last executing test programs: 1.867218255s ago: executing program 2 (id=3): mkdir(&(0x7f0000000000), 0x0) 1.854920768s ago: executing program 0 (id=1): sched_rr_get_interval(0x0, &(0x7f0000000000)) 1.846175337s ago: executing program 3 (id=4): umask$auto(0x0) 1.844698723s ago: executing program 1 (id=2): shmdt(0x0) 1.79087804s ago: executing program 2 (id=5): futex(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 1.790724177s ago: executing program 3 (id=6): setreuid(0x0, 0x0) 1.754558315s ago: executing program 3 (id=10): fsmount(0xffffffffffffffff, 0x0, 0x0) 1.283039326s ago: executing program 0 (id=7): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.260180835s ago: executing program 1 (id=8): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 873.316364ms ago: executing program 3 (id=11): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 709.507733ms ago: executing program 2 (id=9): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 633.549743ms ago: executing program 1 (id=13): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 332.627531ms ago: executing program 3 (id=14): epoll_create1(0x0) 218.154991ms ago: executing program 2 (id=15): fanotify_init(0x0, 0x0) 0s ago: executing program 1 (id=16): expanding glob: /sys/**/* kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.14' (ED25519) to the list of known hosts. syzkaller login: [ 65.430033][ T5819] cgroup: Unknown subsys name 'net' [ 65.560539][ T5819] cgroup: Unknown subsys name 'cpuset' [ 65.569300][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.922277][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.905502][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 68.960166][ T966] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.988719][ T966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.137330][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.148533][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.746898][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 70.090819][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.107125][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.121612][ T5863] bridge_slave_0: entered allmulticast mode [ 70.129634][ T5863] bridge_slave_0: entered promiscuous mode [ 70.140686][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.148561][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.155813][ T5863] bridge_slave_1: entered allmulticast mode [ 70.163816][ T5863] bridge_slave_1: entered promiscuous mode [ 70.223134][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.238645][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.433615][ T5863] team0: Port device team_slave_0 added [ 70.444916][ T5863] team0: Port device team_slave_1 added [ 70.465389][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.472738][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.498966][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.527854][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.534939][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.566341][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.627267][ T3572] [ 70.629643][ T3572] ====================================================== [ 70.630224][ T5863] hsr_slave_0: entered promiscuous mode [ 70.636734][ T3572] WARNING: possible circular locking dependency detected [ 70.636752][ T3572] 6.13.0-syzkaller-05252-gbc8198dc7ebc #0 Not tainted [ 70.643009][ T5863] hsr_slave_1: entered promiscuous mode [ 70.649469][ T3572] ------------------------------------------------------ [ 70.649477][ T3572] kworker/u8:9/3572 is trying to acquire lock: [ 70.649488][ T3572] ffffffff8fed9fa8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.685664][ T3572] [ 70.685664][ T3572] but task is already holding lock: [ 70.693024][ T3572] ffff88807dcd0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 [ 70.703359][ T3572] [ 70.703359][ T3572] which lock already depends on the new lock. [ 70.703359][ T3572] [ 70.713868][ T3572] [ 70.713868][ T3572] the existing dependency chain (in reverse order) is: [ 70.722896][ T3572] [ 70.722896][ T3572] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 70.730617][ T3572] __mutex_lock+0x19b/0xb10 [ 70.735657][ T3572] wiphy_register+0x1c6b/0x2860 [ 70.741045][ T3572] ieee80211_register_hw+0x23ff/0x3ff0 [ 70.747013][ T3572] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 70.753373][ T3572] init_mac80211_hwsim+0x432/0x8c0 [ 70.759005][ T3572] do_one_initcall+0x128/0x630 [ 70.764289][ T3572] kernel_init_freeable+0x58f/0x8b0 [ 70.770111][ T3572] kernel_init+0x1c/0x2b0 [ 70.774957][ T3572] ret_from_fork+0x45/0x80 [ 70.779967][ T3572] ret_from_fork_asm+0x1a/0x30 [ 70.785335][ T3572] [ 70.785335][ T3572] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 70.792534][ T3572] __lock_acquire+0x249e/0x3c40 [ 70.797997][ T3572] lock_acquire.part.0+0x11b/0x380 [ 70.803733][ T3572] __mutex_lock+0x19b/0xb10 [ 70.808750][ T3572] unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.815936][ T3572] unregister_netdevice_queue+0x307/0x3f0 [ 70.822178][ T3572] _cfg80211_unregister_wdev+0x64b/0x830 [ 70.828338][ T3572] ieee80211_remove_interfaces+0x34f/0x720 [ 70.834837][ T3572] ieee80211_unregister_hw+0x55/0x3a0 [ 70.840838][ T3572] mac80211_hwsim_del_radio+0x268/0x370 [ 70.846916][ T3572] hwsim_exit_net+0x33f/0x6d0 [ 70.852368][ T3572] ops_exit_list+0xb0/0x180 [ 70.857401][ T3572] cleanup_net+0x5c6/0xbf0 [ 70.862545][ T3572] process_one_work+0x958/0x1b30 [ 70.868019][ T3572] worker_thread+0x6c8/0xf00 [ 70.873174][ T3572] kthread+0x3af/0x750 [ 70.877766][ T3572] ret_from_fork+0x45/0x80 [ 70.882877][ T3572] ret_from_fork_asm+0x1a/0x30 [ 70.888263][ T3572] [ 70.888263][ T3572] other info that might help us debug this: [ 70.888263][ T3572] [ 70.898481][ T3572] Possible unsafe locking scenario: [ 70.898481][ T3572] [ 70.905970][ T3572] CPU0 CPU1 [ 70.911417][ T3572] ---- ---- [ 70.917114][ T3572] lock(&rdev->wiphy.mtx); [ 70.921609][ T3572] lock(rtnl_mutex); [ 70.928100][ T3572] lock(&rdev->wiphy.mtx); [ 70.935105][ T3572] lock(rtnl_mutex); [ 70.939075][ T3572] [ 70.939075][ T3572] *** DEADLOCK *** [ 70.939075][ T3572] [ 70.947208][ T3572] 4 locks held by kworker/u8:9/3572: [ 70.952515][ T3572] #0: ffff88801bef5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 70.962897][ T3572] #1: ffffc9000d6cfd18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 70.972918][ T3572] #2: ffffffff8fec3f90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xbf0 [ 70.982574][ T3572] #3: ffff88807dcd0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 [ 70.993700][ T3572] [ 70.993700][ T3572] stack backtrace: [ 70.999672][ T3572] CPU: 1 UID: 0 PID: 3572 Comm: kworker/u8:9 Not tainted 6.13.0-syzkaller-05252-gbc8198dc7ebc #0 [ 70.999688][ T3572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 70.999698][ T3572] Workqueue: netns cleanup_net [ 70.999723][ T3572] Call Trace: [ 70.999728][ T3572] [ 70.999734][ T3572] dump_stack_lvl+0x116/0x1f0 [ 70.999752][ T3572] print_circular_bug+0x490/0x760 [ 70.999773][ T3572] check_noncircular+0x31a/0x400 [ 70.999792][ T3572] ? __pfx_check_noncircular+0x10/0x10 [ 70.999813][ T3572] ? lockdep_lock+0xc6/0x200 [ 70.999828][ T3572] ? __pfx_lockdep_lock+0x10/0x10 [ 70.999843][ T3572] ? lockdep_hardirqs_on+0x7c/0x110 [ 70.999856][ T3572] __lock_acquire+0x249e/0x3c40 [ 70.999871][ T3572] ? __pfx___lock_acquire+0x10/0x10 [ 70.999883][ T3572] ? synchronize_rcu_expedited+0x426/0x450 [ 70.999896][ T3572] ? __pfx_lock_release+0x10/0x10 [ 70.999908][ T3572] lock_acquire.part.0+0x11b/0x380 [ 70.999920][ T3572] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.999938][ T3572] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 70.999950][ T3572] ? rcu_is_watching+0x12/0xc0 [ 70.999965][ T3572] ? trace_lock_acquire+0x14e/0x1f0 [ 70.999981][ T3572] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 70.999997][ T3572] ? lock_acquire+0x2f/0xb0 [ 71.000007][ T3572] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 71.000024][ T3572] __mutex_lock+0x19b/0xb10 [ 71.000037][ T3572] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 71.000054][ T3572] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 71.000070][ T3572] ? __pfx___mutex_lock+0x10/0x10 [ 71.000082][ T3572] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 71.000096][ T3572] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 71.000108][ T3572] ? __pfx___might_resched+0x10/0x10 [ 71.000120][ T3572] ? unregister_netdevice_many_notify+0x959/0x21a0 [ 71.000137][ T3572] ? unregister_netdevice_many_notify+0x1a51/0x21a0 [ 71.000152][ T3572] ? rtnl_lock+0x9/0x20 [ 71.000166][ T3572] unregister_netdevice_many_notify+0x1a51/0x21a0 [ 71.000184][ T3572] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 71.000201][ T3572] ? find_held_lock+0x2d/0x110 [ 71.000217][ T3572] ? kernfs_remove_by_name_ns+0xc4/0x130 [ 71.000236][ T3572] ? __pfx_lock_release+0x10/0x10 [ 71.000247][ T3572] ? __call_rcu_common.constprop.0+0x3ea/0x870 [ 71.000261][ T3572] unregister_netdevice_queue+0x307/0x3f0 [ 71.000277][ T3572] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 71.000294][ T3572] _cfg80211_unregister_wdev+0x64b/0x830 [ 71.000314][ T3572] ieee80211_remove_interfaces+0x34f/0x720 [ 71.000329][ T3572] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 71.000344][ T3572] ieee80211_unregister_hw+0x55/0x3a0 [ 71.000361][ T3572] mac80211_hwsim_del_radio+0x268/0x370 [ 71.000382][ T3572] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 71.000401][ T3572] ? __local_bh_enable_ip+0xa4/0x120 [ 71.000416][ T3572] hwsim_exit_net+0x33f/0x6d0 [ 71.000429][ T3572] ? __pfx_hwsim_exit_net+0x10/0x10 [ 71.000441][ T3572] ? __pfx___might_resched+0x10/0x10 [ 71.000453][ T3572] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 71.000470][ T3572] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 71.000485][ T3572] ? __pfx_hwsim_exit_net+0x10/0x10 [ 71.000497][ T3572] ops_exit_list+0xb0/0x180 [ 71.000516][ T3572] cleanup_net+0x5c6/0xbf0 [ 71.000532][ T3572] ? __pfx_cleanup_net+0x10/0x10 [ 71.000547][ T3572] ? lock_acquire+0x2f/0xb0 [ 71.000558][ T3572] ? process_one_work+0x8bb/0x1b30 [ 71.000578][ T3572] process_one_work+0x958/0x1b30 [ 71.000599][ T3572] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 71.000611][ T3572] ? __pfx_process_one_work+0x10/0x10 [ 71.000629][ T3572] ? rcu_is_watching+0x12/0xc0 [ 71.000646][ T3572] ? assign_work+0x1a0/0x250 [ 71.000664][ T3572] worker_thread+0x6c8/0xf00 [ 71.000677][ T3572] ? __kthread_parkme+0x148/0x220 [ 71.000692][ T3572] ? __pfx_worker_thread+0x10/0x10 [ 71.000703][ T3572] kthread+0x3af/0x750 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 71.000720][ T3572] ? __pfx_kthread+0x10/0x10 [ 71.000737][ T3572] ? lock_acquire+0x2f/0xb0 [ 71.000749][ T3572] ? __pfx_kthread+0x10/0x10 [ 71.000766][ T3572] ret_from_fork+0x45/0x80 [ 71.000779][ T3572] ? __pfx_kthread+0x10/0x10 [ 71.000796][ T3572] ret_from_fork_asm+0x1a/0x30 [ 71.000817][ T3572] [ 71.648814][ T3572] bridge_slave_1: left allmulticast mode [ 71.654552][ T3572] bridge_slave_1: left promiscuous mode [ 71.660325][ T3572] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.668635][ T3572] bridge_slave_0: left allmulticast mode [ 71.674318][ T3572] bridge_slave_0: left promiscuous mode [ 71.680093][ T3572] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.758257][ T3572] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 71.768269][ T3572] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 71.777774][ T3572] bond0 (unregistering): Released all slaves [ 71.838674][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.844987][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.852751][ T3572] hsr_slave_0: left promiscuous mode [ 71.859013][ T3572] hsr_slave_1: left promiscuous mode [ 71.864755][ T3572] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 71.872934][ T3572] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 71.894073][ T3572] team0 (unregistering): Port device team_slave_1 removed [ 71.903989][ T3572] team0 (unregistering): Port device team_slave_0 removed