BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 1caa46067 P4D 1caa46067 PUD 1d22a9067 PMD 0 Oops: 0010 [#1] SMP KASAN CPU: 0 PID: 15897 Comm: syz-executor5 Not tainted 4.17.0+ #83 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010: (null) Code: Bad RIP value. RSP: 0018:ffff8801b23ef590 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8801d92b4800 RCX: 1ffffffff10ea785 RDX: ffff8801b23efab0 RSI: ffff8801b2d4ca40 RDI: ffff8801d6d7c080 RBP: ffff8801b23ef700 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003647deb7 R13: ffff8801b23efab0 R14: ffff8801d92b4812 R15: ffff8801d92b4c58 FS: 00007f423eed9700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 00000001d68d6000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ieee80211 !: Selected rate control algorithm 'minstrel_ht' sock_poll+0x1d1/0x710 net/socket.c:1156 vfs_poll+0x77/0x2a0 fs/select.c:40 do_pollfd fs/select.c:848 [inline] do_poll fs/select.c:896 [inline] do_sys_poll+0x6fd/0x1100 fs/select.c:990 netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. __do_sys_poll fs/select.c:1048 [inline] __se_sys_poll fs/select.c:1036 [inline] __x64_sys_poll+0x189/0x510 fs/select.c:1036 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 sysfs: cannot create duplicate filename '/class/ieee80211/!' entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4559f9 Code: 1d ba fb CPU: 1 PID: 15938 Comm: syz-executor3 Not tainted 4.17.0+ #83 ff Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 c3 Call Trace: 66 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 2e 0f 1f sysfs_warn_dup.cold.3+0x1c/0x2b fs/sysfs/dir.c:30 84 sysfs_do_create_link_sd.isra.2+0x116/0x130 fs/sysfs/symlink.c:50 00 00 sysfs_do_create_link fs/sysfs/symlink.c:79 [inline] sysfs_create_link+0x65/0xc0 fs/sysfs/symlink.c:91 00 device_add_class_symlinks drivers/base/core.c:1632 [inline] device_add+0x5c9/0x16f0 drivers/base/core.c:1834 00 00 66 wiphy_register+0x182e/0x24e0 net/wireless/core.c:813 90 48 89 f8 48 89 f7 48 ieee80211_register_hw+0x13cd/0x35d0 net/mac80211/main.c:1050 89 d6 mac80211_hwsim_new_radio+0x1da2/0x33b0 drivers/net/wireless/mac80211_hwsim.c:2772 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c hwsim_new_radio_nl+0x7b8/0xa60 drivers/net/wireless/mac80211_hwsim.c:3247 24 08 0f 05 genl_family_rcv_msg+0x889/0x1120 net/netlink/genetlink.c:599 <48> 3d 01 f0 ff ff 0f 83 eb genl_rcv_msg+0xc6/0x170 net/netlink/genetlink.c:624 b9 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2448 fb ff c3 66 genl_rcv+0x28/0x40 net/netlink/genetlink.c:635 2e netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x58b/0x740 net/netlink/af_netlink.c:1336 0f 1f 84 00 00 netlink_sendmsg+0x9f0/0xfa0 net/netlink/af_netlink.c:1901 00 00 RSP: 002b:00007f423eed8c68 EFLAGS: 00000246 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:643 ORIG_RAX: 0000000000000007 ___sys_sendmsg+0x805/0x940 net/socket.c:2149 RAX: ffffffffffffffda RBX: 00007f423eed96d4 RCX: 00000000004559f9 RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000020000040 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000004c03b8 R14: 00000000004cf6e8 R15: 0000000000000000 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) CR2: 0000000000000000 ---[ end trace 085609b9e90136a5 ]--- RIP: 0010: (null) __sys_sendmsg+0x115/0x270 net/socket.c:2187 Code: Bad RIP value. __do_sys_sendmsg net/socket.c:2196 [inline] __se_sys_sendmsg net/socket.c:2194 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2194 RSP: 0018:ffff8801b23ef590 EFLAGS: 00010246 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 RAX: 0000000000000000 RBX: ffff8801d92b4800 RCX: 1ffffffff10ea785 RDX: ffff8801b23efab0 RSI: ffff8801b2d4ca40 RDI: ffff8801d6d7c080 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4559f9 RBP: ffff8801b23ef700 R08: 0000000000000001 R09: 0000000000000000 Code: 1d ba fb ff c3 66 R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003647deb7 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 R13: ffff8801b23efab0 R14: ffff8801d92b4812 R15: ffff8801d92b4c58 fb ff c3 66 2e 0f FS: 00007f423eed9700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 1f 84 00 00 00 00 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RSP: 002b:00007f493ebadc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f493ebae6d4 RCX: 00000000004559f9 CR2: ffffffffffffffd6 CR3: 00000001d68d6000 CR4: 00000000001406f0 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000016 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 R13: 00000000004c0bd3 R14: 00000000004d0420 R15: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400