[ 86.655498][ T57] cfg80211: failed to load regulatory.db Warning: Permanently added '[localhost]:27241' (ED25519) to the list of known hosts. 2025/04/22 09:13:26 ignoring optional flag "sandboxArg"="0" 2025/04/22 09:13:28 parsed 1 programs [ 320.428957][ T5345] cgroup: Unknown subsys name 'net' [ 320.499324][ T5345] cgroup: Unknown subsys name 'cpuset' [ 320.503825][ T5345] cgroup: Unknown subsys name 'rlimit' [ 322.015482][ T5345] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 322.167179][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.169639][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 325.624930][ T5353] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 325.940759][ T5360] chnl_net:caif_netlink_parms(): no params data found [ 326.004220][ T5360] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.008251][ T5360] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.011294][ T5360] bridge_slave_0: entered allmulticast mode [ 326.014720][ T5360] bridge_slave_0: entered promiscuous mode [ 326.021092][ T5360] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.023831][ T5360] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.027733][ T5360] bridge_slave_1: entered allmulticast mode [ 326.031133][ T5360] bridge_slave_1: entered promiscuous mode [ 326.055713][ T5360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 326.061224][ T5360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.087036][ T5360] team0: Port device team_slave_0 added [ 326.092441][ T5360] team0: Port device team_slave_1 added [ 326.112128][ T5360] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 326.114985][ T5360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.125816][ T5360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 326.132052][ T5360] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 326.134795][ T5360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 326.144833][ T5360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 326.180300][ T5360] hsr_slave_0: entered promiscuous mode [ 326.183316][ T5360] hsr_slave_1: entered promiscuous mode [ 326.321635][ T5360] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 326.331330][ T5360] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 326.338068][ T5360] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 326.343434][ T5360] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 326.370169][ T5360] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.373446][ T5360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.377349][ T5360] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.380879][ T5360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.452730][ T5360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.468558][ T3009] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.472212][ T3009] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.485889][ T5360] 8021q: adding VLAN 0 to HW filter on device team0 [ 326.496830][ T4082] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.499693][ T4082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.509249][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.512103][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.552138][ T5360] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 326.690300][ T5360] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 326.733703][ T5360] veth0_vlan: entered promiscuous mode [ 326.742483][ T5360] veth1_vlan: entered promiscuous mode [ 326.771786][ T5360] veth0_macvtap: entered promiscuous mode [ 326.779421][ T5360] veth1_macvtap: entered promiscuous mode [ 326.796785][ T5360] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 326.809734][ T5360] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 326.820397][ T5360] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.824146][ T5360] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.831807][ T5360] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.836032][ T5360] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.995307][ T5360] syz-executor (5360) used greatest stack depth: 19192 bytes left [ 327.010787][ T1037] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.050873][ T1037] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.084830][ T1037] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.119556][ T1037] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.350909][ T4082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 327.354014][ T4082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 327.387126][ T3009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 327.389922][ T3009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 328.672452][ T5419] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 328.677505][ T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 328.680693][ T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 328.684398][ T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 328.688599][ T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 329.757739][ T1037] bridge_slave_1: left allmulticast mode [ 329.760018][ T1037] bridge_slave_1: left promiscuous mode [ 329.762864][ T1037] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.847858][ T1037] bridge_slave_0: left allmulticast mode [ 329.850140][ T1037] bridge_slave_0: left promiscuous mode [ 329.852413][ T1037] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.372224][ T1037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 330.378981][ T1037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 330.383431][ T1037] bond0 (unregistering): Released all slaves [ 330.476043][ T1037] hsr_slave_0: left promiscuous mode [ 330.478668][ T1037] hsr_slave_1: left promiscuous mode [ 330.481310][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 330.483908][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 330.488592][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 330.491459][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 330.501691][ T1037] veth1_macvtap: left promiscuous mode [ 330.503968][ T1037] veth0_macvtap: left promiscuous mode [ 330.507072][ T1037] veth1_vlan: left promiscuous mode [ 330.509459][ T1037] veth0_vlan: left promiscuous mode [ 330.750598][ T1037] team0 (unregistering): Port device team_slave_1 removed [ 330.772476][ T1037] team0 (unregistering): Port device team_slave_0 removed 2025/04/22 09:13:42 executed programs: 0 [ 332.733351][ T4670] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 332.741210][ T4670] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 332.744900][ T4670] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 332.755383][ T4670] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 332.759065][ T4670] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 333.111215][ T5475] chnl_net:caif_netlink_parms(): no params data found [ 333.240031][ T5475] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.242909][ T5475] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.256216][ T5475] bridge_slave_0: entered allmulticast mode [ 333.259693][ T5475] bridge_slave_0: entered promiscuous mode [ 333.276260][ T5475] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.279286][ T5475] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.282394][ T5475] bridge_slave_1: entered allmulticast mode [ 333.295290][ T5475] bridge_slave_1: entered promiscuous mode [ 333.347588][ T5475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 333.363673][ T5475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 333.413905][ T5475] team0: Port device team_slave_0 added [ 333.422959][ T5475] team0: Port device team_slave_1 added [ 333.466394][ T5475] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 333.469181][ T5475] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.486499][ T5475] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 333.496271][ T5475] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 333.498644][ T5475] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.525917][ T5475] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 333.597954][ T5475] hsr_slave_0: entered promiscuous mode [ 333.601121][ T5475] hsr_slave_1: entered promiscuous mode [ 334.243465][ T5475] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 334.257347][ T5475] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 334.268896][ T5475] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 334.286577][ T5475] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 334.427139][ T5475] 8021q: adding VLAN 0 to HW filter on device bond0 [ 334.449078][ T5475] 8021q: adding VLAN 0 to HW filter on device team0 [ 334.472782][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.475777][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 334.500537][ T1037] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.503204][ T1037] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.567796][ T5475] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 334.806845][ T49] Bluetooth: hci0: command tx timeout [ 334.829961][ T5475] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.902475][ T5475] veth0_vlan: entered promiscuous mode [ 334.922282][ T5475] veth1_vlan: entered promiscuous mode [ 334.984445][ T5475] veth0_macvtap: entered promiscuous mode [ 335.000495][ T5475] veth1_macvtap: entered promiscuous mode [ 335.027921][ T5475] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 335.047893][ T5475] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 335.068608][ T5475] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.072230][ T5475] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.086262][ T5475] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.089597][ T5475] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.209918][ T5385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.212967][ T5385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.258625][ T4082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.261860][ T4082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.389990][ T5531] netlink: 'syz.0.16': attribute type 10 has an invalid length. [ 335.424127][ T5531] team0: Port device wlan1 added [ 335.460693][ T5533] netlink: 'syz.0.17': attribute type 10 has an invalid length. [ 335.529201][ T5535] netlink: 'syz.0.18': attribute type 10 has an invalid length. [ 335.567043][ T5537] netlink: 'syz.0.19': attribute type 10 has an invalid length. [ 335.599404][ T5539] netlink: 'syz.0.20': attribute type 10 has an invalid length. [ 335.648499][ T5541] netlink: 'syz.0.21': attribute type 10 has an invalid length. [ 335.674310][ T5542] netlink: 'syz.0.22': attribute type 10 has an invalid length. [ 335.718915][ T5544] netlink: 'syz.0.23': attribute type 10 has an invalid length. [ 335.774195][ T5545] netlink: 'syz.0.24': attribute type 10 has an invalid length. [ 335.803203][ T5547] netlink: 'syz.0.25': attribute type 10 has an invalid length. [ 336.885633][ T49] Bluetooth: hci0: command tx timeout 2025/04/22 09:13:47 executed programs: 84 [ 338.965874][ T49] Bluetooth: hci0: command tx timeout [ 340.398530][ T5770] validate_nla: 203 callbacks suppressed [ 340.398546][ T5770] netlink: 'syz.0.229': attribute type 10 has an invalid length. [ 340.432392][ T5771] netlink: 'syz.0.230': attribute type 10 has an invalid length. [ 340.450710][ T5772] netlink: 'syz.0.231': attribute type 10 has an invalid length. [ 340.468546][ T5773] netlink: 'syz.0.232': attribute type 10 has an invalid length. [ 340.501148][ T5774] netlink: 'syz.0.233': attribute type 10 has an invalid length. [ 340.516295][ T5775] netlink: 'syz.0.234': attribute type 10 has an invalid length. [ 340.531132][ T5776] netlink: 'syz.0.235': attribute type 10 has an invalid length. [ 340.561725][ T5777] netlink: 'syz.0.236': attribute type 10 has an invalid length. [ 340.581403][ T5778] netlink: 'syz.0.237': attribute type 10 has an invalid length. [ 340.597020][ T5779] netlink: 'syz.0.238': attribute type 10 has an invalid length. [ 341.045331][ T49] Bluetooth: hci0: command tx timeout 2025/04/22 09:13:52 executed programs: 327 [ 345.414386][ T6013] validate_nla: 233 callbacks suppressed [ 345.414401][ T6013] netlink: 'syz.0.472': attribute type 10 has an invalid length. [ 345.441074][ T6014] netlink: 'syz.0.473': attribute type 10 has an invalid length. [ 345.459390][ T6015] netlink: 'syz.0.474': attribute type 10 has an invalid length. [ 345.474737][ T6016] netlink: 'syz.0.475': attribute type 10 has an invalid length. [ 345.504029][ T6017] netlink: 'syz.0.476': attribute type 10 has an invalid length. [ 345.519510][ T6018] netlink: 'syz.0.477': attribute type 10 has an invalid length. [ 345.533246][ T6019] netlink: 'syz.0.478': attribute type 10 has an invalid length. [ 345.562420][ T6020] netlink: 'syz.0.479': attribute type 10 has an invalid length. [ 345.578538][ T6021] netlink: 'syz.0.480': attribute type 10 has an invalid length. [ 345.592615][ T6022] netlink: 'syz.0.481': attribute type 10 has an invalid length. 2025/04/22 09:13:57 executed programs: 569 [ 348.462580][ T4670] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 348.466921][ T4670] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 348.470016][ T4670] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 348.473191][ T4670] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 348.479942][ T4670] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 348.592485][ T4082] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.650161][ T4082] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.696892][ T4082] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.722243][ T6159] chnl_net:caif_netlink_parms(): no params data found [ 348.752995][ T4082] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.811162][ T6159] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.813814][ T6159] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.820795][ T6159] bridge_slave_0: entered allmulticast mode [ 348.823585][ T6159] bridge_slave_0: entered promiscuous mode [ 348.828288][ T6159] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.830867][ T6159] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.833684][ T6159] bridge_slave_1: entered allmulticast mode [ 348.838112][ T6159] bridge_slave_1: entered promiscuous mode [ 348.924460][ T6159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 348.937936][ T6159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 348.989123][ T4082] bridge_slave_1: left allmulticast mode [ 348.991385][ T4082] bridge_slave_1: left promiscuous mode [ 348.993603][ T4082] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.016917][ T4082] bridge_slave_0: left allmulticast mode [ 349.019246][ T4082] bridge_slave_0: left promiscuous mode [ 349.021553][ T4082] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.364676][ T4082] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 349.371307][ T4082] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 349.376654][ T4082] bond0 (unregistering): Released all slaves [ 349.441825][ T6159] team0: Port device team_slave_0 added [ 349.456914][ T6159] team0: Port device team_slave_1 added [ 349.487330][ T4082] [ 349.488379][ T4082] ====================================================== [ 349.491086][ T4082] WARNING: possible circular locking dependency detected [ 349.493860][ T4082] 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 Not tainted [ 349.497516][ T4082] ------------------------------------------------------ [ 349.500210][ T4082] kworker/u4:11/4082 is trying to acquire lock: [ 349.502666][ T4082] ffff888043a18e00 (team->team_lock_key){+.+.}-{4:4}, at: team_del_slave+0x32/0x1d0 [ 349.506387][ T4082] [ 349.506387][ T4082] but task is already holding lock: [ 349.509343][ T4082] ffff888048530768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x12b/0x700 [ 349.513308][ T4082] [ 349.513308][ T4082] which lock already depends on the new lock. [ 349.513308][ T4082] [ 349.517357][ T4082] [ 349.517357][ T4082] the existing dependency chain (in reverse order) is: [ 349.520765][ T4082] [ 349.520765][ T4082] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 349.523736][ T4082] lock_acquire+0x116/0x2f0 [ 349.525779][ T4082] __mutex_lock+0x1a5/0x10c0 [ 349.527701][ T4082] ieee80211_open+0xe9/0x1e0 [ 349.529743][ T4082] __dev_open+0x484/0x900 [ 349.531654][ T4082] netif_open+0xaf/0x1b0 [ 349.533572][ T4082] dev_open+0x13e/0x260 [ 349.535432][ T4082] team_add_slave+0xac0/0x28b0 [ 349.537495][ T4082] do_set_master+0x579/0x730 [ 349.539490][ T4082] do_setlink+0xf76/0x4390 [ 349.541443][ T4082] rtnl_newlink+0x17e2/0x1fe0 [ 349.543539][ T4082] rtnetlink_rcv_msg+0x80f/0xd70 [ 349.545693][ T4082] netlink_rcv_skb+0x208/0x480 [ 349.547807][ T4082] netlink_unicast+0x7f8/0x9a0 [ 349.549974][ T4082] netlink_sendmsg+0x8c3/0xcd0 [ 349.552207][ T4082] __sock_sendmsg+0x221/0x270 [ 349.554300][ T4082] ____sys_sendmsg+0x523/0x860 [ 349.556369][ T4082] __sys_sendmsg+0x271/0x360 [ 349.558382][ T4082] do_syscall_64+0xf3/0x210 [ 349.560375][ T4082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.562925][ T4082] [ 349.562925][ T4082] -> #0 (team->team_lock_key){+.+.}-{4:4}: [ 349.566103][ T4082] validate_chain+0xa69/0x24e0 [ 349.568181][ T4082] __lock_acquire+0xad5/0xd80 [ 349.570337][ T4082] lock_acquire+0x116/0x2f0 [ 349.572467][ T4082] __mutex_lock+0x1a5/0x10c0 [ 349.574493][ T4082] team_del_slave+0x32/0x1d0 [ 349.576564][ T4082] team_device_event+0x200/0x5b0 [ 349.579085][ T4082] notifier_call_chain+0x1a5/0x3f0 [ 349.581384][ T4082] unregister_netdevice_many_notify+0x16b7/0x2640 [ 349.584009][ T4082] unregister_netdevice_queue+0x383/0x400 [ 349.586322][ T4082] _cfg80211_unregister_wdev+0x163/0x590 [ 349.588972][ T4082] ieee80211_remove_interfaces+0x4f1/0x700 [ 349.591535][ T4082] ieee80211_unregister_hw+0x5d/0x2c0 [ 349.593904][ T4082] mac80211_hwsim_del_radio+0x2c6/0x4c0 [ 349.596189][ T4082] hwsim_exit_net+0x5c3/0x670 [ 349.598219][ T4082] cleanup_net+0x814/0xd60 [ 349.600115][ T4082] process_scheduled_works+0xac3/0x18e0 [ 349.602482][ T4082] worker_thread+0x870/0xd50 [ 349.604469][ T4082] kthread+0x7b7/0x940 [ 349.606301][ T4082] ret_from_fork+0x4b/0x80 [ 349.608282][ T4082] ret_from_fork_asm+0x1a/0x30 [ 349.610376][ T4082] [ 349.610376][ T4082] other info that might help us debug this: [ 349.610376][ T4082] [ 349.614415][ T4082] Possible unsafe locking scenario: [ 349.614415][ T4082] [ 349.617352][ T4082] CPU0 CPU1 [ 349.619530][ T4082] ---- ---- [ 349.621780][ T4082] lock(&rdev->wiphy.mtx); [ 349.623597][ T4082] lock(team->team_lock_key); [ 349.626413][ T4082] lock(&rdev->wiphy.mtx); [ 349.629191][ T4082] lock(team->team_lock_key); [ 349.631141][ T4082] [ 349.631141][ T4082] *** DEADLOCK *** [ 349.631141][ T4082] [ 349.634410][ T4082] 5 locks held by kworker/u4:11/4082: [ 349.636535][ T4082] #0: ffff88801c29b948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 349.640767][ T4082] #1: ffffc9000f347c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 349.644890][ T4082] #2: ffffffff900f0a90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17c/0xd60 [ 349.648475][ T4082] #3: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0 [ 349.652447][ T4082] #4: ffff888048530768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x12b/0x700 [ 349.656709][ T4082] [ 349.656709][ T4082] stack backtrace: [ 349.659124][ T4082] CPU: 0 UID: 0 PID: 4082 Comm: kworker/u4:11 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(full) [ 349.659139][ T4082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 349.659148][ T4082] Workqueue: netns cleanup_net [ 349.659166][ T4082] Call Trace: [ 349.659174][ T4082] [ 349.659180][ T4082] dump_stack_lvl+0x241/0x360 [ 349.659197][ T4082] ? __pfx_dump_stack_lvl+0x10/0x10 [ 349.659213][ T4082] ? __pfx__printk+0x10/0x10 [ 349.659227][ T4082] ? print_lock+0x171/0x1a0 [ 349.659244][ T4082] print_circular_bug+0x2e1/0x300 [ 349.659256][ T4082] check_noncircular+0x142/0x160 [ 349.659268][ T4082] validate_chain+0xa69/0x24e0 [ 349.659279][ T4082] ? _raw_spin_unlock_irqrestore+0x90/0x140 [ 349.659296][ T4082] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 349.659310][ T4082] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 349.659329][ T4082] __lock_acquire+0xad5/0xd80 [ 349.659345][ T4082] lock_acquire+0x116/0x2f0 [ 349.659358][ T4082] ? team_del_slave+0x32/0x1d0 [ 349.659376][ T4082] __mutex_lock+0x1a5/0x10c0 [ 349.659387][ T4082] ? team_del_slave+0x32/0x1d0 [ 349.659402][ T4082] ? xsk_notifier+0x218/0x230 [ 349.659419][ T4082] ? team_del_slave+0x32/0x1d0 [ 349.659432][ T4082] ? bond_netdev_event+0xe0/0xfb0 [ 349.659443][ T4082] ? __pfx___mutex_lock+0x10/0x10 [ 349.659454][ T4082] ? __timer_delete_sync+0x25f/0x310 [ 349.659468][ T4082] ? __asan_memset+0x23/0x50 [ 349.659483][ T4082] team_del_slave+0x32/0x1d0 [ 349.659499][ T4082] team_device_event+0x200/0x5b0 [ 349.659510][ T4082] ? notifier_call_chain+0x15a/0x3f0 [ 349.659521][ T4082] notifier_call_chain+0x1a5/0x3f0 [ 349.659532][ T4082] unregister_netdevice_many_notify+0x16b7/0x2640 [ 349.659550][ T4082] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 349.659562][ T4082] ? call_rcu+0x7a4/0xad0 [ 349.659572][ T4082] ? lockdep_hardirqs_on+0x9d/0x150 [ 349.659588][ T4082] unregister_netdevice_queue+0x383/0x400 [ 349.659599][ T4082] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 349.659612][ T4082] _cfg80211_unregister_wdev+0x163/0x590 [ 349.659629][ T4082] ieee80211_remove_interfaces+0x4f1/0x700 [ 349.659644][ T4082] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 349.659656][ T4082] ? rcu_is_watching+0x15/0xb0 [ 349.659668][ T4082] ieee80211_unregister_hw+0x5d/0x2c0 [ 349.659685][ T4082] mac80211_hwsim_del_radio+0x2c6/0x4c0 [ 349.659699][ T4082] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 349.659712][ T4082] hwsim_exit_net+0x5c3/0x670 [ 349.659728][ T4082] ? __pfx_hwsim_exit_net+0x10/0x10 [ 349.659743][ T4082] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 349.659757][ T4082] cleanup_net+0x814/0xd60 [ 349.659772][ T4082] ? __pfx_cleanup_net+0x10/0x10 [ 349.659788][ T4082] ? process_scheduled_works+0x9cb/0x18e0 [ 349.659804][ T4082] process_scheduled_works+0xac3/0x18e0 [ 349.659825][ T4082] ? __pfx_process_scheduled_works+0x10/0x10 [ 349.659843][ T4082] ? assign_work+0x367/0x3d0 [ 349.659864][ T4082] worker_thread+0x870/0xd50 [ 349.659877][ T4082] ? __kthread_parkme+0x1a8/0x200 [ 349.659888][ T4082] ? __pfx_worker_thread+0x10/0x10 [ 349.659898][ T4082] kthread+0x7b7/0x940 [ 349.659910][ T4082] ? __pfx_worker_thread+0x10/0x10 [ 349.659920][ T4082] ? __pfx_kthread+0x10/0x10 [ 349.659930][ T4082] ? __pfx_kthread+0x10/0x10 [ 349.659941][ T4082] ? __pfx_kthread+0x10/0x10 [ 349.659952][ T4082] ? __pfx_kthread+0x10/0x10 [ 349.659963][ T4082] ? _raw_spin_unlock_irq+0x23/0x50 [ 349.659977][ T4082] ? lockdep_hardirqs_on+0x9d/0x150 [ 349.659986][ T4082] ? __pfx_kthread+0x10/0x10 [ 349.659998][ T4082] ret_from_fork+0x4b/0x80 [ 349.660009][ T4082] ? __pfx_kthread+0x10/0x10 [ 349.660020][ T4082] ret_from_fork_asm+0x1a/0x30 [ 349.660034][ T4082] [ 349.809574][ T4082] team0: Port device wlan1 removed [ 349.836515][ T6159] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 349.839288][ T6159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 349.859009][ T6159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 349.888908][ T6159] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 349.891832][ T6159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 349.915860][ T6159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 349.936996][ T4082] hsr_slave_0: left promiscuous mode [ 349.939605][ T4082] hsr_slave_1: left promiscuous mode [ 349.946656][ T4082] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 349.949649][ T4082] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 349.961591][ T4082] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 349.964396][ T4082] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 349.977147][ T4082] veth1_macvtap: left promiscuous mode [ 349.979208][ T4082] veth0_macvtap: left promiscuous mode [ 349.981473][ T4082] veth1_vlan: left promiscuous mode [ 349.983456][ T4082] veth0_vlan: left promiscuous mode [ 350.111257][ T4082] team0 (unregistering): Port device team_slave_1 removed [ 350.123066][ T4082] team0 (unregistering): Port device team_slave_0 removed [ 350.223194][ T6159] hsr_slave_0: entered promiscuous mode [ 350.234445][ T6159] hsr_slave_1: entered promiscuous mode [ 350.531337][ T6159] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 350.545379][ T6159] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 350.551473][ T6159] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 350.566742][ T4670] Bluetooth: hci0: command tx timeout [ 350.569738][ T6159] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 350.649678][ T6159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 350.668565][ T6159] 8021q: adding VLAN 0 to HW filter on device team0 [ 350.673167][ T5385] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.676248][ T5385] bridge0: port 1(bridge_slave_0) entered forwarding state [ 350.707522][ T5385] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.710501][ T5385] bridge0: port 2(bridge_slave_1) entered forwarding state [ 350.871306][ T6159] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 350.917333][ T6159] veth0_vlan: entered promiscuous mode [ 350.930180][ T6159] veth1_vlan: entered promiscuous mode [ 350.967445][ T6159] veth0_macvtap: entered promiscuous mode [ 350.973181][ T6159] veth1_macvtap: entered promiscuous mode [ 350.989868][ T6159] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 350.994281][ T6159] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 351.023227][ T6159] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.028304][ T6159] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.031536][ T6159] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.034767][ T6159] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.061446][ T6159] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' [ 351.074392][ T1037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.081119][ T6159] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' [ 351.087182][ T1037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.099543][ T4082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.102617][ T4082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.142878][ T6209] validate_nla: 134 callbacks suppressed [ 351.142892][ T6209] netlink: 'syz.0.616': attribute type 10 has an invalid length. [ 351.153001][ T6209] team0: Port device wlan1 added [ 351.163489][ T6210] netlink: 'syz.0.617': attribute type 10 has an invalid length. [ 351.179196][ T6211] netlink: 'syz.0.618': attribute type 10 has an invalid length. [ 351.212428][ T6212] netlink: 'syz.0.619': attribute type 10 has an invalid length. [ 351.224060][ T6213] netlink: 'syz.0.620': attribute type 10 has an invalid length. [ 351.236959][ T6214] netlink: 'syz.0.621': attribute type 10 has an invalid length. [ 351.269420][ T6215] netlink: 'syz.0.622': attribute type 10 has an invalid length. [ 351.290518][ T6216] netlink: 'syz.0.623': attribute type 10 has an invalid length. [ 351.311596][ T6217] netlink: 'syz.0.624': attribute type 10 has an invalid length. [ 351.329548][ T6218] netlink: 'syz.0.625': attribute type 10 has an invalid length. [ 352.645197][ T4670] Bluetooth: hci0: command tx timeout 2025/04/22 09:14:02 executed programs: 690 [ 354.725830][ T4670] Bluetooth: hci0: command tx timeout [ 356.149409][ T6476] validate_nla: 257 callbacks suppressed [ 356.149425][ T6476] netlink: 'syz.0.883': attribute type 10 has an invalid length. [ 356.162680][ T6477] netlink: 'syz.0.884': attribute type 10 has an invalid length. [ 356.191419][ T6478] netlink: 'syz.0.885': attribute type 10 has an invalid length. [ 356.202120][ T6479] netlink: 'syz.0.886': attribute type 10 has an invalid length. [ 356.211747][ T6480] netlink: 'syz.0.887': attribute type 10 has an invalid length. [ 356.252014][ T6481] netlink: 'syz.0.888': attribute type 10 has an invalid length. [ 356.263209][ T6482] netlink: 'syz.0.889': attribute type 10 has an invalid length. [ 356.274790][ T6483] netlink: 'syz.0.890': attribute type 10 has an invalid length. [ 356.311407][ T6484] netlink: 'syz.0.891': attribute type 10 has an invalid length. [ 356.322024][ T6485] netlink: 'syz.0.892': attribute type 10 has an invalid length. [ 356.805507][ T4670] Bluetooth: hci0: command tx timeout 2025/04/22 09:14:07 executed programs: 956 VM DIAGNOSIS: 09:13:59 Registers: info registers vcpu 0 CPU#0 RAX=000000000000006c RBX=ffffffff9aa7dba0 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000f346790 R8 =ffffffff85969b2b R9 =1ffff11003dfd046 R10=dffffc0000000000 R11=ffffffff85969ae0 R12=dffffc0000000000 R13=000000000000006c R14=000000000000006c R15=00000000000003f8 RIP=ffffffff85969b5e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88808c59a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005645889fa131 CR3=000000004f3b0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000ff808000 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff360828e0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5414211a1f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5414211a17 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5414211a4a ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5414211a57 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5414211a51 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5414211a65 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5414211aeb ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5414211bc9 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6576616c735f6567 6469726200305f65 76616c735f656764 6972620030732500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40534449565f4042 414c574700155f40 534449565f404241 4c57470015560000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000