syzkaller login: [ 91.909733][ T10] cfg80211: failed to load regulatory.db Warning: Permanently added '[localhost]:10687' (ED25519) to the list of known hosts. 2025/06/23 20:56:44 ignoring optional flag "sandboxArg"="0" 2025/06/23 20:56:46 parsed 1 programs [ 322.898017][ T5361] cgroup: Unknown subsys name 'net' [ 322.966592][ T5361] cgroup: Unknown subsys name 'cpuset' [ 322.973344][ T5361] cgroup: Unknown subsys name 'rlimit' [ 324.658350][ T5361] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 328.663350][ T5367] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 328.810652][ T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 328.816342][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 328.821354][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 328.826138][ T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 328.831464][ T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 331.235940][ T5409] chnl_net:caif_netlink_parms(): no params data found [ 331.307496][ T5409] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.311702][ T5409] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.315035][ T5409] bridge_slave_0: entered allmulticast mode [ 331.318782][ T5409] bridge_slave_0: entered promiscuous mode [ 331.325330][ T5409] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.328529][ T5409] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.332127][ T5409] bridge_slave_1: entered allmulticast mode [ 331.336134][ T5409] bridge_slave_1: entered promiscuous mode [ 331.365231][ T5409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 331.372451][ T5409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 331.400966][ T5409] team0: Port device team_slave_0 added [ 331.406339][ T5409] team0: Port device team_slave_1 added [ 331.431270][ T5409] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 331.434488][ T5409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.446070][ T5409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 331.453466][ T5409] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 331.456358][ T5409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.469104][ T5409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 331.506844][ T5409] hsr_slave_0: entered promiscuous mode [ 331.510689][ T5409] hsr_slave_1: entered promiscuous mode [ 331.686020][ T5409] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 331.697714][ T5409] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 331.704849][ T5409] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 331.712348][ T5409] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 331.749560][ T5409] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.753107][ T5409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.757194][ T5409] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.760449][ T5409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.827070][ T5409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.844914][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.852814][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.867789][ T5409] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.878437][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.881992][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.904294][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.907705][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.108416][ T5409] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.150325][ T5409] veth0_vlan: entered promiscuous mode [ 332.158752][ T5409] veth1_vlan: entered promiscuous mode [ 332.192645][ T5409] veth0_macvtap: entered promiscuous mode [ 332.202630][ T5409] veth1_macvtap: entered promiscuous mode [ 332.219262][ T5409] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.232470][ T5409] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.244098][ T5409] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.247845][ T5409] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.252870][ T5409] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.256650][ T5409] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.413485][ T5426] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.454440][ T5426] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.502375][ T5426] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.579045][ T5426] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.747132][ T184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.757311][ T184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.791206][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 332.796673][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/06/23 20:57:00 executed programs: 0 [ 334.873313][ T4668] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 334.878227][ T4668] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 334.883323][ T4668] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 334.887158][ T4668] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 334.892756][ T4668] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 335.163460][ T5426] bridge_slave_1: left allmulticast mode [ 335.175138][ T5426] bridge_slave_1: left promiscuous mode [ 335.178541][ T5426] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.211312][ T5426] bridge_slave_0: left allmulticast mode [ 335.213890][ T5426] bridge_slave_0: left promiscuous mode [ 335.216610][ T5426] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.920433][ T5426] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 335.926293][ T5426] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 335.933772][ T5426] bond0 (unregistering): Released all slaves [ 335.947441][ T5461] chnl_net:caif_netlink_parms(): no params data found [ 336.036311][ T5426] hsr_slave_0: left promiscuous mode [ 336.040650][ T5426] hsr_slave_1: left promiscuous mode [ 336.043894][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 336.047719][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 336.054317][ T5426] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 336.057413][ T5426] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 336.069038][ T5426] veth1_macvtap: left promiscuous mode [ 336.072311][ T5426] veth0_macvtap: left promiscuous mode [ 336.074826][ T5426] veth1_vlan: left promiscuous mode [ 336.077166][ T5426] veth0_vlan: left promiscuous mode [ 336.376891][ T5426] team0 (unregistering): Port device team_slave_1 removed [ 336.398620][ T5426] team0 (unregistering): Port device team_slave_0 removed [ 336.795109][ T5461] bridge0: port 1(bridge_slave_0) entered blocking state [ 336.810055][ T5461] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.821119][ T5461] bridge_slave_0: entered allmulticast mode [ 336.830226][ T5461] bridge_slave_0: entered promiscuous mode [ 336.842073][ T5461] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.845931][ T5461] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.848950][ T5461] bridge_slave_1: entered allmulticast mode [ 336.871071][ T5461] bridge_slave_1: entered promiscuous mode [ 336.941409][ T45] Bluetooth: hci0: command tx timeout [ 336.952445][ T5461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 336.974843][ T5461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 337.312024][ T5461] team0: Port device team_slave_0 added [ 337.354021][ T5461] team0: Port device team_slave_1 added [ 337.409171][ T5461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 337.440341][ T5461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 337.463235][ T5461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 337.528236][ T5461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 337.537939][ T5461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 337.572536][ T5461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 337.721092][ T5461] hsr_slave_0: entered promiscuous mode [ 337.730142][ T5461] hsr_slave_1: entered promiscuous mode [ 338.474272][ T5461] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 338.483939][ T5461] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 338.510201][ T5461] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 338.523904][ T5461] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 338.697380][ T5461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 338.721912][ T5461] 8021q: adding VLAN 0 to HW filter on device team0 [ 338.742574][ T5426] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.746181][ T5426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 338.777101][ T5426] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.780364][ T5426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 339.020565][ T45] Bluetooth: hci0: command tx timeout [ 339.132985][ T5461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 339.212985][ T5461] veth0_vlan: entered promiscuous mode [ 339.235612][ T5461] veth1_vlan: entered promiscuous mode [ 339.286129][ T5461] veth0_macvtap: entered promiscuous mode [ 339.298218][ T5461] veth1_macvtap: entered promiscuous mode [ 339.327006][ T5461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 339.353630][ T5461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 339.375510][ T5461] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.391949][ T5461] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.399081][ T5461] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.409793][ T5461] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.534258][ T5397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.537828][ T5397] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.592597][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.595985][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.705862][ T5517] netlink: 'syz.0.16': attribute type 10 has an invalid length. [ 339.755203][ T5517] team0: Port device wlan1 added [ 339.793345][ T5520] netlink: 'syz.0.17': attribute type 10 has an invalid length. 2025/06/23 20:57:05 executed programs: 3 [ 339.852883][ T5522] netlink: 'syz.0.18': attribute type 10 has an invalid length. [ 339.895092][ T5523] netlink: 'syz.0.19': attribute type 10 has an invalid length. [ 339.948746][ T5525] netlink: 'syz.0.20': attribute type 10 has an invalid length. [ 340.012328][ T5527] netlink: 'syz.0.21': attribute type 10 has an invalid length. [ 340.045172][ T5528] netlink: 'syz.0.22': attribute type 10 has an invalid length. [ 340.093567][ T5530] netlink: 'syz.0.23': attribute type 10 has an invalid length. [ 340.134282][ T5532] netlink: 'syz.0.24': attribute type 10 has an invalid length. [ 340.184088][ T5533] netlink: 'syz.0.25': attribute type 10 has an invalid length. [ 341.101371][ T45] Bluetooth: hci0: command tx timeout [ 343.185053][ T45] Bluetooth: hci0: command tx timeout [ 344.716720][ T5747] validate_nla: 206 callbacks suppressed [ 344.716736][ T5747] netlink: 'syz.0.232': attribute type 10 has an invalid length. [ 344.738342][ T5748] netlink: 'syz.0.233': attribute type 10 has an invalid length. [ 344.755394][ T5749] netlink: 'syz.0.234': attribute type 10 has an invalid length. [ 344.776338][ T5750] netlink: 'syz.0.235': attribute type 10 has an invalid length. [ 344.797710][ T5751] netlink: 'syz.0.236': attribute type 10 has an invalid length. [ 344.816990][ T5752] netlink: 'syz.0.237': attribute type 10 has an invalid length. 2025/06/23 20:57:10 executed programs: 223 [ 344.841593][ T5753] netlink: 'syz.0.238': attribute type 10 has an invalid length. [ 344.857525][ T5754] netlink: 'syz.0.239': attribute type 10 has an invalid length. [ 344.878277][ T5755] netlink: 'syz.0.240': attribute type 10 has an invalid length. [ 344.897451][ T5756] netlink: 'syz.0.241': attribute type 10 has an invalid length. [ 349.742603][ T5986] validate_nla: 229 callbacks suppressed [ 349.742618][ T5986] netlink: 'syz.0.471': attribute type 10 has an invalid length. [ 349.760899][ T5987] netlink: 'syz.0.472': attribute type 10 has an invalid length. [ 349.788401][ T5988] netlink: 'syz.0.473': attribute type 10 has an invalid length. [ 349.815317][ T5989] netlink: 'syz.0.474': attribute type 10 has an invalid length. [ 349.833164][ T5990] netlink: 'syz.0.475': attribute type 10 has an invalid length. [ 349.856848][ T5991] netlink: 'syz.0.476': attribute type 10 has an invalid length. 2025/06/23 20:57:15 executed programs: 461 [ 349.880318][ T5992] netlink: 'syz.0.477': attribute type 10 has an invalid length. [ 349.897096][ T5993] netlink: 'syz.0.478': attribute type 10 has an invalid length. [ 349.917442][ T5994] netlink: 'syz.0.479': attribute type 10 has an invalid length. [ 349.938126][ T5995] netlink: 'syz.0.480': attribute type 10 has an invalid length. [ 352.884422][ T4668] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 352.888580][ T4668] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 352.893531][ T4668] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 352.901700][ T4668] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 352.905374][ T4668] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 353.005938][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.053439][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.114141][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.165199][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.185022][ T6133] chnl_net:caif_netlink_parms(): no params data found [ 353.371519][ T6133] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.374793][ T6133] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.378316][ T6133] bridge_slave_0: entered allmulticast mode [ 353.393586][ T6133] bridge_slave_0: entered promiscuous mode [ 353.398855][ T6133] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.411168][ T6133] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.414252][ T6133] bridge_slave_1: entered allmulticast mode [ 353.430297][ T6133] bridge_slave_1: entered promiscuous mode [ 353.433976][ T13] bridge_slave_1: left allmulticast mode [ 353.436920][ T13] bridge_slave_1: left promiscuous mode [ 353.441726][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.446994][ T13] bridge_slave_0: left allmulticast mode [ 353.460358][ T13] bridge_slave_0: left promiscuous mode [ 353.462975][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.872440][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 353.878899][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 353.885704][ T13] bond0 (unregistering): Released all slaves [ 353.968666][ T6133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 353.992762][ T13] [ 353.993909][ T13] ====================================================== [ 353.997130][ T13] WARNING: possible circular locking dependency detected [ 354.000242][ T13] 6.16.0-rc3-syzkaller #0 Not tainted [ 354.003517][ T13] ------------------------------------------------------ [ 354.006249][ T13] kworker/u4:1/13 is trying to acquire lock: [ 354.008638][ T13] ffff888050354e00 (team->team_lock_key){+.+.}-{4:4}, at: team_del_slave+0x32/0x1c0 [ 354.012602][ T13] [ 354.012602][ T13] but task is already holding lock: [ 354.016212][ T13] ffff888040990768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0 [ 354.021612][ T13] [ 354.021612][ T13] which lock already depends on the new lock. [ 354.021612][ T13] [ 354.026278][ T13] [ 354.026278][ T13] the existing dependency chain (in reverse order) is: [ 354.029834][ T13] [ 354.029834][ T13] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 354.033018][ T13] lock_acquire+0x120/0x360 [ 354.035294][ T13] __mutex_lock+0x182/0xe80 [ 354.037563][ T13] ieee80211_open+0xed/0x1f0 [ 354.039728][ T13] __dev_open+0x470/0x880 [ 354.041886][ T13] netif_open+0xaa/0x170 [ 354.044186][ T13] dev_open+0x125/0x260 [ 354.046280][ T13] team_add_slave+0xb36/0x2840 [ 354.048458][ T13] do_set_master+0x530/0x6d0 [ 354.050681][ T13] do_setlink+0xcf0/0x41c0 [ 354.053046][ T13] rtnl_newlink+0x160b/0x1c70 [ 354.055459][ T13] rtnetlink_rcv_msg+0x7cc/0xb70 [ 354.058041][ T13] netlink_rcv_skb+0x208/0x470 [ 354.060390][ T13] netlink_unicast+0x75b/0x8d0 [ 354.062667][ T13] netlink_sendmsg+0x805/0xb30 [ 354.064895][ T13] __sock_sendmsg+0x21c/0x270 [ 354.066969][ T13] ____sys_sendmsg+0x505/0x830 [ 354.069131][ T13] ___sys_sendmsg+0x21f/0x2a0 [ 354.071404][ T13] __x64_sys_sendmsg+0x19b/0x260 [ 354.073558][ T13] do_syscall_64+0xfa/0x3b0 [ 354.075673][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.078152][ T13] [ 354.078152][ T13] -> #0 (team->team_lock_key){+.+.}-{4:4}: [ 354.081429][ T13] validate_chain+0xb9b/0x2140 [ 354.083711][ T13] __lock_acquire+0xab9/0xd20 [ 354.086096][ T13] lock_acquire+0x120/0x360 [ 354.088352][ T13] __mutex_lock+0x182/0xe80 [ 354.090536][ T13] team_del_slave+0x32/0x1c0 [ 354.092736][ T13] team_device_event+0x285/0xa20 [ 354.095003][ T13] notifier_call_chain+0x1b3/0x3e0 [ 354.097357][ T13] unregister_netdevice_many_notify+0x15d8/0x2320 [ 354.100017][ T13] unregister_netdevice_queue+0x33c/0x380 [ 354.102608][ T13] _cfg80211_unregister_wdev+0x165/0x590 [ 354.105202][ T13] ieee80211_remove_interfaces+0x49a/0x6d0 [ 354.107867][ T13] ieee80211_unregister_hw+0x5d/0x2c0 [ 354.110429][ T13] mac80211_hwsim_del_radio+0x275/0x460 [ 354.113031][ T13] hwsim_exit_net+0x584/0x640 [ 354.115311][ T13] ops_undo_list+0x497/0x990 [ 354.117393][ T13] cleanup_net+0x4c5/0x800 [ 354.119370][ T13] process_scheduled_works+0xae1/0x17b0 [ 354.121782][ T13] worker_thread+0x8a0/0xda0 [ 354.123959][ T13] kthread+0x70e/0x8a0 [ 354.125897][ T13] ret_from_fork+0x3fc/0x770 [ 354.128200][ T13] ret_from_fork_asm+0x1a/0x30 [ 354.130548][ T13] [ 354.130548][ T13] other info that might help us debug this: [ 354.130548][ T13] [ 354.134971][ T13] Possible unsafe locking scenario: [ 354.134971][ T13] [ 354.138198][ T13] CPU0 CPU1 [ 354.140401][ T13] ---- ---- [ 354.142939][ T13] lock(&rdev->wiphy.mtx); [ 354.144864][ T13] lock(team->team_lock_key); [ 354.148120][ T13] lock(&rdev->wiphy.mtx); [ 354.151021][ T13] lock(team->team_lock_key); [ 354.153029][ T13] [ 354.153029][ T13] *** DEADLOCK *** [ 354.153029][ T13] [ 354.156378][ T13] 5 locks held by kworker/u4:1/13: [ 354.158544][ T13] #0: ffff88803042b948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.163108][ T13] #1: ffffc900001f7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.167438][ T13] #2: ffffffff8f503290 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 354.171253][ T13] #3: ffffffff8f50fe88 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0 [ 354.175383][ T13] #4: ffff888040990768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0 [ 354.179859][ T13] [ 354.179859][ T13] stack backtrace: [ 354.182390][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u4:1 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 354.182403][ T13] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 354.182411][ T13] Workqueue: netns cleanup_net [ 354.182428][ T13] Call Trace: [ 354.182435][ T13] [ 354.182440][ T13] dump_stack_lvl+0x189/0x250 [ 354.182460][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 354.182475][ T13] ? __pfx__printk+0x10/0x10 [ 354.182487][ T13] ? print_lock_name+0xde/0x100 [ 354.182497][ T13] print_circular_bug+0x2ee/0x310 [ 354.182520][ T13] check_noncircular+0x134/0x160 [ 354.182531][ T13] validate_chain+0xb9b/0x2140 [ 354.182543][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.182562][ T13] __lock_acquire+0xab9/0xd20 [ 354.182574][ T13] ? team_del_slave+0x32/0x1c0 [ 354.182590][ T13] lock_acquire+0x120/0x360 [ 354.182603][ T13] ? team_del_slave+0x32/0x1c0 [ 354.182619][ T13] ? __mutex_trylock_common+0x153/0x260 [ 354.182630][ T13] __mutex_lock+0x182/0xe80 [ 354.182646][ T13] ? team_del_slave+0x32/0x1c0 [ 354.182661][ T13] ? rcu_is_watching+0x15/0xb0 [ 354.182678][ T13] ? team_del_slave+0x32/0x1c0 [ 354.182693][ T13] ? __pfx___mutex_lock+0x10/0x10 [ 354.182708][ T13] ? bond_netdev_event+0xd9/0xe80 [ 354.182719][ T13] ? __pfx___mutex_lock+0x10/0x10 [ 354.182734][ T13] ? __pfx_bond_netdev_event+0x10/0x10 [ 354.182772][ T13] team_del_slave+0x32/0x1c0 [ 354.182789][ T13] team_device_event+0x285/0xa20 [ 354.182801][ T13] notifier_call_chain+0x1b3/0x3e0 [ 354.182825][ T13] unregister_netdevice_many_notify+0x15d8/0x2320 [ 354.182844][ T13] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 354.182859][ T13] ? __lock_acquire+0xab9/0xd20 [ 354.182878][ T13] unregister_netdevice_queue+0x33c/0x380 [ 354.182893][ T13] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 354.182908][ T13] _cfg80211_unregister_wdev+0x165/0x590 [ 354.182922][ T13] ieee80211_remove_interfaces+0x49a/0x6d0 [ 354.182939][ T13] ? __pfx_synchronize_rcu+0x10/0x10 [ 354.182949][ T13] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 354.182964][ T13] ? rcu_is_watching+0x15/0xb0 [ 354.182981][ T13] ieee80211_unregister_hw+0x5d/0x2c0 [ 354.182996][ T13] mac80211_hwsim_del_radio+0x275/0x460 [ 354.183009][ T13] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 354.183022][ T13] hwsim_exit_net+0x584/0x640 [ 354.183038][ T13] ? __pfx_hwsim_exit_net+0x10/0x10 [ 354.183053][ T13] ? __ip_vs_dev_cleanup_batch+0x238/0x260 [ 354.183066][ T13] ops_undo_list+0x497/0x990 [ 354.183078][ T13] ? __pfx_ops_undo_list+0x10/0x10 [ 354.183091][ T13] cleanup_net+0x4c5/0x800 [ 354.183102][ T13] ? __pfx_cleanup_net+0x10/0x10 [ 354.183113][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 354.183126][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 354.183140][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 354.183154][ T13] process_scheduled_works+0xae1/0x17b0 [ 354.183176][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 354.183194][ T13] worker_thread+0x8a0/0xda0 [ 354.183215][ T13] kthread+0x70e/0x8a0 [ 354.183227][ T13] ? __pfx_worker_thread+0x10/0x10 [ 354.183242][ T13] ? __pfx_kthread+0x10/0x10 [ 354.183252][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 354.183264][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.183277][ T13] ? __pfx_kthread+0x10/0x10 [ 354.183288][ T13] ret_from_fork+0x3fc/0x770 [ 354.183303][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 354.183319][ T13] ? __pfx_kthread+0x10/0x10 [ 354.183329][ T13] ret_from_fork_asm+0x1a/0x30 [ 354.183344][ T13] [ 354.345661][ T13] team0: Port device wlan1 removed [ 354.352821][ T6133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 354.418042][ T6133] team0: Port device team_slave_0 added [ 354.433998][ T6133] team0: Port device team_slave_1 added [ 354.442792][ T13] hsr_slave_0: left promiscuous mode [ 354.445633][ T13] hsr_slave_1: left promiscuous mode [ 354.454878][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 354.457961][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 354.480999][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 354.484496][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 354.499692][ T13] veth1_macvtap: left promiscuous mode [ 354.502029][ T13] veth0_macvtap: left promiscuous mode [ 354.504583][ T13] veth1_vlan: left promiscuous mode [ 354.506796][ T13] veth0_vlan: left promiscuous mode [ 354.675428][ T13] team0 (unregistering): Port device team_slave_1 removed [ 354.685563][ T13] team0 (unregistering): Port device team_slave_0 removed [ 354.833479][ T6133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 354.836403][ T6133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 354.880634][ T6133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 354.907528][ T6133] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 354.925128][ T6133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 354.941340][ T45] Bluetooth: hci0: command tx timeout [ 354.949737][ T6133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 355.002225][ T6133] hsr_slave_0: entered promiscuous mode [ 355.011865][ T6133] hsr_slave_1: entered promiscuous mode [ 355.302620][ T6133] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 355.310577][ T6133] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 355.324776][ T6133] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 355.342482][ T6133] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 355.422790][ T6133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 355.441573][ T6133] 8021q: adding VLAN 0 to HW filter on device team0 [ 355.450657][ T5397] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.453793][ T5397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 355.457811][ T5397] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.460649][ T5397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 355.658086][ T6133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.706533][ T6133] veth0_vlan: entered promiscuous mode [ 355.723352][ T6133] veth1_vlan: entered promiscuous mode [ 355.763419][ T6133] veth0_macvtap: entered promiscuous mode [ 355.767274][ T6133] veth1_macvtap: entered promiscuous mode [ 355.787808][ T6133] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 355.813277][ T6133] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 355.818006][ T6133] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.840308][ T6133] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.844482][ T6133] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.848358][ T6133] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.903719][ T6133] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' [ 355.933226][ T3002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.936871][ T3002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.946266][ T6133] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' [ 355.980958][ T5426] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.986694][ T5426] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/06/23 20:57:21 executed programs: 602 [ 356.044730][ T6194] validate_nla: 135 callbacks suppressed [ 356.044745][ T6194] netlink: 'syz.0.616': attribute type 10 has an invalid length. [ 356.073566][ T6194] team0: Port device wlan1 added [ 356.091696][ T6196] netlink: 'syz.0.617': attribute type 10 has an invalid length. [ 356.127700][ T6198] netlink: 'syz.0.618': attribute type 10 has an invalid length. [ 356.151772][ T6199] netlink: 'syz.0.619': attribute type 10 has an invalid length. [ 356.182494][ T6202] netlink: 'syz.0.620': attribute type 10 has an invalid length. [ 356.217365][ T6204] netlink: 'syz.0.621': attribute type 10 has an invalid length. [ 356.256555][ T6206] netlink: 'syz.0.622': attribute type 10 has an invalid length. [ 356.292525][ T6207] netlink: 'syz.0.623': attribute type 10 has an invalid length. [ 356.305263][ T6208] netlink: 'syz.0.624': attribute type 10 has an invalid length. [ 356.334540][ T6209] netlink: 'syz.0.625': attribute type 10 has an invalid length. [ 357.019735][ T45] Bluetooth: hci0: command tx timeout [ 359.099827][ T45] Bluetooth: hci0: command tx timeout 2025/06/23 20:57:26 executed programs: 853 [ 361.054435][ T6454] validate_nla: 244 callbacks suppressed [ 361.054449][ T6454] netlink: 'syz.0.870': attribute type 10 has an invalid length. [ 361.067808][ T6455] netlink: 'syz.0.871': attribute type 10 has an invalid length. [ 361.095400][ T6456] netlink: 'syz.0.872': attribute type 10 has an invalid length. [ 361.108927][ T6457] netlink: 'syz.0.873': attribute type 10 has an invalid length. [ 361.120209][ T6458] netlink: 'syz.0.874': attribute type 10 has an invalid length. [ 361.153333][ T6459] netlink: 'syz.0.875': attribute type 10 has an invalid length. [ 361.174613][ T6460] netlink: 'syz.0.876': attribute type 10 has an invalid length. [ 361.179978][ T45] Bluetooth: hci0: command tx timeout [ 361.200801][ T6461] netlink: 'syz.0.877': attribute type 10 has an invalid length. [ 361.224112][ T6462] netlink: 'syz.0.878': attribute type 10 has an invalid length. [ 361.246446][ T6463] netlink: 'syz.0.879': attribute type 10 has an invalid length. VM DIAGNOSIS: 20:57:19 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000079 RBX=0000000000000079 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900001f6750 R8 =ffff888033798237 R9 =1ffff110066f3046 R10=dffffc0000000000 R11=ffffffff85472e50 R12=dffffc0000000000 R13=ffffffff99ac38e4 R14=ffffffff99dc8760 R15=0000000000000000 RIP=ffffffff85472ecc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88808d251000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055adda8b8250 CR3=00000000117c9000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000000000 Opmask02=0000000000004000 Opmask03=0000000000000000 Opmask04=00000000fffffdff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe332dba6b 00007ffe332dba6b ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe332dbf70 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe332dbf70 0000003000000018 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6765726e75282030 646e6f62205d3331 542020205b5d3939 383837382e333500 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6765726475222030 6464656220573331 5420202051573333 3232373224333500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 206e612073612067 6e6976616c736e45 203a29305f657661 6c735f646e6f6220 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7320646c756f7720 30363531206f7420 55544d2065687420 676e697474655320 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e6d656c626f7270 206568742065766c 6f7320646c756f77 2030363531206f74 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2055544d20656874 20676e6974746553 202e65636e616d72 6f66726570206568 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7420746361706d69 20646c756f632068 6369687720327265 79616c206e6f2064 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65746e656d676172 66206562206c6c69 7720656361667265 746e692073696874 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000