last executing test programs: 5.289981107s ago: executing program 4 (id=57): mkdir(&(0x7f0000000000), 0x0) 5.244564804s ago: executing program 4 (id=63): mmap(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 5.244028868s ago: executing program 4 (id=67): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20', 0x800, 0x0) 5.191637123s ago: executing program 4 (id=71): rt_sigreturn() 2.599020135s ago: executing program 0 (id=383): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/img-rogue', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/img-rogue', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/img-rogue', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/img-rogue', 0x800, 0x0) 2.580473898s ago: executing program 0 (id=386): request_key(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 2.536882096s ago: executing program 2 (id=387): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 2.536685112s ago: executing program 1 (id=388): setitimer(0x0, &(0x7f0000000000), 0x0) 2.536343273s ago: executing program 0 (id=389): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0) 2.536111307s ago: executing program 3 (id=390): syz_open_dev$drirender(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$drirender(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$drirender(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$drirender(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$drirender(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$drirender(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$drirender(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$drirender(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$drirender(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$drirender(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$drirender(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$drirender(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$drirender(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$drirender(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$drirender(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$drirender(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$drirender(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$drirender(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$drirender(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$drirender(&(0x7f0000000500), 0x4, 0x800) 2.536018389s ago: executing program 2 (id=391): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/mice', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/mice', 0x800, 0x0) 2.535910227s ago: executing program 1 (id=392): syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vim2m(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vim2m(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vim2m(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vim2m(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vim2m(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vim2m(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vim2m(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vim2m(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vim2m(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vim2m(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vim2m(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vim2m(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vim2m(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vim2m(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vim2m(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vim2m(&(0x7f0000000500), 0x4, 0x800) 2.488808707s ago: executing program 0 (id=393): socket$can_bcm(0x1d, 0x2, 0x2) 2.488642413s ago: executing program 3 (id=394): socket$netlink(0x10, 0x3, 0x0) 2.488477277s ago: executing program 1 (id=395): flock(0xffffffffffffffff, 0x0) 2.488425532s ago: executing program 0 (id=396): tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 2.48829313s ago: executing program 3 (id=397): syz_open_dev$audion(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$audion(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$audion(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$audion(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$audion(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$audion(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$audion(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$audion(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$audion(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$audion(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$audion(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$audion(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$audion(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$audion(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$audion(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$audion(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$audion(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$audion(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$audion(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$audion(&(0x7f0000000500), 0x4, 0x800) 2.443906822s ago: executing program 2 (id=398): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptp1', 0x800, 0x0) 2.181523961s ago: executing program 3 (id=403): pwritev(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 2.027935479s ago: executing program 0 (id=399): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.744997653s ago: executing program 1 (id=400): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.651023707s ago: executing program 2 (id=401): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.519670295s ago: executing program 3 (id=404): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 836.868737ms ago: executing program 4 (id=402): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 580.888827ms ago: executing program 1 (id=406): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 380.172388ms ago: executing program 3 (id=408): syz_open_dev$sndpcmc(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x29, 0x800) 324.937663ms ago: executing program 2 (id=407): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/context', 0x2, 0x0) 311.1826ms ago: executing program 2 (id=411): syz_open_dev$sndpcmc(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2a, 0x800) 155.967072ms ago: executing program 4 (id=409): syz_open_dev$sndmidi(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x29, 0x800) 0s ago: executing program 1 (id=410): syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.195' (ED25519) to the list of known hosts. [ 59.566357][ T5809] cgroup: Unknown subsys name 'net' [ 59.706344][ T5809] cgroup: Unknown subsys name 'cpuset' [ 59.714489][ T5809] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 61.061927][ T5809] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 63.285802][ T5893] mmap: syz.0.64 (5893) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 63.530819][ T5927] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 63.990074][ T5987] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 66.660925][ T6237] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 66.901745][ T3492] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.916554][ T3492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.033435][ T3492] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.041579][ T3492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.026846][ T6249] chnl_net:caif_netlink_parms(): no params data found [ 68.435153][ T6249] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.443178][ T6249] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.451308][ T6249] bridge_slave_0: entered allmulticast mode [ 68.461783][ T6249] bridge_slave_0: entered promiscuous mode [ 68.480738][ T6249] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.500782][ T6249] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.512417][ T6249] bridge_slave_1: entered allmulticast mode [ 68.519898][ T6249] bridge_slave_1: entered promiscuous mode [ 68.587838][ T6249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.606089][ T6249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.647447][ T6249] team0: Port device team_slave_0 added [ 68.666165][ T6249] team0: Port device team_slave_1 added [ 68.785241][ T6249] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.792226][ T6249] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.819188][ T6249] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.833936][ T6249] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.840920][ T6249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.867108][ T6249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.900420][ T6249] hsr_slave_0: entered promiscuous mode [ 68.907082][ T6249] hsr_slave_1: entered promiscuous mode [ 69.007607][ T3483] [ 69.009977][ T3483] ====================================================== [ 69.016991][ T3483] WARNING: possible circular locking dependency detected [ 69.024101][ T3483] 6.13.0-syzkaller-08291-g805ba04cb7cc #0 Not tainted [ 69.031272][ T3483] ------------------------------------------------------ [ 69.038266][ T3483] kworker/u8:8/3483 is trying to acquire lock: [ 69.044569][ T3483] ffffffff8fcb1788 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 69.054913][ T3483] [ 69.054913][ T3483] but task is already holding lock: [ 69.062358][ T3483] ffff888034300768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 69.072708][ T3483] [ 69.072708][ T3483] which lock already depends on the new lock. [ 69.072708][ T3483] [ 69.083100][ T3483] [ 69.083100][ T3483] the existing dependency chain (in reverse order) is: [ 69.092101][ T3483] [ 69.092101][ T3483] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 69.099844][ T3483] lock_acquire+0x1ed/0x550 [ 69.104863][ T3483] __mutex_lock+0x19c/0x1010 [ 69.109962][ T3483] wiphy_register+0x1a49/0x27b0 [ 69.115325][ T3483] ieee80211_register_hw+0x354e/0x4240 [ 69.121295][ T3483] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 69.127551][ T3483] init_mac80211_hwsim+0x87a/0xb00 [ 69.133169][ T3483] do_one_initcall+0x248/0x870 [ 69.138446][ T3483] do_initcall_level+0x157/0x210 [ 69.143896][ T3483] do_initcalls+0x3f/0x80 [ 69.148760][ T3483] kernel_init_freeable+0x435/0x5d0 [ 69.154471][ T3483] kernel_init+0x1d/0x2b0 [ 69.159333][ T3483] ret_from_fork+0x4b/0x80 [ 69.164268][ T3483] ret_from_fork_asm+0x1a/0x30 [ 69.169546][ T3483] [ 69.169546][ T3483] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 69.176768][ T3483] validate_chain+0x18ef/0x5920 [ 69.182134][ T3483] __lock_acquire+0x1397/0x2100 [ 69.187493][ T3483] lock_acquire+0x1ed/0x550 [ 69.192501][ T3483] __mutex_lock+0x19c/0x1010 [ 69.197688][ T3483] unregister_netdevice_many_notify+0xac2/0x2030 [ 69.204520][ T3483] unregister_netdevice_queue+0x303/0x370 [ 69.210751][ T3483] _cfg80211_unregister_wdev+0x163/0x590 [ 69.216983][ T3483] ieee80211_remove_interfaces+0x4ef/0x700 [ 69.223317][ T3483] ieee80211_unregister_hw+0x5d/0x2c0 [ 69.229199][ T3483] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 69.235258][ T3483] hwsim_exit_net+0x5c1/0x670 [ 69.240445][ T3483] cleanup_net+0x812/0xd60 [ 69.245379][ T3483] process_scheduled_works+0xa66/0x1840 [ 69.251443][ T3483] worker_thread+0x870/0xd30 [ 69.256541][ T3483] kthread+0x7a9/0x920 [ 69.261118][ T3483] ret_from_fork+0x4b/0x80 [ 69.266044][ T3483] ret_from_fork_asm+0x1a/0x30 [ 69.271316][ T3483] [ 69.271316][ T3483] other info that might help us debug this: [ 69.271316][ T3483] [ 69.281706][ T3483] Possible unsafe locking scenario: [ 69.281706][ T3483] [ 69.289231][ T3483] CPU0 CPU1 [ 69.294650][ T3483] ---- ---- [ 69.300225][ T3483] lock(&rdev->wiphy.mtx); [ 69.304724][ T3483] lock(rtnl_mutex); [ 69.311304][ T3483] lock(&rdev->wiphy.mtx); [ 69.318314][ T3483] lock(rtnl_mutex); [ 69.322285][ T3483] [ 69.322285][ T3483] *** DEADLOCK *** [ 69.322285][ T3483] [ 69.330424][ T3483] 4 locks held by kworker/u8:8/3483: [ 69.335718][ T3483] #0: ffff88801baf3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 69.346593][ T3483] #1: ffffc9000d3d7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 69.357111][ T3483] #2: ffffffff8fca51d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 69.366690][ T3483] #3: ffff888034300768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 69.377526][ T3483] [ 69.377526][ T3483] stack backtrace: [ 69.383417][ T3483] CPU: 1 UID: 0 PID: 3483 Comm: kworker/u8:8 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0 [ 69.383432][ T3483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 69.383441][ T3483] Workqueue: netns cleanup_net [ 69.383462][ T3483] Call Trace: [ 69.383469][ T3483] [ 69.383475][ T3483] dump_stack_lvl+0x241/0x360 [ 69.383490][ T3483] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.383501][ T3483] ? __pfx__printk+0x10/0x10 [ 69.383520][ T3483] print_circular_bug+0x13a/0x1b0 [ 69.383538][ T3483] check_noncircular+0x36a/0x4a0 [ 69.383556][ T3483] ? __pfx_check_noncircular+0x10/0x10 [ 69.383573][ T3483] ? lockdep_lock+0x123/0x2b0 [ 69.383590][ T3483] validate_chain+0x18ef/0x5920 [ 69.383613][ T3483] ? __pfx_validate_chain+0x10/0x10 [ 69.383629][ T3483] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.383645][ T3483] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 69.383658][ T3483] ? lockdep_hardirqs_on+0x99/0x150 [ 69.383672][ T3483] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 69.383684][ T3483] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.383697][ T3483] ? __smp_call_single_queue+0x11a/0x3a0 [ 69.383714][ T3483] ? ttwu_queue_wakelist+0x286/0x3b0 [ 69.383730][ T3483] ? try_to_wake_up+0x959/0x1470 [ 69.383746][ T3483] ? mark_lock+0x9a/0x360 [ 69.383760][ T3483] ? __pfx_try_to_wake_up+0x10/0x10 [ 69.383775][ T3483] __lock_acquire+0x1397/0x2100 [ 69.383794][ T3483] lock_acquire+0x1ed/0x550 [ 69.383807][ T3483] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 69.383822][ T3483] ? __pfx_lock_acquire+0x10/0x10 [ 69.383837][ T3483] ? __pfx___might_resched+0x10/0x10 [ 69.383850][ T3483] ? finish_wait+0xd4/0x1e0 [ 69.383866][ T3483] __mutex_lock+0x19c/0x1010 [ 69.383880][ T3483] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 69.383895][ T3483] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 69.383907][ T3483] ? __pfx___mutex_lock+0x10/0x10 [ 69.383921][ T3483] ? __pfx___might_resched+0x10/0x10 [ 69.383934][ T3483] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 69.383947][ T3483] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 69.383961][ T3483] unregister_netdevice_many_notify+0xac2/0x2030 [ 69.383974][ T3483] ? mark_lock+0x9a/0x360 [ 69.383991][ T3483] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 69.384004][ T3483] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 69.384020][ T3483] ? __pfx_lock_release+0x10/0x10 [ 69.384039][ T3483] unregister_netdevice_queue+0x303/0x370 [ 69.384056][ T3483] ? __pfx_up_write+0x10/0x10 [ 69.384067][ T3483] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 69.384085][ T3483] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 69.384101][ T3483] _cfg80211_unregister_wdev+0x163/0x590 [ 69.384117][ T3483] ieee80211_remove_interfaces+0x4ef/0x700 [ 69.384139][ T3483] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 69.384157][ T3483] ? rcu_is_watching+0x15/0xb0 [ 69.384177][ T3483] ieee80211_unregister_hw+0x5d/0x2c0 [ 69.384193][ T3483] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 69.384212][ T3483] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 69.384231][ T3483] hwsim_exit_net+0x5c1/0x670 [ 69.384247][ T3483] ? __pfx_hwsim_exit_net+0x10/0x10 [ 69.384262][ T3483] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 69.384278][ T3483] cleanup_net+0x812/0xd60 [ 69.384293][ T3483] ? __pfx_cleanup_net+0x10/0x10 [ 69.384310][ T3483] ? process_scheduled_works+0x976/0x1840 [ 69.384322][ T3483] process_scheduled_works+0xa66/0x1840 [ 69.384342][ T3483] ? __pfx_process_scheduled_works+0x10/0x10 [ 69.384357][ T3483] ? assign_work+0x364/0x3d0 [ 69.384370][ T3483] worker_thread+0x870/0xd30 [ 69.384386][ T3483] ? __kthread_parkme+0x169/0x1d0 [ 69.384400][ T3483] ? __pfx_worker_thread+0x10/0x10 [ 69.384419][ T3483] kthread+0x7a9/0x920 [ 69.384433][ T3483] ? __pfx_kthread+0x10/0x10 [ 69.384447][ T3483] ? __pfx_worker_thread+0x10/0x10 [ 69.384460][ T3483] ? __pfx_kthread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 69.384473][ T3483] ? __pfx_kthread+0x10/0x10 [ 69.384488][ T3483] ? __pfx_kthread+0x10/0x10 [ 69.384501][ T3483] ? _raw_spin_unlock_irq+0x23/0x50 [ 69.384513][ T3483] ? lockdep_hardirqs_on+0x99/0x150 [ 69.384526][ T3483] ? __pfx_kthread+0x10/0x10 [ 69.384540][ T3483] ret_from_fork+0x4b/0x80 [ 69.384554][ T3483] ? __pfx_kthread+0x10/0x10 [ 69.384568][ T3483] ret_from_fork_asm+0x1a/0x30 [ 69.384585][ T3483] [ 70.054512][ T3483] bridge_slave_1: left allmulticast mode [ 70.060191][ T3483] bridge_slave_1: left promiscuous mode [ 70.065919][ T3483] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.073787][ T3483] bridge_slave_0: left allmulticast mode [ 70.079422][ T3483] bridge_slave_0: left promiscuous mode [ 70.085119][ T3483] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.188140][ T3483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 70.197780][ T3483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 70.207602][ T3483] bond0 (unregistering): Released all slaves [ 70.296532][ T3483] hsr_slave_0: left promiscuous mode [ 70.302211][ T3483] hsr_slave_1: left promiscuous mode [ 70.308121][ T3483] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 70.315798][ T3483] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 70.342869][ T3483] team0 (unregistering): Port device team_slave_1 removed [ 70.360293][ T3483] team0 (unregistering): Port device team_slave_0 removed [ 71.774827][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.781131][ T1296] ieee802154 phy1 wpan1: encryption failed: -22