc904e75ca53ca6b0f7801d093a3f436646bdf584efae7588a704149def78b96f028fb0aede1ba9f3199c77e8d98aeba0eb4ce7b13a5fc96b78e311c781ff686402852dd67066f4a8b66140021aa2fc99fbfb41ba860e81560d79de27526c05f4c787ef7109d5f19bee766326d31917a4a80c3e17c014cb46503a9596332c39fc34", 0x91}, {&(0x7f0000001580)="478337173624f35f095e51d5806181021da18b42888263b9670cd5734d306e06f3284616e3e13a030143998c10bc3f", 0x2f}, {&(0x7f00000015c0)="0c69a2ca993c8a872084e9094e563f21331ee88cc1ee5e61f08c36239a81ec4d949f41d96823f058fe4af1ff3aa3420097e08a24251317afbeabd4c47d93840bef9221bed959e958ef67d6238aef97c51129255ac7ba0c3ed001e5b0671d035e55e6bd19b2361e38e637bdc5682b56bebd005387a5f3feaaac6e68634be244b73efeadae6e1fed5823896bdf4b887285279a3e08d969006bee4ddc4318844fa25d9ed7409230ba7e485932e900ec4ef87fb93d582b8548673eb5a8c66464055fdbf8df98b0749a5c5d3e5d9799b8bc4a7d6a0ca650c202", 0xd7}, {&(0x7f00000016c0)="048d5910ac3373752632eef6845b91db692aadd4aad3c8d9d2e6901bd01d4eaae962ce30167ac7e0fd4c2d46b670ced823eb53b7938f15a9968bef74a003efb6f505939281102aa6a5395bae95d2aefffa7bea3406252accb542e19c65d69250a87bc49be5ae1eb69327be5c6dd4058e3dc3be46c550cecde41f392ed8ce36ded46feb3738316e69628c6287803ee9eecec2d09c6d421faae0da03ab914a4057cd5f7cd6ef809abf95f4ce2681ea66d05c0e611f566632efb7f156aa30a8ead788de9a369bd1d39434d6a6b0a7f94bb851c3a0bec0f653", 0xd7}, {&(0x7f00000017c0)="49cc6ffee48f16276eef9bc48027bd52f61afd01d6414459754280af52f49556818afe86fd498b4549d41786b5f64d1e6ed2c26b49e35d3163ca76a1db2ad66635099980f58cd7abe534e32c29d553b00de388d6121632d8d3d8060715b6566173015fcd1577e5620213cb5ed665e32b2123a0d90023c5ef34da15b82860ca9898640ce7a72f617b7e07d69268b34e19fc48a83b49df811781b8c42bc40197cd2abf9f0661164a7d37e31dd1ba71987e5bc3b6f95220e822c62b586b5057f5237bc0e970ca20126944bce901e2618348fef303909432560802bfd6866025e4ba07e5d540953b95d9a2e62b46f854ae914a4003200f", 0xf5}, {&(0x7f00000018c0)="cd32fbacfaf8eefc90b3ee78fb3068b9e1a31c", 0x13}, {&(0x7f0000001900)="6ed12b68055635a1557f52c5ae58c5d3", 0x10}], 0x7, &(0x7f0000001e00)=ANY=[@ANYBLOB="10010000000000000001000003000000beae00a203766ee222106928d6cdbc593f20f3fe27876e3eb1b8252676b5b36dd43fb26a6996f087e1da2776d798332c62e6672e7e36554bc68cbbdd963dd938e100f44e07d50e5ebd0c720f7f1abf5d48c9e20c34ee240881b105b01f00e10d882e4e93b98f1dc09ec210590e4f29db9e6c3b99df35cd66f7e633424f4798328c0cc24dc513e1306edf84019d34ca72327b51fc88f2fcc7a6af48257bb4483c8312f59050d210929770c49cfd9d4be214cd98a464e564ca95e03cad1ba3e76df43df34ca21674badbced3fe531f6736f914dd73e7bf230f39ffe330e64a066369165d84518311f1d867caf339de758e21c1bcea727cbdb345ad000000000000f0000000000000000801000029ea00002c7bcb4d06b092202cad65f1f9aea616ccf99847c30c688e2dd354c9a5d72f678a690ae9c73476a9c0295da7b43606ee6b70f14fe5c733f7ad8aa3b9249834562207d11452d9bd888bd6954bd091d4945c0698b758533245123e17017a06b08f52640f3714ea7682e8b204b4c8c2289eb52a9abb3e4233550573c0eba6c2bda4780e180b15284ea047426323c0c773af45e5c4e603b0ff2948985e7c1eab92d5c8c975375a56ca0164e4dc8d28b4dff83ac6d2401a0474de4bc71cb1a0ad8e9f147562532ed3681332f5d5c17662b67b1bf1195036363d39f16aac5bceab76002000000000000000070100008000000080ff126c82bcf97a3338f60000000000600000000000000016010000060000004777040b03902bc8a66ffd14cf636008756710a5efecdbd819815cf63c3ab1c6268df4ab14f507148825c2505a58c6a763bbd2c4cb6a518d86d1982ed31c3b5c240dc570a1aa768bbc803907ff000000480000000000000008010000ff0000008b7898c23e74f6a4c52f6e8515ad7166053d3e89e8446148778b85ecc7584bc29b1d6e4bb84a0a78dda17154726f963b6ca13e21fc0e00005000000000000000d3d915aced000000916af9ce2530bcb8f44300c30e48f22ba4936a43b31487cd7a94373c63532fb277961d45747dbb4a20e09044e0124b8660fbe66d13858547b7b29bc7000000003800000000000000ff000000080000005ba0f3b78400a970b44267344dcb711dcca97f63bb3f4d2784a8515c5210a504f2819677000000003800000000000000030100000c4dffff1fafebfe20069abba02b441e3bd7486664c45723d4ecf6f443b66049ebc50abddbf61a59000000005b449ca5360798589338bbc51be397759ee52c991dcdc625efd4eec9a3"], 0x388}, 0x4000000) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000000c0)='ns/pid_for_children\x00') r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x102}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001340)={0xffffffffffffffff, 0x0, 0x1000, 0x32, &(0x7f0000000140)="9786b9030ff1b4fe0ac1f4160cd37261b22f5f4757deaff130ddf7c7913dfd00496d5fb01b025dd1efd53a75f9f23284a2b46fcd6e80d20160664396f8075085234b54caa6afc41eec3b59a615c2d9216a616e5124f96aef6939a362f9f55ddd96dc1c212181abea0d1db84342a777d6546ad82cc237dd3c5dee1bc0d1af0f660c65d7dfeb34640aeb22c0c22db5b7a9b18934129b9983d3aa6b49d469b09b2ef3bdd91ac364c88e5ae0e80ed13262e3c64af4fba52cdd268e0cf8cefc8ae96313f8bb5e6633e36055311b1bb03e3cf6fed3f8dd0964a2f1457c55e8a0807707258e97f2f79f747c774f014abe5a08c68192024b1513d77d51f04d423891a19c7aae3f18aba54f525e485e539292b83fd18a77b607d49f415e8eecf0197eea6cf1c8a9ca759989b03990b8baec84a017b6bc75d7879aec66798e256da5075c8a5daf33ab372c2284bd9f98f4c4140d55a791f51ac321f833f97b3a5ba34c5d7f2579fd3fc166d0cb12a16a3f9e2b24fd8b9504fe498414ca6f974c0235f63a060ebdc2cb671a57e1fcf341ebed36443085b24bda15f582a90d118125a12535e64afa10477989dd3a8140333db506543998f6158f409320ffd9bcff9351874231d317cb31a0afef3cd9ccdab37d2d4608c16c750e8cf9a495c3904c9341e2349fe6cfa72cc4ee9960c0fe6ecfb8c35338bbb3d5e321f110da9486f6d30226462f6837a5e7709b8ef9f67f574b2929d9cd1076f2aa7e89da16fd87d9bbc467451c51c874475cf010c300a79b2e3b4ce5d5a37e75ab1b17135c6c38d8c5afdc2d3cef76363756c9c905c34a381d03861742e5f0b150dd9f9511832688d12f8acea5dc6095050b771f03f4ee92462e15ae0faf84c1541e715800a90968fc7c9c2b6d6aeb452001a65604a0aa0c46f5677adcba7d8b304c391bb7483f8939f33ebb677bda7df289da146fe566b796e77a469f48b84b3441e478467424a22d3312e3eb16b5183710eb7d2e1c9200413ac95d979cac438d687eec4d2bf58cac638d94526d984b6042f00490b883527948f88be5281be143c548c143cb0ad2d78053f246f695ce9848ea806bbb7d94c705650a0c795c334b134ec21c06ef4e53d5138cedc5ccd459dd62ea2f4718a28afa005e43ef4aa67dabfee1553f56903baeb3530b643b706c4a8f938aab6d83961fb8a3aecff2c14c4a2e471bf5108c70afa52391f024095cf52cf1f45ae2791b63e7caa02f53179cd9abb97d91e0dfabc519819fd8584f36eea821919161c455801cb3e229e0c2cdbaed0dcf92c517b24d51f2d88ced29c35c6ebed957e1344e4d019363f971f54014820d0eea1fc25be345fa6c1946f80d9a11af8ae8de63415857106f801bb461bb25b6edc56994353775cf6c545e78aba7c05fe8406de079e2a7bd1a05b8736156c59a11a23aa9f49f7ddfd5e038635bcca2834283ff4787ddd48d8a3d0c240e2c68e95a27ba10e64f4797dd24448ed3fa038b9ce9e0a2cc811c1b4d5a3bda605282f8adbf94ace46c2e9f451397766b6c445fa254ad2549ff02eb0fbe3a1e925e5b692811a14186bd66e80be674d932e8d9273e9a4d5cb69989723407e2cf87e6d042ef7b349d3d82a8031c69a39a738ce96eba252d0f1af7abef251e4d046a4e01058dca69267332ae59a3586017189684f2d01acae31b396493d7c83d3e0662f18042ffdfb263d81ca66fc48e7601b8338501fc7c66f1719254a9f1da9b177ef212599450dbe0dd84c47a5ac53bb50812295697d2af899db25289e9df8fc4e4c378a828caa6d3b89e0f39f582aafc3b6a347f7859d1906fe61d278e2b6da43f45e9f767252d7a9ac1bfa440564335f9aa9606ec27fc4bafadde338a68d2f751e650b691758d0659166f88e6a69c1d515713b031120df4ddf814c860f4db3cb32d872bac2685a59cf149e2a48dd3677ddec725a5a66946ebc773626819bfec80abf62d2ee9a131ca26763700dc3bade9d0ff8a081ebe983ee1ecf3660f2146726e3fae10b569bdce4bb653618eba4ff9e28cb1fb4e00462cd55d289519ad6247de9fe8e1a73b92c05cf684fcd199343354e6da2478fa154aa2bdd5c2db2b4fac72b117e2db272b0af3322d02401189bfa084a3ba59a55cfc9166ee5a1c92f6a315e1bc1cae84fcdb8f8bde7712a2eb32a39ccf895c18f4d44b0208aaeac3be7f49781f9f3ab5b5d56952366d863807b6efd0d1d6ca6686d1aa303fc0f4b8fe5baf975c6f815d34c07f19339202137ab8b1cf912472ef70ae173174415908f2e3eb68b5ebda07ad72bccdf401c350a7df36700b2bf3ae637a2a7b86eec99bffcf6738eedfb68cb98e83a597a6f7ecbaf00b47e00ed1b5234de573d172db3d8e30e17ebf1eb4032bc6dd26ff8bdd7b8d8bd110935c36fe68c0b95a758e802118ab620a9e533dd4bdac14e1439d6f4c963b6e1d3a363d5dd51b3290fe66cc5980047644620ec2b67dbe4ebe26795d4fb8391a2cd745f1f61fd7f919507b07aa608bc42e4e0de1cdd80a5634bf4f7235297b96e6fc87ffc9be616f67531bb51905ddb3e59bae3bbff1117abac69721eb7bf2054a759c052c26472a134410089db6fac8496422b1aa440a96258a05fbaac01185062e2e1e0bfbe61209031321c6f83d3059f75cca46a80fbd5026f7ec56435d186be10ebd6b76938fe45b1f6e6890edc82ed730586e492439cfbcdd31fe95a9666d2516db013c666db62fff79ee3ea141c2d9559cd70e39bc6e5a770ef98ee54392afd22ca9e023dba687f466192ebb12fdbdbae1dc9b59099cff0261e79ff67288b044bd83c0851f764a5d5d5ccc41329c4b23d76f27fb926991daa279425003004c80cc5af45eab4225369aa4c12678c83c8daeafc46b8d4d7adf3656a3421875299c0d27f9ad687ecad8fdd47c081a7fc7a3c2928a1a57f46325b5e94c5ac38d0914a9510a94ce507da2c27097eda41d2d51c431361a7a58158422925d577e6b03bdc80da7d5718480a798f24dd6f24123ddb31ae78a72f08016b50df99bd9ffe25475bf1bf311c5fb10baabd58dd6380a1cc47240e0e6c551e258761e80bd9a04a297de3ff355798fb095305a4440c2dca6740fc1bc80a0493113f3a6ef71d3e64b450c85256a31b0b47f01dd7a4ef87d8ad9d91b9cf1cfa74a440ef8652b1e28b0694556c6d5908ac89e60b6062f606766d17612432ab71d414a184cd88812ab1cd8fabc0d6f63dc6d1731aa23cec31f0183f821d184aace02b1282f93370c24738c166f7ec603dcfa014e01064cb6c86771cbd40d8eab1c3925930feb2555b5050198adbcab555a2f7e35edc29e259bccca26105953f5c9dbf27aaab21a7c621e47e4083033cad31d2f821d2185cd79e58ba018fd0a30d4f2ddc26de4bcefc822a7717c56f2c60c352fbbeaac8075ae1e1466d195aed85c1cfc369edbd74cd41048eaba6bf32ad65a800f70e6c922bcb54ddce9d518e07e8b5b5641df4b6ff1fbb16ff6d4c583b36bf70b31d748682fb191ed1b437690289d0ac35ff5e530073af54f6daa804def16b3d4fbc093034e801fb2699096916dbcc7330a1d74547743670edd7ffa59b6963088b98d9a616847f3e734797cc9dbeb67a617edb57e954baa641cfc770b9f341cdfe34190f4c6064f276f791ac5063de2a045738efcfa85eb3250f383d8097995f1d4428870788d74289440263d2ffda9c085f1c2eba66826be84bb9c782b647fb4a1227a570910ce0c4f967eaeaa0973d3c43597af6a860d844d807cd409d1c65aca886384928bb5318cd34a56ebc11e7b15ae398a8a576f1ffaa0e62b7b1f8d932343f8049d98417f0534c309aff9edde66ee52cce084c3f5b25a5a9987177ea92c34206e4ca41699fa69c545996978f1a70bd62bbda471ace12d0871a1e248e050352def4ccbac362f5470d230478cd154b85b97a6e65f5ea5bf09254203ed21784bdf51fbeb5329ca5d1f438bca8ad7772b6081adae54790c9eab2c7d5aed442066e633096e25c5000dcc1f56e34214450f5fb8a5304ba5ee4509a58ea49e99a774d4f662cbfcfd757baba11a5391e2c95d55348c5187313604a302ab472f53e454b5e2ec2a61489009656a7bdd8cae48d92f9fca95273d8a159a5aa8ab5875d911eb6016db52e191dc2c980e2e64d645efdd1889932363ed3828a5866af60c3eb4d4d556547d7f784e95b0076d9a37453ebf5a23e47d4aaf38ff9726de7b0bffebbbcbb26b24dbf3bc8a2e8b65d9ec8de923e891f31692efec2fd17ac824629d27808449d10b42428f05658e9d18e7bb2881020094b667a1237e472db056fcb71dda174df4c24834be9f88b19d592f01c3bad04cad5a4afd8fe1d3af83d5bbaec09490333e9c6fbc832fd3c9881e4c3a0596ed6effbe9370815abb3509b83ed5d813ae39c4e2b53684d6766255d7a8b61cc94c3acad9d97c70d562374adb4b6f64bebd7c8038bcaab2cd7eee13ee46419ad34a2d968e7d450715059e97bd6ff0d8cef6a51abd97b6a5daa0988b4c9de8680ee6e5010da3d515b53512a31f3819ce6056a5febcb8a3147658a32f2b7cfd019f7b3e7d12023b15c6c11486213c5ac095c96bf1f0cce02ee6a9a19ab24040979a2552bfef715b709093ff51bfa374f06eb6744624a3653a421a9299443a11d7b20bdbb9f006e328bb81841c313c2ab32d1f9b4113bb9b652d2e401a8ebdea0aeabb9b11e974a28f57279f2f46866421310675624654b3c3d57a3c27747cc684ec5134a4eb7d9dc5f5d0b612686f8268f5e2b91b35eee7e1538a03c1da0cf73070b995982388743faa19794f774ff3956dc5378df3a4379cb3602cc2215376d0e66b6cd0fa455a55df4bd9db570fac27ceddb9535c8f8a11276be8e1ab027f50917426f1bfabdcc04a68443624f312bd5f71b1e2fe831e80b7cf88a486e9956e03eda72d2ff2bc471721a0d28310d1b2e38ba69fc5a20ca17f429ea035691589605f5e932f7be17b898f54f90f8c522cf7b101a4a0814e88089fc2642805935209f84998a912db8ee0c88589a582eee5ad095f5939695478d8c2ee1f53767aea0e5003188cc3f49afc540dbc258ea9a6d69c26bfecdd302dbde38c791bd46f870ac3fa8cf43641e2944f43618a12a44709362240e72d0da22a836dcff92497046af5776f82d7116628813b59be922ad247beae57e1584614c85cb6d37f7813ae66b97292d7f133187062e3017ed0140b6019aa0840b6c88929a9d4f828921442153cdc77e6cc10e5cc5c75a02081db92ffcb3808a6f630b337acbe1cdfda0fdc09993b8bbb7bf3f3e2ee1a64f0f64e542c7f6ee0e9daa58ac605348f18c5aaa4fd1022351c0baa21a61eda5c102542e37f067a1b2ae620bc1b211aa097f8f46013ddb20e47769703bd1b43e19c41d4f3a9aff605504d2651e784f8b005a3838e60eb87725c747e1b3aed49105bae3710b37a42f4e46df2db449defbffc662643cb285c1531484dc1c0bd354b1c90c4dd3d7e091f2f5a7184fd27e8889c9bea5753e5ef1346ca56c823afa09e0b24d8c52306378b2b1e3c3f94689bca17a89d158de3cf97cc83e79e3b688cfd59e39a45b4dc1cb8e78bb50993ac8a587e4555005c95be9586dd7cbd5adfbc3d67abfa0a25ce571165cdad6470cf1e50ad17b14b4c94645c901b35dbccb0fc366cd2707da141262f2ff318a7540eb13cb867c634c098506825443085d69fe18c9ec5ed7881b6647ec4a71cd18d8e00865e8f76d457a5f739c707a66b2460573e94aab554d1c5bfb19266f74ed346bf", &(0x7f0000001140)=""/50, 0x7, 0x0, 0xf8, 0xbf, &(0x7f0000001180)="0c943d7388567cc0d7566619068b4d156915fe5dd98d7e7a70379870110d716fc6e87b6b9997fe4b4e931ef5cdcdfd9680d0566182215d50b0e3ced68716b3310ae9514c82b08e0a8a819760b23f297d9a432f8b12cef315860ee616271ec34f20b93894a224c159c04f73b2b3a3bc75fdb0a582c7e1a8d1c86aa408ae6810ef296d4958d70e146a228d5e367fd5a5c39380a641c7aeb661ffaf65009d3edae97734d5e5ac29dce3d8e9f90afaeb45b5d72ffe3783847bae7f80d73614d4fe21630b880a38102f0ccd72274e6ba1901feece592eaa980a1eb30702b55e2d4a4ad58ce92e032f20073a21759f90ae9e2ff8badd18e37d3719", &(0x7f0000001280)="ed0d507b2c855ad93cedabb0bf1987db564e31c7ff9d965a43a8186f416b7c53773c3ca858bf8bbc1d37359ea4bd54b79eea2d38579082049c86392ff640aea6fba7dc15732d838e71a464be9e24a38c7ecc8d6600585cd1d54533b6318e19e283e8259b9efcb57d1cd42329a14d97c261581b033041fbfdd6836120277f041b9c0ec8d505c2bf7162b712fe3996a6a82312cd976b60ad6b70415faab05579e04326931b70195ba455e166bada39c4d36b38286af825b7c83e8176418581ed"}, 0x40) close(r2) ioctl$TUNSETVNETBE(r2, 0x400454de, &(0x7f0000000000)=0x1) r3 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000001dc0)={r1}) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001380)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f00000013c0)='cgroup.stat\x00', 0x0, 0x0) 22:19:24 executing program 5 (fault-call:1 fault-nth:1): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:24 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2368000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:24 executing program 3 (fault-call:6 fault-nth:0): socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:24 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005006c0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2884.524233][T28483] FAULT_INJECTION: forcing a failure. [ 2884.524233][T28483] name failslab, interval 1, probability 0, space 0, times 0 [ 2884.543312][T28487] FAULT_INJECTION: forcing a failure. [ 2884.543312][T28487] name failslab, interval 1, probability 0, space 0, times 0 [ 2884.557273][T28483] CPU: 1 PID: 28483 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2884.565967][T28483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2884.576023][T28483] Call Trace: [ 2884.579306][T28483] dump_stack+0x18f/0x20d [ 2884.583622][T28483] should_fail.cold+0x5/0x14 [ 2884.588194][T28483] should_failslab+0x5/0xf [ 2884.592585][T28483] kmem_cache_alloc_node_trace+0x27d/0x400 [ 2884.598373][T28483] __kmalloc_node_track_caller+0x38/0x60 [ 2884.603995][T28483] __alloc_skb+0xae/0x550 [ 2884.608304][T28483] netlink_sendmsg+0x94f/0xd90 [ 2884.613051][T28483] ? netlink_unicast+0x7d0/0x7d0 [ 2884.617969][T28483] ? netlink_unicast+0x7d0/0x7d0 [ 2884.622885][T28483] sock_sendmsg+0xcf/0x120 [ 2884.627279][T28483] ____sys_sendmsg+0x6e8/0x810 [ 2884.632022][T28483] ? kernel_sendmsg+0x50/0x50 [ 2884.636676][T28483] ? do_recvmmsg+0x6d0/0x6d0 [ 2884.641370][T28483] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2884.647330][T28483] ? _parse_integer+0x132/0x180 [ 2884.652161][T28483] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2884.658121][T28483] ___sys_sendmsg+0xf3/0x170 [ 2884.662811][T28483] ? sendmsg_copy_msghdr+0x160/0x160 [ 2884.668077][T28483] ? __fget_files+0x272/0x400 [ 2884.672734][T28483] ? lock_downgrade+0x820/0x820 [ 2884.677587][T28483] ? find_held_lock+0x2d/0x110 [ 2884.682331][T28483] ? ksys_write+0x212/0x250 [ 2884.686817][T28483] ? __fget_files+0x294/0x400 [ 2884.691475][T28483] ? __fget_light+0xea/0x280 [ 2884.696047][T28483] __sys_sendmsg+0xe5/0x1b0 [ 2884.700527][T28483] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2884.705542][T28483] ? do_syscall_64+0x1c/0xe0 [ 2884.710111][T28483] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2884.716069][T28483] do_syscall_64+0x60/0xe0 [ 2884.720477][T28483] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2884.726347][T28483] RIP: 0033:0x45c369 [ 2884.730213][T28483] Code: Bad RIP value. [ 2884.734252][T28483] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2884.742637][T28483] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2884.750688][T28483] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2884.758634][T28483] RBP: 00007f08d42abca0 R08: 0000000000000000 R09: 0000000000000000 [ 2884.766670][T28483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2884.774619][T28483] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2884.785032][T28487] CPU: 0 PID: 28487 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2884.793814][T28487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2884.803864][T28487] Call Trace: [ 2884.807139][T28487] dump_stack+0x18f/0x20d [ 2884.811452][T28487] should_fail.cold+0x5/0x14 [ 2884.816025][T28487] should_failslab+0x5/0xf [ 2884.820419][T28487] kmem_cache_alloc_node+0x257/0x3c0 [ 2884.825688][T28487] __alloc_skb+0x71/0x550 [ 2884.830000][T28487] netlink_sendmsg+0x94f/0xd90 [ 2884.834758][T28487] ? netlink_unicast+0x7d0/0x7d0 [ 2884.839675][T28487] ? netlink_unicast+0x7d0/0x7d0 [ 2884.844587][T28487] sock_sendmsg+0xcf/0x120 [ 2884.848980][T28487] ____sys_sendmsg+0x6e8/0x810 [ 2884.853728][T28487] ? kernel_sendmsg+0x50/0x50 [ 2884.858381][T28487] ? do_recvmmsg+0x6d0/0x6d0 [ 2884.862951][T28487] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2884.868918][T28487] ? _parse_integer+0x132/0x180 [ 2884.873766][T28487] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2884.879725][T28487] ___sys_sendmsg+0xf3/0x170 [ 2884.884294][T28487] ? sendmsg_copy_msghdr+0x160/0x160 [ 2884.889557][T28487] ? __fget_files+0x272/0x400 [ 2884.894211][T28487] ? lock_downgrade+0x820/0x820 [ 2884.899037][T28487] ? find_held_lock+0x2d/0x110 [ 2884.903801][T28487] ? ksys_write+0x212/0x250 [ 2884.908288][T28487] ? __fget_files+0x294/0x400 [ 2884.912946][T28487] ? __fget_light+0xea/0x280 [ 2884.917520][T28487] __sys_sendmsg+0xe5/0x1b0 [ 2884.922012][T28487] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2884.927023][T28487] ? do_syscall_64+0x1c/0xe0 [ 2884.931594][T28487] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2884.937558][T28487] do_syscall_64+0x60/0xe0 [ 2884.941973][T28487] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2884.947843][T28487] RIP: 0033:0x45c369 [ 2884.951708][T28487] Code: Bad RIP value. [ 2884.955751][T28487] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2884.964138][T28487] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2884.972085][T28487] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2884.980031][T28487] RBP: 00007f4e9bea7ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2884.987978][T28487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2884.995926][T28487] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2885.252396][T23700] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 22:19:24 executing program 5 (fault-call:1 fault-nth:2): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:24 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500740f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:24 executing program 3 (fault-call:6 fault-nth:1): socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:24 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="236c000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2885.461339][T28507] FAULT_INJECTION: forcing a failure. [ 2885.461339][T28507] name failslab, interval 1, probability 0, space 0, times 0 [ 2885.496709][T28510] FAULT_INJECTION: forcing a failure. [ 2885.496709][T28510] name failslab, interval 1, probability 0, space 0, times 0 [ 2885.524510][T28507] CPU: 0 PID: 28507 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2885.533304][T28507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2885.543367][T28507] Call Trace: [ 2885.546757][T28507] dump_stack+0x18f/0x20d [ 2885.551154][T28507] should_fail.cold+0x5/0x14 [ 2885.555761][T28507] should_failslab+0x5/0xf [ 2885.560196][T28507] kmem_cache_alloc+0x40/0x3b0 [ 2885.564971][T28507] skb_clone+0x14f/0x3c0 [ 2885.569229][T28507] netlink_deliver_tap+0x990/0xb70 [ 2885.574358][T28507] netlink_unicast+0x5e5/0x7d0 [ 2885.579137][T28507] ? netlink_attachskb+0x810/0x810 [ 2885.584252][T28507] ? _copy_from_iter_full+0x247/0x890 [ 2885.589634][T28507] ? __phys_addr+0x9a/0x110 [ 2885.594158][T28507] ? __phys_addr_symbol+0x2c/0x70 [ 2885.599191][T28507] ? __check_object_size+0x171/0x3e4 [ 2885.604494][T28507] netlink_sendmsg+0x856/0xd90 [ 2885.609270][T28507] ? netlink_unicast+0x7d0/0x7d0 [ 2885.614219][T28507] ? netlink_unicast+0x7d0/0x7d0 [ 2885.619158][T28507] sock_sendmsg+0xcf/0x120 [ 2885.623579][T28507] ____sys_sendmsg+0x6e8/0x810 [ 2885.628353][T28507] ? kernel_sendmsg+0x50/0x50 [ 2885.633034][T28507] ? do_recvmmsg+0x6d0/0x6d0 [ 2885.637638][T28507] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2885.643623][T28507] ? _parse_integer+0x132/0x180 [ 2885.648486][T28507] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2885.654472][T28507] ___sys_sendmsg+0xf3/0x170 [ 2885.659093][T28507] ? sendmsg_copy_msghdr+0x160/0x160 [ 2885.664408][T28507] ? __fget_files+0x272/0x400 [ 2885.669100][T28507] ? lock_downgrade+0x820/0x820 [ 2885.673959][T28507] ? find_held_lock+0x2d/0x110 [ 2885.678736][T28507] ? ksys_write+0x212/0x250 [ 2885.683343][T28507] ? __fget_files+0x294/0x400 [ 2885.688042][T28507] ? __fget_light+0xea/0x280 [ 2885.692641][T28507] __sys_sendmsg+0xe5/0x1b0 [ 2885.697155][T28507] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2885.702308][T28507] ? do_syscall_64+0x1c/0xe0 [ 2885.706909][T28507] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2885.712905][T28507] do_syscall_64+0x60/0xe0 [ 2885.717334][T28507] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2885.723237][T28507] RIP: 0033:0x45c369 [ 2885.727127][T28507] Code: Bad RIP value. [ 2885.731195][T28507] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2885.739614][T28507] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2885.747587][T28507] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2885.755569][T28507] RBP: 00007f08d42abca0 R08: 0000000000000000 R09: 0000000000000000 [ 2885.763548][T28507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2885.771611][T28507] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2885.786481][T28510] CPU: 1 PID: 28510 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2885.795174][T28510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2885.805245][T28510] Call Trace: [ 2885.808548][T28510] dump_stack+0x18f/0x20d [ 2885.812894][T28510] should_fail.cold+0x5/0x14 [ 2885.817489][T28510] should_failslab+0x5/0xf [ 2885.821909][T28510] kmem_cache_alloc_node_trace+0x27d/0x400 [ 2885.827724][T28510] __kmalloc_node_track_caller+0x38/0x60 [ 2885.833370][T28510] __alloc_skb+0xae/0x550 [ 2885.837718][T28510] netlink_sendmsg+0x94f/0xd90 [ 2885.842497][T28510] ? netlink_unicast+0x7d0/0x7d0 [ 2885.847448][T28510] ? netlink_unicast+0x7d0/0x7d0 [ 2885.852392][T28510] sock_sendmsg+0xcf/0x120 [ 2885.856819][T28510] ____sys_sendmsg+0x6e8/0x810 [ 2885.861588][T28510] ? kernel_sendmsg+0x50/0x50 [ 2885.866268][T28510] ? do_recvmmsg+0x6d0/0x6d0 [ 2885.870872][T28510] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2885.876860][T28510] ? _parse_integer+0x132/0x180 [ 2885.881722][T28510] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2885.887725][T28510] ___sys_sendmsg+0xf3/0x170 [ 2885.892325][T28510] ? sendmsg_copy_msghdr+0x160/0x160 [ 2885.897617][T28510] ? __fget_files+0x272/0x400 [ 2885.902299][T28510] ? lock_downgrade+0x820/0x820 [ 2885.907157][T28510] ? find_held_lock+0x2d/0x110 [ 2885.911930][T28510] ? ksys_write+0x212/0x250 [ 2885.916439][T28510] ? __fget_files+0x294/0x400 [ 2885.921127][T28510] ? __fget_light+0xea/0x280 [ 2885.925727][T28510] __sys_sendmsg+0xe5/0x1b0 [ 2885.930239][T28510] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2885.935281][T28510] ? do_syscall_64+0x1c/0xe0 [ 2885.939878][T28510] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2885.945879][T28510] do_syscall_64+0x60/0xe0 [ 2885.950330][T28510] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2885.956240][T28510] RIP: 0033:0x45c369 [ 2885.960124][T28510] Code: Bad RIP value. [ 2885.964184][T28510] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2885.972598][T28510] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2885.980574][T28510] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2885.988599][T28510] RBP: 00007f4e9bea7ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2885.996580][T28510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2886.004560][T28510] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2886.019956][T23700] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2886.076988][T28508] __nla_validate_parse: 2 callbacks suppressed [ 2886.076997][T28508] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2886.173276][T28507] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2886.195240][T28507] CPU: 0 PID: 28507 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2886.203962][T28507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2886.214017][T28507] Call Trace: [ 2886.217370][T28507] dump_stack+0x18f/0x20d [ 2886.221724][T28507] sysfs_warn_dup.cold+0x1c/0x2d [ 2886.226672][T28507] sysfs_do_create_link_sd+0x11e/0x140 [ 2886.232142][T28507] sysfs_create_link+0x5f/0xc0 [ 2886.236905][T28507] device_add+0x6ff/0x1b00 [ 2886.241332][T28507] ? device_check_offline+0x280/0x280 [ 2886.246707][T28507] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2886.252696][T28507] wiphy_register+0x1d5b/0x2840 [ 2886.257577][T28507] ? wiphy_unregister+0xc10/0xc10 [ 2886.262602][T28507] ? default_device_exit_batch+0x3d0/0x3d0 [ 2886.268418][T28507] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2886.274494][T28507] ieee80211_register_hw+0x2291/0x3950 [ 2886.279991][T28507] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2886.285363][T28507] ? lock_downgrade+0x820/0x820 [ 2886.290213][T28507] ? lock_is_held_type+0xb0/0xe0 [ 2886.295166][T28507] ? memset+0x20/0x40 [ 2886.299147][T28507] ? __hrtimer_init+0x12c/0x260 [ 2886.303999][T28507] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2886.309732][T28507] ? hwsim_virtio_rx_work+0x350/0x350 [ 2886.315113][T28507] ? memcpy+0x39/0x60 [ 2886.319092][T28507] hwsim_new_radio_nl+0x93e/0xf8c [ 2886.324119][T28507] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2886.330020][T28507] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2886.337056][T28507] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2886.344008][T28507] genl_rcv_msg+0x61d/0x980 [ 2886.348531][T28507] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2886.355480][T28507] ? lock_release+0x8d0/0x8d0 [ 2886.360169][T28507] ? lock_downgrade+0x820/0x820 [ 2886.365029][T28507] netlink_rcv_skb+0x15a/0x430 [ 2886.369801][T28507] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2886.376751][T28507] ? netlink_ack+0xa10/0xa10 [ 2886.381359][T28507] genl_rcv+0x24/0x40 [ 2886.385343][T28507] netlink_unicast+0x533/0x7d0 [ 2886.390209][T28507] ? netlink_attachskb+0x810/0x810 [ 2886.395322][T28507] ? _copy_from_iter_full+0x247/0x890 [ 2886.400709][T28507] ? __phys_addr+0x9a/0x110 [ 2886.405214][T28507] ? __phys_addr_symbol+0x2c/0x70 [ 2886.410240][T28507] ? __check_object_size+0x171/0x3e4 [ 2886.415532][T28507] netlink_sendmsg+0x856/0xd90 [ 2886.420313][T28507] ? netlink_unicast+0x7d0/0x7d0 [ 2886.425372][T28507] ? netlink_unicast+0x7d0/0x7d0 [ 2886.430344][T28507] sock_sendmsg+0xcf/0x120 [ 2886.434857][T28507] ____sys_sendmsg+0x6e8/0x810 [ 2886.439623][T28507] ? kernel_sendmsg+0x50/0x50 [ 2886.444319][T28507] ? do_recvmmsg+0x6d0/0x6d0 [ 2886.448913][T28507] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2886.454907][T28507] ? _parse_integer+0x132/0x180 [ 2886.459784][T28507] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2886.465800][T28507] ___sys_sendmsg+0xf3/0x170 [ 2886.470394][T28507] ? sendmsg_copy_msghdr+0x160/0x160 [ 2886.475683][T28507] ? __fget_files+0x272/0x400 [ 2886.480366][T28507] ? lock_downgrade+0x820/0x820 [ 2886.485310][T28507] ? find_held_lock+0x2d/0x110 [ 2886.490079][T28507] ? ksys_write+0x212/0x250 [ 2886.494614][T28507] ? __fget_files+0x294/0x400 [ 2886.499305][T28507] ? __fget_light+0xea/0x280 [ 2886.503917][T28507] __sys_sendmsg+0xe5/0x1b0 [ 2886.508469][T28507] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2886.513515][T28507] ? do_syscall_64+0x1c/0xe0 [ 2886.518110][T28507] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 22:19:26 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2374000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2886.524117][T28507] do_syscall_64+0x60/0xe0 [ 2886.528558][T28507] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2886.534456][T28507] RIP: 0033:0x45c369 [ 2886.538350][T28507] Code: Bad RIP value. [ 2886.542415][T28507] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2886.551090][T28507] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2886.559070][T28507] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2886.567064][T28507] RBP: 00007f08d42abca0 R08: 0000000000000000 R09: 0000000000000000 [ 2886.575045][T28507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2886.583021][T28507] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2886.753320][T23700] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2886.926161][T23700] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2887.136630][T23700] device  left promiscuous mode [ 2887.218745][T23700] device  left promiscuous mode [ 2887.277886][T23700] device  left promiscuous mode [ 2887.347844][T23700] device  left promiscuous mode [ 2887.397745][T23700] device  left promiscuous mode [ 2887.448269][T23700] device  left promiscuous mode [ 2887.488470][T23700] device  left promiscuous mode [ 2887.574113][T28566] IPVS: ftp: loaded support on port[0] = 21 [ 2887.580455][T23700] device  left promiscuous mode [ 2887.627743][T23700] device  left promiscuous mode [ 2887.684251][T23700] device L left promiscuous mode [ 2887.702302][T28566] chnl_net:caif_netlink_parms(): no params data found [ 2887.730986][T23700] device  left promiscuous mode [ 2887.771382][T28566] bridge0: port 1(bridge_slave_0) entered blocking state [ 2887.779090][T28566] bridge0: port 1(bridge_slave_0) entered disabled state [ 2887.789258][T28566] device bridge_slave_0 entered promiscuous mode [ 2887.797065][T23700] device þ left promiscuous mode [ 2887.804982][T28566] bridge0: port 2(bridge_slave_1) entered blocking state [ 2887.812730][T28566] bridge0: port 2(bridge_slave_1) entered disabled state [ 2887.823567][T28566] device bridge_slave_1 entered promiscuous mode [ 2887.844167][T23700] device þ left promiscuous mode [ 2887.856466][T28566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2887.869478][T28566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2887.895768][T28566] team0: Port device team_slave_0 added [ 2887.902427][T23700] device ý left promiscuous mode [ 2887.916139][T28566] team0: Port device team_slave_1 added [ 2887.941662][T28566] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2887.948955][T28566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2887.975541][T28566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2887.988860][T23700] device ù left promiscuous mode [ 2888.001341][T28566] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2888.008564][T28566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2888.035717][T28566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2888.123312][T28566] device hsr_slave_0 entered promiscuous mode [ 2888.179157][T28566] device hsr_slave_1 entered promiscuous mode [ 2888.217516][T28566] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2888.225078][T28566] Cannot create hsr debugfs directory [ 2888.231844][T23700] device ù left promiscuous mode [ 2888.281352][T23700] device ö left promiscuous mode [ 2888.337704][T23700] device õ left promiscuous mode [ 2888.378889][T23700] device ï left promiscuous mode [ 2888.418873][T28566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2888.435133][T25463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2888.445026][T25463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2888.454127][T23700] device î left promiscuous mode [ 2888.467825][T28566] 8021q: adding VLAN 0 to HW filter on device team0 [ 2888.481316][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2888.490962][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2888.499635][T12167] bridge0: port 1(bridge_slave_0) entered blocking state [ 2888.506699][T12167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2888.529117][ T5577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2888.538431][ T5577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2888.547440][ T5577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2888.555848][ T5577] bridge0: port 2(bridge_slave_1) entered blocking state [ 2888.562951][ T5577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2888.573351][ T5577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2888.582691][ T5577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2888.608719][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2888.620762][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2888.629812][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2888.641144][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2888.650334][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2888.659109][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2888.667961][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2888.676631][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2888.687873][T28566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2888.698099][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2888.720398][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2888.729125][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2888.742775][T28566] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2888.808143][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2888.830289][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2888.839943][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2888.855883][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2888.871603][T28566] device veth0_vlan entered promiscuous mode [ 2888.885245][T28566] device veth1_vlan entered promiscuous mode [ 2888.912804][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2888.922605][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2888.932545][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2888.946064][T28566] device veth0_macvtap entered promiscuous mode [ 2888.960856][T28566] device veth1_macvtap entered promiscuous mode [ 2888.982833][T28566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2888.993385][T28566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2889.003826][T28566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2889.014335][T28566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2889.030621][T28566] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2889.039470][T25463] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2889.049084][T25463] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2889.058117][T25463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2889.070295][T28566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2889.081819][T28566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2889.092280][T28566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2889.102795][T28566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2889.113054][T28566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2889.123529][T28566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2889.133404][T28566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2889.144014][T28566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2889.154408][T28566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2889.165275][T28566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2889.175535][T28566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2889.186123][T28566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2889.199982][T28566] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2889.209444][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2889.219423][T12167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 22:19:28 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010004f00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:28 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005007a0f", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:28 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:28 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="237a000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:28 executing program 2: perf_event_open(&(0x7f0000000840)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, @perf_config_ext={0x5, 0x9}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001cc0)={&(0x7f0000004e00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, 0x0}, 0x0) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000015c0)={r2, 0x10, &(0x7f0000001580)={0xfffffffffffffffe}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0xa, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, [@alu={0x4, 0x1, 0x8, 0x3, 0x2, 0xfffffffffffffffe, 0x1}, @map, @call={0x85, 0x0, 0x0, 0x12}, @generic={0x38, 0xc, 0x0, 0x1, 0x80}, @ldst={0x0, 0x0, 0x3, 0x0, 0x1, 0xffffffffffffffc0, 0x1}, @ldst={0x0, 0x0, 0x1, 0xa, 0x1, 0xf6c19d5eda2f4bc8, 0x8}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x1000, &(0x7f0000000b80)=""/4096, 0x0, 0xeba14a4e9e4ff287, [], r1, 0x12, r2, 0x8, &(0x7f00000002c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000300)={0x2, 0xa, 0x10001}, 0x10, 0x0, r0}, 0x78) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b40)={r0, 0x1800000000000060, 0x0, 0x0, 0x0, 0x0, 0x300, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x40) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f00000001c0)={0xffffffffffffffff, r0}) r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r3, &(0x7f00000008c0)='memory.swap.current\x00', 0x26e1, 0x0) socket$kcm(0x10, 0x2, 0x10) mkdir(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) openat$cgroup_ro(r4, &(0x7f0000000180)='cgroup.stat\x00', 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f00000000c0)=0x80) 22:19:28 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2889.402523][T28775] validate_nla: 11 callbacks suppressed [ 2889.402532][T28775] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2889.427517][T28775] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:29 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000011", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2889.511805][T28785] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2889.540080][T28787] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2889.605998][T28787] CPU: 1 PID: 28787 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2889.614707][T28787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2889.624768][T28787] Call Trace: [ 2889.628068][T28787] dump_stack+0x18f/0x20d [ 2889.632408][T28787] sysfs_warn_dup.cold+0x1c/0x2d [ 2889.637363][T28787] sysfs_do_create_link_sd+0x11e/0x140 [ 2889.642833][T28787] sysfs_create_link+0x5f/0xc0 [ 2889.647612][T28787] device_add+0x6ff/0x1b00 [ 2889.652043][T28787] ? device_check_offline+0x280/0x280 [ 2889.657422][T28787] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2889.663421][T28787] wiphy_register+0x1d5b/0x2840 [ 2889.668295][T28787] ? wiphy_unregister+0xc10/0xc10 [ 2889.673329][T28787] ? default_device_exit_batch+0x3d0/0x3d0 [ 2889.679147][T28787] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2889.685226][T28787] ieee80211_register_hw+0x2291/0x3950 [ 2889.690705][T28787] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2889.696092][T28787] ? lock_downgrade+0x820/0x820 [ 2889.700950][T28787] ? lock_is_held_type+0xb0/0xe0 [ 2889.705893][T28787] ? memset+0x20/0x40 [ 2889.709878][T28787] ? __hrtimer_init+0x12c/0x260 [ 2889.714736][T28787] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2889.720479][T28787] ? hwsim_virtio_rx_work+0x350/0x350 [ 2889.725867][T28787] ? memcpy+0x39/0x60 [ 2889.729859][T28787] hwsim_new_radio_nl+0x93e/0xf8c [ 2889.734897][T28787] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2889.740813][T28787] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2889.747761][T28787] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2889.754626][T28787] genl_rcv_msg+0x61d/0x980 [ 2889.759152][T28787] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2889.766113][T28787] ? lock_release+0x8d0/0x8d0 [ 2889.770797][T28787] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2889.776103][T28787] netlink_rcv_skb+0x15a/0x430 [ 2889.780882][T28787] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2889.781530][ T28] audit: type=1804 audit(1595715569.171:297): pid=28784 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D746573746469723435343730343437352F73797A6B616C6C65722E5461335A31772F353532352F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F6367726F75702E73746174 dev="sda1" ino=16353 res=1 [ 2889.787811][T28787] ? netlink_ack+0xa10/0xa10 [ 2889.787838][T28787] genl_rcv+0x24/0x40 [ 2889.787852][T28787] netlink_unicast+0x533/0x7d0 [ 2889.787871][T28787] ? netlink_attachskb+0x810/0x810 [ 2889.787890][T28787] ? _copy_from_iter_full+0x247/0x890 [ 2889.849657][ T28] audit: type=1804 audit(1595715569.191:298): pid=28797 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D746573746469723435343730343437352F73797A6B616C6C65722E5461335A31772F353532352F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F6367726F75702E73746174 dev="sda1" ino=16353 res=1 [ 2889.854221][T28787] ? __phys_addr+0x9a/0x110 [ 2889.854240][T28787] ? __phys_addr_symbol+0x2c/0x70 [ 2889.904530][ T28] audit: type=1804 audit(1595715569.191:299): pid=28784 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name=2F726F6F742F73797A6B616C6C65722D746573746469723435343730343437352F73797A6B616C6C65722E5461335A31772F353532352F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F6367726F75702E73746174 dev="sda1" ino=16353 res=1 [ 2889.906324][T28787] ? __check_object_size+0x171/0x3e4 [ 2889.906352][T28787] netlink_sendmsg+0x856/0xd90 [ 2889.958446][T28787] ? netlink_unicast+0x7d0/0x7d0 [ 2889.963408][T28787] ? netlink_unicast+0x7d0/0x7d0 [ 2889.968346][T28787] sock_sendmsg+0xcf/0x120 [ 2889.972761][T28787] ____sys_sendmsg+0x6e8/0x810 [ 2889.977530][T28787] ? kernel_sendmsg+0x50/0x50 [ 2889.982212][T28787] ? do_recvmmsg+0x6d0/0x6d0 [ 2889.986812][T28787] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2889.992804][T28787] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2889.998783][T28787] ? do_user_addr_fault+0x8ce/0xd00 [ 2890.003998][T28787] ___sys_sendmsg+0xf3/0x170 [ 2890.008602][T28787] ? sendmsg_copy_msghdr+0x160/0x160 [ 2890.013881][T28787] ? __fget_files+0x272/0x400 [ 2890.018539][T28787] ? lock_downgrade+0x820/0x820 [ 2890.023372][T28787] ? find_held_lock+0x2d/0x110 [ 2890.028147][T28787] ? __might_fault+0x11f/0x1d0 [ 2890.032914][T28787] ? __fget_files+0x294/0x400 [ 2890.037581][T28787] ? __fget_light+0xea/0x280 [ 2890.042156][T28787] __sys_sendmsg+0xe5/0x1b0 [ 2890.046635][T28787] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2890.051645][T28787] ? __x64_sys_futex+0x382/0x4e0 [ 2890.056575][T28787] ? do_syscall_64+0x1c/0xe0 [ 2890.061144][T28787] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2890.067100][T28787] do_syscall_64+0x60/0xe0 [ 2890.071505][T28787] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2890.077381][T28787] RIP: 0033:0x45c369 [ 2890.081271][T28787] Code: Bad RIP value. [ 2890.085307][T28787] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2890.093692][T28787] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:19:29 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x11, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r2) sendmsg$kcm(r1, 0x0, 0x0) r3 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r3, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) perf_event_open(&(0x7f00000004c0)={0x5, 0x70, 0x0, 0x7, 0x7, 0x0, 0x0, 0x8, 0x40041, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffa, 0x1, @perf_config_ext={0x8, 0x7}, 0x41, 0x2, 0x80000000, 0x0, 0x60c, 0xffff, 0x648}, r3, 0x1, r0, 0x9) r4 = socket$kcm(0x29, 0x2, 0x0) r5 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r5, &(0x7f0000000fc0)={&(0x7f00000002c0)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x24000844) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000600)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3019c13bd2321af3cf1a54f26fb0b71d0e6adfefcf1d8f7faf75e0f226bd917487960717142fa9ea4318123751c0a0e168c1886d050194777d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ceb9fbfbf9b0a4def23d410f6296b32a83438810720a159cda903634e369a9e152ddcc7b1b85f3caeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd963218ce740068725837074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa000000000000000000000000000000000000000000000000020000000000000000000000000000b27cf3d1848a74d7132b388b3d56b2e9b5d429d22ce1ffb0adf9deab29ea3323aa9fdf19efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f03020000000000001cf41ab11f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b540500a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec309baed0495f06d058a73651d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d971f7a2591dbe4a912ffaf6fefd92239eafce5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad380a447483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06dddeb61799257ab55ff413c86ba9affb12ec757c7234c270246c878d01160ebf6cf8809c3a0d462357b22515567230ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972ea3b77641467c89fa0f82e8440105051e5510a33dcda5e143fbf221fff161c12ca389cbe4c51b3fa00675cc175067d2a214f8c9d9b2ecf63b66c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e87cdefb40e56e9cfad973347d0de7ba4754ff231a1b933d8f931ba3552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2af79b8d4c2bf0f7a2cb032dad13007b82e6044f643fc8cd47ae636a5dbe9864a117d27326850a7c3b570863f532c7005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991af603e3856a346cf7f9fe0bc9f2a1a7506d35e5eb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29ab0f1a342c9eed00000000ab6648a9dea00000753f8b349b12ed9c640bdce268f41bde6f3dddd45f5397d3dd1b24d80d5219724b771b8051b9d2a3bf9379605a81e91cbdebd7fb413c452be3454a61c20d6d3a5000"/1215], &(0x7f0000000140)='GPL\x00'}, 0x48) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f00000003c0)={r5, r6}) sendmsg$inet(r4, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r4, 0x89e1, &(0x7f0000000100)={r5}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000580)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, 0x0}, 0x0) sendmsg$kcm(r4, &(0x7f0000000540)={&(0x7f0000000180)=@vsock={0x28, 0x0, 0x0, @my=0x1}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000400)="bbf59ed95af998b692a52f6d7ddcb13253ca5272e455168c33ebee6909c9b813d77f2183e405c66e369f4ddab434c754bff7e56e2b9b13c26620d37ecd59057a6581365fe42e9ce2ab2abacc6fd601952cb2a698134e19a9fa2c77e1d3dbad00024e5dc6c97d63ad4cc91c2e5eca370f29c42dc632178cd6792ec3b9652b6ece9683d2faedbcf669c955f4b06bb6e026ddb8874eb3920a", 0x97}, {&(0x7f0000000040)="2c782eb8", 0x4}, {&(0x7f0000000200)="0118f6d01da4e74b4d8b5f7d3815df6eb841ace8e10325ac16aa4037afb3b4d7ae11974cd2089e6d8f8c604bf62d47d4bbff77c804aca6c11eba4c63e563b20f467ec097f993973b12dfd7d5350862004da6d438c81b8a2131d370caef8ef49ce83e96a752e56f679a28f267f0bd8004a61f01a56d91ddda0fc37b6dcf44c297d0a6d12e0a6b8263e88e", 0x8a}, {&(0x7f0000000300)="25598b6dda73fd0d1dc2e242d4a4c00514484ee0d587c6a00f459e93e5386649f85b70db7723bee13b3743cc208d3a88a412f7af094b877c7b5f9509d781f6d05c613944bea24ce2bc7c4e787a1f958d9e0848542214f4e963eb2ee7d656a3a92f3a6ea75e85d48bc6c697cb535d2a", 0x6f}, {&(0x7f0000000b40)="de06fe2c71df71347b4819611a4f9c90fb71753a9839f886e4920710f34c798beac298376d402276734f59b1c8a7a24224041619b036ab46c03ca0dc8cc95bd68f4bf814c28130f6c3c23e9f0373296db8ab454cba26a2130ee83d6fe698f6f73d5d05dd966c3bda3b784a7da23e2a7b37bfcc62bb41f67f94a269efe68e5352f04959ad8d87c77fa18c0a4528c5e29bf1ca3e87c0b09af0e0c43fb5a5", 0x9d}, {&(0x7f0000000380)="5c2052c8ac8c2540deca9b768ae52501", 0x10}], 0x6}, 0x4080) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x2f, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x40) [ 2890.101640][T28787] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2890.109596][T28787] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2890.117554][T28787] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2890.125497][T28787] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2890.159214][T28791] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2890.170656][T28791] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2890.183867][T28794] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2890.209684][T28783] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2890.239839][T28783] CPU: 0 PID: 28783 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2890.248557][T28783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2890.258622][T28783] Call Trace: [ 2890.261927][T28783] dump_stack+0x18f/0x20d [ 2890.266447][T28783] sysfs_warn_dup.cold+0x1c/0x2d [ 2890.271414][T28783] sysfs_do_create_link_sd+0x11e/0x140 [ 2890.276894][T28783] sysfs_create_link+0x5f/0xc0 [ 2890.281676][T28783] device_add+0x6ff/0x1b00 [ 2890.286110][T28783] ? device_check_offline+0x280/0x280 [ 2890.291493][T28783] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2890.297499][T28783] wiphy_register+0x1d5b/0x2840 [ 2890.302376][T28783] ? wiphy_unregister+0xc10/0xc10 [ 2890.307539][T28783] ? default_device_exit_batch+0x3d0/0x3d0 [ 2890.313369][T28783] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2890.319449][T28783] ieee80211_register_hw+0x2291/0x3950 [ 2890.324932][T28783] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2890.330305][T28783] ? lock_downgrade+0x820/0x820 [ 2890.335149][T28783] ? lock_is_held_type+0xb0/0xe0 [ 2890.340073][T28783] ? memset+0x20/0x40 [ 2890.344044][T28783] ? __hrtimer_init+0x12c/0x260 [ 2890.348887][T28783] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2890.354608][T28783] ? hwsim_virtio_rx_work+0x350/0x350 [ 2890.359966][T28783] ? memcpy+0x39/0x60 [ 2890.363938][T28783] hwsim_new_radio_nl+0x93e/0xf8c [ 2890.369046][T28783] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2890.374943][T28783] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2890.381956][T28783] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2890.388798][T28783] genl_rcv_msg+0x61d/0x980 [ 2890.393298][T28783] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2890.400232][T28783] ? lock_release+0x8d0/0x8d0 [ 2890.404896][T28783] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2890.410173][T28783] netlink_rcv_skb+0x15a/0x430 [ 2890.414927][T28783] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2890.421849][T28783] ? netlink_ack+0xa10/0xa10 [ 2890.426443][T28783] genl_rcv+0x24/0x40 [ 2890.430413][T28783] netlink_unicast+0x533/0x7d0 [ 2890.435166][T28783] ? netlink_attachskb+0x810/0x810 [ 2890.440268][T28783] ? _copy_from_iter_full+0x247/0x890 [ 2890.445626][T28783] ? __phys_addr+0x9a/0x110 [ 2890.450114][T28783] ? __phys_addr_symbol+0x2c/0x70 [ 2890.455156][T28783] ? __check_object_size+0x171/0x3e4 [ 2890.460541][T28783] netlink_sendmsg+0x856/0xd90 [ 2890.465307][T28783] ? netlink_unicast+0x7d0/0x7d0 [ 2890.470242][T28783] ? netlink_unicast+0x7d0/0x7d0 [ 2890.475170][T28783] sock_sendmsg+0xcf/0x120 [ 2890.479582][T28783] ____sys_sendmsg+0x6e8/0x810 [ 2890.484344][T28783] ? kernel_sendmsg+0x50/0x50 [ 2890.489127][T28783] ? do_recvmmsg+0x6d0/0x6d0 [ 2890.493716][T28783] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2890.499704][T28783] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2890.505670][T28783] ? __lock_acquire+0xc1e/0x56e0 [ 2890.510615][T28783] ___sys_sendmsg+0xf3/0x170 [ 2890.515199][T28783] ? sendmsg_copy_msghdr+0x160/0x160 [ 2890.520473][T28783] ? __fget_files+0x272/0x400 [ 2890.525227][T28783] ? lock_downgrade+0x820/0x820 [ 2890.530064][T28783] ? find_held_lock+0x2d/0x110 [ 2890.534823][T28783] ? __might_fault+0x11f/0x1d0 [ 2890.539709][T28783] ? __fget_files+0x294/0x400 [ 2890.544381][T28783] ? __fget_light+0xea/0x280 [ 2890.548966][T28783] __sys_sendmsg+0xe5/0x1b0 [ 2890.553456][T28783] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2890.558467][T28783] ? __x64_sys_futex+0x382/0x4e0 [ 2890.563411][T28783] ? do_syscall_64+0x1c/0xe0 [ 2890.567994][T28783] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2890.573967][T28783] do_syscall_64+0x60/0xe0 [ 2890.578374][T28783] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2890.584266][T28783] RIP: 0033:0x45c369 [ 2890.588144][T28783] Code: Bad RIP value. [ 2890.592194][T28783] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2890.600590][T28783] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:19:30 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005000000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:30 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca20900, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2890.608545][T28783] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2890.616504][T28783] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2890.624463][T28783] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2890.632422][T28783] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:30 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000012", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:30 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="23f0000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:30 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e02, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2890.864743][T28818] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2890.909596][T28817] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2890.938738][T28817] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:30 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) r3 = socket$kcm(0x2b, 0x1, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x102}) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000040)={0x7, &(0x7f0000000000)=[{0x5, 0x7, 0x38, 0x3ff}, {0xfff9, 0x5, 0xfd}, {0xfe00, 0x7, 0xd6, 0x4}, {0x1, 0x4, 0x81, 0x7fff}, {0x0, 0x0, 0x2, 0xffffffe0}, {0x101, 0x2, 0xf, 0x9}, {0x80, 0xbf, 0x3, 0xc73}]}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x401201) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000180)={r3, r2}) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[], 0x4ea00) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)=0x44300000c) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(r5, &(0x7f0000000380)='cgroup.controllers\x00', 0x7a05, 0x1700) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r5, &(0x7f0000000380)="992854adc9c22adaa816cf07e2bff23ab54bbf698e8b481ea34b68e6285d57f32399d2aa33e52d9c487cd1f6cd52e54591b30de69321b5880483861672b3302e9814a605b8971268ecb01e9040ad84f82e8517472fb777c2dd0d853f812236fba45a7f6e0fe79c4150e73a8ced53f5b64d3be479d4a941efed99bf58e9aa02d66bcb72fa458ad515d1674b0e13dfa6deb357bf825849fcce326f90ac37608128da4375e22d2603d70bf98126943c791041e991a10ecf448903ebb5747dcca4f52234ee35732d68c8cf69684b630252c46807c9b252fbf2ed1a97e20327dc6f3021ffe214f718cd7bf09caf1019bcb35e", &(0x7f0000000280)=""/132, 0x4}, 0x20) [ 2890.972079][T28816] sysfs: cannot create duplicate filename '/class/ieee80211/!' 22:19:30 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005100000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2891.015360][T28816] CPU: 0 PID: 28816 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2891.024088][T28816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2891.034149][T28816] Call Trace: [ 2891.037466][T28816] dump_stack+0x18f/0x20d [ 2891.041794][T28816] sysfs_warn_dup.cold+0x1c/0x2d [ 2891.046734][T28816] sysfs_do_create_link_sd+0x11e/0x140 [ 2891.052211][T28816] sysfs_create_link+0x5f/0xc0 [ 2891.056990][T28816] device_add+0x6ff/0x1b00 [ 2891.061424][T28816] ? device_check_offline+0x280/0x280 [ 2891.066816][T28816] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2891.072819][T28816] wiphy_register+0x1d5b/0x2840 [ 2891.077696][T28816] ? wiphy_unregister+0xc10/0xc10 [ 2891.082736][T28816] ? default_device_exit_batch+0x3d0/0x3d0 [ 2891.088567][T28816] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2891.094651][T28816] ieee80211_register_hw+0x2291/0x3950 [ 2891.100166][T28816] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2891.105563][T28816] ? lock_downgrade+0x820/0x820 [ 2891.110429][T28816] ? lock_is_held_type+0xb0/0xe0 [ 2891.115383][T28816] ? memset+0x20/0x40 [ 2891.119382][T28816] ? __hrtimer_init+0x12c/0x260 [ 2891.124248][T28816] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2891.130000][T28816] ? hwsim_virtio_rx_work+0x350/0x350 [ 2891.135388][T28816] ? memcpy+0x39/0x60 [ 2891.139393][T28816] hwsim_new_radio_nl+0x93e/0xf8c [ 2891.144442][T28816] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2891.150371][T28816] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2891.157322][T28816] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2891.164189][T28816] genl_rcv_msg+0x61d/0x980 [ 2891.168709][T28816] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2891.175665][T28816] ? lock_release+0x8d0/0x8d0 [ 2891.180354][T28816] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2891.185656][T28816] netlink_rcv_skb+0x15a/0x430 [ 2891.190438][T28816] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2891.197393][T28816] ? netlink_ack+0xa10/0xa10 [ 2891.202011][T28816] genl_rcv+0x24/0x40 [ 2891.206002][T28816] netlink_unicast+0x533/0x7d0 [ 2891.210786][T28816] ? netlink_attachskb+0x810/0x810 [ 2891.215914][T28816] ? _copy_from_iter_full+0x247/0x890 [ 2891.221312][T28816] ? __phys_addr+0x9a/0x110 [ 2891.225816][T28816] ? __phys_addr_symbol+0x2c/0x70 [ 2891.230975][T28816] ? __check_object_size+0x171/0x3e4 [ 2891.236254][T28816] netlink_sendmsg+0x856/0xd90 [ 2891.241013][T28816] ? netlink_unicast+0x7d0/0x7d0 [ 2891.246041][T28816] ? netlink_unicast+0x7d0/0x7d0 [ 2891.250974][T28816] sock_sendmsg+0xcf/0x120 [ 2891.255402][T28816] ____sys_sendmsg+0x6e8/0x810 [ 2891.260158][T28816] ? kernel_sendmsg+0x50/0x50 [ 2891.264812][T28816] ? do_recvmmsg+0x6d0/0x6d0 [ 2891.269388][T28816] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2891.275351][T28816] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2891.281308][T28816] ? do_user_addr_fault+0x8ce/0xd00 [ 2891.286485][T28816] ___sys_sendmsg+0xf3/0x170 [ 2891.291061][T28816] ? sendmsg_copy_msghdr+0x160/0x160 [ 2891.296339][T28816] ? __fget_files+0x272/0x400 [ 2891.300997][T28816] ? lock_downgrade+0x820/0x820 [ 2891.305832][T28816] ? find_held_lock+0x2d/0x110 [ 2891.310592][T28816] ? __might_fault+0x11f/0x1d0 [ 2891.315345][T28816] ? __fget_files+0x294/0x400 [ 2891.320018][T28816] ? __fget_light+0xea/0x280 [ 2891.324717][T28816] __sys_sendmsg+0xe5/0x1b0 [ 2891.329226][T28816] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2891.334247][T28816] ? __x64_sys_futex+0x382/0x4e0 [ 2891.339197][T28816] ? do_syscall_64+0x1c/0xe0 [ 2891.343794][T28816] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2891.349929][T28816] do_syscall_64+0x60/0xe0 [ 2891.354346][T28816] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2891.360223][T28816] RIP: 0033:0x45c369 [ 2891.364094][T28816] Code: Bad RIP value. [ 2891.368150][T28816] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2891.376549][T28816] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2891.384497][T28816] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2891.392446][T28816] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2891.400399][T28816] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2891.408347][T28816] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c 22:19:30 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000068", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:30 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300030025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2891.452665][T28838] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2891.463830][T28838] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2891.481629][T28830] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2891.510900][T28830] CPU: 1 PID: 28830 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2891.519635][T28830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2891.529714][T28830] Call Trace: [ 2891.533019][T28830] dump_stack+0x18f/0x20d [ 2891.537366][T28830] sysfs_warn_dup.cold+0x1c/0x2d [ 2891.542320][T28830] sysfs_do_create_link_sd+0x11e/0x140 [ 2891.547796][T28830] sysfs_create_link+0x5f/0xc0 [ 2891.552576][T28830] device_add+0x6ff/0x1b00 [ 2891.557045][T28830] ? device_check_offline+0x280/0x280 [ 2891.562432][T28830] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2891.568434][T28830] wiphy_register+0x1d5b/0x2840 [ 2891.573314][T28830] ? wiphy_unregister+0xc10/0xc10 [ 2891.578359][T28830] ? default_device_exit_batch+0x3d0/0x3d0 [ 2891.584208][T28830] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2891.590294][T28830] ieee80211_register_hw+0x2291/0x3950 [ 2891.595787][T28830] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2891.601180][T28830] ? lock_downgrade+0x820/0x820 [ 2891.606041][T28830] ? lock_is_held_type+0xb0/0xe0 [ 2891.610983][T28830] ? memset+0x20/0x40 [ 2891.614969][T28830] ? __hrtimer_init+0x12c/0x260 [ 2891.619848][T28830] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2891.625599][T28830] ? hwsim_virtio_rx_work+0x350/0x350 [ 2891.630984][T28830] ? memcpy+0x39/0x60 [ 2891.637069][T28830] hwsim_new_radio_nl+0x93e/0xf8c [ 2891.642117][T28830] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2891.648036][T28830] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2891.654990][T28830] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 22:19:31 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005200000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2891.661856][T28830] genl_rcv_msg+0x61d/0x980 [ 2891.666366][T28830] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2891.673316][T28830] ? lock_release+0x8d0/0x8d0 [ 2891.678001][T28830] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2891.683299][T28830] netlink_rcv_skb+0x15a/0x430 [ 2891.688061][T28830] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2891.695009][T28830] ? netlink_ack+0xa10/0xa10 [ 2891.699634][T28830] genl_rcv+0x24/0x40 [ 2891.703644][T28830] netlink_unicast+0x533/0x7d0 [ 2891.708427][T28830] ? netlink_attachskb+0x810/0x810 [ 2891.713547][T28830] ? _copy_from_iter_full+0x247/0x890 [ 2891.718932][T28830] ? __phys_addr+0x9a/0x110 [ 2891.723427][T28830] ? __phys_addr_symbol+0x2c/0x70 [ 2891.728455][T28830] ? __check_object_size+0x171/0x3e4 [ 2891.733734][T28830] netlink_sendmsg+0x856/0xd90 [ 2891.738484][T28830] ? netlink_unicast+0x7d0/0x7d0 [ 2891.743406][T28830] ? netlink_unicast+0x7d0/0x7d0 [ 2891.748331][T28830] sock_sendmsg+0xcf/0x120 [ 2891.752748][T28830] ____sys_sendmsg+0x6e8/0x810 [ 2891.757505][T28830] ? kernel_sendmsg+0x50/0x50 [ 2891.762178][T28830] ? do_recvmmsg+0x6d0/0x6d0 [ 2891.766839][T28830] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2891.772822][T28830] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2891.778788][T28830] ? __lock_acquire+0xc1e/0x56e0 [ 2891.783709][T28830] ___sys_sendmsg+0xf3/0x170 [ 2891.788297][T28830] ? sendmsg_copy_msghdr+0x160/0x160 [ 2891.793575][T28830] ? __fget_files+0x272/0x400 [ 2891.798279][T28830] ? lock_downgrade+0x820/0x820 [ 2891.803119][T28830] ? find_held_lock+0x2d/0x110 [ 2891.807872][T28830] ? __might_fault+0x11f/0x1d0 [ 2891.812717][T28830] ? __fget_files+0x294/0x400 [ 2891.817391][T28830] ? __fget_light+0xea/0x280 [ 2891.822036][T28830] __sys_sendmsg+0xe5/0x1b0 [ 2891.826522][T28830] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2891.831559][T28830] ? __x64_sys_futex+0x382/0x4e0 [ 2891.836481][T28830] ? do_syscall_64+0x1c/0xe0 [ 2891.841070][T28830] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2891.847041][T28830] do_syscall_64+0x60/0xe0 [ 2891.851454][T28830] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2891.857334][T28830] RIP: 0033:0x45c369 [ 2891.861216][T28830] Code: Bad RIP value. [ 2891.865268][T28830] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2891.873661][T28830] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2891.881615][T28830] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2891.889577][T28830] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2891.897541][T28830] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2891.905496][T28830] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:31 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e03, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2891.942063][T28852] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2891.977315][T28855] netlink: 'syz-executor.0': attribute type 16 has an invalid length. 22:19:31 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000002", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2892.000310][T28855] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2892.030688][T28821] sysfs: cannot create duplicate filename '/class/ieee80211/!' 22:19:31 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005300000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2892.068118][T28821] CPU: 1 PID: 28821 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2892.076828][T28821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2892.086889][T28821] Call Trace: [ 2892.090192][T28821] dump_stack+0x18f/0x20d [ 2892.094547][T28821] sysfs_warn_dup.cold+0x1c/0x2d [ 2892.099511][T28821] sysfs_do_create_link_sd+0x11e/0x140 [ 2892.105007][T28821] sysfs_create_link+0x5f/0xc0 [ 2892.109783][T28821] device_add+0x6ff/0x1b00 [ 2892.114222][T28821] ? device_check_offline+0x280/0x280 [ 2892.119618][T28821] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2892.125634][T28821] wiphy_register+0x1d5b/0x2840 [ 2892.130518][T28821] ? wiphy_unregister+0xc10/0xc10 [ 2892.135556][T28821] ? default_device_exit_batch+0x3d0/0x3d0 [ 2892.141389][T28821] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2892.147481][T28821] ieee80211_register_hw+0x2291/0x3950 [ 2892.152968][T28821] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2892.158357][T28821] ? lock_downgrade+0x820/0x820 [ 2892.163226][T28821] ? lock_is_held_type+0xb0/0xe0 [ 2892.168173][T28821] ? memset+0x20/0x40 [ 2892.172168][T28821] ? __hrtimer_init+0x12c/0x260 [ 2892.177031][T28821] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2892.182783][T28821] ? hwsim_virtio_rx_work+0x350/0x350 [ 2892.188164][T28821] ? memcpy+0x39/0x60 [ 2892.192158][T28821] hwsim_new_radio_nl+0x93e/0xf8c [ 2892.197201][T28821] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2892.203114][T28821] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2892.210064][T28821] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2892.216943][T28821] genl_rcv_msg+0x61d/0x980 [ 2892.221488][T28821] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2892.228448][T28821] ? lock_release+0x8d0/0x8d0 [ 2892.233138][T28821] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2892.238445][T28821] netlink_rcv_skb+0x15a/0x430 [ 2892.243228][T28821] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2892.250174][T28821] ? netlink_ack+0xa10/0xa10 [ 2892.254785][T28821] genl_rcv+0x24/0x40 [ 2892.258772][T28821] netlink_unicast+0x533/0x7d0 [ 2892.263711][T28821] ? netlink_attachskb+0x810/0x810 [ 2892.268833][T28821] ? _copy_from_iter_full+0x247/0x890 [ 2892.274214][T28821] ? __phys_addr+0x9a/0x110 [ 2892.278720][T28821] ? __phys_addr_symbol+0x2c/0x70 [ 2892.283727][T28821] ? __check_object_size+0x171/0x3e4 [ 2892.289007][T28821] netlink_sendmsg+0x856/0xd90 [ 2892.293769][T28821] ? netlink_unicast+0x7d0/0x7d0 [ 2892.298693][T28821] ? netlink_unicast+0x7d0/0x7d0 [ 2892.303645][T28821] sock_sendmsg+0xcf/0x120 [ 2892.308075][T28821] ____sys_sendmsg+0x6e8/0x810 [ 2892.312833][T28821] ? kernel_sendmsg+0x50/0x50 [ 2892.317493][T28821] ? do_recvmmsg+0x6d0/0x6d0 [ 2892.322073][T28821] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2892.328039][T28821] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2892.334028][T28821] ? __lock_acquire+0xc1e/0x56e0 [ 2892.338976][T28821] ___sys_sendmsg+0xf3/0x170 [ 2892.343572][T28821] ? sendmsg_copy_msghdr+0x160/0x160 [ 2892.348849][T28821] ? __fget_files+0x272/0x400 [ 2892.353520][T28821] ? lock_downgrade+0x820/0x820 [ 2892.358353][T28821] ? find_held_lock+0x2d/0x110 [ 2892.363106][T28821] ? __might_fault+0x11f/0x1d0 [ 2892.367866][T28821] ? __fget_files+0x294/0x400 [ 2892.372542][T28821] ? __fget_light+0xea/0x280 [ 2892.377118][T28821] __sys_sendmsg+0xe5/0x1b0 [ 2892.381610][T28821] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2892.386633][T28821] ? __x64_sys_futex+0x382/0x4e0 [ 2892.391574][T28821] ? do_syscall_64+0x1c/0xe0 [ 2892.396151][T28821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2892.402115][T28821] do_syscall_64+0x60/0xe0 [ 2892.406526][T28821] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2892.412411][T28821] RIP: 0033:0x45c369 [ 2892.416284][T28821] Code: Bad RIP value. [ 2892.420328][T28821] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2892.428715][T28821] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2892.436673][T28821] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2892.444641][T28821] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2892.452595][T28821] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2892.460550][T28821] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac [ 2892.496249][T28864] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2892.515595][T28864] CPU: 0 PID: 28864 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2892.524311][T28864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2892.534377][T28864] Call Trace: [ 2892.537703][T28864] dump_stack+0x18f/0x20d [ 2892.542052][T28864] sysfs_warn_dup.cold+0x1c/0x2d [ 2892.546992][T28864] sysfs_do_create_link_sd+0x11e/0x140 [ 2892.552439][T28864] sysfs_create_link+0x5f/0xc0 [ 2892.557181][T28864] device_add+0x6ff/0x1b00 [ 2892.561573][T28864] ? device_check_offline+0x280/0x280 [ 2892.566917][T28864] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2892.572872][T28864] wiphy_register+0x1d5b/0x2840 [ 2892.577704][T28864] ? wiphy_unregister+0xc10/0xc10 [ 2892.582701][T28864] ? default_device_exit_batch+0x3d0/0x3d0 [ 2892.588481][T28864] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2892.594521][T28864] ieee80211_register_hw+0x2291/0x3950 [ 2892.599972][T28864] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2892.605320][T28864] ? lock_downgrade+0x820/0x820 [ 2892.610145][T28864] ? lock_is_held_type+0xb0/0xe0 [ 2892.615053][T28864] ? memset+0x20/0x40 [ 2892.619034][T28864] ? __hrtimer_init+0x12c/0x260 [ 2892.623859][T28864] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2892.629559][T28864] ? hwsim_virtio_rx_work+0x350/0x350 [ 2892.634903][T28864] ? memcpy+0x39/0x60 [ 2892.638862][T28864] hwsim_new_radio_nl+0x93e/0xf8c [ 2892.643998][T28864] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2892.649871][T28864] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2892.656780][T28864] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2892.663605][T28864] genl_rcv_msg+0x61d/0x980 [ 2892.668087][T28864] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2892.674997][T28864] ? lock_release+0x8d0/0x8d0 [ 2892.679645][T28864] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2892.684904][T28864] netlink_rcv_skb+0x15a/0x430 [ 2892.689644][T28864] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2892.696551][T28864] ? netlink_ack+0xa10/0xa10 [ 2892.701121][T28864] genl_rcv+0x24/0x40 [ 2892.705076][T28864] netlink_unicast+0x533/0x7d0 [ 2892.709838][T28864] ? netlink_attachskb+0x810/0x810 [ 2892.714923][T28864] ? _copy_from_iter_full+0x247/0x890 [ 2892.720271][T28864] ? __phys_addr+0x9a/0x110 [ 2892.724745][T28864] ? __phys_addr_symbol+0x2c/0x70 [ 2892.729746][T28864] ? __check_object_size+0x171/0x3e4 [ 2892.735011][T28864] netlink_sendmsg+0x856/0xd90 [ 2892.739754][T28864] ? netlink_unicast+0x7d0/0x7d0 [ 2892.744671][T28864] ? netlink_unicast+0x7d0/0x7d0 [ 2892.749582][T28864] sock_sendmsg+0xcf/0x120 [ 2892.753971][T28864] ____sys_sendmsg+0x6e8/0x810 [ 2892.758710][T28864] ? kernel_sendmsg+0x50/0x50 [ 2892.763357][T28864] ? do_recvmmsg+0x6d0/0x6d0 [ 2892.767923][T28864] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2892.773876][T28864] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2892.779826][T28864] ? __lock_acquire+0xc1e/0x56e0 [ 2892.784738][T28864] ___sys_sendmsg+0xf3/0x170 [ 2892.789303][T28864] ? sendmsg_copy_msghdr+0x160/0x160 [ 2892.794574][T28864] ? __fget_files+0x272/0x400 [ 2892.799227][T28864] ? lock_downgrade+0x820/0x820 [ 2892.804204][T28864] ? find_held_lock+0x2d/0x110 [ 2892.808943][T28864] ? __might_fault+0x11f/0x1d0 [ 2892.813719][T28864] ? __fget_files+0x294/0x400 [ 2892.818462][T28864] ? __fget_light+0xea/0x280 [ 2892.823031][T28864] __sys_sendmsg+0xe5/0x1b0 [ 2892.827509][T28864] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2892.832506][T28864] ? __x64_sys_futex+0x382/0x4e0 [ 2892.837426][T28864] ? do_syscall_64+0x1c/0xe0 [ 2892.841991][T28864] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2892.847943][T28864] do_syscall_64+0x60/0xe0 [ 2892.852337][T28864] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2892.858202][T28864] RIP: 0033:0x45c369 [ 2892.862064][T28864] Code: Bad RIP value. [ 2892.866101][T28864] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2892.874505][T28864] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2892.882451][T28864] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2892.890396][T28864] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 22:19:32 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e02, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:32 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000003", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2892.898341][T28864] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2892.906284][T28864] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2892.954445][T28869] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2892.980900][T28869] CPU: 0 PID: 28869 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2892.989610][T28869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2892.999668][T28869] Call Trace: [ 2893.002971][T28869] dump_stack+0x18f/0x20d [ 2893.007319][T28869] sysfs_warn_dup.cold+0x1c/0x2d [ 2893.012267][T28869] sysfs_do_create_link_sd+0x11e/0x140 [ 2893.017738][T28869] sysfs_create_link+0x5f/0xc0 [ 2893.022525][T28869] device_add+0x6ff/0x1b00 [ 2893.026967][T28869] ? device_check_offline+0x280/0x280 [ 2893.032353][T28869] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2893.038353][T28869] wiphy_register+0x1d5b/0x2840 [ 2893.043232][T28869] ? wiphy_unregister+0xc10/0xc10 [ 2893.048314][T28869] ? default_device_exit_batch+0x3d0/0x3d0 [ 2893.054160][T28869] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2893.060260][T28869] ieee80211_register_hw+0x2291/0x3950 [ 2893.065762][T28869] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2893.071158][T28869] ? lock_downgrade+0x820/0x820 [ 2893.076027][T28869] ? lock_is_held_type+0xb0/0xe0 [ 2893.080981][T28869] ? memset+0x20/0x40 [ 2893.085001][T28869] ? __hrtimer_init+0x12c/0x260 [ 2893.089888][T28869] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2893.095637][T28869] ? hwsim_virtio_rx_work+0x350/0x350 [ 2893.101027][T28869] ? memcpy+0x39/0x60 [ 2893.105028][T28869] hwsim_new_radio_nl+0x93e/0xf8c [ 2893.110075][T28869] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2893.116003][T28869] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2893.122955][T28869] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2893.129821][T28869] genl_rcv_msg+0x61d/0x980 [ 2893.134346][T28869] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2893.141303][T28869] ? lock_release+0x8d0/0x8d0 [ 2893.145996][T28869] ? netdev_core_pick_tx+0x2e0/0x2e0 22:19:32 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="23e7030025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:32 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005400000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2893.151298][T28869] netlink_rcv_skb+0x15a/0x430 [ 2893.156080][T28869] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2893.163026][T28869] ? netlink_ack+0xa10/0xa10 [ 2893.167639][T28869] genl_rcv+0x24/0x40 [ 2893.171634][T28869] netlink_unicast+0x533/0x7d0 [ 2893.176422][T28869] ? netlink_attachskb+0x810/0x810 [ 2893.181562][T28869] ? _copy_from_iter_full+0x247/0x890 [ 2893.186945][T28869] ? __phys_addr+0x9a/0x110 [ 2893.191458][T28869] ? __phys_addr_symbol+0x2c/0x70 [ 2893.196495][T28869] ? __check_object_size+0x171/0x3e4 [ 2893.201790][T28869] netlink_sendmsg+0x856/0xd90 [ 2893.206570][T28869] ? netlink_unicast+0x7d0/0x7d0 [ 2893.211536][T28869] ? netlink_unicast+0x7d0/0x7d0 [ 2893.216483][T28869] sock_sendmsg+0xcf/0x120 [ 2893.220917][T28869] ____sys_sendmsg+0x6e8/0x810 [ 2893.225704][T28869] ? kernel_sendmsg+0x50/0x50 [ 2893.230414][T28869] ? do_recvmmsg+0x6d0/0x6d0 [ 2893.235023][T28869] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2893.241028][T28869] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2893.247042][T28869] ___sys_sendmsg+0xf3/0x170 [ 2893.251652][T28869] ? sendmsg_copy_msghdr+0x160/0x160 [ 2893.256954][T28869] ? __fget_files+0x272/0x400 [ 2893.261652][T28869] ? lock_downgrade+0x820/0x820 [ 2893.266517][T28869] ? find_held_lock+0x2d/0x110 [ 2893.271294][T28869] ? __might_fault+0x11f/0x1d0 [ 2893.276083][T28869] ? __fget_files+0x294/0x400 [ 2893.280797][T28869] ? __fget_light+0xea/0x280 [ 2893.285418][T28869] __sys_sendmsg+0xe5/0x1b0 [ 2893.289933][T28869] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2893.294969][T28869] ? __x64_sys_futex+0x382/0x4e0 [ 2893.299930][T28869] ? do_syscall_64+0x1c/0xe0 [ 2893.304531][T28869] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2893.310541][T28869] do_syscall_64+0x60/0xe0 [ 2893.314987][T28869] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2893.320894][T28869] RIP: 0033:0x45c369 [ 2893.324891][T28869] Code: Bad RIP value. [ 2893.328978][T28869] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2893.337401][T28869] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2893.345377][T28869] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2893.353338][T28869] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2893.361427][T28869] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2893.369385][T28869] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac [ 2893.388941][T28902] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:32 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x40) r0 = socket$kcm(0xa, 0x3, 0x87) sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@un=@abs, 0x80, &(0x7f0000000180)=[{&(0x7f0000000880)="5f4bc4f39997", 0x6}, {&(0x7f0000000080)="73cd3a02635c92fbca1c5155ba361f3648407ff3017421ccf3c997de75b2d1af24ac500e6c770c1d3d0d44c98ba9fb587377e59174a6e861b0193223a80a5cc7990f840c3a8d38431aee2748aced67524e8e6b9c7d5ed1e08cd9153aa7f06266e91247ee31dc5fa0637997753ae78f546ad70897", 0x74}, {&(0x7f00000008c0)="7c07fa0d6809a13d7c2a83cd8587dbf7626bcf2e96a3cbff180e5d53ec247bedb8a9ba830e6b9fb4d168e0dfbb6b31c75b61cc95b86e0b3cd626477d4cddf6895cb082ffe64e2ab44896445b187813249d4ab9946831c10e17788de4d8d7fcd7feffdb317b4397758d6b98099366d1b82049d3d1fb50d847fe3c16454f38532af56b468426cd3bd01282138c9ed6f634a41541dbc65bb011349cc511fa29b2f5ed7255ae62ade73d0107246dd040cecf6b84e88c04f9f17e9021d4da1e81ef38c89fe5f9d58040a35fe2577d50c33c317946146ea3cd6c49ad78c43b035c3ed5ea8cfe9472bf337536f2d09091d8a44ea93471d3d9743abcd6cf27785a6bdf6fe54bcfb53607a23098dd36c904e68604503e4e3c8dee9d906e0ded14da5c97a3d3b6a6471189cd6db5f20ee8902928945af7472e760f64eb240e2629a168c855a3882d4b8f52cc0ed0ae03cd803686f46cfe26efeceb11e659039fbd67fd582cefb81e530292e621e31573b7d1683d45aa34a9e224634868526538206ab6de269c22a1f9caaedb9edea3e4aea4d639e450913e7fc28dc1a1475209507de0e74aad01dc092a989938d05536f7907a778b76e6ad5307916cf709fb4380a698144aa5a9ab0c59f81cf8b1ca489cc6c0bfe56f27ac970bc0aa158eedaf9edf1e4e97ae270934234a5de0bd7bb2c79e5fef399f06dd544fa8de6abd7772c39205fa704172cc50488b45eae1831f36e5d277fdacf2909941e003fba310c3c73eabcfe7b46a7172e4974a65297e92f94e6895dabdc2ddeff4fff120bb435eaa65effa0920340d81d56671cbd53656155b7ec769b81d1fa28577e12079a8b69bc2685f02fc670c8ff88e288e11dcd0254442f5ba97bfe7b4f6cd91ff3041695fdb4c56f6ee64b8b74ec3171ad03244f48c9b7e398868b75968d5ebb1c52520308b9a5f9595d29025cded4109388cae21c9910484956795453beca7b1b05d3a0fce8d51768b511829979e07f963a204d6e678513594797ba75c31401a35c71097d51aeab450b5abd2654790bc97a2794d74d552f3adef03cf8fd45b917c828cadf05155dcacf4b4400236e6e072e1e4430461d566f42affd0493909d50bb55d3eb7d50b409c92ec6619828363ddfa8e148b7add482dc9d8143f51e1f8ddedb995568d3e7f67bc5650ae287427128bd4ef83093da33e9207e6f60f23489afdafb0803bedacb588d256a928a77afeaf71bb82496db0414aa3997d961e969cfef1ab81dce5c9713e06f93ec33a46f23e29fa8804e1b0ee35922ec7b3af3c29f65ce65c54f121c1b5b446ac35e4bb60c9f2a166118fcc94bcc27d10dfd39a0cd749151f21bdf43db3ba97d7220d8bc624150c780bd3fcaa34343d8ce007595e9bc26e8dc49eed573573455537d01ebd1975b46e0eff3b468f356e6026e8d80fa1f2f72d5c2000f489f92d68290c2be7b3791d2768dccbc35a48bbd16e2ef0dbb5618bdb18ac7a10a03658c96532baa0535124ff77bb7a67492af726c39811508c996d32d9118b7036fdfc5f9d319f7390b458f445c6dd864510a5f98c92329f844f66f57d797e160ae350713bf904cbba339583f8399a9e45221436ad234a8bc177b0675130221ab2bc8831c7fb47142ef83f1417b6a28b4f2dfaf82fe3f68950e98ee9820d02e5fbb76895387e85727f0cb86424bdaa3fe1573abd8e555e641664b50ac6148b33a14bba0b386ee477ddfc8e5815dc55b32468b06468213ecc2f83f058ce02c16062ec8300a4fbd88ca3904e0a0bfe26560f8fdb1b41e99543de4a014fcda3940ed6b4035ba12f2065bdc2bb8832e0b5678ace351910dabd8922c347ab79de671ddb83e05ad967", 0x527}], 0x3}, 0x0) socket$kcm(0x29, 0x5, 0x0) 22:19:32 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e04, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2893.450754][T28895] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2893.472680][T28895] CPU: 1 PID: 28895 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2893.481634][T28895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2893.491693][T28895] Call Trace: [ 2893.494998][T28895] dump_stack+0x18f/0x20d [ 2893.499349][T28895] sysfs_warn_dup.cold+0x1c/0x2d [ 2893.504304][T28895] sysfs_do_create_link_sd+0x11e/0x140 [ 2893.509776][T28895] sysfs_create_link+0x5f/0xc0 [ 2893.514549][T28895] device_add+0x6ff/0x1b00 [ 2893.518995][T28895] ? device_check_offline+0x280/0x280 [ 2893.524385][T28895] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2893.530380][T28895] wiphy_register+0x1d5b/0x2840 [ 2893.535332][T28895] ? wiphy_unregister+0xc10/0xc10 [ 2893.540356][T28895] ? default_device_exit_batch+0x3d0/0x3d0 [ 2893.546167][T28895] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2893.552236][T28895] ieee80211_register_hw+0x2291/0x3950 [ 2893.557720][T28895] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2893.563113][T28895] ? lock_downgrade+0x820/0x820 [ 2893.567977][T28895] ? lock_is_held_type+0xb0/0xe0 [ 2893.572940][T28895] ? memset+0x20/0x40 [ 2893.576929][T28895] ? __hrtimer_init+0x12c/0x260 [ 2893.581791][T28895] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2893.587538][T28895] ? hwsim_virtio_rx_work+0x350/0x350 [ 2893.592937][T28895] ? memcpy+0x39/0x60 [ 2893.596956][T28895] hwsim_new_radio_nl+0x93e/0xf8c [ 2893.601990][T28895] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2893.607997][T28895] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2893.614962][T28895] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2893.621826][T28895] genl_rcv_msg+0x61d/0x980 [ 2893.626476][T28895] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2893.633427][T28895] ? lock_release+0x8d0/0x8d0 [ 2893.638107][T28895] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2893.643401][T28895] netlink_rcv_skb+0x15a/0x430 22:19:33 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2893.648194][T28895] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2893.655148][T28895] ? netlink_ack+0xa10/0xa10 [ 2893.659868][T28895] genl_rcv+0x24/0x40 [ 2893.663853][T28895] netlink_unicast+0x533/0x7d0 [ 2893.668627][T28895] ? netlink_attachskb+0x810/0x810 [ 2893.673753][T28895] ? _copy_from_iter_full+0x247/0x890 [ 2893.679133][T28895] ? __phys_addr+0x9a/0x110 [ 2893.683634][T28895] ? __phys_addr_symbol+0x2c/0x70 [ 2893.688648][T28895] ? __check_object_size+0x171/0x3e4 [ 2893.694060][T28895] netlink_sendmsg+0x856/0xd90 [ 2893.698823][T28895] ? netlink_unicast+0x7d0/0x7d0 [ 2893.703756][T28895] ? netlink_unicast+0x7d0/0x7d0 [ 2893.708682][T28895] sock_sendmsg+0xcf/0x120 [ 2893.713090][T28895] ____sys_sendmsg+0x6e8/0x810 [ 2893.717847][T28895] ? kernel_sendmsg+0x50/0x50 [ 2893.722516][T28895] ? do_recvmmsg+0x6d0/0x6d0 [ 2893.727105][T28895] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2893.733077][T28895] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2893.739052][T28895] ? do_user_addr_fault+0x8ce/0xd00 [ 2893.744259][T28895] ___sys_sendmsg+0xf3/0x170 [ 2893.748862][T28895] ? sendmsg_copy_msghdr+0x160/0x160 [ 2893.754134][T28895] ? __fget_files+0x272/0x400 [ 2893.758806][T28895] ? lock_downgrade+0x820/0x820 [ 2893.763656][T28895] ? find_held_lock+0x2d/0x110 [ 2893.768426][T28895] ? __might_fault+0x11f/0x1d0 [ 2893.773199][T28895] ? __fget_files+0x294/0x400 [ 2893.777875][T28895] ? __fget_light+0xea/0x280 [ 2893.782462][T28895] __sys_sendmsg+0xe5/0x1b0 [ 2893.786981][T28895] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2893.791999][T28895] ? __x64_sys_futex+0x382/0x4e0 [ 2893.796947][T28895] ? do_syscall_64+0x1c/0xe0 [ 2893.801546][T28895] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2893.807544][T28895] do_syscall_64+0x60/0xe0 [ 2893.811983][T28895] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2893.817883][T28895] RIP: 0033:0x45c369 [ 2893.821776][T28895] Code: Bad RIP value. [ 2893.825851][T28895] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2893.834265][T28895] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2893.842243][T28895] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:19:33 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005500000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:33 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000004", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2893.850218][T28895] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2893.858198][T28895] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2893.866159][T28895] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c 22:19:33 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300050025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2893.913868][T28917] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2893.942939][T28917] CPU: 1 PID: 28917 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2893.951661][T28917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2893.961719][T28917] Call Trace: [ 2893.965022][T28917] dump_stack+0x18f/0x20d [ 2893.969372][T28917] sysfs_warn_dup.cold+0x1c/0x2d [ 2893.974328][T28917] sysfs_do_create_link_sd+0x11e/0x140 [ 2893.979813][T28917] sysfs_create_link+0x5f/0xc0 [ 2893.984592][T28917] device_add+0x6ff/0x1b00 [ 2893.989024][T28917] ? device_check_offline+0x280/0x280 [ 2893.994412][T28917] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2894.000412][T28917] wiphy_register+0x1d5b/0x2840 [ 2894.005308][T28917] ? wiphy_unregister+0xc10/0xc10 [ 2894.010345][T28917] ? default_device_exit_batch+0x3d0/0x3d0 [ 2894.016175][T28917] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2894.022267][T28917] ieee80211_register_hw+0x2291/0x3950 [ 2894.027758][T28917] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2894.033151][T28917] ? lock_downgrade+0x820/0x820 [ 2894.038025][T28917] ? lock_is_held_type+0xb0/0xe0 [ 2894.042966][T28917] ? memset+0x20/0x40 [ 2894.046971][T28917] ? __hrtimer_init+0x12c/0x260 [ 2894.051838][T28917] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2894.057583][T28917] ? hwsim_virtio_rx_work+0x350/0x350 [ 2894.062963][T28917] ? memcpy+0x39/0x60 [ 2894.066964][T28917] hwsim_new_radio_nl+0x93e/0xf8c [ 2894.072002][T28917] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2894.077919][T28917] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2894.084864][T28917] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2894.091728][T28917] genl_rcv_msg+0x61d/0x980 [ 2894.096259][T28917] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2894.103213][T28917] ? lock_release+0x8d0/0x8d0 [ 2894.107896][T28917] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2894.113201][T28917] netlink_rcv_skb+0x15a/0x430 [ 2894.117996][T28917] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2894.124952][T28917] ? netlink_ack+0xa10/0xa10 [ 2894.129574][T28917] genl_rcv+0x24/0x40 [ 2894.133571][T28917] netlink_unicast+0x533/0x7d0 [ 2894.138343][T28917] ? netlink_attachskb+0x810/0x810 [ 2894.143462][T28917] ? _copy_from_iter_full+0x247/0x890 [ 2894.148843][T28917] ? __phys_addr+0x9a/0x110 [ 2894.153357][T28917] ? __phys_addr_symbol+0x2c/0x70 [ 2894.158385][T28917] ? __check_object_size+0x171/0x3e4 [ 2894.163684][T28917] netlink_sendmsg+0x856/0xd90 [ 2894.168466][T28917] ? netlink_unicast+0x7d0/0x7d0 [ 2894.173416][T28917] ? netlink_unicast+0x7d0/0x7d0 [ 2894.178365][T28917] sock_sendmsg+0xcf/0x120 [ 2894.182794][T28917] ____sys_sendmsg+0x6e8/0x810 [ 2894.187570][T28917] ? kernel_sendmsg+0x50/0x50 [ 2894.192249][T28917] ? do_recvmmsg+0x6d0/0x6d0 [ 2894.196857][T28917] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2894.202855][T28917] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2894.208841][T28917] ? __lock_acquire+0xc1e/0x56e0 [ 2894.213788][T28917] ___sys_sendmsg+0xf3/0x170 [ 2894.218377][T28917] ? sendmsg_copy_msghdr+0x160/0x160 [ 2894.223667][T28917] ? __fget_files+0x272/0x400 [ 2894.228363][T28917] ? lock_downgrade+0x820/0x820 [ 2894.233209][T28917] ? find_held_lock+0x2d/0x110 [ 2894.237989][T28917] ? __might_fault+0x11f/0x1d0 [ 2894.242770][T28917] ? __fget_files+0x294/0x400 [ 2894.247475][T28917] ? __fget_light+0xea/0x280 [ 2894.252068][T28917] __sys_sendmsg+0xe5/0x1b0 [ 2894.256578][T28917] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2894.261613][T28917] ? __x64_sys_futex+0x382/0x4e0 [ 2894.266548][T28917] ? do_syscall_64+0x1c/0xe0 [ 2894.271129][T28917] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2894.277115][T28917] do_syscall_64+0x60/0xe0 [ 2894.281752][T28917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2894.287641][T28917] RIP: 0033:0x45c369 [ 2894.291529][T28917] Code: Bad RIP value. [ 2894.295582][T28917] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2894.303981][T28917] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2894.311949][T28917] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2894.319920][T28917] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2894.327901][T28917] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2894.335877][T28917] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2894.378525][T28901] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2894.386314][T28901] CPU: 1 PID: 28901 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2894.394984][T28901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2894.405044][T28901] Call Trace: [ 2894.408343][T28901] dump_stack+0x18f/0x20d [ 2894.412687][T28901] sysfs_warn_dup.cold+0x1c/0x2d [ 2894.417637][T28901] sysfs_do_create_link_sd+0x11e/0x140 [ 2894.423115][T28901] sysfs_create_link+0x5f/0xc0 [ 2894.427895][T28901] device_add+0x6ff/0x1b00 [ 2894.432323][T28901] ? device_check_offline+0x280/0x280 [ 2894.437704][T28901] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2894.443700][T28901] wiphy_register+0x1d5b/0x2840 [ 2894.448584][T28901] ? wiphy_unregister+0xc10/0xc10 [ 2894.453747][T28901] ? default_device_exit_batch+0x3d0/0x3d0 [ 2894.459572][T28901] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2894.465654][T28901] ieee80211_register_hw+0x2291/0x3950 [ 2894.471146][T28901] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2894.476542][T28901] ? lock_downgrade+0x820/0x820 [ 2894.481416][T28901] ? lock_is_held_type+0xb0/0xe0 [ 2894.486360][T28901] ? memset+0x20/0x40 [ 2894.490350][T28901] ? __hrtimer_init+0x12c/0x260 [ 2894.495229][T28901] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2894.500976][T28901] ? hwsim_virtio_rx_work+0x350/0x350 [ 2894.506361][T28901] ? memcpy+0x39/0x60 [ 2894.510372][T28901] hwsim_new_radio_nl+0x93e/0xf8c [ 2894.515501][T28901] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2894.521417][T28901] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2894.528357][T28901] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2894.535226][T28901] genl_rcv_msg+0x61d/0x980 [ 2894.539754][T28901] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2894.546702][T28901] ? lock_release+0x8d0/0x8d0 [ 2894.551473][T28901] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2894.556775][T28901] netlink_rcv_skb+0x15a/0x430 [ 2894.561550][T28901] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2894.568501][T28901] ? netlink_ack+0xa10/0xa10 [ 2894.573138][T28901] genl_rcv+0x24/0x40 22:19:34 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:34 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005600000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2894.577136][T28901] netlink_unicast+0x533/0x7d0 [ 2894.581913][T28901] ? netlink_attachskb+0x810/0x810 [ 2894.587031][T28901] ? _copy_from_iter_full+0x247/0x890 [ 2894.592405][T28901] ? __phys_addr+0x9a/0x110 [ 2894.596922][T28901] ? __phys_addr_symbol+0x2c/0x70 [ 2894.601958][T28901] ? __check_object_size+0x171/0x3e4 [ 2894.607255][T28901] netlink_sendmsg+0x856/0xd90 [ 2894.612033][T28901] ? netlink_unicast+0x7d0/0x7d0 [ 2894.616999][T28901] ? netlink_unicast+0x7d0/0x7d0 [ 2894.622067][T28901] sock_sendmsg+0xcf/0x120 [ 2894.626496][T28901] ____sys_sendmsg+0x6e8/0x810 [ 2894.631363][T28901] ? kernel_sendmsg+0x50/0x50 [ 2894.636062][T28901] ? do_recvmmsg+0x6d0/0x6d0 [ 2894.640757][T28901] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2894.646750][T28901] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2894.652744][T28901] ? __lock_acquire+0xc1e/0x56e0 [ 2894.657816][T28901] ___sys_sendmsg+0xf3/0x170 [ 2894.662427][T28901] ? sendmsg_copy_msghdr+0x160/0x160 [ 2894.667725][T28901] ? __fget_files+0x272/0x400 [ 2894.672410][T28901] ? lock_downgrade+0x820/0x820 [ 2894.677372][T28901] ? find_held_lock+0x2d/0x110 [ 2894.682146][T28901] ? __might_fault+0x11f/0x1d0 [ 2894.686921][T28901] ? __fget_files+0x294/0x400 [ 2894.691614][T28901] ? __fget_light+0xea/0x280 [ 2894.696215][T28901] __sys_sendmsg+0xe5/0x1b0 [ 2894.700716][T28901] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2894.705728][T28901] ? __x64_sys_futex+0x382/0x4e0 [ 2894.710658][T28901] ? do_syscall_64+0x1c/0xe0 [ 2894.715236][T28901] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2894.721204][T28901] do_syscall_64+0x60/0xe0 [ 2894.725607][T28901] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2894.731505][T28901] RIP: 0033:0x45c369 [ 2894.735384][T28901] Code: Bad RIP value. [ 2894.739434][T28901] RSP: 002b:00007f4e9be65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2894.747835][T28901] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2894.755814][T28901] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2894.763783][T28901] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2894.771750][T28901] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2894.779724][T28901] R13: 00007ffd77e9fdcf R14: 00007f4e9be669c0 R15: 000000000078c04c [ 2894.832910][T28945] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2894.855217][T28959] validate_nla: 6 callbacks suppressed [ 2894.855227][T28959] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2894.886262][T28959] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2894.908515][T28920] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2894.916197][T28920] CPU: 0 PID: 28920 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2894.924870][T28920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2894.934931][T28920] Call Trace: [ 2894.938236][T28920] dump_stack+0x18f/0x20d [ 2894.942580][T28920] sysfs_warn_dup.cold+0x1c/0x2d [ 2894.947539][T28920] sysfs_do_create_link_sd+0x11e/0x140 [ 2894.953016][T28920] sysfs_create_link+0x5f/0xc0 [ 2894.957797][T28920] device_add+0x6ff/0x1b00 [ 2894.962233][T28920] ? device_check_offline+0x280/0x280 [ 2894.967622][T28920] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2894.973623][T28920] wiphy_register+0x1d5b/0x2840 [ 2894.978521][T28920] ? wiphy_unregister+0xc10/0xc10 [ 2894.983566][T28920] ? default_device_exit_batch+0x3d0/0x3d0 [ 2894.989398][T28920] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2894.995503][T28920] ieee80211_register_hw+0x2291/0x3950 [ 2895.000986][T28920] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2895.006375][T28920] ? lock_downgrade+0x820/0x820 [ 2895.011238][T28920] ? lock_is_held_type+0xb0/0xe0 [ 2895.016188][T28920] ? memset+0x20/0x40 [ 2895.020189][T28920] ? __hrtimer_init+0x12c/0x260 [ 2895.025059][T28920] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2895.030808][T28920] ? hwsim_virtio_rx_work+0x350/0x350 [ 2895.036208][T28920] ? memcpy+0x39/0x60 [ 2895.040210][T28920] hwsim_new_radio_nl+0x93e/0xf8c [ 2895.045249][T28920] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2895.051255][T28920] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2895.058291][T28920] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2895.065168][T28920] genl_rcv_msg+0x61d/0x980 [ 2895.069694][T28920] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2895.076649][T28920] ? lock_release+0x8d0/0x8d0 [ 2895.081335][T28920] ? netdev_core_pick_tx+0x2e0/0x2e0 22:19:34 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e03, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:34 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300060025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:34 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000005", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2895.086646][T28920] netlink_rcv_skb+0x15a/0x430 [ 2895.091438][T28920] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2895.098387][T28920] ? netlink_ack+0xa10/0xa10 [ 2895.103005][T28920] genl_rcv+0x24/0x40 [ 2895.107002][T28920] netlink_unicast+0x533/0x7d0 [ 2895.111780][T28920] ? netlink_attachskb+0x810/0x810 [ 2895.116907][T28920] ? _copy_from_iter_full+0x247/0x890 [ 2895.122288][T28920] ? __phys_addr+0x9a/0x110 [ 2895.126809][T28920] ? __phys_addr_symbol+0x2c/0x70 [ 2895.131857][T28920] ? __check_object_size+0x171/0x3e4 [ 2895.137165][T28920] netlink_sendmsg+0x856/0xd90 [ 2895.141961][T28920] ? netlink_unicast+0x7d0/0x7d0 [ 2895.146932][T28920] ? netlink_unicast+0x7d0/0x7d0 [ 2895.151882][T28920] sock_sendmsg+0xcf/0x120 [ 2895.156320][T28920] ____sys_sendmsg+0x6e8/0x810 [ 2895.161110][T28920] ? kernel_sendmsg+0x50/0x50 [ 2895.165810][T28920] ? do_recvmmsg+0x6d0/0x6d0 [ 2895.170414][T28920] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2895.176412][T28920] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2895.182403][T28920] ? __lock_acquire+0xc1e/0x56e0 22:19:34 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2895.187361][T28920] ___sys_sendmsg+0xf3/0x170 [ 2895.191964][T28920] ? sendmsg_copy_msghdr+0x160/0x160 [ 2895.197261][T28920] ? __fget_files+0x272/0x400 [ 2895.201950][T28920] ? lock_downgrade+0x820/0x820 [ 2895.206809][T28920] ? find_held_lock+0x2d/0x110 [ 2895.211599][T28920] ? __might_fault+0x11f/0x1d0 [ 2895.216390][T28920] ? __fget_files+0x294/0x400 [ 2895.221084][T28920] ? __fget_light+0xea/0x280 [ 2895.225686][T28920] __sys_sendmsg+0xe5/0x1b0 [ 2895.230225][T28920] ? __sys_sendmsg_sock+0xb0/0xb0 22:19:34 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005700000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2895.235284][T28920] ? __x64_sys_futex+0x382/0x4e0 [ 2895.240234][T28920] ? do_syscall_64+0x1c/0xe0 [ 2895.244826][T28920] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2895.250809][T28920] do_syscall_64+0x60/0xe0 [ 2895.255233][T28920] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2895.261298][T28920] RIP: 0033:0x45c369 [ 2895.265183][T28920] Code: Bad RIP value. [ 2895.269239][T28920] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2895.277652][T28920] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2895.285628][T28920] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2895.293609][T28920] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2895.301585][T28920] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2895.309568][T28920] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac [ 2895.402366][T28976] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2895.423924][T28976] CPU: 1 PID: 28976 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2895.432630][T28976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2895.442687][T28976] Call Trace: [ 2895.445989][T28976] dump_stack+0x18f/0x20d [ 2895.450328][T28976] sysfs_warn_dup.cold+0x1c/0x2d [ 2895.455275][T28976] sysfs_do_create_link_sd+0x11e/0x140 [ 2895.460734][T28976] sysfs_create_link+0x5f/0xc0 [ 2895.465484][T28976] device_add+0x6ff/0x1b00 [ 2895.469899][T28976] ? device_check_offline+0x280/0x280 [ 2895.475313][T28976] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2895.481329][T28976] wiphy_register+0x1d5b/0x2840 [ 2895.486206][T28976] ? wiphy_unregister+0xc10/0xc10 [ 2895.491243][T28976] ? default_device_exit_batch+0x3d0/0x3d0 [ 2895.497075][T28976] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2895.503166][T28976] ieee80211_register_hw+0x2291/0x3950 [ 2895.508657][T28976] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2895.514052][T28976] ? lock_downgrade+0x820/0x820 [ 2895.518915][T28976] ? lock_is_held_type+0xb0/0xe0 [ 2895.523863][T28976] ? memset+0x20/0x40 [ 2895.527850][T28976] ? __hrtimer_init+0x12c/0x260 [ 2895.532710][T28976] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2895.538469][T28976] ? hwsim_virtio_rx_work+0x350/0x350 [ 2895.543847][T28976] ? memcpy+0x39/0x60 [ 2895.547838][T28976] hwsim_new_radio_nl+0x93e/0xf8c [ 2895.552870][T28976] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2895.558781][T28976] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2895.565744][T28976] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2895.572627][T28976] genl_rcv_msg+0x61d/0x980 [ 2895.577166][T28976] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2895.584123][T28976] ? lock_release+0x8d0/0x8d0 [ 2895.588808][T28976] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2895.594093][T28976] netlink_rcv_skb+0x15a/0x430 [ 2895.598847][T28976] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2895.605914][T28976] ? netlink_ack+0xa10/0xa10 [ 2895.610513][T28976] genl_rcv+0x24/0x40 [ 2895.614505][T28976] netlink_unicast+0x533/0x7d0 [ 2895.619295][T28976] ? netlink_attachskb+0x810/0x810 [ 2895.624419][T28976] ? _copy_from_iter_full+0x247/0x890 [ 2895.629805][T28976] ? __phys_addr+0x9a/0x110 [ 2895.634323][T28976] ? __phys_addr_symbol+0x2c/0x70 [ 2895.639365][T28976] ? __check_object_size+0x171/0x3e4 [ 2895.644677][T28976] netlink_sendmsg+0x856/0xd90 [ 2895.649469][T28976] ? netlink_unicast+0x7d0/0x7d0 [ 2895.654442][T28976] ? netlink_unicast+0x7d0/0x7d0 [ 2895.659394][T28976] sock_sendmsg+0xcf/0x120 [ 2895.663816][T28976] ____sys_sendmsg+0x6e8/0x810 [ 2895.668586][T28976] ? kernel_sendmsg+0x50/0x50 [ 2895.673258][T28976] ? do_recvmmsg+0x6d0/0x6d0 [ 2895.677854][T28976] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2895.683841][T28976] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2895.689826][T28976] ? do_user_addr_fault+0x8ce/0xd00 [ 2895.695049][T28976] ___sys_sendmsg+0xf3/0x170 [ 2895.699640][T28976] ? sendmsg_copy_msghdr+0x160/0x160 [ 2895.704912][T28976] ? __fget_files+0x272/0x400 [ 2895.709596][T28976] ? lock_downgrade+0x820/0x820 [ 2895.714437][T28976] ? find_held_lock+0x2d/0x110 [ 2895.719189][T28976] ? __might_fault+0x11f/0x1d0 [ 2895.723937][T28976] ? __fget_files+0x294/0x400 [ 2895.728613][T28976] ? __fget_light+0xea/0x280 [ 2895.733210][T28976] __sys_sendmsg+0xe5/0x1b0 [ 2895.737723][T28976] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2895.742870][T28976] ? __x64_sys_futex+0x382/0x4e0 [ 2895.747808][T28976] ? do_syscall_64+0x1c/0xe0 [ 2895.752395][T28976] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2895.758367][T28976] do_syscall_64+0x60/0xe0 [ 2895.762766][T28976] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2895.768642][T28976] RIP: 0033:0x45c369 [ 2895.772521][T28976] Code: Bad RIP value. [ 2895.776573][T28976] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2895.784962][T28976] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2895.792918][T28976] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:19:35 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e05, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:35 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2895.800881][T28976] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2895.808843][T28976] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2895.816812][T28976] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2895.834776][T28975] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:35 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000006", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2895.846886][T28983] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2895.856422][T28983] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2895.906964][T28995] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2895.932836][T28977] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2895.955137][T28977] CPU: 1 PID: 28977 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2895.963929][T28977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2895.973988][T28977] Call Trace: [ 2895.977302][T28977] dump_stack+0x18f/0x20d [ 2895.981649][T28977] sysfs_warn_dup.cold+0x1c/0x2d [ 2895.986604][T28977] sysfs_do_create_link_sd+0x11e/0x140 [ 2895.992079][T28977] sysfs_create_link+0x5f/0xc0 [ 2895.996864][T28977] device_add+0x6ff/0x1b00 [ 2896.001300][T28977] ? device_check_offline+0x280/0x280 [ 2896.006687][T28977] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2896.012686][T28977] wiphy_register+0x1d5b/0x2840 [ 2896.017582][T28977] ? wiphy_unregister+0xc10/0xc10 [ 2896.022638][T28977] ? default_device_exit_batch+0x3d0/0x3d0 [ 2896.028567][T28977] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2896.034655][T28977] ieee80211_register_hw+0x2291/0x3950 [ 2896.040141][T28977] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2896.045541][T28977] ? lock_downgrade+0x820/0x820 [ 2896.050408][T28977] ? lock_is_held_type+0xb0/0xe0 22:19:35 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300070025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2896.055360][T28977] ? memset+0x20/0x40 [ 2896.059367][T28977] ? __hrtimer_init+0x12c/0x260 [ 2896.064235][T28977] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2896.069975][T28977] ? hwsim_virtio_rx_work+0x350/0x350 [ 2896.075364][T28977] ? memcpy+0x39/0x60 [ 2896.079375][T28977] hwsim_new_radio_nl+0x93e/0xf8c [ 2896.084508][T28977] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2896.090545][T28977] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2896.095686][T28977] genl_rcv_msg+0x61d/0x980 [ 2896.100209][T28977] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2896.107189][T28977] ? lock_release+0x8d0/0x8d0 [ 2896.111873][T28977] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2896.117172][T28977] netlink_rcv_skb+0x15a/0x430 [ 2896.121957][T28977] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2896.128892][T28977] ? netlink_ack+0xa10/0xa10 [ 2896.133481][T28977] genl_rcv+0x24/0x40 [ 2896.137461][T28977] netlink_unicast+0x533/0x7d0 [ 2896.142219][T28977] ? netlink_attachskb+0x810/0x810 [ 2896.147318][T28977] ? _copy_from_iter_full+0x247/0x890 [ 2896.152706][T28977] ? __phys_addr+0x9a/0x110 [ 2896.157204][T28977] ? __phys_addr_symbol+0x2c/0x70 [ 2896.162219][T28977] ? __check_object_size+0x171/0x3e4 [ 2896.167498][T28977] netlink_sendmsg+0x856/0xd90 [ 2896.172289][T28977] ? netlink_unicast+0x7d0/0x7d0 [ 2896.177252][T28977] ? netlink_unicast+0x7d0/0x7d0 [ 2896.182202][T28977] sock_sendmsg+0xcf/0x120 [ 2896.186637][T28977] ____sys_sendmsg+0x6e8/0x810 [ 2896.191423][T28977] ? kernel_sendmsg+0x50/0x50 [ 2896.196109][T28977] ? do_recvmmsg+0x6d0/0x6d0 [ 2896.200715][T28977] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2896.206714][T28977] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2896.212730][T28977] ? __lock_acquire+0xc1e/0x56e0 [ 2896.217682][T28977] ___sys_sendmsg+0xf3/0x170 [ 2896.222288][T28977] ? sendmsg_copy_msghdr+0x160/0x160 [ 2896.227586][T28977] ? __fget_files+0x272/0x400 [ 2896.232278][T28977] ? lock_downgrade+0x820/0x820 [ 2896.237137][T28977] ? find_held_lock+0x2d/0x110 [ 2896.241905][T28977] ? __might_fault+0x11f/0x1d0 [ 2896.246653][T28977] ? __fget_files+0x294/0x400 [ 2896.251344][T28977] ? __fget_light+0xea/0x280 [ 2896.255944][T28977] __sys_sendmsg+0xe5/0x1b0 [ 2896.260450][T28977] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2896.265465][T28977] ? __x64_sys_futex+0x382/0x4e0 [ 2896.270419][T28977] ? do_syscall_64+0x1c/0xe0 [ 2896.275101][T28977] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2896.281088][T28977] do_syscall_64+0x60/0xe0 [ 2896.285500][T28977] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2896.291378][T28977] RIP: 0033:0x45c369 [ 2896.295254][T28977] Code: Bad RIP value. [ 2896.299307][T28977] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 22:19:35 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005800000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:35 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000007", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2896.307717][T28977] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2896.315684][T28977] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2896.323664][T28977] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2896.331640][T28977] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2896.339601][T28977] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac 22:19:35 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e04, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2896.375086][T29004] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2896.422007][T29004] CPU: 1 PID: 29004 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2896.430823][T29004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2896.440888][T29004] Call Trace: [ 2896.444188][T29004] dump_stack+0x18f/0x20d [ 2896.448537][T29004] sysfs_warn_dup.cold+0x1c/0x2d [ 2896.453488][T29004] sysfs_do_create_link_sd+0x11e/0x140 [ 2896.458977][T29004] sysfs_create_link+0x5f/0xc0 [ 2896.463754][T29004] device_add+0x6ff/0x1b00 [ 2896.468187][T29004] ? device_check_offline+0x280/0x280 [ 2896.473573][T29004] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2896.479581][T29004] wiphy_register+0x1d5b/0x2840 [ 2896.484560][T29004] ? wiphy_unregister+0xc10/0xc10 [ 2896.489602][T29004] ? default_device_exit_batch+0x3d0/0x3d0 [ 2896.495431][T29004] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2896.501522][T29004] ieee80211_register_hw+0x2291/0x3950 [ 2896.507002][T29004] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2896.512396][T29004] ? lock_downgrade+0x820/0x820 [ 2896.517254][T29004] ? lock_is_held_type+0xb0/0xe0 22:19:36 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r5, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) [ 2896.522203][T29004] ? memset+0x20/0x40 [ 2896.526200][T29004] ? __hrtimer_init+0x12c/0x260 [ 2896.531065][T29004] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2896.537065][T29004] ? hwsim_virtio_rx_work+0x350/0x350 [ 2896.542449][T29004] ? memcpy+0x39/0x60 [ 2896.546444][T29004] hwsim_new_radio_nl+0x93e/0xf8c [ 2896.551489][T29004] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2896.557406][T29004] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2896.564362][T29004] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2896.571230][T29004] genl_rcv_msg+0x61d/0x980 [ 2896.575784][T29004] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2896.582742][T29004] ? lock_release+0x8d0/0x8d0 [ 2896.587429][T29004] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2896.592745][T29004] netlink_rcv_skb+0x15a/0x430 [ 2896.597529][T29004] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2896.604484][T29004] ? netlink_ack+0xa10/0xa10 [ 2896.609099][T29004] genl_rcv+0x24/0x40 [ 2896.613087][T29004] netlink_unicast+0x533/0x7d0 [ 2896.617864][T29004] ? netlink_attachskb+0x810/0x810 [ 2896.622988][T29004] ? _copy_from_iter_full+0x247/0x890 [ 2896.628372][T29004] ? __phys_addr+0x9a/0x110 [ 2896.632878][T29004] ? __phys_addr_symbol+0x2c/0x70 [ 2896.637911][T29004] ? __check_object_size+0x171/0x3e4 [ 2896.643224][T29004] netlink_sendmsg+0x856/0xd90 [ 2896.648010][T29004] ? netlink_unicast+0x7d0/0x7d0 [ 2896.652972][T29004] ? netlink_unicast+0x7d0/0x7d0 [ 2896.657920][T29004] sock_sendmsg+0xcf/0x120 [ 2896.662345][T29004] ____sys_sendmsg+0x6e8/0x810 [ 2896.667124][T29004] ? kernel_sendmsg+0x50/0x50 [ 2896.671818][T29004] ? do_recvmmsg+0x6d0/0x6d0 [ 2896.676419][T29004] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2896.682429][T29004] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2896.688416][T29004] ? __lock_acquire+0xc1e/0x56e0 [ 2896.693377][T29004] ___sys_sendmsg+0xf3/0x170 [ 2896.697983][T29004] ? sendmsg_copy_msghdr+0x160/0x160 [ 2896.703281][T29004] ? __fget_files+0x272/0x400 [ 2896.707978][T29004] ? lock_downgrade+0x820/0x820 [ 2896.712839][T29004] ? find_held_lock+0x2d/0x110 [ 2896.717618][T29004] ? __might_fault+0x11f/0x1d0 [ 2896.722425][T29004] ? __fget_files+0x294/0x400 [ 2896.727123][T29004] ? __fget_light+0xea/0x280 [ 2896.731744][T29004] __sys_sendmsg+0xe5/0x1b0 [ 2896.736279][T29004] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2896.741423][T29004] ? __x64_sys_futex+0x382/0x4e0 [ 2896.746383][T29004] ? do_syscall_64+0x1c/0xe0 [ 2896.750986][T29004] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2896.756977][T29004] do_syscall_64+0x60/0xe0 [ 2896.761526][T29004] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2896.767546][T29004] RIP: 0033:0x45c369 [ 2896.771434][T29004] Code: Bad RIP value. [ 2896.775497][T29004] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2896.783909][T29004] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2896.791889][T29004] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2896.799879][T29004] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2896.807859][T29004] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2896.815843][T29004] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:36 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300090025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2896.863642][T29019] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2896.881423][T29020] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2896.896587][T29020] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:36 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000008", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2896.922036][T29022] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2896.953034][T29022] CPU: 0 PID: 29022 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2896.961744][T29022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2896.971803][T29022] Call Trace: [ 2896.975103][T29022] dump_stack+0x18f/0x20d [ 2896.979448][T29022] sysfs_warn_dup.cold+0x1c/0x2d [ 2896.984414][T29022] sysfs_do_create_link_sd+0x11e/0x140 [ 2896.989893][T29022] sysfs_create_link+0x5f/0xc0 [ 2896.994673][T29022] device_add+0x6ff/0x1b00 [ 2896.999116][T29022] ? device_check_offline+0x280/0x280 [ 2897.004501][T29022] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2897.010499][T29022] wiphy_register+0x1d5b/0x2840 [ 2897.015378][T29022] ? wiphy_unregister+0xc10/0xc10 22:19:36 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005900000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2897.020417][T29022] ? default_device_exit_batch+0x3d0/0x3d0 [ 2897.026251][T29022] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2897.032337][T29022] ieee80211_register_hw+0x2291/0x3950 [ 2897.037821][T29022] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2897.043205][T29022] ? lock_downgrade+0x820/0x820 [ 2897.048067][T29022] ? lock_is_held_type+0xb0/0xe0 [ 2897.052999][T29022] ? memset+0x20/0x40 [ 2897.056983][T29022] ? __hrtimer_init+0x12c/0x260 [ 2897.061845][T29022] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2897.067594][T29022] ? hwsim_virtio_rx_work+0x350/0x350 [ 2897.072982][T29022] ? memcpy+0x39/0x60 [ 2897.077009][T29022] hwsim_new_radio_nl+0x93e/0xf8c [ 2897.082049][T29022] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2897.087973][T29022] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2897.094928][T29022] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2897.101794][T29022] genl_rcv_msg+0x61d/0x980 [ 2897.106349][T29022] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2897.113304][T29022] ? lock_release+0x8d0/0x8d0 [ 2897.117980][T29022] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2897.123268][T29022] netlink_rcv_skb+0x15a/0x430 [ 2897.128050][T29022] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2897.134977][T29022] ? netlink_ack+0xa10/0xa10 [ 2897.139560][T29022] genl_rcv+0x24/0x40 [ 2897.143525][T29022] netlink_unicast+0x533/0x7d0 [ 2897.148291][T29022] ? netlink_attachskb+0x810/0x810 [ 2897.153391][T29022] ? _copy_from_iter_full+0x247/0x890 [ 2897.158757][T29022] ? __phys_addr+0x9a/0x110 [ 2897.163236][T29022] ? __phys_addr_symbol+0x2c/0x70 [ 2897.168239][T29022] ? __check_object_size+0x171/0x3e4 [ 2897.173513][T29022] netlink_sendmsg+0x856/0xd90 [ 2897.178259][T29022] ? netlink_unicast+0x7d0/0x7d0 [ 2897.183179][T29022] ? netlink_unicast+0x7d0/0x7d0 [ 2897.188095][T29022] sock_sendmsg+0xcf/0x120 [ 2897.192493][T29022] ____sys_sendmsg+0x6e8/0x810 [ 2897.197252][T29022] ? kernel_sendmsg+0x50/0x50 [ 2897.201903][T29022] ? do_recvmmsg+0x6d0/0x6d0 [ 2897.206471][T29022] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2897.212437][T29022] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2897.218398][T29022] ? do_user_addr_fault+0x8ce/0xd00 [ 2897.223601][T29022] ___sys_sendmsg+0xf3/0x170 [ 2897.228219][T29022] ? sendmsg_copy_msghdr+0x160/0x160 [ 2897.233565][T29022] ? __fget_files+0x272/0x400 [ 2897.238259][T29022] ? lock_downgrade+0x820/0x820 [ 2897.243127][T29022] ? find_held_lock+0x2d/0x110 [ 2897.247904][T29022] ? __might_fault+0x11f/0x1d0 [ 2897.252688][T29022] ? __fget_files+0x294/0x400 [ 2897.257478][T29022] ? __fget_light+0xea/0x280 [ 2897.262067][T29022] __sys_sendmsg+0xe5/0x1b0 [ 2897.266562][T29022] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2897.271564][T29022] ? __x64_sys_futex+0x382/0x4e0 [ 2897.276487][T29022] ? do_syscall_64+0x1c/0xe0 [ 2897.281200][T29022] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2897.287174][T29022] do_syscall_64+0x60/0xe0 [ 2897.291580][T29022] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2897.297447][T29022] RIP: 0033:0x45c369 [ 2897.301311][T29022] Code: Bad RIP value. [ 2897.305351][T29022] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2897.313746][T29022] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:19:36 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e06, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:36 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r5, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) [ 2897.321704][T29022] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2897.329666][T29022] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2897.337628][T29022] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2897.345580][T29022] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2897.403870][T29041] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2897.416743][T29041] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2897.425338][T29042] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2897.453369][T29045] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2897.474864][T29045] CPU: 1 PID: 29045 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2897.483575][T29045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2897.493638][T29045] Call Trace: [ 2897.496950][T29045] dump_stack+0x18f/0x20d [ 2897.501293][T29045] sysfs_warn_dup.cold+0x1c/0x2d [ 2897.506246][T29045] sysfs_do_create_link_sd+0x11e/0x140 [ 2897.511724][T29045] sysfs_create_link+0x5f/0xc0 [ 2897.516505][T29045] device_add+0x6ff/0x1b00 [ 2897.520942][T29045] ? device_check_offline+0x280/0x280 [ 2897.526346][T29045] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2897.532348][T29045] wiphy_register+0x1d5b/0x2840 [ 2897.537243][T29045] ? wiphy_unregister+0xc10/0xc10 [ 2897.542393][T29045] ? default_device_exit_batch+0x3d0/0x3d0 [ 2897.548246][T29045] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2897.554355][T29045] ieee80211_register_hw+0x2291/0x3950 [ 2897.559855][T29045] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2897.565247][T29045] ? lock_downgrade+0x820/0x820 [ 2897.570107][T29045] ? lock_is_held_type+0xb0/0xe0 [ 2897.575067][T29045] ? memset+0x20/0x40 [ 2897.579059][T29045] ? __hrtimer_init+0x12c/0x260 [ 2897.583924][T29045] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2897.589672][T29045] ? hwsim_virtio_rx_work+0x350/0x350 [ 2897.595060][T29045] ? memcpy+0x39/0x60 [ 2897.599057][T29045] hwsim_new_radio_nl+0x93e/0xf8c [ 2897.604095][T29045] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2897.610007][T29045] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2897.616952][T29045] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2897.623839][T29045] genl_rcv_msg+0x61d/0x980 [ 2897.628375][T29045] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2897.635339][T29045] ? lock_release+0x8d0/0x8d0 [ 2897.640029][T29045] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2897.645337][T29045] netlink_rcv_skb+0x15a/0x430 22:19:37 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010025a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:37 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000009", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2897.650137][T29045] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2897.657103][T29045] ? netlink_ack+0xa10/0xa10 [ 2897.661722][T29045] genl_rcv+0x24/0x40 [ 2897.665723][T29045] netlink_unicast+0x533/0x7d0 [ 2897.670537][T29045] ? netlink_attachskb+0x810/0x810 [ 2897.675680][T29045] ? _copy_from_iter_full+0x247/0x890 [ 2897.681085][T29045] ? __phys_addr+0x9a/0x110 [ 2897.685599][T29045] ? __phys_addr_symbol+0x2c/0x70 [ 2897.690665][T29045] ? __check_object_size+0x171/0x3e4 [ 2897.695969][T29045] netlink_sendmsg+0x856/0xd90 [ 2897.700756][T29045] ? netlink_unicast+0x7d0/0x7d0 [ 2897.705710][T29045] ? netlink_unicast+0x7d0/0x7d0 [ 2897.710660][T29045] sock_sendmsg+0xcf/0x120 [ 2897.715075][T29045] ____sys_sendmsg+0x6e8/0x810 [ 2897.719836][T29045] ? kernel_sendmsg+0x50/0x50 [ 2897.724510][T29045] ? do_recvmmsg+0x6d0/0x6d0 [ 2897.729087][T29045] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2897.735048][T29045] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2897.741007][T29045] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2897.746102][T29045] ___sys_sendmsg+0xf3/0x170 [ 2897.750686][T29045] ? sendmsg_copy_msghdr+0x160/0x160 [ 2897.755960][T29045] ? __fget_files+0x272/0x400 [ 2897.760661][T29045] ? lock_downgrade+0x820/0x820 [ 2897.765587][T29045] ? find_held_lock+0x2d/0x110 [ 2897.770332][T29045] ? __might_fault+0x11f/0x1d0 [ 2897.775092][T29045] ? __fget_files+0x294/0x400 [ 2897.779761][T29045] ? __fget_light+0xea/0x280 [ 2897.784336][T29045] __sys_sendmsg+0xe5/0x1b0 [ 2897.788823][T29045] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2897.793843][T29045] ? kcov_ioctl+0x192/0x640 [ 2897.798359][T29045] ? do_syscall_64+0x1c/0xe0 [ 2897.802954][T29045] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2897.809012][T29045] do_syscall_64+0x60/0xe0 [ 2897.813428][T29045] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2897.819408][T29045] RIP: 0033:0x45c369 [ 2897.823308][T29045] Code: Bad RIP value. [ 2897.827360][T29045] RSP: 002b:00007f4e9be65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2897.835783][T29045] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2897.843749][T29045] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2897.851706][T29045] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2897.859652][T29045] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2897.867632][T29045] R13: 00007ffd77e9fdcf R14: 00007f4e9be669c0 R15: 000000000078c04c 22:19:37 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r5, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) [ 2897.944147][T29061] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2897.952560][T29065] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2897.972321][T29051] sysfs: cannot create duplicate filename '/class/ieee80211/!' 22:19:37 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="23000b0025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:37 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010035a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2897.999522][T29051] CPU: 0 PID: 29051 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2898.008223][T29051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2898.018282][T29051] Call Trace: [ 2898.021590][T29051] dump_stack+0x18f/0x20d [ 2898.025934][T29051] sysfs_warn_dup.cold+0x1c/0x2d [ 2898.030884][T29051] sysfs_do_create_link_sd+0x11e/0x140 [ 2898.036361][T29051] sysfs_create_link+0x5f/0xc0 [ 2898.041133][T29051] device_add+0x6ff/0x1b00 [ 2898.045567][T29051] ? device_check_offline+0x280/0x280 [ 2898.050952][T29051] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2898.056955][T29051] wiphy_register+0x1d5b/0x2840 [ 2898.061834][T29051] ? wiphy_unregister+0xc10/0xc10 [ 2898.066874][T29051] ? default_device_exit_batch+0x3d0/0x3d0 [ 2898.072702][T29051] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2898.078786][T29051] ieee80211_register_hw+0x2291/0x3950 [ 2898.084273][T29051] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2898.089656][T29051] ? lock_downgrade+0x820/0x820 [ 2898.094518][T29051] ? lock_is_held_type+0xb0/0xe0 22:19:37 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e05, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2898.099470][T29051] ? memset+0x20/0x40 [ 2898.103466][T29051] ? __hrtimer_init+0x12c/0x260 [ 2898.108340][T29051] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2898.114092][T29051] ? hwsim_virtio_rx_work+0x350/0x350 [ 2898.119480][T29051] ? memcpy+0x39/0x60 [ 2898.123474][T29051] hwsim_new_radio_nl+0x93e/0xf8c [ 2898.128515][T29051] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2898.134442][T29051] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2898.141397][T29051] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 22:19:37 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000a", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2898.148264][T29051] genl_rcv_msg+0x61d/0x980 [ 2898.152795][T29051] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2898.159759][T29051] ? lock_release+0x8d0/0x8d0 [ 2898.164450][T29051] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2898.169762][T29051] netlink_rcv_skb+0x15a/0x430 [ 2898.174537][T29051] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2898.181485][T29051] ? netlink_ack+0xa10/0xa10 [ 2898.186108][T29051] genl_rcv+0x24/0x40 [ 2898.190105][T29051] netlink_unicast+0x533/0x7d0 [ 2898.194893][T29051] ? netlink_attachskb+0x810/0x810 [ 2898.200024][T29051] ? _copy_from_iter_full+0x247/0x890 [ 2898.205427][T29051] ? __phys_addr+0x9a/0x110 [ 2898.209945][T29051] ? __phys_addr_symbol+0x2c/0x70 [ 2898.214999][T29051] ? __check_object_size+0x171/0x3e4 [ 2898.220309][T29051] netlink_sendmsg+0x856/0xd90 [ 2898.225090][T29051] ? netlink_unicast+0x7d0/0x7d0 [ 2898.230048][T29051] ? netlink_unicast+0x7d0/0x7d0 [ 2898.234998][T29051] sock_sendmsg+0xcf/0x120 [ 2898.239432][T29051] ____sys_sendmsg+0x6e8/0x810 [ 2898.244323][T29051] ? kernel_sendmsg+0x50/0x50 [ 2898.249011][T29051] ? do_recvmmsg+0x6d0/0x6d0 [ 2898.253619][T29051] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2898.259618][T29051] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2898.265615][T29051] ? __lock_acquire+0xc1e/0x56e0 [ 2898.270575][T29051] ___sys_sendmsg+0xf3/0x170 [ 2898.275182][T29051] ? sendmsg_copy_msghdr+0x160/0x160 [ 2898.280478][T29051] ? __fget_files+0x272/0x400 [ 2898.285168][T29051] ? lock_downgrade+0x820/0x820 [ 2898.290025][T29051] ? find_held_lock+0x2d/0x110 [ 2898.294808][T29051] ? __might_fault+0x11f/0x1d0 [ 2898.299591][T29051] ? __fget_files+0x294/0x400 [ 2898.304289][T29051] ? __fget_light+0xea/0x280 [ 2898.308913][T29051] __sys_sendmsg+0xe5/0x1b0 [ 2898.313437][T29051] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2898.318483][T29051] ? __x64_sys_futex+0x382/0x4e0 [ 2898.323445][T29051] ? do_syscall_64+0x1c/0xe0 [ 2898.328054][T29051] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2898.334053][T29051] do_syscall_64+0x60/0xe0 [ 2898.338501][T29051] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2898.344406][T29051] RIP: 0033:0x45c369 22:19:37 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2898.348302][T29051] Code: Bad RIP value. [ 2898.352377][T29051] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2898.360806][T29051] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2898.368930][T29051] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2898.376912][T29051] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2898.384898][T29051] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2898.392877][T29051] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2898.476241][T29077] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2898.489286][T29087] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2898.512391][T29088] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2898.536663][T29088] CPU: 1 PID: 29088 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2898.545369][T29088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2898.555526][T29088] Call Trace: [ 2898.558834][T29088] dump_stack+0x18f/0x20d [ 2898.563188][T29088] sysfs_warn_dup.cold+0x1c/0x2d [ 2898.568141][T29088] sysfs_do_create_link_sd+0x11e/0x140 [ 2898.573632][T29088] sysfs_create_link+0x5f/0xc0 [ 2898.578441][T29088] device_add+0x6ff/0x1b00 22:19:38 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="23000e0025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2898.582880][T29088] ? device_check_offline+0x280/0x280 [ 2898.588275][T29088] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2898.594312][T29088] wiphy_register+0x1d5b/0x2840 [ 2898.599196][T29088] ? wiphy_unregister+0xc10/0xc10 [ 2898.604240][T29088] ? default_device_exit_batch+0x3d0/0x3d0 [ 2898.610081][T29088] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2898.616178][T29088] ieee80211_register_hw+0x2291/0x3950 [ 2898.621674][T29088] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2898.627068][T29088] ? lock_downgrade+0x820/0x820 [ 2898.631938][T29088] ? lock_is_held_type+0xb0/0xe0 [ 2898.636904][T29088] ? memset+0x20/0x40 [ 2898.640919][T29088] ? __hrtimer_init+0x12c/0x260 [ 2898.645812][T29088] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2898.651566][T29088] ? hwsim_virtio_rx_work+0x350/0x350 [ 2898.656967][T29088] ? memcpy+0x39/0x60 [ 2898.660966][T29088] hwsim_new_radio_nl+0x93e/0xf8c [ 2898.666017][T29088] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2898.671951][T29088] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2898.678913][T29088] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 22:19:38 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2898.685905][T29088] genl_rcv_msg+0x61d/0x980 [ 2898.690433][T29088] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2898.697394][T29088] ? lock_release+0x8d0/0x8d0 [ 2898.702075][T29088] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2898.707388][T29088] netlink_rcv_skb+0x15a/0x430 [ 2898.712165][T29088] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2898.719111][T29088] ? netlink_ack+0xa10/0xa10 [ 2898.723721][T29088] genl_rcv+0x24/0x40 [ 2898.727712][T29088] netlink_unicast+0x533/0x7d0 [ 2898.732506][T29088] ? netlink_attachskb+0x810/0x810 [ 2898.737625][T29088] ? _copy_from_iter_full+0x247/0x890 [ 2898.743005][T29088] ? __phys_addr+0x9a/0x110 [ 2898.747519][T29088] ? __phys_addr_symbol+0x2c/0x70 [ 2898.752553][T29088] ? __check_object_size+0x171/0x3e4 [ 2898.757856][T29088] netlink_sendmsg+0x856/0xd90 [ 2898.762632][T29088] ? netlink_unicast+0x7d0/0x7d0 [ 2898.767592][T29088] ? netlink_unicast+0x7d0/0x7d0 [ 2898.772538][T29088] sock_sendmsg+0xcf/0x120 [ 2898.776967][T29088] ____sys_sendmsg+0x6e8/0x810 [ 2898.781739][T29088] ? kernel_sendmsg+0x50/0x50 [ 2898.786404][T29088] ? do_recvmmsg+0x6d0/0x6d0 [ 2898.790993][T29088] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2898.796975][T29088] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2898.802952][T29088] ? do_user_addr_fault+0x8ce/0xd00 [ 2898.808157][T29088] ___sys_sendmsg+0xf3/0x170 [ 2898.812758][T29088] ? sendmsg_copy_msghdr+0x160/0x160 [ 2898.818056][T29088] ? __fget_files+0x272/0x400 [ 2898.822760][T29088] ? lock_downgrade+0x820/0x820 [ 2898.827635][T29088] ? find_held_lock+0x2d/0x110 [ 2898.832408][T29088] ? __might_fault+0x11f/0x1d0 [ 2898.837200][T29088] ? __fget_files+0x294/0x400 [ 2898.841884][T29088] ? __fget_light+0xea/0x280 [ 2898.846466][T29088] __sys_sendmsg+0xe5/0x1b0 [ 2898.850971][T29088] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2898.855991][T29088] ? __x64_sys_futex+0x382/0x4e0 [ 2898.860919][T29088] ? do_syscall_64+0x1c/0xe0 [ 2898.865489][T29088] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2898.871474][T29088] do_syscall_64+0x60/0xe0 [ 2898.875898][T29088] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2898.881789][T29088] RIP: 0033:0x45c369 22:19:38 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e07, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:38 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000b", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:38 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010045a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2898.885656][T29088] Code: Bad RIP value. [ 2898.889710][T29088] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2898.898125][T29088] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2898.906096][T29088] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2898.914064][T29088] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2898.922057][T29088] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2898.930039][T29088] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2898.990076][T29096] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2899.010244][T29096] CPU: 1 PID: 29096 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2899.018957][T29096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2899.029019][T29096] Call Trace: [ 2899.032318][T29096] dump_stack+0x18f/0x20d [ 2899.036658][T29096] sysfs_warn_dup.cold+0x1c/0x2d [ 2899.041623][T29096] sysfs_do_create_link_sd+0x11e/0x140 [ 2899.047108][T29096] sysfs_create_link+0x5f/0xc0 [ 2899.051859][T29096] device_add+0x6ff/0x1b00 [ 2899.056317][T29096] ? device_check_offline+0x280/0x280 [ 2899.061707][T29096] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2899.067718][T29096] wiphy_register+0x1d5b/0x2840 [ 2899.072610][T29096] ? wiphy_unregister+0xc10/0xc10 [ 2899.077654][T29096] ? default_device_exit_batch+0x3d0/0x3d0 [ 2899.083482][T29096] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2899.089570][T29096] ieee80211_register_hw+0x2291/0x3950 [ 2899.095041][T29096] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2899.100418][T29096] ? lock_downgrade+0x820/0x820 [ 2899.105266][T29096] ? lock_is_held_type+0xb0/0xe0 [ 2899.110205][T29096] ? memset+0x20/0x40 [ 2899.114199][T29096] ? __hrtimer_init+0x12c/0x260 [ 2899.119067][T29096] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2899.124817][T29096] ? hwsim_virtio_rx_work+0x350/0x350 [ 2899.130204][T29096] ? memcpy+0x39/0x60 [ 2899.134220][T29096] hwsim_new_radio_nl+0x93e/0xf8c [ 2899.139263][T29096] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2899.145177][T29096] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2899.152113][T29096] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2899.158968][T29096] genl_rcv_msg+0x61d/0x980 [ 2899.163471][T29096] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2899.170409][T29096] ? lock_release+0x8d0/0x8d0 [ 2899.175095][T29096] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2899.180401][T29096] netlink_rcv_skb+0x15a/0x430 [ 2899.185181][T29096] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2899.192132][T29096] ? netlink_ack+0xa10/0xa10 [ 2899.196755][T29096] genl_rcv+0x24/0x40 [ 2899.200741][T29096] netlink_unicast+0x533/0x7d0 [ 2899.205524][T29096] ? netlink_attachskb+0x810/0x810 [ 2899.210643][T29096] ? _copy_from_iter_full+0x247/0x890 [ 2899.216026][T29096] ? __phys_addr+0x9a/0x110 [ 2899.220541][T29096] ? __phys_addr_symbol+0x2c/0x70 [ 2899.225573][T29096] ? __check_object_size+0x171/0x3e4 [ 2899.230878][T29096] netlink_sendmsg+0x856/0xd90 [ 2899.235667][T29096] ? netlink_unicast+0x7d0/0x7d0 [ 2899.240633][T29096] ? netlink_unicast+0x7d0/0x7d0 [ 2899.245577][T29096] sock_sendmsg+0xcf/0x120 [ 2899.250009][T29096] ____sys_sendmsg+0x6e8/0x810 [ 2899.254790][T29096] ? kernel_sendmsg+0x50/0x50 [ 2899.259481][T29096] ? do_recvmmsg+0x6d0/0x6d0 [ 2899.264095][T29096] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2899.270091][T29096] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2899.276083][T29096] ? do_user_addr_fault+0x8ce/0xd00 [ 2899.281309][T29096] ___sys_sendmsg+0xf3/0x170 [ 2899.285917][T29096] ? sendmsg_copy_msghdr+0x160/0x160 [ 2899.291213][T29096] ? __fget_files+0x272/0x400 [ 2899.295907][T29096] ? lock_downgrade+0x820/0x820 [ 2899.300757][T29096] ? find_held_lock+0x2d/0x110 [ 2899.305530][T29096] ? __might_fault+0x11f/0x1d0 [ 2899.310317][T29096] ? __fget_files+0x294/0x400 [ 2899.315018][T29096] ? __fget_light+0xea/0x280 [ 2899.319627][T29096] __sys_sendmsg+0xe5/0x1b0 [ 2899.324135][T29096] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2899.329169][T29096] ? __x64_sys_futex+0x382/0x4e0 [ 2899.334119][T29096] ? do_syscall_64+0x1c/0xe0 [ 2899.338736][T29096] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2899.344721][T29096] do_syscall_64+0x60/0xe0 [ 2899.349134][T29096] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2899.355002][T29096] RIP: 0033:0x45c369 [ 2899.358882][T29096] Code: Bad RIP value. [ 2899.362942][T29096] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2899.371341][T29096] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2899.379304][T29096] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:19:38 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:38 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e06, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2899.387267][T29096] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2899.395217][T29096] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2899.403175][T29096] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac [ 2899.426219][T29115] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2899.467557][T29115] CPU: 0 PID: 29115 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2899.476261][T29115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2899.486325][T29115] Call Trace: [ 2899.489630][T29115] dump_stack+0x18f/0x20d [ 2899.493979][T29115] sysfs_warn_dup.cold+0x1c/0x2d [ 2899.498930][T29115] sysfs_do_create_link_sd+0x11e/0x140 [ 2899.504400][T29115] sysfs_create_link+0x5f/0xc0 [ 2899.509189][T29115] device_add+0x6ff/0x1b00 [ 2899.513627][T29115] ? device_check_offline+0x280/0x280 [ 2899.519018][T29115] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2899.525022][T29115] wiphy_register+0x1d5b/0x2840 [ 2899.529914][T29115] ? wiphy_unregister+0xc10/0xc10 [ 2899.534956][T29115] ? default_device_exit_batch+0x3d0/0x3d0 [ 2899.540798][T29115] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2899.546886][T29115] ieee80211_register_hw+0x2291/0x3950 [ 2899.552382][T29115] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2899.557786][T29115] ? lock_downgrade+0x820/0x820 [ 2899.562649][T29115] ? lock_is_held_type+0xb0/0xe0 [ 2899.567595][T29115] ? memset+0x20/0x40 [ 2899.571584][T29115] ? __hrtimer_init+0x12c/0x260 [ 2899.576449][T29115] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2899.582194][T29115] ? hwsim_virtio_rx_work+0x350/0x350 [ 2899.587579][T29115] ? memcpy+0x39/0x60 [ 2899.591576][T29115] hwsim_new_radio_nl+0x93e/0xf8c [ 2899.596615][T29115] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2899.602553][T29115] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2899.609502][T29115] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2899.616371][T29115] genl_rcv_msg+0x61d/0x980 [ 2899.620898][T29115] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2899.627857][T29115] ? lock_release+0x8d0/0x8d0 [ 2899.632541][T29115] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2899.637846][T29115] netlink_rcv_skb+0x15a/0x430 [ 2899.642634][T29115] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2899.649584][T29115] ? netlink_ack+0xa10/0xa10 [ 2899.654201][T29115] genl_rcv+0x24/0x40 [ 2899.658283][T29115] netlink_unicast+0x533/0x7d0 [ 2899.663061][T29115] ? netlink_attachskb+0x810/0x810 [ 2899.668177][T29115] ? _copy_from_iter_full+0x247/0x890 [ 2899.673553][T29115] ? __phys_addr+0x9a/0x110 [ 2899.678068][T29115] ? __phys_addr_symbol+0x2c/0x70 [ 2899.683113][T29115] ? __check_object_size+0x171/0x3e4 [ 2899.688415][T29115] netlink_sendmsg+0x856/0xd90 [ 2899.693198][T29115] ? netlink_unicast+0x7d0/0x7d0 [ 2899.698169][T29115] ? netlink_unicast+0x7d0/0x7d0 [ 2899.703121][T29115] sock_sendmsg+0xcf/0x120 [ 2899.707552][T29115] ____sys_sendmsg+0x6e8/0x810 [ 2899.712332][T29115] ? kernel_sendmsg+0x50/0x50 22:19:39 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300200025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:39 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2899.717019][T29115] ? do_recvmmsg+0x6d0/0x6d0 [ 2899.721625][T29115] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2899.727622][T29115] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2899.733619][T29115] ? __lock_acquire+0xc1e/0x56e0 [ 2899.738579][T29115] ___sys_sendmsg+0xf3/0x170 [ 2899.743188][T29115] ? sendmsg_copy_msghdr+0x160/0x160 [ 2899.748484][T29115] ? __fget_files+0x272/0x400 [ 2899.753176][T29115] ? lock_downgrade+0x820/0x820 [ 2899.758037][T29115] ? find_held_lock+0x2d/0x110 [ 2899.762820][T29115] ? __might_fault+0x11f/0x1d0 22:19:39 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2899.767609][T29115] ? __fget_files+0x294/0x400 [ 2899.772324][T29115] ? __fget_light+0xea/0x280 [ 2899.776941][T29115] __sys_sendmsg+0xe5/0x1b0 [ 2899.781476][T29115] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2899.786518][T29115] ? __x64_sys_futex+0x382/0x4e0 [ 2899.791490][T29115] ? do_syscall_64+0x1c/0xe0 [ 2899.796089][T29115] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2899.802197][T29115] do_syscall_64+0x60/0xe0 [ 2899.806623][T29115] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2899.812515][T29115] RIP: 0033:0x45c369 [ 2899.816408][T29115] Code: Bad RIP value. [ 2899.820478][T29115] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2899.828908][T29115] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2899.836867][T29115] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2899.844815][T29115] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2899.852762][T29115] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2899.860710][T29115] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2899.918708][T29114] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2899.933017][T29117] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2899.956878][T29133] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2899.964559][T29133] CPU: 1 PID: 29133 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2899.973236][T29133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2899.983296][T29133] Call Trace: [ 2899.986601][T29133] dump_stack+0x18f/0x20d [ 2899.990943][T29133] sysfs_warn_dup.cold+0x1c/0x2d [ 2899.995905][T29133] sysfs_do_create_link_sd+0x11e/0x140 [ 2900.001383][T29133] sysfs_create_link+0x5f/0xc0 [ 2900.006171][T29133] device_add+0x6ff/0x1b00 [ 2900.010612][T29133] ? device_check_offline+0x280/0x280 22:19:39 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000c", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:39 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010055a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2900.015988][T29133] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2900.021992][T29133] wiphy_register+0x1d5b/0x2840 [ 2900.026861][T29133] ? wiphy_unregister+0xc10/0xc10 [ 2900.031909][T29133] ? default_device_exit_batch+0x3d0/0x3d0 [ 2900.037736][T29133] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2900.043815][T29133] ieee80211_register_hw+0x2291/0x3950 [ 2900.049301][T29133] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2900.054780][T29133] ? lock_downgrade+0x820/0x820 [ 2900.059645][T29133] ? lock_is_held_type+0xb0/0xe0 [ 2900.064597][T29133] ? memset+0x20/0x40 [ 2900.068591][T29133] ? __hrtimer_init+0x12c/0x260 [ 2900.073466][T29133] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2900.079219][T29133] ? hwsim_virtio_rx_work+0x350/0x350 [ 2900.084599][T29133] ? memcpy+0x39/0x60 [ 2900.088593][T29133] hwsim_new_radio_nl+0x93e/0xf8c [ 2900.093633][T29133] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2900.099557][T29133] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2900.106594][T29133] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2900.113482][T29133] genl_rcv_msg+0x61d/0x980 [ 2900.118005][T29133] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2900.124953][T29133] ? lock_release+0x8d0/0x8d0 [ 2900.129637][T29133] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2900.134936][T29133] netlink_rcv_skb+0x15a/0x430 [ 2900.139707][T29133] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2900.146649][T29133] ? netlink_ack+0xa10/0xa10 [ 2900.151350][T29133] genl_rcv+0x24/0x40 [ 2900.155342][T29133] netlink_unicast+0x533/0x7d0 [ 2900.160121][T29133] ? netlink_attachskb+0x810/0x810 [ 2900.165238][T29133] ? _copy_from_iter_full+0x247/0x890 [ 2900.170612][T29133] ? __phys_addr+0x9a/0x110 [ 2900.175109][T29133] ? __phys_addr_symbol+0x2c/0x70 [ 2900.180141][T29133] ? __check_object_size+0x171/0x3e4 [ 2900.185538][T29133] netlink_sendmsg+0x856/0xd90 [ 2900.190333][T29133] ? netlink_unicast+0x7d0/0x7d0 [ 2900.195288][T29133] ? netlink_unicast+0x7d0/0x7d0 [ 2900.200255][T29133] sock_sendmsg+0xcf/0x120 [ 2900.204681][T29133] ____sys_sendmsg+0x6e8/0x810 [ 2900.209453][T29133] ? kernel_sendmsg+0x50/0x50 [ 2900.214138][T29133] ? do_recvmmsg+0x6d0/0x6d0 22:19:39 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) recvmsg$kcm(r6, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2900.218746][T29133] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2900.224752][T29133] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2900.230743][T29133] ? do_user_addr_fault+0x8ce/0xd00 [ 2900.235956][T29133] ___sys_sendmsg+0xf3/0x170 [ 2900.240553][T29133] ? sendmsg_copy_msghdr+0x160/0x160 [ 2900.245872][T29133] ? __fget_files+0x272/0x400 [ 2900.250561][T29133] ? lock_downgrade+0x820/0x820 [ 2900.255420][T29133] ? find_held_lock+0x2d/0x110 [ 2900.260223][T29133] ? __might_fault+0x11f/0x1d0 [ 2900.265011][T29133] ? __fget_files+0x294/0x400 [ 2900.269699][T29133] ? __fget_light+0xea/0x280 [ 2900.274308][T29133] __sys_sendmsg+0xe5/0x1b0 [ 2900.278820][T29133] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2900.283853][T29133] ? __x64_sys_futex+0x382/0x4e0 [ 2900.288804][T29133] ? do_syscall_64+0x1c/0xe0 [ 2900.293400][T29133] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2900.299477][T29133] do_syscall_64+0x60/0xe0 [ 2900.303906][T29133] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2900.309799][T29133] RIP: 0033:0x45c369 [ 2900.313688][T29133] Code: Bad RIP value. [ 2900.317756][T29133] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2900.326321][T29133] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2900.334308][T29133] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2900.342445][T29133] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2900.350424][T29133] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2900.358405][T29133] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2900.408741][T29150] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2900.419349][T29152] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2900.452265][T29142] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2900.472464][T29142] CPU: 0 PID: 29142 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2900.481170][T29142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2900.491229][T29142] Call Trace: [ 2900.494531][T29142] dump_stack+0x18f/0x20d [ 2900.498878][T29142] sysfs_warn_dup.cold+0x1c/0x2d [ 2900.503819][T29142] sysfs_do_create_link_sd+0x11e/0x140 [ 2900.509276][T29142] sysfs_create_link+0x5f/0xc0 [ 2900.514250][T29142] device_add+0x6ff/0x1b00 [ 2900.518681][T29142] ? device_check_offline+0x280/0x280 [ 2900.524081][T29142] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2900.530143][T29142] wiphy_register+0x1d5b/0x2840 [ 2900.534978][T29142] ? wiphy_unregister+0xc10/0xc10 [ 2900.539985][T29142] ? default_device_exit_batch+0x3d0/0x3d0 [ 2900.545767][T29142] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2900.551826][T29142] ieee80211_register_hw+0x2291/0x3950 [ 2900.557265][T29142] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2900.562610][T29142] ? lock_downgrade+0x820/0x820 [ 2900.567432][T29142] ? lock_is_held_type+0xb0/0xe0 [ 2900.572341][T29142] ? memset+0x20/0x40 [ 2900.576294][T29142] ? __hrtimer_init+0x12c/0x260 [ 2900.581118][T29142] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2900.586848][T29142] ? hwsim_virtio_rx_work+0x350/0x350 [ 2900.592189][T29142] ? memcpy+0x39/0x60 [ 2900.596144][T29142] hwsim_new_radio_nl+0x93e/0xf8c [ 2900.601141][T29142] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2900.607015][T29142] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2900.613921][T29142] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2900.620744][T29142] genl_rcv_msg+0x61d/0x980 [ 2900.625224][T29142] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2900.632366][T29142] ? lock_release+0x8d0/0x8d0 [ 2900.637036][T29142] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2900.642317][T29142] netlink_rcv_skb+0x15a/0x430 [ 2900.647056][T29142] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2900.653966][T29142] ? netlink_ack+0xa10/0xa10 [ 2900.658537][T29142] genl_rcv+0x24/0x40 [ 2900.662499][T29142] netlink_unicast+0x533/0x7d0 [ 2900.667237][T29142] ? netlink_attachskb+0x810/0x810 [ 2900.672323][T29142] ? _copy_from_iter_full+0x247/0x890 [ 2900.677667][T29142] ? __phys_addr+0x9a/0x110 [ 2900.682139][T29142] ? __phys_addr_symbol+0x2c/0x70 [ 2900.687136][T29142] ? __check_object_size+0x171/0x3e4 [ 2900.692393][T29142] netlink_sendmsg+0x856/0xd90 [ 2900.697135][T29142] ? netlink_unicast+0x7d0/0x7d0 [ 2900.702056][T29142] ? netlink_unicast+0x7d0/0x7d0 [ 2900.706966][T29142] sock_sendmsg+0xcf/0x120 [ 2900.711359][T29142] ____sys_sendmsg+0x6e8/0x810 [ 2900.716097][T29142] ? kernel_sendmsg+0x50/0x50 [ 2900.720745][T29142] ? do_recvmmsg+0x6d0/0x6d0 [ 2900.725307][T29142] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2900.731259][T29142] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2900.737207][T29142] ? __lock_acquire+0xc1e/0x56e0 [ 2900.742121][T29142] ___sys_sendmsg+0xf3/0x170 [ 2900.746686][T29142] ? sendmsg_copy_msghdr+0x160/0x160 [ 2900.751944][T29142] ? __fget_files+0x272/0x400 [ 2900.756594][T29142] ? lock_downgrade+0x820/0x820 [ 2900.761416][T29142] ? find_held_lock+0x2d/0x110 [ 2900.766153][T29142] ? __might_fault+0x11f/0x1d0 [ 2900.770897][T29142] ? __fget_files+0x294/0x400 [ 2900.775550][T29142] ? __fget_light+0xea/0x280 [ 2900.780259][T29142] __sys_sendmsg+0xe5/0x1b0 [ 2900.784735][T29142] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2900.789733][T29142] ? __x64_sys_futex+0x382/0x4e0 [ 2900.794649][T29142] ? do_syscall_64+0x1c/0xe0 [ 2900.799215][T29142] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2900.805175][T29142] do_syscall_64+0x60/0xe0 [ 2900.809571][T29142] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2900.815432][T29142] RIP: 0033:0x45c369 [ 2900.819294][T29142] Code: Bad RIP value. [ 2900.823331][T29142] RSP: 002b:00007f08d4269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2900.831712][T29142] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2900.839658][T29142] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:19:40 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2900.847731][T29142] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2900.855715][T29142] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2900.863671][T29142] R13: 00007ffe336fa22f R14: 00007f08d426a9c0 R15: 000000000078c04c [ 2900.893775][T29160] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2900.924096][T29160] CPU: 0 PID: 29160 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2900.932806][T29160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2900.942869][T29160] Call Trace: [ 2900.946174][T29160] dump_stack+0x18f/0x20d [ 2900.950522][T29160] sysfs_warn_dup.cold+0x1c/0x2d [ 2900.955474][T29160] sysfs_do_create_link_sd+0x11e/0x140 [ 2900.960946][T29160] sysfs_create_link+0x5f/0xc0 [ 2900.965728][T29160] device_add+0x6ff/0x1b00 [ 2900.970165][T29160] ? device_check_offline+0x280/0x280 [ 2900.975582][T29160] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2900.981596][T29160] wiphy_register+0x1d5b/0x2840 [ 2900.986475][T29160] ? wiphy_unregister+0xc10/0xc10 [ 2900.991514][T29160] ? default_device_exit_batch+0x3d0/0x3d0 [ 2900.997346][T29160] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2901.003440][T29160] ieee80211_register_hw+0x2291/0x3950 [ 2901.008930][T29160] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2901.014324][T29160] ? lock_downgrade+0x820/0x820 [ 2901.019189][T29160] ? lock_is_held_type+0xb0/0xe0 [ 2901.024142][T29160] ? memset+0x20/0x40 [ 2901.028142][T29160] ? __hrtimer_init+0x12c/0x260 [ 2901.033015][T29160] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2901.038768][T29160] ? hwsim_virtio_rx_work+0x350/0x350 [ 2901.044157][T29160] ? memcpy+0x39/0x60 [ 2901.048163][T29160] hwsim_new_radio_nl+0x93e/0xf8c [ 2901.053208][T29160] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2901.059131][T29160] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2901.066102][T29160] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2901.072974][T29160] genl_rcv_msg+0x61d/0x980 [ 2901.077505][T29160] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2901.084477][T29160] ? lock_release+0x8d0/0x8d0 [ 2901.089164][T29160] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2901.094464][T29160] netlink_rcv_skb+0x15a/0x430 [ 2901.099230][T29160] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2901.106172][T29160] ? netlink_ack+0xa10/0xa10 [ 2901.110792][T29160] genl_rcv+0x24/0x40 [ 2901.114921][T29160] netlink_unicast+0x533/0x7d0 [ 2901.119704][T29160] ? netlink_attachskb+0x810/0x810 [ 2901.125002][T29160] ? _copy_from_iter_full+0x247/0x890 [ 2901.130388][T29160] ? __phys_addr+0x9a/0x110 [ 2901.134904][T29160] ? __phys_addr_symbol+0x2c/0x70 [ 2901.139944][T29160] ? __check_object_size+0x171/0x3e4 [ 2901.145239][T29160] netlink_sendmsg+0x856/0xd90 [ 2901.150020][T29160] ? netlink_unicast+0x7d0/0x7d0 [ 2901.154980][T29160] ? netlink_unicast+0x7d0/0x7d0 [ 2901.159936][T29160] sock_sendmsg+0xcf/0x120 [ 2901.164374][T29160] ____sys_sendmsg+0x6e8/0x810 [ 2901.169146][T29160] ? kernel_sendmsg+0x50/0x50 [ 2901.173819][T29160] ? do_recvmmsg+0x6d0/0x6d0 [ 2901.178399][T29160] ? psi_task_switch+0x17a/0x400 [ 2901.183314][T29160] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2901.189265][T29160] ? lock_acquire+0x1f1/0xad0 [ 2901.193936][T29160] ? find_held_lock+0x2d/0x110 [ 2901.198672][T29160] ___sys_sendmsg+0xf3/0x170 [ 2901.203236][T29160] ? sendmsg_copy_msghdr+0x160/0x160 [ 2901.208494][T29160] ? __fget_files+0x272/0x400 [ 2901.213148][T29160] ? lock_downgrade+0x820/0x820 [ 2901.217978][T29160] ? trace_hardirqs_on+0x5f/0x220 [ 2901.222983][T29160] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2901.228070][T29160] ? _raw_spin_unlock_irq+0x55/0x80 [ 2901.233247][T29160] ? __fget_files+0x294/0x400 [ 2901.237912][T29160] ? __fget_light+0xea/0x280 [ 2901.242565][T29160] __sys_sendmsg+0xe5/0x1b0 [ 2901.247049][T29160] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2901.252060][T29160] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2901.257169][T29160] do_syscall_64+0x60/0xe0 [ 2901.261575][T29160] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2901.267449][T29160] RIP: 0033:0x45c369 [ 2901.271325][T29160] Code: Bad RIP value. 22:19:40 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010065a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:40 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000d", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:40 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="23003f0025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2901.275365][T29160] RSP: 002b:00007f4e9be65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2901.283752][T29160] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2901.291703][T29160] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2901.299653][T29160] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2901.307624][T29160] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2901.315586][T29160] R13: 00007ffd77e9fdcf R14: 00007f4e9be669c0 R15: 000000000078c04c 22:19:40 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:40 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e07, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:40 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e08, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2901.437496][T29191] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2901.477970][T29190] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2901.490145][T29194] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2901.536484][T29194] CPU: 1 PID: 29194 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2901.545186][T29194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2901.555358][T29194] Call Trace: [ 2901.558661][T29194] dump_stack+0x18f/0x20d [ 2901.562999][T29194] sysfs_warn_dup.cold+0x1c/0x2d [ 2901.568063][T29194] sysfs_do_create_link_sd+0x11e/0x140 [ 2901.573531][T29194] sysfs_create_link+0x5f/0xc0 [ 2901.578307][T29194] device_add+0x6ff/0x1b00 [ 2901.582736][T29194] ? device_check_offline+0x280/0x280 [ 2901.588116][T29194] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2901.594131][T29194] wiphy_register+0x1d5b/0x2840 [ 2901.599000][T29194] ? wiphy_unregister+0xc10/0xc10 [ 2901.604039][T29194] ? default_device_exit_batch+0x3d0/0x3d0 [ 2901.609869][T29194] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2901.615955][T29194] ieee80211_register_hw+0x2291/0x3950 [ 2901.621447][T29194] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2901.626841][T29194] ? lock_downgrade+0x820/0x820 [ 2901.631694][T29194] ? lock_is_held_type+0xb0/0xe0 [ 2901.636646][T29194] ? memset+0x20/0x40 [ 2901.640646][T29194] ? __hrtimer_init+0x12c/0x260 [ 2901.645508][T29194] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2901.651252][T29194] ? hwsim_virtio_rx_work+0x350/0x350 [ 2901.656642][T29194] ? memcpy+0x39/0x60 [ 2901.660642][T29194] hwsim_new_radio_nl+0x93e/0xf8c [ 2901.665676][T29194] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2901.671599][T29194] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2901.678550][T29194] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 22:19:41 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000e", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2901.685419][T29194] genl_rcv_msg+0x61d/0x980 [ 2901.689945][T29194] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2901.696906][T29194] ? lock_release+0x8d0/0x8d0 [ 2901.701594][T29194] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2901.706904][T29194] netlink_rcv_skb+0x15a/0x430 [ 2901.711674][T29194] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2901.718622][T29194] ? netlink_ack+0xa10/0xa10 [ 2901.723228][T29194] genl_rcv+0x24/0x40 [ 2901.727213][T29194] netlink_unicast+0x533/0x7d0 [ 2901.731979][T29194] ? netlink_attachskb+0x810/0x810 [ 2901.737077][T29194] ? _copy_from_iter_full+0x247/0x890 [ 2901.742427][T29194] ? __phys_addr+0x9a/0x110 [ 2901.746916][T29194] ? __phys_addr_symbol+0x2c/0x70 [ 2901.751937][T29194] ? __check_object_size+0x171/0x3e4 [ 2901.757213][T29194] netlink_sendmsg+0x856/0xd90 [ 2901.761958][T29194] ? netlink_unicast+0x7d0/0x7d0 [ 2901.766892][T29194] ? netlink_unicast+0x7d0/0x7d0 [ 2901.771829][T29194] sock_sendmsg+0xcf/0x120 [ 2901.776334][T29194] ____sys_sendmsg+0x6e8/0x810 [ 2901.781196][T29194] ? kernel_sendmsg+0x50/0x50 [ 2901.785858][T29194] ? do_recvmmsg+0x6d0/0x6d0 [ 2901.790438][T29194] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2901.796408][T29194] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2901.802367][T29194] ? do_user_addr_fault+0x8ce/0xd00 [ 2901.807556][T29194] ___sys_sendmsg+0xf3/0x170 [ 2901.812144][T29194] ? sendmsg_copy_msghdr+0x160/0x160 [ 2901.817418][T29194] ? __fget_files+0x272/0x400 [ 2901.822087][T29194] ? lock_downgrade+0x820/0x820 [ 2901.826930][T29194] ? find_held_lock+0x2d/0x110 [ 2901.831689][T29194] ? __might_fault+0x11f/0x1d0 [ 2901.836447][T29194] ? __fget_files+0x294/0x400 [ 2901.841112][T29194] ? __fget_light+0xea/0x280 [ 2901.845685][T29194] __sys_sendmsg+0xe5/0x1b0 [ 2901.850185][T29194] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2901.855208][T29194] ? __x64_sys_futex+0x382/0x4e0 [ 2901.860183][T29194] ? do_syscall_64+0x1c/0xe0 [ 2901.864752][T29194] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2901.870727][T29194] do_syscall_64+0x60/0xe0 [ 2901.875140][T29194] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2901.881012][T29194] RIP: 0033:0x45c369 22:19:41 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300400025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:41 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010075a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:41 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40305839, &(0x7f0000000000)) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x10}, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2901.884879][T29194] Code: Bad RIP value. [ 2901.888930][T29194] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2901.897331][T29194] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2901.905281][T29194] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2901.913255][T29194] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2901.921229][T29194] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2901.929195][T29194] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2901.973549][T29193] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2902.001747][T29193] CPU: 0 PID: 29193 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2902.010456][T29193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2902.020521][T29193] Call Trace: [ 2902.023816][T29193] dump_stack+0x18f/0x20d [ 2902.028165][T29193] sysfs_warn_dup.cold+0x1c/0x2d [ 2902.033121][T29193] sysfs_do_create_link_sd+0x11e/0x140 [ 2902.038602][T29193] sysfs_create_link+0x5f/0xc0 [ 2902.043377][T29193] device_add+0x6ff/0x1b00 [ 2902.047808][T29193] ? device_check_offline+0x280/0x280 [ 2902.053192][T29193] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2902.059197][T29193] wiphy_register+0x1d5b/0x2840 [ 2902.064069][T29193] ? wiphy_unregister+0xc10/0xc10 [ 2902.069120][T29193] ? default_device_exit_batch+0x3d0/0x3d0 [ 2902.074952][T29193] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2902.081040][T29193] ieee80211_register_hw+0x2291/0x3950 [ 2902.086545][T29193] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2902.091932][T29193] ? lock_downgrade+0x820/0x820 [ 2902.096797][T29193] ? lock_is_held_type+0xb0/0xe0 [ 2902.101748][T29193] ? memset+0x20/0x40 [ 2902.105748][T29193] ? __hrtimer_init+0x12c/0x260 [ 2902.110615][T29193] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2902.116365][T29193] ? hwsim_virtio_rx_work+0x350/0x350 [ 2902.121780][T29193] ? memcpy+0x39/0x60 [ 2902.125798][T29193] hwsim_new_radio_nl+0x93e/0xf8c [ 2902.130843][T29193] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2902.136764][T29193] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2902.143710][T29193] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2902.150572][T29193] genl_rcv_msg+0x61d/0x980 [ 2902.155120][T29193] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2902.162082][T29193] ? lock_release+0x8d0/0x8d0 [ 2902.166767][T29193] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2902.172087][T29193] netlink_rcv_skb+0x15a/0x430 [ 2902.176876][T29193] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2902.183846][T29193] ? netlink_ack+0xa10/0xa10 [ 2902.188470][T29193] genl_rcv+0x24/0x40 [ 2902.192480][T29193] netlink_unicast+0x533/0x7d0 [ 2902.197265][T29193] ? netlink_attachskb+0x810/0x810 [ 2902.202388][T29193] ? _copy_from_iter_full+0x247/0x890 [ 2902.207766][T29193] ? __phys_addr+0x9a/0x110 [ 2902.212272][T29193] ? __phys_addr_symbol+0x2c/0x70 [ 2902.217304][T29193] ? __check_object_size+0x171/0x3e4 22:19:41 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) r5 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r5, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2902.222599][T29193] netlink_sendmsg+0x856/0xd90 [ 2902.227468][T29193] ? netlink_unicast+0x7d0/0x7d0 [ 2902.232438][T29193] ? netlink_unicast+0x7d0/0x7d0 [ 2902.237383][T29193] sock_sendmsg+0xcf/0x120 [ 2902.241809][T29193] ____sys_sendmsg+0x6e8/0x810 [ 2902.246586][T29193] ? kernel_sendmsg+0x50/0x50 [ 2902.251270][T29193] ? do_recvmmsg+0x6d0/0x6d0 [ 2902.255879][T29193] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2902.261986][T29193] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2902.267997][T29193] ? __lock_acquire+0xc1e/0x56e0 [ 2902.273059][T29193] ___sys_sendmsg+0xf3/0x170 [ 2902.277659][T29193] ? sendmsg_copy_msghdr+0x160/0x160 [ 2902.283082][T29193] ? __fget_files+0x272/0x400 [ 2902.287792][T29193] ? lock_downgrade+0x820/0x820 [ 2902.292665][T29193] ? find_held_lock+0x2d/0x110 [ 2902.297443][T29193] ? __might_fault+0x11f/0x1d0 [ 2902.302236][T29193] ? __fget_files+0x294/0x400 [ 2902.306936][T29193] ? __fget_light+0xea/0x280 [ 2902.311545][T29193] __sys_sendmsg+0xe5/0x1b0 [ 2902.316063][T29193] ? __sys_sendmsg_sock+0xb0/0xb0 22:19:41 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) r5 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r5, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2902.321105][T29193] ? __x64_sys_futex+0x382/0x4e0 [ 2902.326063][T29193] ? do_syscall_64+0x1c/0xe0 [ 2902.330664][T29193] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2902.336656][T29193] do_syscall_64+0x60/0xe0 [ 2902.341088][T29193] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2902.346997][T29193] RIP: 0033:0x45c369 [ 2902.350887][T29193] Code: Bad RIP value. [ 2902.354949][T29193] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2902.363362][T29193] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2902.371329][T29193] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2902.379296][T29193] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2902.387276][T29193] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2902.395260][T29193] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2902.438472][T29204] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2902.455984][T29213] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2902.479313][T29200] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2902.496326][T29200] CPU: 1 PID: 29200 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2902.505031][T29200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2902.515091][T29200] Call Trace: [ 2902.518399][T29200] dump_stack+0x18f/0x20d [ 2902.522749][T29200] sysfs_warn_dup.cold+0x1c/0x2d [ 2902.527717][T29200] sysfs_do_create_link_sd+0x11e/0x140 [ 2902.533199][T29200] sysfs_create_link+0x5f/0xc0 [ 2902.537975][T29200] device_add+0x6ff/0x1b00 [ 2902.542405][T29200] ? device_check_offline+0x280/0x280 [ 2902.547785][T29200] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2902.553789][T29200] wiphy_register+0x1d5b/0x2840 [ 2902.558666][T29200] ? wiphy_unregister+0xc10/0xc10 [ 2902.563698][T29200] ? default_device_exit_batch+0x3d0/0x3d0 [ 2902.569525][T29200] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2902.575613][T29200] ieee80211_register_hw+0x2291/0x3950 [ 2902.581102][T29200] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2902.586488][T29200] ? lock_downgrade+0x820/0x820 [ 2902.591346][T29200] ? lock_is_held_type+0xb0/0xe0 22:19:42 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000010", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:42 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) r5 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r5, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2902.596288][T29200] ? memset+0x20/0x40 [ 2902.600298][T29200] ? __hrtimer_init+0x12c/0x260 [ 2902.605177][T29200] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2902.610923][T29200] ? hwsim_virtio_rx_work+0x350/0x350 [ 2902.616312][T29200] ? memcpy+0x39/0x60 [ 2902.620314][T29200] hwsim_new_radio_nl+0x93e/0xf8c [ 2902.625377][T29200] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2902.631300][T29200] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2902.642413][T29200] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2902.649277][T29200] genl_rcv_msg+0x61d/0x980 [ 2902.653813][T29200] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2902.660747][T29200] ? lock_release+0x8d0/0x8d0 [ 2902.665399][T29200] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2902.670682][T29200] netlink_rcv_skb+0x15a/0x430 [ 2902.675445][T29200] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2902.682369][T29200] ? netlink_ack+0xa10/0xa10 [ 2902.686969][T29200] genl_rcv+0x24/0x40 [ 2902.690951][T29200] netlink_unicast+0x533/0x7d0 [ 2902.695701][T29200] ? netlink_attachskb+0x810/0x810 [ 2902.700802][T29200] ? _copy_from_iter_full+0x247/0x890 [ 2902.706169][T29200] ? __phys_addr+0x9a/0x110 [ 2902.710656][T29200] ? __phys_addr_symbol+0x2c/0x70 [ 2902.715663][T29200] ? __check_object_size+0x171/0x3e4 [ 2902.721118][T29200] netlink_sendmsg+0x856/0xd90 [ 2902.725955][T29200] ? netlink_unicast+0x7d0/0x7d0 [ 2902.730880][T29200] ? netlink_unicast+0x7d0/0x7d0 [ 2902.735819][T29200] sock_sendmsg+0xcf/0x120 [ 2902.740220][T29200] ____sys_sendmsg+0x6e8/0x810 [ 2902.744981][T29200] ? kernel_sendmsg+0x50/0x50 [ 2902.749668][T29200] ? do_recvmmsg+0x6d0/0x6d0 [ 2902.754275][T29200] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2902.760363][T29200] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2902.766355][T29200] ? __lock_acquire+0xc1e/0x56e0 [ 2902.771310][T29200] ___sys_sendmsg+0xf3/0x170 [ 2902.775907][T29200] ? sendmsg_copy_msghdr+0x160/0x160 [ 2902.781197][T29200] ? __fget_files+0x272/0x400 [ 2902.785872][T29200] ? lock_downgrade+0x820/0x820 [ 2902.790726][T29200] ? find_held_lock+0x2d/0x110 [ 2902.795479][T29200] ? __might_fault+0x11f/0x1d0 [ 2902.800241][T29200] ? __fget_files+0x294/0x400 [ 2902.804902][T29200] ? __fget_light+0xea/0x280 [ 2902.809716][T29200] __sys_sendmsg+0xe5/0x1b0 [ 2902.814214][T29200] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2902.819241][T29200] ? __x64_sys_futex+0x382/0x4e0 [ 2902.824185][T29200] ? do_syscall_64+0x1c/0xe0 [ 2902.828764][T29200] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2902.834735][T29200] do_syscall_64+0x60/0xe0 [ 2902.839153][T29200] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2902.845034][T29200] RIP: 0033:0x45c369 [ 2902.848909][T29200] Code: Bad RIP value. [ 2902.852979][T29200] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2902.861380][T29200] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2902.869339][T29200] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2902.877310][T29200] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2902.885282][T29200] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac 22:19:42 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010085a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2902.893272][T29200] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac 22:19:42 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2903.000210][T29236] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2903.028999][T29240] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2903.067960][T29201] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2903.075725][T29201] CPU: 0 PID: 29201 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2903.084418][T29201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2903.094511][T29201] Call Trace: [ 2903.097813][T29201] dump_stack+0x18f/0x20d [ 2903.102161][T29201] sysfs_warn_dup.cold+0x1c/0x2d [ 2903.107114][T29201] sysfs_do_create_link_sd+0x11e/0x140 [ 2903.112592][T29201] sysfs_create_link+0x5f/0xc0 [ 2903.117373][T29201] device_add+0x6ff/0x1b00 [ 2903.121816][T29201] ? device_check_offline+0x280/0x280 [ 2903.127206][T29201] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2903.133215][T29201] wiphy_register+0x1d5b/0x2840 [ 2903.138104][T29201] ? wiphy_unregister+0xc10/0xc10 [ 2903.143160][T29201] ? default_device_exit_batch+0x3d0/0x3d0 [ 2903.148991][T29201] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2903.155081][T29201] ieee80211_register_hw+0x2291/0x3950 [ 2903.160592][T29201] ? ieee80211_restart_hw+0x2f0/0x2f0 22:19:42 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e08, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2903.165974][T29201] ? lock_downgrade+0x820/0x820 [ 2903.170841][T29201] ? lock_is_held_type+0xb0/0xe0 [ 2903.175818][T29201] ? memset+0x20/0x40 [ 2903.179823][T29201] ? __hrtimer_init+0x12c/0x260 [ 2903.184847][T29201] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2903.190595][T29201] ? hwsim_virtio_rx_work+0x350/0x350 [ 2903.195989][T29201] ? memcpy+0x39/0x60 [ 2903.199961][T29201] hwsim_new_radio_nl+0x93e/0xf8c [ 2903.204992][T29201] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2903.210911][T29201] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2903.217860][T29201] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2903.224815][T29201] genl_rcv_msg+0x61d/0x980 [ 2903.229378][T29201] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2903.236302][T29201] ? lock_release+0x8d0/0x8d0 [ 2903.240992][T29201] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2903.246286][T29201] netlink_rcv_skb+0x15a/0x430 [ 2903.251056][T29201] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2903.258002][T29201] ? netlink_ack+0xa10/0xa10 [ 2903.262625][T29201] genl_rcv+0x24/0x40 [ 2903.266617][T29201] netlink_unicast+0x533/0x7d0 [ 2903.271398][T29201] ? netlink_attachskb+0x810/0x810 [ 2903.276516][T29201] ? _copy_from_iter_full+0x247/0x890 [ 2903.281897][T29201] ? __phys_addr+0x9a/0x110 [ 2903.286408][T29201] ? __phys_addr_symbol+0x2c/0x70 [ 2903.291442][T29201] ? __check_object_size+0x171/0x3e4 [ 2903.296880][T29201] netlink_sendmsg+0x856/0xd90 [ 2903.301673][T29201] ? netlink_unicast+0x7d0/0x7d0 [ 2903.306631][T29201] ? netlink_unicast+0x7d0/0x7d0 [ 2903.311580][T29201] sock_sendmsg+0xcf/0x120 [ 2903.316017][T29201] ____sys_sendmsg+0x6e8/0x810 [ 2903.320786][T29201] ? kernel_sendmsg+0x50/0x50 [ 2903.325598][T29201] ? do_recvmmsg+0x6d0/0x6d0 [ 2903.330173][T29201] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2903.336133][T29201] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2903.342118][T29201] ? __lock_acquire+0xc1e/0x56e0 [ 2903.347078][T29201] ___sys_sendmsg+0xf3/0x170 [ 2903.351682][T29201] ? sendmsg_copy_msghdr+0x160/0x160 [ 2903.356979][T29201] ? __fget_files+0x272/0x400 [ 2903.361665][T29201] ? lock_downgrade+0x820/0x820 [ 2903.366523][T29201] ? find_held_lock+0x2d/0x110 [ 2903.371295][T29201] ? __might_fault+0x11f/0x1d0 [ 2903.376073][T29201] ? __fget_files+0x294/0x400 [ 2903.380765][T29201] ? __fget_light+0xea/0x280 [ 2903.385488][T29201] __sys_sendmsg+0xe5/0x1b0 [ 2903.390004][T29201] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2903.395050][T29201] ? __x64_sys_futex+0x382/0x4e0 [ 2903.400004][T29201] ? do_syscall_64+0x1c/0xe0 [ 2903.404694][T29201] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2903.410693][T29201] do_syscall_64+0x60/0xe0 [ 2903.415122][T29201] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2903.421024][T29201] RIP: 0033:0x45c369 [ 2903.424911][T29201] Code: Bad RIP value. [ 2903.428978][T29201] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2903.437394][T29201] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2903.445376][T29201] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2903.453361][T29201] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2903.461339][T29201] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac 22:19:43 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e09, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:43 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300480025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:43 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:43 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010095a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:43 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000011", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2903.469316][T29201] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac [ 2903.490012][T29253] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2903.540078][T29253] CPU: 1 PID: 29253 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2903.548792][T29253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2903.558852][T29253] Call Trace: [ 2903.562156][T29253] dump_stack+0x18f/0x20d [ 2903.566504][T29253] sysfs_warn_dup.cold+0x1c/0x2d [ 2903.571457][T29253] sysfs_do_create_link_sd+0x11e/0x140 [ 2903.576941][T29253] sysfs_create_link+0x5f/0xc0 [ 2903.581712][T29253] device_add+0x6ff/0x1b00 [ 2903.586143][T29253] ? device_check_offline+0x280/0x280 [ 2903.591524][T29253] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2903.597525][T29253] wiphy_register+0x1d5b/0x2840 [ 2903.602382][T29253] ? wiphy_unregister+0xc10/0xc10 [ 2903.607406][T29253] ? default_device_exit_batch+0x3d0/0x3d0 [ 2903.613233][T29253] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2903.619322][T29253] ieee80211_register_hw+0x2291/0x3950 [ 2903.624813][T29253] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2903.630207][T29253] ? lock_downgrade+0x820/0x820 [ 2903.635077][T29253] ? lock_is_held_type+0xb0/0xe0 [ 2903.640024][T29253] ? memset+0x20/0x40 [ 2903.644012][T29253] ? __hrtimer_init+0x12c/0x260 [ 2903.648874][T29253] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2903.654635][T29253] ? hwsim_virtio_rx_work+0x350/0x350 [ 2903.660019][T29253] ? memcpy+0x39/0x60 [ 2903.664003][T29253] hwsim_new_radio_nl+0x93e/0xf8c [ 2903.669029][T29253] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2903.674924][T29253] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2903.681940][T29253] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2903.688794][T29253] genl_rcv_msg+0x61d/0x980 [ 2903.693312][T29253] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2903.700328][T29253] ? lock_release+0x8d0/0x8d0 [ 2903.705003][T29253] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2903.710315][T29253] netlink_rcv_skb+0x15a/0x430 [ 2903.715069][T29253] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2903.722005][T29253] ? netlink_ack+0xa10/0xa10 [ 2903.726614][T29253] genl_rcv+0x24/0x40 [ 2903.730597][T29253] netlink_unicast+0x533/0x7d0 [ 2903.735375][T29253] ? netlink_attachskb+0x810/0x810 [ 2903.740480][T29253] ? _copy_from_iter_full+0x247/0x890 [ 2903.745834][T29253] ? __phys_addr+0x9a/0x110 [ 2903.750337][T29253] ? __phys_addr_symbol+0x2c/0x70 [ 2903.755360][T29253] ? __check_object_size+0x171/0x3e4 [ 2903.760636][T29253] netlink_sendmsg+0x856/0xd90 [ 2903.765390][T29253] ? netlink_unicast+0x7d0/0x7d0 [ 2903.770333][T29253] ? netlink_unicast+0x7d0/0x7d0 [ 2903.775262][T29253] sock_sendmsg+0xcf/0x120 [ 2903.779765][T29253] ____sys_sendmsg+0x6e8/0x810 [ 2903.784511][T29253] ? kernel_sendmsg+0x50/0x50 [ 2903.789274][T29253] ? do_recvmmsg+0x6d0/0x6d0 [ 2903.793877][T29253] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2903.799866][T29253] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2903.805860][T29253] ? do_user_addr_fault+0x8ce/0xd00 [ 2903.811070][T29253] ___sys_sendmsg+0xf3/0x170 [ 2903.815675][T29253] ? sendmsg_copy_msghdr+0x160/0x160 [ 2903.820973][T29253] ? __fget_files+0x272/0x400 [ 2903.825667][T29253] ? lock_downgrade+0x820/0x820 [ 2903.830526][T29253] ? find_held_lock+0x2d/0x110 [ 2903.835311][T29253] ? __might_fault+0x11f/0x1d0 [ 2903.840099][T29253] ? __fget_files+0x294/0x400 [ 2903.844780][T29253] ? __fget_light+0xea/0x280 [ 2903.849384][T29253] __sys_sendmsg+0xe5/0x1b0 [ 2903.853877][T29253] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2903.858893][T29253] ? __x64_sys_futex+0x382/0x4e0 [ 2903.863830][T29253] ? do_syscall_64+0x1c/0xe0 [ 2903.868413][T29253] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2903.874385][T29253] do_syscall_64+0x60/0xe0 [ 2903.878797][T29253] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2903.884690][T29253] RIP: 0033:0x45c369 [ 2903.888575][T29253] Code: Bad RIP value. [ 2903.892629][T29253] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2903.901022][T29253] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2903.908989][T29253] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2903.916957][T29253] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2903.924918][T29253] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2903.932872][T29253] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2903.945069][T29268] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2903.973453][T29269] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2903.995679][T29254] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2904.025788][T29254] CPU: 0 PID: 29254 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2904.034512][T29254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 22:19:43 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2904.044568][T29254] Call Trace: [ 2904.047874][T29254] dump_stack+0x18f/0x20d [ 2904.052219][T29254] sysfs_warn_dup.cold+0x1c/0x2d [ 2904.057171][T29254] sysfs_do_create_link_sd+0x11e/0x140 [ 2904.062645][T29254] sysfs_create_link+0x5f/0xc0 [ 2904.067438][T29254] device_add+0x6ff/0x1b00 [ 2904.071870][T29254] ? device_check_offline+0x280/0x280 [ 2904.077252][T29254] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2904.083252][T29254] wiphy_register+0x1d5b/0x2840 [ 2904.088132][T29254] ? wiphy_unregister+0xc10/0xc10 22:19:43 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a00100a5a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2904.093185][T29254] ? default_device_exit_batch+0x3d0/0x3d0 [ 2904.099034][T29254] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2904.105134][T29254] ieee80211_register_hw+0x2291/0x3950 [ 2904.110623][T29254] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2904.116014][T29254] ? lock_downgrade+0x820/0x820 [ 2904.120878][T29254] ? lock_is_held_type+0xb0/0xe0 [ 2904.125834][T29254] ? memset+0x20/0x40 [ 2904.129845][T29254] ? __hrtimer_init+0x12c/0x260 [ 2904.134712][T29254] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2904.140460][T29254] ? hwsim_virtio_rx_work+0x350/0x350 22:19:43 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2904.145843][T29254] ? memcpy+0x39/0x60 [ 2904.149849][T29254] hwsim_new_radio_nl+0x93e/0xf8c [ 2904.155019][T29254] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2904.160932][T29254] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2904.167872][T29254] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2904.174729][T29254] genl_rcv_msg+0x61d/0x980 [ 2904.179254][T29254] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2904.186214][T29254] ? lock_release+0x8d0/0x8d0 [ 2904.190913][T29254] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2904.196217][T29254] netlink_rcv_skb+0x15a/0x430 [ 2904.200995][T29254] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2904.207937][T29254] ? netlink_ack+0xa10/0xa10 [ 2904.212554][T29254] genl_rcv+0x24/0x40 [ 2904.216556][T29254] netlink_unicast+0x533/0x7d0 [ 2904.221342][T29254] ? netlink_attachskb+0x810/0x810 [ 2904.226466][T29254] ? _copy_from_iter_full+0x247/0x890 [ 2904.231848][T29254] ? __phys_addr+0x9a/0x110 [ 2904.236361][T29254] ? __phys_addr_symbol+0x2c/0x70 [ 2904.241397][T29254] ? __check_object_size+0x171/0x3e4 22:19:43 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:43 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e0a, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2904.246691][T29254] netlink_sendmsg+0x856/0xd90 [ 2904.251474][T29254] ? netlink_unicast+0x7d0/0x7d0 [ 2904.256437][T29254] ? netlink_unicast+0x7d0/0x7d0 [ 2904.261388][T29254] sock_sendmsg+0xcf/0x120 [ 2904.265839][T29254] ____sys_sendmsg+0x6e8/0x810 [ 2904.270621][T29254] ? kernel_sendmsg+0x50/0x50 [ 2904.275306][T29254] ? do_recvmmsg+0x6d0/0x6d0 [ 2904.279913][T29254] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2904.285909][T29254] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2904.291901][T29254] ? find_held_lock+0x2d/0x110 22:19:43 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a00100e5a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2904.296681][T29254] ___sys_sendmsg+0xf3/0x170 [ 2904.301282][T29254] ? sendmsg_copy_msghdr+0x160/0x160 [ 2904.306580][T29254] ? __fget_files+0x272/0x400 [ 2904.311494][T29254] ? lock_downgrade+0x820/0x820 [ 2904.316360][T29254] ? find_held_lock+0x2d/0x110 [ 2904.321140][T29254] ? __might_fault+0x11f/0x1d0 [ 2904.325926][T29254] ? __fget_files+0x294/0x400 [ 2904.330617][T29254] ? __fget_light+0xea/0x280 [ 2904.335227][T29254] __sys_sendmsg+0xe5/0x1b0 [ 2904.339745][T29254] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2904.344865][T29254] ? __x64_sys_futex+0x382/0x4e0 [ 2904.350170][T29254] ? do_syscall_64+0x1c/0xe0 [ 2904.354772][T29254] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2904.360769][T29254] do_syscall_64+0x60/0xe0 [ 2904.365206][T29254] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2904.371101][T29254] RIP: 0033:0x45c369 [ 2904.375082][T29254] Code: Bad RIP value. [ 2904.379144][T29254] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2904.387589][T29254] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2904.395563][T29254] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2904.403539][T29254] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2904.411518][T29254] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2904.419496][T29254] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac [ 2904.515663][T29297] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2904.539956][T29297] CPU: 1 PID: 29297 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2904.548678][T29297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2904.558738][T29297] Call Trace: [ 2904.562038][T29297] dump_stack+0x18f/0x20d [ 2904.566385][T29297] sysfs_warn_dup.cold+0x1c/0x2d [ 2904.571351][T29297] sysfs_do_create_link_sd+0x11e/0x140 [ 2904.576807][T29297] sysfs_create_link+0x5f/0xc0 [ 2904.581547][T29297] device_add+0x6ff/0x1b00 [ 2904.585935][T29297] ? device_check_offline+0x280/0x280 [ 2904.591287][T29297] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2904.597266][T29297] wiphy_register+0x1d5b/0x2840 [ 2904.602128][T29297] ? wiphy_unregister+0xc10/0xc10 [ 2904.607167][T29297] ? default_device_exit_batch+0x3d0/0x3d0 [ 2904.612981][T29297] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2904.619026][T29297] ieee80211_register_hw+0x2291/0x3950 [ 2904.624492][T29297] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2904.629865][T29297] ? lock_downgrade+0x820/0x820 [ 2904.634708][T29297] ? lock_is_held_type+0xb0/0xe0 [ 2904.639628][T29297] ? memset+0x20/0x40 [ 2904.643584][T29297] ? __hrtimer_init+0x12c/0x260 [ 2904.648425][T29297] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2904.654139][T29297] ? hwsim_virtio_rx_work+0x350/0x350 [ 2904.659561][T29297] ? memcpy+0x39/0x60 [ 2904.663521][T29297] hwsim_new_radio_nl+0x93e/0xf8c [ 2904.668536][T29297] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2904.674442][T29297] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2904.681353][T29297] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2904.688189][T29297] genl_rcv_msg+0x61d/0x980 [ 2904.692684][T29297] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2904.699600][T29297] ? lock_release+0x8d0/0x8d0 [ 2904.704251][T29297] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2904.709525][T29297] netlink_rcv_skb+0x15a/0x430 [ 2904.714276][T29297] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2904.721186][T29297] ? netlink_ack+0xa10/0xa10 [ 2904.725760][T29297] genl_rcv+0x24/0x40 [ 2904.729731][T29297] netlink_unicast+0x533/0x7d0 [ 2904.734482][T29297] ? netlink_attachskb+0x810/0x810 [ 2904.739566][T29297] ? _copy_from_iter_full+0x247/0x890 [ 2904.744921][T29297] ? __phys_addr+0x9a/0x110 [ 2904.749411][T29297] ? __phys_addr_symbol+0x2c/0x70 [ 2904.754424][T29297] ? __check_object_size+0x171/0x3e4 [ 2904.759816][T29297] netlink_sendmsg+0x856/0xd90 [ 2904.764578][T29297] ? netlink_unicast+0x7d0/0x7d0 [ 2904.769522][T29297] ? netlink_unicast+0x7d0/0x7d0 [ 2904.774565][T29297] sock_sendmsg+0xcf/0x120 [ 2904.778961][T29297] ____sys_sendmsg+0x6e8/0x810 [ 2904.783697][T29297] ? kernel_sendmsg+0x50/0x50 [ 2904.788475][T29297] ? do_recvmmsg+0x6d0/0x6d0 [ 2904.793097][T29297] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2904.799142][T29297] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2904.805092][T29297] ? __lock_acquire+0xc1e/0x56e0 [ 2904.810020][T29297] ___sys_sendmsg+0xf3/0x170 [ 2904.814595][T29297] ? sendmsg_copy_msghdr+0x160/0x160 [ 2904.819855][T29297] ? __fget_files+0x272/0x400 [ 2904.824508][T29297] ? lock_downgrade+0x820/0x820 [ 2904.829341][T29297] ? find_held_lock+0x2d/0x110 [ 2904.834093][T29297] ? __might_fault+0x11f/0x1d0 [ 2904.838856][T29297] ? __fget_files+0x294/0x400 [ 2904.843524][T29297] ? __fget_light+0xea/0x280 [ 2904.848105][T29297] __sys_sendmsg+0xe5/0x1b0 [ 2904.852727][T29297] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2904.857738][T29297] ? __x64_sys_futex+0x382/0x4e0 [ 2904.862651][T29297] ? do_syscall_64+0x1c/0xe0 [ 2904.867222][T29297] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2904.873189][T29297] do_syscall_64+0x60/0xe0 [ 2904.877586][T29297] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2904.883449][T29297] RIP: 0033:0x45c369 [ 2904.887317][T29297] Code: Bad RIP value. [ 2904.891370][T29297] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2904.899752][T29297] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2904.907703][T29297] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:19:44 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e09, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:44 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000012", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:44 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:44 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="23004c0025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2904.915656][T29297] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2904.923601][T29297] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2904.931548][T29297] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:44 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a00100f5a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:44 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e0b, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2905.036713][T29310] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. 22:19:44 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba9060005000068", 0x2e}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:44 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="23ce530025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2905.118822][T29317] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2905.151612][T29317] CPU: 1 PID: 29317 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2905.160314][T29317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2905.170373][T29317] Call Trace: [ 2905.173674][T29317] dump_stack+0x18f/0x20d [ 2905.177991][T29317] sysfs_warn_dup.cold+0x1c/0x2d [ 2905.182905][T29317] sysfs_do_create_link_sd+0x11e/0x140 [ 2905.188346][T29317] sysfs_create_link+0x5f/0xc0 [ 2905.193085][T29317] device_add+0x6ff/0x1b00 [ 2905.197481][T29317] ? device_check_offline+0x280/0x280 [ 2905.202845][T29317] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2905.208806][T29317] wiphy_register+0x1d5b/0x2840 [ 2905.213641][T29317] ? wiphy_unregister+0xc10/0xc10 [ 2905.218645][T29317] ? default_device_exit_batch+0x3d0/0x3d0 [ 2905.224441][T29317] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2905.230505][T29317] ieee80211_register_hw+0x2291/0x3950 [ 2905.235949][T29317] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2905.241304][T29317] ? lock_downgrade+0x820/0x820 [ 2905.246137][T29317] ? lock_is_held_type+0xb0/0xe0 [ 2905.251164][T29317] ? memset+0x20/0x40 [ 2905.255124][T29317] ? __hrtimer_init+0x12c/0x260 [ 2905.259960][T29317] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2905.265665][T29317] ? hwsim_virtio_rx_work+0x350/0x350 [ 2905.271021][T29317] ? memcpy+0x39/0x60 [ 2905.274987][T29317] hwsim_new_radio_nl+0x93e/0xf8c [ 2905.279996][T29317] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2905.285876][T29317] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2905.292788][T29317] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2905.299626][T29317] genl_rcv_msg+0x61d/0x980 [ 2905.304109][T29317] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2905.311118][T29317] ? lock_release+0x8d0/0x8d0 [ 2905.315772][T29317] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2905.321068][T29317] netlink_rcv_skb+0x15a/0x430 [ 2905.325864][T29317] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2905.332790][T29317] ? netlink_ack+0xa10/0xa10 [ 2905.337372][T29317] genl_rcv+0x24/0x40 [ 2905.341355][T29317] netlink_unicast+0x533/0x7d0 [ 2905.346109][T29317] ? netlink_attachskb+0x810/0x810 [ 2905.351209][T29317] ? _copy_from_iter_full+0x247/0x890 [ 2905.356563][T29317] ? __phys_addr+0x9a/0x110 [ 2905.361044][T29317] ? __phys_addr_symbol+0x2c/0x70 [ 2905.366047][T29317] ? __check_object_size+0x171/0x3e4 [ 2905.371310][T29317] netlink_sendmsg+0x856/0xd90 [ 2905.376056][T29317] ? netlink_unicast+0x7d0/0x7d0 [ 2905.380980][T29317] ? netlink_unicast+0x7d0/0x7d0 [ 2905.385935][T29317] sock_sendmsg+0xcf/0x120 [ 2905.390333][T29317] ____sys_sendmsg+0x6e8/0x810 [ 2905.395074][T29317] ? kernel_sendmsg+0x50/0x50 [ 2905.399729][T29317] ? do_recvmmsg+0x6d0/0x6d0 [ 2905.404303][T29317] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2905.410263][T29317] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2905.416215][T29317] ? do_user_addr_fault+0x8ce/0xd00 [ 2905.421393][T29317] ___sys_sendmsg+0xf3/0x170 [ 2905.425991][T29317] ? sendmsg_copy_msghdr+0x160/0x160 [ 2905.431395][T29317] ? __fget_files+0x272/0x400 [ 2905.436076][T29317] ? lock_downgrade+0x820/0x820 [ 2905.440915][T29317] ? find_held_lock+0x2d/0x110 [ 2905.445664][T29317] ? __might_fault+0x11f/0x1d0 [ 2905.450411][T29317] ? __fget_files+0x294/0x400 [ 2905.455067][T29317] ? __fget_light+0xea/0x280 [ 2905.459641][T29317] __sys_sendmsg+0xe5/0x1b0 [ 2905.464128][T29317] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2905.469133][T29317] ? __x64_sys_futex+0x382/0x4e0 [ 2905.474057][T29317] ? do_syscall_64+0x1c/0xe0 [ 2905.478624][T29317] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2905.484593][T29317] do_syscall_64+0x60/0xe0 [ 2905.488989][T29317] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2905.494866][T29317] RIP: 0033:0x45c369 [ 2905.498738][T29317] Code: Bad RIP value. [ 2905.502779][T29317] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2905.511175][T29317] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2905.519129][T29317] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2905.527080][T29317] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2905.535032][T29317] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2905.542980][T29317] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c 22:19:45 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2905.731360][T29322] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2905.745891][T29328] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2905.769703][T29319] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2905.806988][T29319] CPU: 1 PID: 29319 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2905.815703][T29319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2905.825785][T29319] Call Trace: [ 2905.829085][T29319] dump_stack+0x18f/0x20d [ 2905.833412][T29319] sysfs_warn_dup.cold+0x1c/0x2d [ 2905.838347][T29319] sysfs_do_create_link_sd+0x11e/0x140 [ 2905.843803][T29319] sysfs_create_link+0x5f/0xc0 [ 2905.848571][T29319] device_add+0x6ff/0x1b00 [ 2905.853018][T29319] ? device_check_offline+0x280/0x280 [ 2905.858524][T29319] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2905.864503][T29319] wiphy_register+0x1d5b/0x2840 [ 2905.869363][T29319] ? wiphy_unregister+0xc10/0xc10 [ 2905.874384][T29319] ? default_device_exit_batch+0x3d0/0x3d0 [ 2905.880183][T29319] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2905.886249][T29319] ieee80211_register_hw+0x2291/0x3950 [ 2905.891729][T29319] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2905.897099][T29319] ? lock_downgrade+0x820/0x820 [ 2905.901960][T29319] ? lock_is_held_type+0xb0/0xe0 [ 2905.906914][T29319] ? memset+0x20/0x40 [ 2905.910925][T29319] ? __hrtimer_init+0x12c/0x260 [ 2905.915798][T29319] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2905.921550][T29319] ? hwsim_virtio_rx_work+0x350/0x350 [ 2905.926934][T29319] ? memcpy+0x39/0x60 [ 2905.930932][T29319] hwsim_new_radio_nl+0x93e/0xf8c [ 2905.935966][T29319] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2905.941862][T29319] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2905.948791][T29319] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2905.955722][T29319] genl_rcv_msg+0x61d/0x980 [ 2905.960220][T29319] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2905.967160][T29319] ? lock_release+0x8d0/0x8d0 [ 2905.971830][T29319] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2905.977123][T29319] netlink_rcv_skb+0x15a/0x430 [ 2905.981884][T29319] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2905.988813][T29319] ? netlink_ack+0xa10/0xa10 [ 2905.993403][T29319] genl_rcv+0x24/0x40 [ 2905.997372][T29319] netlink_unicast+0x533/0x7d0 [ 2906.002254][T29319] ? netlink_attachskb+0x810/0x810 [ 2906.007370][T29319] ? _copy_from_iter_full+0x247/0x890 [ 2906.012741][T29319] ? __phys_addr+0x9a/0x110 [ 2906.017235][T29319] ? __phys_addr_symbol+0x2c/0x70 [ 2906.022254][T29319] ? __check_object_size+0x171/0x3e4 [ 2906.027538][T29319] netlink_sendmsg+0x856/0xd90 [ 2906.032294][T29319] ? netlink_unicast+0x7d0/0x7d0 [ 2906.037252][T29319] ? netlink_unicast+0x7d0/0x7d0 [ 2906.042190][T29319] sock_sendmsg+0xcf/0x120 [ 2906.046752][T29319] ____sys_sendmsg+0x6e8/0x810 [ 2906.051507][T29319] ? kernel_sendmsg+0x50/0x50 [ 2906.056168][T29319] ? do_recvmmsg+0x6d0/0x6d0 [ 2906.060749][T29319] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2906.066722][T29319] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2906.072689][T29319] ? __lock_acquire+0xc1e/0x56e0 [ 2906.077622][T29319] ___sys_sendmsg+0xf3/0x170 [ 2906.082208][T29319] ? sendmsg_copy_msghdr+0x160/0x160 [ 2906.087498][T29319] ? __fget_files+0x272/0x400 [ 2906.092182][T29319] ? lock_downgrade+0x820/0x820 [ 2906.097043][T29319] ? find_held_lock+0x2d/0x110 [ 2906.101793][T29319] ? __might_fault+0x11f/0x1d0 [ 2906.106554][T29319] ? __fget_files+0x294/0x400 [ 2906.111237][T29319] ? __fget_light+0xea/0x280 [ 2906.115819][T29319] __sys_sendmsg+0xe5/0x1b0 [ 2906.120308][T29319] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2906.125453][T29319] ? __x64_sys_futex+0x382/0x4e0 [ 2906.130376][T29319] ? do_syscall_64+0x1c/0xe0 [ 2906.134945][T29319] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2906.140908][T29319] do_syscall_64+0x60/0xe0 [ 2906.145304][T29319] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2906.151178][T29319] RIP: 0033:0x45c369 22:19:45 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010485a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:45 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0xa}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2906.155053][T29319] Code: Bad RIP value. [ 2906.159105][T29319] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2906.167506][T29319] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2906.175478][T29319] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2906.183433][T29319] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2906.191400][T29319] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2906.199356][T29319] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:45 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2906.366067][T29349] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2906.394635][T29325] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2906.420543][T29325] CPU: 0 PID: 29325 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2906.429254][T29325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2906.439313][T29325] Call Trace: [ 2906.442610][T29325] dump_stack+0x18f/0x20d [ 2906.446955][T29325] sysfs_warn_dup.cold+0x1c/0x2d [ 2906.451912][T29325] sysfs_do_create_link_sd+0x11e/0x140 [ 2906.457404][T29325] sysfs_create_link+0x5f/0xc0 [ 2906.462185][T29325] device_add+0x6ff/0x1b00 [ 2906.466620][T29325] ? device_check_offline+0x280/0x280 [ 2906.471999][T29325] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2906.477983][T29325] wiphy_register+0x1d5b/0x2840 [ 2906.482833][T29325] ? wiphy_unregister+0xc10/0xc10 [ 2906.487851][T29325] ? default_device_exit_batch+0x3d0/0x3d0 [ 2906.493651][T29325] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2906.499720][T29325] ieee80211_register_hw+0x2291/0x3950 [ 2906.505207][T29325] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2906.510709][T29325] ? lock_downgrade+0x820/0x820 [ 2906.515574][T29325] ? lock_is_held_type+0xb0/0xe0 [ 2906.520523][T29325] ? memset+0x20/0x40 [ 2906.524515][T29325] ? __hrtimer_init+0x12c/0x260 [ 2906.529380][T29325] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2906.535142][T29325] ? hwsim_virtio_rx_work+0x350/0x350 [ 2906.540523][T29325] ? memcpy+0x39/0x60 [ 2906.544520][T29325] hwsim_new_radio_nl+0x93e/0xf8c [ 2906.549579][T29325] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2906.555500][T29325] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2906.562447][T29325] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2906.569441][T29325] genl_rcv_msg+0x61d/0x980 [ 2906.573968][T29325] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2906.580942][T29325] ? lock_release+0x8d0/0x8d0 [ 2906.585631][T29325] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2906.590922][T29325] netlink_rcv_skb+0x15a/0x430 [ 2906.595671][T29325] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2906.602730][T29325] ? netlink_ack+0xa10/0xa10 [ 2906.607302][T29325] genl_rcv+0x24/0x40 [ 2906.611259][T29325] netlink_unicast+0x533/0x7d0 [ 2906.616002][T29325] ? netlink_attachskb+0x810/0x810 [ 2906.621091][T29325] ? _copy_from_iter_full+0x247/0x890 [ 2906.626451][T29325] ? __phys_addr+0x9a/0x110 [ 2906.630939][T29325] ? __phys_addr_symbol+0x2c/0x70 [ 2906.635953][T29325] ? __check_object_size+0x171/0x3e4 [ 2906.641214][T29325] netlink_sendmsg+0x856/0xd90 [ 2906.645958][T29325] ? netlink_unicast+0x7d0/0x7d0 [ 2906.650876][T29325] ? netlink_unicast+0x7d0/0x7d0 [ 2906.655798][T29325] sock_sendmsg+0xcf/0x120 [ 2906.660191][T29325] ____sys_sendmsg+0x6e8/0x810 [ 2906.664930][T29325] ? kernel_sendmsg+0x50/0x50 [ 2906.669579][T29325] ? do_recvmmsg+0x6d0/0x6d0 [ 2906.674150][T29325] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2906.680108][T29325] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2906.686066][T29325] ? __lock_acquire+0xc1e/0x56e0 [ 2906.690980][T29325] ___sys_sendmsg+0xf3/0x170 [ 2906.695550][T29325] ? sendmsg_copy_msghdr+0x160/0x160 [ 2906.700810][T29325] ? __fget_files+0x272/0x400 [ 2906.705463][T29325] ? lock_downgrade+0x820/0x820 [ 2906.710301][T29325] ? find_held_lock+0x2d/0x110 [ 2906.715039][T29325] ? __might_fault+0x11f/0x1d0 [ 2906.719795][T29325] ? __fget_files+0x294/0x400 [ 2906.724599][T29325] ? __fget_light+0xea/0x280 [ 2906.729171][T29325] __sys_sendmsg+0xe5/0x1b0 [ 2906.733652][T29325] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2906.738654][T29325] ? __x64_sys_futex+0x382/0x4e0 [ 2906.743576][T29325] ? do_syscall_64+0x1c/0xe0 [ 2906.748145][T29325] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2906.754132][T29325] do_syscall_64+0x60/0xe0 [ 2906.758535][T29325] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2906.764416][T29325] RIP: 0033:0x45c369 [ 2906.768287][T29325] Code: Bad RIP value. [ 2906.772324][T29325] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2906.780704][T29325] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2906.788648][T29325] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2906.796592][T29325] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2906.804539][T29325] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2906.812584][T29325] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac [ 2906.824734][T29345] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2906.845986][T29345] CPU: 0 PID: 29345 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2906.854693][T29345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2906.864755][T29345] Call Trace: [ 2906.868069][T29345] dump_stack+0x18f/0x20d [ 2906.872416][T29345] sysfs_warn_dup.cold+0x1c/0x2d [ 2906.877363][T29345] sysfs_do_create_link_sd+0x11e/0x140 [ 2906.882837][T29345] sysfs_create_link+0x5f/0xc0 [ 2906.887622][T29345] device_add+0x6ff/0x1b00 [ 2906.892073][T29345] ? device_check_offline+0x280/0x280 [ 2906.897454][T29345] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2906.903457][T29345] wiphy_register+0x1d5b/0x2840 [ 2906.908337][T29345] ? wiphy_unregister+0xc10/0xc10 [ 2906.913379][T29345] ? default_device_exit_batch+0x3d0/0x3d0 [ 2906.919204][T29345] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2906.925324][T29345] ieee80211_register_hw+0x2291/0x3950 [ 2906.930775][T29345] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2906.936131][T29345] ? lock_downgrade+0x820/0x820 [ 2906.940964][T29345] ? lock_is_held_type+0xb0/0xe0 [ 2906.945885][T29345] ? memset+0x20/0x40 [ 2906.949856][T29345] ? __hrtimer_init+0x12c/0x260 [ 2906.954690][T29345] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2906.960453][T29345] ? hwsim_virtio_rx_work+0x350/0x350 [ 2906.965805][T29345] ? memcpy+0x39/0x60 [ 2906.969768][T29345] hwsim_new_radio_nl+0x93e/0xf8c [ 2906.974775][T29345] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2906.980692][T29345] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2906.987626][T29345] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2906.994469][T29345] genl_rcv_msg+0x61d/0x980 [ 2906.998971][T29345] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2907.005921][T29345] ? lock_release+0x8d0/0x8d0 [ 2907.010610][T29345] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2907.015929][T29345] netlink_rcv_skb+0x15a/0x430 [ 2907.020691][T29345] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2907.027628][T29345] ? netlink_ack+0xa10/0xa10 [ 2907.032205][T29345] genl_rcv+0x24/0x40 [ 2907.036165][T29345] netlink_unicast+0x533/0x7d0 [ 2907.040909][T29345] ? netlink_attachskb+0x810/0x810 [ 2907.045996][T29345] ? _copy_from_iter_full+0x247/0x890 [ 2907.051344][T29345] ? __phys_addr+0x9a/0x110 [ 2907.055826][T29345] ? __phys_addr_symbol+0x2c/0x70 [ 2907.060826][T29345] ? __check_object_size+0x171/0x3e4 [ 2907.066088][T29345] netlink_sendmsg+0x856/0xd90 [ 2907.070829][T29345] ? netlink_unicast+0x7d0/0x7d0 [ 2907.075746][T29345] ? netlink_unicast+0x7d0/0x7d0 [ 2907.080664][T29345] sock_sendmsg+0xcf/0x120 [ 2907.085068][T29345] ____sys_sendmsg+0x6e8/0x810 [ 2907.089806][T29345] ? kernel_sendmsg+0x50/0x50 [ 2907.094453][T29345] ? do_recvmmsg+0x6d0/0x6d0 [ 2907.099020][T29345] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2907.104975][T29345] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2907.110927][T29345] ? __lock_acquire+0xc1e/0x56e0 [ 2907.115853][T29345] ___sys_sendmsg+0xf3/0x170 [ 2907.120427][T29345] ? sendmsg_copy_msghdr+0x160/0x160 [ 2907.125701][T29345] ? __fget_files+0x272/0x400 [ 2907.130356][T29345] ? lock_downgrade+0x820/0x820 [ 2907.135179][T29345] ? find_held_lock+0x2d/0x110 [ 2907.139919][T29345] ? __might_fault+0x11f/0x1d0 [ 2907.144662][T29345] ? __fget_files+0x294/0x400 [ 2907.149315][T29345] ? __fget_light+0xea/0x280 [ 2907.153880][T29345] __sys_sendmsg+0xe5/0x1b0 [ 2907.158357][T29345] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2907.163355][T29345] ? __x64_sys_futex+0x382/0x4e0 [ 2907.168271][T29345] ? do_syscall_64+0x1c/0xe0 [ 2907.172834][T29345] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2907.178786][T29345] do_syscall_64+0x60/0xe0 [ 2907.183177][T29345] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2907.189039][T29345] RIP: 0033:0x45c369 [ 2907.192902][T29345] Code: Bad RIP value. [ 2907.196952][T29345] RSP: 002b:00007f4e9be65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2907.205335][T29345] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2907.213299][T29345] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:19:46 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e0b, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:46 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0xf}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:46 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a00104c5a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:46 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:46 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300600025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:46 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e0e, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2907.221245][T29345] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2907.229198][T29345] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2907.237145][T29345] R13: 00007ffd77e9fdcf R14: 00007f4e9be669c0 R15: 000000000078c04c 22:19:46 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x10}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2907.327308][T29375] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2907.360488][T29375] CPU: 0 PID: 29375 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2907.369206][T29375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2907.379261][T29375] Call Trace: [ 2907.382576][T29375] dump_stack+0x18f/0x20d [ 2907.386934][T29375] sysfs_warn_dup.cold+0x1c/0x2d [ 2907.391888][T29375] sysfs_do_create_link_sd+0x11e/0x140 [ 2907.397365][T29375] sysfs_create_link+0x5f/0xc0 [ 2907.402140][T29375] device_add+0x6ff/0x1b00 [ 2907.406570][T29375] ? device_check_offline+0x280/0x280 [ 2907.411957][T29375] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2907.417962][T29375] wiphy_register+0x1d5b/0x2840 [ 2907.422848][T29375] ? wiphy_unregister+0xc10/0xc10 22:19:46 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2907.427889][T29375] ? default_device_exit_batch+0x3d0/0x3d0 [ 2907.433719][T29375] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2907.439805][T29375] ieee80211_register_hw+0x2291/0x3950 [ 2907.445378][T29375] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2907.450769][T29375] ? lock_downgrade+0x820/0x820 [ 2907.455760][T29375] ? lock_is_held_type+0xb0/0xe0 [ 2907.460717][T29375] ? memset+0x20/0x40 [ 2907.464711][T29375] ? __hrtimer_init+0x12c/0x260 [ 2907.469579][T29375] mac80211_hwsim_new_radio+0x2351/0x4540 22:19:47 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x17}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2907.475417][T29375] ? hwsim_virtio_rx_work+0x350/0x350 [ 2907.480803][T29375] ? memcpy+0x39/0x60 [ 2907.484888][T29375] hwsim_new_radio_nl+0x93e/0xf8c [ 2907.489928][T29375] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2907.495966][T29375] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2907.502920][T29375] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2907.509786][T29375] genl_rcv_msg+0x61d/0x980 [ 2907.514316][T29375] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2907.521278][T29375] ? lock_release+0x8d0/0x8d0 [ 2907.526007][T29375] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2907.531323][T29375] netlink_rcv_skb+0x15a/0x430 [ 2907.536109][T29375] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2907.543062][T29375] ? netlink_ack+0xa10/0xa10 [ 2907.547683][T29375] genl_rcv+0x24/0x40 [ 2907.551787][T29375] netlink_unicast+0x533/0x7d0 [ 2907.556573][T29375] ? netlink_attachskb+0x810/0x810 [ 2907.561703][T29375] ? _copy_from_iter_full+0x247/0x890 [ 2907.567205][T29375] ? __phys_addr+0x9a/0x110 [ 2907.571735][T29375] ? __phys_addr_symbol+0x2c/0x70 22:19:47 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x25}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2907.576777][T29375] ? __check_object_size+0x171/0x3e4 [ 2907.582083][T29375] netlink_sendmsg+0x856/0xd90 [ 2907.586867][T29375] ? netlink_unicast+0x7d0/0x7d0 [ 2907.591826][T29375] ? netlink_unicast+0x7d0/0x7d0 [ 2907.596777][T29375] sock_sendmsg+0xcf/0x120 [ 2907.601210][T29375] ____sys_sendmsg+0x6e8/0x810 [ 2907.605994][T29375] ? kernel_sendmsg+0x50/0x50 [ 2907.610681][T29375] ? do_recvmmsg+0x6d0/0x6d0 [ 2907.615299][T29375] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2907.621295][T29375] ? lockdep_hardirqs_on_prepare+0x590/0x590 22:19:47 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2907.627287][T29375] ? do_user_addr_fault+0x8ce/0xd00 [ 2907.632505][T29375] ___sys_sendmsg+0xf3/0x170 [ 2907.637112][T29375] ? sendmsg_copy_msghdr+0x160/0x160 [ 2907.642413][T29375] ? __fget_files+0x272/0x400 [ 2907.647108][T29375] ? lock_downgrade+0x820/0x820 [ 2907.651968][T29375] ? find_held_lock+0x2d/0x110 [ 2907.656747][T29375] ? __might_fault+0x11f/0x1d0 [ 2907.661531][T29375] ? __fget_files+0x294/0x400 [ 2907.666224][T29375] ? __fget_light+0xea/0x280 [ 2907.670834][T29375] __sys_sendmsg+0xe5/0x1b0 22:19:47 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x30}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2907.675348][T29375] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2907.680393][T29375] ? __x64_sys_futex+0x382/0x4e0 [ 2907.685349][T29375] ? do_syscall_64+0x1c/0xe0 [ 2907.689955][T29375] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2907.695948][T29375] do_syscall_64+0x60/0xe0 [ 2907.700376][T29375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2907.706291][T29375] RIP: 0033:0x45c369 [ 2907.710185][T29375] Code: Bad RIP value. [ 2907.714254][T29375] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2907.722785][T29375] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2907.730773][T29375] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2907.738765][T29375] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2907.746766][T29375] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2907.754762][T29375] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2907.808944][T29395] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2907.823418][T29398] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2907.840429][T29400] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2907.851354][T29400] CPU: 0 PID: 29400 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2907.860059][T29400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2907.870124][T29400] Call Trace: [ 2907.873435][T29400] dump_stack+0x18f/0x20d [ 2907.877786][T29400] sysfs_warn_dup.cold+0x1c/0x2d [ 2907.882744][T29400] sysfs_do_create_link_sd+0x11e/0x140 [ 2907.888219][T29400] sysfs_create_link+0x5f/0xc0 [ 2907.892993][T29400] device_add+0x6ff/0x1b00 [ 2907.897423][T29400] ? device_check_offline+0x280/0x280 [ 2907.902804][T29400] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2907.908766][T29400] wiphy_register+0x1d5b/0x2840 [ 2907.913605][T29400] ? wiphy_unregister+0xc10/0xc10 [ 2907.918608][T29400] ? default_device_exit_batch+0x3d0/0x3d0 [ 2907.924391][T29400] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2907.930432][T29400] ieee80211_register_hw+0x2291/0x3950 [ 2907.935876][T29400] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2907.941221][T29400] ? lock_downgrade+0x820/0x820 [ 2907.946047][T29400] ? lock_is_held_type+0xb0/0xe0 [ 2907.950959][T29400] ? memset+0x20/0x40 [ 2907.954914][T29400] ? __hrtimer_init+0x12c/0x260 [ 2907.959739][T29400] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2907.965438][T29400] ? hwsim_virtio_rx_work+0x350/0x350 [ 2907.970780][T29400] ? memcpy+0x39/0x60 [ 2907.974736][T29400] hwsim_new_radio_nl+0x93e/0xf8c [ 2907.979738][T29400] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2907.985774][T29400] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2907.992686][T29400] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2907.999557][T29400] genl_rcv_msg+0x61d/0x980 [ 2908.004045][T29400] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2908.010961][T29400] ? lock_release+0x8d0/0x8d0 [ 2908.015608][T29400] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2908.020868][T29400] netlink_rcv_skb+0x15a/0x430 [ 2908.025607][T29400] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2908.032529][T29400] ? netlink_ack+0xa10/0xa10 [ 2908.037100][T29400] genl_rcv+0x24/0x40 [ 2908.041054][T29400] netlink_unicast+0x533/0x7d0 [ 2908.045811][T29400] ? netlink_attachskb+0x810/0x810 [ 2908.050905][T29400] ? _copy_from_iter_full+0x247/0x890 [ 2908.056250][T29400] ? __phys_addr+0x9a/0x110 [ 2908.060729][T29400] ? __phys_addr_symbol+0x2c/0x70 [ 2908.065731][T29400] ? __check_object_size+0x171/0x3e4 [ 2908.070999][T29400] netlink_sendmsg+0x856/0xd90 [ 2908.075740][T29400] ? netlink_unicast+0x7d0/0x7d0 [ 2908.080666][T29400] ? netlink_unicast+0x7d0/0x7d0 [ 2908.085578][T29400] sock_sendmsg+0xcf/0x120 [ 2908.089965][T29400] ____sys_sendmsg+0x6e8/0x810 [ 2908.094703][T29400] ? kernel_sendmsg+0x50/0x50 [ 2908.099362][T29400] ? do_recvmmsg+0x6d0/0x6d0 [ 2908.103926][T29400] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2908.109880][T29400] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2908.115837][T29400] ? __lock_acquire+0xc1e/0x56e0 [ 2908.120752][T29400] ___sys_sendmsg+0xf3/0x170 [ 2908.125326][T29400] ? sendmsg_copy_msghdr+0x160/0x160 [ 2908.130589][T29400] ? __fget_files+0x272/0x400 [ 2908.135242][T29400] ? lock_downgrade+0x820/0x820 [ 2908.140063][T29400] ? find_held_lock+0x2d/0x110 [ 2908.144815][T29400] ? __might_fault+0x11f/0x1d0 [ 2908.149650][T29400] ? __fget_files+0x294/0x400 [ 2908.154301][T29400] ? __fget_light+0xea/0x280 [ 2908.158866][T29400] __sys_sendmsg+0xe5/0x1b0 [ 2908.163340][T29400] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2908.168343][T29400] ? __x64_sys_futex+0x382/0x4e0 [ 2908.173258][T29400] ? do_syscall_64+0x1c/0xe0 [ 2908.177820][T29400] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2908.183772][T29400] do_syscall_64+0x60/0xe0 [ 2908.188167][T29400] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2908.194037][T29400] RIP: 0033:0x45c369 [ 2908.197898][T29400] Code: Bad RIP value. [ 2908.201937][T29400] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2908.210337][T29400] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2908.218287][T29400] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2908.226334][T29400] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2908.234275][T29400] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2908.242217][T29400] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2908.274257][T29396] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2908.286535][T29396] CPU: 0 PID: 29396 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2908.295238][T29396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2908.305296][T29396] Call Trace: [ 2908.308604][T29396] dump_stack+0x18f/0x20d [ 2908.312945][T29396] sysfs_warn_dup.cold+0x1c/0x2d [ 2908.317890][T29396] sysfs_do_create_link_sd+0x11e/0x140 [ 2908.323356][T29396] sysfs_create_link+0x5f/0xc0 [ 2908.328129][T29396] device_add+0x6ff/0x1b00 [ 2908.332557][T29396] ? device_check_offline+0x280/0x280 [ 2908.337944][T29396] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2908.343941][T29396] wiphy_register+0x1d5b/0x2840 [ 2908.348829][T29396] ? wiphy_unregister+0xc10/0xc10 [ 2908.353881][T29396] ? default_device_exit_batch+0x3d0/0x3d0 [ 2908.359703][T29396] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2908.365786][T29396] ieee80211_register_hw+0x2291/0x3950 [ 2908.371274][T29396] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2908.376661][T29396] ? lock_downgrade+0x820/0x820 [ 2908.381537][T29396] ? lock_is_held_type+0xb0/0xe0 [ 2908.386492][T29396] ? memset+0x20/0x40 [ 2908.390495][T29396] ? __hrtimer_init+0x12c/0x260 [ 2908.395359][T29396] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2908.401118][T29396] ? hwsim_virtio_rx_work+0x350/0x350 [ 2908.406520][T29396] ? memcpy+0x39/0x60 [ 2908.410633][T29396] hwsim_new_radio_nl+0x93e/0xf8c [ 2908.415669][T29396] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2908.421583][T29396] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2908.428534][T29396] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2908.435515][T29396] genl_rcv_msg+0x61d/0x980 [ 2908.440043][T29396] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2908.447111][T29396] ? lock_release+0x8d0/0x8d0 [ 2908.451802][T29396] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2908.457106][T29396] netlink_rcv_skb+0x15a/0x430 [ 2908.464330][T29396] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2908.471344][T29396] ? netlink_ack+0xa10/0xa10 [ 2908.475933][T29396] genl_rcv+0x24/0x40 [ 2908.479910][T29396] netlink_unicast+0x533/0x7d0 [ 2908.487023][T29396] ? netlink_attachskb+0x810/0x810 [ 2908.492126][T29396] ? _copy_from_iter_full+0x247/0x890 [ 2908.497488][T29396] ? __phys_addr+0x9a/0x110 [ 2908.501974][T29396] ? __phys_addr_symbol+0x2c/0x70 [ 2908.506982][T29396] ? __check_object_size+0x171/0x3e4 [ 2908.512246][T29396] netlink_sendmsg+0x856/0xd90 [ 2908.516991][T29396] ? netlink_unicast+0x7d0/0x7d0 [ 2908.521915][T29396] ? netlink_unicast+0x7d0/0x7d0 [ 2908.526841][T29396] sock_sendmsg+0xcf/0x120 [ 2908.531237][T29396] ____sys_sendmsg+0x6e8/0x810 [ 2908.535979][T29396] ? kernel_sendmsg+0x50/0x50 [ 2908.540732][T29396] ? do_recvmmsg+0x6d0/0x6d0 [ 2908.545314][T29396] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2908.551399][T29396] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2908.557367][T29396] ? __lock_acquire+0xc1e/0x56e0 [ 2908.562294][T29396] ___sys_sendmsg+0xf3/0x170 [ 2908.566932][T29396] ? sendmsg_copy_msghdr+0x160/0x160 [ 2908.572199][T29396] ? __fget_files+0x272/0x400 [ 2908.576855][T29396] ? lock_downgrade+0x820/0x820 [ 2908.581815][T29396] ? find_held_lock+0x2d/0x110 [ 2908.586554][T29396] ? __might_fault+0x11f/0x1d0 [ 2908.591316][T29396] ? __fget_files+0x294/0x400 [ 2908.595971][T29396] ? __fget_light+0xea/0x280 [ 2908.600540][T29396] __sys_sendmsg+0xe5/0x1b0 [ 2908.605019][T29396] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2908.610155][T29396] ? __x64_sys_futex+0x382/0x4e0 [ 2908.615074][T29396] ? do_syscall_64+0x1c/0xe0 [ 2908.619640][T29396] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2908.625594][T29396] do_syscall_64+0x60/0xe0 [ 2908.630040][T29396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2908.635911][T29396] RIP: 0033:0x45c369 [ 2908.639787][T29396] Code: Bad RIP value. [ 2908.643825][T29396] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2908.652213][T29396] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2908.660169][T29396] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2908.668112][T29396] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2908.676058][T29396] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2908.684005][T29396] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac [ 2908.713867][T29400] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2908.743388][T29400] CPU: 1 PID: 29400 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2908.752201][T29400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2908.762252][T29400] Call Trace: [ 2908.765527][T29400] dump_stack+0x18f/0x20d [ 2908.769872][T29400] sysfs_warn_dup.cold+0x1c/0x2d [ 2908.774850][T29400] sysfs_do_create_link_sd+0x11e/0x140 [ 2908.780309][T29400] sysfs_create_link+0x5f/0xc0 [ 2908.785057][T29400] device_add+0x6ff/0x1b00 [ 2908.789457][T29400] ? device_check_offline+0x280/0x280 [ 2908.794805][T29400] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2908.800831][T29400] wiphy_register+0x1d5b/0x2840 [ 2908.805668][T29400] ? wiphy_unregister+0xc10/0xc10 [ 2908.810673][T29400] ? default_device_exit_batch+0x3d0/0x3d0 [ 2908.816480][T29400] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2908.822536][T29400] ieee80211_register_hw+0x2291/0x3950 [ 2908.828003][T29400] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2908.833361][T29400] ? lock_downgrade+0x820/0x820 [ 2908.838220][T29400] ? lock_is_held_type+0xb0/0xe0 [ 2908.843142][T29400] ? memset+0x20/0x40 [ 2908.847110][T29400] ? __hrtimer_init+0x12c/0x260 [ 2908.851949][T29400] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2908.857674][T29400] ? hwsim_virtio_rx_work+0x350/0x350 [ 2908.863031][T29400] ? memcpy+0x39/0x60 [ 2908.867002][T29400] hwsim_new_radio_nl+0x93e/0xf8c [ 2908.872080][T29400] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2908.877972][T29400] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2908.885673][T29400] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2908.892503][T29400] genl_rcv_msg+0x61d/0x980 [ 2908.897003][T29400] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2908.903929][T29400] ? lock_release+0x8d0/0x8d0 [ 2908.908580][T29400] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2908.913840][T29400] netlink_rcv_skb+0x15a/0x430 [ 2908.918591][T29400] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2908.925511][T29400] ? netlink_ack+0xa10/0xa10 [ 2908.930087][T29400] genl_rcv+0x24/0x40 [ 2908.934054][T29400] netlink_unicast+0x533/0x7d0 [ 2908.938826][T29400] ? netlink_attachskb+0x810/0x810 [ 2908.943921][T29400] ? _copy_from_iter_full+0x247/0x890 [ 2908.949268][T29400] ? __phys_addr+0x9a/0x110 [ 2908.953745][T29400] ? __phys_addr_symbol+0x2c/0x70 [ 2908.958749][T29400] ? __check_object_size+0x171/0x3e4 [ 2908.964017][T29400] netlink_sendmsg+0x856/0xd90 [ 2908.968760][T29400] ? netlink_unicast+0x7d0/0x7d0 [ 2908.973677][T29400] ? netlink_unicast+0x7d0/0x7d0 [ 2908.978709][T29400] sock_sendmsg+0xcf/0x120 [ 2908.983110][T29400] ____sys_sendmsg+0x6e8/0x810 [ 2908.987861][T29400] ? kernel_sendmsg+0x50/0x50 [ 2908.992522][T29400] ? do_recvmmsg+0x6d0/0x6d0 [ 2908.997099][T29400] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2909.003059][T29400] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2909.009025][T29400] ? __lock_acquire+0xc1e/0x56e0 [ 2909.014046][T29400] ___sys_sendmsg+0xf3/0x170 [ 2909.018627][T29400] ? sendmsg_copy_msghdr+0x160/0x160 [ 2909.023898][T29400] ? __fget_files+0x272/0x400 [ 2909.028558][T29400] ? lock_downgrade+0x820/0x820 [ 2909.033377][T29400] ? find_held_lock+0x2d/0x110 [ 2909.038221][T29400] ? __might_fault+0x11f/0x1d0 [ 2909.042976][T29400] ? __fget_files+0x294/0x400 [ 2909.047659][T29400] ? __fget_light+0xea/0x280 [ 2909.052234][T29400] __sys_sendmsg+0xe5/0x1b0 [ 2909.056727][T29400] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2909.061822][T29400] ? __x64_sys_futex+0x382/0x4e0 [ 2909.066751][T29400] ? do_syscall_64+0x1c/0xe0 [ 2909.071323][T29400] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2909.077375][T29400] do_syscall_64+0x60/0xe0 [ 2909.081773][T29400] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2909.087643][T29400] RIP: 0033:0x45c369 22:19:48 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e0e, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:48 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:48 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x68}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:48 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300680025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:48 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010605a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2909.091511][T29400] Code: Bad RIP value. [ 2909.095547][T29400] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2909.103931][T29400] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2909.111879][T29400] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2909.119826][T29400] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2909.127782][T29400] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2909.135742][T29400] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:48 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e48, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2909.234186][T29434] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2909.260668][T29434] CPU: 1 PID: 29434 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2909.269377][T29434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2909.279440][T29434] Call Trace: [ 2909.282743][T29434] dump_stack+0x18f/0x20d [ 2909.287087][T29434] sysfs_warn_dup.cold+0x1c/0x2d [ 2909.292039][T29434] sysfs_do_create_link_sd+0x11e/0x140 [ 2909.297513][T29434] sysfs_create_link+0x5f/0xc0 [ 2909.302300][T29434] device_add+0x6ff/0x1b00 [ 2909.306735][T29434] ? device_check_offline+0x280/0x280 [ 2909.312123][T29434] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2909.318128][T29434] wiphy_register+0x1d5b/0x2840 [ 2909.323030][T29434] ? wiphy_unregister+0xc10/0xc10 [ 2909.328116][T29434] ? default_device_exit_batch+0x3d0/0x3d0 [ 2909.333945][T29434] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2909.340046][T29434] ieee80211_register_hw+0x2291/0x3950 [ 2909.345533][T29434] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2909.350918][T29434] ? lock_downgrade+0x820/0x820 [ 2909.355780][T29434] ? lock_is_held_type+0xb0/0xe0 [ 2909.360724][T29434] ? memset+0x20/0x40 [ 2909.364716][T29434] ? __hrtimer_init+0x12c/0x260 [ 2909.369578][T29434] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2909.375318][T29434] ? hwsim_virtio_rx_work+0x350/0x350 [ 2909.380697][T29434] ? memcpy+0x39/0x60 [ 2909.384691][T29434] hwsim_new_radio_nl+0x93e/0xf8c [ 2909.389727][T29434] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2909.395646][T29434] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2909.402595][T29434] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2909.409579][T29434] genl_rcv_msg+0x61d/0x980 [ 2909.414208][T29434] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2909.421164][T29434] ? lock_release+0x8d0/0x8d0 [ 2909.425864][T29434] ? netdev_core_pick_tx+0x2e0/0x2e0 22:19:49 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="23006c0025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2909.431177][T29434] netlink_rcv_skb+0x15a/0x430 [ 2909.435952][T29434] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2909.442905][T29434] ? netlink_ack+0xa10/0xa10 [ 2909.447528][T29434] genl_rcv+0x24/0x40 [ 2909.451522][T29434] netlink_unicast+0x533/0x7d0 [ 2909.456309][T29434] ? netlink_attachskb+0x810/0x810 [ 2909.461428][T29434] ? _copy_from_iter_full+0x247/0x890 [ 2909.466812][T29434] ? __phys_addr+0x9a/0x110 [ 2909.471331][T29434] ? __phys_addr_symbol+0x2c/0x70 [ 2909.476377][T29434] ? __check_object_size+0x171/0x3e4 [ 2909.481678][T29434] netlink_sendmsg+0x856/0xd90 [ 2909.486465][T29434] ? netlink_unicast+0x7d0/0x7d0 [ 2909.491423][T29434] ? netlink_unicast+0x7d0/0x7d0 [ 2909.496371][T29434] sock_sendmsg+0xcf/0x120 [ 2909.500800][T29434] ____sys_sendmsg+0x6e8/0x810 [ 2909.505571][T29434] ? kernel_sendmsg+0x50/0x50 [ 2909.510308][T29434] ? do_recvmmsg+0x6d0/0x6d0 [ 2909.514906][T29434] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2909.520937][T29434] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2909.526907][T29434] ? do_user_addr_fault+0x8ce/0xd00 [ 2909.532097][T29434] ___sys_sendmsg+0xf3/0x170 [ 2909.536685][T29434] ? sendmsg_copy_msghdr+0x160/0x160 [ 2909.541958][T29434] ? __fget_files+0x272/0x400 [ 2909.546753][T29434] ? lock_downgrade+0x820/0x820 [ 2909.551631][T29434] ? find_held_lock+0x2d/0x110 [ 2909.556401][T29434] ? __might_fault+0x11f/0x1d0 [ 2909.561164][T29434] ? __fget_files+0x294/0x400 [ 2909.565854][T29434] ? __fget_light+0xea/0x280 [ 2909.570443][T29434] __sys_sendmsg+0xe5/0x1b0 [ 2909.574933][T29434] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2909.579944][T29434] ? __x64_sys_futex+0x382/0x4e0 [ 2909.584878][T29434] ? do_syscall_64+0x1c/0xe0 [ 2909.589462][T29434] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2909.595437][T29434] do_syscall_64+0x60/0xe0 [ 2909.599839][T29434] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2909.605711][T29434] RIP: 0033:0x45c369 [ 2909.609593][T29434] Code: Bad RIP value. [ 2909.613648][T29434] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2909.622047][T29434] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2909.630008][T29434] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2909.637981][T29434] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2909.645953][T29434] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2909.653918][T29434] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2909.666036][T29439] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2909.677321][T29438] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:49 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0xc0}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2909.711106][T29434] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2909.743341][T29434] CPU: 1 PID: 29434 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 22:19:49 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010685a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2909.752047][T29434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2909.762109][T29434] Call Trace: [ 2909.765417][T29434] dump_stack+0x18f/0x20d [ 2909.769765][T29434] sysfs_warn_dup.cold+0x1c/0x2d [ 2909.774716][T29434] sysfs_do_create_link_sd+0x11e/0x140 [ 2909.780189][T29434] sysfs_create_link+0x5f/0xc0 [ 2909.784968][T29434] device_add+0x6ff/0x1b00 [ 2909.789401][T29434] ? device_check_offline+0x280/0x280 [ 2909.794787][T29434] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2909.800793][T29434] wiphy_register+0x1d5b/0x2840 [ 2909.805674][T29434] ? wiphy_unregister+0xc10/0xc10 [ 2909.810719][T29434] ? default_device_exit_batch+0x3d0/0x3d0 [ 2909.816550][T29434] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2909.822639][T29434] ieee80211_register_hw+0x2291/0x3950 [ 2909.828376][T29434] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2909.833765][T29434] ? lock_downgrade+0x820/0x820 [ 2909.838631][T29434] ? lock_is_held_type+0xb0/0xe0 [ 2909.843584][T29434] ? memset+0x20/0x40 [ 2909.847580][T29434] ? __hrtimer_init+0x12c/0x260 [ 2909.852446][T29434] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2909.858198][T29434] ? hwsim_virtio_rx_work+0x350/0x350 [ 2909.863582][T29434] ? memcpy+0x39/0x60 [ 2909.867583][T29434] hwsim_new_radio_nl+0x93e/0xf8c [ 2909.872623][T29434] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2909.878550][T29434] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2909.885500][T29434] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2909.892372][T29434] genl_rcv_msg+0x61d/0x980 [ 2909.896900][T29434] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2909.903869][T29434] ? lock_release+0x8d0/0x8d0 [ 2909.908571][T29434] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2909.913883][T29434] netlink_rcv_skb+0x15a/0x430 [ 2909.918668][T29434] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2909.925623][T29434] ? netlink_ack+0xa10/0xa10 [ 2909.930246][T29434] genl_rcv+0x24/0x40 [ 2909.934235][T29434] netlink_unicast+0x533/0x7d0 [ 2909.938994][T29434] ? netlink_attachskb+0x810/0x810 [ 2909.944087][T29434] ? _copy_from_iter_full+0x247/0x890 [ 2909.949564][T29434] ? __phys_addr+0x9a/0x110 [ 2909.954078][T29434] ? __phys_addr_symbol+0x2c/0x70 [ 2909.959111][T29434] ? __check_object_size+0x171/0x3e4 [ 2909.964423][T29434] netlink_sendmsg+0x856/0xd90 [ 2909.969209][T29434] ? netlink_unicast+0x7d0/0x7d0 [ 2909.974169][T29434] ? netlink_unicast+0x7d0/0x7d0 [ 2909.979114][T29434] sock_sendmsg+0xcf/0x120 [ 2909.983542][T29434] ____sys_sendmsg+0x6e8/0x810 [ 2909.988324][T29434] ? kernel_sendmsg+0x50/0x50 [ 2909.993008][T29434] ? do_recvmmsg+0x6d0/0x6d0 [ 2909.997612][T29434] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2910.003608][T29434] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2910.009597][T29434] ? do_user_addr_fault+0x8ce/0xd00 [ 2910.014799][T29434] ___sys_sendmsg+0xf3/0x170 [ 2910.019406][T29434] ? sendmsg_copy_msghdr+0x160/0x160 [ 2910.024696][T29434] ? __fget_files+0x272/0x400 [ 2910.029384][T29434] ? lock_downgrade+0x820/0x820 [ 2910.034228][T29434] ? find_held_lock+0x2d/0x110 [ 2910.038992][T29434] ? __might_fault+0x11f/0x1d0 [ 2910.043741][T29434] ? __fget_files+0x294/0x400 [ 2910.048416][T29434] ? __fget_light+0xea/0x280 [ 2910.053006][T29434] __sys_sendmsg+0xe5/0x1b0 [ 2910.057502][T29434] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2910.062518][T29434] ? __x64_sys_futex+0x382/0x4e0 [ 2910.067542][T29434] ? do_syscall_64+0x1c/0xe0 [ 2910.072239][T29434] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2910.078212][T29434] do_syscall_64+0x60/0xe0 [ 2910.082621][T29434] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2910.088513][T29434] RIP: 0033:0x45c369 [ 2910.092392][T29434] Code: Bad RIP value. [ 2910.096441][T29434] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2910.104847][T29434] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:19:49 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2910.112822][T29434] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2910.120804][T29434] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2910.128768][T29434] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2910.136741][T29434] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c 22:19:49 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e48, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2910.165777][T29459] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2910.175163][T29462] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2910.209595][T29441] sysfs: cannot create duplicate filename '/class/ieee80211/!' 22:19:49 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300740025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2910.250910][T29441] CPU: 1 PID: 29441 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2910.259614][T29441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2910.269675][T29441] Call Trace: [ 2910.272977][T29441] dump_stack+0x18f/0x20d [ 2910.277323][T29441] sysfs_warn_dup.cold+0x1c/0x2d [ 2910.282274][T29441] sysfs_do_create_link_sd+0x11e/0x140 [ 2910.287748][T29441] sysfs_create_link+0x5f/0xc0 [ 2910.292530][T29441] device_add+0x6ff/0x1b00 22:19:49 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0xec0}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:49 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a00106c5a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2910.296977][T29441] ? device_check_offline+0x280/0x280 [ 2910.302357][T29441] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2910.308381][T29441] wiphy_register+0x1d5b/0x2840 [ 2910.313261][T29441] ? wiphy_unregister+0xc10/0xc10 [ 2910.318301][T29441] ? default_device_exit_batch+0x3d0/0x3d0 [ 2910.324132][T29441] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2910.330224][T29441] ieee80211_register_hw+0x2291/0x3950 [ 2910.335723][T29441] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2910.341117][T29441] ? lock_downgrade+0x820/0x820 [ 2910.346073][T29441] ? lock_is_held_type+0xb0/0xe0 [ 2910.351020][T29441] ? memset+0x20/0x40 [ 2910.356059][T29441] ? __hrtimer_init+0x12c/0x260 [ 2910.360927][T29441] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2910.366670][T29441] ? hwsim_virtio_rx_work+0x350/0x350 [ 2910.372054][T29441] ? memcpy+0x39/0x60 [ 2910.376057][T29441] hwsim_new_radio_nl+0x93e/0xf8c [ 2910.381106][T29441] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2910.387028][T29441] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2910.393979][T29441] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2910.400850][T29441] genl_rcv_msg+0x61d/0x980 [ 2910.405381][T29441] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2910.412337][T29441] ? lock_release+0x8d0/0x8d0 [ 2910.417028][T29441] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2910.422335][T29441] netlink_rcv_skb+0x15a/0x430 [ 2910.427115][T29441] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2910.434071][T29441] ? netlink_ack+0xa10/0xa10 [ 2910.438695][T29441] genl_rcv+0x24/0x40 [ 2910.442689][T29441] netlink_unicast+0x533/0x7d0 [ 2910.447471][T29441] ? netlink_attachskb+0x810/0x810 [ 2910.452595][T29441] ? _copy_from_iter_full+0x247/0x890 [ 2910.457980][T29441] ? __phys_addr+0x9a/0x110 [ 2910.462496][T29441] ? __phys_addr_symbol+0x2c/0x70 [ 2910.467535][T29441] ? __check_object_size+0x171/0x3e4 [ 2910.472842][T29441] netlink_sendmsg+0x856/0xd90 [ 2910.477626][T29441] ? netlink_unicast+0x7d0/0x7d0 [ 2910.482588][T29441] ? netlink_unicast+0x7d0/0x7d0 [ 2910.487648][T29441] sock_sendmsg+0xcf/0x120 [ 2910.492080][T29441] ____sys_sendmsg+0x6e8/0x810 [ 2910.496864][T29441] ? kernel_sendmsg+0x50/0x50 [ 2910.501549][T29441] ? do_recvmmsg+0x6d0/0x6d0 [ 2910.506156][T29441] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2910.512159][T29441] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2910.518150][T29441] ? __lock_acquire+0xc1e/0x56e0 [ 2910.523103][T29441] ___sys_sendmsg+0xf3/0x170 [ 2910.527713][T29441] ? sendmsg_copy_msghdr+0x160/0x160 [ 2910.533012][T29441] ? __fget_files+0x272/0x400 [ 2910.537710][T29441] ? lock_downgrade+0x820/0x820 [ 2910.542833][T29441] ? find_held_lock+0x2d/0x110 [ 2910.547612][T29441] ? __might_fault+0x11f/0x1d0 [ 2910.552396][T29441] ? __fget_files+0x294/0x400 [ 2910.557183][T29441] ? __fget_light+0xea/0x280 [ 2910.561803][T29441] __sys_sendmsg+0xe5/0x1b0 [ 2910.566318][T29441] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2910.571351][T29441] ? __x64_sys_futex+0x382/0x4e0 [ 2910.576305][T29441] ? do_syscall_64+0x1c/0xe0 [ 2910.580901][T29441] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2910.586898][T29441] do_syscall_64+0x60/0xe0 [ 2910.591341][T29441] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2910.597242][T29441] RIP: 0033:0x45c369 [ 2910.601132][T29441] Code: Bad RIP value. [ 2910.605196][T29441] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2910.613610][T29441] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2910.621588][T29441] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2910.629567][T29441] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2910.637554][T29441] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2910.645530][T29441] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:50 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:50 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010745a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2910.693610][T29477] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2910.748932][T29445] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2910.764872][T29445] CPU: 0 PID: 29445 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2910.773591][T29445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2910.783765][T29445] Call Trace: [ 2910.787064][T29445] dump_stack+0x18f/0x20d [ 2910.791427][T29445] sysfs_warn_dup.cold+0x1c/0x2d [ 2910.796404][T29445] sysfs_do_create_link_sd+0x11e/0x140 [ 2910.801881][T29445] sysfs_create_link+0x5f/0xc0 [ 2910.806659][T29445] device_add+0x6ff/0x1b00 [ 2910.811089][T29445] ? device_check_offline+0x280/0x280 [ 2910.816472][T29445] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2910.822471][T29445] wiphy_register+0x1d5b/0x2840 [ 2910.827354][T29445] ? wiphy_unregister+0xc10/0xc10 [ 2910.832396][T29445] ? default_device_exit_batch+0x3d0/0x3d0 [ 2910.838233][T29445] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 22:19:50 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2910.844322][T29445] ieee80211_register_hw+0x2291/0x3950 [ 2910.849825][T29445] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2910.855219][T29445] ? lock_downgrade+0x820/0x820 [ 2910.860089][T29445] ? lock_is_held_type+0xb0/0xe0 [ 2910.865041][T29445] ? memset+0x20/0x40 [ 2910.869038][T29445] ? __hrtimer_init+0x12c/0x260 [ 2910.873904][T29445] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2910.879652][T29445] ? hwsim_virtio_rx_work+0x350/0x350 [ 2910.885039][T29445] ? memcpy+0x39/0x60 [ 2910.889041][T29445] hwsim_new_radio_nl+0x93e/0xf8c [ 2910.894081][T29445] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2910.900003][T29445] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2910.906956][T29445] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2910.913827][T29445] genl_rcv_msg+0x61d/0x980 [ 2910.918357][T29445] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2910.925316][T29445] ? lock_release+0x8d0/0x8d0 [ 2910.930002][T29445] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2910.935304][T29445] netlink_rcv_skb+0x15a/0x430 [ 2910.940090][T29445] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2910.947053][T29445] ? netlink_ack+0xa10/0xa10 [ 2910.951672][T29445] genl_rcv+0x24/0x40 [ 2910.955670][T29445] netlink_unicast+0x533/0x7d0 [ 2910.960450][T29445] ? netlink_attachskb+0x810/0x810 [ 2910.965572][T29445] ? _copy_from_iter_full+0x247/0x890 [ 2910.970953][T29445] ? __phys_addr+0x9a/0x110 [ 2910.975468][T29445] ? __phys_addr_symbol+0x2c/0x70 [ 2910.980506][T29445] ? __check_object_size+0x171/0x3e4 [ 2910.985812][T29445] netlink_sendmsg+0x856/0xd90 [ 2910.990595][T29445] ? netlink_unicast+0x7d0/0x7d0 [ 2910.995550][T29445] ? netlink_unicast+0x7d0/0x7d0 [ 2911.000503][T29445] sock_sendmsg+0xcf/0x120 [ 2911.004926][T29445] ____sys_sendmsg+0x6e8/0x810 [ 2911.009703][T29445] ? kernel_sendmsg+0x50/0x50 [ 2911.014390][T29445] ? do_recvmmsg+0x6d0/0x6d0 [ 2911.019001][T29445] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2911.024997][T29445] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2911.031000][T29445] ? __lock_acquire+0xc1e/0x56e0 [ 2911.035952][T29445] ___sys_sendmsg+0xf3/0x170 [ 2911.040557][T29445] ? sendmsg_copy_msghdr+0x160/0x160 [ 2911.045852][T29445] ? __fget_files+0x272/0x400 [ 2911.050539][T29445] ? lock_downgrade+0x820/0x820 [ 2911.055387][T29445] ? find_held_lock+0x2d/0x110 [ 2911.060136][T29445] ? __might_fault+0x11f/0x1d0 [ 2911.064879][T29445] ? __fget_files+0x294/0x400 [ 2911.069533][T29445] ? __fget_light+0xea/0x280 [ 2911.074106][T29445] __sys_sendmsg+0xe5/0x1b0 [ 2911.078587][T29445] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2911.083644][T29445] ? __x64_sys_futex+0x382/0x4e0 [ 2911.088563][T29445] ? do_syscall_64+0x1c/0xe0 [ 2911.093142][T29445] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2911.099119][T29445] do_syscall_64+0x60/0xe0 [ 2911.103512][T29445] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2911.109378][T29445] RIP: 0033:0x45c369 [ 2911.113244][T29445] Code: Bad RIP value. [ 2911.117282][T29445] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2911.125688][T29445] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2911.133642][T29445] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2911.141593][T29445] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2911.149573][T29445] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2911.157530][T29445] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac [ 2911.186619][T29500] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:50 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e4c, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:50 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:50 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x33fe0}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:50 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="23007a0025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2911.198136][T29473] sysfs: cannot create duplicate filename '/class/ieee80211/!' 22:19:50 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a00107a5a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2911.254572][T29473] CPU: 0 PID: 29473 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2911.263274][T29473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2911.273332][T29473] Call Trace: [ 2911.276631][T29473] dump_stack+0x18f/0x20d [ 2911.280974][T29473] sysfs_warn_dup.cold+0x1c/0x2d [ 2911.285923][T29473] sysfs_do_create_link_sd+0x11e/0x140 [ 2911.291410][T29473] sysfs_create_link+0x5f/0xc0 [ 2911.296198][T29473] device_add+0x6ff/0x1b00 [ 2911.300624][T29473] ? device_check_offline+0x280/0x280 [ 2911.306004][T29473] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2911.312009][T29473] wiphy_register+0x1d5b/0x2840 [ 2911.316922][T29473] ? wiphy_unregister+0xc10/0xc10 [ 2911.321960][T29473] ? default_device_exit_batch+0x3d0/0x3d0 [ 2911.327790][T29473] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2911.333883][T29473] ieee80211_register_hw+0x2291/0x3950 [ 2911.339376][T29473] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2911.344769][T29473] ? lock_downgrade+0x820/0x820 [ 2911.349639][T29473] ? lock_is_held_type+0xb0/0xe0 [ 2911.354598][T29473] ? memset+0x20/0x40 [ 2911.358687][T29473] ? __hrtimer_init+0x12c/0x260 [ 2911.363558][T29473] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2911.369356][T29473] ? hwsim_virtio_rx_work+0x350/0x350 [ 2911.374742][T29473] ? memcpy+0x39/0x60 [ 2911.378741][T29473] hwsim_new_radio_nl+0x93e/0xf8c [ 2911.383785][T29473] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2911.389721][T29473] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2911.396670][T29473] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2911.403548][T29473] genl_rcv_msg+0x61d/0x980 [ 2911.408067][T29473] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2911.415019][T29473] ? lock_release+0x8d0/0x8d0 [ 2911.419708][T29473] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2911.425019][T29473] netlink_rcv_skb+0x15a/0x430 [ 2911.429802][T29473] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2911.436756][T29473] ? netlink_ack+0xa10/0xa10 [ 2911.441376][T29473] genl_rcv+0x24/0x40 [ 2911.445371][T29473] netlink_unicast+0x533/0x7d0 [ 2911.450167][T29473] ? netlink_attachskb+0x810/0x810 [ 2911.455498][T29473] ? _copy_from_iter_full+0x247/0x890 [ 2911.460868][T29473] ? __phys_addr+0x9a/0x110 [ 2911.465352][T29473] ? __phys_addr_symbol+0x2c/0x70 [ 2911.470381][T29473] ? __check_object_size+0x171/0x3e4 [ 2911.478835][T29473] netlink_sendmsg+0x856/0xd90 [ 2911.483595][T29473] ? netlink_unicast+0x7d0/0x7d0 [ 2911.488514][T29473] ? netlink_unicast+0x7d0/0x7d0 [ 2911.493539][T29473] sock_sendmsg+0xcf/0x120 [ 2911.497956][T29473] ____sys_sendmsg+0x6e8/0x810 [ 2911.502937][T29473] ? kernel_sendmsg+0x50/0x50 [ 2911.507604][T29473] ? do_recvmmsg+0x6d0/0x6d0 [ 2911.512294][T29473] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2911.518276][T29473] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2911.524344][T29473] ? do_user_addr_fault+0x8ce/0xd00 [ 2911.529540][T29473] ___sys_sendmsg+0xf3/0x170 [ 2911.534122][T29473] ? sendmsg_copy_msghdr+0x160/0x160 [ 2911.539386][T29473] ? __fget_files+0x272/0x400 [ 2911.544042][T29473] ? lock_downgrade+0x820/0x820 [ 2911.548881][T29473] ? find_held_lock+0x2d/0x110 [ 2911.553629][T29473] ? __might_fault+0x11f/0x1d0 [ 2911.558379][T29473] ? __fget_files+0x294/0x400 [ 2911.563053][T29473] ? __fget_light+0xea/0x280 [ 2911.567727][T29473] __sys_sendmsg+0xe5/0x1b0 [ 2911.572242][T29473] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2911.577252][T29473] ? __x64_sys_futex+0x382/0x4e0 [ 2911.582186][T29473] ? do_syscall_64+0x1c/0xe0 [ 2911.586772][T29473] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2911.592738][T29473] do_syscall_64+0x60/0xe0 [ 2911.597136][T29473] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2911.603004][T29473] RIP: 0033:0x45c369 [ 2911.606945][T29473] Code: Bad RIP value. [ 2911.610994][T29473] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2911.619396][T29473] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2911.627351][T29473] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2911.635306][T29473] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2911.643264][T29473] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2911.651226][T29473] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2911.717064][T29517] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2911.727799][T29518] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2911.766205][T29506] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2911.773883][T29506] CPU: 0 PID: 29506 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2911.782558][T29506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2911.792619][T29506] Call Trace: [ 2911.795929][T29506] dump_stack+0x18f/0x20d [ 2911.800280][T29506] sysfs_warn_dup.cold+0x1c/0x2d [ 2911.805235][T29506] sysfs_do_create_link_sd+0x11e/0x140 [ 2911.810713][T29506] sysfs_create_link+0x5f/0xc0 [ 2911.815498][T29506] device_add+0x6ff/0x1b00 [ 2911.819939][T29506] ? device_check_offline+0x280/0x280 [ 2911.825318][T29506] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2911.831317][T29506] wiphy_register+0x1d5b/0x2840 [ 2911.836191][T29506] ? wiphy_unregister+0xc10/0xc10 [ 2911.841205][T29506] ? default_device_exit_batch+0x3d0/0x3d0 [ 2911.847011][T29506] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2911.853069][T29506] ieee80211_register_hw+0x2291/0x3950 [ 2911.858547][T29506] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2911.863941][T29506] ? lock_downgrade+0x820/0x820 [ 2911.868808][T29506] ? lock_is_held_type+0xb0/0xe0 [ 2911.873766][T29506] ? memset+0x20/0x40 [ 2911.877763][T29506] ? __hrtimer_init+0x12c/0x260 [ 2911.882628][T29506] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2911.888375][T29506] ? hwsim_virtio_rx_work+0x350/0x350 [ 2911.893762][T29506] ? memcpy+0x39/0x60 [ 2911.897766][T29506] hwsim_new_radio_nl+0x93e/0xf8c [ 2911.902808][T29506] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2911.908724][T29506] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2911.915679][T29506] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2911.922555][T29506] genl_rcv_msg+0x61d/0x980 [ 2911.927087][T29506] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2911.934050][T29506] ? lock_release+0x8d0/0x8d0 [ 2911.938742][T29506] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2911.944064][T29506] netlink_rcv_skb+0x15a/0x430 [ 2911.948845][T29506] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2911.955802][T29506] ? netlink_ack+0xa10/0xa10 [ 2911.960426][T29506] genl_rcv+0x24/0x40 [ 2911.964423][T29506] netlink_unicast+0x533/0x7d0 [ 2911.969208][T29506] ? netlink_attachskb+0x810/0x810 [ 2911.974332][T29506] ? _copy_from_iter_full+0x247/0x890 [ 2911.979718][T29506] ? __phys_addr+0x9a/0x110 [ 2911.984230][T29506] ? __phys_addr_symbol+0x2c/0x70 [ 2911.989236][T29506] ? __check_object_size+0x171/0x3e4 [ 2911.994517][T29506] netlink_sendmsg+0x856/0xd90 [ 2911.999269][T29506] ? netlink_unicast+0x7d0/0x7d0 [ 2912.004190][T29506] ? netlink_unicast+0x7d0/0x7d0 [ 2912.009106][T29506] sock_sendmsg+0xcf/0x120 [ 2912.013500][T29506] ____sys_sendmsg+0x6e8/0x810 [ 2912.018247][T29506] ? kernel_sendmsg+0x50/0x50 [ 2912.022903][T29506] ? do_recvmmsg+0x6d0/0x6d0 [ 2912.027471][T29506] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2912.033433][T29506] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2912.039389][T29506] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2912.044493][T29506] ___sys_sendmsg+0xf3/0x170 [ 2912.049073][T29506] ? sendmsg_copy_msghdr+0x160/0x160 [ 2912.054338][T29506] ? __fget_files+0x272/0x400 [ 2912.058994][T29506] ? lock_downgrade+0x820/0x820 [ 2912.063819][T29506] ? find_held_lock+0x2d/0x110 [ 2912.068559][T29506] ? __might_fault+0x11f/0x1d0 [ 2912.073308][T29506] ? __fget_files+0x294/0x400 [ 2912.077978][T29506] ? __fget_light+0xea/0x280 [ 2912.082547][T29506] __sys_sendmsg+0xe5/0x1b0 [ 2912.087027][T29506] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2912.092027][T29506] ? kcov_ioctl+0x192/0x640 [ 2912.096511][T29506] ? do_syscall_64+0x1c/0xe0 [ 2912.101089][T29506] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2912.107060][T29506] do_syscall_64+0x60/0xe0 [ 2912.111475][T29506] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2912.117356][T29506] RIP: 0033:0x45c369 [ 2912.121222][T29506] Code: Bad RIP value. [ 2912.125264][T29506] RSP: 002b:00007f4e9be44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2912.133649][T29506] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2912.141613][T29506] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2912.149560][T29506] RBP: 000000000078c120 R08: 0000000000000000 R09: 0000000000000000 [ 2912.157506][T29506] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c0ec [ 2912.165452][T29506] R13: 00007ffd77e9fdcf R14: 00007f4e9be459c0 R15: 000000000078c0ec [ 2912.207775][T29514] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2912.215445][T29514] CPU: 1 PID: 29514 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2912.224112][T29514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2912.234170][T29514] Call Trace: [ 2912.237476][T29514] dump_stack+0x18f/0x20d [ 2912.241825][T29514] sysfs_warn_dup.cold+0x1c/0x2d [ 2912.246773][T29514] sysfs_do_create_link_sd+0x11e/0x140 [ 2912.252245][T29514] sysfs_create_link+0x5f/0xc0 [ 2912.257018][T29514] device_add+0x6ff/0x1b00 [ 2912.261437][T29514] ? device_check_offline+0x280/0x280 [ 2912.266830][T29514] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2912.272831][T29514] wiphy_register+0x1d5b/0x2840 [ 2912.277706][T29514] ? wiphy_unregister+0xc10/0xc10 [ 2912.282744][T29514] ? default_device_exit_batch+0x3d0/0x3d0 [ 2912.288580][T29514] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2912.294660][T29514] ieee80211_register_hw+0x2291/0x3950 [ 2912.300147][T29514] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2912.305532][T29514] ? lock_downgrade+0x820/0x820 [ 2912.310428][T29514] ? lock_is_held_type+0xb0/0xe0 22:19:51 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e4c, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:51 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:51 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x200001ae}], 0x1, 0x0, 0x0, 0x10}, 0x0) 22:19:51 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010005b00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:51 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2353ce0025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2912.315428][T29514] ? memset+0x20/0x40 [ 2912.319498][T29514] ? __hrtimer_init+0x12c/0x260 [ 2912.324525][T29514] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2912.330277][T29514] ? hwsim_virtio_rx_work+0x350/0x350 [ 2912.335662][T29514] ? memcpy+0x39/0x60 [ 2912.339656][T29514] hwsim_new_radio_nl+0x93e/0xf8c [ 2912.344692][T29514] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2912.350620][T29514] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2912.357575][T29514] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2912.364446][T29514] genl_rcv_msg+0x61d/0x980 [ 2912.368976][T29514] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2912.375939][T29514] ? lock_release+0x8d0/0x8d0 [ 2912.380630][T29514] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2912.385981][T29514] netlink_rcv_skb+0x15a/0x430 [ 2912.390765][T29514] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2912.397727][T29514] ? netlink_ack+0xa10/0xa10 [ 2912.402343][T29514] genl_rcv+0x24/0x40 [ 2912.406337][T29514] netlink_unicast+0x533/0x7d0 [ 2912.411120][T29514] ? netlink_attachskb+0x810/0x810 22:19:51 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x7ffff000}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2912.416243][T29514] ? _copy_from_iter_full+0x247/0x890 [ 2912.421626][T29514] ? __phys_addr+0x9a/0x110 [ 2912.426271][T29514] ? __phys_addr_symbol+0x2c/0x70 [ 2912.431311][T29514] ? __check_object_size+0x171/0x3e4 [ 2912.436631][T29514] netlink_sendmsg+0x856/0xd90 [ 2912.441414][T29514] ? netlink_unicast+0x7d0/0x7d0 [ 2912.446380][T29514] ? netlink_unicast+0x7d0/0x7d0 [ 2912.451328][T29514] sock_sendmsg+0xcf/0x120 [ 2912.455758][T29514] ____sys_sendmsg+0x6e8/0x810 [ 2912.460530][T29514] ? kernel_sendmsg+0x50/0x50 22:19:52 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10}, 0x0) [ 2912.465215][T29514] ? do_recvmmsg+0x6d0/0x6d0 [ 2912.469812][T29514] ? rcu_preempt_deferred_qs_irqrestore+0x217/0xb00 [ 2912.476402][T29514] ? find_held_lock+0x2d/0x110 [ 2912.481178][T29514] ? rcu_preempt_deferred_qs_irqrestore+0x512/0xb00 [ 2912.487871][T29514] ? lock_downgrade+0x820/0x820 [ 2912.492741][T29514] ___sys_sendmsg+0xf3/0x170 [ 2912.497352][T29514] ? sendmsg_copy_msghdr+0x160/0x160 [ 2912.502649][T29514] ? __fget_files+0x272/0x400 [ 2912.507343][T29514] ? lock_downgrade+0x820/0x820 [ 2912.512307][T29514] ? __fget_files+0x294/0x400 [ 2912.517018][T29514] ? __fget_light+0xea/0x280 [ 2912.521630][T29514] __sys_sendmsg+0xe5/0x1b0 [ 2912.526149][T29514] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2912.531188][T29514] ? __x64_sys_futex+0x382/0x4e0 [ 2912.536152][T29514] ? do_syscall_64+0x1c/0xe0 [ 2912.540759][T29514] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2912.546761][T29514] do_syscall_64+0x60/0xe0 [ 2912.551188][T29514] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2912.557175][T29514] RIP: 0033:0x45c369 [ 2912.561070][T29514] Code: Bad RIP value. [ 2912.565146][T29514] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2912.573580][T29514] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2912.581665][T29514] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2912.589631][T29514] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2912.597584][T29514] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2912.605538][T29514] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2912.685293][T29516] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2912.704863][T29516] CPU: 1 PID: 29516 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2912.713569][T29516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2912.723618][T29516] Call Trace: [ 2912.726906][T29516] dump_stack+0x18f/0x20d [ 2912.731248][T29516] sysfs_warn_dup.cold+0x1c/0x2d [ 2912.736215][T29516] sysfs_do_create_link_sd+0x11e/0x140 [ 2912.741679][T29516] sysfs_create_link+0x5f/0xc0 [ 2912.746451][T29516] device_add+0x6ff/0x1b00 [ 2912.750879][T29516] ? device_check_offline+0x280/0x280 [ 2912.756259][T29516] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2912.762261][T29516] wiphy_register+0x1d5b/0x2840 [ 2912.767138][T29516] ? wiphy_unregister+0xc10/0xc10 [ 2912.772178][T29516] ? default_device_exit_batch+0x3d0/0x3d0 [ 2912.778016][T29516] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2912.784114][T29516] ieee80211_register_hw+0x2291/0x3950 [ 2912.789588][T29516] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2912.794961][T29516] ? lock_downgrade+0x820/0x820 [ 2912.799804][T29516] ? lock_is_held_type+0xb0/0xe0 [ 2912.804737][T29516] ? memset+0x20/0x40 [ 2912.808728][T29516] ? __hrtimer_init+0x12c/0x260 [ 2912.813588][T29516] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2912.819306][T29516] ? hwsim_virtio_rx_work+0x350/0x350 [ 2912.824676][T29516] ? memcpy+0x39/0x60 [ 2912.828665][T29516] hwsim_new_radio_nl+0x93e/0xf8c [ 2912.833684][T29516] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2912.839720][T29516] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2912.846660][T29516] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2912.853502][T29516] genl_rcv_msg+0x61d/0x980 [ 2912.858013][T29516] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2912.864950][T29516] ? lock_release+0x8d0/0x8d0 [ 2912.869625][T29516] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2912.874919][T29516] netlink_rcv_skb+0x15a/0x430 [ 2912.879678][T29516] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2912.886607][T29516] ? netlink_ack+0xa10/0xa10 [ 2912.891196][T29516] genl_rcv+0x24/0x40 [ 2912.895158][T29516] netlink_unicast+0x533/0x7d0 [ 2912.899917][T29516] ? netlink_attachskb+0x810/0x810 [ 2912.905007][T29516] ? _copy_from_iter_full+0x247/0x890 [ 2912.910373][T29516] ? __phys_addr+0x9a/0x110 [ 2912.914857][T29516] ? __phys_addr_symbol+0x2c/0x70 [ 2912.919865][T29516] ? __check_object_size+0x171/0x3e4 [ 2912.925134][T29516] netlink_sendmsg+0x856/0xd90 [ 2912.929887][T29516] ? netlink_unicast+0x7d0/0x7d0 [ 2912.934812][T29516] ? netlink_unicast+0x7d0/0x7d0 [ 2912.939734][T29516] sock_sendmsg+0xcf/0x120 [ 2912.944133][T29516] ____sys_sendmsg+0x6e8/0x810 [ 2912.948892][T29516] ? kernel_sendmsg+0x50/0x50 [ 2912.953568][T29516] ? do_recvmmsg+0x6d0/0x6d0 [ 2912.958165][T29516] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2912.964136][T29516] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2912.970103][T29516] ? __lock_acquire+0xc1e/0x56e0 [ 2912.975040][T29516] ___sys_sendmsg+0xf3/0x170 [ 2912.979616][T29516] ? sendmsg_copy_msghdr+0x160/0x160 [ 2912.984885][T29516] ? __fget_files+0x272/0x400 [ 2912.989558][T29516] ? lock_downgrade+0x820/0x820 [ 2912.994402][T29516] ? find_held_lock+0x2d/0x110 [ 2912.999158][T29516] ? __might_fault+0x11f/0x1d0 [ 2913.003905][T29516] ? __fget_files+0x294/0x400 [ 2913.008578][T29516] ? __fget_light+0xea/0x280 [ 2913.013160][T29516] __sys_sendmsg+0xe5/0x1b0 [ 2913.017651][T29516] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2913.022667][T29516] ? __x64_sys_futex+0x382/0x4e0 [ 2913.027608][T29516] ? do_syscall_64+0x1c/0xe0 [ 2913.032198][T29516] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2913.038195][T29516] do_syscall_64+0x60/0xe0 [ 2913.042616][T29516] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2913.048494][T29516] RIP: 0033:0x45c369 [ 2913.052377][T29516] Code: Bad RIP value. [ 2913.056428][T29516] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2913.064856][T29516] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2913.072810][T29516] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2913.080793][T29516] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2913.088752][T29516] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2913.096725][T29516] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac [ 2913.117372][T29554] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2913.129436][T29554] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2913.145640][T29542] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2913.157881][T29542] CPU: 0 PID: 29542 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2913.166583][T29542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2913.176647][T29542] Call Trace: [ 2913.179947][T29542] dump_stack+0x18f/0x20d [ 2913.184294][T29542] sysfs_warn_dup.cold+0x1c/0x2d [ 2913.189224][T29542] sysfs_do_create_link_sd+0x11e/0x140 [ 2913.194665][T29542] sysfs_create_link+0x5f/0xc0 [ 2913.199417][T29542] device_add+0x6ff/0x1b00 [ 2913.203818][T29542] ? device_check_offline+0x280/0x280 [ 2913.209213][T29542] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2913.215218][T29542] wiphy_register+0x1d5b/0x2840 [ 2913.220088][T29542] ? wiphy_unregister+0xc10/0xc10 [ 2913.225121][T29542] ? default_device_exit_batch+0x3d0/0x3d0 [ 2913.230944][T29542] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2913.237050][T29542] ieee80211_register_hw+0x2291/0x3950 [ 2913.242533][T29542] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2913.247931][T29542] ? lock_downgrade+0x820/0x820 [ 2913.252788][T29542] ? lock_is_held_type+0xb0/0xe0 [ 2913.257725][T29542] ? memset+0x20/0x40 [ 2913.261726][T29542] ? __hrtimer_init+0x12c/0x260 [ 2913.266588][T29542] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2913.272325][T29542] ? hwsim_virtio_rx_work+0x350/0x350 [ 2913.277705][T29542] ? memcpy+0x39/0x60 [ 2913.281737][T29542] hwsim_new_radio_nl+0x93e/0xf8c [ 2913.286773][T29542] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2913.292686][T29542] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2913.299630][T29542] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2913.306503][T29542] genl_rcv_msg+0x61d/0x980 [ 2913.311035][T29542] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2913.318084][T29542] ? lock_release+0x8d0/0x8d0 [ 2913.322746][T29542] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2913.328029][T29542] netlink_rcv_skb+0x15a/0x430 [ 2913.332773][T29542] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2913.339684][T29542] ? netlink_ack+0xa10/0xa10 [ 2913.344257][T29542] genl_rcv+0x24/0x40 [ 2913.348217][T29542] netlink_unicast+0x533/0x7d0 [ 2913.353138][T29542] ? netlink_attachskb+0x810/0x810 [ 2913.358228][T29542] ? _copy_from_iter_full+0x247/0x890 [ 2913.363715][T29542] ? __phys_addr+0x9a/0x110 [ 2913.368200][T29542] ? __phys_addr_symbol+0x2c/0x70 [ 2913.373202][T29542] ? __check_object_size+0x171/0x3e4 [ 2913.378470][T29542] netlink_sendmsg+0x856/0xd90 [ 2913.383228][T29542] ? netlink_unicast+0x7d0/0x7d0 [ 2913.388285][T29542] ? netlink_unicast+0x7d0/0x7d0 [ 2913.393202][T29542] sock_sendmsg+0xcf/0x120 [ 2913.397596][T29542] ____sys_sendmsg+0x6e8/0x810 [ 2913.402341][T29542] ? kernel_sendmsg+0x50/0x50 [ 2913.406994][T29542] ? do_recvmmsg+0x6d0/0x6d0 [ 2913.411568][T29542] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2913.417525][T29542] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2913.423488][T29542] ___sys_sendmsg+0xf3/0x170 [ 2913.428066][T29542] ? sendmsg_copy_msghdr+0x160/0x160 [ 2913.433337][T29542] ? __fget_files+0x272/0x400 [ 2913.437994][T29542] ? lock_downgrade+0x820/0x820 [ 2913.442821][T29542] ? find_held_lock+0x2d/0x110 [ 2913.447560][T29542] ? __might_fault+0x11f/0x1d0 [ 2913.452306][T29542] ? __fget_files+0x294/0x400 [ 2913.456968][T29542] ? __fget_light+0xea/0x280 [ 2913.461592][T29542] __sys_sendmsg+0xe5/0x1b0 [ 2913.466074][T29542] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2913.471081][T29542] ? do_syscall_64+0x1c/0xe0 [ 2913.475659][T29542] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2913.481625][T29542] do_syscall_64+0x60/0xe0 [ 2913.486121][T29542] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2913.492174][T29542] RIP: 0033:0x45c369 [ 2913.496041][T29542] Code: Bad RIP value. [ 2913.500080][T29542] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2913.508468][T29542] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2913.516413][T29542] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2913.524360][T29542] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2913.532308][T29542] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c 22:19:53 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e60, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:53 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x2, 0x0, 0x0, 0x10}, 0x0) 22:19:53 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:53 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a001007d700000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2913.540255][T29542] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2913.567039][T29570] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2913.574724][T29570] CPU: 1 PID: 29570 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2913.583392][T29570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2913.593457][T29570] Call Trace: 22:19:53 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2303e70025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2913.596762][T29570] dump_stack+0x18f/0x20d [ 2913.601102][T29570] sysfs_warn_dup.cold+0x1c/0x2d [ 2913.606157][T29570] sysfs_do_create_link_sd+0x11e/0x140 [ 2913.611607][T29570] sysfs_create_link+0x5f/0xc0 [ 2913.616373][T29570] device_add+0x6ff/0x1b00 [ 2913.620803][T29570] ? device_check_offline+0x280/0x280 [ 2913.626189][T29570] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2913.632191][T29570] wiphy_register+0x1d5b/0x2840 [ 2913.637076][T29570] ? wiphy_unregister+0xc10/0xc10 [ 2913.642114][T29570] ? default_device_exit_batch+0x3d0/0x3d0 [ 2913.647948][T29570] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2913.654036][T29570] ieee80211_register_hw+0x2291/0x3950 [ 2913.659527][T29570] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2913.664916][T29570] ? lock_downgrade+0x820/0x820 [ 2913.669781][T29570] ? lock_is_held_type+0xb0/0xe0 [ 2913.674738][T29570] ? memset+0x20/0x40 [ 2913.678735][T29570] ? __hrtimer_init+0x12c/0x260 [ 2913.683603][T29570] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2913.689374][T29570] ? hwsim_virtio_rx_work+0x350/0x350 [ 2913.694765][T29570] ? memcpy+0x39/0x60 [ 2913.698786][T29570] hwsim_new_radio_nl+0x93e/0xf8c [ 2913.703836][T29570] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2913.709759][T29570] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2913.716716][T29570] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2913.723577][T29570] genl_rcv_msg+0x61d/0x980 [ 2913.728079][T29570] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2913.735003][T29570] ? lock_release+0x8d0/0x8d0 [ 2913.739656][T29570] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2913.744923][T29570] netlink_rcv_skb+0x15a/0x430 [ 2913.749669][T29570] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2913.756584][T29570] ? netlink_ack+0xa10/0xa10 [ 2913.761162][T29570] genl_rcv+0x24/0x40 [ 2913.765122][T29570] netlink_unicast+0x533/0x7d0 [ 2913.769868][T29570] ? netlink_attachskb+0x810/0x810 [ 2913.774955][T29570] ? _copy_from_iter_full+0x247/0x890 [ 2913.780302][T29570] ? __phys_addr+0x9a/0x110 [ 2913.784784][T29570] ? __phys_addr_symbol+0x2c/0x70 [ 2913.789788][T29570] ? __check_object_size+0x171/0x3e4 [ 2913.795055][T29570] netlink_sendmsg+0x856/0xd90 [ 2913.799804][T29570] ? netlink_unicast+0x7d0/0x7d0 [ 2913.804724][T29570] ? netlink_unicast+0x7d0/0x7d0 [ 2913.809640][T29570] sock_sendmsg+0xcf/0x120 [ 2913.814039][T29570] ____sys_sendmsg+0x6e8/0x810 [ 2913.818781][T29570] ? kernel_sendmsg+0x50/0x50 [ 2913.823444][T29570] ? do_recvmmsg+0x6d0/0x6d0 [ 2913.828018][T29570] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2913.833981][T29570] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2913.839937][T29570] ? __lock_acquire+0xc1e/0x56e0 [ 2913.844853][T29570] ___sys_sendmsg+0xf3/0x170 [ 2913.849423][T29570] ? sendmsg_copy_msghdr+0x160/0x160 [ 2913.854708][T29570] ? __fget_files+0x272/0x400 [ 2913.859369][T29570] ? lock_downgrade+0x820/0x820 [ 2913.864198][T29570] ? find_held_lock+0x2d/0x110 [ 2913.868942][T29570] ? __might_fault+0x11f/0x1d0 [ 2913.873695][T29570] ? __fget_files+0x294/0x400 [ 2913.878358][T29570] ? __fget_light+0xea/0x280 [ 2913.882931][T29570] __sys_sendmsg+0xe5/0x1b0 [ 2913.887415][T29570] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2913.892419][T29570] ? __x64_sys_futex+0x382/0x4e0 [ 2913.897342][T29570] ? do_syscall_64+0x1c/0xe0 [ 2913.901909][T29570] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2913.907868][T29570] do_syscall_64+0x60/0xe0 [ 2913.912265][T29570] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2913.918141][T29570] RIP: 0033:0x45c369 [ 2913.922018][T29570] Code: Bad RIP value. [ 2913.926067][T29570] RSP: 002b:00007f4e9be65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2913.934456][T29570] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2913.942404][T29570] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2913.950354][T29570] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2913.958302][T29570] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2913.966255][T29570] R13: 00007ffd77e9fdcf R14: 00007f4e9be669c0 R15: 000000000078c04c [ 2913.985157][T29581] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2913.995069][T29585] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2914.017002][T29583] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2914.024678][T29583] CPU: 0 PID: 29583 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2914.033354][T29583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2914.043418][T29583] Call Trace: [ 2914.046722][T29583] dump_stack+0x18f/0x20d [ 2914.051068][T29583] sysfs_warn_dup.cold+0x1c/0x2d [ 2914.056015][T29583] sysfs_do_create_link_sd+0x11e/0x140 [ 2914.061498][T29583] sysfs_create_link+0x5f/0xc0 [ 2914.066276][T29583] device_add+0x6ff/0x1b00 [ 2914.070710][T29583] ? device_check_offline+0x280/0x280 [ 2914.076105][T29583] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2914.082111][T29583] wiphy_register+0x1d5b/0x2840 [ 2914.086995][T29583] ? wiphy_unregister+0xc10/0xc10 [ 2914.092029][T29583] ? default_device_exit_batch+0x3d0/0x3d0 [ 2914.097852][T29583] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2914.103964][T29583] ieee80211_register_hw+0x2291/0x3950 [ 2914.109476][T29583] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2914.114870][T29583] ? lock_downgrade+0x820/0x820 [ 2914.119748][T29583] ? lock_is_held_type+0xb0/0xe0 [ 2914.124696][T29583] ? memset+0x20/0x40 [ 2914.128689][T29583] ? __hrtimer_init+0x12c/0x260 [ 2914.133563][T29583] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2914.139310][T29583] ? hwsim_virtio_rx_work+0x350/0x350 [ 2914.144689][T29583] ? memcpy+0x39/0x60 [ 2914.148709][T29583] hwsim_new_radio_nl+0x93e/0xf8c [ 2914.153758][T29583] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2914.159687][T29583] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2914.166645][T29583] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2914.173536][T29583] genl_rcv_msg+0x61d/0x980 [ 2914.178063][T29583] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2914.185027][T29583] ? lock_release+0x8d0/0x8d0 [ 2914.189712][T29583] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2914.195015][T29583] netlink_rcv_skb+0x15a/0x430 [ 2914.199796][T29583] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2914.206748][T29583] ? netlink_ack+0xa10/0xa10 [ 2914.211369][T29583] genl_rcv+0x24/0x40 [ 2914.215364][T29583] netlink_unicast+0x533/0x7d0 [ 2914.220151][T29583] ? netlink_attachskb+0x810/0x810 [ 2914.225275][T29583] ? _copy_from_iter_full+0x247/0x890 [ 2914.230659][T29583] ? __phys_addr+0x9a/0x110 [ 2914.235172][T29583] ? __phys_addr_symbol+0x2c/0x70 [ 2914.240205][T29583] ? __check_object_size+0x171/0x3e4 [ 2914.245591][T29583] netlink_sendmsg+0x856/0xd90 [ 2914.250370][T29583] ? netlink_unicast+0x7d0/0x7d0 [ 2914.255351][T29583] ? netlink_unicast+0x7d0/0x7d0 [ 2914.260289][T29583] sock_sendmsg+0xcf/0x120 [ 2914.264730][T29583] ____sys_sendmsg+0x6e8/0x810 [ 2914.269512][T29583] ? kernel_sendmsg+0x50/0x50 [ 2914.274210][T29583] ? do_recvmmsg+0x6d0/0x6d0 [ 2914.282882][T29583] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2914.288856][T29583] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2914.294840][T29583] ? __lock_acquire+0xc1e/0x56e0 [ 2914.299786][T29583] ___sys_sendmsg+0xf3/0x170 [ 2914.304359][T29583] ? sendmsg_copy_msghdr+0x160/0x160 [ 2914.309627][T29583] ? __fget_files+0x272/0x400 [ 2914.314296][T29583] ? lock_downgrade+0x820/0x820 [ 2914.319159][T29583] ? find_held_lock+0x2d/0x110 [ 2914.324021][T29583] ? __might_fault+0x11f/0x1d0 [ 2914.328802][T29583] ? __fget_files+0x294/0x400 [ 2914.333495][T29583] ? __fget_light+0xea/0x280 [ 2914.338100][T29583] __sys_sendmsg+0xe5/0x1b0 [ 2914.342614][T29583] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2914.347665][T29583] ? __x64_sys_futex+0x382/0x4e0 [ 2914.352625][T29583] ? do_syscall_64+0x1c/0xe0 [ 2914.357226][T29583] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2914.363227][T29583] do_syscall_64+0x60/0xe0 [ 2914.367662][T29583] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2914.373562][T29583] RIP: 0033:0x45c369 [ 2914.377470][T29583] Code: Bad RIP value. [ 2914.381533][T29583] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2914.389942][T29583] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:19:53 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e60, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:53 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:53 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000200000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:53 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x8, 0x0, 0x0, 0x10}, 0x0) [ 2914.397921][T29583] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2914.405901][T29583] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2914.413857][T29583] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2914.421824][T29583] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:54 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:54 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300f00025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2914.545809][T29603] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2914.562872][T29607] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2914.574855][T29607] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:54 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2914.601615][T29586] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2914.634660][T29586] CPU: 1 PID: 29586 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2914.643493][T29586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2914.653557][T29586] Call Trace: [ 2914.656866][T29586] dump_stack+0x18f/0x20d [ 2914.661214][T29586] sysfs_warn_dup.cold+0x1c/0x2d [ 2914.666168][T29586] sysfs_do_create_link_sd+0x11e/0x140 [ 2914.671652][T29586] sysfs_create_link+0x5f/0xc0 [ 2914.676427][T29586] device_add+0x6ff/0x1b00 [ 2914.680855][T29586] ? device_check_offline+0x280/0x280 [ 2914.686232][T29586] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2914.692218][T29586] wiphy_register+0x1d5b/0x2840 [ 2914.697110][T29586] ? wiphy_unregister+0xc10/0xc10 [ 2914.702154][T29586] ? default_device_exit_batch+0x3d0/0x3d0 [ 2914.707989][T29586] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2914.714073][T29586] ieee80211_register_hw+0x2291/0x3950 [ 2914.719568][T29586] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2914.724966][T29586] ? lock_downgrade+0x820/0x820 [ 2914.729831][T29586] ? lock_is_held_type+0xb0/0xe0 [ 2914.734780][T29586] ? memset+0x20/0x40 [ 2914.738776][T29586] ? __hrtimer_init+0x12c/0x260 [ 2914.743645][T29586] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2914.749391][T29586] ? hwsim_virtio_rx_work+0x350/0x350 [ 2914.754750][T29586] ? memcpy+0x39/0x60 [ 2914.758731][T29586] hwsim_new_radio_nl+0x93e/0xf8c [ 2914.763749][T29586] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2914.769731][T29586] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2914.776650][T29586] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2914.783479][T29586] genl_rcv_msg+0x61d/0x980 [ 2914.787985][T29586] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2914.794913][T29586] ? lock_release+0x8d0/0x8d0 [ 2914.799577][T29586] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2914.804844][T29586] netlink_rcv_skb+0x15a/0x430 [ 2914.809593][T29586] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2914.816521][T29586] ? netlink_ack+0xa10/0xa10 [ 2914.821104][T29586] genl_rcv+0x24/0x40 [ 2914.825070][T29586] netlink_unicast+0x533/0x7d0 [ 2914.829834][T29586] ? netlink_attachskb+0x810/0x810 [ 2914.834927][T29586] ? _copy_from_iter_full+0x247/0x890 [ 2914.840300][T29586] ? __phys_addr+0x9a/0x110 [ 2914.844801][T29586] ? __phys_addr_symbol+0x2c/0x70 [ 2914.849814][T29586] ? __check_object_size+0x171/0x3e4 [ 2914.855088][T29586] netlink_sendmsg+0x856/0xd90 [ 2914.859850][T29586] ? netlink_unicast+0x7d0/0x7d0 [ 2914.864781][T29586] ? netlink_unicast+0x7d0/0x7d0 [ 2914.870762][T29586] sock_sendmsg+0xcf/0x120 [ 2914.875227][T29586] ____sys_sendmsg+0x6e8/0x810 [ 2914.879973][T29586] ? kernel_sendmsg+0x50/0x50 [ 2914.884642][T29586] ? do_recvmmsg+0x6d0/0x6d0 [ 2914.889211][T29586] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2914.895166][T29586] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2914.901123][T29586] ? __lock_acquire+0xc1e/0x56e0 [ 2914.906042][T29586] ___sys_sendmsg+0xf3/0x170 [ 2914.910608][T29586] ? sendmsg_copy_msghdr+0x160/0x160 [ 2914.915882][T29586] ? __fget_files+0x272/0x400 [ 2914.920549][T29586] ? lock_downgrade+0x820/0x820 [ 2914.925385][T29586] ? find_held_lock+0x2d/0x110 [ 2914.930139][T29586] ? __might_fault+0x11f/0x1d0 [ 2914.934885][T29586] ? __fget_files+0x294/0x400 [ 2914.939543][T29586] ? __fget_light+0xea/0x280 [ 2914.944120][T29586] __sys_sendmsg+0xe5/0x1b0 [ 2914.948603][T29586] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2914.953737][T29586] ? __x64_sys_futex+0x382/0x4e0 [ 2914.958662][T29586] ? do_syscall_64+0x1c/0xe0 [ 2914.963232][T29586] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2914.969190][T29586] do_syscall_64+0x60/0xe0 [ 2914.973589][T29586] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2914.979458][T29586] RIP: 0033:0x45c369 [ 2914.983328][T29586] Code: Bad RIP value. [ 2914.987377][T29586] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2914.995789][T29586] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2915.003862][T29586] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2915.011815][T29586] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2915.019783][T29586] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2915.027735][T29586] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac 22:19:54 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e68, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:54 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:54 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000300000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:54 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x9, 0x0, 0x0, 0x10}, 0x0) [ 2915.114307][T29609] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2915.140787][T29609] CPU: 0 PID: 29609 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2915.149507][T29609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2915.159689][T29609] Call Trace: [ 2915.162995][T29609] dump_stack+0x18f/0x20d [ 2915.167350][T29609] sysfs_warn_dup.cold+0x1c/0x2d [ 2915.172308][T29609] sysfs_do_create_link_sd+0x11e/0x140 [ 2915.177781][T29609] sysfs_create_link+0x5f/0xc0 [ 2915.182564][T29609] device_add+0x6ff/0x1b00 [ 2915.186995][T29609] ? device_check_offline+0x280/0x280 [ 2915.192380][T29609] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2915.198381][T29609] wiphy_register+0x1d5b/0x2840 [ 2915.203275][T29609] ? wiphy_unregister+0xc10/0xc10 [ 2915.208333][T29609] ? default_device_exit_batch+0x3d0/0x3d0 [ 2915.214198][T29609] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2915.220296][T29609] ieee80211_register_hw+0x2291/0x3950 [ 2915.225815][T29609] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2915.231217][T29609] ? lock_downgrade+0x820/0x820 [ 2915.236084][T29609] ? lock_is_held_type+0xb0/0xe0 [ 2915.241018][T29609] ? memset+0x20/0x40 [ 2915.245005][T29609] ? __hrtimer_init+0x12c/0x260 [ 2915.249867][T29609] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2915.255624][T29609] ? hwsim_virtio_rx_work+0x350/0x350 [ 2915.261016][T29609] ? memcpy+0x39/0x60 [ 2915.264997][T29609] hwsim_new_radio_nl+0x93e/0xf8c [ 2915.270401][T29609] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2915.276292][T29609] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2915.283253][T29609] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2915.290109][T29609] genl_rcv_msg+0x61d/0x980 [ 2915.294626][T29609] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2915.301566][T29609] ? lock_release+0x8d0/0x8d0 [ 2915.306255][T29609] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2915.311539][T29609] netlink_rcv_skb+0x15a/0x430 [ 2915.316303][T29609] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2915.323228][T29609] ? netlink_ack+0xa10/0xa10 [ 2915.327809][T29609] genl_rcv+0x24/0x40 [ 2915.331771][T29609] netlink_unicast+0x533/0x7d0 [ 2915.336535][T29609] ? netlink_attachskb+0x810/0x810 [ 2915.341628][T29609] ? _copy_from_iter_full+0x247/0x890 [ 2915.346979][T29609] ? __phys_addr+0x9a/0x110 [ 2915.351480][T29609] ? __phys_addr_symbol+0x2c/0x70 [ 2915.356500][T29609] ? __check_object_size+0x171/0x3e4 [ 2915.361793][T29609] netlink_sendmsg+0x856/0xd90 [ 2915.366555][T29609] ? netlink_unicast+0x7d0/0x7d0 [ 2915.371546][T29609] ? netlink_unicast+0x7d0/0x7d0 [ 2915.376503][T29609] sock_sendmsg+0xcf/0x120 [ 2915.380944][T29609] ____sys_sendmsg+0x6e8/0x810 [ 2915.385722][T29609] ? kernel_sendmsg+0x50/0x50 [ 2915.390415][T29609] ? do_recvmmsg+0x6d0/0x6d0 [ 2915.395017][T29609] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2915.401124][T29609] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2915.407111][T29609] ? do_user_addr_fault+0x8ce/0xd00 [ 2915.412328][T29609] ___sys_sendmsg+0xf3/0x170 [ 2915.416942][T29609] ? sendmsg_copy_msghdr+0x160/0x160 [ 2915.422251][T29609] ? __fget_files+0x272/0x400 [ 2915.426947][T29609] ? lock_downgrade+0x820/0x820 [ 2915.431814][T29609] ? find_held_lock+0x2d/0x110 [ 2915.436589][T29609] ? __might_fault+0x11f/0x1d0 [ 2915.441372][T29609] ? __fget_files+0x294/0x400 [ 2915.446065][T29609] ? __fget_light+0xea/0x280 [ 2915.450663][T29609] __sys_sendmsg+0xe5/0x1b0 [ 2915.455160][T29609] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2915.460180][T29609] ? __x64_sys_futex+0x382/0x4e0 [ 2915.465123][T29609] ? do_syscall_64+0x1c/0xe0 [ 2915.470398][T29609] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2915.476386][T29609] do_syscall_64+0x60/0xe0 [ 2915.480882][T29609] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2915.486794][T29609] RIP: 0033:0x45c369 [ 2915.490815][T29609] Code: Bad RIP value. [ 2915.494854][T29609] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2915.503244][T29609] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:19:55 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2915.511215][T29609] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2915.519183][T29609] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2915.527133][T29609] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2915.535083][T29609] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2915.558760][T29633] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2915.600436][T29633] CPU: 1 PID: 29633 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2915.609157][T29633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2915.619217][T29633] Call Trace: [ 2915.622523][T29633] dump_stack+0x18f/0x20d [ 2915.626888][T29633] sysfs_warn_dup.cold+0x1c/0x2d [ 2915.631836][T29633] sysfs_do_create_link_sd+0x11e/0x140 [ 2915.637306][T29633] sysfs_create_link+0x5f/0xc0 [ 2915.642077][T29633] device_add+0x6ff/0x1b00 [ 2915.646504][T29633] ? device_check_offline+0x280/0x280 [ 2915.651882][T29633] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2915.657876][T29633] wiphy_register+0x1d5b/0x2840 [ 2915.662743][T29633] ? wiphy_unregister+0xc10/0xc10 [ 2915.667776][T29633] ? default_device_exit_batch+0x3d0/0x3d0 [ 2915.673601][T29633] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2915.679681][T29633] ieee80211_register_hw+0x2291/0x3950 [ 2915.685162][T29633] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2915.690548][T29633] ? lock_downgrade+0x820/0x820 [ 2915.695403][T29633] ? lock_is_held_type+0xb0/0xe0 [ 2915.700332][T29633] ? memset+0x20/0x40 [ 2915.704293][T29633] ? __hrtimer_init+0x12c/0x260 [ 2915.709123][T29633] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2915.714826][T29633] ? hwsim_virtio_rx_work+0x350/0x350 [ 2915.720177][T29633] ? memcpy+0x39/0x60 [ 2915.724142][T29633] hwsim_new_radio_nl+0x93e/0xf8c [ 2915.729149][T29633] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2915.735028][T29633] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2915.741940][T29633] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2915.748768][T29633] genl_rcv_msg+0x61d/0x980 [ 2915.753252][T29633] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2915.760170][T29633] ? lock_release+0x8d0/0x8d0 [ 2915.764821][T29633] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2915.770084][T29633] netlink_rcv_skb+0x15a/0x430 [ 2915.774823][T29633] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2915.781731][T29633] ? netlink_ack+0xa10/0xa10 [ 2915.786306][T29633] genl_rcv+0x24/0x40 [ 2915.790269][T29633] netlink_unicast+0x533/0x7d0 [ 2915.795009][T29633] ? netlink_attachskb+0x810/0x810 [ 2915.800103][T29633] ? _copy_from_iter_full+0x247/0x890 [ 2915.805458][T29633] ? __phys_addr+0x9a/0x110 [ 2915.809942][T29633] ? __phys_addr_symbol+0x2c/0x70 [ 2915.814955][T29633] ? __check_object_size+0x171/0x3e4 [ 2915.820220][T29633] netlink_sendmsg+0x856/0xd90 [ 2915.824961][T29633] ? netlink_unicast+0x7d0/0x7d0 [ 2915.829878][T29633] ? netlink_unicast+0x7d0/0x7d0 [ 2915.834787][T29633] sock_sendmsg+0xcf/0x120 [ 2915.839183][T29633] ____sys_sendmsg+0x6e8/0x810 [ 2915.843918][T29633] ? kernel_sendmsg+0x50/0x50 [ 2915.848579][T29633] ? do_recvmmsg+0x6d0/0x6d0 [ 2915.853161][T29633] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2915.859121][T29633] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2915.865072][T29633] ? __lock_acquire+0xc1e/0x56e0 [ 2915.870144][T29633] ___sys_sendmsg+0xf3/0x170 [ 2915.874711][T29633] ? sendmsg_copy_msghdr+0x160/0x160 [ 2915.879973][T29633] ? __fget_files+0x272/0x400 [ 2915.884628][T29633] ? lock_downgrade+0x820/0x820 [ 2915.889452][T29633] ? find_held_lock+0x2d/0x110 [ 2915.894188][T29633] ? __might_fault+0x11f/0x1d0 [ 2915.898932][T29633] ? __fget_files+0x294/0x400 [ 2915.903583][T29633] ? __fget_light+0xea/0x280 [ 2915.908151][T29633] __sys_sendmsg+0xe5/0x1b0 [ 2915.912627][T29633] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2915.917636][T29633] ? __x64_sys_futex+0x382/0x4e0 [ 2915.922564][T29633] ? do_syscall_64+0x1c/0xe0 [ 2915.927129][T29633] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2915.933085][T29633] do_syscall_64+0x60/0xe0 [ 2915.937488][T29633] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2915.943365][T29633] RIP: 0033:0x45c369 [ 2915.947228][T29633] Code: Bad RIP value. [ 2915.951263][T29633] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2915.959653][T29633] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2915.967597][T29633] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2915.975549][T29633] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2915.983508][T29633] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2915.991459][T29633] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2916.005930][T29634] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2916.014382][T29634] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2916.024071][T29635] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2916.044464][T29637] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2916.060099][T29637] CPU: 1 PID: 29637 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2916.068812][T29637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2916.078872][T29637] Call Trace: [ 2916.082173][T29637] dump_stack+0x18f/0x20d [ 2916.086520][T29637] sysfs_warn_dup.cold+0x1c/0x2d [ 2916.091474][T29637] sysfs_do_create_link_sd+0x11e/0x140 [ 2916.096947][T29637] sysfs_create_link+0x5f/0xc0 [ 2916.101775][T29637] device_add+0x6ff/0x1b00 [ 2916.106227][T29637] ? device_check_offline+0x280/0x280 [ 2916.111612][T29637] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2916.117612][T29637] wiphy_register+0x1d5b/0x2840 [ 2916.122486][T29637] ? wiphy_unregister+0xc10/0xc10 [ 2916.127522][T29637] ? default_device_exit_batch+0x3d0/0x3d0 [ 2916.133336][T29637] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2916.139411][T29637] ieee80211_register_hw+0x2291/0x3950 [ 2916.144904][T29637] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2916.150277][T29637] ? lock_downgrade+0x820/0x820 [ 2916.155105][T29637] ? lock_is_held_type+0xb0/0xe0 [ 2916.160024][T29637] ? memset+0x20/0x40 [ 2916.163990][T29637] ? __hrtimer_init+0x12c/0x260 [ 2916.168837][T29637] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2916.174559][T29637] ? hwsim_virtio_rx_work+0x350/0x350 [ 2916.179913][T29637] ? memcpy+0x39/0x60 [ 2916.183880][T29637] hwsim_new_radio_nl+0x93e/0xf8c [ 2916.188897][T29637] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2916.194780][T29637] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2916.201694][T29637] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2916.208535][T29637] genl_rcv_msg+0x61d/0x980 [ 2916.213041][T29637] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2916.219956][T29637] ? lock_release+0x8d0/0x8d0 [ 2916.224609][T29637] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2916.229877][T29637] netlink_rcv_skb+0x15a/0x430 [ 2916.234618][T29637] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2916.241527][T29637] ? netlink_ack+0xa10/0xa10 [ 2916.246121][T29637] genl_rcv+0x24/0x40 [ 2916.250093][T29637] netlink_unicast+0x533/0x7d0 [ 2916.254832][T29637] ? netlink_attachskb+0x810/0x810 [ 2916.259920][T29637] ? _copy_from_iter_full+0x247/0x890 [ 2916.265271][T29637] ? __phys_addr+0x9a/0x110 [ 2916.269758][T29637] ? __phys_addr_symbol+0x2c/0x70 [ 2916.274758][T29637] ? __check_object_size+0x171/0x3e4 [ 2916.280032][T29637] netlink_sendmsg+0x856/0xd90 [ 2916.284781][T29637] ? netlink_unicast+0x7d0/0x7d0 [ 2916.289716][T29637] ? netlink_unicast+0x7d0/0x7d0 [ 2916.294634][T29637] sock_sendmsg+0xcf/0x120 [ 2916.299033][T29637] ____sys_sendmsg+0x6e8/0x810 [ 2916.303776][T29637] ? kernel_sendmsg+0x50/0x50 [ 2916.308435][T29637] ? do_recvmmsg+0x6d0/0x6d0 [ 2916.313018][T29637] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2916.319009][T29637] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2916.324974][T29637] ? __lock_acquire+0xc1e/0x56e0 [ 2916.329893][T29637] ___sys_sendmsg+0xf3/0x170 [ 2916.334468][T29637] ? sendmsg_copy_msghdr+0x160/0x160 [ 2916.339733][T29637] ? __fget_files+0x272/0x400 [ 2916.344479][T29637] ? lock_downgrade+0x820/0x820 [ 2916.349394][T29637] ? find_held_lock+0x2d/0x110 [ 2916.354136][T29637] ? __might_fault+0x11f/0x1d0 [ 2916.358883][T29637] ? __fget_files+0x294/0x400 [ 2916.363541][T29637] ? __fget_light+0xea/0x280 [ 2916.368125][T29637] __sys_sendmsg+0xe5/0x1b0 [ 2916.372614][T29637] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2916.377627][T29637] ? __x64_sys_futex+0x382/0x4e0 [ 2916.382563][T29637] ? do_syscall_64+0x1c/0xe0 [ 2916.387143][T29637] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2916.393113][T29637] do_syscall_64+0x60/0xe0 [ 2916.397523][T29637] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2916.403399][T29637] RIP: 0033:0x45c369 [ 2916.407268][T29637] Code: Bad RIP value. [ 2916.411315][T29637] RSP: 002b:00007f4e9be65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2916.419912][T29637] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2916.427871][T29637] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2916.435948][T29637] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2916.443907][T29637] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2916.451859][T29637] R13: 00007ffd77e9fdcf R14: 00007f4e9be669c0 R15: 000000000078c04c [ 2916.476586][T29652] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2916.484366][T29652] CPU: 0 PID: 29652 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2916.493045][T29652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2916.503270][T29652] Call Trace: [ 2916.506565][T29652] dump_stack+0x18f/0x20d [ 2916.511045][T29652] sysfs_warn_dup.cold+0x1c/0x2d [ 2916.515993][T29652] sysfs_do_create_link_sd+0x11e/0x140 [ 2916.521465][T29652] sysfs_create_link+0x5f/0xc0 [ 2916.526354][T29652] device_add+0x6ff/0x1b00 [ 2916.530876][T29652] ? device_check_offline+0x280/0x280 [ 2916.536266][T29652] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2916.542269][T29652] wiphy_register+0x1d5b/0x2840 [ 2916.547163][T29652] ? wiphy_unregister+0xc10/0xc10 [ 2916.552219][T29652] ? default_device_exit_batch+0x3d0/0x3d0 [ 2916.558055][T29652] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2916.564153][T29652] ieee80211_register_hw+0x2291/0x3950 [ 2916.569640][T29652] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2916.575040][T29652] ? lock_downgrade+0x820/0x820 [ 2916.579917][T29652] ? lock_is_held_type+0xb0/0xe0 [ 2916.584887][T29652] ? memset+0x20/0x40 [ 2916.588885][T29652] ? __hrtimer_init+0x12c/0x260 [ 2916.593866][T29652] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2916.599618][T29652] ? hwsim_virtio_rx_work+0x350/0x350 [ 2916.605013][T29652] ? memcpy+0x39/0x60 [ 2916.609007][T29652] hwsim_new_radio_nl+0x93e/0xf8c [ 2916.614219][T29652] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2916.620141][T29652] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2916.627095][T29652] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2916.633966][T29652] genl_rcv_msg+0x61d/0x980 [ 2916.638492][T29652] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2916.645449][T29652] ? lock_release+0x8d0/0x8d0 [ 2916.650145][T29652] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2916.655460][T29652] netlink_rcv_skb+0x15a/0x430 [ 2916.660240][T29652] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2916.667187][T29652] ? netlink_ack+0xa10/0xa10 [ 2916.671805][T29652] genl_rcv+0x24/0x40 [ 2916.675819][T29652] netlink_unicast+0x533/0x7d0 [ 2916.685295][T29652] ? netlink_attachskb+0x810/0x810 [ 2916.690419][T29652] ? _copy_from_iter_full+0x247/0x890 [ 2916.695823][T29652] ? __phys_addr+0x9a/0x110 [ 2916.700339][T29652] ? __phys_addr_symbol+0x2c/0x70 [ 2916.705380][T29652] ? __check_object_size+0x171/0x3e4 [ 2916.710685][T29652] netlink_sendmsg+0x856/0xd90 [ 2916.715470][T29652] ? netlink_unicast+0x7d0/0x7d0 [ 2916.720430][T29652] ? netlink_unicast+0x7d0/0x7d0 22:19:56 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e68, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:56 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:56 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000026000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:56 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0xa, 0x0, 0x0, 0x10}, 0x0) 22:19:56 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000400000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2916.725382][T29652] sock_sendmsg+0xcf/0x120 [ 2916.729813][T29652] ____sys_sendmsg+0x6e8/0x810 [ 2916.734589][T29652] ? kernel_sendmsg+0x50/0x50 [ 2916.739269][T29652] ? do_recvmmsg+0x6d0/0x6d0 [ 2916.743872][T29652] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2916.749888][T29652] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2916.755877][T29652] ? __lock_acquire+0xc1e/0x56e0 [ 2916.760832][T29652] ___sys_sendmsg+0xf3/0x170 [ 2916.765463][T29652] ? sendmsg_copy_msghdr+0x160/0x160 [ 2916.770758][T29652] ? __fget_files+0x272/0x400 [ 2916.778663][T29652] ? lock_downgrade+0x820/0x820 [ 2916.783531][T29652] ? find_held_lock+0x2d/0x110 [ 2916.788315][T29652] ? __might_fault+0x11f/0x1d0 [ 2916.793104][T29652] ? __fget_files+0x294/0x400 [ 2916.797802][T29652] ? __fget_light+0xea/0x280 [ 2916.802412][T29652] __sys_sendmsg+0xe5/0x1b0 [ 2916.806935][T29652] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2916.812016][T29652] ? __x64_sys_futex+0x382/0x4e0 [ 2916.816980][T29652] ? do_syscall_64+0x1c/0xe0 [ 2916.821586][T29652] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 22:19:56 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2916.827584][T29652] do_syscall_64+0x60/0xe0 [ 2916.832016][T29652] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2916.837913][T29652] RIP: 0033:0x45c369 [ 2916.841801][T29652] Code: Bad RIP value. [ 2916.845874][T29652] RSP: 002b:00007f08d4269c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2916.854295][T29652] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2916.862279][T29652] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2916.870260][T29652] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2916.878240][T29652] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2916.886226][T29652] R13: 00007ffe336fa22f R14: 00007f08d426a9c0 R15: 000000000078c04c 22:19:56 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2916.954580][T29671] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2916.976493][T29671] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:19:56 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e6c, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2916.999928][T29684] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2917.014174][T29670] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2917.038645][T29670] CPU: 1 PID: 29670 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2917.047357][T29670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2917.057416][T29670] Call Trace: [ 2917.060725][T29670] dump_stack+0x18f/0x20d [ 2917.065073][T29670] sysfs_warn_dup.cold+0x1c/0x2d [ 2917.070021][T29670] sysfs_do_create_link_sd+0x11e/0x140 [ 2917.075492][T29670] sysfs_create_link+0x5f/0xc0 [ 2917.080270][T29670] device_add+0x6ff/0x1b00 [ 2917.084712][T29670] ? device_check_offline+0x280/0x280 [ 2917.090097][T29670] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2917.096099][T29670] wiphy_register+0x1d5b/0x2840 [ 2917.100974][T29670] ? wiphy_unregister+0xc10/0xc10 [ 2917.106012][T29670] ? default_device_exit_batch+0x3d0/0x3d0 [ 2917.111839][T29670] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2917.117924][T29670] ieee80211_register_hw+0x2291/0x3950 [ 2917.123410][T29670] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2917.128803][T29670] ? lock_downgrade+0x820/0x820 [ 2917.133673][T29670] ? lock_is_held_type+0xb0/0xe0 [ 2917.138624][T29670] ? memset+0x20/0x40 [ 2917.142620][T29670] ? __hrtimer_init+0x12c/0x260 [ 2917.147495][T29670] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2917.153249][T29670] ? hwsim_virtio_rx_work+0x350/0x350 [ 2917.158638][T29670] ? memcpy+0x39/0x60 [ 2917.162637][T29670] hwsim_new_radio_nl+0x93e/0xf8c [ 2917.167681][T29670] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2917.173636][T29670] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2917.180585][T29670] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2917.187456][T29670] genl_rcv_msg+0x61d/0x980 [ 2917.192012][T29670] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2917.198971][T29670] ? lock_release+0x8d0/0x8d0 [ 2917.203657][T29670] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2917.208960][T29670] netlink_rcv_skb+0x15a/0x430 [ 2917.213759][T29670] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2917.220705][T29670] ? netlink_ack+0xa10/0xa10 [ 2917.225354][T29670] genl_rcv+0x24/0x40 [ 2917.229353][T29670] netlink_unicast+0x533/0x7d0 [ 2917.234131][T29670] ? netlink_attachskb+0x810/0x810 [ 2917.239247][T29670] ? _copy_from_iter_full+0x247/0x890 [ 2917.244626][T29670] ? __phys_addr+0x9a/0x110 [ 2917.249132][T29670] ? __phys_addr_symbol+0x2c/0x70 [ 2917.254183][T29670] ? __check_object_size+0x171/0x3e4 [ 2917.259582][T29670] netlink_sendmsg+0x856/0xd90 [ 2917.264354][T29670] ? netlink_unicast+0x7d0/0x7d0 [ 2917.269325][T29670] ? netlink_unicast+0x7d0/0x7d0 [ 2917.274408][T29670] sock_sendmsg+0xcf/0x120 [ 2917.278845][T29670] ____sys_sendmsg+0x6e8/0x810 [ 2917.283630][T29670] ? kernel_sendmsg+0x50/0x50 [ 2917.288329][T29670] ? do_recvmmsg+0x6d0/0x6d0 [ 2917.292929][T29670] ? psi_task_switch+0x17a/0x400 [ 2917.297879][T29670] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2917.303873][T29670] ? lock_acquire+0x1f1/0xad0 [ 2917.308555][T29670] ? find_held_lock+0x2d/0x110 [ 2917.313338][T29670] ___sys_sendmsg+0xf3/0x170 [ 2917.317937][T29670] ? sendmsg_copy_msghdr+0x160/0x160 [ 2917.323229][T29670] ? __fget_files+0x272/0x400 [ 2917.327923][T29670] ? lock_downgrade+0x820/0x820 [ 2917.332785][T29670] ? trace_hardirqs_on+0x5f/0x220 [ 2917.337823][T29670] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2917.342945][T29670] ? _raw_spin_unlock_irq+0x55/0x80 [ 2917.348158][T29670] ? __fget_files+0x294/0x400 [ 2917.352848][T29670] ? __fget_light+0xea/0x280 [ 2917.357448][T29670] __sys_sendmsg+0xe5/0x1b0 [ 2917.361961][T29670] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2917.367009][T29670] ? lockdep_hardirqs_on+0x6a/0xe0 [ 2917.372153][T29670] do_syscall_64+0x60/0xe0 [ 2917.376589][T29670] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2917.382485][T29670] RIP: 0033:0x45c369 [ 2917.386374][T29670] Code: Bad RIP value. [ 2917.390442][T29670] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 22:19:56 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x25, 0x0, 0x0, 0x10}, 0x0) 22:19:56 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000500000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:19:56 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x63, 0x0, 0x0, 0x10}, 0x0) 22:19:56 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x68, 0x0, 0x0, 0x10}, 0x0) [ 2917.398856][T29670] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2917.406836][T29670] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2917.414926][T29670] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2917.422901][T29670] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2917.430929][T29670] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2917.457792][T29702] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2917.482891][T29702] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2917.530189][T29707] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2917.570217][T29707] CPU: 1 PID: 29707 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2917.579010][T29707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2917.589064][T29707] Call Trace: [ 2917.592367][T29707] dump_stack+0x18f/0x20d [ 2917.596711][T29707] sysfs_warn_dup.cold+0x1c/0x2d [ 2917.601655][T29707] sysfs_do_create_link_sd+0x11e/0x140 [ 2917.607124][T29707] sysfs_create_link+0x5f/0xc0 [ 2917.611898][T29707] device_add+0x6ff/0x1b00 [ 2917.616332][T29707] ? device_check_offline+0x280/0x280 [ 2917.621718][T29707] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2917.627728][T29707] wiphy_register+0x1d5b/0x2840 [ 2917.632601][T29707] ? wiphy_unregister+0xc10/0xc10 [ 2917.637639][T29707] ? default_device_exit_batch+0x3d0/0x3d0 [ 2917.643466][T29707] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2917.649550][T29707] ieee80211_register_hw+0x2291/0x3950 [ 2917.655038][T29707] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2917.660427][T29707] ? lock_downgrade+0x820/0x820 [ 2917.665291][T29707] ? lock_is_held_type+0xb0/0xe0 [ 2917.670247][T29707] ? memset+0x20/0x40 [ 2917.674329][T29707] ? __hrtimer_init+0x12c/0x260 [ 2917.679182][T29707] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2917.684888][T29707] ? hwsim_virtio_rx_work+0x350/0x350 [ 2917.690240][T29707] ? memcpy+0x39/0x60 [ 2917.694199][T29707] hwsim_new_radio_nl+0x93e/0xf8c [ 2917.699218][T29707] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2917.705210][T29707] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2917.712123][T29707] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2917.718954][T29707] genl_rcv_msg+0x61d/0x980 [ 2917.723444][T29707] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2917.730379][T29707] ? lock_release+0x8d0/0x8d0 [ 2917.735100][T29707] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2917.740496][T29707] netlink_rcv_skb+0x15a/0x430 [ 2917.745238][T29707] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2917.752145][T29707] ? netlink_ack+0xa10/0xa10 [ 2917.756739][T29707] genl_rcv+0x24/0x40 [ 2917.760710][T29707] netlink_unicast+0x533/0x7d0 [ 2917.765460][T29707] ? netlink_attachskb+0x810/0x810 [ 2917.770551][T29707] ? _copy_from_iter_full+0x247/0x890 [ 2917.775908][T29707] ? __phys_addr+0x9a/0x110 [ 2917.780396][T29707] ? __phys_addr_symbol+0x2c/0x70 [ 2917.785486][T29707] ? __check_object_size+0x171/0x3e4 [ 2917.790769][T29707] netlink_sendmsg+0x856/0xd90 [ 2917.795524][T29707] ? netlink_unicast+0x7d0/0x7d0 [ 2917.800452][T29707] ? netlink_unicast+0x7d0/0x7d0 [ 2917.805368][T29707] sock_sendmsg+0xcf/0x120 [ 2917.809761][T29707] ____sys_sendmsg+0x6e8/0x810 [ 2917.814501][T29707] ? kernel_sendmsg+0x50/0x50 [ 2917.819168][T29707] ? do_recvmmsg+0x6d0/0x6d0 [ 2917.823737][T29707] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2917.829698][T29707] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2917.835661][T29707] ? __lock_acquire+0xc1e/0x56e0 [ 2917.840696][T29707] ___sys_sendmsg+0xf3/0x170 [ 2917.845268][T29707] ? sendmsg_copy_msghdr+0x160/0x160 [ 2917.850617][T29707] ? __fget_files+0x272/0x400 [ 2917.855284][T29707] ? lock_downgrade+0x820/0x820 [ 2917.860128][T29707] ? find_held_lock+0x2d/0x110 [ 2917.864876][T29707] ? __might_fault+0x11f/0x1d0 [ 2917.869624][T29707] ? __fget_files+0x294/0x400 [ 2917.874284][T29707] ? __fget_light+0xea/0x280 [ 2917.878861][T29707] __sys_sendmsg+0xe5/0x1b0 [ 2917.883342][T29707] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2917.888345][T29707] ? __x64_sys_futex+0x382/0x4e0 [ 2917.893264][T29707] ? do_syscall_64+0x1c/0xe0 [ 2917.897834][T29707] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2917.903798][T29707] do_syscall_64+0x60/0xe0 [ 2917.908194][T29707] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2917.914061][T29707] RIP: 0033:0x45c369 [ 2917.917933][T29707] Code: Bad RIP value. [ 2917.921974][T29707] RSP: 002b:00007f4e9be65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2917.930362][T29707] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2917.938310][T29707] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2917.946284][T29707] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2917.954248][T29707] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2917.962201][T29707] R13: 00007ffd77e9fdcf R14: 00007f4e9be669c0 R15: 000000000078c04c [ 2917.977278][T29696] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2917.984954][T29696] CPU: 1 PID: 29696 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2917.993625][T29696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2918.003681][T29696] Call Trace: [ 2918.006980][T29696] dump_stack+0x18f/0x20d [ 2918.011321][T29696] sysfs_warn_dup.cold+0x1c/0x2d [ 2918.016271][T29696] sysfs_do_create_link_sd+0x11e/0x140 [ 2918.021742][T29696] sysfs_create_link+0x5f/0xc0 [ 2918.026519][T29696] device_add+0x6ff/0x1b00 [ 2918.030960][T29696] ? device_check_offline+0x280/0x280 [ 2918.036343][T29696] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2918.042340][T29696] wiphy_register+0x1d5b/0x2840 [ 2918.047214][T29696] ? wiphy_unregister+0xc10/0xc10 [ 2918.052251][T29696] ? default_device_exit_batch+0x3d0/0x3d0 [ 2918.058082][T29696] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2918.064150][T29696] ieee80211_register_hw+0x2291/0x3950 [ 2918.069617][T29696] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2918.074991][T29696] ? lock_downgrade+0x820/0x820 [ 2918.079829][T29696] ? lock_is_held_type+0xb0/0xe0 [ 2918.084744][T29696] ? memset+0x20/0x40 [ 2918.088709][T29696] ? __hrtimer_init+0x12c/0x260 [ 2918.093657][T29696] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2918.099392][T29696] ? hwsim_virtio_rx_work+0x350/0x350 [ 2918.104767][T29696] ? memcpy+0x39/0x60 [ 2918.108762][T29696] hwsim_new_radio_nl+0x93e/0xf8c [ 2918.113805][T29696] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2918.119723][T29696] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 22:19:57 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e6c, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:57 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000027000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:19:57 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:57 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x300, 0x0, 0x0, 0x10}, 0x0) 22:19:57 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000600000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2918.126687][T29696] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2918.133554][T29696] genl_rcv_msg+0x61d/0x980 [ 2918.138082][T29696] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2918.145039][T29696] ? lock_release+0x8d0/0x8d0 [ 2918.149720][T29696] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2918.155023][T29696] netlink_rcv_skb+0x15a/0x430 [ 2918.159806][T29696] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2918.166751][T29696] ? netlink_ack+0xa10/0xa10 [ 2918.171370][T29696] genl_rcv+0x24/0x40 [ 2918.175365][T29696] netlink_unicast+0x533/0x7d0 [ 2918.180147][T29696] ? netlink_attachskb+0x810/0x810 [ 2918.185269][T29696] ? _copy_from_iter_full+0x247/0x890 [ 2918.190793][T29696] ? __phys_addr+0x9a/0x110 [ 2918.195405][T29696] ? __phys_addr_symbol+0x2c/0x70 [ 2918.200438][T29696] ? __check_object_size+0x171/0x3e4 [ 2918.205734][T29696] netlink_sendmsg+0x856/0xd90 [ 2918.210529][T29696] ? netlink_unicast+0x7d0/0x7d0 [ 2918.215479][T29696] ? netlink_unicast+0x7d0/0x7d0 [ 2918.220421][T29696] sock_sendmsg+0xcf/0x120 [ 2918.224850][T29696] ____sys_sendmsg+0x6e8/0x810 [ 2918.229637][T29696] ? kernel_sendmsg+0x50/0x50 [ 2918.234319][T29696] ? do_recvmmsg+0x6d0/0x6d0 [ 2918.238923][T29696] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2918.244921][T29696] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2918.250912][T29696] ? __lock_acquire+0xc1e/0x56e0 [ 2918.256016][T29696] ___sys_sendmsg+0xf3/0x170 [ 2918.260628][T29696] ? sendmsg_copy_msghdr+0x160/0x160 [ 2918.265925][T29696] ? __fget_files+0x272/0x400 [ 2918.270752][T29696] ? lock_downgrade+0x820/0x820 [ 2918.275613][T29696] ? find_held_lock+0x2d/0x110 [ 2918.280372][T29696] ? __might_fault+0x11f/0x1d0 [ 2918.285232][T29696] ? __fget_files+0x294/0x400 [ 2918.289919][T29696] ? __fget_light+0xea/0x280 [ 2918.294514][T29696] __sys_sendmsg+0xe5/0x1b0 [ 2918.299026][T29696] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2918.304063][T29696] ? __x64_sys_futex+0x382/0x4e0 [ 2918.309024][T29696] ? do_syscall_64+0x1c/0xe0 [ 2918.313656][T29696] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2918.319656][T29696] do_syscall_64+0x60/0xe0 [ 2918.324088][T29696] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2918.329998][T29696] RIP: 0033:0x45c369 [ 2918.333885][T29696] Code: Bad RIP value. [ 2918.337964][T29696] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2918.346380][T29696] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2918.354472][T29696] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2918.362468][T29696] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2918.370466][T29696] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2918.378662][T29696] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c 22:19:57 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x7ffffff2, 0x0, 0x0, 0x10}, 0x0) 22:19:57 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:57 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e74, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2918.442971][T29727] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2918.480149][T29727] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2918.515666][T29735] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2918.523341][T29735] CPU: 0 PID: 29735 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2918.532004][T29735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2918.542064][T29735] Call Trace: [ 2918.545367][T29735] dump_stack+0x18f/0x20d [ 2918.549717][T29735] sysfs_warn_dup.cold+0x1c/0x2d [ 2918.554687][T29735] sysfs_do_create_link_sd+0x11e/0x140 [ 2918.560170][T29735] sysfs_create_link+0x5f/0xc0 [ 2918.565041][T29735] device_add+0x6ff/0x1b00 [ 2918.569475][T29735] ? device_check_offline+0x280/0x280 [ 2918.574859][T29735] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2918.580861][T29735] wiphy_register+0x1d5b/0x2840 [ 2918.585752][T29735] ? wiphy_unregister+0xc10/0xc10 [ 2918.590896][T29735] ? default_device_exit_batch+0x3d0/0x3d0 [ 2918.596732][T29735] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2918.602821][T29735] ieee80211_register_hw+0x2291/0x3950 [ 2918.608298][T29735] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2918.613688][T29735] ? lock_downgrade+0x820/0x820 [ 2918.618555][T29735] ? lock_is_held_type+0xb0/0xe0 [ 2918.623499][T29735] ? memset+0x20/0x40 [ 2918.627483][T29735] ? __hrtimer_init+0x12c/0x260 [ 2918.632328][T29735] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2918.638075][T29735] ? hwsim_virtio_rx_work+0x350/0x350 [ 2918.643449][T29735] ? memcpy+0x39/0x60 [ 2918.647426][T29735] hwsim_new_radio_nl+0x93e/0xf8c [ 2918.652441][T29735] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2918.658332][T29735] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2918.665265][T29735] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2918.672102][T29735] genl_rcv_msg+0x61d/0x980 [ 2918.676595][T29735] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2918.683524][T29735] ? lock_release+0x8d0/0x8d0 [ 2918.688185][T29735] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2918.693459][T29735] netlink_rcv_skb+0x15a/0x430 [ 2918.698209][T29735] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2918.705128][T29735] ? netlink_ack+0xa10/0xa10 [ 2918.709716][T29735] genl_rcv+0x24/0x40 [ 2918.713684][T29735] netlink_unicast+0x533/0x7d0 [ 2918.718440][T29735] ? netlink_attachskb+0x810/0x810 [ 2918.723536][T29735] ? _copy_from_iter_full+0x247/0x890 [ 2918.729019][T29735] ? __phys_addr+0x9a/0x110 [ 2918.733595][T29735] ? __phys_addr_symbol+0x2c/0x70 [ 2918.738602][T29735] ? __check_object_size+0x171/0x3e4 [ 2918.743881][T29735] netlink_sendmsg+0x856/0xd90 [ 2918.748635][T29735] ? netlink_unicast+0x7d0/0x7d0 [ 2918.753565][T29735] ? netlink_unicast+0x7d0/0x7d0 [ 2918.758488][T29735] sock_sendmsg+0xcf/0x120 [ 2918.762887][T29735] ____sys_sendmsg+0x6e8/0x810 [ 2918.767638][T29735] ? kernel_sendmsg+0x50/0x50 [ 2918.772300][T29735] ? do_recvmmsg+0x6d0/0x6d0 [ 2918.776877][T29735] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2918.782841][T29735] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2918.788803][T29735] ? do_user_addr_fault+0x8ce/0xd00 [ 2918.793989][T29735] ___sys_sendmsg+0xf3/0x170 [ 2918.798570][T29735] ? sendmsg_copy_msghdr+0x160/0x160 [ 2918.803841][T29735] ? __fget_files+0x272/0x400 [ 2918.808507][T29735] ? lock_downgrade+0x820/0x820 [ 2918.813340][T29735] ? find_held_lock+0x2d/0x110 [ 2918.818088][T29735] ? __might_fault+0x11f/0x1d0 [ 2918.822841][T29735] ? __fget_files+0x294/0x400 [ 2918.827520][T29735] ? __fget_light+0xea/0x280 [ 2918.832100][T29735] __sys_sendmsg+0xe5/0x1b0 [ 2918.836685][T29735] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2918.841694][T29735] ? __x64_sys_futex+0x382/0x4e0 [ 2918.846626][T29735] ? do_syscall_64+0x1c/0xe0 [ 2918.851260][T29735] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2918.857229][T29735] do_syscall_64+0x60/0xe0 [ 2918.861632][T29735] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2918.867505][T29735] RIP: 0033:0x45c369 [ 2918.871381][T29735] Code: Bad RIP value. [ 2918.875427][T29735] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2918.883822][T29735] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2918.891778][T29735] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2918.899733][T29735] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2918.907687][T29735] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c 22:19:58 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:19:58 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000700000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2918.915642][T29735] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c 22:19:58 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x7ffffff8, 0x0, 0x0, 0x10}, 0x0) 22:19:58 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2919.098451][T29756] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2919.111076][T29756] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2919.122766][T29744] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2919.144207][T29744] CPU: 1 PID: 29744 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2919.152911][T29744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2919.162966][T29744] Call Trace: [ 2919.166270][T29744] dump_stack+0x18f/0x20d [ 2919.170620][T29744] sysfs_warn_dup.cold+0x1c/0x2d [ 2919.175576][T29744] sysfs_do_create_link_sd+0x11e/0x140 [ 2919.181053][T29744] sysfs_create_link+0x5f/0xc0 [ 2919.185844][T29744] device_add+0x6ff/0x1b00 [ 2919.190278][T29744] ? device_check_offline+0x280/0x280 [ 2919.195668][T29744] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2919.201673][T29744] wiphy_register+0x1d5b/0x2840 [ 2919.206549][T29744] ? wiphy_unregister+0xc10/0xc10 [ 2919.211702][T29744] ? default_device_exit_batch+0x3d0/0x3d0 [ 2919.217531][T29744] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2919.223618][T29744] ieee80211_register_hw+0x2291/0x3950 [ 2919.229111][T29744] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2919.234507][T29744] ? lock_downgrade+0x820/0x820 [ 2919.239375][T29744] ? lock_is_held_type+0xb0/0xe0 [ 2919.244325][T29744] ? memset+0x20/0x40 [ 2919.248321][T29744] ? __hrtimer_init+0x12c/0x260 [ 2919.253195][T29744] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2919.258966][T29744] ? hwsim_virtio_rx_work+0x350/0x350 [ 2919.264353][T29744] ? memcpy+0x39/0x60 [ 2919.268350][T29744] hwsim_new_radio_nl+0x93e/0xf8c [ 2919.273397][T29744] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2919.279319][T29744] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2919.286275][T29744] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2919.293149][T29744] genl_rcv_msg+0x61d/0x980 [ 2919.297678][T29744] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2919.304636][T29744] ? lock_release+0x8d0/0x8d0 [ 2919.309322][T29744] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2919.314617][T29744] netlink_rcv_skb+0x15a/0x430 [ 2919.319391][T29744] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2919.326325][T29744] ? netlink_ack+0xa10/0xa10 [ 2919.330937][T29744] genl_rcv+0x24/0x40 [ 2919.334930][T29744] netlink_unicast+0x533/0x7d0 [ 2919.339722][T29744] ? netlink_attachskb+0x810/0x810 [ 2919.344824][T29744] ? _copy_from_iter_full+0x247/0x890 [ 2919.350179][T29744] ? __phys_addr+0x9a/0x110 [ 2919.354656][T29744] ? __phys_addr_symbol+0x2c/0x70 [ 2919.359661][T29744] ? __check_object_size+0x171/0x3e4 [ 2919.364926][T29744] netlink_sendmsg+0x856/0xd90 [ 2919.369673][T29744] ? netlink_unicast+0x7d0/0x7d0 [ 2919.374591][T29744] ? netlink_unicast+0x7d0/0x7d0 [ 2919.379502][T29744] sock_sendmsg+0xcf/0x120 [ 2919.383892][T29744] ____sys_sendmsg+0x6e8/0x810 [ 2919.388635][T29744] ? kernel_sendmsg+0x50/0x50 [ 2919.393288][T29744] ? do_recvmmsg+0x6d0/0x6d0 [ 2919.397856][T29744] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2919.403810][T29744] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2919.409767][T29744] ? __lock_acquire+0xc1e/0x56e0 [ 2919.414687][T29744] ___sys_sendmsg+0xf3/0x170 [ 2919.419257][T29744] ? sendmsg_copy_msghdr+0x160/0x160 [ 2919.424521][T29744] ? __fget_files+0x272/0x400 [ 2919.429178][T29744] ? lock_downgrade+0x820/0x820 [ 2919.434003][T29744] ? find_held_lock+0x2d/0x110 [ 2919.438755][T29744] ? __might_fault+0x11f/0x1d0 [ 2919.443504][T29744] ? __fget_files+0x294/0x400 [ 2919.448161][T29744] ? __fget_light+0xea/0x280 [ 2919.452785][T29744] __sys_sendmsg+0xe5/0x1b0 [ 2919.457267][T29744] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2919.462267][T29744] ? __x64_sys_futex+0x382/0x4e0 [ 2919.467199][T29744] ? do_syscall_64+0x1c/0xe0 [ 2919.471778][T29744] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2919.477754][T29744] do_syscall_64+0x60/0xe0 [ 2919.482160][T29744] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2919.488027][T29744] RIP: 0033:0x45c369 [ 2919.491918][T29744] Code: Bad RIP value. [ 2919.495965][T29744] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2919.504358][T29744] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2919.512307][T29744] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2919.520255][T29744] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2919.528206][T29744] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2919.536156][T29744] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2919.574523][T29735] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2919.601237][T29735] CPU: 0 PID: 29735 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2919.610065][T29735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2919.620118][T29735] Call Trace: [ 2919.623390][T29735] dump_stack+0x18f/0x20d [ 2919.627705][T29735] sysfs_warn_dup.cold+0x1c/0x2d [ 2919.632620][T29735] sysfs_do_create_link_sd+0x11e/0x140 [ 2919.638051][T29735] sysfs_create_link+0x5f/0xc0 [ 2919.642843][T29735] device_add+0x6ff/0x1b00 [ 2919.647236][T29735] ? device_check_offline+0x280/0x280 [ 2919.652578][T29735] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2919.658531][T29735] wiphy_register+0x1d5b/0x2840 [ 2919.663362][T29735] ? wiphy_unregister+0xc10/0xc10 [ 2919.668364][T29735] ? default_device_exit_batch+0x3d0/0x3d0 [ 2919.674148][T29735] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2919.680195][T29735] ieee80211_register_hw+0x2291/0x3950 [ 2919.685636][T29735] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2919.690984][T29735] ? lock_downgrade+0x820/0x820 [ 2919.695810][T29735] ? lock_is_held_type+0xb0/0xe0 [ 2919.700719][T29735] ? memset+0x20/0x40 [ 2919.704672][T29735] ? __hrtimer_init+0x12c/0x260 [ 2919.709500][T29735] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2919.715204][T29735] ? hwsim_virtio_rx_work+0x350/0x350 [ 2919.720549][T29735] ? memcpy+0x39/0x60 [ 2919.724504][T29735] hwsim_new_radio_nl+0x93e/0xf8c [ 2919.729622][T29735] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2919.735495][T29735] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2919.742399][T29735] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2919.749218][T29735] genl_rcv_msg+0x61d/0x980 [ 2919.753701][T29735] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2919.760615][T29735] ? lock_release+0x8d0/0x8d0 [ 2919.765263][T29735] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2919.770522][T29735] netlink_rcv_skb+0x15a/0x430 [ 2919.775260][T29735] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2919.782166][T29735] ? netlink_ack+0xa10/0xa10 [ 2919.786736][T29735] genl_rcv+0x24/0x40 [ 2919.790693][T29735] netlink_unicast+0x533/0x7d0 [ 2919.795442][T29735] ? netlink_attachskb+0x810/0x810 [ 2919.800524][T29735] ? _copy_from_iter_full+0x247/0x890 [ 2919.805870][T29735] ? __phys_addr+0x9a/0x110 [ 2919.810346][T29735] ? __phys_addr_symbol+0x2c/0x70 [ 2919.815345][T29735] ? __check_object_size+0x171/0x3e4 [ 2919.820620][T29735] netlink_sendmsg+0x856/0xd90 [ 2919.825362][T29735] ? netlink_unicast+0x7d0/0x7d0 [ 2919.830278][T29735] ? netlink_unicast+0x7d0/0x7d0 [ 2919.835189][T29735] sock_sendmsg+0xcf/0x120 [ 2919.839580][T29735] ____sys_sendmsg+0x6e8/0x810 [ 2919.844318][T29735] ? kernel_sendmsg+0x50/0x50 [ 2919.848967][T29735] ? do_recvmmsg+0x6d0/0x6d0 [ 2919.853531][T29735] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2919.859484][T29735] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2919.865437][T29735] ? do_user_addr_fault+0x8ce/0xd00 [ 2919.870613][T29735] ___sys_sendmsg+0xf3/0x170 [ 2919.875181][T29735] ? sendmsg_copy_msghdr+0x160/0x160 [ 2919.880442][T29735] ? __fget_files+0x272/0x400 [ 2919.885115][T29735] ? lock_downgrade+0x820/0x820 [ 2919.889938][T29735] ? find_held_lock+0x2d/0x110 [ 2919.894676][T29735] ? __might_fault+0x11f/0x1d0 [ 2919.899417][T29735] ? __fget_files+0x294/0x400 [ 2919.904065][T29735] ? __fget_light+0xea/0x280 [ 2919.908631][T29735] __sys_sendmsg+0xe5/0x1b0 [ 2919.913107][T29735] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2919.918107][T29735] ? __x64_sys_futex+0x382/0x4e0 [ 2919.923021][T29735] ? do_syscall_64+0x1c/0xe0 [ 2919.927583][T29735] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2919.933536][T29735] do_syscall_64+0x60/0xe0 [ 2919.937985][T29735] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2919.943849][T29735] RIP: 0033:0x45c369 [ 2919.947715][T29735] Code: Bad RIP value. [ 2919.951761][T29735] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2919.960146][T29735] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2919.968221][T29735] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2919.976165][T29735] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2919.984112][T29735] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2919.992057][T29735] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2920.018437][T29747] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2920.052269][T29747] CPU: 1 PID: 29747 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2920.060992][T29747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2920.071056][T29747] Call Trace: [ 2920.074352][T29747] dump_stack+0x18f/0x20d [ 2920.078682][T29747] sysfs_warn_dup.cold+0x1c/0x2d [ 2920.083597][T29747] sysfs_do_create_link_sd+0x11e/0x140 [ 2920.089045][T29747] sysfs_create_link+0x5f/0xc0 [ 2920.093814][T29747] device_add+0x6ff/0x1b00 [ 2920.098210][T29747] ? device_check_offline+0x280/0x280 [ 2920.103555][T29747] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2920.109536][T29747] wiphy_register+0x1d5b/0x2840 [ 2920.114387][T29747] ? wiphy_unregister+0xc10/0xc10 [ 2920.119400][T29747] ? default_device_exit_batch+0x3d0/0x3d0 [ 2920.125204][T29747] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2920.131262][T29747] ieee80211_register_hw+0x2291/0x3950 [ 2920.136747][T29747] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2920.142095][T29747] ? lock_downgrade+0x820/0x820 [ 2920.146932][T29747] ? lock_is_held_type+0xb0/0xe0 [ 2920.151855][T29747] ? memset+0x20/0x40 [ 2920.155817][T29747] ? __hrtimer_init+0x12c/0x260 [ 2920.160645][T29747] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2920.166361][T29747] ? hwsim_virtio_rx_work+0x350/0x350 [ 2920.171720][T29747] ? memcpy+0x39/0x60 [ 2920.175686][T29747] hwsim_new_radio_nl+0x93e/0xf8c [ 2920.181208][T29747] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2920.187100][T29747] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2920.194023][T29747] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2920.200882][T29747] genl_rcv_msg+0x61d/0x980 [ 2920.205386][T29747] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2920.212312][T29747] ? lock_release+0x8d0/0x8d0 [ 2920.216963][T29747] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2920.222224][T29747] netlink_rcv_skb+0x15a/0x430 [ 2920.226979][T29747] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2920.233902][T29747] ? netlink_ack+0xa10/0xa10 [ 2920.238477][T29747] genl_rcv+0x24/0x40 [ 2920.242432][T29747] netlink_unicast+0x533/0x7d0 [ 2920.247195][T29747] ? netlink_attachskb+0x810/0x810 [ 2920.252293][T29747] ? _copy_from_iter_full+0x247/0x890 [ 2920.257662][T29747] ? __phys_addr+0x9a/0x110 [ 2920.262231][T29747] ? __phys_addr_symbol+0x2c/0x70 [ 2920.267248][T29747] ? __check_object_size+0x171/0x3e4 [ 2920.272531][T29747] netlink_sendmsg+0x856/0xd90 [ 2920.277299][T29747] ? netlink_unicast+0x7d0/0x7d0 [ 2920.282242][T29747] ? netlink_unicast+0x7d0/0x7d0 [ 2920.287170][T29747] sock_sendmsg+0xcf/0x120 [ 2920.291575][T29747] ____sys_sendmsg+0x6e8/0x810 [ 2920.296319][T29747] ? kernel_sendmsg+0x50/0x50 [ 2920.300975][T29747] ? do_recvmmsg+0x6d0/0x6d0 [ 2920.305552][T29747] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2920.311516][T29747] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2920.317470][T29747] ? __lock_acquire+0xc1e/0x56e0 [ 2920.322480][T29747] ___sys_sendmsg+0xf3/0x170 [ 2920.327063][T29747] ? sendmsg_copy_msghdr+0x160/0x160 [ 2920.332335][T29747] ? __fget_files+0x272/0x400 [ 2920.336994][T29747] ? lock_downgrade+0x820/0x820 [ 2920.341822][T29747] ? find_held_lock+0x2d/0x110 [ 2920.346571][T29747] ? __might_fault+0x11f/0x1d0 [ 2920.351326][T29747] ? __fget_files+0x294/0x400 [ 2920.355984][T29747] ? __fget_light+0xea/0x280 [ 2920.360572][T29747] __sys_sendmsg+0xe5/0x1b0 [ 2920.365060][T29747] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2920.370079][T29747] ? __x64_sys_futex+0x382/0x4e0 [ 2920.375009][T29747] ? do_syscall_64+0x1c/0xe0 [ 2920.379576][T29747] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2920.385546][T29747] do_syscall_64+0x60/0xe0 [ 2920.389966][T29747] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2920.395843][T29747] RIP: 0033:0x45c369 [ 2920.399706][T29747] Code: Bad RIP value. [ 2920.403745][T29747] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2920.412131][T29747] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:19:59 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e74, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:19:59 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x7ffffff9, 0x0, 0x0, 0x10}, 0x0) 22:20:00 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:20:00 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000800000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:20:00 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000028000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2920.420080][T29747] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2920.428052][T29747] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2920.436066][T29747] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2920.444012][T29747] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac 22:20:00 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e7a, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:20:00 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0xffffff1f, 0x0, 0x0, 0x10}, 0x0) [ 2920.547323][T29791] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2920.570047][T29791] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:20:00 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000029000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2920.592823][T29794] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2920.646836][T29794] CPU: 1 PID: 29794 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2920.655542][T29794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2920.665597][T29794] Call Trace: [ 2920.668898][T29794] dump_stack+0x18f/0x20d [ 2920.673239][T29794] sysfs_warn_dup.cold+0x1c/0x2d [ 2920.678180][T29794] sysfs_do_create_link_sd+0x11e/0x140 [ 2920.683648][T29794] sysfs_create_link+0x5f/0xc0 [ 2920.688418][T29794] device_add+0x6ff/0x1b00 [ 2920.692845][T29794] ? device_check_offline+0x280/0x280 [ 2920.698228][T29794] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2920.704234][T29794] wiphy_register+0x1d5b/0x2840 [ 2920.709123][T29794] ? wiphy_unregister+0xc10/0xc10 [ 2920.714181][T29794] ? default_device_exit_batch+0x3d0/0x3d0 [ 2920.720011][T29794] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2920.726099][T29794] ieee80211_register_hw+0x2291/0x3950 [ 2920.731589][T29794] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2920.736977][T29794] ? lock_downgrade+0x820/0x820 [ 2920.741841][T29794] ? lock_is_held_type+0xb0/0xe0 [ 2920.746777][T29794] ? memset+0x20/0x40 [ 2920.750765][T29794] ? __hrtimer_init+0x12c/0x260 [ 2920.755637][T29794] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2920.761394][T29794] ? hwsim_virtio_rx_work+0x350/0x350 [ 2920.766784][T29794] ? memcpy+0x39/0x60 [ 2920.770792][T29794] hwsim_new_radio_nl+0x93e/0xf8c [ 2920.775884][T29794] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2920.781803][T29794] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2920.788751][T29794] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2920.795619][T29794] genl_rcv_msg+0x61d/0x980 [ 2920.800147][T29794] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2920.807105][T29794] ? lock_release+0x8d0/0x8d0 [ 2920.811787][T29794] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2920.817086][T29794] netlink_rcv_skb+0x15a/0x430 [ 2920.821868][T29794] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2920.828821][T29794] ? netlink_ack+0xa10/0xa10 [ 2920.833439][T29794] genl_rcv+0x24/0x40 [ 2920.837436][T29794] netlink_unicast+0x533/0x7d0 [ 2920.842225][T29794] ? netlink_attachskb+0x810/0x810 [ 2920.847346][T29794] ? _copy_from_iter_full+0x247/0x890 [ 2920.852732][T29794] ? __phys_addr+0x9a/0x110 [ 2920.857258][T29794] ? __phys_addr_symbol+0x2c/0x70 [ 2920.862310][T29794] ? __check_object_size+0x171/0x3e4 [ 2920.867641][T29794] netlink_sendmsg+0x856/0xd90 [ 2920.872420][T29794] ? netlink_unicast+0x7d0/0x7d0 [ 2920.877377][T29794] ? netlink_unicast+0x7d0/0x7d0 [ 2920.882324][T29794] sock_sendmsg+0xcf/0x120 [ 2920.886749][T29794] ____sys_sendmsg+0x6e8/0x810 [ 2920.891527][T29794] ? kernel_sendmsg+0x50/0x50 22:20:00 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000900000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:20:00 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2920.896214][T29794] ? do_recvmmsg+0x6d0/0x6d0 [ 2920.900820][T29794] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2920.906824][T29794] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2920.912824][T29794] ? do_user_addr_fault+0x8ce/0xd00 [ 2920.918045][T29794] ___sys_sendmsg+0xf3/0x170 [ 2920.922655][T29794] ? sendmsg_copy_msghdr+0x160/0x160 [ 2920.927967][T29794] ? __fget_files+0x272/0x400 [ 2920.932686][T29794] ? lock_downgrade+0x820/0x820 [ 2920.937545][T29794] ? find_held_lock+0x2d/0x110 [ 2920.942334][T29794] ? __might_fault+0x11f/0x1d0 [ 2920.947113][T29794] ? __fget_files+0x294/0x400 [ 2920.951803][T29794] ? __fget_light+0xea/0x280 [ 2920.956434][T29794] __sys_sendmsg+0xe5/0x1b0 [ 2920.960953][T29794] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2920.965995][T29794] ? __x64_sys_futex+0x382/0x4e0 [ 2920.970958][T29794] ? do_syscall_64+0x1c/0xe0 [ 2920.975579][T29794] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2920.981572][T29794] do_syscall_64+0x60/0xe0 [ 2920.986004][T29794] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2920.991903][T29794] RIP: 0033:0x45c369 [ 2920.995843][T29794] Code: Bad RIP value. [ 2921.000012][T29794] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2921.008435][T29794] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2921.016413][T29794] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2921.024393][T29794] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2921.032809][T29794] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2921.040791][T29794] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c 22:20:00 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x2, 0x10}, 0x0) 22:20:00 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2921.149254][T29801] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2921.178994][T29801] CPU: 0 PID: 29801 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2921.187704][T29801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2921.197767][T29801] Call Trace: [ 2921.201076][T29801] dump_stack+0x18f/0x20d [ 2921.205428][T29801] sysfs_warn_dup.cold+0x1c/0x2d [ 2921.210385][T29801] sysfs_do_create_link_sd+0x11e/0x140 [ 2921.215873][T29801] sysfs_create_link+0x5f/0xc0 [ 2921.220658][T29801] device_add+0x6ff/0x1b00 [ 2921.225093][T29801] ? device_check_offline+0x280/0x280 [ 2921.230485][T29801] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2921.236495][T29801] wiphy_register+0x1d5b/0x2840 [ 2921.241390][T29801] ? wiphy_unregister+0xc10/0xc10 [ 2921.246434][T29801] ? default_device_exit_batch+0x3d0/0x3d0 [ 2921.252284][T29801] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2921.258379][T29801] ieee80211_register_hw+0x2291/0x3950 [ 2921.263871][T29801] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2921.269273][T29801] ? lock_downgrade+0x820/0x820 [ 2921.274142][T29801] ? lock_is_held_type+0xb0/0xe0 [ 2921.279094][T29801] ? memset+0x20/0x40 [ 2921.283095][T29801] ? __hrtimer_init+0x12c/0x260 [ 2921.287964][T29801] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2921.293717][T29801] ? hwsim_virtio_rx_work+0x350/0x350 [ 2921.299104][T29801] ? memcpy+0x39/0x60 [ 2921.303105][T29801] hwsim_new_radio_nl+0x93e/0xf8c [ 2921.308161][T29801] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2921.314084][T29801] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2921.321057][T29801] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2921.327928][T29801] genl_rcv_msg+0x61d/0x980 [ 2921.332460][T29801] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2921.339420][T29801] ? lock_release+0x8d0/0x8d0 [ 2921.344113][T29801] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2921.349420][T29801] netlink_rcv_skb+0x15a/0x430 [ 2921.354212][T29801] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2921.361167][T29801] ? netlink_ack+0xa10/0xa10 [ 2921.365786][T29801] genl_rcv+0x24/0x40 [ 2921.369754][T29801] netlink_unicast+0x533/0x7d0 [ 2921.374505][T29801] ? netlink_attachskb+0x810/0x810 [ 2921.379659][T29801] ? _copy_from_iter_full+0x247/0x890 [ 2921.385025][T29801] ? __phys_addr+0x9a/0x110 [ 2921.389516][T29801] ? __phys_addr_symbol+0x2c/0x70 [ 2921.394518][T29801] ? __check_object_size+0x171/0x3e4 [ 2921.399849][T29801] netlink_sendmsg+0x856/0xd90 [ 2921.404602][T29801] ? netlink_unicast+0x7d0/0x7d0 [ 2921.409524][T29801] ? netlink_unicast+0x7d0/0x7d0 [ 2921.414439][T29801] sock_sendmsg+0xcf/0x120 [ 2921.418835][T29801] ____sys_sendmsg+0x6e8/0x810 [ 2921.423576][T29801] ? kernel_sendmsg+0x50/0x50 [ 2921.428234][T29801] ? do_recvmmsg+0x6d0/0x6d0 [ 2921.432807][T29801] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2921.438773][T29801] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2921.444737][T29801] ? __lock_acquire+0xc1e/0x56e0 [ 2921.449656][T29801] ___sys_sendmsg+0xf3/0x170 [ 2921.454225][T29801] ? sendmsg_copy_msghdr+0x160/0x160 [ 2921.459487][T29801] ? __fget_files+0x272/0x400 [ 2921.464141][T29801] ? lock_downgrade+0x820/0x820 [ 2921.468974][T29801] ? find_held_lock+0x2d/0x110 [ 2921.473726][T29801] ? __might_fault+0x11f/0x1d0 [ 2921.478472][T29801] ? __fget_files+0x294/0x400 [ 2921.483127][T29801] ? __fget_light+0xea/0x280 [ 2921.487699][T29801] __sys_sendmsg+0xe5/0x1b0 [ 2921.492268][T29801] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2921.497415][T29801] ? __x64_sys_futex+0x382/0x4e0 [ 2921.502369][T29801] ? do_syscall_64+0x1c/0xe0 [ 2921.506953][T29801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2921.512915][T29801] do_syscall_64+0x60/0xe0 [ 2921.517320][T29801] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2921.523190][T29801] RIP: 0033:0x45c369 [ 2921.527056][T29801] Code: Bad RIP value. [ 2921.531096][T29801] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2921.539482][T29801] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2921.547430][T29801] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2921.555377][T29801] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2921.563343][T29801] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2921.571297][T29801] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2921.586109][T29799] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2921.593777][T29799] CPU: 0 PID: 29799 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2921.602456][T29799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2921.612514][T29799] Call Trace: [ 2921.615812][T29799] dump_stack+0x18f/0x20d [ 2921.620155][T29799] sysfs_warn_dup.cold+0x1c/0x2d [ 2921.625123][T29799] sysfs_do_create_link_sd+0x11e/0x140 [ 2921.630600][T29799] sysfs_create_link+0x5f/0xc0 [ 2921.635381][T29799] device_add+0x6ff/0x1b00 [ 2921.639816][T29799] ? device_check_offline+0x280/0x280 [ 2921.645205][T29799] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2921.651209][T29799] wiphy_register+0x1d5b/0x2840 [ 2921.656093][T29799] ? wiphy_unregister+0xc10/0xc10 [ 2921.661133][T29799] ? default_device_exit_batch+0x3d0/0x3d0 [ 2921.666964][T29799] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2921.673049][T29799] ieee80211_register_hw+0x2291/0x3950 [ 2921.678537][T29799] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2921.683927][T29799] ? lock_downgrade+0x820/0x820 [ 2921.688780][T29799] ? lock_is_held_type+0xb0/0xe0 [ 2921.693722][T29799] ? memset+0x20/0x40 [ 2921.697750][T29799] ? __hrtimer_init+0x12c/0x260 [ 2921.702694][T29799] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2921.708414][T29799] ? hwsim_virtio_rx_work+0x350/0x350 [ 2921.713770][T29799] ? memcpy+0x39/0x60 [ 2921.717741][T29799] hwsim_new_radio_nl+0x93e/0xf8c [ 2921.722756][T29799] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2921.728639][T29799] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2921.735552][T29799] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2921.742400][T29799] genl_rcv_msg+0x61d/0x980 [ 2921.746928][T29799] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2921.753885][T29799] ? lock_release+0x8d0/0x8d0 [ 2921.758552][T29799] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2921.763817][T29799] netlink_rcv_skb+0x15a/0x430 [ 2921.768577][T29799] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2921.775489][T29799] ? netlink_ack+0xa10/0xa10 [ 2921.780064][T29799] genl_rcv+0x24/0x40 [ 2921.784033][T29799] netlink_unicast+0x533/0x7d0 [ 2921.788776][T29799] ? netlink_attachskb+0x810/0x810 [ 2921.793860][T29799] ? _copy_from_iter_full+0x247/0x890 [ 2921.799207][T29799] ? __phys_addr+0x9a/0x110 [ 2921.803687][T29799] ? __phys_addr_symbol+0x2c/0x70 [ 2921.808691][T29799] ? __check_object_size+0x171/0x3e4 [ 2921.813970][T29799] netlink_sendmsg+0x856/0xd90 [ 2921.818727][T29799] ? netlink_unicast+0x7d0/0x7d0 [ 2921.823644][T29799] ? netlink_unicast+0x7d0/0x7d0 [ 2921.828559][T29799] sock_sendmsg+0xcf/0x120 [ 2921.833096][T29799] ____sys_sendmsg+0x6e8/0x810 [ 2921.837840][T29799] ? kernel_sendmsg+0x50/0x50 [ 2921.842493][T29799] ? do_recvmmsg+0x6d0/0x6d0 [ 2921.847063][T29799] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2921.853024][T29799] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2921.858981][T29799] ? __lock_acquire+0xc1e/0x56e0 [ 2921.863897][T29799] ___sys_sendmsg+0xf3/0x170 [ 2921.868470][T29799] ? sendmsg_copy_msghdr+0x160/0x160 [ 2921.873744][T29799] ? __fget_files+0x272/0x400 [ 2921.878399][T29799] ? lock_downgrade+0x820/0x820 [ 2921.883228][T29799] ? find_held_lock+0x2d/0x110 [ 2921.887970][T29799] ? __might_fault+0x11f/0x1d0 [ 2921.892714][T29799] ? __fget_files+0x294/0x400 [ 2921.897442][T29799] ? __fget_light+0xea/0x280 [ 2921.902023][T29799] __sys_sendmsg+0xe5/0x1b0 [ 2921.906502][T29799] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2921.911508][T29799] ? __x64_sys_futex+0x382/0x4e0 [ 2921.916697][T29799] ? do_syscall_64+0x1c/0xe0 [ 2921.921264][T29799] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2921.927225][T29799] do_syscall_64+0x60/0xe0 [ 2921.931622][T29799] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2921.937503][T29799] RIP: 0033:0x45c369 [ 2921.941381][T29799] Code: Bad RIP value. [ 2921.945432][T29799] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2921.953820][T29799] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2921.961770][T29799] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2921.969721][T29799] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2921.977691][T29799] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2921.985672][T29799] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac 22:20:01 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e7a, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:20:01 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000a00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:20:01 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x3, 0x10}, 0x0) 22:20:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2921.998449][T29811] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2922.052537][T29811] CPU: 1 PID: 29811 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2922.061241][T29811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2922.071295][T29811] Call Trace: [ 2922.074598][T29811] dump_stack+0x18f/0x20d [ 2922.078973][T29811] sysfs_warn_dup.cold+0x1c/0x2d [ 2922.083927][T29811] sysfs_do_create_link_sd+0x11e/0x140 [ 2922.089401][T29811] sysfs_create_link+0x5f/0xc0 [ 2922.094183][T29811] device_add+0x6ff/0x1b00 [ 2922.098619][T29811] ? device_check_offline+0x280/0x280 [ 2922.104003][T29811] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2922.110005][T29811] wiphy_register+0x1d5b/0x2840 [ 2922.114880][T29811] ? wiphy_unregister+0xc10/0xc10 [ 2922.119917][T29811] ? default_device_exit_batch+0x3d0/0x3d0 [ 2922.125746][T29811] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2922.131839][T29811] ieee80211_register_hw+0x2291/0x3950 [ 2922.137322][T29811] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2922.142712][T29811] ? lock_downgrade+0x820/0x820 [ 2922.147575][T29811] ? lock_is_held_type+0xb0/0xe0 [ 2922.152525][T29811] ? memset+0x20/0x40 [ 2922.156521][T29811] ? __hrtimer_init+0x12c/0x260 [ 2922.161390][T29811] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2922.167141][T29811] ? hwsim_virtio_rx_work+0x350/0x350 [ 2922.172529][T29811] ? memcpy+0x39/0x60 [ 2922.176529][T29811] hwsim_new_radio_nl+0x93e/0xf8c [ 2922.181570][T29811] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2922.187499][T29811] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2922.194448][T29811] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2922.201319][T29811] genl_rcv_msg+0x61d/0x980 [ 2922.205849][T29811] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2922.212813][T29811] ? lock_release+0x8d0/0x8d0 [ 2922.217515][T29811] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2922.222819][T29811] netlink_rcv_skb+0x15a/0x430 [ 2922.227600][T29811] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2922.234550][T29811] ? netlink_ack+0xa10/0xa10 [ 2922.239167][T29811] genl_rcv+0x24/0x40 [ 2922.243159][T29811] netlink_unicast+0x533/0x7d0 [ 2922.247944][T29811] ? netlink_attachskb+0x810/0x810 [ 2922.253078][T29811] ? _copy_from_iter_full+0x247/0x890 [ 2922.258479][T29811] ? __phys_addr+0x9a/0x110 [ 2922.262998][T29811] ? __phys_addr_symbol+0x2c/0x70 [ 2922.268042][T29811] ? __check_object_size+0x171/0x3e4 [ 2922.273377][T29811] netlink_sendmsg+0x856/0xd90 [ 2922.278171][T29811] ? netlink_unicast+0x7d0/0x7d0 [ 2922.283145][T29811] ? netlink_unicast+0x7d0/0x7d0 [ 2922.288101][T29811] sock_sendmsg+0xcf/0x120 [ 2922.292536][T29811] ____sys_sendmsg+0x6e8/0x810 [ 2922.297312][T29811] ? kernel_sendmsg+0x50/0x50 [ 2922.301999][T29811] ? do_recvmmsg+0x6d0/0x6d0 [ 2922.306732][T29811] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2922.312735][T29811] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2922.318706][T29811] ? __lock_acquire+0xc1e/0x56e0 [ 2922.323630][T29811] ___sys_sendmsg+0xf3/0x170 [ 2922.328210][T29811] ? sendmsg_copy_msghdr+0x160/0x160 [ 2922.333479][T29811] ? __fget_files+0x272/0x400 [ 2922.338145][T29811] ? lock_downgrade+0x820/0x820 [ 2922.342974][T29811] ? find_held_lock+0x2d/0x110 [ 2922.347766][T29811] ? __might_fault+0x11f/0x1d0 [ 2922.352532][T29811] ? __fget_files+0x294/0x400 [ 2922.357205][T29811] ? __fget_light+0xea/0x280 [ 2922.361799][T29811] __sys_sendmsg+0xe5/0x1b0 [ 2922.366309][T29811] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2922.371374][T29811] ? __x64_sys_futex+0x382/0x4e0 [ 2922.376315][T29811] ? do_syscall_64+0x1c/0xe0 [ 2922.380947][T29811] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2922.386923][T29811] do_syscall_64+0x60/0xe0 [ 2922.391333][T29811] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2922.397217][T29811] RIP: 0033:0x45c369 [ 2922.401101][T29811] Code: Bad RIP value. [ 2922.405164][T29811] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2922.413615][T29811] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2922.421828][T29811] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2922.429834][T29811] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2922.437807][T29811] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2922.445782][T29811] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac 22:20:01 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x4, 0x10}, 0x0) [ 2922.460718][T29845] validate_nla: 2 callbacks suppressed [ 2922.460727][T29845] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2922.502797][T29845] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2922.525815][T29848] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2922.533489][T29848] CPU: 0 PID: 29848 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2922.542167][T29848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 22:20:02 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca24000, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:20:02 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:20:02 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="230000002a000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2922.552243][T29848] Call Trace: [ 2922.555550][T29848] dump_stack+0x18f/0x20d [ 2922.559896][T29848] sysfs_warn_dup.cold+0x1c/0x2d [ 2922.564851][T29848] sysfs_do_create_link_sd+0x11e/0x140 [ 2922.570329][T29848] sysfs_create_link+0x5f/0xc0 [ 2922.575109][T29848] device_add+0x6ff/0x1b00 [ 2922.579548][T29848] ? device_check_offline+0x280/0x280 [ 2922.584940][T29848] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2922.590945][T29848] wiphy_register+0x1d5b/0x2840 [ 2922.595827][T29848] ? wiphy_unregister+0xc10/0xc10 [ 2922.600862][T29848] ? default_device_exit_batch+0x3d0/0x3d0 [ 2922.606682][T29848] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2922.612762][T29848] ieee80211_register_hw+0x2291/0x3950 [ 2922.618255][T29848] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2922.623648][T29848] ? lock_downgrade+0x820/0x820 [ 2922.628511][T29848] ? lock_is_held_type+0xb0/0xe0 [ 2922.633460][T29848] ? memset+0x20/0x40 [ 2922.637453][T29848] ? __hrtimer_init+0x12c/0x260 [ 2922.642319][T29848] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2922.648079][T29848] ? hwsim_virtio_rx_work+0x350/0x350 [ 2922.653501][T29848] ? memcpy+0x39/0x60 [ 2922.657499][T29848] hwsim_new_radio_nl+0x93e/0xf8c [ 2922.662559][T29848] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2922.668484][T29848] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2922.675482][T29848] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2922.682350][T29848] genl_rcv_msg+0x61d/0x980 [ 2922.686879][T29848] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2922.693840][T29848] ? lock_release+0x8d0/0x8d0 [ 2922.698527][T29848] ? netdev_core_pick_tx+0x2e0/0x2e0 22:20:02 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2922.703828][T29848] netlink_rcv_skb+0x15a/0x430 [ 2922.708596][T29848] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2922.715542][T29848] ? netlink_ack+0xa10/0xa10 [ 2922.720160][T29848] genl_rcv+0x24/0x40 [ 2922.724155][T29848] netlink_unicast+0x533/0x7d0 [ 2922.728935][T29848] ? netlink_attachskb+0x810/0x810 [ 2922.734057][T29848] ? _copy_from_iter_full+0x247/0x890 [ 2922.739439][T29848] ? __phys_addr+0x9a/0x110 [ 2922.743950][T29848] ? __phys_addr_symbol+0x2c/0x70 [ 2922.749001][T29848] ? __check_object_size+0x171/0x3e4 22:20:02 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x5, 0x10}, 0x0) [ 2922.754301][T29848] netlink_sendmsg+0x856/0xd90 [ 2922.759086][T29848] ? netlink_unicast+0x7d0/0x7d0 [ 2922.764043][T29848] ? netlink_unicast+0x7d0/0x7d0 [ 2922.768992][T29848] sock_sendmsg+0xcf/0x120 [ 2922.773431][T29848] ____sys_sendmsg+0x6e8/0x810 [ 2922.778214][T29848] ? kernel_sendmsg+0x50/0x50 [ 2922.782900][T29848] ? do_recvmmsg+0x6d0/0x6d0 [ 2922.787505][T29848] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2922.793504][T29848] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2922.799498][T29848] ? do_user_addr_fault+0x8ce/0xd00 22:20:02 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2922.804714][T29848] ___sys_sendmsg+0xf3/0x170 [ 2922.809318][T29848] ? sendmsg_copy_msghdr+0x160/0x160 [ 2922.814628][T29848] ? __fget_files+0x272/0x400 [ 2922.819318][T29848] ? lock_downgrade+0x820/0x820 [ 2922.824177][T29848] ? find_held_lock+0x2d/0x110 [ 2922.828952][T29848] ? __might_fault+0x11f/0x1d0 [ 2922.833726][T29848] ? __fget_files+0x294/0x400 [ 2922.838413][T29848] ? __fget_light+0xea/0x280 [ 2922.843023][T29848] __sys_sendmsg+0xe5/0x1b0 [ 2922.847542][T29848] ? __sys_sendmsg_sock+0xb0/0xb0 22:20:02 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x6, 0x10}, 0x0) [ 2922.852579][T29848] ? __x64_sys_futex+0x382/0x4e0 [ 2922.857540][T29848] ? do_syscall_64+0x1c/0xe0 [ 2922.862145][T29848] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2922.868144][T29848] do_syscall_64+0x60/0xe0 [ 2922.872597][T29848] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2922.878495][T29848] RIP: 0033:0x45c369 [ 2922.882385][T29848] Code: Bad RIP value. [ 2922.886451][T29848] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2922.894957][T29848] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2922.902939][T29848] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2922.910933][T29848] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2922.918913][T29848] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2922.926895][T29848] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2923.050517][T29873] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2923.068511][T29873] CPU: 1 PID: 29873 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2923.077220][T29873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2923.087289][T29873] Call Trace: [ 2923.090566][T29873] dump_stack+0x18f/0x20d [ 2923.094889][T29873] sysfs_warn_dup.cold+0x1c/0x2d [ 2923.099838][T29873] sysfs_do_create_link_sd+0x11e/0x140 [ 2923.105313][T29873] sysfs_create_link+0x5f/0xc0 [ 2923.110100][T29873] device_add+0x6ff/0x1b00 [ 2923.114537][T29873] ? device_check_offline+0x280/0x280 [ 2923.119927][T29873] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2923.125933][T29873] wiphy_register+0x1d5b/0x2840 [ 2923.130814][T29873] ? wiphy_unregister+0xc10/0xc10 [ 2923.135845][T29873] ? default_device_exit_batch+0x3d0/0x3d0 [ 2923.141709][T29873] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2923.147758][T29873] ieee80211_register_hw+0x2291/0x3950 [ 2923.153201][T29873] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2923.158573][T29873] ? lock_downgrade+0x820/0x820 [ 2923.163419][T29873] ? lock_is_held_type+0xb0/0xe0 [ 2923.168337][T29873] ? memset+0x20/0x40 [ 2923.172344][T29873] ? __hrtimer_init+0x12c/0x260 [ 2923.177176][T29873] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2923.182884][T29873] ? hwsim_virtio_rx_work+0x350/0x350 [ 2923.188231][T29873] ? memcpy+0x39/0x60 [ 2923.192238][T29873] hwsim_new_radio_nl+0x93e/0xf8c [ 2923.197240][T29873] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2923.203113][T29873] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2923.210023][T29873] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2923.216846][T29873] genl_rcv_msg+0x61d/0x980 [ 2923.221485][T29873] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2923.228400][T29873] ? lock_release+0x8d0/0x8d0 [ 2923.233051][T29873] ? trace_hardirqs_on+0x5f/0x220 [ 2923.238076][T29873] netlink_rcv_skb+0x15a/0x430 [ 2923.242830][T29873] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2923.249738][T29873] ? netlink_ack+0xa10/0xa10 [ 2923.254419][T29873] genl_rcv+0x24/0x40 [ 2923.258377][T29873] netlink_unicast+0x533/0x7d0 [ 2923.263117][T29873] ? netlink_attachskb+0x810/0x810 [ 2923.268205][T29873] ? _copy_from_iter_full+0x247/0x890 [ 2923.273552][T29873] ? __phys_addr+0x9a/0x110 [ 2923.278142][T29873] ? __phys_addr_symbol+0x2c/0x70 [ 2923.283140][T29873] ? __check_object_size+0x171/0x3e4 [ 2923.288423][T29873] netlink_sendmsg+0x856/0xd90 [ 2923.293166][T29873] ? netlink_unicast+0x7d0/0x7d0 [ 2923.298081][T29873] ? netlink_unicast+0x7d0/0x7d0 [ 2923.302990][T29873] sock_sendmsg+0xcf/0x120 [ 2923.307384][T29873] ____sys_sendmsg+0x6e8/0x810 [ 2923.312121][T29873] ? kernel_sendmsg+0x50/0x50 [ 2923.316790][T29873] ? do_recvmmsg+0x6d0/0x6d0 [ 2923.321373][T29873] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2923.327358][T29873] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2923.333309][T29873] ? __lock_acquire+0xc1e/0x56e0 [ 2923.338223][T29873] ___sys_sendmsg+0xf3/0x170 [ 2923.342788][T29873] ? sendmsg_copy_msghdr+0x160/0x160 [ 2923.348046][T29873] ? __fget_files+0x272/0x400 [ 2923.352699][T29873] ? lock_downgrade+0x820/0x820 [ 2923.357554][T29873] ? find_held_lock+0x2d/0x110 [ 2923.362295][T29873] ? __might_fault+0x11f/0x1d0 [ 2923.367038][T29873] ? __fget_files+0x294/0x400 [ 2923.371694][T29873] ? __fget_light+0xea/0x280 [ 2923.376261][T29873] __sys_sendmsg+0xe5/0x1b0 [ 2923.380750][T29873] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2923.385762][T29873] ? __x64_sys_futex+0x382/0x4e0 [ 2923.390679][T29873] ? do_syscall_64+0x1c/0xe0 [ 2923.395267][T29873] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2923.401224][T29873] do_syscall_64+0x60/0xe0 [ 2923.405641][T29873] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2923.411510][T29873] RIP: 0033:0x45c369 [ 2923.415374][T29873] Code: Bad RIP value. [ 2923.419413][T29873] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2923.427799][T29873] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2923.435751][T29873] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2923.443715][T29873] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2923.451681][T29873] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2923.459629][T29873] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2923.510168][T29885] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2923.530126][T29885] CPU: 0 PID: 29885 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2923.538907][T29885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2923.549100][T29885] Call Trace: [ 2923.552396][T29885] dump_stack+0x18f/0x20d [ 2923.556713][T29885] sysfs_warn_dup.cold+0x1c/0x2d [ 2923.561629][T29885] sysfs_do_create_link_sd+0x11e/0x140 [ 2923.567069][T29885] sysfs_create_link+0x5f/0xc0 [ 2923.571843][T29885] device_add+0x6ff/0x1b00 [ 2923.576243][T29885] ? device_check_offline+0x280/0x280 [ 2923.581611][T29885] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2923.587589][T29885] wiphy_register+0x1d5b/0x2840 [ 2923.592424][T29885] ? wiphy_unregister+0xc10/0xc10 [ 2923.597432][T29885] ? default_device_exit_batch+0x3d0/0x3d0 [ 2923.603228][T29885] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2923.609279][T29885] ieee80211_register_hw+0x2291/0x3950 [ 2923.614798][T29885] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2923.620155][T29885] ? lock_downgrade+0x820/0x820 [ 2923.624993][T29885] ? lock_is_held_type+0xb0/0xe0 [ 2923.629912][T29885] ? memset+0x20/0x40 [ 2923.633884][T29885] ? __hrtimer_init+0x12c/0x260 [ 2923.638716][T29885] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2923.644659][T29885] ? hwsim_virtio_rx_work+0x350/0x350 [ 2923.650017][T29885] ? memcpy+0x39/0x60 [ 2923.654086][T29885] hwsim_new_radio_nl+0x93e/0xf8c [ 2923.659091][T29885] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2923.664988][T29885] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2923.671960][T29885] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2923.678790][T29885] genl_rcv_msg+0x61d/0x980 [ 2923.683278][T29885] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2923.690192][T29885] ? lock_release+0x8d0/0x8d0 [ 2923.694960][T29885] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2923.700234][T29885] netlink_rcv_skb+0x15a/0x430 [ 2923.704979][T29885] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2923.712007][T29885] ? netlink_ack+0xa10/0xa10 [ 2923.716585][T29885] genl_rcv+0x24/0x40 [ 2923.720543][T29885] netlink_unicast+0x533/0x7d0 [ 2923.725289][T29885] ? netlink_attachskb+0x810/0x810 [ 2923.730398][T29885] ? _copy_from_iter_full+0x247/0x890 [ 2923.735757][T29885] ? __phys_addr+0x9a/0x110 [ 2923.740250][T29885] ? __phys_addr_symbol+0x2c/0x70 [ 2923.745253][T29885] ? __check_object_size+0x171/0x3e4 [ 2923.750528][T29885] netlink_sendmsg+0x856/0xd90 [ 2923.755275][T29885] ? netlink_unicast+0x7d0/0x7d0 [ 2923.760194][T29885] ? netlink_unicast+0x7d0/0x7d0 [ 2923.765108][T29885] sock_sendmsg+0xcf/0x120 [ 2923.769503][T29885] ____sys_sendmsg+0x6e8/0x810 [ 2923.774243][T29885] ? kernel_sendmsg+0x50/0x50 [ 2923.778919][T29885] ? do_recvmmsg+0x6d0/0x6d0 [ 2923.783490][T29885] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2923.789452][T29885] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2923.795409][T29885] ? __lock_acquire+0xc1e/0x56e0 [ 2923.800380][T29885] ___sys_sendmsg+0xf3/0x170 [ 2923.805014][T29885] ? sendmsg_copy_msghdr+0x160/0x160 [ 2923.810279][T29885] ? __fget_files+0x272/0x400 [ 2923.814936][T29885] ? lock_downgrade+0x820/0x820 [ 2923.819761][T29885] ? find_held_lock+0x2d/0x110 [ 2923.824501][T29885] ? __might_fault+0x11f/0x1d0 [ 2923.829256][T29885] ? __fget_files+0x294/0x400 [ 2923.833922][T29885] ? __fget_light+0xea/0x280 [ 2923.838505][T29885] __sys_sendmsg+0xe5/0x1b0 [ 2923.842986][T29885] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2923.847987][T29885] ? __x64_sys_futex+0x382/0x4e0 [ 2923.852906][T29885] ? do_syscall_64+0x1c/0xe0 [ 2923.857472][T29885] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2923.863431][T29885] do_syscall_64+0x60/0xe0 [ 2923.867829][T29885] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2923.873704][T29885] RIP: 0033:0x45c369 [ 2923.877576][T29885] Code: Bad RIP value. [ 2923.881616][T29885] RSP: 002b:00007f4e9be23c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2923.890006][T29885] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2923.897972][T29885] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2923.905942][T29885] RBP: 000000000078c1c0 R08: 0000000000000000 R09: 0000000000000000 [ 2923.913890][T29885] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c18c [ 2923.921843][T29885] R13: 00007ffd77e9fdcf R14: 00007f4e9be249c0 R15: 000000000078c18c [ 2923.941724][T29874] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2923.961454][T29874] CPU: 0 PID: 29874 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2923.970289][T29874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2923.980350][T29874] Call Trace: [ 2923.983652][T29874] dump_stack+0x18f/0x20d [ 2923.988007][T29874] sysfs_warn_dup.cold+0x1c/0x2d [ 2923.992960][T29874] sysfs_do_create_link_sd+0x11e/0x140 [ 2923.998436][T29874] sysfs_create_link+0x5f/0xc0 [ 2924.003211][T29874] device_add+0x6ff/0x1b00 [ 2924.007612][T29874] ? device_check_offline+0x280/0x280 [ 2924.012966][T29874] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2924.018928][T29874] wiphy_register+0x1d5b/0x2840 [ 2924.023769][T29874] ? wiphy_unregister+0xc10/0xc10 [ 2924.028802][T29874] ? default_device_exit_batch+0x3d0/0x3d0 [ 2924.034607][T29874] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2924.040673][T29874] ieee80211_register_hw+0x2291/0x3950 [ 2924.046145][T29874] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2924.051536][T29874] ? lock_downgrade+0x820/0x820 [ 2924.056425][T29874] ? lock_is_held_type+0xb0/0xe0 [ 2924.061375][T29874] ? memset+0x20/0x40 [ 2924.065367][T29874] ? __hrtimer_init+0x12c/0x260 [ 2924.070236][T29874] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2924.075985][T29874] ? hwsim_virtio_rx_work+0x350/0x350 [ 2924.081370][T29874] ? memcpy+0x39/0x60 [ 2924.085370][T29874] hwsim_new_radio_nl+0x93e/0xf8c [ 2924.090410][T29874] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2924.096330][T29874] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2924.103281][T29874] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 22:20:03 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca24200, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:20:03 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:20:03 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000b00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) 22:20:03 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x7, 0x10}, 0x0) 22:20:03 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="230000002f000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2924.110148][T29874] genl_rcv_msg+0x61d/0x980 [ 2924.114677][T29874] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2924.121645][T29874] ? lock_release+0x8d0/0x8d0 [ 2924.126332][T29874] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2924.131642][T29874] netlink_rcv_skb+0x15a/0x430 [ 2924.136425][T29874] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2924.143374][T29874] ? netlink_ack+0xa10/0xa10 [ 2924.147988][T29874] genl_rcv+0x24/0x40 [ 2924.151986][T29874] netlink_unicast+0x533/0x7d0 [ 2924.156772][T29874] ? netlink_attachskb+0x810/0x810 [ 2924.161930][T29874] ? _copy_from_iter_full+0x247/0x890 [ 2924.167319][T29874] ? __phys_addr+0x9a/0x110 [ 2924.171841][T29874] ? __phys_addr_symbol+0x2c/0x70 [ 2924.176880][T29874] ? __check_object_size+0x171/0x3e4 [ 2924.182181][T29874] netlink_sendmsg+0x856/0xd90 [ 2924.186967][T29874] ? netlink_unicast+0x7d0/0x7d0 [ 2924.191928][T29874] ? netlink_unicast+0x7d0/0x7d0 [ 2924.196885][T29874] sock_sendmsg+0xcf/0x120 [ 2924.201310][T29874] ____sys_sendmsg+0x6e8/0x810 [ 2924.206083][T29874] ? kernel_sendmsg+0x50/0x50 [ 2924.210767][T29874] ? do_recvmmsg+0x6d0/0x6d0 [ 2924.215374][T29874] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2924.221364][T29874] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2924.227355][T29874] ? __lock_acquire+0xc1e/0x56e0 [ 2924.232308][T29874] ___sys_sendmsg+0xf3/0x170 [ 2924.236915][T29874] ? sendmsg_copy_msghdr+0x160/0x160 [ 2924.242213][T29874] ? __fget_files+0x272/0x400 [ 2924.246900][T29874] ? lock_downgrade+0x820/0x820 [ 2924.251759][T29874] ? find_held_lock+0x2d/0x110 [ 2924.256538][T29874] ? __might_fault+0x11f/0x1d0 [ 2924.261334][T29874] ? __fget_files+0x294/0x400 [ 2924.266032][T29874] ? __fget_light+0xea/0x280 [ 2924.270647][T29874] __sys_sendmsg+0xe5/0x1b0 [ 2924.275205][T29874] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2924.280244][T29874] ? __x64_sys_futex+0x382/0x4e0 [ 2924.285197][T29874] ? do_syscall_64+0x1c/0xe0 [ 2924.289799][T29874] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2924.295786][T29874] do_syscall_64+0x60/0xe0 [ 2924.300207][T29874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2924.306095][T29874] RIP: 0033:0x45c369 [ 2924.309972][T29874] Code: Bad RIP value. [ 2924.314023][T29874] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2924.322433][T29874] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2924.330394][T29874] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2924.338358][T29874] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2924.346311][T29874] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2924.354273][T29874] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac 22:20:03 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca24200, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:20:03 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x8, 0x10}, 0x0) 22:20:03 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2924.376924][T29919] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2924.400716][T29919] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2924.428670][T29917] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2924.452169][T29917] CPU: 1 PID: 29917 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2924.461014][T29917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2924.471075][T29917] Call Trace: [ 2924.474381][T29917] dump_stack+0x18f/0x20d [ 2924.478733][T29917] sysfs_warn_dup.cold+0x1c/0x2d [ 2924.483681][T29917] sysfs_do_create_link_sd+0x11e/0x140 [ 2924.489153][T29917] sysfs_create_link+0x5f/0xc0 [ 2924.493943][T29917] device_add+0x6ff/0x1b00 [ 2924.498510][T29917] ? device_check_offline+0x280/0x280 [ 2924.503893][T29917] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2924.509896][T29917] wiphy_register+0x1d5b/0x2840 [ 2924.514772][T29917] ? wiphy_unregister+0xc10/0xc10 [ 2924.519808][T29917] ? default_device_exit_batch+0x3d0/0x3d0 [ 2924.525633][T29917] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2924.531719][T29917] ieee80211_register_hw+0x2291/0x3950 [ 2924.537216][T29917] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2924.542608][T29917] ? lock_downgrade+0x820/0x820 [ 2924.547489][T29917] ? lock_is_held_type+0xb0/0xe0 [ 2924.552446][T29917] ? memset+0x20/0x40 [ 2924.556436][T29917] ? __hrtimer_init+0x12c/0x260 [ 2924.561295][T29917] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2924.567040][T29917] ? hwsim_virtio_rx_work+0x350/0x350 [ 2924.572427][T29917] ? memcpy+0x39/0x60 [ 2924.576426][T29917] hwsim_new_radio_nl+0x93e/0xf8c [ 2924.581462][T29917] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2924.587379][T29917] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2924.594331][T29917] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2924.601206][T29917] genl_rcv_msg+0x61d/0x980 [ 2924.605739][T29917] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2924.612703][T29917] ? lock_release+0x8d0/0x8d0 [ 2924.617395][T29917] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2924.622696][T29917] netlink_rcv_skb+0x15a/0x430 [ 2924.627482][T29917] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2924.634437][T29917] ? netlink_ack+0xa10/0xa10 [ 2924.639053][T29917] genl_rcv+0x24/0x40 [ 2924.643046][T29917] netlink_unicast+0x533/0x7d0 [ 2924.647833][T29917] ? netlink_attachskb+0x810/0x810 [ 2924.652971][T29917] ? _copy_from_iter_full+0x247/0x890 [ 2924.658354][T29917] ? __phys_addr+0x9a/0x110 [ 2924.662868][T29917] ? __phys_addr_symbol+0x2c/0x70 [ 2924.667906][T29917] ? __check_object_size+0x171/0x3e4 [ 2924.673213][T29917] netlink_sendmsg+0x856/0xd90 [ 2924.677994][T29917] ? netlink_unicast+0x7d0/0x7d0 [ 2924.682946][T29917] ? netlink_unicast+0x7d0/0x7d0 [ 2924.687894][T29917] sock_sendmsg+0xcf/0x120 [ 2924.692324][T29917] ____sys_sendmsg+0x6e8/0x810 [ 2924.697101][T29917] ? kernel_sendmsg+0x50/0x50 [ 2924.701783][T29917] ? do_recvmmsg+0x6d0/0x6d0 [ 2924.706387][T29917] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2924.712383][T29917] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2924.718376][T29917] ? do_user_addr_fault+0x8ce/0xd00 [ 2924.723588][T29917] ___sys_sendmsg+0xf3/0x170 [ 2924.728196][T29917] ? sendmsg_copy_msghdr+0x160/0x160 [ 2924.733579][T29917] ? __fget_files+0x272/0x400 [ 2924.738266][T29917] ? lock_downgrade+0x820/0x820 [ 2924.743126][T29917] ? find_held_lock+0x2d/0x110 [ 2924.747905][T29917] ? __might_fault+0x11f/0x1d0 [ 2924.753638][T29917] ? __fget_files+0x294/0x400 [ 2924.758336][T29917] ? __fget_light+0xea/0x280 [ 2924.762943][T29917] __sys_sendmsg+0xe5/0x1b0 [ 2924.767457][T29917] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2924.772474][T29917] ? __x64_sys_futex+0x382/0x4e0 22:20:04 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000c00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2924.777417][T29917] ? do_syscall_64+0x1c/0xe0 [ 2924.782009][T29917] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2924.788000][T29917] do_syscall_64+0x60/0xe0 [ 2924.792431][T29917] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2924.798328][T29917] RIP: 0033:0x45c369 [ 2924.802215][T29917] Code: Bad RIP value. [ 2924.806289][T29917] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2924.814703][T29917] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2924.822732][T29917] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:20:04 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:20:04 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x9, 0x10}, 0x0) [ 2924.830807][T29917] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2924.838783][T29917] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2924.846747][T29917] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2924.893233][T29938] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2924.920270][T29938] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2924.943834][T29933] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2924.970490][T29933] CPU: 0 PID: 29933 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2924.979200][T29933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2924.989268][T29933] Call Trace: [ 2924.992576][T29933] dump_stack+0x18f/0x20d [ 2924.996923][T29933] sysfs_warn_dup.cold+0x1c/0x2d [ 2925.001876][T29933] sysfs_do_create_link_sd+0x11e/0x140 [ 2925.007347][T29933] sysfs_create_link+0x5f/0xc0 [ 2925.012120][T29933] device_add+0x6ff/0x1b00 [ 2925.016561][T29933] ? device_check_offline+0x280/0x280 [ 2925.021943][T29933] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2925.027945][T29933] wiphy_register+0x1d5b/0x2840 [ 2925.032828][T29933] ? wiphy_unregister+0xc10/0xc10 [ 2925.037869][T29933] ? default_device_exit_batch+0x3d0/0x3d0 [ 2925.043699][T29933] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2925.049785][T29933] ieee80211_register_hw+0x2291/0x3950 [ 2925.055274][T29933] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2925.060671][T29933] ? lock_downgrade+0x820/0x820 [ 2925.065535][T29933] ? lock_is_held_type+0xb0/0xe0 [ 2925.070489][T29933] ? memset+0x20/0x40 [ 2925.074484][T29933] ? __hrtimer_init+0x12c/0x260 [ 2925.079353][T29933] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2925.085101][T29933] ? hwsim_virtio_rx_work+0x350/0x350 [ 2925.090487][T29933] ? memcpy+0x39/0x60 22:20:04 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000d00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2925.094493][T29933] hwsim_new_radio_nl+0x93e/0xf8c [ 2925.099539][T29933] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2925.105464][T29933] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2925.112417][T29933] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2925.119289][T29933] genl_rcv_msg+0x61d/0x980 [ 2925.123816][T29933] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2925.130777][T29933] ? lock_release+0x8d0/0x8d0 [ 2925.135468][T29933] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2925.140775][T29933] netlink_rcv_skb+0x15a/0x430 [ 2925.145536][T29933] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2925.152450][T29933] ? netlink_ack+0xa10/0xa10 [ 2925.157027][T29933] genl_rcv+0x24/0x40 [ 2925.160986][T29933] netlink_unicast+0x533/0x7d0 [ 2925.165733][T29933] ? netlink_attachskb+0x810/0x810 [ 2925.170834][T29933] ? _copy_from_iter_full+0x247/0x890 [ 2925.176194][T29933] ? __phys_addr+0x9a/0x110 [ 2925.180673][T29933] ? __phys_addr_symbol+0x2c/0x70 [ 2925.185677][T29933] ? __check_object_size+0x171/0x3e4 [ 2925.190967][T29933] netlink_sendmsg+0x856/0xd90 [ 2925.195715][T29933] ? netlink_unicast+0x7d0/0x7d0 [ 2925.200655][T29933] ? netlink_unicast+0x7d0/0x7d0 [ 2925.205615][T29933] sock_sendmsg+0xcf/0x120 [ 2925.210017][T29933] ____sys_sendmsg+0x6e8/0x810 [ 2925.214760][T29933] ? kernel_sendmsg+0x50/0x50 [ 2925.219427][T29933] ? do_recvmmsg+0x6d0/0x6d0 [ 2925.224015][T29933] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2925.229986][T29933] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2925.235964][T29933] ? __lock_acquire+0xc1e/0x56e0 [ 2925.240908][T29933] ___sys_sendmsg+0xf3/0x170 [ 2925.245485][T29933] ? sendmsg_copy_msghdr+0x160/0x160 [ 2925.250753][T29933] ? __fget_files+0x272/0x400 [ 2925.255428][T29933] ? lock_downgrade+0x820/0x820 [ 2925.260274][T29933] ? find_held_lock+0x2d/0x110 [ 2925.265036][T29933] ? __might_fault+0x11f/0x1d0 [ 2925.269813][T29933] ? __fget_files+0x294/0x400 [ 2925.274485][T29933] ? __fget_light+0xea/0x280 [ 2925.279081][T29933] __sys_sendmsg+0xe5/0x1b0 [ 2925.283573][T29933] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2925.288590][T29933] ? __x64_sys_futex+0x382/0x4e0 [ 2925.293515][T29933] ? do_syscall_64+0x1c/0xe0 [ 2925.298105][T29933] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2925.304077][T29933] do_syscall_64+0x60/0xe0 [ 2925.308479][T29933] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2925.314350][T29933] RIP: 0033:0x45c369 [ 2925.318224][T29933] Code: Bad RIP value. [ 2925.322275][T29933] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2925.330663][T29933] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2925.338618][T29933] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2925.346569][T29933] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2925.354527][T29933] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2925.362489][T29933] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2925.384094][T29920] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2925.393580][T29920] CPU: 0 PID: 29920 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2925.402285][T29920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2925.412346][T29920] Call Trace: [ 2925.415653][T29920] dump_stack+0x18f/0x20d [ 2925.420004][T29920] sysfs_warn_dup.cold+0x1c/0x2d [ 2925.424958][T29920] sysfs_do_create_link_sd+0x11e/0x140 [ 2925.430433][T29920] sysfs_create_link+0x5f/0xc0 [ 2925.435214][T29920] device_add+0x6ff/0x1b00 [ 2925.439651][T29920] ? device_check_offline+0x280/0x280 [ 2925.445038][T29920] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2925.451024][T29920] wiphy_register+0x1d5b/0x2840 [ 2925.455869][T29920] ? wiphy_unregister+0xc10/0xc10 [ 2925.460898][T29920] ? default_device_exit_batch+0x3d0/0x3d0 [ 2925.466705][T29920] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2925.472778][T29920] ieee80211_register_hw+0x2291/0x3950 [ 2925.478266][T29920] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2925.483696][T29920] ? lock_downgrade+0x820/0x820 [ 2925.488577][T29920] ? lock_is_held_type+0xb0/0xe0 [ 2925.493525][T29920] ? memset+0x20/0x40 [ 2925.497505][T29920] ? __hrtimer_init+0x12c/0x260 [ 2925.502445][T29920] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2925.508163][T29920] ? hwsim_virtio_rx_work+0x350/0x350 [ 2925.513532][T29920] ? memcpy+0x39/0x60 [ 2925.517511][T29920] hwsim_new_radio_nl+0x93e/0xf8c [ 2925.522522][T29920] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2925.528401][T29920] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2925.535329][T29920] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2925.542170][T29920] genl_rcv_msg+0x61d/0x980 [ 2925.546666][T29920] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2925.553584][T29920] ? lock_release+0x8d0/0x8d0 [ 2925.558240][T29920] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2925.563509][T29920] netlink_rcv_skb+0x15a/0x430 [ 2925.568264][T29920] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2925.575191][T29920] ? netlink_ack+0xa10/0xa10 [ 2925.579764][T29920] genl_rcv+0x24/0x40 [ 2925.583725][T29920] netlink_unicast+0x533/0x7d0 [ 2925.588478][T29920] ? netlink_attachskb+0x810/0x810 [ 2925.593566][T29920] ? _copy_from_iter_full+0x247/0x890 [ 2925.598920][T29920] ? __phys_addr+0x9a/0x110 [ 2925.603420][T29920] ? __phys_addr_symbol+0x2c/0x70 [ 2925.608431][T29920] ? __check_object_size+0x171/0x3e4 [ 2925.613695][T29920] netlink_sendmsg+0x856/0xd90 [ 2925.618440][T29920] ? netlink_unicast+0x7d0/0x7d0 [ 2925.623358][T29920] ? netlink_unicast+0x7d0/0x7d0 [ 2925.628273][T29920] sock_sendmsg+0xcf/0x120 [ 2925.632666][T29920] ____sys_sendmsg+0x6e8/0x810 [ 2925.637408][T29920] ? kernel_sendmsg+0x50/0x50 [ 2925.642059][T29920] ? do_recvmmsg+0x6d0/0x6d0 [ 2925.646639][T29920] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2925.652614][T29920] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2925.658579][T29920] ? __lock_acquire+0xc1e/0x56e0 [ 2925.663496][T29920] ___sys_sendmsg+0xf3/0x170 [ 2925.668069][T29920] ? sendmsg_copy_msghdr+0x160/0x160 [ 2925.673330][T29920] ? __fget_files+0x272/0x400 [ 2925.677985][T29920] ? lock_downgrade+0x820/0x820 [ 2925.682812][T29920] ? find_held_lock+0x2d/0x110 [ 2925.687556][T29920] ? __might_fault+0x11f/0x1d0 [ 2925.692302][T29920] ? __fget_files+0x294/0x400 [ 2925.696958][T29920] ? __fget_light+0xea/0x280 [ 2925.701527][T29920] __sys_sendmsg+0xe5/0x1b0 [ 2925.706007][T29920] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2925.711011][T29920] ? __x64_sys_futex+0x382/0x4e0 [ 2925.715932][T29920] ? do_syscall_64+0x1c/0xe0 [ 2925.720501][T29920] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2925.726482][T29920] do_syscall_64+0x60/0xe0 [ 2925.730897][T29920] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2925.736781][T29920] RIP: 0033:0x45c369 [ 2925.740652][T29920] Code: Bad RIP value. [ 2925.744744][T29920] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2925.753130][T29920] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2925.761085][T29920] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2925.769037][T29920] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2925.776999][T29920] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2925.784963][T29920] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac 22:20:05 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca25500, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:20:05 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:20:05 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0xa, 0x10}, 0x0) 22:20:05 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000030000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2925.805173][T29954] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2925.813367][T29954] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2925.844348][T29935] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2925.907073][T29935] CPU: 1 PID: 29935 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2925.915781][T29935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2925.925845][T29935] Call Trace: [ 2925.929161][T29935] dump_stack+0x18f/0x20d [ 2925.933526][T29935] sysfs_warn_dup.cold+0x1c/0x2d [ 2925.938480][T29935] sysfs_do_create_link_sd+0x11e/0x140 [ 2925.943962][T29935] sysfs_create_link+0x5f/0xc0 [ 2925.948741][T29935] device_add+0x6ff/0x1b00 [ 2925.953175][T29935] ? device_check_offline+0x280/0x280 [ 2925.958565][T29935] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2925.964576][T29935] wiphy_register+0x1d5b/0x2840 [ 2925.969464][T29935] ? wiphy_unregister+0xc10/0xc10 [ 2925.974507][T29935] ? default_device_exit_batch+0x3d0/0x3d0 [ 2925.980337][T29935] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2925.986427][T29935] ieee80211_register_hw+0x2291/0x3950 [ 2925.991917][T29935] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2925.997307][T29935] ? lock_downgrade+0x820/0x820 [ 2926.002173][T29935] ? lock_is_held_type+0xb0/0xe0 [ 2926.007128][T29935] ? memset+0x20/0x40 [ 2926.011126][T29935] ? __hrtimer_init+0x12c/0x260 [ 2926.015998][T29935] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2926.021752][T29935] ? hwsim_virtio_rx_work+0x350/0x350 [ 2926.027142][T29935] ? memcpy+0x39/0x60 [ 2926.031146][T29935] hwsim_new_radio_nl+0x93e/0xf8c [ 2926.036189][T29935] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2926.042111][T29935] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2926.049064][T29935] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2926.055933][T29935] genl_rcv_msg+0x61d/0x980 [ 2926.060463][T29935] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2926.067420][T29935] ? lock_release+0x8d0/0x8d0 [ 2926.072104][T29935] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2926.077408][T29935] netlink_rcv_skb+0x15a/0x430 [ 2926.082192][T29935] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2926.089151][T29935] ? netlink_ack+0xa10/0xa10 [ 2926.093781][T29935] genl_rcv+0x24/0x40 [ 2926.097787][T29935] netlink_unicast+0x533/0x7d0 [ 2926.102574][T29935] ? netlink_attachskb+0x810/0x810 [ 2926.107717][T29935] ? _copy_from_iter_full+0x247/0x890 [ 2926.113101][T29935] ? __phys_addr+0x9a/0x110 [ 2926.117716][T29935] ? __phys_addr_symbol+0x2c/0x70 [ 2926.122755][T29935] ? __check_object_size+0x171/0x3e4 [ 2926.128062][T29935] netlink_sendmsg+0x856/0xd90 [ 2926.132847][T29935] ? netlink_unicast+0x7d0/0x7d0 [ 2926.137807][T29935] ? netlink_unicast+0x7d0/0x7d0 [ 2926.142755][T29935] sock_sendmsg+0xcf/0x120 [ 2926.147185][T29935] ____sys_sendmsg+0x6e8/0x810 [ 2926.151953][T29935] ? kernel_sendmsg+0x50/0x50 [ 2926.156640][T29935] ? do_recvmmsg+0x6d0/0x6d0 [ 2926.161241][T29935] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2926.167244][T29935] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2926.173235][T29935] ? __lock_acquire+0xc1e/0x56e0 [ 2926.178192][T29935] ___sys_sendmsg+0xf3/0x170 [ 2926.182802][T29935] ? sendmsg_copy_msghdr+0x160/0x160 [ 2926.188108][T29935] ? __fget_files+0x272/0x400 [ 2926.192805][T29935] ? lock_downgrade+0x820/0x820 [ 2926.197669][T29935] ? find_held_lock+0x2d/0x110 [ 2926.202447][T29935] ? __might_fault+0x11f/0x1d0 22:20:05 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000e00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2926.207229][T29935] ? __fget_files+0x294/0x400 [ 2926.211934][T29935] ? __fget_light+0xea/0x280 [ 2926.216675][T29935] __sys_sendmsg+0xe5/0x1b0 [ 2926.221197][T29935] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2926.226242][T29935] ? __x64_sys_futex+0x382/0x4e0 [ 2926.231205][T29935] ? do_syscall_64+0x1c/0xe0 [ 2926.235810][T29935] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2926.241803][T29935] do_syscall_64+0x60/0xe0 [ 2926.246252][T29935] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2926.252163][T29935] RIP: 0033:0x45c369 [ 2926.256043][T29935] Code: Bad RIP value. [ 2926.260094][T29935] RSP: 002b:00007f08d428ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2926.268485][T29935] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2926.276452][T29935] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2926.284406][T29935] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2926.292471][T29935] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2926.300435][T29935] R13: 00007ffe336fa22f R14: 00007f08d428b9c0 R15: 000000000078bfac 22:20:05 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca25000, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:20:05 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0xc, 0x10}, 0x0) 22:20:05 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2926.335343][T29984] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2926.351041][T29984] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2926.381578][T29974] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2926.405137][T29974] CPU: 0 PID: 29974 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2926.413847][T29974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2926.423910][T29974] Call Trace: [ 2926.427217][T29974] dump_stack+0x18f/0x20d [ 2926.431566][T29974] sysfs_warn_dup.cold+0x1c/0x2d [ 2926.436522][T29974] sysfs_do_create_link_sd+0x11e/0x140 [ 2926.441993][T29974] sysfs_create_link+0x5f/0xc0 [ 2926.446774][T29974] device_add+0x6ff/0x1b00 [ 2926.451337][T29974] ? device_check_offline+0x280/0x280 [ 2926.456750][T29974] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2926.462764][T29974] wiphy_register+0x1d5b/0x2840 [ 2926.467641][T29974] ? wiphy_unregister+0xc10/0xc10 [ 2926.472679][T29974] ? default_device_exit_batch+0x3d0/0x3d0 [ 2926.478508][T29974] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2926.484597][T29974] ieee80211_register_hw+0x2291/0x3950 [ 2926.490088][T29974] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2926.495499][T29974] ? lock_downgrade+0x820/0x820 [ 2926.500373][T29974] ? lock_is_held_type+0xb0/0xe0 [ 2926.505327][T29974] ? memset+0x20/0x40 [ 2926.509329][T29974] ? __hrtimer_init+0x12c/0x260 [ 2926.514204][T29974] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2926.520070][T29974] ? hwsim_virtio_rx_work+0x350/0x350 [ 2926.525458][T29974] ? memcpy+0x39/0x60 [ 2926.529458][T29974] hwsim_new_radio_nl+0x93e/0xf8c [ 2926.534507][T29974] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2926.540428][T29974] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2926.547380][T29974] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2926.554252][T29974] genl_rcv_msg+0x61d/0x980 [ 2926.558776][T29974] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2926.565731][T29974] ? lock_release+0x8d0/0x8d0 [ 2926.570419][T29974] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2926.575729][T29974] netlink_rcv_skb+0x15a/0x430 [ 2926.580511][T29974] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2926.587467][T29974] ? netlink_ack+0xa10/0xa10 [ 2926.592093][T29974] genl_rcv+0x24/0x40 [ 2926.596096][T29974] netlink_unicast+0x533/0x7d0 [ 2926.600883][T29974] ? netlink_attachskb+0x810/0x810 [ 2926.606009][T29974] ? _copy_from_iter_full+0x247/0x890 [ 2926.611404][T29974] ? __phys_addr+0x9a/0x110 [ 2926.615920][T29974] ? __phys_addr_symbol+0x2c/0x70 [ 2926.620958][T29974] ? __check_object_size+0x171/0x3e4 [ 2926.626263][T29974] netlink_sendmsg+0x856/0xd90 22:20:06 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010000f00000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2926.631048][T29974] ? netlink_unicast+0x7d0/0x7d0 [ 2926.636036][T29974] ? netlink_unicast+0x7d0/0x7d0 [ 2926.640991][T29974] sock_sendmsg+0xcf/0x120 [ 2926.645434][T29974] ____sys_sendmsg+0x6e8/0x810 [ 2926.650220][T29974] ? kernel_sendmsg+0x50/0x50 [ 2926.654910][T29974] ? do_recvmmsg+0x6d0/0x6d0 [ 2926.659507][T29974] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2926.665471][T29974] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2926.671433][T29974] ? do_user_addr_fault+0x8ce/0xd00 [ 2926.676617][T29974] ___sys_sendmsg+0xf3/0x170 [ 2926.681187][T29974] ? sendmsg_copy_msghdr+0x160/0x160 [ 2926.686450][T29974] ? __fget_files+0x272/0x400 [ 2926.691113][T29974] ? lock_downgrade+0x820/0x820 [ 2926.695940][T29974] ? find_held_lock+0x2d/0x110 [ 2926.700680][T29974] ? __might_fault+0x11f/0x1d0 [ 2926.705426][T29974] ? __fget_files+0x294/0x400 [ 2926.710092][T29974] ? __fget_light+0xea/0x280 [ 2926.714690][T29974] __sys_sendmsg+0xe5/0x1b0 [ 2926.719292][T29974] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2926.724315][T29974] ? __x64_sys_futex+0x382/0x4e0 [ 2926.729346][T29974] ? do_syscall_64+0x1c/0xe0 [ 2926.733915][T29974] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2926.739872][T29974] do_syscall_64+0x60/0xe0 [ 2926.744277][T29974] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2926.750169][T29974] RIP: 0033:0x45c369 [ 2926.754046][T29974] Code: Bad RIP value. [ 2926.758094][T29974] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2926.766497][T29974] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2926.774456][T29974] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:20:06 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0xe, 0x10}, 0x0) 22:20:06 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 2926.782405][T29974] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2926.790357][T29974] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2926.798313][T29974] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c 22:20:06 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001000000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2926.856249][T29979] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2926.863921][T29979] CPU: 0 PID: 29979 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2926.872591][T29979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2926.882651][T29979] Call Trace: [ 2926.885953][T29979] dump_stack+0x18f/0x20d [ 2926.890305][T29979] sysfs_warn_dup.cold+0x1c/0x2d [ 2926.895257][T29979] sysfs_do_create_link_sd+0x11e/0x140 [ 2926.900731][T29979] sysfs_create_link+0x5f/0xc0 [ 2926.905509][T29979] device_add+0x6ff/0x1b00 [ 2926.909946][T29979] ? device_check_offline+0x280/0x280 [ 2926.915329][T29979] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2926.921367][T29979] wiphy_register+0x1d5b/0x2840 [ 2926.926246][T29979] ? wiphy_unregister+0xc10/0xc10 [ 2926.931284][T29979] ? default_device_exit_batch+0x3d0/0x3d0 [ 2926.937120][T29979] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2926.943212][T29979] ieee80211_register_hw+0x2291/0x3950 [ 2926.948694][T29979] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2926.954082][T29979] ? lock_downgrade+0x820/0x820 [ 2926.958959][T29979] ? lock_is_held_type+0xb0/0xe0 [ 2926.963918][T29979] ? memset+0x20/0x40 [ 2926.967910][T29979] ? __hrtimer_init+0x12c/0x260 [ 2926.972788][T29979] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2926.978533][T29979] ? hwsim_virtio_rx_work+0x350/0x350 [ 2926.983922][T29979] ? memcpy+0x39/0x60 [ 2926.987923][T29979] hwsim_new_radio_nl+0x93e/0xf8c [ 2926.992957][T29979] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2926.998870][T29979] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2927.005827][T29979] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2927.012693][T29979] genl_rcv_msg+0x61d/0x980 [ 2927.017213][T29979] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2927.024172][T29979] ? lock_release+0x8d0/0x8d0 [ 2927.028862][T29979] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2927.034166][T29979] netlink_rcv_skb+0x15a/0x430 [ 2927.038947][T29979] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2927.045903][T29979] ? netlink_ack+0xa10/0xa10 [ 2927.050529][T29979] genl_rcv+0x24/0x40 [ 2927.054522][T29979] netlink_unicast+0x533/0x7d0 [ 2927.059288][T29979] ? netlink_attachskb+0x810/0x810 [ 2927.064402][T29979] ? _copy_from_iter_full+0x247/0x890 [ 2927.069880][T29979] ? __phys_addr+0x9a/0x110 [ 2927.074401][T29979] ? __phys_addr_symbol+0x2c/0x70 [ 2927.079443][T29979] ? __check_object_size+0x171/0x3e4 [ 2927.084748][T29979] netlink_sendmsg+0x856/0xd90 [ 2927.089534][T29979] ? netlink_unicast+0x7d0/0x7d0 [ 2927.094488][T29979] ? netlink_unicast+0x7d0/0x7d0 [ 2927.099436][T29979] sock_sendmsg+0xcf/0x120 [ 2927.103885][T29979] ____sys_sendmsg+0x6e8/0x810 [ 2927.108664][T29979] ? kernel_sendmsg+0x50/0x50 [ 2927.113352][T29979] ? do_recvmmsg+0x6d0/0x6d0 [ 2927.117961][T29979] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2927.123961][T29979] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2927.129959][T29979] ? __lock_acquire+0xc1e/0x56e0 [ 2927.134925][T29979] ___sys_sendmsg+0xf3/0x170 [ 2927.139528][T29979] ? sendmsg_copy_msghdr+0x160/0x160 [ 2927.144817][T29979] ? __fget_files+0x272/0x400 [ 2927.149491][T29979] ? lock_downgrade+0x820/0x820 [ 2927.154320][T29979] ? find_held_lock+0x2d/0x110 [ 2927.159066][T29979] ? __might_fault+0x11f/0x1d0 [ 2927.163814][T29979] ? __fget_files+0x294/0x400 [ 2927.168481][T29979] ? __fget_light+0xea/0x280 [ 2927.173055][T29979] __sys_sendmsg+0xe5/0x1b0 [ 2927.177540][T29979] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2927.182542][T29979] ? __x64_sys_futex+0x382/0x4e0 [ 2927.187463][T29979] ? do_syscall_64+0x1c/0xe0 [ 2927.192031][T29979] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2927.197993][T29979] do_syscall_64+0x60/0xe0 [ 2927.202390][T29979] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2927.208259][T29979] RIP: 0033:0x45c369 [ 2927.212126][T29979] Code: Bad RIP value. [ 2927.216169][T29979] RSP: 002b:00007f4e9be65c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2927.224564][T29979] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2927.232644][T29979] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2927.240593][T29979] RBP: 000000000078c080 R08: 0000000000000000 R09: 0000000000000000 [ 2927.248816][T29979] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078c04c [ 2927.256960][T29979] R13: 00007ffd77e9fdcf R14: 00007f4e9be669c0 R15: 000000000078c04c [ 2927.269136][T29997] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2927.286132][T29997] CPU: 0 PID: 29997 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2927.294845][T29997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2927.305055][T29997] Call Trace: [ 2927.308351][T29997] dump_stack+0x18f/0x20d [ 2927.312697][T29997] sysfs_warn_dup.cold+0x1c/0x2d [ 2927.317663][T29997] sysfs_do_create_link_sd+0x11e/0x140 [ 2927.323136][T29997] sysfs_create_link+0x5f/0xc0 [ 2927.327908][T29997] device_add+0x6ff/0x1b00 [ 2927.332343][T29997] ? device_check_offline+0x280/0x280 [ 2927.337728][T29997] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2927.343729][T29997] wiphy_register+0x1d5b/0x2840 [ 2927.348608][T29997] ? wiphy_unregister+0xc10/0xc10 [ 2927.353638][T29997] ? default_device_exit_batch+0x3d0/0x3d0 [ 2927.359456][T29997] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2927.365541][T29997] ieee80211_register_hw+0x2291/0x3950 [ 2927.371014][T29997] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2927.376368][T29997] ? lock_downgrade+0x820/0x820 [ 2927.381194][T29997] ? lock_is_held_type+0xb0/0xe0 [ 2927.386105][T29997] ? memset+0x20/0x40 [ 2927.390078][T29997] ? __hrtimer_init+0x12c/0x260 [ 2927.394907][T29997] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2927.400619][T29997] ? hwsim_virtio_rx_work+0x350/0x350 [ 2927.405970][T29997] ? memcpy+0x39/0x60 [ 2927.410084][T29997] hwsim_new_radio_nl+0x93e/0xf8c [ 2927.415176][T29997] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2927.421068][T29997] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2927.427993][T29997] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2927.434845][T29997] genl_rcv_msg+0x61d/0x980 [ 2927.439337][T29997] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2927.446251][T29997] ? lock_release+0x8d0/0x8d0 [ 2927.450925][T29997] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2927.456208][T29997] netlink_rcv_skb+0x15a/0x430 [ 2927.460955][T29997] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2927.467865][T29997] ? netlink_ack+0xa10/0xa10 [ 2927.472493][T29997] genl_rcv+0x24/0x40 [ 2927.476451][T29997] netlink_unicast+0x533/0x7d0 [ 2927.481189][T29997] ? netlink_attachskb+0x810/0x810 [ 2927.486273][T29997] ? _copy_from_iter_full+0x247/0x890 [ 2927.491622][T29997] ? __phys_addr+0x9a/0x110 [ 2927.496120][T29997] ? __phys_addr_symbol+0x2c/0x70 [ 2927.501124][T29997] ? __check_object_size+0x171/0x3e4 [ 2927.506390][T29997] netlink_sendmsg+0x856/0xd90 [ 2927.511133][T29997] ? netlink_unicast+0x7d0/0x7d0 [ 2927.516052][T29997] ? netlink_unicast+0x7d0/0x7d0 [ 2927.520964][T29997] sock_sendmsg+0xcf/0x120 [ 2927.525357][T29997] ____sys_sendmsg+0x6e8/0x810 [ 2927.530104][T29997] ? kernel_sendmsg+0x50/0x50 [ 2927.534754][T29997] ? do_recvmmsg+0x6d0/0x6d0 [ 2927.539320][T29997] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2927.545290][T29997] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2927.551257][T29997] ? __lock_acquire+0xc1e/0x56e0 [ 2927.556337][T29997] ___sys_sendmsg+0xf3/0x170 [ 2927.560909][T29997] ? sendmsg_copy_msghdr+0x160/0x160 [ 2927.566168][T29997] ? __fget_files+0x272/0x400 [ 2927.570822][T29997] ? lock_downgrade+0x820/0x820 [ 2927.575644][T29997] ? find_held_lock+0x2d/0x110 [ 2927.580380][T29997] ? __might_fault+0x11f/0x1d0 [ 2927.585119][T29997] ? __fget_files+0x294/0x400 [ 2927.589769][T29997] ? __fget_light+0xea/0x280 [ 2927.594624][T29997] __sys_sendmsg+0xe5/0x1b0 [ 2927.599104][T29997] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2927.604188][T29997] ? __x64_sys_futex+0x382/0x4e0 [ 2927.609106][T29997] ? do_syscall_64+0x1c/0xe0 [ 2927.613670][T29997] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2927.619623][T29997] do_syscall_64+0x60/0xe0 [ 2927.624016][T29997] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2927.629882][T29997] RIP: 0033:0x45c369 [ 2927.633792][T29997] Code: Bad RIP value. [ 2927.637828][T29997] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2927.646210][T29997] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 22:20:07 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca26100, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 22:20:07 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0xf, 0x10}, 0x0) 22:20:07 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:20:07 executing program 1: socket$kcm(0x2b, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca23e00, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000034000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 2927.654154][T29997] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2927.662100][T29997] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2927.670076][T29997] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2927.678043][T29997] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2927.695039][T30010] validate_nla: 2 callbacks suppressed [ 2927.695048][T30010] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2927.724723][T30010] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 22:20:07 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca25500, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 22:20:07 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x10, 0x10}, 0x0) 22:20:07 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001100000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2927.781110][T30030] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2927.856633][T30030] CPU: 0 PID: 30030 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2927.865343][T30030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2927.875401][T30030] Call Trace: [ 2927.878703][T30030] dump_stack+0x18f/0x20d [ 2927.883051][T30030] sysfs_warn_dup.cold+0x1c/0x2d [ 2927.888004][T30030] sysfs_do_create_link_sd+0x11e/0x140 [ 2927.893477][T30030] sysfs_create_link+0x5f/0xc0 [ 2927.898260][T30030] device_add+0x6ff/0x1b00 [ 2927.902702][T30030] ? device_check_offline+0x280/0x280 [ 2927.908091][T30030] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2927.914094][T30030] wiphy_register+0x1d5b/0x2840 [ 2927.918975][T30030] ? wiphy_unregister+0xc10/0xc10 [ 2927.924016][T30030] ? default_device_exit_batch+0x3d0/0x3d0 [ 2927.929852][T30030] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2927.935941][T30030] ieee80211_register_hw+0x2291/0x3950 [ 2927.941433][T30030] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2927.946820][T30030] ? lock_downgrade+0x820/0x820 [ 2927.951695][T30030] ? lock_is_held_type+0xb0/0xe0 22:20:07 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x48, 0x10}, 0x0) [ 2927.956649][T30030] ? memset+0x20/0x40 [ 2927.960650][T30030] ? __hrtimer_init+0x12c/0x260 [ 2927.965520][T30030] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2927.971298][T30030] ? hwsim_virtio_rx_work+0x350/0x350 [ 2927.976688][T30030] ? memcpy+0x39/0x60 [ 2927.980694][T30030] hwsim_new_radio_nl+0x93e/0xf8c [ 2927.985740][T30030] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2927.991661][T30030] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2927.998613][T30030] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 22:20:07 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x4c, 0x10}, 0x0) [ 2928.005498][T30030] genl_rcv_msg+0x61d/0x980 [ 2928.010033][T30030] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2928.017009][T30030] ? lock_release+0x8d0/0x8d0 [ 2928.021698][T30030] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2928.027016][T30030] netlink_rcv_skb+0x15a/0x430 [ 2928.031798][T30030] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2928.038749][T30030] ? netlink_ack+0xa10/0xa10 [ 2928.043371][T30030] genl_rcv+0x24/0x40 [ 2928.047380][T30030] netlink_unicast+0x533/0x7d0 [ 2928.052167][T30030] ? netlink_attachskb+0x810/0x810 [ 2928.057311][T30030] ? _copy_from_iter_full+0x247/0x890 [ 2928.062701][T30030] ? __phys_addr+0x9a/0x110 [ 2928.067218][T30030] ? __phys_addr_symbol+0x2c/0x70 [ 2928.072267][T30030] ? __check_object_size+0x171/0x3e4 [ 2928.077577][T30030] netlink_sendmsg+0x856/0xd90 [ 2928.082368][T30030] ? netlink_unicast+0x7d0/0x7d0 [ 2928.087332][T30030] ? netlink_unicast+0x7d0/0x7d0 [ 2928.092286][T30030] sock_sendmsg+0xcf/0x120 [ 2928.096724][T30030] ____sys_sendmsg+0x6e8/0x810 [ 2928.101504][T30030] ? kernel_sendmsg+0x50/0x50 [ 2928.106193][T30030] ? do_recvmmsg+0x6d0/0x6d0 [ 2928.110797][T30030] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2928.116804][T30030] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2928.122835][T30030] ? do_user_addr_fault+0x8ce/0xd00 [ 2928.128053][T30030] ___sys_sendmsg+0xf3/0x170 [ 2928.132665][T30030] ? sendmsg_copy_msghdr+0x160/0x160 [ 2928.137966][T30030] ? __fget_files+0x272/0x400 [ 2928.142776][T30030] ? lock_downgrade+0x820/0x820 [ 2928.147638][T30030] ? find_held_lock+0x2d/0x110 [ 2928.152423][T30030] ? __might_fault+0x11f/0x1d0 22:20:07 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x60, 0x10}, 0x0) [ 2928.157208][T30030] ? __fget_files+0x294/0x400 [ 2928.161904][T30030] ? __fget_light+0xea/0x280 [ 2928.166513][T30030] __sys_sendmsg+0xe5/0x1b0 [ 2928.171031][T30030] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2928.176072][T30030] ? __x64_sys_futex+0x382/0x4e0 [ 2928.181034][T30030] ? do_syscall_64+0x1c/0xe0 [ 2928.185639][T30030] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2928.191636][T30030] do_syscall_64+0x60/0xe0 [ 2928.196066][T30030] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2928.201961][T30030] RIP: 0033:0x45c369 22:20:07 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x68, 0x10}, 0x0) [ 2928.205856][T30030] Code: Bad RIP value. [ 2928.209920][T30030] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2928.218355][T30030] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2928.226337][T30030] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2928.234316][T30030] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2928.242296][T30030] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2928.250279][T30030] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c 22:20:07 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="2e0000001500810e000f80ecdb4cb90202000000010000008100930f12000100040fd21b40d81ba906000500000f", 0x2e}], 0x1, 0x0, 0x6c, 0x10}, 0x0) [ 2928.315863][T30041] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 2928.331026][T30041] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 2928.355978][T30054] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2928.363660][T30054] CPU: 0 PID: 30054 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2928.372361][T30054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2928.382422][T30054] Call Trace: [ 2928.385725][T30054] dump_stack+0x18f/0x20d [ 2928.390074][T30054] sysfs_warn_dup.cold+0x1c/0x2d [ 2928.395031][T30054] sysfs_do_create_link_sd+0x11e/0x140 [ 2928.400509][T30054] sysfs_create_link+0x5f/0xc0 [ 2928.405281][T30054] device_add+0x6ff/0x1b00 [ 2928.409710][T30054] ? device_check_offline+0x280/0x280 [ 2928.415095][T30054] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2928.421101][T30054] wiphy_register+0x1d5b/0x2840 [ 2928.425977][T30054] ? wiphy_unregister+0xc10/0xc10 [ 2928.431013][T30054] ? default_device_exit_batch+0x3d0/0x3d0 [ 2928.436845][T30054] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2928.442929][T30054] ieee80211_register_hw+0x2291/0x3950 [ 2928.448412][T30054] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2928.453823][T30054] ? lock_downgrade+0x820/0x820 [ 2928.458688][T30054] ? lock_is_held_type+0xb0/0xe0 [ 2928.463640][T30054] ? memset+0x20/0x40 [ 2928.467641][T30054] ? __hrtimer_init+0x12c/0x260 [ 2928.472614][T30054] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2928.478366][T30054] ? hwsim_virtio_rx_work+0x350/0x350 [ 2928.483748][T30054] ? memcpy+0x39/0x60 [ 2928.487745][T30054] hwsim_new_radio_nl+0x93e/0xf8c [ 2928.492793][T30054] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2928.498705][T30054] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2928.505648][T30054] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2928.512513][T30054] genl_rcv_msg+0x61d/0x980 [ 2928.517058][T30054] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2928.524021][T30054] ? lock_release+0x8d0/0x8d0 [ 2928.528717][T30054] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2928.534008][T30054] netlink_rcv_skb+0x15a/0x430 [ 2928.538788][T30054] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2928.545835][T30054] ? netlink_ack+0xa10/0xa10 [ 2928.550451][T30054] genl_rcv+0x24/0x40 [ 2928.554438][T30054] netlink_unicast+0x533/0x7d0 [ 2928.559214][T30054] ? netlink_attachskb+0x810/0x810 [ 2928.564332][T30054] ? _copy_from_iter_full+0x247/0x890 [ 2928.569690][T30054] ? __phys_addr+0x9a/0x110 [ 2928.574180][T30054] ? __phys_addr_symbol+0x2c/0x70 [ 2928.579204][T30054] ? __check_object_size+0x171/0x3e4 [ 2928.584584][T30054] netlink_sendmsg+0x856/0xd90 [ 2928.589331][T30054] ? netlink_unicast+0x7d0/0x7d0 [ 2928.594273][T30054] ? netlink_unicast+0x7d0/0x7d0 [ 2928.599208][T30054] sock_sendmsg+0xcf/0x120 [ 2928.603698][T30054] ____sys_sendmsg+0x6e8/0x810 [ 2928.608459][T30054] ? kernel_sendmsg+0x50/0x50 [ 2928.613115][T30054] ? do_recvmmsg+0x6d0/0x6d0 [ 2928.617686][T30054] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2928.623654][T30054] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2928.629610][T30054] ? __lock_acquire+0xc1e/0x56e0 [ 2928.634527][T30054] ___sys_sendmsg+0xf3/0x170 [ 2928.639153][T30054] ? sendmsg_copy_msghdr+0x160/0x160 [ 2928.644415][T30054] ? __fget_files+0x272/0x400 [ 2928.649066][T30054] ? lock_downgrade+0x820/0x820 [ 2928.653900][T30054] ? find_held_lock+0x2d/0x110 [ 2928.658664][T30054] ? __might_fault+0x11f/0x1d0 [ 2928.663413][T30054] ? __fget_files+0x294/0x400 [ 2928.668247][T30054] ? __fget_light+0xea/0x280 [ 2928.672823][T30054] __sys_sendmsg+0xe5/0x1b0 [ 2928.677306][T30054] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2928.682307][T30054] ? __x64_sys_futex+0x382/0x4e0 [ 2928.687226][T30054] ? do_syscall_64+0x1c/0xe0 [ 2928.691794][T30054] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2928.697824][T30054] do_syscall_64+0x60/0xe0 [ 2928.702222][T30054] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2928.708088][T30054] RIP: 0033:0x45c369 [ 2928.711953][T30054] Code: Bad RIP value. [ 2928.715995][T30054] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2928.724380][T30054] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2928.732326][T30054] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2928.740284][T30054] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2928.748248][T30054] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2928.756340][T30054] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2928.780558][T30054] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2928.801767][T30054] CPU: 0 PID: 30054 Comm: syz-executor.5 Not tainted 5.8.0-rc4-syzkaller #0 [ 2928.810478][T30054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2928.820540][T30054] Call Trace: [ 2928.823845][T30054] dump_stack+0x18f/0x20d [ 2928.828192][T30054] sysfs_warn_dup.cold+0x1c/0x2d [ 2928.833136][T30054] sysfs_do_create_link_sd+0x11e/0x140 [ 2928.838695][T30054] sysfs_create_link+0x5f/0xc0 [ 2928.843449][T30054] device_add+0x6ff/0x1b00 [ 2928.847863][T30054] ? device_check_offline+0x280/0x280 [ 2928.853222][T30054] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2928.859185][T30054] wiphy_register+0x1d5b/0x2840 [ 2928.864022][T30054] ? wiphy_unregister+0xc10/0xc10 [ 2928.869156][T30054] ? default_device_exit_batch+0x3d0/0x3d0 [ 2928.874954][T30054] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2928.881010][T30054] ieee80211_register_hw+0x2291/0x3950 [ 2928.886466][T30054] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2928.891828][T30054] ? lock_downgrade+0x820/0x820 [ 2928.896656][T30054] ? lock_is_held_type+0xb0/0xe0 [ 2928.901575][T30054] ? memset+0x20/0x40 [ 2928.905533][T30054] ? __hrtimer_init+0x12c/0x260 [ 2928.910367][T30054] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2928.916075][T30054] ? hwsim_virtio_rx_work+0x350/0x350 [ 2928.921427][T30054] ? memcpy+0x39/0x60 [ 2928.925389][T30054] hwsim_new_radio_nl+0x93e/0xf8c [ 2928.930391][T30054] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2928.936271][T30054] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2928.943180][T30054] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2928.950009][T30054] genl_rcv_msg+0x61d/0x980 [ 2928.954498][T30054] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2928.961411][T30054] ? lock_release+0x8d0/0x8d0 [ 2928.966062][T30054] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2928.971328][T30054] netlink_rcv_skb+0x15a/0x430 [ 2928.976073][T30054] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2928.983000][T30054] ? netlink_ack+0xa10/0xa10 [ 2928.987577][T30054] genl_rcv+0x24/0x40 [ 2928.991535][T30054] netlink_unicast+0x533/0x7d0 [ 2928.996292][T30054] ? netlink_attachskb+0x810/0x810 [ 2929.001468][T30054] ? _copy_from_iter_full+0x247/0x890 [ 2929.006816][T30054] ? __phys_addr+0x9a/0x110 [ 2929.011297][T30054] ? __phys_addr_symbol+0x2c/0x70 [ 2929.016406][T30054] ? __check_object_size+0x171/0x3e4 [ 2929.021682][T30054] netlink_sendmsg+0x856/0xd90 [ 2929.026441][T30054] ? netlink_unicast+0x7d0/0x7d0 [ 2929.031364][T30054] ? netlink_unicast+0x7d0/0x7d0 [ 2929.036278][T30054] sock_sendmsg+0xcf/0x120 [ 2929.040671][T30054] ____sys_sendmsg+0x6e8/0x810 [ 2929.045413][T30054] ? kernel_sendmsg+0x50/0x50 [ 2929.050063][T30054] ? do_recvmmsg+0x6d0/0x6d0 [ 2929.054630][T30054] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2929.060585][T30054] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2929.066540][T30054] ? __lock_acquire+0xc1e/0x56e0 [ 2929.071459][T30054] ___sys_sendmsg+0xf3/0x170 [ 2929.076037][T30054] ? sendmsg_copy_msghdr+0x160/0x160 [ 2929.081318][T30054] ? __fget_files+0x272/0x400 [ 2929.085976][T30054] ? lock_downgrade+0x820/0x820 [ 2929.090811][T30054] ? find_held_lock+0x2d/0x110 [ 2929.095562][T30054] ? __might_fault+0x11f/0x1d0 [ 2929.100365][T30054] ? __fget_files+0x294/0x400 [ 2929.105023][T30054] ? __fget_light+0xea/0x280 [ 2929.109594][T30054] __sys_sendmsg+0xe5/0x1b0 [ 2929.114097][T30054] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2929.119107][T30054] ? __x64_sys_futex+0x382/0x4e0 [ 2929.124042][T30054] ? do_syscall_64+0x1c/0xe0 [ 2929.128632][T30054] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2929.134589][T30054] do_syscall_64+0x60/0xe0 [ 2929.138987][T30054] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2929.144855][T30054] RIP: 0033:0x45c369 [ 2929.148720][T30054] Code: Bad RIP value. [ 2929.152758][T30054] RSP: 002b:00007f08d42abc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2929.161143][T30054] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2929.169090][T30054] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2929.177037][T30054] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2929.184987][T30054] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2929.192950][T30054] R13: 00007ffe336fa22f R14: 00007f08d42ac9c0 R15: 000000000078bf0c [ 2929.223271][T30037] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2929.244342][T30037] CPU: 1 PID: 30037 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2929.253054][T30037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2929.263112][T30037] Call Trace: [ 2929.266413][T30037] dump_stack+0x18f/0x20d [ 2929.270764][T30037] sysfs_warn_dup.cold+0x1c/0x2d [ 2929.275722][T30037] sysfs_do_create_link_sd+0x11e/0x140 [ 2929.281194][T30037] sysfs_create_link+0x5f/0xc0 [ 2929.285976][T30037] device_add+0x6ff/0x1b00 [ 2929.290420][T30037] ? device_check_offline+0x280/0x280 [ 2929.295811][T30037] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2929.301800][T30037] wiphy_register+0x1d5b/0x2840 [ 2929.306666][T30037] ? wiphy_unregister+0xc10/0xc10 [ 2929.311780][T30037] ? default_device_exit_batch+0x3d0/0x3d0 [ 2929.317600][T30037] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2929.323689][T30037] ieee80211_register_hw+0x2291/0x3950 [ 2929.329180][T30037] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2929.334572][T30037] ? lock_downgrade+0x820/0x820 [ 2929.339421][T30037] ? lock_is_held_type+0xb0/0xe0 [ 2929.344353][T30037] ? memset+0x20/0x40 [ 2929.348327][T30037] ? __hrtimer_init+0x12c/0x260 [ 2929.353158][T30037] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2929.358872][T30037] ? hwsim_virtio_rx_work+0x350/0x350 [ 2929.364230][T30037] ? memcpy+0x39/0x60 [ 2929.368202][T30037] hwsim_new_radio_nl+0x93e/0xf8c [ 2929.373321][T30037] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2929.379208][T30037] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2929.386130][T30037] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2929.392967][T30037] genl_rcv_msg+0x61d/0x980 [ 2929.397465][T30037] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2929.404413][T30037] ? lock_release+0x8d0/0x8d0 [ 2929.409074][T30037] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2929.414351][T30037] netlink_rcv_skb+0x15a/0x430 [ 2929.419106][T30037] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2929.426029][T30037] ? netlink_ack+0xa10/0xa10 [ 2929.430725][T30037] genl_rcv+0x24/0x40 [ 2929.434869][T30037] netlink_unicast+0x533/0x7d0 [ 2929.439622][T30037] ? netlink_attachskb+0x810/0x810 [ 2929.444719][T30037] ? _copy_from_iter_full+0x247/0x890 [ 2929.450075][T30037] ? __phys_addr+0x9a/0x110 [ 2929.454563][T30037] ? __phys_addr_symbol+0x2c/0x70 [ 2929.459573][T30037] ? __check_object_size+0x171/0x3e4 [ 2929.464860][T30037] netlink_sendmsg+0x856/0xd90 [ 2929.469615][T30037] ? netlink_unicast+0x7d0/0x7d0 [ 2929.474549][T30037] ? netlink_unicast+0x7d0/0x7d0 [ 2929.479606][T30037] sock_sendmsg+0xcf/0x120 [ 2929.484012][T30037] ____sys_sendmsg+0x6e8/0x810 [ 2929.488774][T30037] ? kernel_sendmsg+0x50/0x50 [ 2929.493448][T30037] ? do_recvmmsg+0x6d0/0x6d0 [ 2929.498027][T30037] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2929.503991][T30037] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2929.509953][T30037] ___sys_sendmsg+0xf3/0x170 [ 2929.514528][T30037] ? sendmsg_copy_msghdr+0x160/0x160 [ 2929.519800][T30037] ? __fget_files+0x272/0x400 [ 2929.524465][T30037] ? lock_downgrade+0x820/0x820 [ 2929.529301][T30037] ? find_held_lock+0x2d/0x110 [ 2929.534051][T30037] ? __might_fault+0x11f/0x1d0 [ 2929.538809][T30037] ? __fget_files+0x294/0x400 [ 2929.543461][T30037] ? __fget_light+0xea/0x280 [ 2929.548032][T30037] __sys_sendmsg+0xe5/0x1b0 [ 2929.552512][T30037] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2929.557546][T30037] ? __x64_sys_futex+0x382/0x4e0 [ 2929.565817][T30037] ? do_syscall_64+0x1c/0xe0 [ 2929.570402][T30037] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2929.576364][T30037] do_syscall_64+0x60/0xe0 [ 2929.580761][T30037] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2929.586629][T30037] RIP: 0033:0x45c369 [ 2929.590493][T30037] Code: Bad RIP value. [ 2929.594575][T30037] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2929.602973][T30037] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2929.610925][T30037] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 22:20:09 executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4ca26300, &(0x7f0000000080)=[{&(0x7f0000000840)="2300000025000511d25a80648c63940d0424fc60040018000a001100022f004837153e", 0x23}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2929.618900][T30037] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2929.626852][T30037] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2929.634809][T30037] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac 22:20:09 executing program 2: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0xc028660f, &(0x7f00000005c0)=0x400000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000380)}], 0x2}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000540)=0x4, 0x2bf70) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40305839, &(0x7f0000000000)) recvmsg$kcm(0xffffffffffffffff, &(0x7f000000e680)={&(0x7f000000c400)=@xdp, 0x80, &(0x7f000000e540)=[{0x0}, {&(0x7f000000c500)=""/4096, 0x1000}, {&(0x7f000000d500)=""/7, 0x7}, {&(0x7f000000d540)=""/4096, 0x1000}], 0x4, &(0x7f000000e580)=""/240, 0xf0}, 0x2001) sendmsg(0xffffffffffffffff, 0x0, 0x800) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x40, 0xfb, 0x0, 0x0, 0x0, 0x7fff, 0x188, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x3, 0xffffffff}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0xc028660f, &(0x7f00000005c0)=0x400000000) 22:20:09 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001f000503d25a80648c63940d0524fc6004000f400a0010001200000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0) [ 2929.723887][T30092] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2929.734341][T30092] CPU: 0 PID: 30092 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2929.743042][T30092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2929.753097][T30092] Call Trace: [ 2929.756399][T30092] dump_stack+0x18f/0x20d [ 2929.760738][T30092] sysfs_warn_dup.cold+0x1c/0x2d [ 2929.765684][T30092] sysfs_do_create_link_sd+0x11e/0x140 [ 2929.771157][T30092] sysfs_create_link+0x5f/0xc0 [ 2929.775959][T30092] device_add+0x6ff/0x1b00 [ 2929.780388][T30092] ? device_check_offline+0x280/0x280 [ 2929.785795][T30092] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2929.791797][T30092] wiphy_register+0x1d5b/0x2840 [ 2929.796676][T30092] ? wiphy_unregister+0xc10/0xc10 [ 2929.801729][T30092] ? default_device_exit_batch+0x3d0/0x3d0 [ 2929.807557][T30092] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2929.813648][T30092] ieee80211_register_hw+0x2291/0x3950 [ 2929.819134][T30092] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2929.824522][T30092] ? lock_downgrade+0x820/0x820 [ 2929.829385][T30092] ? lock_is_held_type+0xb0/0xe0 [ 2929.834334][T30092] ? memset+0x20/0x40 [ 2929.838354][T30092] ? __hrtimer_init+0x12c/0x260 [ 2929.843216][T30092] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2929.848967][T30092] ? hwsim_virtio_rx_work+0x350/0x350 [ 2929.854352][T30092] ? memcpy+0x39/0x60 [ 2929.858362][T30092] hwsim_new_radio_nl+0x93e/0xf8c [ 2929.863402][T30092] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2929.869327][T30092] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2929.876282][T30092] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2929.883755][T30092] genl_rcv_msg+0x61d/0x980 [ 2929.888279][T30092] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2929.895237][T30092] ? lock_release+0x8d0/0x8d0 [ 2929.899922][T30092] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2929.905226][T30092] netlink_rcv_skb+0x15a/0x430 [ 2929.910005][T30092] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2929.916950][T30092] ? netlink_ack+0xa10/0xa10 [ 2929.921578][T30092] genl_rcv+0x24/0x40 [ 2929.925565][T30092] netlink_unicast+0x533/0x7d0 [ 2929.930342][T30092] ? netlink_attachskb+0x810/0x810 [ 2929.935469][T30092] ? _copy_from_iter_full+0x247/0x890 [ 2929.940855][T30092] ? __phys_addr+0x9a/0x110 [ 2929.945388][T30092] ? __phys_addr_symbol+0x2c/0x70 [ 2929.950432][T30092] ? __check_object_size+0x171/0x3e4 [ 2929.955738][T30092] netlink_sendmsg+0x856/0xd90 [ 2929.960543][T30092] ? netlink_unicast+0x7d0/0x7d0 [ 2929.965501][T30092] ? netlink_unicast+0x7d0/0x7d0 [ 2929.970445][T30092] sock_sendmsg+0xcf/0x120 [ 2929.974960][T30092] ____sys_sendmsg+0x6e8/0x810 [ 2929.979708][T30092] ? kernel_sendmsg+0x50/0x50 [ 2929.984361][T30092] ? do_recvmmsg+0x6d0/0x6d0 [ 2929.988930][T30092] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2929.994884][T30092] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2930.000835][T30092] ? do_user_addr_fault+0x8ce/0xd00 [ 2930.006012][T30092] ___sys_sendmsg+0xf3/0x170 [ 2930.010583][T30092] ? sendmsg_copy_msghdr+0x160/0x160 [ 2930.015846][T30092] ? __fget_files+0x272/0x400 [ 2930.020496][T30092] ? lock_downgrade+0x820/0x820 [ 2930.025330][T30092] ? find_held_lock+0x2d/0x110 [ 2930.030067][T30092] ? __might_fault+0x11f/0x1d0 [ 2930.034809][T30092] ? __fget_files+0x294/0x400 [ 2930.039460][T30092] ? __fget_light+0xea/0x280 [ 2930.044025][T30092] __sys_sendmsg+0xe5/0x1b0 [ 2930.048509][T30092] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2930.053535][T30092] ? __x64_sys_futex+0x382/0x4e0 [ 2930.058457][T30092] ? do_syscall_64+0x1c/0xe0 [ 2930.063018][T30092] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2930.068995][T30092] do_syscall_64+0x60/0xe0 [ 2930.073389][T30092] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2930.079274][T30092] RIP: 0033:0x45c369 [ 2930.083137][T30092] Code: Bad RIP value. [ 2930.087178][T30092] RSP: 002b:00007f4e9bea7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2930.095565][T30092] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2930.103508][T30092] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2930.112755][T30092] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2930.120758][T30092] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2930.128704][T30092] R13: 00007ffd77e9fdcf R14: 00007f4e9bea89c0 R15: 000000000078bf0c [ 2930.179261][T30103] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 2930.197338][T30103] CPU: 1 PID: 30103 Comm: syz-executor.3 Not tainted 5.8.0-rc4-syzkaller #0 [ 2930.206154][T30103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2930.216195][T30103] Call Trace: [ 2930.219466][T30103] dump_stack+0x18f/0x20d [ 2930.223771][T30103] sysfs_warn_dup.cold+0x1c/0x2d [ 2930.228683][T30103] sysfs_do_create_link_sd+0x11e/0x140 [ 2930.234183][T30103] sysfs_create_link+0x5f/0xc0 [ 2930.238930][T30103] device_add+0x6ff/0x1b00 [ 2930.243320][T30103] ? device_check_offline+0x280/0x280 [ 2930.248670][T30103] ? ieee80211_set_bitrate_flags+0x20b/0x5c0 [ 2930.254631][T30103] wiphy_register+0x1d5b/0x2840 [ 2930.259461][T30103] ? wiphy_unregister+0xc10/0xc10 [ 2930.264461][T30103] ? default_device_exit_batch+0x3d0/0x3d0 [ 2930.270245][T30103] ? ieee80211_init_rate_ctrl_alg+0x121/0x500 [ 2930.276288][T30103] ieee80211_register_hw+0x2291/0x3950 [ 2930.281726][T30103] ? ieee80211_restart_hw+0x2f0/0x2f0 [ 2930.287078][T30103] ? lock_downgrade+0x820/0x820 [ 2930.291922][T30103] ? lock_is_held_type+0xb0/0xe0 [ 2930.296838][T30103] ? memset+0x20/0x40 [ 2930.300796][T30103] ? __hrtimer_init+0x12c/0x260 [ 2930.305625][T30103] mac80211_hwsim_new_radio+0x2351/0x4540 [ 2930.311376][T30103] ? hwsim_virtio_rx_work+0x350/0x350 [ 2930.316741][T30103] ? memcpy+0x39/0x60 [ 2930.320721][T30103] hwsim_new_radio_nl+0x93e/0xf8c [ 2930.325734][T30103] ? mac80211_hwsim_new_radio+0x4540/0x4540 [ 2930.331626][T30103] ? genl_family_rcv_msg_attrs_parse.isra.0+0x19a/0x250 [ 2930.338537][T30103] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 2930.345365][T30103] genl_rcv_msg+0x61d/0x980 [ 2930.349853][T30103] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2930.356796][T30103] ? lock_release+0x8d0/0x8d0 [ 2930.361480][T30103] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 2930.366778][T30103] netlink_rcv_skb+0x15a/0x430 [ 2930.371557][T30103] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 2930.378489][T30103] ? netlink_ack+0xa10/0xa10 [ 2930.383067][T30103] genl_rcv+0x24/0x40 [ 2930.387025][T30103] netlink_unicast+0x533/0x7d0 [ 2930.391787][T30103] ? netlink_attachskb+0x810/0x810 [ 2930.396875][T30103] ? _copy_from_iter_full+0x247/0x890 [ 2930.402221][T30103] ? __phys_addr+0x9a/0x110 [ 2930.406697][T30103] ? __phys_addr_symbol+0x2c/0x70 [ 2930.411698][T30103] ? __check_object_size+0x171/0x3e4 [ 2930.416960][T30103] netlink_sendmsg+0x856/0xd90 [ 2930.421701][T30103] ? netlink_unicast+0x7d0/0x7d0 [ 2930.426620][T30103] ? netlink_unicast+0x7d0/0x7d0 [ 2930.431532][T30103] sock_sendmsg+0xcf/0x120 [ 2930.435927][T30103] ____sys_sendmsg+0x6e8/0x810 [ 2930.440666][T30103] ? kernel_sendmsg+0x50/0x50 [ 2930.445315][T30103] ? do_recvmmsg+0x6d0/0x6d0 [ 2930.449881][T30103] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2930.455837][T30103] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 2930.461803][T30103] ___sys_sendmsg+0xf3/0x170 [ 2930.466369][T30103] ? sendmsg_copy_msghdr+0x160/0x160 [ 2930.471646][T30103] ? __fget_files+0x272/0x400 [ 2930.476320][T30103] ? lock_downgrade+0x820/0x820 [ 2930.481156][T30103] ? find_held_lock+0x2d/0x110 [ 2930.485907][T30103] ? __might_fault+0x11f/0x1d0 [ 2930.490718][T30103] ? __fget_files+0x294/0x400 [ 2930.495405][T30103] ? __fget_light+0xea/0x280 [ 2930.499999][T30103] __sys_sendmsg+0xe5/0x1b0 [ 2930.504884][T30103] ? __sys_sendmsg_sock+0xb0/0xb0 [ 2930.509884][T30103] ? __x64_sys_futex+0x382/0x4e0 [ 2930.514802][T30103] ? do_syscall_64+0x1c/0xe0 [ 2930.519515][T30103] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 2930.525474][T30103] do_syscall_64+0x60/0xe0 [ 2930.529956][T30103] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2930.535823][T30103] RIP: 0033:0x45c369 [ 2930.539686][T30103] Code: Bad RIP value. [ 2930.543720][T30103] RSP: 002b:00007f4e9be86c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2930.552102][T30103] RAX: ffffffffffffffda RBX: 000000000002b580 RCX: 000000000045c369 [ 2930.560047][T30103] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 2930.567993][T30103] RBP: 000000000078bfe0 R08: 0000000000000000 R09: 0000000000000000 [ 2930.575941][T30103] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 2930.583884][T30103] R13: 00007ffd77e9fdcf R14: 00007f4e9be879c0 R15: 000000000078bfac [ 2939.316660][ T0] NOHZ: local_softirq_pending 08 [ 2954.034687][ T0] NOHZ: local_softirq_pending 08 [ 2974.512239][ T0] NOHZ: local_softirq_pending 08 [ 2992.429923][ T0] NOHZ: local_softirq_pending 08 [ 3002.669984][ T0] NOHZ: local_softirq_pending 08 [ 3015.470421][ T0] NOHZ: local_softirq_pending 08 [ 3032.747070][ T1150] INFO: task kworker/0:3:2577 blocked for more than 143 seconds. [ 3032.754833][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3032.760858][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3032.769634][ T1150] kworker/0:3 D26552 2577 2 0x00004000 [ 3032.775977][ T1150] Workqueue: events ovs_dp_masks_rebalance [ 3032.781842][ T1150] Call Trace: [ 3032.785127][ T1150] __schedule+0x8e1/0x1eb0 [ 3032.789762][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3032.795043][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3032.801124][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3032.806152][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3032.811334][ T1150] schedule+0xd0/0x2a0 [ 3032.815403][ T1150] schedule_preempt_disabled+0xf/0x20 [ 3032.820820][ T1150] __mutex_lock+0x3e2/0x10d0 [ 3032.825409][ T1150] ? ovs_dp_masks_rebalance+0x18/0x80 [ 3032.830851][ T1150] ? mutex_lock_io_nested+0xf60/0xf60 [ 3032.836215][ T1150] ? lock_release+0x8d0/0x8d0 [ 3032.840959][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3032.846156][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3032.851165][ T1150] ovs_dp_masks_rebalance+0x18/0x80 [ 3032.856356][ T1150] process_one_work+0x94c/0x1670 [ 3032.861344][ T1150] ? lock_release+0x8d0/0x8d0 [ 3032.866015][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3032.871459][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3032.876390][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3032.881649][ T1150] worker_thread+0x64c/0x1120 [ 3032.886356][ T1150] ? process_one_work+0x1670/0x1670 [ 3032.891629][ T1150] kthread+0x3b5/0x4a0 [ 3032.895690][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3032.900880][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3032.905986][ T1150] ret_from_fork+0x1f/0x30 [ 3032.910585][ T1150] INFO: task kworker/0:9:14346 blocked for more than 143 seconds. [ 3032.918449][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3032.924238][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3032.932966][ T1150] kworker/0:9 D27792 14346 2 0x00004000 [ 3032.939387][ T1150] Workqueue: events ovs_dp_masks_rebalance [ 3032.945169][ T1150] Call Trace: [ 3032.948519][ T1150] __schedule+0x8e1/0x1eb0 [ 3032.952945][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3032.958308][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3032.964282][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3032.969374][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3032.974509][ T1150] schedule+0xd0/0x2a0 [ 3032.978635][ T1150] schedule_preempt_disabled+0xf/0x20 [ 3032.984021][ T1150] __mutex_lock+0x3e2/0x10d0 [ 3032.988681][ T1150] ? ovs_dp_masks_rebalance+0x18/0x80 [ 3032.994053][ T1150] ? mutex_lock_io_nested+0xf60/0xf60 [ 3032.999641][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.004322][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3033.009622][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3033.015187][ T1150] ovs_dp_masks_rebalance+0x18/0x80 [ 3033.020465][ T1150] process_one_work+0x94c/0x1670 [ 3033.025404][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.030163][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3033.035535][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3033.040538][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3033.045735][ T1150] worker_thread+0x64c/0x1120 [ 3033.050494][ T1150] ? process_one_work+0x1670/0x1670 [ 3033.055689][ T1150] kthread+0x3b5/0x4a0 [ 3033.059806][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.064912][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.070177][ T1150] ret_from_fork+0x1f/0x30 [ 3033.074627][ T1150] INFO: task kworker/0:13:23069 blocked for more than 143 seconds. [ 3033.082586][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3033.088475][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3033.097189][ T1150] kworker/0:13 D27792 23069 2 0x00004000 [ 3033.103543][ T1150] Workqueue: events ovs_dp_masks_rebalance [ 3033.109413][ T1150] Call Trace: [ 3033.112730][ T1150] __schedule+0x8e1/0x1eb0 [ 3033.117243][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3033.122527][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3033.128582][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3033.133603][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3033.138782][ T1150] schedule+0xd0/0x2a0 [ 3033.142852][ T1150] schedule_preempt_disabled+0xf/0x20 [ 3033.148412][ T1150] __mutex_lock+0x3e2/0x10d0 [ 3033.153108][ T1150] ? ovs_dp_masks_rebalance+0x18/0x80 [ 3033.158548][ T1150] ? mutex_lock_io_nested+0xf60/0xf60 [ 3033.163922][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.168672][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3033.173871][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3033.178883][ T1150] ovs_dp_masks_rebalance+0x18/0x80 [ 3033.184080][ T1150] process_one_work+0x94c/0x1670 [ 3033.189093][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.193764][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3033.199203][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3033.204134][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3033.209548][ T1150] worker_thread+0x64c/0x1120 [ 3033.214225][ T1150] ? process_one_work+0x1670/0x1670 [ 3033.219466][ T1150] kthread+0x3b5/0x4a0 [ 3033.223531][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.228711][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.233817][ T1150] ret_from_fork+0x1f/0x30 [ 3033.238304][ T1150] INFO: task kworker/u4:4:23700 blocked for more than 143 seconds. [ 3033.246179][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3033.252067][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3033.260810][ T1150] kworker/u4:4 D24104 23700 2 0x00004000 [ 3033.267226][ T1150] Workqueue: netns cleanup_net [ 3033.272083][ T1150] Call Trace: [ 3033.275378][ T1150] __schedule+0x8e1/0x1eb0 [ 3033.279882][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3033.285166][ T1150] schedule+0xd0/0x2a0 [ 3033.289481][ T1150] schedule_timeout+0x1d8/0x250 [ 3033.294327][ T1150] ? usleep_range+0x170/0x170 [ 3033.299111][ T1150] ? mark_held_locks+0x9f/0xe0 [ 3033.303914][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3033.309391][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3033.315379][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3033.320525][ T1150] wait_for_completion+0x163/0x260 [ 3033.325738][ T1150] ? wait_for_completion_interruptible+0x2e0/0x2e0 [ 3033.332321][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3033.337600][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3033.343575][ T1150] __flush_work+0x51f/0xab0 [ 3033.348247][ T1150] ? queue_work_node+0x370/0x370 [ 3033.353200][ T1150] ? debug_object_init_on_stack+0x20/0x20 [ 3033.359191][ T1150] ? flush_workqueue_prep_pwqs+0x4f0/0x4f0 [ 3033.365008][ T1150] ? mark_held_locks+0x9f/0xe0 [ 3033.369876][ T1150] ? __cancel_work_timer+0x516/0x700 [ 3033.375173][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3033.381277][ T1150] __cancel_work_timer+0x5de/0x700 [ 3033.386398][ T1150] ? try_to_grab_pending.part.0+0x7d0/0x7d0 [ 3033.392433][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3033.394218][ T0] NOHZ: local_softirq_pending 08 [ 3033.397538][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3033.407742][ T1150] ? __dp_destroy+0x325/0x430 [ 3033.412418][ T1150] ovs_exit_net+0x25c/0xba0 [ 3033.417130][ T1150] ? synchronize_rcu+0x10a/0x180 [ 3033.422072][ T1150] ? synchronize_rcu_expedited+0x5f0/0x5f0 [ 3033.427940][ T1150] ? rcu_qs+0x110/0x110 [ 3033.432096][ T1150] ? ovs_dp_cmd_del+0x270/0x270 [ 3033.437013][ T1150] ? ovs_dp_cmd_del+0x270/0x270 [ 3033.441874][ T1150] ops_exit_list+0xb0/0x160 [ 3033.446377][ T1150] cleanup_net+0x4ea/0xa00 [ 3033.450888][ T1150] ? __schedule+0x887/0x1eb0 [ 3033.455484][ T1150] ? ops_free_list.part.0+0x3d0/0x3d0 [ 3033.461009][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3033.465964][ T1150] process_one_work+0x94c/0x1670 [ 3033.471273][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.475975][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3033.481433][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3033.486373][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3033.491640][ T1150] worker_thread+0x64c/0x1120 [ 3033.496327][ T1150] ? process_one_work+0x1670/0x1670 [ 3033.501581][ T1150] kthread+0x3b5/0x4a0 [ 3033.505652][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.510852][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.515971][ T1150] ret_from_fork+0x1f/0x30 [ 3033.520516][ T1150] INFO: task kworker/0:21:24792 blocked for more than 144 seconds. [ 3033.528486][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3033.534277][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3033.543005][ T1150] kworker/0:21 D27640 24792 2 0x00004000 [ 3033.549474][ T1150] Workqueue: events ovs_dp_masks_rebalance [ 3033.555265][ T1150] Call Trace: [ 3033.558610][ T1150] __schedule+0x8e1/0x1eb0 [ 3033.563028][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3033.568373][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3033.574348][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3033.579435][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3033.584674][ T1150] schedule+0xd0/0x2a0 [ 3033.588806][ T1150] schedule_preempt_disabled+0xf/0x20 [ 3033.594171][ T1150] __mutex_lock+0x3e2/0x10d0 [ 3033.598818][ T1150] ? ovs_dp_masks_rebalance+0x18/0x80 [ 3033.604190][ T1150] ? mutex_lock_io_nested+0xf60/0xf60 [ 3033.609644][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.614319][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3033.619571][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3033.624506][ T1150] ovs_dp_masks_rebalance+0x18/0x80 [ 3033.629924][ T1150] process_one_work+0x94c/0x1670 [ 3033.634877][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.639634][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3033.645007][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3033.650009][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3033.655205][ T1150] worker_thread+0x64c/0x1120 [ 3033.659975][ T1150] ? __kthread_parkme+0x13f/0x1e0 [ 3033.664994][ T1150] ? process_one_work+0x1670/0x1670 [ 3033.670235][ T1150] kthread+0x3b5/0x4a0 [ 3033.674453][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.679641][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.684749][ T1150] ret_from_fork+0x1f/0x30 [ 3033.689272][ T1150] INFO: task kworker/0:34:25686 blocked for more than 144 seconds. [ 3033.697231][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3033.703037][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3033.712646][ T1150] kworker/0:34 D28568 25686 2 0x00004000 [ 3033.719078][ T1150] Workqueue: events ovs_dp_masks_rebalance [ 3033.724869][ T1150] Call Trace: [ 3033.728263][ T1150] __schedule+0x8e1/0x1eb0 [ 3033.732778][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3033.738130][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3033.744112][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3033.749206][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3033.754318][ T1150] schedule+0xd0/0x2a0 [ 3033.758459][ T1150] schedule_preempt_disabled+0xf/0x20 [ 3033.763913][ T1150] __mutex_lock+0x3e2/0x10d0 [ 3033.768555][ T1150] ? ovs_dp_masks_rebalance+0x18/0x80 [ 3033.773931][ T1150] ? mutex_lock_io_nested+0xf60/0xf60 [ 3033.779370][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.784082][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3033.789348][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3033.794290][ T1150] ovs_dp_masks_rebalance+0x18/0x80 [ 3033.799569][ T1150] process_one_work+0x94c/0x1670 [ 3033.804507][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.809251][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3033.814638][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3033.819642][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3033.824848][ T1150] worker_thread+0x64c/0x1120 [ 3033.829590][ T1150] ? process_one_work+0x1670/0x1670 [ 3033.834784][ T1150] kthread+0x3b5/0x4a0 [ 3033.839077][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.844224][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3033.849469][ T1150] ret_from_fork+0x1f/0x30 [ 3033.853939][ T1150] INFO: task kworker/0:38:27682 blocked for more than 144 seconds. [ 3033.861922][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3033.867812][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3033.876473][ T1150] kworker/0:38 D27792 27682 2 0x00004000 [ 3033.882856][ T1150] Workqueue: events ovs_dp_masks_rebalance [ 3033.888733][ T1150] Call Trace: [ 3033.892025][ T1150] __schedule+0x8e1/0x1eb0 [ 3033.896422][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3033.901746][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3033.907822][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3033.912845][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3033.918020][ T1150] schedule+0xd0/0x2a0 [ 3033.922104][ T1150] schedule_preempt_disabled+0xf/0x20 [ 3033.927548][ T1150] __mutex_lock+0x3e2/0x10d0 [ 3033.932136][ T1150] ? ovs_dp_masks_rebalance+0x18/0x80 [ 3033.937580][ T1150] ? mutex_lock_io_nested+0xf60/0xf60 [ 3033.942948][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.947711][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3033.952908][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3033.957943][ T1150] ovs_dp_masks_rebalance+0x18/0x80 [ 3033.963142][ T1150] process_one_work+0x94c/0x1670 [ 3033.968162][ T1150] ? lock_release+0x8d0/0x8d0 [ 3033.972848][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3033.978299][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3033.983235][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3033.988502][ T1150] worker_thread+0x64c/0x1120 [ 3033.993187][ T1150] ? __kthread_parkme+0x13f/0x1e0 [ 3033.998279][ T1150] ? process_one_work+0x1670/0x1670 [ 3034.003477][ T1150] kthread+0x3b5/0x4a0 [ 3034.007616][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3034.012719][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3034.017911][ T1150] ret_from_fork+0x1f/0x30 [ 3034.022372][ T1150] INFO: task kworker/0:39:27904 blocked for more than 144 seconds. [ 3034.030642][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3034.036448][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3034.045170][ T1150] kworker/0:39 D28624 27904 2 0x00004000 [ 3034.051714][ T1150] Workqueue: events ovs_dp_masks_rebalance [ 3034.057559][ T1150] Call Trace: [ 3034.060863][ T1150] __schedule+0x8e1/0x1eb0 [ 3034.065271][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3034.070622][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3034.076674][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3034.081707][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3034.086910][ T1150] schedule+0xd0/0x2a0 [ 3034.090973][ T1150] schedule_preempt_disabled+0xf/0x20 [ 3034.096318][ T1150] __mutex_lock+0x3e2/0x10d0 [ 3034.100966][ T1150] ? ovs_dp_masks_rebalance+0x18/0x80 [ 3034.106344][ T1150] ? mutex_lock_io_nested+0xf60/0xf60 [ 3034.111931][ T1150] ? lock_release+0x8d0/0x8d0 [ 3034.116799][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3034.122000][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3034.127011][ T1150] ovs_dp_masks_rebalance+0x18/0x80 [ 3034.132207][ T1150] process_one_work+0x94c/0x1670 [ 3034.137222][ T1150] ? lock_release+0x8d0/0x8d0 [ 3034.141901][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3034.147376][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3034.152310][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3034.158366][ T1150] worker_thread+0x64c/0x1120 [ 3034.163069][ T1150] ? __kthread_parkme+0x13f/0x1e0 [ 3034.168158][ T1150] ? process_one_work+0x1670/0x1670 [ 3034.173351][ T1150] kthread+0x3b5/0x4a0 [ 3034.177474][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3034.182576][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3034.188132][ T1150] ret_from_fork+0x1f/0x30 [ 3034.192578][ T1150] INFO: task kworker/0:42:28605 blocked for more than 144 seconds. [ 3034.200529][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3034.206315][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3034.215024][ T1150] kworker/0:42 D27672 28605 2 0x00004000 [ 3034.221454][ T1150] Workqueue: events ovs_dp_masks_rebalance [ 3034.227327][ T1150] Call Trace: [ 3034.230615][ T1150] __schedule+0x8e1/0x1eb0 [ 3034.235008][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3034.240368][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3034.246346][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3034.251427][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3034.256786][ T1150] schedule+0xd0/0x2a0 [ 3034.260876][ T1150] schedule_preempt_disabled+0xf/0x20 [ 3034.266325][ T1150] __mutex_lock+0x3e2/0x10d0 [ 3034.270981][ T1150] ? ovs_dp_masks_rebalance+0x18/0x80 [ 3034.276421][ T1150] ? mutex_lock_io_nested+0xf60/0xf60 [ 3034.281879][ T1150] ? lock_release+0x8d0/0x8d0 [ 3034.286644][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3034.291841][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3034.296847][ T1150] ovs_dp_masks_rebalance+0x18/0x80 [ 3034.302049][ T1150] process_one_work+0x94c/0x1670 [ 3034.307096][ T1150] ? lock_release+0x8d0/0x8d0 [ 3034.311774][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3034.317235][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3034.322188][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3034.327474][ T1150] worker_thread+0x64c/0x1120 [ 3034.332292][ T1150] ? process_one_work+0x1670/0x1670 [ 3034.337559][ T1150] kthread+0x3b5/0x4a0 [ 3034.341632][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3034.347052][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3034.352188][ T1150] ret_from_fork+0x1f/0x30 [ 3034.356693][ T1150] INFO: task kworker/0:43:28606 blocked for more than 144 seconds. [ 3034.364583][ T1150] Not tainted 5.8.0-rc4-syzkaller #0 [ 3034.374000][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3034.382835][ T1150] kworker/0:43 D27720 28606 2 0x00004000 [ 3034.389258][ T1150] Workqueue: events ovs_dp_masks_rebalance [ 3034.395051][ T1150] Call Trace: [ 3034.398420][ T1150] __schedule+0x8e1/0x1eb0 [ 3034.402835][ T1150] ? io_schedule_timeout+0x140/0x140 [ 3034.408186][ T1150] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 3034.414166][ T1150] ? trace_hardirqs_on+0x5f/0x220 [ 3034.419234][ T1150] ? lockdep_hardirqs_on+0x6a/0xe0 [ 3034.424433][ T1150] schedule+0xd0/0x2a0 [ 3034.428609][ T1150] schedule_preempt_disabled+0xf/0x20 [ 3034.433980][ T1150] __mutex_lock+0x3e2/0x10d0 [ 3034.438636][ T1150] ? ovs_dp_masks_rebalance+0x18/0x80 [ 3034.444001][ T1150] ? mutex_lock_io_nested+0xf60/0xf60 [ 3034.449443][ T1150] ? lock_release+0x8d0/0x8d0 [ 3034.454111][ T1150] ? _raw_spin_unlock_irq+0x1f/0x80 [ 3034.459362][ T1150] ? lock_is_held_type+0xb0/0xe0 [ 3034.464294][ T1150] ovs_dp_masks_rebalance+0x18/0x80 [ 3034.469733][ T1150] process_one_work+0x94c/0x1670 [ 3034.474832][ T1150] ? lock_release+0x8d0/0x8d0 [ 3034.479557][ T1150] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 3034.484932][ T1150] ? rwlock_bug.part.0+0x90/0x90 [ 3034.489935][ T1150] ? lockdep_hardirqs_off+0x66/0xa0 [ 3034.495128][ T1150] worker_thread+0x64c/0x1120 [ 3034.499875][ T1150] ? process_one_work+0x1670/0x1670 [ 3034.505070][ T1150] kthread+0x3b5/0x4a0 [ 3034.509313][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3034.514416][ T1150] ? __kthread_bind_mask+0xc0/0xc0 [ 3034.519589][ T1150] ret_from_fork+0x1f/0x30 [ 3034.524310][ T1150] [ 3034.524310][ T1150] Showing all locks held in the system: [ 3034.532126][ T1150] 3 locks held by kworker/0:0/5: [ 3034.537121][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.547560][ T1150] #1: ffffc90000cbfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.560302][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.569946][ T1150] 1 lock held by khungtaskd/1150: [ 3034.574950][ T1150] #0: ffffffff89bc0ec0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 3034.584814][ T1150] 3 locks held by kworker/1:3/2512: [ 3034.590165][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.600717][ T1150] #1: ffffc90008607da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.613472][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.623214][ T1150] 3 locks held by kworker/0:3/2577: [ 3034.628481][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.638903][ T1150] #1: ffffc90008897da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.651656][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.661312][ T1150] 3 locks held by kworker/1:5/3840: [ 3034.666823][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.677602][ T1150] #1: ffffc90001c57da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.690362][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.700012][ T1150] 3 locks held by kworker/1:7/3842: [ 3034.705212][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.715666][ T1150] #1: ffffc90001ca7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.728581][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.738211][ T1150] 1 lock held by in:imklog/6495: [ 3034.743141][ T1150] #0: ffff88809c42fe30 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 3034.752366][ T1150] 3 locks held by kworker/0:7/19351: [ 3034.757723][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.768104][ T1150] #1: ffffc900016c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.780865][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.790498][ T1150] 3 locks held by kworker/1:0/17201: [ 3034.795764][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.806169][ T1150] #1: ffffc900017b7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.818957][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.828585][ T1150] 3 locks held by kworker/0:2/17271: [ 3034.833860][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.844273][ T1150] #1: ffffc90001667da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.857081][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.866728][ T1150] 3 locks held by kworker/1:2/18964: [ 3034.872004][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.882411][ T1150] #1: ffffc90001957da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.895333][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.905002][ T1150] 3 locks held by kworker/0:5/9793: [ 3034.910285][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.920680][ T1150] #1: ffffc90001757da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.933432][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.943088][ T1150] 3 locks held by kworker/1:1/30742: [ 3034.948444][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.958846][ T1150] #1: ffffc90001897da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3034.971582][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3034.981220][ T1150] 3 locks held by kworker/0:1/8172: [ 3034.986410][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3034.996861][ T1150] #1: ffffc90004a57da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.009605][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.019256][ T1150] 3 locks held by kworker/0:4/8173: [ 3035.024438][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.034814][ T1150] #1: ffffc90004a37da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.047569][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.057226][ T1150] 3 locks held by kworker/0:8/8573: [ 3035.062419][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.072837][ T1150] #1: ffffc9000816fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.085694][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.095398][ T1150] 3 locks held by kworker/0:9/14346: [ 3035.100947][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.111383][ T1150] #1: ffffc900016e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.124130][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.133758][ T1150] 3 locks held by kworker/0:10/15333: [ 3035.139199][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.149638][ T1150] #1: ffffc900167ffda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.162421][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.172018][ T1150] 3 locks held by kworker/1:4/22336: [ 3035.177357][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.187754][ T1150] #1: ffffc9000814fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.200530][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.210168][ T1150] 3 locks held by kworker/1:6/22630: [ 3035.215575][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.225960][ T1150] #1: ffffc90001787da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.239543][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.249166][ T1150] 3 locks held by kworker/1:8/22636: [ 3035.254443][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.264851][ T1150] #1: ffffc900018d7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.277629][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.287419][ T1150] 3 locks held by kworker/1:9/22637: [ 3035.292696][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.303239][ T1150] #1: ffffc90001857da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.317348][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.327076][ T1150] 3 locks held by kworker/1:10/22639: [ 3035.332436][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.342869][ T1150] #1: ffffc90001a67da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.355661][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.365276][ T1150] 3 locks held by kworker/0:11/23066: [ 3035.370718][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.381128][ T1150] #1: ffffc90006557da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.394090][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.403756][ T1150] 3 locks held by kworker/0:12/23068: [ 3035.409206][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.419734][ T1150] #1: ffffc900056c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.432490][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.442104][ T1150] 3 locks held by kworker/0:13/23069: [ 3035.447535][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.457930][ T1150] #1: ffffc90006577da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.470717][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.480443][ T1150] 3 locks held by kworker/0:14/23070: [ 3035.485805][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.496199][ T1150] #1: ffffc90006587da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.508986][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.518613][ T1150] 3 locks held by kworker/1:11/23393: [ 3035.523972][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.534508][ T1150] #1: ffffc900084e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.547276][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.557003][ T1150] 4 locks held by kworker/u4:4/23700: [ 3035.562409][ T1150] #0: ffff8880a97ad138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.572730][ T1150] #1: ffffc90005677da8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.582791][ T1150] #2: ffffffff8a7adbb0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xa00 [ 3035.592222][ T1150] #3: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_exit_net+0x1de/0xba0 [ 3035.601144][ T1150] 3 locks held by kworker/1:12/24033: [ 3035.606556][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.616987][ T1150] #1: ffffc90008627da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.629752][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.639369][ T1150] 3 locks held by kworker/1:14/24039: [ 3035.644720][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.655121][ T1150] #1: ffffc90008647da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.667908][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.677525][ T1150] 3 locks held by kworker/0:15/24118: [ 3035.682903][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.693297][ T1150] #1: ffffc90001827da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.706065][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.715782][ T1150] 3 locks held by kworker/1:15/24274: [ 3035.721224][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.731605][ T1150] #1: ffffc90004187da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.744517][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.754150][ T1150] 3 locks held by kworker/1:16/24275: [ 3035.759602][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.769998][ T1150] #1: ffffc90004197da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.782750][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.792759][ T1150] 3 locks held by kworker/1:17/24276: [ 3035.798222][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.808635][ T1150] #1: ffffc900041a7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.821389][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.831034][ T1150] 3 locks held by kworker/1:18/24278: [ 3035.836435][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.846865][ T1150] #1: ffffc900041b7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.859629][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.869304][ T1150] 3 locks held by kworker/1:19/24279: [ 3035.874664][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.885073][ T1150] #1: ffffc90004137da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.897928][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.907560][ T1150] 3 locks held by kworker/1:20/24280: [ 3035.912927][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.923319][ T1150] #1: ffffc900041c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.936092][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.945702][ T1150] 3 locks held by kworker/1:21/24284: [ 3035.951323][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3035.961768][ T1150] #1: ffffc900029e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3035.974531][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3035.984158][ T1150] 3 locks held by kworker/0:16/24776: [ 3035.989624][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.000026][ T1150] #1: ffffc90004517da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.012796][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.022411][ T1150] 3 locks held by kworker/0:17/24777: [ 3036.027865][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.038280][ T1150] #1: ffffc90002587da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.051019][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.060626][ T1150] 3 locks held by kworker/0:18/24789: [ 3036.065983][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.076414][ T1150] #1: ffffc90004757da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.089198][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.098823][ T1150] 3 locks held by kworker/0:19/24790: [ 3036.104188][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.114598][ T1150] #1: ffffc900044d7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.127362][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.137058][ T1150] 3 locks held by kworker/0:20/24791: [ 3036.142424][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.152839][ T1150] #1: ffffc900044e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.165754][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.175361][ T1150] 3 locks held by kworker/0:21/24792: [ 3036.180808][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.191292][ T1150] #1: ffffc90004777da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.204133][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.213736][ T1150] 3 locks held by kworker/1:22/24986: [ 3036.219182][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.229619][ T1150] #1: ffffc900057f7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.242414][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.252029][ T1150] 3 locks held by kworker/1:23/25053: [ 3036.257468][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.267946][ T1150] #1: ffffc9000802fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.280820][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.290470][ T1150] 3 locks held by kworker/1:24/25054: [ 3036.295835][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.306235][ T1150] #1: ffffc9000803fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.319026][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.328681][ T1150] 3 locks held by kworker/1:25/25055: [ 3036.334036][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.344462][ T1150] #1: ffffc9000804fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.357283][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.367084][ T1150] 3 locks held by kworker/1:26/25056: [ 3036.372443][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.383073][ T1150] #1: ffffc9000805fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.395973][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.405672][ T1150] 3 locks held by kworker/1:27/25057: [ 3036.411117][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.421500][ T1150] #1: ffffc9000806fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.434474][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.444164][ T1150] 3 locks held by kworker/1:28/25059: [ 3036.449625][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.460024][ T1150] #1: ffffc9000808fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.472778][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.482417][ T1150] 3 locks held by kworker/1:29/25060: [ 3036.487875][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.498277][ T1150] #1: ffffc9000809fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.511136][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.521000][ T1150] 3 locks held by kworker/1:30/25061: [ 3036.526459][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.536894][ T1150] #1: ffffc900080afda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.549746][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.559405][ T1150] 3 locks held by kworker/1:31/25235: [ 3036.564761][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.575141][ T1150] #1: ffffc900041d7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.588126][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.597757][ T1150] 3 locks held by kworker/1:32/25424: [ 3036.603108][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.613509][ T1150] #1: ffffc90005757da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.626292][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.635908][ T1150] 3 locks held by kworker/1:34/25427: [ 3036.641316][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.651759][ T1150] #1: ffffc90005797da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.664486][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.674118][ T1150] 3 locks held by kworker/1:35/25428: [ 3036.679554][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.689993][ T1150] #1: ffffc90005167da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.702735][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.712379][ T1150] 3 locks held by kworker/1:36/25429: [ 3036.717827][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.728241][ T1150] #1: ffffc90005177da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.740985][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.750957][ T1150] 3 locks held by kworker/1:37/25431: [ 3036.756566][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.767005][ T1150] #1: ffffc900057a7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.779773][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.789478][ T1150] 3 locks held by kworker/1:38/25432: [ 3036.794833][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.805378][ T1150] #1: ffffc900057b7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.818146][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.827803][ T1150] 3 locks held by kworker/1:39/25433: [ 3036.833159][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.843539][ T1150] #1: ffffc90004d87da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.856378][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.865945][ T1150] 3 locks held by kworker/1:40/25434: [ 3036.871363][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.881786][ T1150] #1: ffffc900057c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.894521][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.904150][ T1150] 3 locks held by kworker/1:41/25436: [ 3036.909567][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.919997][ T1150] #1: ffffc900057e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.932730][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.942380][ T1150] 3 locks held by kworker/1:42/25439: [ 3036.947808][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.958214][ T1150] #1: ffffc90005817da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3036.970970][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3036.980587][ T1150] 3 locks held by kworker/1:43/25447: [ 3036.985993][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3036.996411][ T1150] #1: ffffc90005897da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.009341][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.018969][ T1150] 3 locks held by kworker/0:22/25452: [ 3037.024329][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.034711][ T1150] #1: ffffc90005827da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.047496][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.057138][ T1150] 3 locks held by kworker/0:23/25454: [ 3037.062501][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.072891][ T1150] #1: ffffc900058f7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.085656][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.095264][ T1150] 3 locks held by kworker/0:24/25456: [ 3037.100701][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.111112][ T1150] #1: ffffc90005937da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.123859][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.133481][ T1150] 3 locks held by kworker/0:25/25457: [ 3037.138923][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.149349][ T1150] #1: ffffc900064e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.162201][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.171803][ T1150] 3 locks held by kworker/0:26/25458: [ 3037.177249][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.187666][ T1150] #1: ffffc90004e87da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.200410][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.210021][ T1150] 3 locks held by kworker/0:27/25459: [ 3037.215383][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.225946][ T1150] #1: ffffc90005867da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.239089][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.248753][ T1150] 3 locks held by kworker/0:28/25460: [ 3037.254110][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.264638][ T1150] #1: ffffc900064f7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.277403][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.287044][ T1150] 3 locks held by kworker/0:29/25463: [ 3037.292406][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.302819][ T1150] #1: ffffc90004ef7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.315689][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.325411][ T1150] 3 locks held by kworker/0:30/25679: [ 3037.330840][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.341229][ T1150] #1: ffffc90008877da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.353956][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.363592][ T1150] 3 locks held by kworker/0:31/25681: [ 3037.369155][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.379565][ T1150] #1: ffffc900088c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.392419][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.402063][ T1150] 3 locks held by kworker/0:32/25683: [ 3037.407502][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.417923][ T1150] #1: ffffc900088d7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.431257][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.440903][ T1150] 3 locks held by kworker/0:33/25684: [ 3037.446345][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.456763][ T1150] #1: ffffc900088e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.469708][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.479437][ T1150] 3 locks held by kworker/0:34/25686: [ 3037.484800][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.495428][ T1150] #1: ffffc90008907da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.508191][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.517807][ T1150] 3 locks held by kworker/0:35/25688: [ 3037.523159][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.533537][ T1150] #1: ffffc90008917da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.546318][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.555882][ T1150] 3 locks held by kworker/1:44/25987: [ 3037.561290][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.571694][ T1150] #1: ffffc900164f7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.584427][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.594199][ T1150] 3 locks held by kworker/1:45/26521: [ 3037.599643][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.610113][ T1150] #1: ffffc90001917da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.622850][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.632616][ T1150] 3 locks held by kworker/1:46/26526: [ 3037.638188][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.648614][ T1150] #1: ffffc90001947da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.661363][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.671001][ T1150] 3 locks held by kworker/1:47/26762: [ 3037.676437][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.686857][ T1150] #1: ffffc90004dffda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.700042][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.709674][ T1150] 3 locks held by kworker/1:48/26764: [ 3037.715037][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.725426][ T1150] #1: ffffc900056ffda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.738216][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.747868][ T1150] 3 locks held by kworker/1:49/26769: [ 3037.753221][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.763596][ T1150] #1: ffffc90005157da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.776375][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.785950][ T1150] 3 locks held by kworker/1:50/26770: [ 3037.791401][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.801813][ T1150] #1: ffffc90005747da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.814543][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.824173][ T1150] 3 locks held by kworker/1:51/26771: [ 3037.829586][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.840026][ T1150] #1: ffffc90005807da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.852913][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.862548][ T1150] 3 locks held by kworker/1:52/26772: [ 3037.868292][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.878695][ T1150] #1: ffffc90005837da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.891443][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.901094][ T1150] 3 locks held by kworker/1:53/26774: [ 3037.906541][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.916962][ T1150] #1: ffffc90005857da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.929705][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.939335][ T1150] 3 locks held by kworker/1:54/26775: [ 3037.944703][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.955100][ T1150] #1: ffffc90005887da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3037.967845][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3037.977505][ T1150] 3 locks held by kworker/1:55/26776: [ 3037.982862][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3037.993247][ T1150] #1: ffffc900058c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.006019][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.015630][ T1150] 3 locks held by kworker/1:56/26777: [ 3038.021091][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.031472][ T1150] #1: ffffc900058e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.044219][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.053827][ T1150] 3 locks held by kworker/1:57/26778: [ 3038.059426][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.069854][ T1150] #1: ffffc90005907da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.082612][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.092223][ T1150] 3 locks held by kworker/1:58/26779: [ 3038.097659][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.108073][ T1150] #1: ffffc90006517da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.120951][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.130585][ T1150] 3 locks held by kworker/1:59/26780: [ 3038.135953][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.146349][ T1150] #1: ffffc90006527da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.159130][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.168777][ T1150] 3 locks held by kworker/1:60/26781: [ 3038.174132][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.184515][ T1150] #1: ffffc90006547da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.197301][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.206967][ T1150] 3 locks held by kworker/1:61/26782: [ 3038.212326][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.222707][ T1150] #1: ffffc90006567da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.235464][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.245113][ T1150] 3 locks held by kworker/1:62/26783: [ 3038.250556][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.260956][ T1150] #1: ffffc900065a7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.273914][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.283732][ T1150] 3 locks held by kworker/1:63/26784: [ 3038.289148][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.299532][ T1150] #1: ffffc900065b7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.312300][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.321910][ T1150] 3 locks held by kworker/1:64/26785: [ 3038.327423][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.337816][ T1150] #1: ffffc900065c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.350788][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.360573][ T1150] 3 locks held by kworker/1:65/26786: [ 3038.365958][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.376337][ T1150] #1: ffffc900065e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.389213][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.398829][ T1150] 3 locks held by kworker/1:66/26787: [ 3038.404194][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.414601][ T1150] #1: ffffc900065f7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.427340][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.436964][ T1150] 3 locks held by kworker/1:67/26788: [ 3038.442328][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.452758][ T1150] #1: ffffc90006607da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.465531][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.475266][ T1150] 3 locks held by kworker/1:68/26789: [ 3038.480846][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.491249][ T1150] #1: ffffc90006617da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.504001][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.513888][ T1150] 3 locks held by kworker/0:36/26837: [ 3038.519345][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.529758][ T1150] #1: ffffc900051a7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.547478][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.557131][ T1150] 3 locks held by kworker/1:69/27157: [ 3038.562485][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.572868][ T1150] #1: ffffc900093dfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.585649][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.595321][ T1150] 3 locks held by kworker/1:70/27359: [ 3038.600766][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.611163][ T1150] #1: ffffc900167cfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.623925][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.633528][ T1150] 3 locks held by kworker/1:71/27360: [ 3038.638965][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.649354][ T1150] #1: ffffc9001676fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.662106][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.671723][ T1150] 3 locks held by kworker/1:72/27361: [ 3038.677164][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.688771][ T1150] #1: ffffc900167dfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.701558][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.711206][ T1150] 3 locks held by kworker/1:73/27362: [ 3038.716719][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.727134][ T1150] #1: ffffc900167efda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.739876][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.749591][ T1150] 3 locks held by kworker/1:74/27369: [ 3038.755034][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.765409][ T1150] #1: ffffc900167afda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.778197][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.787863][ T1150] 3 locks held by kworker/1:75/27371: [ 3038.793225][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.803622][ T1150] #1: ffffc9001685fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.816376][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.825938][ T1150] 3 locks held by kworker/0:37/27561: [ 3038.831454][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.841971][ T1150] #1: ffffc90017247da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.854847][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.864470][ T1150] 3 locks held by kworker/0:38/27682: [ 3038.869918][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.880358][ T1150] #1: ffffc900178cfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.893102][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.902901][ T1150] 3 locks held by kworker/0:39/27904: [ 3038.908310][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.918740][ T1150] #1: ffffc90002507da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.931514][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.941163][ T1150] 3 locks held by kworker/0:40/28601: [ 3038.946595][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.957004][ T1150] #1: ffffc900163e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3038.969779][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3038.979423][ T1150] 3 locks held by kworker/0:41/28604: [ 3038.984776][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3038.995163][ T1150] #1: ffffc9001645fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.007931][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.017568][ T1150] 3 locks held by kworker/0:42/28605: [ 3039.022921][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.033321][ T1150] #1: ffffc9001646fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.046072][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.055679][ T1150] 3 locks held by kworker/0:43/28606: [ 3039.061130][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.071524][ T1150] #1: ffffc9001647fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.084309][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.094036][ T1150] 3 locks held by kworker/0:44/28608: [ 3039.099506][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.110064][ T1150] #1: ffffc9001649fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.122859][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.132484][ T1150] 3 locks held by kworker/0:45/28831: [ 3039.137926][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.148359][ T1150] #1: ffffc9001705fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.161116][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.170744][ T1150] 3 locks held by kworker/0:46/28832: [ 3039.176108][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.186559][ T1150] #1: ffffc90016fafda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.199335][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.208969][ T1150] 3 locks held by kworker/0:47/29249: [ 3039.214320][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.224722][ T1150] #1: ffffc90002527da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.237507][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.247139][ T1150] 3 locks held by kworker/0:48/29252: [ 3039.252502][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.262910][ T1150] #1: ffffc90002a07da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.275664][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.285293][ T1150] 3 locks held by kworker/0:49/29256: [ 3039.290744][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.301147][ T1150] #1: ffffc90002a27da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.314008][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.323771][ T1150] 3 locks held by kworker/0:50/30250: [ 3039.329213][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.339644][ T1150] #1: ffffc90008597da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.352398][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.362060][ T1150] 3 locks held by kworker/0:51/30857: [ 3039.367494][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.377910][ T1150] #1: ffffc90004477da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.390721][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.400473][ T1150] 3 locks held by kworker/0:52/30858: [ 3039.405827][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.416233][ T1150] #1: ffffc90004487da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.429000][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.438666][ T1150] 3 locks held by kworker/0:53/31041: [ 3039.444044][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.454442][ T1150] #1: ffffc900029f7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.467212][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.476841][ T1150] 3 locks held by kworker/0:54/31324: [ 3039.482211][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.492786][ T1150] #1: ffffc9000807fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.505780][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.515419][ T1150] 3 locks held by kworker/0:55/31547: [ 3039.520903][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.531445][ T1150] #1: ffffc90004ab7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.544218][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.554351][ T1150] 3 locks held by kworker/0:56/31549: [ 3039.559843][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.570272][ T1150] #1: ffffc90004ac7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.583030][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.592685][ T1150] 3 locks held by kworker/0:57/31550: [ 3039.598128][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.608648][ T1150] #1: ffffc90004ad7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.621405][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.631186][ T1150] 3 locks held by kworker/0:58/31551: [ 3039.636654][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.647787][ T1150] #1: ffffc90004ae7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.660540][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.670181][ T1150] 3 locks held by kworker/0:59/31553: [ 3039.675585][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.685998][ T1150] #1: ffffc90004b07da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.698790][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.708411][ T1150] 3 locks held by kworker/0:60/31554: [ 3039.713806][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.724218][ T1150] #1: ffffc90004b17da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.737150][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.746826][ T1150] 3 locks held by kworker/0:61/31557: [ 3039.752184][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.762582][ T1150] #1: ffffc90004d67da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.775342][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.785098][ T1150] 3 locks held by kworker/0:62/31560: [ 3039.790894][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.801290][ T1150] #1: ffffc90004447da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.814058][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.823718][ T1150] 3 locks held by kworker/0:63/31562: [ 3039.829151][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.839564][ T1150] #1: ffffc90004d77da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.852536][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.862182][ T1150] 3 locks held by kworker/0:64/31563: [ 3039.867689][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.878115][ T1150] #1: ffffc90004a97da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.890859][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.900518][ T1150] 3 locks held by kworker/0:65/31564: [ 3039.905869][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.916261][ T1150] #1: ffffc90004d97da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.929052][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.938680][ T1150] 3 locks held by kworker/0:66/31565: [ 3039.944047][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.955212][ T1150] #1: ffffc90004da7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3039.968013][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3039.977701][ T1150] 3 locks held by kworker/0:67/31566: [ 3039.983091][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3039.993478][ T1150] #1: ffffc90004db7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.006245][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.015812][ T1150] 3 locks held by kworker/0:68/31567: [ 3040.021223][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.031676][ T1150] #1: ffffc90004dc7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.044424][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.054060][ T1150] 3 locks held by kworker/0:69/31568: [ 3040.059503][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.069907][ T1150] #1: ffffc90004dd7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.082652][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.092301][ T1150] 3 locks held by kworker/0:70/31569: [ 3040.097760][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.108157][ T1150] #1: ffffc90004de7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.120907][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.130551][ T1150] 3 locks held by kworker/0:71/31571: [ 3040.135904][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.146313][ T1150] #1: ffffc90004e1fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.159239][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.168867][ T1150] 3 locks held by kworker/0:72/32369: [ 3040.174247][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.184639][ T1150] #1: ffffc90005617da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.197413][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.207064][ T1150] 3 locks held by kworker/0:73/32564: [ 3040.212423][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.222818][ T1150] #1: ffffc90002a77da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.235587][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.245212][ T1150] 3 locks held by kworker/0:74/32565: [ 3040.250641][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.261037][ T1150] #1: ffffc90002a87da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.274155][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.283908][ T1150] 3 locks held by kworker/0:75/32568: [ 3040.289346][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.299760][ T1150] #1: ffffc90003897da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.312526][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.322157][ T1150] 3 locks held by kworker/0:76/514: [ 3040.327532][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.337936][ T1150] #1: ffffc90008a67da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.350831][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.360464][ T1150] 3 locks held by kworker/0:77/515: [ 3040.365665][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.376226][ T1150] #1: ffffc90008a77da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.388982][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.398617][ T1150] 3 locks held by kworker/1:76/808: [ 3040.403808][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.414211][ T1150] #1: ffffc9001618fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.427184][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.436828][ T1150] 3 locks held by kworker/1:77/809: [ 3040.442020][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.452497][ T1150] #1: ffffc9001619fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.465309][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.475121][ T1150] 3 locks held by kworker/1:78/810: [ 3040.480478][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.490899][ T1150] #1: ffffc900161afda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.503686][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.513296][ T1150] 3 locks held by kworker/1:79/812: [ 3040.518576][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.529048][ T1150] #1: ffffc900161cfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.541802][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.551429][ T1150] 3 locks held by kworker/1:80/813: [ 3040.556689][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.567079][ T1150] #1: ffffc900161dfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.579852][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.589783][ T1150] 3 locks held by kworker/1:81/814: [ 3040.594977][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.605421][ T1150] #1: ffffc900161efda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.618435][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.628080][ T1150] 3 locks held by kworker/1:82/815: [ 3040.633270][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.643732][ T1150] #1: ffffc900161ffda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.656487][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.666130][ T1150] 3 locks held by kworker/1:83/816: [ 3040.671322][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.681912][ T1150] #1: ffffc9001620fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.694661][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.704280][ T1150] 3 locks held by kworker/1:84/817: [ 3040.709548][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.719934][ T1150] #1: ffffc9001621fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.732708][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.742324][ T1150] 3 locks held by kworker/1:85/821: [ 3040.747599][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.758014][ T1150] #1: ffffc9000d6bfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.770757][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.780395][ T1150] 3 locks held by kworker/1:86/825: [ 3040.785579][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.795969][ T1150] #1: ffffc9001624fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.808878][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.818507][ T1150] 3 locks held by kworker/1:87/1136: [ 3040.823775][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.834170][ T1150] #1: ffffc90016fe7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.847040][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.856822][ T1150] 3 locks held by kworker/0:78/1172: [ 3040.862094][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.872568][ T1150] #1: ffffc900170dfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.885326][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.894958][ T1150] 3 locks held by kworker/0:79/1173: [ 3040.900335][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.910793][ T1150] #1: ffffc900171efda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.923611][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.933233][ T1150] 3 locks held by kworker/0:80/1174: [ 3040.938598][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.949017][ T1150] #1: ffffc900171ffda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.961755][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3040.971377][ T1150] 3 locks held by kworker/0:81/1175: [ 3040.976722][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3040.987120][ T1150] #1: ffffc9001720fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3040.999897][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.009513][ T1150] 3 locks held by kworker/0:82/1176: [ 3041.014786][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.025326][ T1150] #1: ffffc9001721fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.038114][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.047753][ T1150] 3 locks held by kworker/0:83/1177: [ 3041.053021][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.063391][ T1150] #1: ffffc9001722fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.076222][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.085788][ T1150] 3 locks held by kworker/0:84/1178: [ 3041.091108][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.101526][ T1150] #1: ffffc90017257da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.114256][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.123898][ T1150] 3 locks held by kworker/0:85/1181: [ 3041.129231][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.139697][ T1150] #1: ffffc90017287da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.152920][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.162581][ T1150] 3 locks held by kworker/0:86/1182: [ 3041.167920][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.178382][ T1150] #1: ffffc90017297da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.191135][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.200855][ T1150] 3 locks held by kworker/0:87/1183: [ 3041.206177][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.216603][ T1150] #1: ffffc900172a7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.229564][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.239219][ T1150] 3 locks held by kworker/0:88/1184: [ 3041.244493][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.254877][ T1150] #1: ffffc900172b7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.267666][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.277310][ T1150] 3 locks held by kworker/0:89/1185: [ 3041.282602][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.292992][ T1150] #1: ffffc900172c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.305756][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.315413][ T1150] 3 locks held by kworker/0:90/1186: [ 3041.320765][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.331185][ T1150] #1: ffffc900172d7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.343942][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.353547][ T1150] 3 locks held by kworker/0:91/1187: [ 3041.358930][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.369348][ T1150] #1: ffffc900172e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.382102][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.392049][ T1150] 3 locks held by kworker/0:92/1188: [ 3041.397438][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.407854][ T1150] #1: ffffc900172f7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.420588][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.430236][ T1150] 3 locks held by kworker/0:93/1189: [ 3041.435516][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.446106][ T1150] #1: ffffc90017307da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.458878][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.468668][ T1150] 3 locks held by kworker/0:94/1190: [ 3041.473956][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.484379][ T1150] #1: ffffc90017317da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.497165][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.506819][ T1150] 3 locks held by kworker/0:95/1191: [ 3041.517137][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.527726][ T1150] #1: ffffc90017327da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.540512][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.550121][ T1150] 3 locks held by kworker/0:96/1192: [ 3041.555394][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.565787][ T1150] #1: ffffc90017337da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.578587][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.588206][ T1150] 3 locks held by kworker/0:97/1193: [ 3041.593479][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.603856][ T1150] #1: ffffc90017347da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.616622][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.626430][ T1150] 3 locks held by kworker/0:98/1194: [ 3041.631716][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.642196][ T1150] #1: ffffc90017357da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.655087][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.664703][ T1150] 3 locks held by kworker/0:99/1197: [ 3041.670136][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.680511][ T1150] #1: ffffc90017377da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.693268][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.702874][ T1150] 3 locks held by kworker/0:100/1201: [ 3041.708417][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.718911][ T1150] #1: ffffc900170cfda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.731665][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.741353][ T1150] 3 locks held by kworker/0:101/1203: [ 3041.746834][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.757250][ T1150] #1: ffffc90017147da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.770077][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.779712][ T1150] 3 locks held by kworker/0:102/1204: [ 3041.785071][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.795440][ T1150] #1: ffffc9001706fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.808200][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.817822][ T1150] 3 locks held by kworker/0:103/1205: [ 3041.823186][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.833603][ T1150] #1: ffffc9001707fda8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.846467][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.856250][ T1150] 3 locks held by kworker/0:104/1206: [ 3041.861609][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.872049][ T1150] #1: ffffc90017387da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.884828][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.894423][ T1150] 3 locks held by kworker/0:105/1207: [ 3041.899863][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.910319][ T1150] #1: ffffc90017397da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.923106][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.932701][ T1150] 3 locks held by kworker/0:106/1208: [ 3041.938143][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.948634][ T1150] #1: ffffc900173a7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.961417][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3041.971041][ T1150] 3 locks held by kworker/0:107/1209: [ 3041.976481][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3041.986887][ T1150] #1: ffffc900173b7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3041.999662][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.009284][ T1150] 3 locks held by kworker/0:108/1210: [ 3042.014653][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.025044][ T1150] #1: ffffc900173c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.038258][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.047915][ T1150] 3 locks held by kworker/0:109/1211: [ 3042.053274][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.063661][ T1150] #1: ffffc900173d7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.076603][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.086251][ T1150] 3 locks held by kworker/0:110/1212: [ 3042.091606][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.101992][ T1150] #1: ffffc900173e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.114741][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.124393][ T1150] 3 locks held by kworker/0:111/1213: [ 3042.129815][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.140210][ T1150] #1: ffffc900173f7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.152989][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.162623][ T1150] 3 locks held by kworker/0:112/1214: [ 3042.168048][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.178454][ T1150] #1: ffffc90017407da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.191207][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.200847][ T1150] 3 locks held by kworker/0:113/1215: [ 3042.206307][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.216726][ T1150] #1: ffffc90017417da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.229487][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.239145][ T1150] 3 locks held by kworker/0:114/1216: [ 3042.244501][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.255010][ T1150] #1: ffffc90017427da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.267777][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.277410][ T1150] 3 locks held by kworker/0:115/1217: [ 3042.282773][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.293338][ T1150] #1: ffffc90017437da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.306098][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.315654][ T1150] 3 locks held by kworker/0:116/1218: [ 3042.321098][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.331500][ T1150] #1: ffffc90017447da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.344262][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.354193][ T1150] 3 locks held by kworker/0:117/1219: [ 3042.359647][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.370054][ T1150] #1: ffffc90017457da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.382792][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.392436][ T1150] 3 locks held by kworker/0:118/1220: [ 3042.397970][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.408376][ T1150] #1: ffffc90017467da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.421149][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.430875][ T1150] 3 locks held by kworker/0:119/1221: [ 3042.436402][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.446838][ T1150] #1: ffffc90017477da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.459628][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.469256][ T1150] 3 locks held by kworker/0:120/1222: [ 3042.474861][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.485264][ T1150] #1: ffffc90017487da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.498207][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.507894][ T1150] 3 locks held by kworker/0:121/1223: [ 3042.513261][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.523751][ T1150] #1: ffffc90017497da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.536559][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.546197][ T1150] 3 locks held by kworker/0:122/1224: [ 3042.551559][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.561959][ T1150] #1: ffffc900174a7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.574886][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.584522][ T1150] 3 locks held by kworker/0:123/1225: [ 3042.590021][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.600656][ T1150] #1: ffffc900174b7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.613418][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.623059][ T1150] 3 locks held by kworker/0:124/1226: [ 3042.628525][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.638959][ T1150] #1: ffffc900174c7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.651764][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.661543][ T1150] 3 locks held by kworker/0:125/1227: [ 3042.667149][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.677579][ T1150] #1: ffffc900174d7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.690342][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.699960][ T1150] 3 locks held by kworker/0:126/1228: [ 3042.705319][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.715904][ T1150] #1: ffffc900174e7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.728703][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.738383][ T1150] 3 locks held by kworker/0:127/1229: [ 3042.743753][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 3042.754186][ T1150] #1: ffffc900174f7da8 ((work_completion)(&(&dp->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 3042.766950][ T1150] #2: ffffffff8aa5e9a8 (ovs_mutex){+.+.}-{3:3}, at: ovs_dp_masks_rebalance+0x18/0x80 [ 3042.776591][ T1150] 3 locks held by kworker/0:128/1230: [ 3042.781951][ T1150] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670