====================================================== WARNING: possible circular locking dependency detected 4.19.87-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/12533 is trying to acquire lock: 000000005ff059c1 (&mm->mmap_sem){++++}, at: __might_fault+0xfb/0x1e0 mm/memory.c:4637 but task is already holding lock: 0000000060076f60 (&rp->fetch_lock){+.+.}, at: mon_bin_read+0x60/0x640 drivers/usb/mon/mon_bin.c:813 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&rp->fetch_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:925 [inline] __mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 mon_bin_vma_fault+0x73/0x2d0 drivers/usb/mon/mon_bin.c:1237 __do_fault+0x111/0x480 mm/memory.c:3269 kobject: 'kvm' (0000000093adbde0): kobject_uevent_env do_cow_fault mm/memory.c:3710 [inline] do_fault mm/memory.c:3812 [inline] handle_pte_fault mm/memory.c:4041 [inline] __handle_mm_fault+0xf6d/0x3f80 mm/memory.c:4165 handle_mm_fault+0x1b5/0x690 mm/memory.c:4202 faultin_page mm/gup.c:530 [inline] __get_user_pages+0x609/0x1860 mm/gup.c:730 populate_vma_page_range+0x20d/0x2a0 mm/gup.c:1234 kobject: 'kvm' (0000000093adbde0): kobject_uevent_env __mm_populate+0x204/0x380 mm/gup.c:1282 mm_populate include/linux/mm.h:2323 [inline] vm_mmap_pgoff+0x213/0x230 mm/util.c:362 kobject: 'kvm' (0000000093adbde0): fill_kobj_path: path = '/devices/virtual/misc/kvm' ksys_mmap_pgoff+0x4aa/0x630 mm/mmap.c:1586 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&mm->mmap_sem){++++}: kobject: 'kvm' (0000000093adbde0): fill_kobj_path: path = '/devices/virtual/misc/kvm' lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903 __might_fault mm/memory.c:4638 [inline] __might_fault+0x15e/0x1e0 mm/memory.c:4623 _copy_to_user+0x30/0x120 lib/usercopy.c:25 copy_to_user include/linux/uaccess.h:155 [inline] mon_bin_read+0x329/0x640 drivers/usb/mon/mon_bin.c:825 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x490/0x640 fs/read_write.c:925 vfs_readv+0xf0/0x160 fs/read_write.c:987 do_preadv+0x1c4/0x280 fs/read_write.c:1071 __do_sys_preadv fs/read_write.c:1121 [inline] __se_sys_preadv fs/read_write.c:1116 [inline] __x64_sys_preadv+0x9a/0xf0 fs/read_write.c:1116 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&rp->fetch_lock); lock(&mm->mmap_sem); lock(&rp->fetch_lock); lock(&mm->mmap_sem); *** DEADLOCK *** 1 lock held by syz-executor.5/12533: #0: 0000000060076f60 (&rp->fetch_lock){+.+.}, at: mon_bin_read+0x60/0x640 drivers/usb/mon/mon_bin.c:813 stack backtrace: CPU: 0 PID: 12533 Comm: syz-executor.5 Not tainted 4.19.87-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1221 check_prev_add kernel/locking/lockdep.c:1861 [inline] check_prevs_add kernel/locking/lockdep.c:1974 [inline] validate_chain kernel/locking/lockdep.c:2415 [inline] __lock_acquire+0x2e19/0x49c0 kernel/locking/lockdep.c:3411 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903 __might_fault mm/memory.c:4638 [inline] __might_fault+0x15e/0x1e0 mm/memory.c:4623 _copy_to_user+0x30/0x120 lib/usercopy.c:25 copy_to_user include/linux/uaccess.h:155 [inline] mon_bin_read+0x329/0x640 drivers/usb/mon/mon_bin.c:825 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x490/0x640 fs/read_write.c:925 vfs_readv+0xf0/0x160 fs/read_write.c:987 do_preadv+0x1c4/0x280 fs/read_write.c:1071 __do_sys_preadv fs/read_write.c:1121 [inline] __se_sys_preadv fs/read_write.c:1116 [inline] __x64_sys_preadv+0x9a/0xf0 fs/read_write.c:1116 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a679 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f8cc3b7dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a679 RDX: 0000000000000001 RSI: 0000000020000840 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8cc3b7e6d4 R13: 00000000004c89a0 R14: 00000000004dff88 R15: 00000000ffffffff kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. vhci_hcd: default hub control req: 0000 v0000 i0000 l0 kobject: 'kvm' (0000000093adbde0): kobject_uevent_env kobject: 'kvm' (0000000093adbde0): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env vhci_hcd: default hub control req: 0000 v0000 i0000 l0 kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'kvm' (0000000093adbde0): kobject_uevent_env kobject: 'kvm' (0000000093adbde0): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop3' (000000005da096ea): kobject_uevent_env vhci_hcd: default hub control req: 0000 v0000 i0000 l0 kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'kvm' (0000000093adbde0): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'kvm' (0000000093adbde0): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'kvm' (0000000093adbde0): kobject_uevent_env kobject: 'kvm' (0000000093adbde0): kobject_uevent_env kobject: 'kvm' (0000000093adbde0): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'kvm' (0000000093adbde0): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop2' (000000008ada322f): kobject_uevent_env usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' vhci_hcd: default hub control req: 0000 v0000 i0000 l0 kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. vhci_hcd: default hub control req: 0000 v0000 i0000 l0 kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. vhci_hcd: default hub control req: 0000 v0000 i0000 l0 kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env kobject: 'hwsim17' (0000000002bc1c8b): kobject_add_internal: parent: 'mac80211_hwsim', set: 'devices' kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. kobject: 'hwsim17' (0000000002bc1c8b): kobject_uevent_env netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. kobject: 'hwsim17' (0000000002bc1c8b): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17' kobject: 'loop3' (000000005da096ea): kobject_uevent_env netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. kobject: 'hwsim17' (0000000002bc1c8b): kobject_uevent_env kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'nr0' (000000006d2df79d): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'hwsim17' (0000000002bc1c8b): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'nr0' (000000006d2df79d): kobject_uevent_env kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'nr0' (000000006d2df79d): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (000000003aa4bb79): kobject_add_internal: parent: 'nr0', set: '' kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'queues' (000000003aa4bb79): kobject_uevent_env kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'queues' (000000003aa4bb79): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000de45660f): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'rx-0' (00000000de45660f): kobject_uevent_env kobject: 'rx-0' (00000000de45660f): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'tx-0' (00000000bd2c3dd4): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'tx-0' (00000000bd2c3dd4): kobject_uevent_env kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env kobject: 'tx-0' (00000000bd2c3dd4): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'ieee80211' (000000000360943f): kobject_add_internal: parent: 'hwsim17', set: '(null)' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'þ€!' (00000000252e9a48): kobject_add_internal: parent: 'ieee80211', set: 'devices' kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'þ€!' (00000000252e9a48): kobject_uevent_env kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'þ€!' (00000000252e9a48): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17/ieee80211/þ€!' kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'rfkill28' (000000005555cc71): kobject_add_internal: parent: 'þ€!', set: 'devices' kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'rfkill28' (000000005555cc71): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'rfkill28' (000000005555cc71): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17/ieee80211/þ€!/rfkill28' kobject: 'loop2' (000000008ada322f): kobject_uevent_env device nr0 entered promiscuous mode kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'rx-0' (00000000de45660f): kobject_cleanup, parent 000000003aa4bb79 kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'rx-0' (00000000de45660f): auto cleanup 'remove' event kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'rx-0' (00000000de45660f): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'rx-0' (00000000de45660f): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'rx-0' (00000000de45660f): auto cleanup kobject_del kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'rx-0' (00000000de45660f): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (00000000bd2c3dd4): kobject_cleanup, parent 000000003aa4bb79 kobject: 'tx-0' (00000000bd2c3dd4): auto cleanup 'remove' event kobject: 'tx-0' (00000000bd2c3dd4): kobject_uevent_env kobject: 'tx-0' (00000000bd2c3dd4): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (00000000bd2c3dd4): auto cleanup kobject_del kobject: 'tx-0' (00000000bd2c3dd4): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (000000003aa4bb79): kobject_cleanup, parent (null) kobject: 'queues' (000000003aa4bb79): calling ktype release kobject: 'queues' (000000003aa4bb79): kset_release kobject: 'queues': free name kobject: 'nr0' (000000006d2df79d): kobject_uevent_env kobject: 'nr0' (000000006d2df79d): fill_kobj_path: path = '/devices/virtual/net/nr0' ieee80211 þ€!: Selected rate control algorithm 'minstrel_ht' kobject: 'net' (0000000030d2566e): kobject_add_internal: parent: 'hwsim17', set: '(null)' kobject: 'wlan0' (0000000054c1ea92): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'wlan0' (0000000054c1ea92): kobject_uevent_env kobject: 'wlan0' (0000000054c1ea92): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17/net/wlan0' kobject: 'queues' (0000000065467f80): kobject_add_internal: parent: 'wlan0', set: '' kobject: 'queues' (0000000065467f80): kobject_uevent_env kobject: 'queues' (0000000065467f80): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000101f029e): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000101f029e): kobject_uevent_env kobject: 'rx-0' (00000000101f029e): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17/net/wlan0/queues/rx-0' kobject: 'tx-0' (00000000c375872f): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000c375872f): kobject_uevent_env kobject: 'tx-0' (00000000c375872f): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17/net/wlan0/queues/tx-0' kobject: 'tx-1' (00000000e352b57a): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-1' (00000000e352b57a): kobject_uevent_env kobject: 'tx-1' (00000000e352b57a): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17/net/wlan0/queues/tx-1' kobject: 'tx-2' (000000005641f664): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-2' (000000005641f664): kobject_uevent_env kobject: 'tx-2' (000000005641f664): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17/net/wlan0/queues/tx-2' kobject: 'tx-3' (00000000fa834c40): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-3' (00000000fa834c40): kobject_uevent_env kobject: 'tx-3' (00000000fa834c40): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim17/net/wlan0/queues/tx-3' kobject: 'batman_adv' (000000007e2aaaf7): kobject_add_internal: parent: 'wlan0', set: '' kobject: 'nr0' (000000006d2df79d): kobject_cleanup, parent (null) kobject: 'nr0' (000000006d2df79d): calling ktype release kobject: 'nr0': free name kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'hwsim18' (0000000076c4bcfb): kobject_add_internal: parent: 'mac80211_hwsim', set: 'devices' kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'hwsim18' (0000000076c4bcfb): kobject_uevent_env kobject: 'nr0' (0000000029398e69): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'nr0' (0000000029398e69): kobject_uevent_env kobject: 'hwsim18' (0000000076c4bcfb): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim18' kobject: 'nr0' (0000000029398e69): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'hwsim18' (0000000076c4bcfb): kobject_uevent_env kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'queues' (000000006eeb97c3): kobject_add_internal: parent: 'nr0', set: '' kobject: 'hwsim18' (0000000076c4bcfb): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim18' kobject: 'queues' (000000006eeb97c3): kobject_uevent_env kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'queues' (000000006eeb97c3): kobject_uevent_env: filter function caused the event to drop! kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'rx-0' (00000000343cfa6b): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'rx-0' (00000000343cfa6b): kobject_uevent_env kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'rx-0' (00000000343cfa6b): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'tx-0' (00000000a3f46f7a): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000a3f46f7a): kobject_uevent_env kobject: 'tx-0' (00000000a3f46f7a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'rx-0' (00000000343cfa6b): kobject_cleanup, parent 000000006eeb97c3 kobject: 'rx-0' (00000000343cfa6b): auto cleanup 'remove' event kobject: 'rx-0' (00000000343cfa6b): kobject_uevent_env kobject: 'rx-0' (00000000343cfa6b): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (00000000343cfa6b): auto cleanup kobject_del kobject: 'rx-0' (00000000343cfa6b): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (00000000a3f46f7a): kobject_cleanup, parent 000000006eeb97c3 kobject: 'tx-0' (00000000a3f46f7a): auto cleanup 'remove' event kobject: 'tx-0' (00000000a3f46f7a): kobject_uevent_env kobject: 'tx-0' (00000000a3f46f7a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (00000000a3f46f7a): auto cleanup kobject_del kobject: 'tx-0' (00000000a3f46f7a): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (000000006eeb97c3): kobject_cleanup, parent (null) kobject: 'queues' (000000006eeb97c3): calling ktype release kobject: 'queues' (000000006eeb97c3): kset_release kobject: 'queues': free name kobject: 'nr0' (0000000029398e69): kobject_uevent_env kobject: 'nr0' (0000000029398e69): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'ieee80211' (0000000033dc69ff): kobject_add_internal: parent: 'hwsim18', set: '(null)' kobject: 'þ€!' (0000000008bc6993): kobject_add_internal: parent: 'ieee80211', set: 'devices' sysfs: cannot create duplicate filename '/class/ieee80211/þ€!' CPU: 1 PID: 13244 Comm: syz-executor.4 Not tainted 4.19.87-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 sysfs_warn_dup.cold+0x1c/0x31 fs/sysfs/dir.c:30 sysfs_do_create_link_sd.isra.0+0x118/0x130 fs/sysfs/symlink.c:50 sysfs_do_create_link fs/sysfs/symlink.c:79 [inline] sysfs_create_link+0x65/0xc0 fs/sysfs/symlink.c:91 device_add_class_symlinks drivers/base/core.c:1749 [inline] device_add+0x7ce/0x1760 drivers/base/core.c:1951 wiphy_register+0x16fa/0x21d0 net/wireless/core.c:832 ieee80211_register_hw+0x156e/0x3800 net/mac80211/main.c:1092 mac80211_hwsim_new_radio+0x1d83/0x3df0 drivers/net/wireless/mac80211_hwsim.c:2896 hwsim_new_radio_nl+0x5eb/0x893 drivers/net/wireless/mac80211_hwsim.c:3374 genl_family_rcv_msg+0x6db/0xd30 net/netlink/genetlink.c:602 genl_rcv_msg+0xca/0x170 net/netlink/genetlink.c:627 netlink_rcv_skb+0x17d/0x460 net/netlink/af_netlink.c:2454 genl_rcv+0x29/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x53a/0x730 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x8ae/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x803/0x920 net/socket.c:2115 __sys_sendmsg+0x105/0x1d0 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a679 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fa2030f2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2030f36d4 R13: 00000000004c96dc R14: 00000000004e1410 R15: 00000000ffffffff kobject: 'þ€!' (0000000008bc6993): kobject_uevent_env kobject: 'þ€!' (0000000008bc6993): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim18/ieee80211/þ€!' kobject: 'ieee80211' (0000000033dc69ff): kobject_cleanup, parent (null) kobject: 'ieee80211' (0000000033dc69ff): calling ktype release kobject: 'ieee80211': free name kobject: 'hwsim18' (0000000076c4bcfb): kobject_uevent_env kobject: 'nr0' (0000000029398e69): kobject_cleanup, parent (null) kobject: 'hwsim18' (0000000076c4bcfb): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim18' kobject: 'nr0' (0000000029398e69): calling ktype release kobject: 'hwsim18' (0000000076c4bcfb): kobject_uevent_env kobject: 'nr0': free name kobject: 'hwsim18' (0000000076c4bcfb): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim18' kobject: 'hwsim18' (0000000076c4bcfb): kobject_cleanup, parent (null) kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'hwsim18' (0000000076c4bcfb): calling ktype release kobject: 'hwsim18': free name kobject: 'loop3' (000000005da096ea): kobject_uevent_env netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'þ€!' (0000000008bc6993): kobject_cleanup, parent (null) kobject: 'nr0' (0000000062763438): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'þ€!' (0000000008bc6993): calling ktype release kobject: 'nr0' (0000000062763438): kobject_uevent_env kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: '(null)' (000000002b840561): kobject_cleanup, parent (null) kobject: 'nr0' (0000000062763438): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'queues' (000000007c2d4a17): kobject_add_internal: parent: 'nr0', set: '' kobject: '(null)' (000000002b840561): calling ktype release kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'þ€!': free name kobject: 'queues' (000000007c2d4a17): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'queues' (000000007c2d4a17): kobject_uevent_env: filter function caused the event to drop! kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'rx-0' (00000000f6a0980c): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'rx-0' (00000000f6a0980c): kobject_uevent_env kobject: 'rx-0' (00000000f6a0980c): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'tx-0' (000000004abaf11e): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (000000004abaf11e): kobject_uevent_env kobject: 'loop2' (000000008ada322f): kobject_uevent_env kobject: 'tx-0' (000000004abaf11e): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'loop2' (000000008ada322f): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'nr0' (00000000c2b10a7c): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'loop3' (000000005da096ea): kobject_uevent_env kobject: 'nr0' (00000000c2b10a7c): kobject_uevent_env kobject: 'loop3' (000000005da096ea): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'nr0' (00000000c2b10a7c): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (00000000e2b7e102): kobject_add_internal: parent: 'nr0', set: '' kobject: 'queues' (00000000e2b7e102): kobject_uevent_env kobject: 'queues' (00000000e2b7e102): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (000000004f1d1808): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (000000004f1d1808): kobject_uevent_env kobject: 'rx-0' (000000004f1d1808): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (0000000050799aa6): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (0000000050799aa6): kobject_uevent_env kobject: 'tx-0' (0000000050799aa6): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' device nr0 entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. kobject: 'hwsim19' (000000006894c745): kobject_add_internal: parent: 'mac80211_hwsim', set: 'devices' netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. device nr0 entered promiscuous mode kobject: 'hwsim19' (000000006894c745): kobject_uevent_env kobject: 'hwsim19' (000000006894c745): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim19' kobject: 'hwsim19' (000000006894c745): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): kobject_uevent_env kobject: 'loop1' (0000000023c1b3b7): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'hwsim19' (000000006894c745): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim19' kobject: 'rx-0' (00000000f6a0980c): kobject_cleanup, parent 000000007c2d4a17 kobject: 'rx-0' (00000000f6a0980c): auto cleanup 'remove' event kobject: 'rx-0' (00000000f6a0980c): kobject_uevent_env kobject: 'rx-0' (00000000f6a0980c): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (00000000f6a0980c): auto cleanup kobject_del kobject: 'rx-0' (00000000f6a0980c): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (000000004abaf11e): kobject_cleanup, parent 000000007c2d4a17 kobject: 'tx-0' (000000004abaf11e): auto cleanup 'remove' event kobject: 'tx-0' (000000004abaf11e): kobject_uevent_env kobject: 'tx-0' (000000004abaf11e): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (000000004abaf11e): auto cleanup kobject_del kobject: 'tx-0' (000000004abaf11e): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (000000007c2d4a17): kobject_cleanup, parent (null) kobject: 'queues' (000000007c2d4a17): calling ktype release kobject: 'queues' (000000007c2d4a17): kset_release kobject: 'queues': free name kobject: 'nr0' (0000000062763438): kobject_uevent_env kobject: 'nr0' (0000000062763438): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'rx-0' (000000004f1d1808): kobject_cleanup, parent 00000000e2b7e102 kobject: 'rx-0' (000000004f1d1808): auto cleanup 'remove' event kobject: 'rx-0' (000000004f1d1808): kobject_uevent_env kobject: 'rx-0' (000000004f1d1808): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (000000004f1d1808): auto cleanup kobject_del kobject: 'rx-0' (000000004f1d1808): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (0000000050799aa6): kobject_cleanup, parent 00000000e2b7e102 kobject: 'tx-0' (0000000050799aa6): auto cleanup 'remove' event kobject: 'tx-0' (0000000050799aa6): kobject_uevent_env kobject: 'tx-0' (0000000050799aa6): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (0000000050799aa6): auto cleanup kobject_del kobject: 'tx-0' (0000000050799aa6): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (00000000e2b7e102): kobject_cleanup, parent (null) kobject: 'queues' (00000000e2b7e102): calling ktype release kobject: 'queues' (00000000e2b7e102): kset_release kobject: 'queues': free name kobject: 'nr0' (00000000c2b10a7c): kobject_uevent_env kobject: 'nr0' (00000000c2b10a7c): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'ieee80211' (00000000e24d4cd5): kobject_add_internal: parent: 'hwsim19', set: '(null)' kobject: 'þ€!' (0000000029279ff0): kobject_add_internal: parent: 'ieee80211', set: 'devices' sysfs: cannot create duplicate filename '/class/ieee80211/þ€!' CPU: 1 PID: 13282 Comm: syz-executor.4 Not tainted 4.19.87-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 sysfs_warn_dup.cold+0x1c/0x31 fs/sysfs/dir.c:30 sysfs_do_create_link_sd.isra.0+0x118/0x130 fs/sysfs/symlink.c:50 sysfs_do_create_link fs/sysfs/symlink.c:79 [inline] sysfs_create_link+0x65/0xc0 fs/sysfs/symlink.c:91 device_add_class_symlinks drivers/base/core.c:1749 [inline] device_add+0x7ce/0x1760 drivers/base/core.c:1951 wiphy_register+0x16fa/0x21d0 net/wireless/core.c:832 ieee80211_register_hw+0x156e/0x3800 net/mac80211/main.c:1092 mac80211_hwsim_new_radio+0x1d83/0x3df0 drivers/net/wireless/mac80211_hwsim.c:2896 hwsim_new_radio_nl+0x5eb/0x893 drivers/net/wireless/mac80211_hwsim.c:3374 genl_family_rcv_msg+0x6db/0xd30 net/netlink/genetlink.c:602 genl_rcv_msg+0xca/0x170 net/netlink/genetlink.c:627 netlink_rcv_skb+0x17d/0x460 net/netlink/af_netlink.c:2454 genl_rcv+0x29/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x53a/0x730 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x8ae/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x803/0x920 net/socket.c:2115 __sys_sendmsg+0x105/0x1d0 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a679 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fa2030f2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2030f36d4 R13: 00000000004c96dc R14: 00000000004e1410 R15: 00000000ffffffff kobject: 'þ€!' (0000000029279ff0): kobject_uevent_env kobject: 'þ€!' (0000000029279ff0): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim19/ieee80211/þ€!' kobject: 'ieee80211' (00000000e24d4cd5): kobject_cleanup, parent (null) kobject: 'ieee80211' (00000000e24d4cd5): calling ktype release kobject: 'ieee80211': free name kobject: 'nr0' (0000000062763438): kobject_cleanup, parent (null) kobject: 'nr0' (00000000c2b10a7c): kobject_cleanup, parent (null) kobject: 'nr0' (0000000062763438): calling ktype release kobject: 'nr0': free name kobject: 'nr0' (00000000c2b10a7c): calling ktype release kobject: 'hwsim19' (000000006894c745): kobject_uevent_env kobject: 'hwsim19' (000000006894c745): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim19' kobject: 'hwsim19' (000000006894c745): kobject_uevent_env kobject: 'nr0': free name kobject: 'hwsim19' (000000006894c745): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim19' kobject: 'loop0' (0000000057b8d9e2): kobject_uevent_env kobject: 'hwsim19' (000000006894c745): kobject_cleanup, parent (null) kobject: 'loop0' (0000000057b8d9e2): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'hwsim19' (000000006894c745): calling ktype release kobject: 'hwsim19': free name kobject: 'loop5' (000000003fde3fc5): kobject_uevent_env kobject: 'þ€!' (0000000029279ff0): kobject_cleanup, parent (null) kobject: 'nr0' (0000000097563bf3): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'loop5' (000000003fde3fc5): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'nr0' (0000000097563bf3): kobject_uevent_env kobject: 'nr0' (0000000097563bf3): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'þ€!' (0000000029279ff0): calling ktype release kobject: 'queues' (00000000a67a3312): kobject_add_internal: parent: 'nr0', set: '' kobject: '(null)' (00000000abc08570): kobject_cleanup, parent (null) kobject: 'queues' (00000000a67a3312): kobject_uevent_env kobject: '(null)' (00000000abc08570): calling ktype release kobject: 'queues' (00000000a67a3312): kobject_uevent_env: filter function caused the event to drop! kobject: 'þ€!': free name kobject: 'rx-0' (00000000a1ede076): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000a1ede076): kobject_uevent_env kobject: 'loop4' (000000006188c42c): kobject_uevent_env kobject: 'loop4' (000000006188c42c): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'rx-0' (00000000a1ede076): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (00000000faab223c): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000faab223c): kobject_uevent_env kobject: 'tx-0' (00000000faab223c): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'nr0' (00000000a7af84a2): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'nr0' (00000000a7af84a2): kobject_uevent_env kobject: 'nr0' (00000000a7af84a2): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (00000000c586df63): kobject_add_internal: parent: 'nr0', set: '' kobject: 'queues' (00000000c586df63): kobject_uevent_env kobject: 'queues' (00000000c586df63): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000773abaf1): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000773abaf1): kobject_uevent_env kobject: 'rx-0' (00000000773abaf1): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (0000000037ac995a): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (0000000037ac995a): kobject_uevent_env kobject: 'tx-0' (0000000037ac995a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'nr0' (0000000084085d20): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'nr0' (0000000084085d20): kobject_uevent_env kobject: 'nr0' (0000000084085d20): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (000000006e895309): kobject_add_internal: parent: 'nr0', set: '' kobject: 'queues' (000000006e895309): kobject_uevent_env kobject: 'queues' (000000006e895309): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000e2e2ccde): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000e2e2ccde): kobject_uevent_env kobject: 'rx-0' (00000000e2e2ccde): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (00000000d82c709d): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000d82c709d): kobject_uevent_env kobject: 'tx-0' (00000000d82c709d): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'nr0' (00000000dbd5ca31): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'nr0' (00000000dbd5ca31): kobject_uevent_env kobject: 'nr0' (00000000dbd5ca31): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (00000000be1d5f5f): kobject_add_internal: parent: 'nr0', set: '' kobject: 'queues' (00000000be1d5f5f): kobject_uevent_env kobject: 'queues' (00000000be1d5f5f): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (000000005dcef903): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (000000005dcef903): kobject_uevent_env kobject: 'rx-0' (000000005dcef903): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (000000004344fb75): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (000000004344fb75): kobject_uevent_env kobject: 'tx-0' (000000004344fb75): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'nr0' (000000003951a447): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'nr0' (000000003951a447): kobject_uevent_env kobject: 'nr0' (000000003951a447): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'queues' (000000009aa87d20): kobject_add_internal: parent: 'nr0', set: '' kobject: 'queues' (000000009aa87d20): kobject_uevent_env kobject: 'queues' (000000009aa87d20): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000f84b3a54): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000f84b3a54): kobject_uevent_env kobject: 'rx-0' (00000000f84b3a54): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'tx-0' (0000000098544f63): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (0000000098544f63): kobject_uevent_env kobject: 'tx-0' (0000000098544f63): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'hwsim20' (0000000079576acd): kobject_add_internal: parent: 'mac80211_hwsim', set: 'devices' device nr0 entered promiscuous mode device nr0 entered promiscuous mode kobject: 'hwsim20' (0000000079576acd): kobject_uevent_env device nr0 entered promiscuous mode kobject: 'hwsim20' (0000000079576acd): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim20' device nr0 entered promiscuous mode device nr0 entered promiscuous mode kobject: 'hwsim20' (0000000079576acd): kobject_uevent_env kobject: 'hwsim20' (0000000079576acd): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim20' kobject: 'rx-0' (00000000a1ede076): kobject_cleanup, parent 00000000a67a3312 kobject: 'rx-0' (00000000a1ede076): auto cleanup 'remove' event kobject: 'rx-0' (00000000a1ede076): kobject_uevent_env kobject: 'rx-0' (00000000a1ede076): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (00000000a1ede076): auto cleanup kobject_del kobject: 'rx-0' (00000000a1ede076): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (00000000faab223c): kobject_cleanup, parent 00000000a67a3312 kobject: 'tx-0' (00000000faab223c): auto cleanup 'remove' event kobject: 'tx-0' (00000000faab223c): kobject_uevent_env kobject: 'tx-0' (00000000faab223c): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (00000000faab223c): auto cleanup kobject_del kobject: 'tx-0' (00000000faab223c): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (00000000a67a3312): kobject_cleanup, parent (null) kobject: 'queues' (00000000a67a3312): calling ktype release kobject: 'queues' (00000000a67a3312): kset_release kobject: 'queues': free name kobject: 'nr0' (0000000097563bf3): kobject_uevent_env kobject: 'nr0' (0000000097563bf3): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'rx-0' (00000000773abaf1): kobject_cleanup, parent 00000000c586df63 kobject: 'rx-0' (00000000773abaf1): auto cleanup 'remove' event kobject: 'rx-0' (00000000773abaf1): kobject_uevent_env kobject: 'rx-0' (00000000773abaf1): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (00000000773abaf1): auto cleanup kobject_del kobject: 'rx-0' (00000000773abaf1): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (0000000037ac995a): kobject_cleanup, parent 00000000c586df63 kobject: 'tx-0' (0000000037ac995a): auto cleanup 'remove' event kobject: 'tx-0' (0000000037ac995a): kobject_uevent_env kobject: 'tx-0' (0000000037ac995a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (0000000037ac995a): auto cleanup kobject_del kobject: 'tx-0' (0000000037ac995a): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (00000000c586df63): kobject_cleanup, parent (null) kobject: 'queues' (00000000c586df63): calling ktype release kobject: 'queues' (00000000c586df63): kset_release kobject: 'queues': free name kobject: 'nr0' (00000000a7af84a2): kobject_uevent_env kobject: 'nr0' (00000000a7af84a2): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'rx-0' (00000000f84b3a54): kobject_cleanup, parent 000000009aa87d20 kobject: 'rx-0' (00000000f84b3a54): auto cleanup 'remove' event kobject: 'rx-0' (00000000f84b3a54): kobject_uevent_env kobject: 'rx-0' (00000000f84b3a54): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (00000000f84b3a54): auto cleanup kobject_del kobject: 'rx-0' (00000000f84b3a54): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (0000000098544f63): kobject_cleanup, parent 000000009aa87d20 kobject: 'tx-0' (0000000098544f63): auto cleanup 'remove' event kobject: 'tx-0' (0000000098544f63): kobject_uevent_env kobject: 'tx-0' (0000000098544f63): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (0000000098544f63): auto cleanup kobject_del kobject: 'tx-0' (0000000098544f63): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (000000009aa87d20): kobject_cleanup, parent (null) kobject: 'queues' (000000009aa87d20): calling ktype release kobject: 'queues' (000000009aa87d20): kset_release kobject: 'queues': free name kobject: 'nr0' (000000003951a447): kobject_uevent_env kobject: 'nr0' (000000003951a447): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'rx-0' (000000005dcef903): kobject_cleanup, parent 00000000be1d5f5f kobject: 'rx-0' (000000005dcef903): auto cleanup 'remove' event kobject: 'rx-0' (000000005dcef903): kobject_uevent_env kobject: 'rx-0' (000000005dcef903): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (000000005dcef903): auto cleanup kobject_del kobject: 'rx-0' (000000005dcef903): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (000000004344fb75): kobject_cleanup, parent 00000000be1d5f5f kobject: 'tx-0' (000000004344fb75): auto cleanup 'remove' event kobject: 'tx-0' (000000004344fb75): kobject_uevent_env kobject: 'tx-0' (000000004344fb75): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (000000004344fb75): auto cleanup kobject_del kobject: 'tx-0' (000000004344fb75): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (00000000be1d5f5f): kobject_cleanup, parent (null) kobject: 'queues' (00000000be1d5f5f): calling ktype release kobject: 'queues' (00000000be1d5f5f): kset_release kobject: 'queues': free name kobject: 'nr0' (00000000dbd5ca31): kobject_uevent_env kobject: 'nr0' (00000000dbd5ca31): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'rx-0' (00000000e2e2ccde): kobject_cleanup, parent 000000006e895309 kobject: 'rx-0' (00000000e2e2ccde): auto cleanup 'remove' event kobject: 'rx-0' (00000000e2e2ccde): kobject_uevent_env kobject: 'rx-0' (00000000e2e2ccde): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' kobject: 'rx-0' (00000000e2e2ccde): auto cleanup kobject_del kobject: 'rx-0' (00000000e2e2ccde): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (00000000d82c709d): kobject_cleanup, parent 000000006e895309 kobject: 'tx-0' (00000000d82c709d): auto cleanup 'remove' event kobject: 'tx-0' (00000000d82c709d): kobject_uevent_env kobject: 'tx-0' (00000000d82c709d): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' kobject: 'tx-0' (00000000d82c709d): auto cleanup kobject_del kobject: 'tx-0' (00000000d82c709d): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (000000006e895309): kobject_cleanup, parent (null) kobject: 'queues' (000000006e895309): calling ktype release kobject: 'queues' (000000006e895309): kset_release kobject: 'queues': free name kobject: 'nr0' (0000000084085d20): kobject_uevent_env kobject: 'nr0' (0000000084085d20): fill_kobj_path: path = '/devices/virtual/net/nr0' kobject: 'ieee80211' (0000000045f35f72): kobject_add_internal: parent: 'hwsim20', set: '(null)' kobject: 'þ€!' (00000000f8b74fd4): kobject_add_internal: parent: 'ieee80211', set: 'devices' sysfs: cannot create duplicate filename '/class/ieee80211/þ€!' CPU: 1 PID: 13322 Comm: syz-executor.4 Not tainted 4.19.87-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 sysfs_warn_dup.cold+0x1c/0x31 fs/sysfs/dir.c:30 sysfs_do_create_link_sd.isra.0+0x118/0x130 fs/sysfs/symlink.c:50 sysfs_do_create_link fs/sysfs/symlink.c:79 [inline] sysfs_create_link+0x65/0xc0 fs/sysfs/symlink.c:91 device_add_class_symlinks drivers/base/core.c:1749 [inline] device_add+0x7ce/0x1760 drivers/base/core.c:1951 wiphy_register+0x16fa/0x21d0 net/wireless/core.c:832 ieee80211_register_hw+0x156e/0x3800 net/mac80211/main.c:1092 mac80211_hwsim_new_radio+0x1d83/0x3df0 drivers/net/wireless/mac80211_hwsim.c:2896 hwsim_new_radio_nl+0x5eb/0x893 drivers/net/wireless/mac80211_hwsim.c:3374 genl_family_rcv_msg+0x6db/0xd30 net/netlink/genetlink.c:602 genl_rcv_msg+0xca/0x170 net/netlink/genetlink.c:627 netlink_rcv_skb+0x17d/0x460 net/netlink/af_netlink.c:2454 genl_rcv+0x29/0x40 net/netlink/genetlink.c:638 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x53a/0x730 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x8ae/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:632 ___sys_sendmsg+0x803/0x920 net/socket.c:2115 __sys_sendmsg+0x105/0x1d0 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a679 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fa2030f2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2030f36d4 R13: 00000000004c96dc R14: 00000000004e1410 R15: 00000000ffffffff kobject: 'þ€!' (00000000f8b74fd4): kobject_uevent_env kobject: 'þ€!' (00000000f8b74fd4): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim20/ieee80211/þ€!' kobject: 'ieee80211' (0000000045f35f72): kobject_cleanup, parent (null) kobject: 'ieee80211' (0000000045f35f72): calling ktype release kobject: 'ieee80211': free name kobject: 'nr0' (0000000097563bf3): kobject_cleanup, parent (null) kobject: 'hwsim20' (0000000079576acd): kobject_uevent_env kobject: 'nr0' (00000000a7af84a2): kobject_cleanup, parent (null) kobject: 'hwsim20' (0000000079576acd): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim20' kobject: 'nr0' (000000003951a447): kobject_cleanup, parent (null) kobject: 'hwsim20' (0000000079576acd): kobject_uevent_env kobject: 'nr0' (0000000084085d20): kobject_cleanup, parent (null) kobject: 'hwsim20' (0000000079576acd): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim20' kobject: 'nr0' (00000000dbd5ca31): kobject_cleanup, parent (null) kobject: 'hwsim20' (0000000079576acd): kobject_cleanup, parent (null) kobject: 'nr0' (0000000097563bf3): calling ktype release kobject: 'hwsim20' (0000000079576acd): calling ktype release kobject: 'nr0' (000000003951a447): calling ktype release kobject: 'nr0' (00000000dbd5ca31): calling ktype release kobject: 'nr0': free name kobject: 'nr0' (0000000084085d20): calling ktype release