last executing test programs: 2.729904165s ago: executing program 3 (id=65): munmap(0x0, 0x0) 2.729691611s ago: executing program 2 (id=68): sigaltstack(&(0x7f0000000000), 0x0) 2.729587679s ago: executing program 3 (id=70): setresuid(0x0, 0x0, 0x0) 2.674720061s ago: executing program 2 (id=72): sched_getparam(0x0, &(0x7f0000000000)) 2.674384366s ago: executing program 3 (id=75): settimeofday$auto(&(0x7f0000000000), &(0x7f0000000000)) 2.67426869s ago: executing program 2 (id=76): adjtimex$auto(&(0x7f0000000000)) 2.674184387s ago: executing program 2 (id=77): accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 2.071767652s ago: executing program 0 (id=80): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.041741783s ago: executing program 2 (id=81): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.529379334s ago: executing program 3 (id=79): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.33633249s ago: executing program 1 (id=83): statx(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 1.317861243s ago: executing program 0 (id=85): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.254337212s ago: executing program 1 (id=87): set_mempolicy(0x0, &(0x7f0000000000), 0x0) 1.254003156s ago: executing program 1 (id=89): copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 1.225408472s ago: executing program 1 (id=90): statmount$auto(&(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0) 1.188569682s ago: executing program 1 (id=91): semop(0x0, &(0x7f0000000000), 0x0) 1.126127521s ago: executing program 1 (id=92): sched_getscheduler(0x0) 851.820194ms ago: executing program 3 (id=86): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 470.852898ms ago: executing program 0 (id=94): writev(0xffffffffffffffff, &(0x7f0000000000), 0x0) 433.824738ms ago: executing program 0 (id=96): sched_setparam(0x0, &(0x7f0000000000)) 417.599526ms ago: executing program 0 (id=97): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 301.156539ms ago: executing program 2 (id=88): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 290.519055ms ago: executing program 3 (id=95): sched_getaffinity(0x0, 0x0, &(0x7f0000000000)) 0s ago: executing program 0 (id=98): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.163' (ED25519) to the list of known hosts. [ 61.583102][ T5818] cgroup: Unknown subsys name 'net' [ 61.709211][ T5818] cgroup: Unknown subsys name 'cpuset' [ 61.717714][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 63.021929][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 64.501510][ T5842] mmap: syz.3.4 (5842) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 65.211807][ T5925] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.220563][ T5925] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.228553][ T5925] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.246839][ T5925] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.255736][ T5925] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.263545][ T5925] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.515224][ T5923] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 66.697969][ T4924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.718019][ T4924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.792270][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.805771][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.291658][ T5966] chnl_net:caif_netlink_parms(): no params data found [ 67.575567][ T5966] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.583906][ T5966] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.591400][ T5966] bridge_slave_0: entered allmulticast mode [ 67.598857][ T5966] bridge_slave_0: entered promiscuous mode [ 67.614332][ T5966] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.621676][ T5966] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.629360][ T5966] bridge_slave_1: entered allmulticast mode [ 67.636169][ T5966] bridge_slave_1: entered promiscuous mode [ 67.691836][ T5966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.704312][ T5966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.766708][ T5966] team0: Port device team_slave_0 added [ 67.775195][ T5966] team0: Port device team_slave_1 added [ 67.818529][ T5966] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.825492][ T5966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.851690][ T5966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.864359][ T5966] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.872032][ T5966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.898171][ T5966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.991239][ T5966] hsr_slave_0: entered promiscuous mode [ 67.998100][ T5966] hsr_slave_1: entered promiscuous mode [ 68.128033][ T1154] [ 68.130431][ T1154] ====================================================== [ 68.137632][ T1154] WARNING: possible circular locking dependency detected [ 68.144768][ T1154] 6.13.0-syzkaller-05474-g113691ce9f32 #0 Not tainted [ 68.150174][ T5966] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 68.151615][ T1154] ------------------------------------------------------ [ 68.165289][ T1154] kworker/u8:6/1154 is trying to acquire lock: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 68.171456][ T1154] ffffffff8fed9e28 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1a51/0x21a0 [ 68.181919][ T1154] [ 68.181919][ T1154] but task is already holding lock: [ 68.189299][ T1154] ffff888013260768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 [ 68.199616][ T1154] [ 68.199616][ T1154] which lock already depends on the new lock. [ 68.199616][ T1154] [ 68.210033][ T1154] [ 68.210033][ T1154] the existing dependency chain (in reverse order) is: [ 68.219065][ T1154] [ 68.219065][ T1154] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 68.226854][ T1154] __mutex_lock+0x19b/0xb10 [ 68.231908][ T1154] wiphy_register+0x1c6b/0x2860 [ 68.237307][ T1154] ieee80211_register_hw+0x23ff/0x3ff0 [ 68.243327][ T1154] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 68.249600][ T1154] init_mac80211_hwsim+0x432/0x8c0 [ 68.255262][ T1154] do_one_initcall+0x128/0x630 [ 68.260564][ T1154] kernel_init_freeable+0x58f/0x8b0 [ 68.266290][ T1154] kernel_init+0x1c/0x2b0 [ 68.271185][ T1154] ret_from_fork+0x45/0x80 [ 68.276126][ T1154] ret_from_fork_asm+0x1a/0x30 [ 68.281410][ T1154] [ 68.281410][ T1154] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 68.288622][ T1154] __lock_acquire+0x249e/0x3c40 [ 68.294004][ T1154] lock_acquire.part.0+0x11b/0x380 [ 68.299638][ T1154] __mutex_lock+0x19b/0xb10 [ 68.304676][ T1154] unregister_netdevice_many_notify+0x1a51/0x21a0 [ 68.311620][ T1154] unregister_netdevice_queue+0x307/0x3f0 [ 68.317872][ T1154] _cfg80211_unregister_wdev+0x64b/0x830 [ 68.324033][ T1154] ieee80211_remove_interfaces+0x34f/0x720 [ 68.330366][ T1154] ieee80211_unregister_hw+0x55/0x3a0 [ 68.336279][ T1154] mac80211_hwsim_del_radio+0x268/0x370 [ 68.342354][ T1154] hwsim_exit_net+0x33f/0x6d0 [ 68.347563][ T1154] ops_exit_list+0xb0/0x180 [ 68.352600][ T1154] cleanup_net+0x5c6/0xbf0 [ 68.357573][ T1154] process_one_work+0x958/0x1b30 [ 68.363032][ T1154] worker_thread+0x6c8/0xf00 [ 68.368143][ T1154] kthread+0x3af/0x750 [ 68.372744][ T1154] ret_from_fork+0x45/0x80 [ 68.377685][ T1154] ret_from_fork_asm+0x1a/0x30 [ 68.382978][ T1154] [ 68.382978][ T1154] other info that might help us debug this: [ 68.382978][ T1154] [ 68.393215][ T1154] Possible unsafe locking scenario: [ 68.393215][ T1154] [ 68.400685][ T1154] CPU0 CPU1 [ 68.406061][ T1154] ---- ---- [ 68.411420][ T1154] lock(&rdev->wiphy.mtx); [ 68.415922][ T1154] lock(rtnl_mutex); [ 68.422419][ T1154] lock(&rdev->wiphy.mtx); [ 68.429439][ T1154] lock(rtnl_mutex); [ 68.433417][ T1154] [ 68.433417][ T1154] *** DEADLOCK *** [ 68.433417][ T1154] [ 68.441547][ T1154] 4 locks held by kworker/u8:6/1154: [ 68.446823][ T1154] #0: ffff88801bef5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 68.457366][ T1154] #1: ffffc9000411fd18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 68.467301][ T1154] #2: ffffffff8fec3e10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xbf0 [ 68.476644][ T1154] #3: ffff888013260768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 [ 68.487357][ T1154] [ 68.487357][ T1154] stack backtrace: [ 68.493250][ T1154] CPU: 1 UID: 0 PID: 1154 Comm: kworker/u8:6 Not tainted 6.13.0-syzkaller-05474-g113691ce9f32 #0 [ 68.493272][ T1154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 68.493285][ T1154] Workqueue: netns cleanup_net [ 68.493319][ T1154] Call Trace: [ 68.493327][ T1154] [ 68.493339][ T1154] dump_stack_lvl+0x116/0x1f0 [ 68.493367][ T1154] print_circular_bug+0x490/0x760 [ 68.493392][ T1154] check_noncircular+0x31a/0x400 [ 68.493413][ T1154] ? __pfx_check_noncircular+0x10/0x10 [ 68.493437][ T1154] ? lockdep_lock+0x1b8/0x200 [ 68.493453][ T1154] ? __pfx_lockdep_lock+0x10/0x10 [ 68.493471][ T1154] __lock_acquire+0x249e/0x3c40 [ 68.493497][ T1154] ? __pfx___lock_acquire+0x10/0x10 [ 68.493519][ T1154] ? synchronize_rcu_expedited+0x426/0x450 [ 68.493543][ T1154] ? __pfx_lock_release+0x10/0x10 [ 68.493566][ T1154] lock_acquire.part.0+0x11b/0x380 [ 68.493588][ T1154] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 68.493618][ T1154] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 68.493640][ T1154] ? rcu_is_watching+0x12/0xc0 [ 68.493667][ T1154] ? trace_lock_acquire+0x14e/0x1f0 [ 68.493685][ T1154] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 68.493712][ T1154] ? lock_acquire+0x2f/0xb0 [ 68.493732][ T1154] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 68.493768][ T1154] __mutex_lock+0x19b/0xb10 [ 68.493791][ T1154] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 68.493819][ T1154] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 68.493840][ T1154] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 68.493868][ T1154] ? __pfx___mutex_lock+0x10/0x10 [ 68.493891][ T1154] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 68.493917][ T1154] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 68.493939][ T1154] ? __pfx___might_resched+0x10/0x10 [ 68.493961][ T1154] ? unregister_netdevice_many_notify+0x959/0x21a0 [ 68.493990][ T1154] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 68.494018][ T1154] ? rtnl_lock+0x9/0x20 [ 68.494044][ T1154] unregister_netdevice_many_notify+0x1a51/0x21a0 [ 68.494075][ T1154] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 68.494104][ T1154] ? find_held_lock+0x2d/0x110 [ 68.494132][ T1154] ? kernfs_remove_by_name_ns+0xc4/0x130 [ 68.494153][ T1154] ? __pfx_lock_release+0x10/0x10 [ 68.494174][ T1154] ? __call_rcu_common.constprop.0+0x3ea/0x870 [ 68.494200][ T1154] unregister_netdevice_queue+0x307/0x3f0 [ 68.494226][ T1154] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 68.494257][ T1154] _cfg80211_unregister_wdev+0x64b/0x830 [ 68.494279][ T1154] ieee80211_remove_interfaces+0x34f/0x720 [ 68.494305][ T1154] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 68.494332][ T1154] ieee80211_unregister_hw+0x55/0x3a0 [ 68.494361][ T1154] mac80211_hwsim_del_radio+0x268/0x370 [ 68.494384][ T1154] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 68.494407][ T1154] ? __local_bh_enable_ip+0xa4/0x120 [ 68.494433][ T1154] hwsim_exit_net+0x33f/0x6d0 [ 68.494456][ T1154] ? __pfx_hwsim_exit_net+0x10/0x10 [ 68.494478][ T1154] ? __pfx___might_resched+0x10/0x10 [ 68.494500][ T1154] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 68.494528][ T1154] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 68.494554][ T1154] ? __pfx_hwsim_exit_net+0x10/0x10 [ 68.494577][ T1154] ops_exit_list+0xb0/0x180 [ 68.494602][ T1154] cleanup_net+0x5c6/0xbf0 [ 68.494629][ T1154] ? __pfx_cleanup_net+0x10/0x10 [ 68.494657][ T1154] ? lock_acquire+0x2f/0xb0 [ 68.494677][ T1154] ? process_one_work+0x8bb/0x1b30 [ 68.494699][ T1154] process_one_work+0x958/0x1b30 [ 68.494723][ T1154] ? __pfx_cleanup_net+0x10/0x10 [ 68.494749][ T1154] ? __pfx_process_one_work+0x10/0x10 [ 68.494774][ T1154] ? rcu_is_watching+0x12/0xc0 [ 68.494803][ T1154] ? assign_work+0x1a0/0x250 [ 68.494822][ T1154] worker_thread+0x6c8/0xf00 [ 68.494847][ T1154] ? __pfx_worker_thread+0x10/0x10 [ 68.494868][ T1154] kthread+0x3af/0x750 [ 68.494887][ T1154] ? __pfx_kthread+0x10/0x10 [ 68.494905][ T1154] ? lock_acquire+0x2f/0xb0 [ 68.494927][ T1154] ? __pfx_kthread+0x10/0x10 [ 68.494945][ T1154] ret_from_fork+0x45/0x80 [ 68.494968][ T1154] ? __pfx_kthread+0x10/0x10 [ 68.494986][ T1154] ret_from_fork_asm+0x1a/0x30 [ 68.495011][ T1154] [ 69.356294][ T1154] bridge_slave_1: left allmulticast mode [ 69.361990][ T1154] bridge_slave_1: left promiscuous mode [ 69.369839][ T1154] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.378314][ T1154] bridge_slave_0: left allmulticast mode [ 69.383994][ T1154] bridge_slave_0: left promiscuous mode [ 69.390409][ T1154] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.518567][ T1154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 69.528927][ T1154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 69.538882][ T1154] bond0 (unregistering): Released all slaves [ 69.641330][ T1154] hsr_slave_0: left promiscuous mode [ 69.647884][ T1154] hsr_slave_1: left promiscuous mode [ 69.653668][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.661821][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.724591][ T1154] team0 (unregistering): Port device team_slave_1 removed [ 69.746947][ T1154] team0 (unregistering): Port device team_slave_0 removed [ 71.847358][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.853697][ T1296] ieee802154 phy1 wpan1: encryption failed: -22