last executing test programs: 2.341919265s ago: executing program 2 (id=325): mknodat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 2.329272257s ago: executing program 1 (id=327): cachestat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 2.282326864s ago: executing program 2 (id=329): epoll_create1(0x0) 2.282129331s ago: executing program 0 (id=330): fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 2.282081649s ago: executing program 1 (id=331): name_to_handle_at(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 2.271814177s ago: executing program 3 (id=333): wait4(0x0, 0x0, 0x0, 0x0) 2.267195076s ago: executing program 1 (id=334): fdatasync(0xffffffffffffffff) 2.266942468s ago: executing program 2 (id=335): eventfd(0x0) 2.222722223s ago: executing program 0 (id=336): creat(&(0x7f0000000000), 0x0) 2.222556851s ago: executing program 0 (id=337): setuid(0x0) 2.222412797s ago: executing program 2 (id=338): semget(0xffffffffffffffff, 0x0, 0x0) 2.222351258s ago: executing program 3 (id=339): set_mempolicy(0x0, &(0x7f0000000000), 0x0) 2.222250938s ago: executing program 1 (id=340): sysinfo(&(0x7f0000000000)) 2.207637051s ago: executing program 3 (id=341): pipe2(&(0x7f0000000000), 0x0) 2.199060566s ago: executing program 2 (id=342): epoll_pwait2(0xffffffffffffffff, &(0x7f0000000000), 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 2.150775282s ago: executing program 0 (id=343): access$auto(&(0x7f0000000000), 0x0) 1.492912166s ago: executing program 3 (id=347): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.330129276s ago: executing program 2 (id=345): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.296420366s ago: executing program 0 (id=346): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.018322099s ago: executing program 1 (id=344): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 399.685741ms ago: executing program 3 (id=348): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 101.10717ms ago: executing program 3 (id=353): lchown(&(0x7f0000000000), 0x0, 0x0) 81.643632ms ago: executing program 0 (id=352): mount_setattr(0xffffffffffffffff, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0) 0s ago: executing program 1 (id=351): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.180' (ED25519) to the list of known hosts. [ 61.601613][ T5818] cgroup: Unknown subsys name 'net' [ 61.750428][ T5818] cgroup: Unknown subsys name 'cpuset' [ 61.758177][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 63.096070][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.705769][ T5990] mmap: syz.1.154 (5990) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 68.138668][ T6189] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 68.606000][ T1324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.614009][ T1324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.783825][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.818706][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.483158][ T6209] chnl_net:caif_netlink_parms(): no params data found [ 69.726661][ T6209] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.736232][ T6209] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.744236][ T6209] bridge_slave_0: entered allmulticast mode [ 69.752689][ T6209] bridge_slave_0: entered promiscuous mode [ 69.761663][ T6209] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.768959][ T6209] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.776226][ T6209] bridge_slave_1: entered allmulticast mode [ 69.782982][ T6209] bridge_slave_1: entered promiscuous mode [ 69.810730][ T6209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.822420][ T6209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.857577][ T6209] team0: Port device team_slave_0 added [ 69.864756][ T6209] team0: Port device team_slave_1 added [ 69.932642][ T6209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.940897][ T6209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.968622][ T6209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.984119][ T6209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.991963][ T6209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.019536][ T6209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.093666][ T1011] [ 70.093676][ T6209] hsr_slave_0: entered promiscuous mode [ 70.096007][ T1011] ====================================================== [ 70.096014][ T1011] WARNING: possible circular locking dependency detected [ 70.096030][ T1011] 6.13.0-syzkaller-07078-gb46c89c08f41 #0 Not tainted [ 70.096042][ T1011] ------------------------------------------------------ [ 70.096048][ T1011] kworker/u8:5/1011 is trying to acquire lock: [ 70.096058][ T1011] ffffffff8fed8468 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.096123][ T1011] [ 70.096123][ T1011] but task is already holding lock: [ 70.096129][ T1011] ffff8880672c8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 [ 70.096182][ T1011] [ 70.096182][ T1011] which lock already depends on the new lock. [ 70.096182][ T1011] [ 70.096189][ T1011] [ 70.096189][ T1011] the existing dependency chain (in reverse order) is: [ 70.096196][ T1011] [ 70.096196][ T1011] -> #1 [ 70.102375][ T6209] hsr_slave_1: entered promiscuous mode [ 70.108706][ T1011] (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 70.108731][ T1011] __mutex_lock+0x19b/0xb10 [ 70.108757][ T1011] wiphy_register+0x1c6b/0x2860 [ 70.209247][ T1011] ieee80211_register_hw+0x23ff/0x3ff0 [ 70.215235][ T1011] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 70.221476][ T1011] init_mac80211_hwsim+0x432/0x8c0 [ 70.227112][ T1011] do_one_initcall+0x128/0x630 [ 70.232389][ T1011] kernel_init_freeable+0x58f/0x8b0 [ 70.238107][ T1011] kernel_init+0x1c/0x2b0 [ 70.242978][ T1011] ret_from_fork+0x45/0x80 [ 70.247933][ T1011] ret_from_fork_asm+0x1a/0x30 [ 70.253224][ T1011] [ 70.253224][ T1011] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 70.260432][ T1011] __lock_acquire+0x249e/0x3c40 [ 70.265804][ T1011] lock_acquire.part.0+0x11b/0x380 [ 70.271432][ T1011] __mutex_lock+0x19b/0xb10 [ 70.276455][ T1011] unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.283399][ T1011] unregister_netdevice_queue+0x307/0x3f0 [ 70.289656][ T1011] _cfg80211_unregister_wdev+0x64b/0x830 [ 70.295803][ T1011] ieee80211_remove_interfaces+0x34f/0x720 [ 70.302148][ T1011] ieee80211_unregister_hw+0x55/0x3a0 [ 70.308071][ T1011] mac80211_hwsim_del_radio+0x268/0x370 [ 70.314144][ T1011] hwsim_exit_net+0x33f/0x6d0 [ 70.319344][ T1011] ops_exit_list+0xb0/0x180 [ 70.324369][ T1011] cleanup_net+0x5c6/0xbf0 [ 70.329308][ T1011] process_one_work+0x958/0x1b30 [ 70.334788][ T1011] worker_thread+0x6c8/0xf00 [ 70.339923][ T1011] kthread+0x3af/0x750 [ 70.344507][ T1011] ret_from_fork+0x45/0x80 [ 70.349476][ T1011] ret_from_fork_asm+0x1a/0x30 [ 70.354772][ T1011] [ 70.354772][ T1011] other info that might help us debug this: [ 70.354772][ T1011] [ 70.365085][ T1011] Possible unsafe locking scenario: [ 70.365085][ T1011] [ 70.372614][ T1011] CPU0 CPU1 [ 70.377974][ T1011] ---- ---- [ 70.383334][ T1011] lock(&rdev->wiphy.mtx); [ 70.387846][ T1011] lock(rtnl_mutex); [ 70.394518][ T1011] lock(&rdev->wiphy.mtx); [ 70.401536][ T1011] lock(rtnl_mutex); [ 70.405513][ T1011] [ 70.405513][ T1011] *** DEADLOCK *** [ 70.405513][ T1011] [ 70.413646][ T1011] 4 locks held by kworker/u8:5/1011: [ 70.418925][ T1011] #0: ffff88801bef5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 70.429288][ T1011] #1: ffffc90003bafd18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 70.439233][ T1011] #2: ffffffff8fec2450 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xbf0 [ 70.448674][ T1011] #3: ffff8880672c8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 [ 70.459569][ T1011] [ 70.459569][ T1011] stack backtrace: [ 70.465461][ T1011] CPU: 1 UID: 0 PID: 1011 Comm: kworker/u8:5 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 70.465484][ T1011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 70.465498][ T1011] Workqueue: netns cleanup_net [ 70.465531][ T1011] Call Trace: [ 70.465539][ T1011] [ 70.465550][ T1011] dump_stack_lvl+0x116/0x1f0 [ 70.465578][ T1011] print_circular_bug+0x490/0x760 [ 70.465602][ T1011] check_noncircular+0x31a/0x400 [ 70.465622][ T1011] ? __pfx_check_noncircular+0x10/0x10 [ 70.465645][ T1011] ? lockdep_lock+0xc6/0x200 [ 70.465661][ T1011] ? __pfx_lockdep_lock+0x10/0x10 [ 70.465690][ T1011] __lock_acquire+0x249e/0x3c40 [ 70.465716][ T1011] ? __pfx___lock_acquire+0x10/0x10 [ 70.465737][ T1011] ? synchronize_rcu_expedited+0x426/0x450 [ 70.465760][ T1011] ? __pfx_lock_release+0x10/0x10 [ 70.465781][ T1011] lock_acquire.part.0+0x11b/0x380 [ 70.465803][ T1011] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.465837][ T1011] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 70.465859][ T1011] ? rcu_is_watching+0x12/0xc0 [ 70.465885][ T1011] ? trace_lock_acquire+0x14e/0x1f0 [ 70.465902][ T1011] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.465929][ T1011] ? lock_acquire+0x2f/0xb0 [ 70.465948][ T1011] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.465976][ T1011] __mutex_lock+0x19b/0xb10 [ 70.465999][ T1011] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.466026][ T1011] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 70.466046][ T1011] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.466074][ T1011] ? __pfx___mutex_lock+0x10/0x10 [ 70.466095][ T1011] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 70.466121][ T1011] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 70.466142][ T1011] ? __pfx___might_resched+0x10/0x10 [ 70.466164][ T1011] ? unregister_netdevice_many_notify+0x959/0x21a0 [ 70.466192][ T1011] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.466218][ T1011] ? rtnl_lock+0x9/0x20 [ 70.466243][ T1011] unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.466273][ T1011] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 70.466301][ T1011] ? find_held_lock+0x2d/0x110 [ 70.466328][ T1011] ? kernfs_remove_by_name_ns+0xc4/0x130 [ 70.466348][ T1011] ? __pfx_lock_release+0x10/0x10 [ 70.466368][ T1011] ? __call_rcu_common.constprop.0+0x3ea/0x870 [ 70.466393][ T1011] unregister_netdevice_queue+0x307/0x3f0 [ 70.466420][ T1011] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 70.466449][ T1011] _cfg80211_unregister_wdev+0x64b/0x830 [ 70.466471][ T1011] ieee80211_remove_interfaces+0x34f/0x720 [ 70.466496][ T1011] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 70.466523][ T1011] ieee80211_unregister_hw+0x55/0x3a0 [ 70.466551][ T1011] mac80211_hwsim_del_radio+0x268/0x370 [ 70.466574][ T1011] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 70.466595][ T1011] ? __local_bh_enable_ip+0xa4/0x120 [ 70.466620][ T1011] hwsim_exit_net+0x33f/0x6d0 [ 70.466642][ T1011] ? __pfx_hwsim_exit_net+0x10/0x10 [ 70.466663][ T1011] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 70.466691][ T1011] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 70.466715][ T1011] ? __pfx_hwsim_exit_net+0x10/0x10 [ 70.466736][ T1011] ops_exit_list+0xb0/0x180 [ 70.466761][ T1011] cleanup_net+0x5c6/0xbf0 [ 70.466787][ T1011] ? __pfx_cleanup_net+0x10/0x10 [ 70.466818][ T1011] ? lock_acquire+0x2f/0xb0 [ 70.466838][ T1011] ? process_one_work+0x8bb/0x1b30 [ 70.466860][ T1011] process_one_work+0x958/0x1b30 [ 70.466883][ T1011] ? __pfx_cleanup_net+0x10/0x10 [ 70.466908][ T1011] ? __pfx_process_one_work+0x10/0x10 [ 70.466928][ T1011] ? rcu_is_watching+0x12/0xc0 [ 70.466955][ T1011] ? assign_work+0x1a0/0x250 [ 70.466975][ T1011] worker_thread+0x6c8/0xf00 [ 70.466997][ T1011] ? __kthread_parkme+0x148/0x220 [ 70.467023][ T1011] ? __pfx_worker_thread+0x10/0x10 [ 70.467043][ T1011] kthread+0x3af/0x750 [ 70.467061][ T1011] ? __pfx_kthread+0x10/0x10 [ 70.467078][ T1011] ? lock_acquire+0x2f/0xb0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 70.467100][ T1011] ? __pfx_kthread+0x10/0x10 [ 70.467118][ T1011] ret_from_fork+0x45/0x80 [ 70.467140][ T1011] ? __pfx_kthread+0x10/0x10 [ 70.467158][ T1011] ret_from_fork_asm+0x1a/0x30 [ 70.467182][ T1011] [ 71.168923][ T1011] bridge_slave_1: left allmulticast mode [ 71.174597][ T1011] bridge_slave_1: left promiscuous mode [ 71.180359][ T1011] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.188293][ T1011] bridge_slave_0: left allmulticast mode [ 71.194117][ T1011] bridge_slave_0: left promiscuous mode [ 71.199919][ T1011] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.303976][ T1011] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 71.313641][ T1011] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 71.323344][ T1011] bond0 (unregistering): Released all slaves [ 71.398392][ T1011] hsr_slave_0: left promiscuous mode [ 71.404055][ T1011] hsr_slave_1: left promiscuous mode [ 71.409678][ T1011] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 71.417330][ T1011] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 71.441607][ T1011] team0 (unregistering): Port device team_slave_1 removed [ 71.455896][ T1011] team0 (unregistering): Port device team_slave_0 removed [ 71.816914][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.823185][ T1296] ieee802154 phy1 wpan1: encryption failed: -22