Warning: Permanently added '[localhost]:59515' (ED25519) to the list of known hosts. 2025/05/24 07:12:41 ignoring optional flag "sandboxArg"="0" 2025/05/24 07:12:43 parsed 1 programs syzkaller login: [ 83.397704][ T5313] cgroup: Unknown subsys name 'net' [ 83.488019][ T5313] cgroup: Unknown subsys name 'cpuset' [ 83.495075][ T5313] cgroup: Unknown subsys name 'rlimit' [ 85.343457][ T5313] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.721738][ T5326] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 90.699540][ T5339] chnl_net:caif_netlink_parms(): no params data found [ 90.802806][ T5339] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.814550][ T5339] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.817681][ T5339] bridge_slave_0: entered allmulticast mode [ 90.833974][ T5339] bridge_slave_0: entered promiscuous mode [ 90.839485][ T5339] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.842582][ T5339] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.846294][ T5339] bridge_slave_1: entered allmulticast mode [ 90.853747][ T5339] bridge_slave_1: entered promiscuous mode [ 90.901835][ T5339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.926653][ T5339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.969102][ T5339] team0: Port device team_slave_0 added [ 90.986885][ T5339] team0: Port device team_slave_1 added [ 91.026783][ T5339] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.029752][ T5339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.054155][ T5339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.073886][ T5339] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.076891][ T5339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.104176][ T5339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.173035][ T5339] hsr_slave_0: entered promiscuous mode [ 91.185127][ T5339] hsr_slave_1: entered promiscuous mode [ 91.478153][ T5339] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.489734][ T5339] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.496134][ T5339] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.501752][ T5339] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.581203][ T5339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.602266][ T5339] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.612524][ T1033] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.615742][ T1033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.637327][ T1033] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.640227][ T1033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.697893][ T5339] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.778582][ T9] cfg80211: failed to load regulatory.db [ 92.008132][ T5339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.047310][ T5339] veth0_vlan: entered promiscuous mode [ 92.056056][ T5339] veth1_vlan: entered promiscuous mode [ 92.083246][ T5339] veth0_macvtap: entered promiscuous mode [ 92.090175][ T5339] veth1_macvtap: entered promiscuous mode [ 92.107199][ T5339] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.116992][ T5339] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.125763][ T5339] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.129605][ T5339] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.133132][ T5339] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.138422][ T5339] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.352096][ T5339] syz-executor (5339) used greatest stack depth: 21000 bytes left [ 92.376691][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.429959][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.463256][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.509009][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.312919][ T5372] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.318910][ T5372] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.322496][ T5372] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.328326][ T5372] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.331753][ T5372] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.681453][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.695261][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.718534][ T1046] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.721901][ T1046] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.634022][ T42] bridge_slave_1: left allmulticast mode [ 94.636755][ T42] bridge_slave_1: left promiscuous mode [ 94.639938][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.737759][ T42] bridge_slave_0: left allmulticast mode [ 94.740111][ T42] bridge_slave_0: left promiscuous mode [ 94.742612][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.343850][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 95.350199][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 95.365886][ T42] bond0 (unregistering): Released all slaves [ 95.495153][ T42] hsr_slave_0: left promiscuous mode [ 95.504928][ T42] hsr_slave_1: left promiscuous mode [ 95.507734][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 95.510936][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 95.525059][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.528274][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.551292][ T42] veth1_macvtap: left promiscuous mode [ 95.563857][ T42] veth0_macvtap: left promiscuous mode [ 95.566548][ T42] veth1_vlan: left promiscuous mode [ 95.569076][ T42] veth0_vlan: left promiscuous mode [ 95.859467][ T42] team0 (unregistering): Port device team_slave_1 removed [ 95.877724][ T42] team0 (unregistering): Port device team_slave_0 removed 2025/05/24 07:13:01 executed programs: 0 [ 99.028358][ T4658] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.032395][ T4658] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.047249][ T4658] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.050905][ T4658] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.055519][ T4658] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.423229][ T5446] chnl_net:caif_netlink_parms(): no params data found [ 99.550402][ T5446] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.557352][ T5446] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.560595][ T5446] bridge_slave_0: entered allmulticast mode [ 99.575175][ T5446] bridge_slave_0: entered promiscuous mode [ 99.585049][ T5446] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.588321][ T5446] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.591515][ T5446] bridge_slave_1: entered allmulticast mode [ 99.605588][ T5446] bridge_slave_1: entered promiscuous mode [ 99.639933][ T5446] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.650251][ T5446] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.699676][ T5446] team0: Port device team_slave_0 added [ 99.716003][ T5446] team0: Port device team_slave_1 added [ 99.765848][ T5446] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.769016][ T5446] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.791477][ T5446] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.802657][ T5446] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.815900][ T5446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.845419][ T5446] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.916693][ T5446] hsr_slave_0: entered promiscuous mode [ 99.919982][ T5446] hsr_slave_1: entered promiscuous mode [ 100.626951][ T5446] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.638431][ T5446] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.658954][ T5446] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.676097][ T5446] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.821612][ T5446] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.859027][ T5446] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.879613][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.882543][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.901280][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.904391][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.950552][ T5446] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 100.966514][ T5446] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 101.116291][ T4658] Bluetooth: hci0: command tx timeout [ 101.286801][ T5446] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.357497][ T5446] veth0_vlan: entered promiscuous mode [ 101.363064][ T5446] veth1_vlan: entered promiscuous mode [ 101.419574][ T5446] veth0_macvtap: entered promiscuous mode [ 101.435804][ T5446] veth1_macvtap: entered promiscuous mode [ 101.461230][ T5446] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.481634][ T5446] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.498386][ T5446] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.502066][ T5446] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.525078][ T5446] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.528617][ T5446] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.665112][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.668577][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.739720][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.743274][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.832518][ T5499] netlink: 'syz.0.16': attribute type 10 has an invalid length. [ 101.886469][ T5499] team0: Port device wlan1 added [ 101.938671][ T5501] netlink: 'syz.0.17': attribute type 10 has an invalid length. [ 102.001545][ T5503] netlink: 'syz.0.18': attribute type 10 has an invalid length. [ 102.068128][ T5504] netlink: 'syz.0.19': attribute type 10 has an invalid length. [ 102.118394][ T5507] netlink: 'syz.0.20': attribute type 10 has an invalid length. [ 102.189463][ T5508] netlink: 'syz.0.21': attribute type 10 has an invalid length. [ 102.251486][ T5510] netlink: 'syz.0.22': attribute type 10 has an invalid length. [ 102.297214][ T5511] netlink: 'syz.0.23': attribute type 10 has an invalid length. [ 102.384885][ T5513] netlink: 'syz.0.24': attribute type 10 has an invalid length. [ 102.440738][ T5514] netlink: 'syz.0.25': attribute type 10 has an invalid length. [ 103.195867][ T4658] Bluetooth: hci0: command tx timeout 2025/05/24 07:13:06 executed programs: 39 [ 105.274291][ T4658] Bluetooth: hci0: command tx timeout [ 106.842922][ T5644] validate_nla: 104 callbacks suppressed [ 106.842938][ T5644] netlink: 'syz.0.130': attribute type 10 has an invalid length. [ 106.878436][ T5645] netlink: 'syz.0.131': attribute type 10 has an invalid length. [ 106.902019][ T5646] netlink: 'syz.0.132': attribute type 10 has an invalid length. [ 106.948139][ T5647] netlink: 'syz.0.133': attribute type 10 has an invalid length. [ 106.993275][ T5648] netlink: 'syz.0.134': attribute type 10 has an invalid length. [ 107.017491][ T5649] netlink: 'syz.0.135': attribute type 10 has an invalid length. [ 107.076229][ T5650] netlink: 'syz.0.136': attribute type 10 has an invalid length. [ 107.108296][ T5651] netlink: 'syz.0.137': attribute type 10 has an invalid length. [ 107.137858][ T5652] netlink: 'syz.0.138': attribute type 10 has an invalid length. [ 107.185666][ T5653] netlink: 'syz.0.139': attribute type 10 has an invalid length. [ 107.354966][ T4658] Bluetooth: hci0: command tx timeout 2025/05/24 07:13:11 executed programs: 178 [ 111.852707][ T5793] validate_nla: 139 callbacks suppressed [ 111.852722][ T5793] netlink: 'syz.0.279': attribute type 10 has an invalid length. [ 111.891116][ T5794] netlink: 'syz.0.280': attribute type 10 has an invalid length. [ 111.917809][ T5795] netlink: 'syz.0.281': attribute type 10 has an invalid length. [ 111.960218][ T5796] netlink: 'syz.0.282': attribute type 10 has an invalid length. [ 111.981541][ T5797] netlink: 'syz.0.283': attribute type 10 has an invalid length. [ 112.028274][ T5798] netlink: 'syz.0.284': attribute type 10 has an invalid length. [ 112.067118][ T5799] netlink: 'syz.0.285': attribute type 10 has an invalid length. [ 112.098105][ T5800] netlink: 'syz.0.286': attribute type 10 has an invalid length. [ 112.125381][ T5801] netlink: 'syz.0.287': attribute type 10 has an invalid length. [ 112.158502][ T5802] netlink: 'syz.0.288': attribute type 10 has an invalid length. 2025/05/24 07:13:16 executed programs: 330 [ 116.879175][ T5945] validate_nla: 141 callbacks suppressed [ 116.879190][ T5945] netlink: 'syz.0.430': attribute type 10 has an invalid length. [ 116.899912][ T5946] netlink: 'syz.0.431': attribute type 10 has an invalid length. [ 116.917920][ T5947] netlink: 'syz.0.432': attribute type 10 has an invalid length. [ 116.942114][ T5948] netlink: 'syz.0.433': attribute type 10 has an invalid length. [ 116.958206][ T5949] netlink: 'syz.0.434': attribute type 10 has an invalid length. [ 116.972548][ T5950] netlink: 'syz.0.435': attribute type 10 has an invalid length. [ 117.002809][ T5951] netlink: 'syz.0.436': attribute type 10 has an invalid length. [ 117.019602][ T5952] netlink: 'syz.0.437': attribute type 10 has an invalid length. [ 117.037231][ T5953] netlink: 'syz.0.438': attribute type 10 has an invalid length. [ 117.065109][ T5954] netlink: 'syz.0.439': attribute type 10 has an invalid length. 2025/05/24 07:13:21 executed programs: 520 [ 120.757606][ T5372] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 120.761221][ T5372] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 120.765669][ T5372] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 120.769627][ T5372] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 120.774892][ T5372] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 120.927200][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.975701][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.991430][ T6138] chnl_net:caif_netlink_parms(): no params data found [ 121.019387][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.059246][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.111689][ T6138] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.118815][ T6138] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.122076][ T6138] bridge_slave_0: entered allmulticast mode [ 121.126861][ T6138] bridge_slave_0: entered promiscuous mode [ 121.152463][ T6138] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.156689][ T6138] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.159605][ T6138] bridge_slave_1: entered allmulticast mode [ 121.164786][ T6138] bridge_slave_1: entered promiscuous mode [ 121.260750][ T6138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.277719][ T6138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.300187][ T42] bridge_slave_1: left allmulticast mode [ 121.302621][ T42] bridge_slave_1: left promiscuous mode [ 121.311107][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.327250][ T42] bridge_slave_0: left allmulticast mode [ 121.329920][ T42] bridge_slave_0: left promiscuous mode [ 121.332542][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.714945][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 121.720184][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 121.726702][ T42] bond0 (unregistering): Released all slaves [ 121.792991][ T6138] team0: Port device team_slave_0 added [ 121.801718][ T6138] team0: Port device team_slave_1 added [ 121.816980][ T42] [ 121.818099][ T42] ====================================================== [ 121.821100][ T42] WARNING: possible circular locking dependency detected [ 121.824028][ T42] 6.15.0-rc7-syzkaller-00133-g7586ac7c340c #0 Not tainted [ 121.828088][ T42] ------------------------------------------------------ [ 121.830905][ T42] kworker/u4:3/42 is trying to acquire lock: [ 121.833322][ T42] ffff88803ffd4e00 (team->team_lock_key){+.+.}-{4:4}, at: team_del_slave+0x32/0x1c0 [ 121.837477][ T42] [ 121.837477][ T42] but task is already holding lock: [ 121.840580][ T42] ffff888043b88768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0 [ 121.844685][ T42] [ 121.844685][ T42] which lock already depends on the new lock. [ 121.844685][ T42] [ 121.849120][ T42] [ 121.849120][ T42] the existing dependency chain (in reverse order) is: [ 121.852866][ T42] [ 121.852866][ T42] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 121.856219][ T42] lock_acquire+0x120/0x360 [ 121.858361][ T42] __mutex_lock+0x182/0xe80 [ 121.860517][ T42] ieee80211_open+0xed/0x1f0 [ 121.862655][ T42] __dev_open+0x470/0x880 [ 121.864742][ T42] netif_open+0xaa/0x170 [ 121.866933][ T42] dev_open+0x125/0x260 [ 121.868972][ T42] team_add_slave+0xb36/0x2840 [ 121.871153][ T42] do_set_master+0x533/0x6d0 [ 121.873366][ T42] do_setlink+0xd47/0x40d0 [ 121.875380][ T42] rtnl_newlink+0x160b/0x1c70 [ 121.877583][ T42] rtnetlink_rcv_msg+0x7cf/0xb70 [ 121.879776][ T42] netlink_rcv_skb+0x21c/0x490 [ 121.882022][ T42] netlink_unicast+0x758/0x8d0 [ 121.884276][ T42] netlink_sendmsg+0x805/0xb30 [ 121.886611][ T42] __sock_sendmsg+0x219/0x270 [ 121.888738][ T42] ____sys_sendmsg+0x505/0x830 [ 121.890882][ T42] ___sys_sendmsg+0x21f/0x2a0 [ 121.893023][ T42] __x64_sys_sendmsg+0x19b/0x260 [ 121.895276][ T42] do_syscall_64+0xf6/0x210 [ 121.897373][ T42] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.899945][ T42] [ 121.899945][ T42] -> #0 (team->team_lock_key){+.+.}-{4:4}: [ 121.903171][ T42] validate_chain+0xb9b/0x2140 [ 121.905364][ T42] __lock_acquire+0xaac/0xd20 [ 121.907640][ T42] lock_acquire+0x120/0x360 [ 121.909756][ T42] __mutex_lock+0x182/0xe80 [ 121.911850][ T42] team_del_slave+0x32/0x1c0 [ 121.914025][ T42] team_device_event+0x285/0xa20 [ 121.916379][ T42] notifier_call_chain+0x1b6/0x3e0 [ 121.918708][ T42] unregister_netdevice_many_notify+0x15d8/0x2330 [ 121.921581][ T42] unregister_netdevice_queue+0x33c/0x380 [ 121.924669][ T42] _cfg80211_unregister_wdev+0x165/0x590 [ 121.927396][ T42] ieee80211_remove_interfaces+0x49a/0x6d0 [ 121.930080][ T42] ieee80211_unregister_hw+0x5d/0x2c0 [ 121.932638][ T42] mac80211_hwsim_del_radio+0x275/0x460 [ 121.935268][ T42] hwsim_exit_net+0x584/0x640 [ 121.937477][ T42] cleanup_net+0x71a/0xbd0 [ 121.939537][ T42] process_scheduled_works+0xadb/0x17a0 [ 121.942093][ T42] worker_thread+0x8a0/0xda0 [ 121.944302][ T42] kthread+0x70e/0x8a0 [ 121.946389][ T42] ret_from_fork+0x4b/0x80 [ 121.948616][ T42] ret_from_fork_asm+0x1a/0x30 [ 121.950852][ T42] [ 121.950852][ T42] other info that might help us debug this: [ 121.950852][ T42] [ 121.955006][ T42] Possible unsafe locking scenario: [ 121.955006][ T42] [ 121.958045][ T42] CPU0 CPU1 [ 121.960219][ T42] ---- ---- [ 121.962429][ T42] lock(&rdev->wiphy.mtx); [ 121.964338][ T42] lock(team->team_lock_key); [ 121.967300][ T42] lock(&rdev->wiphy.mtx); [ 121.970232][ T42] lock(team->team_lock_key); [ 121.972161][ T42] [ 121.972161][ T42] *** DEADLOCK *** [ 121.972161][ T42] [ 121.975477][ T42] 5 locks held by kworker/u4:3/42: [ 121.977626][ T42] #0: ffff888030427948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 121.982145][ T42] #1: ffffc900005dfc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 121.986489][ T42] #2: ffffffff8f2ee010 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x145/0xbd0 [ 121.990232][ T42] #3: ffffffff8f2fab48 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0 [ 121.994333][ T42] #4: ffff888043b88768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0 [ 121.999165][ T42] [ 121.999165][ T42] stack backtrace: [ 122.001616][ T42] CPU: 0 UID: 0 PID: 42 Comm: kworker/u4:3 Not tainted 6.15.0-rc7-syzkaller-00133-g7586ac7c340c #0 PREEMPT(full) [ 122.001629][ T42] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 122.001639][ T42] Workqueue: netns cleanup_net [ 122.001657][ T42] Call Trace: [ 122.001664][ T42] [ 122.001670][ T42] dump_stack_lvl+0x189/0x250 [ 122.001688][ T42] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.001702][ T42] ? __pfx__printk+0x10/0x10 [ 122.001713][ T42] ? print_lock_name+0xde/0x100 [ 122.001729][ T42] print_circular_bug+0x2ee/0x310 [ 122.001742][ T42] check_noncircular+0x134/0x160 [ 122.001753][ T42] validate_chain+0xb9b/0x2140 [ 122.001764][ T42] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 122.001778][ T42] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.001802][ T42] __lock_acquire+0xaac/0xd20 [ 122.001819][ T42] ? team_del_slave+0x32/0x1c0 [ 122.001828][ T42] lock_acquire+0x120/0x360 [ 122.001841][ T42] ? team_del_slave+0x32/0x1c0 [ 122.001852][ T42] ? __mutex_trylock_common+0x153/0x260 [ 122.001863][ T42] __mutex_lock+0x182/0xe80 [ 122.001875][ T42] ? team_del_slave+0x32/0x1c0 [ 122.001883][ T42] ? rcu_is_watching+0x15/0xb0 [ 122.001893][ T42] ? team_del_slave+0x32/0x1c0 [ 122.001903][ T42] ? __pfx___mutex_lock+0x10/0x10 [ 122.001915][ T42] ? bond_netdev_event+0xd9/0xe80 [ 122.001926][ T42] ? __pfx___mutex_lock+0x10/0x10 [ 122.001938][ T42] ? __pfx_bond_netdev_event+0x10/0x10 [ 122.001949][ T42] team_del_slave+0x32/0x1c0 [ 122.001958][ T42] team_device_event+0x285/0xa20 [ 122.001970][ T42] notifier_call_chain+0x1b6/0x3e0 [ 122.001982][ T42] unregister_netdevice_many_notify+0x15d8/0x2330 [ 122.001996][ T42] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 122.002006][ T42] ? call_rcu+0x6dd/0x990 [ 122.002014][ T42] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.002028][ T42] unregister_netdevice_queue+0x33c/0x380 [ 122.002042][ T42] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 122.002057][ T42] _cfg80211_unregister_wdev+0x165/0x590 [ 122.002075][ T42] ieee80211_remove_interfaces+0x49a/0x6d0 [ 122.002089][ T42] ? __pfx_synchronize_rcu+0x10/0x10 [ 122.002099][ T42] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 122.002111][ T42] ? rcu_is_watching+0x15/0xb0 [ 122.002122][ T42] ieee80211_unregister_hw+0x5d/0x2c0 [ 122.002135][ T42] mac80211_hwsim_del_radio+0x275/0x460 [ 122.002147][ T42] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 122.002159][ T42] hwsim_exit_net+0x584/0x640 [ 122.002174][ T42] ? __pfx_hwsim_exit_net+0x10/0x10 [ 122.002183][ T42] ? __ip_vs_dev_cleanup_batch+0x238/0x260 [ 122.002192][ T42] cleanup_net+0x71a/0xbd0 [ 122.002200][ T42] ? __pfx_cleanup_net+0x10/0x10 [ 122.002208][ T42] ? _raw_spin_unlock_irq+0x23/0x50 [ 122.002215][ T42] ? process_scheduled_works+0x9ec/0x17a0 [ 122.002221][ T42] ? process_scheduled_works+0x9ec/0x17a0 [ 122.002227][ T42] process_scheduled_works+0xadb/0x17a0 [ 122.002237][ T42] ? __pfx_process_scheduled_works+0x10/0x10 [ 122.002254][ T42] worker_thread+0x8a0/0xda0 [ 122.002264][ T42] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 122.002276][ T42] ? __kthread_parkme+0x7b/0x200 [ 122.002288][ T42] kthread+0x70e/0x8a0 [ 122.002299][ T42] ? __pfx_worker_thread+0x10/0x10 [ 122.002308][ T42] ? __pfx_kthread+0x10/0x10 [ 122.002320][ T42] ? __pfx_kthread+0x10/0x10 [ 122.002331][ T42] ? _raw_spin_unlock_irq+0x23/0x50 [ 122.002341][ T42] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.002352][ T42] ? __pfx_kthread+0x10/0x10 [ 122.002362][ T42] ret_from_fork+0x4b/0x80 [ 122.002373][ T42] ? __pfx_kthread+0x10/0x10 [ 122.002384][ T42] ret_from_fork_asm+0x1a/0x30 [ 122.002397][ T42] [ 122.164293][ T42] team0: Port device wlan1 removed [ 122.220397][ T6138] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.223214][ T6138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.248865][ T6138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.264520][ T6138] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.267321][ T6138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.305347][ T6138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.316165][ T42] hsr_slave_0: left promiscuous mode [ 122.318911][ T42] hsr_slave_1: left promiscuous mode [ 122.321583][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 122.332276][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 122.345288][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 122.348467][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 122.356490][ T42] veth1_macvtap: left promiscuous mode [ 122.358707][ T42] veth0_macvtap: left promiscuous mode [ 122.360933][ T42] veth1_vlan: left promiscuous mode [ 122.363035][ T42] veth0_vlan: left promiscuous mode [ 122.470340][ T42] team0 (unregistering): Port device team_slave_1 removed [ 122.481625][ T42] team0 (unregistering): Port device team_slave_0 removed [ 122.589110][ T6138] hsr_slave_0: entered promiscuous mode [ 122.604061][ T6138] hsr_slave_1: entered promiscuous mode [ 122.797284][ T4658] Bluetooth: hci0: command tx timeout [ 122.916187][ T6138] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 122.923156][ T6138] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 122.936855][ T6138] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 122.945747][ T6138] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 123.054323][ T6138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.077094][ T6138] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.085605][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.088605][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.115771][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.118819][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.305142][ T6138] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.355181][ T6138] veth0_vlan: entered promiscuous mode [ 123.364551][ T6138] veth1_vlan: entered promiscuous mode [ 123.399206][ T6138] veth0_macvtap: entered promiscuous mode [ 123.415267][ T6138] veth1_macvtap: entered promiscuous mode [ 123.435296][ T6138] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.445154][ T6138] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.458366][ T6138] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.461686][ T6138] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.483981][ T6138] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.487659][ T6138] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.519903][ T6138] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' [ 123.540189][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.543416][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.549096][ T6138] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' [ 123.564905][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.568475][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.592037][ T6185] validate_nla: 176 callbacks suppressed [ 123.592051][ T6185] netlink: 'syz.0.616': attribute type 10 has an invalid length. [ 123.604628][ T6185] team0: Port device wlan1 added [ 123.615042][ T6186] netlink: 'syz.0.617': attribute type 10 has an invalid length. [ 123.629957][ T6187] netlink: 'syz.0.618': attribute type 10 has an invalid length. [ 123.659009][ T6188] netlink: 'syz.0.619': attribute type 10 has an invalid length. [ 123.672451][ T6189] netlink: 'syz.0.620': attribute type 10 has an invalid length. [ 123.685525][ T6190] netlink: 'syz.0.621': attribute type 10 has an invalid length. [ 123.719109][ T6191] netlink: 'syz.0.622': attribute type 10 has an invalid length. [ 123.730069][ T6192] netlink: 'syz.0.623': attribute type 10 has an invalid length. [ 123.740388][ T6193] netlink: 'syz.0.624': attribute type 10 has an invalid length. [ 123.778222][ T6194] netlink: 'syz.0.625': attribute type 10 has an invalid length. 2025/05/24 07:13:26 executed programs: 627 [ 124.873864][ T4658] Bluetooth: hci0: command tx timeout [ 126.953908][ T4658] Bluetooth: hci0: command tx timeout [ 128.606858][ T6450] validate_nla: 255 callbacks suppressed [ 128.606869][ T6450] netlink: 'syz.0.881': attribute type 10 has an invalid length. [ 128.639552][ T6451] netlink: 'syz.0.882': attribute type 10 has an invalid length. [ 128.650572][ T6452] netlink: 'syz.0.883': attribute type 10 has an invalid length. [ 128.661868][ T6453] netlink: 'syz.0.884': attribute type 10 has an invalid length. [ 128.698015][ T6454] netlink: 'syz.0.885': attribute type 10 has an invalid length. [ 128.719338][ T6455] netlink: 'syz.0.886': attribute type 10 has an invalid length. [ 128.730850][ T6456] netlink: 'syz.0.887': attribute type 10 has an invalid length. [ 128.759117][ T6457] netlink: 'syz.0.888': attribute type 10 has an invalid length. [ 128.778717][ T6458] netlink: 'syz.0.889': attribute type 10 has an invalid length. [ 128.800565][ T6459] netlink: 'syz.0.890': attribute type 10 has an invalid length. [ 129.035668][ T4658] Bluetooth: hci0: command tx timeout 2025/05/24 07:13:31 executed programs: 893 VM DIAGNOSIS: 07:13:24 Registers: info registers vcpu 0 CPU#0 RAX=000000000000006b RBX=000000000000006b RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900005de8d0 R8 =ffff888000a88237 R9 =1ffff11000151046 R10=dffffc0000000000 R11=ffffffff853e2810 R12=dffffc0000000000 R13=ffffffff99850c66 R14=ffffffff99b55c40 R15=0000000000000000 RIP=ffffffff853e288c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88808d6c2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055f2dea0fd68 CR3=00000000110b4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c1d8ff90 Opmask01=000000000000000f Opmask02=000000000000000f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff0f 0e0d0c0b0a090807 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000001011eac ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000041 0000726569666974 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6b20657479622d32 3320646e61707865 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff ffffffff00000002 00007f71fead2000 00006e0033687465 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000c5c5c5c5 c5c5c5c500000002 0000454bc4971a00 0000540009524e5f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 366270616c203562 70616c2034627061 6c20336270616c20 326270616c203162 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 68746520306e6170 7372652030706174 65726720306c7165 742030646e6f6220 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00657572743d6e77 6f645f6669006573 6c61663d70755f66 6900316e616c7720 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 306e616c77203268 746520306e617073 7265203070617465 726720306c716574 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2030646e6f622036 6270616c20356270 616c20346270616c 20336270616c2032 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6270616c20316270 616c20306270616c 2031687465203068 7465203162666920 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0065640a6965636c 5f635f695f5f6d20 6d20656620622020 3320313320393200 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbff52532232d20 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000