infiniband syz2: set down
bond1 (unregistering): Released all slaves
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 49, name: kworker/u4:3
preempt_count: 201, expected: 0
RCU nest depth: 0, expected: 0
5 locks held by kworker/u4:3/49:
#0: ffff888017c73938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#0: ffff888017c73938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711
#1: ffffc90000ba7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#1: ffffc90000ba7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711
#2: ffffffff8e3b3310 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0 net/core/net_namespace.c:606
#3: ffffffff8e3c0348 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xf2/0xa80 net/core/dev.c:11619
#4: ffff88805b6b8068 (&x->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#4: ffff88805b6b8068 (&x->lock){+.-.}-{2:2}, at: xfrm_state_delete net/xfrm/xfrm_state.c:784 [inline]
#4: ffff88805b6b8068 (&x->lock){+.-.}-{2:2}, at: xfrm_dev_state_flush+0x418/0x710 net/xfrm/xfrm_state.c:911
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 49 Comm: kworker/u4:3 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106
__might_resched+0x4ad/0x630 kernel/sched/core.c:10211
__mutex_lock_common kernel/locking/mutex.c:580 [inline]
__mutex_lock+0xb7/0xcc0 kernel/locking/mutex.c:747
bond_ipsec_del_sa+0x4db/0x740 drivers/net/bonding/bond_main.c:560
xfrm_dev_state_delete net/xfrm/xfrm_state.c:707 [inline]
__xfrm_state_delete+0x5d0/0xb10 net/xfrm/xfrm_state.c:764
xfrm_state_delete net/xfrm/xfrm_state.c:785 [inline]
xfrm_dev_state_flush+0x420/0x710 net/xfrm/xfrm_state.c:911
bond_master_netdev_event drivers/net/bonding/bond_main.c:3925 [inline]
bond_netdev_event+0x28a/0xf30 drivers/net/bonding/bond_main.c:4077
notifier_call_chain+0x197/0x380 kernel/notifier.c:93
call_netdevice_notifiers_extack net/core/dev.c:2077 [inline]
call_netdevice_notifiers net/core/dev.c:2091 [inline]
unregister_netdevice_many_notify+0x100d/0x1900 net/core/dev.c:11099
unregister_netdevice_many net/core/dev.c:11155 [inline]
default_device_exit_batch+0x9ee/0xa80 net/core/dev.c:11633
ops_exit_list net/core/net_namespace.c:178 [inline]
cleanup_net+0x795/0xbb0 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
=============================
[ BUG: Invalid wait context ]
syzkaller #0 Tainted: G W
-----------------------------
kworker/u4:3/49 is trying to lock:
ffff8880798e9520 (&bond->ipsec_lock){+.+.}-{3:3}, at: bond_ipsec_del_sa+0x4db/0x740 drivers/net/bonding/bond_main.c:560
other info that might help us debug this:
context-{4:4}
5 locks held by kworker/u4:3/49:
#0: ffff888017c73938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#0: ffff888017c73938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711
#1: ffffc90000ba7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#1: ffffc90000ba7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2711
#2: ffffffff8e3b3310 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0 net/core/net_namespace.c:606
#3: ffffffff8e3c0348 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xf2/0xa80 net/core/dev.c:11619
#4: ffff88805b6b8068 (&x->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#4: ffff88805b6b8068 (&x->lock){+.-.}-{2:2}, at: xfrm_state_delete net/xfrm/xfrm_state.c:784 [inline]
#4: ffff88805b6b8068 (&x->lock){+.-.}-{2:2}, at: xfrm_dev_state_flush+0x418/0x710 net/xfrm/xfrm_state.c:911
stack backtrace:
CPU: 1 PID: 49 Comm: kworker/u4:3 Tainted: G W syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106
print_lock_invalid_wait_context kernel/locking/lockdep.c:4751 [inline]
check_wait_context kernel/locking/lockdep.c:4821 [inline]
__lock_acquire+0x1d19/0x7d40 kernel/locking/lockdep.c:5087
lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x136/0xcc0 kernel/locking/mutex.c:747
bond_ipsec_del_sa+0x4db/0x740 drivers/net/bonding/bond_main.c:560
xfrm_dev_state_delete net/xfrm/xfrm_state.c:707 [inline]
__xfrm_state_delete+0x5d0/0xb10 net/xfrm/xfrm_state.c:764
xfrm_state_delete net/xfrm/xfrm_state.c:785 [inline]
xfrm_dev_state_flush+0x420/0x710 net/xfrm/xfrm_state.c:911
bond_master_netdev_event drivers/net/bonding/bond_main.c:3925 [inline]
bond_netdev_event+0x28a/0xf30 drivers/net/bonding/bond_main.c:4077
notifier_call_chain+0x197/0x380 kernel/notifier.c:93
call_netdevice_notifiers_extack net/core/dev.c:2077 [inline]
call_netdevice_notifiers net/core/dev.c:2091 [inline]
unregister_netdevice_many_notify+0x100d/0x1900 net/core/dev.c:11099
unregister_netdevice_many net/core/dev.c:11155 [inline]
default_device_exit_batch+0x9ee/0xa80 net/core/dev.c:11633
ops_exit_list net/core/net_namespace.c:178 [inline]
cleanup_net+0x795/0xbb0 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
bond0 (unregistering): Released all slaves
IPVS: stop unused estimator thread 0...
netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
hsr_slave_0: left promiscuous mode
hsr_slave_1: left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
bridge_slave_1: left allmulticast mode
bridge_slave_1: left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
bridge_slave_0: left allmulticast mode
bridge_slave_0: left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
hsr_slave_0: left promiscuous mode
hsr_slave_1: left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
bridge_slave_1: left allmulticast mode
bridge_slave_1: left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
bridge_slave_0: left allmulticast mode
bridge_slave_0: left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
hsr_slave_0: left promiscuous mode
hsr_slave_1: left promiscuous mode
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_1
bridge_slave_1: left allmulticast mode
bridge_slave_1: left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
bridge_slave_0: left allmulticast mode
bridge_slave_0: left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves