last executing test programs: 3.150610392s ago: executing program 2 (id=107): socket$pppoe(0x18, 0x1, 0x0) 3.142260077s ago: executing program 2 (id=110): socket$igmp6(0xa, 0x3, 0x2) 3.085480668s ago: executing program 2 (id=113): socket$l2tp6(0xa, 0x2, 0x73) 3.083283523s ago: executing program 2 (id=117): socket$hf(0x13, 0x2, 0x0) 3.081980218s ago: executing program 1 (id=118): socket$inet6_sctp(0xa, 0x1, 0x84) 3.081682915s ago: executing program 4 (id=120): syz_init_net_socket$ax25(0x3, 0x2, 0x0) 3.033248048s ago: executing program 1 (id=121): socket$vsock_stream(0x28, 0x1, 0x0) 3.033004321s ago: executing program 4 (id=122): getpid() 3.032157766s ago: executing program 0 (id=124): epoll_wait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 3.032105171s ago: executing program 1 (id=125): socket$phonet(0x23, 0x2, 0x1) 3.032048489s ago: executing program 3 (id=126): nanosleep(&(0x7f0000000000), 0x0) 3.031983077s ago: executing program 4 (id=127): syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) 3.030749231s ago: executing program 0 (id=128): pwritev(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 3.021673148s ago: executing program 3 (id=129): socket$caif_stream(0x25, 0x1, 0x0) 3.018250267s ago: executing program 4 (id=130): socket$nl_crypto(0x10, 0x3, 0x15) 3.015257806s ago: executing program 0 (id=131): socket$inet6_mptcp(0xa, 0x1, 0x106) 2.537894835s ago: executing program 3 (id=135): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.49216723s ago: executing program 0 (id=132): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.871683394s ago: executing program 2 (id=134): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.706466145s ago: executing program 1 (id=133): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.213197642s ago: executing program 3 (id=137): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.195004579s ago: executing program 4 (id=138): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 922.208388ms ago: executing program 2 (id=141): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 855.575767ms ago: executing program 1 (id=140): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 846.713895ms ago: executing program 0 (id=139): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 394.645816ms ago: executing program 3 (id=143): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 239.155981ms ago: executing program 4 (id=142): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 186.131743ms ago: executing program 1 (id=145): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 91.116276ms ago: executing program 3 (id=147): expanding glob: /sys/**/* 0s ago: executing program 0 (id=146): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.139' (ED25519) to the list of known hosts. [ 53.689944][ T5822] cgroup: Unknown subsys name 'net' [ 53.860560][ T5822] cgroup: Unknown subsys name 'cpuset' [ 53.868635][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 55.174965][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 57.401253][ T5904] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.699516][ T5955] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 58.269881][ T5977] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 58.617342][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.648059][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.871322][ T2964] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.894550][ T2964] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.372446][ T6019] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.385896][ T6019] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.404662][ T6019] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.413517][ T6019] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.457386][ T6019] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.467190][ T6019] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.859662][ T6037] chnl_net:caif_netlink_parms(): no params data found [ 61.137682][ T6037] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.144832][ T6037] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.153044][ T6037] bridge_slave_0: entered allmulticast mode [ 61.160333][ T6037] bridge_slave_0: entered promiscuous mode [ 61.171745][ T6037] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.179285][ T6037] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.186512][ T6037] bridge_slave_1: entered allmulticast mode [ 61.193305][ T6037] bridge_slave_1: entered promiscuous mode [ 61.213677][ T6037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.224627][ T6037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.248700][ T6037] team0: Port device team_slave_0 added [ 61.256997][ T6037] team0: Port device team_slave_1 added [ 61.287678][ T6037] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.294656][ T6037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.328280][ T6037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.350510][ T6037] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.358030][ T6037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.385270][ T6037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.477889][ T52] [ 61.479835][ T6037] hsr_slave_0: entered promiscuous mode [ 61.480234][ T52] ====================================================== [ 61.486445][ T6037] hsr_slave_1: entered promiscuous mode [ 61.492836][ T52] WARNING: possible circular locking dependency detected [ 61.492849][ T52] 6.13.0-rc7-syzkaller-01620-gcf33d96f5090 #0 Not tainted [ 61.492859][ T52] ------------------------------------------------------ [ 61.492865][ T52] kworker/u8:3/52 is trying to acquire lock: [ 61.492874][ T52] ffffffff8fcb4e08 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 61.492935][ T52] [ 61.492935][ T52] but task is already holding lock: [ 61.492941][ T52] ffff888028348768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 61.492987][ T52] [ 61.492987][ T52] which lock already depends on the new lock. [ 61.492987][ T52] [ 61.492993][ T52] [ 61.492993][ T52] the existing dependency chain (in reverse order) is: [ 61.493000][ T52] [ 61.493000][ T52] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 61.493026][ T52] lock_acquire+0x1ed/0x550 [ 61.493045][ T52] __mutex_lock+0x1ac/0xee0 [ 61.493063][ T52] wiphy_register+0x1a49/0x27b0 [ 61.493085][ T52] ieee80211_register_hw+0x354e/0x4240 [ 61.493104][ T52] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 61.493125][ T52] init_mac80211_hwsim+0x87a/0xb00 [ 61.613897][ T52] do_one_initcall+0x248/0x870 [ 61.619198][ T52] do_initcall_level+0x157/0x210 [ 61.624650][ T52] do_initcalls+0x3f/0x80 [ 61.629496][ T52] kernel_init_freeable+0x435/0x5d0 [ 61.635209][ T52] kernel_init+0x1d/0x2b0 [ 61.640048][ T52] ret_from_fork+0x4b/0x80 [ 61.644975][ T52] ret_from_fork_asm+0x1a/0x30 [ 61.650255][ T52] [ 61.650255][ T52] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 61.657456][ T52] validate_chain+0x18ef/0x5920 [ 61.662821][ T52] __lock_acquire+0x1397/0x2100 [ 61.668188][ T52] lock_acquire+0x1ed/0x550 [ 61.673201][ T52] __mutex_lock+0x1ac/0xee0 [ 61.678210][ T52] unregister_netdevice_many_notify+0xac2/0x2030 [ 61.685070][ T52] unregister_netdevice_queue+0x303/0x370 [ 61.691341][ T52] _cfg80211_unregister_wdev+0x163/0x590 [ 61.697481][ T52] ieee80211_remove_interfaces+0x4ef/0x700 [ 61.703798][ T52] ieee80211_unregister_hw+0x5d/0x2c0 [ 61.709685][ T52] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 61.715839][ T52] hwsim_exit_net+0x5c1/0x670 [ 61.721120][ T52] cleanup_net+0x812/0xd60 [ 61.726082][ T52] process_scheduled_works+0xa66/0x1840 [ 61.732225][ T52] worker_thread+0x870/0xd30 [ 61.737325][ T52] kthread+0x2f0/0x390 [ 61.741903][ T52] ret_from_fork+0x4b/0x80 [ 61.746833][ T52] ret_from_fork_asm+0x1a/0x30 [ 61.752110][ T52] [ 61.752110][ T52] other info that might help us debug this: [ 61.752110][ T52] [ 61.762329][ T52] Possible unsafe locking scenario: [ 61.762329][ T52] [ 61.769762][ T52] CPU0 CPU1 [ 61.775113][ T52] ---- ---- [ 61.780459][ T52] lock(&rdev->wiphy.mtx); [ 61.784957][ T52] lock(rtnl_mutex); [ 61.791446][ T52] lock(&rdev->wiphy.mtx); [ 61.798458][ T52] lock(rtnl_mutex); [ 61.802431][ T52] [ 61.802431][ T52] *** DEADLOCK *** [ 61.802431][ T52] [ 61.810583][ T52] 4 locks held by kworker/u8:3/52: [ 61.815682][ T52] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 61.826548][ T52] #1: ffffc90000bc7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 61.837154][ T52] #2: ffffffff8fca8850 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 61.846560][ T52] #3: ffff888028348768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 61.857356][ T52] [ 61.857356][ T52] stack backtrace: [ 61.863335][ T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc7-syzkaller-01620-gcf33d96f5090 #0 [ 61.874083][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 61.884215][ T52] Workqueue: netns cleanup_net [ 61.889244][ T52] Call Trace: [ 61.892601][ T52] [ 61.895547][ T52] dump_stack_lvl+0x241/0x360 [ 61.900218][ T52] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.905406][ T52] ? __pfx__printk+0x10/0x10 [ 61.909992][ T52] print_circular_bug+0x13a/0x1b0 [ 61.915617][ T52] check_noncircular+0x36a/0x4a0 [ 61.920546][ T52] ? __pfx_check_noncircular+0x10/0x10 [ 61.925997][ T52] ? lockdep_lock+0x123/0x2b0 [ 61.930669][ T52] validate_chain+0x18ef/0x5920 [ 61.935511][ T52] ? __lock_acquire+0x1397/0x2100 [ 61.940528][ T52] ? __pfx_validate_chain+0x10/0x10 [ 61.945716][ T52] ? mark_lock+0x9a/0x360 [ 61.950040][ T52] ? mark_lock+0x9a/0x360 [ 61.954369][ T52] ? __lock_acquire+0x1397/0x2100 [ 61.959394][ T52] ? mark_lock+0x9a/0x360 [ 61.963712][ T52] __lock_acquire+0x1397/0x2100 [ 61.968558][ T52] lock_acquire+0x1ed/0x550 [ 61.973051][ T52] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 61.979549][ T52] ? __pfx_lock_acquire+0x10/0x10 [ 61.984575][ T52] ? __pfx___might_resched+0x10/0x10 [ 61.989863][ T52] ? finish_wait+0xd4/0x1e0 [ 61.994366][ T52] __mutex_lock+0x1ac/0xee0 [ 61.998862][ T52] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 62.005360][ T52] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 62.011852][ T52] ? __pfx___mutex_lock+0x10/0x10 [ 62.016950][ T52] ? __pfx___might_resched+0x10/0x10 [ 62.022227][ T52] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 62.028919][ T52] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 62.035415][ T52] unregister_netdevice_many_notify+0xac2/0x2030 [ 62.041733][ T52] ? mark_lock+0x9a/0x360 [ 62.046090][ T52] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 62.052844][ T52] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 62.058555][ T52] ? __pfx_lock_release+0x10/0x10 [ 62.063573][ T52] unregister_netdevice_queue+0x303/0x370 [ 62.069284][ T52] ? __pfx_up_write+0x10/0x10 [ 62.073951][ T52] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 62.080184][ T52] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 62.085916][ T52] _cfg80211_unregister_wdev+0x163/0x590 [ 62.091540][ T52] ieee80211_remove_interfaces+0x4ef/0x700 [ 62.097339][ T52] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 62.103654][ T52] ? rcu_is_watching+0x15/0xb0 [ 62.108413][ T52] ieee80211_unregister_hw+0x5d/0x2c0 [ 62.113775][ T52] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 62.119327][ T52] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 62.125394][ T52] hwsim_exit_net+0x5c1/0x670 [ 62.130073][ T52] ? __pfx_hwsim_exit_net+0x10/0x10 [ 62.135263][ T52] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 62.141061][ T52] cleanup_net+0x812/0xd60 [ 62.145469][ T52] ? __pfx_cleanup_net+0x10/0x10 [ 62.150412][ T52] ? process_scheduled_works+0x976/0x1840 [ 62.156119][ T52] process_scheduled_works+0xa66/0x1840 [ 62.161747][ T52] ? __pfx_process_scheduled_works+0x10/0x10 [ 62.167720][ T52] ? assign_work+0x364/0x3d0 [ 62.172300][ T52] worker_thread+0x870/0xd30 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 62.176882][ T52] ? __kthread_parkme+0x169/0x1d0 [ 62.181918][ T52] ? __pfx_worker_thread+0x10/0x10 [ 62.187024][ T52] kthread+0x2f0/0x390 [ 62.191086][ T52] ? __pfx_worker_thread+0x10/0x10 [ 62.196185][ T52] ? __pfx_kthread+0x10/0x10 [ 62.200762][ T52] ret_from_fork+0x4b/0x80 [ 62.205171][ T52] ? __pfx_kthread+0x10/0x10 [ 62.209760][ T52] ret_from_fork_asm+0x1a/0x30 [ 62.214522][ T52] [ 62.501083][ T52] bridge_slave_1: left allmulticast mode [ 62.506769][ T52] bridge_slave_1: left promiscuous mode [ 62.512525][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.520437][ T52] bridge_slave_0: left allmulticast mode [ 62.526071][ T52] bridge_slave_0: left promiscuous mode [ 62.531765][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.636555][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 62.646258][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 62.655615][ T52] bond0 (unregistering): Released all slaves [ 62.770336][ T52] hsr_slave_0: left promiscuous mode [ 62.776114][ T52] hsr_slave_1: left promiscuous mode [ 62.781904][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 62.790401][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 62.816764][ T52] team0 (unregistering): Port device team_slave_1 removed [ 62.832870][ T52] team0 (unregistering): Port device team_slave_0 removed