last executing test programs: 3.2683635s ago: executing program 4 (id=105): getgid() 3.215729669s ago: executing program 4 (id=111): socket$inet_smc(0x2b, 0x1, 0x0) 3.214157912s ago: executing program 1 (id=114): epoll_pwait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), 0x0) 3.214004961s ago: executing program 3 (id=115): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 3.213936646s ago: executing program 4 (id=116): socket$nl_netfilter(0x10, 0x3, 0xc) 3.213893458s ago: executing program 0 (id=117): syz_init_net_socket$llc(0x1a, 0x1, 0x0) 3.170408099s ago: executing program 2 (id=118): syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) 3.169195547s ago: executing program 0 (id=119): syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) 3.168480159s ago: executing program 4 (id=120): socket$inet_icmp(0x2, 0x2, 0x1) 3.168355332s ago: executing program 3 (id=121): pselect6(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 3.168087791s ago: executing program 1 (id=122): socket$tipc(0x1e, 0x2, 0x0) 3.168016587s ago: executing program 2 (id=123): socket$nl_route(0x10, 0x3, 0x0) 3.167956661s ago: executing program 4 (id=124): socket$pppoe(0x18, 0x1, 0x0) 3.167909829s ago: executing program 0 (id=125): socket$rxrpc(0x21, 0x2, 0x0) 3.161709465s ago: executing program 2 (id=126): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 3.160367402s ago: executing program 1 (id=127): socket$nl_generic(0x10, 0x3, 0x10) 3.15178113s ago: executing program 0 (id=128): clock_gettime(0x0, &(0x7f0000000000)) 3.102378217s ago: executing program 3 (id=129): poll(&(0x7f0000000000), 0x0, 0x0) 2.44815969s ago: executing program 3 (id=133): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.403035403s ago: executing program 0 (id=131): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.284394959s ago: executing program 4 (id=134): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.116883374s ago: executing program 1 (id=130): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.074032925s ago: executing program 2 (id=132): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.346112755s ago: executing program 3 (id=135): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.263729763s ago: executing program 2 (id=138): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.18379006s ago: executing program 1 (id=139): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 706.228009ms ago: executing program 0 (id=140): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 500.349374ms ago: executing program 2 (id=143): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 500.02042ms ago: executing program 3 (id=141): socket$key(0xf, 0x3, 0x2) 0s ago: executing program 1 (id=142): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.170' (ED25519) to the list of known hosts. [ 56.926801][ T5816] cgroup: Unknown subsys name 'net' [ 57.051442][ T5816] cgroup: Unknown subsys name 'cpuset' [ 57.059033][ T5816] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.386534][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 60.385294][ T5862] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 60.500591][ T5881] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.174950][ T5979] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.194489][ T5979] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.202937][ T5979] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.228136][ T5979] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.242105][ T5979] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 61.249441][ T5979] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.586800][ T5976] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 61.629598][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.637548][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.709375][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.717382][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.844557][ T5996] chnl_net:caif_netlink_parms(): no params data found [ 63.231935][ T5996] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.242910][ T5996] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.259398][ T5996] bridge_slave_0: entered allmulticast mode [ 63.279294][ T5996] bridge_slave_0: entered promiscuous mode [ 63.300642][ T5996] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.307760][ T5996] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.315411][ T5996] bridge_slave_1: entered allmulticast mode [ 63.329246][ T5996] bridge_slave_1: entered promiscuous mode [ 63.419397][ T5996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.443771][ T5996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.543039][ T5996] team0: Port device team_slave_0 added [ 63.552481][ T5996] team0: Port device team_slave_1 added [ 63.709859][ T5996] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.716855][ T5996] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.748507][ T5996] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.116701][ T5996] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.136700][ T5996] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.197932][ T5996] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.426198][ T1156] [ 64.428601][ T1156] ====================================================== [ 64.435622][ T1156] WARNING: possible circular locking dependency detected [ 64.442656][ T1156] 6.13.0-rc7-syzkaller-01542-g59372af69d4d #0 Not tainted [ 64.449775][ T1156] ------------------------------------------------------ [ 64.456793][ T1156] kworker/u8:7/1156 is trying to acquire lock: [ 64.462951][ T1156] ffffffff8fcb4d48 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 64.473351][ T1156] [ 64.473351][ T1156] but task is already holding lock: [ 64.480763][ T1156] ffff888022b20768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 64.491121][ T1156] [ 64.491121][ T1156] which lock already depends on the new lock. [ 64.491121][ T1156] [ 64.501511][ T1156] [ 64.501511][ T1156] the existing dependency chain (in reverse order) is: [ 64.510508][ T1156] [ 64.510508][ T1156] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 64.518239][ T1156] lock_acquire+0x1ed/0x550 [ 64.523262][ T1156] __mutex_lock+0x1ac/0xee0 [ 64.528285][ T1156] wiphy_register+0x1a49/0x27b0 [ 64.533664][ T1156] ieee80211_register_hw+0x354e/0x4240 [ 64.539636][ T1156] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 64.545871][ T1156] init_mac80211_hwsim+0x87a/0xb00 [ 64.551515][ T1156] do_one_initcall+0x248/0x870 [ 64.556797][ T1156] do_initcall_level+0x157/0x210 [ 64.562337][ T1156] do_initcalls+0x3f/0x80 [ 64.567195][ T1156] kernel_init_freeable+0x435/0x5d0 [ 64.572912][ T1156] kernel_init+0x1d/0x2b0 [ 64.577757][ T1156] ret_from_fork+0x4b/0x80 [ 64.582686][ T1156] ret_from_fork_asm+0x1a/0x30 [ 64.587960][ T1156] [ 64.587960][ T1156] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 64.595164][ T1156] validate_chain+0x18ef/0x5920 [ 64.600529][ T1156] __lock_acquire+0x1397/0x2100 [ 64.605887][ T1156] lock_acquire+0x1ed/0x550 [ 64.610902][ T1156] __mutex_lock+0x1ac/0xee0 [ 64.615926][ T1156] unregister_netdevice_many_notify+0xac2/0x2030 [ 64.622873][ T1156] unregister_netdevice_queue+0x303/0x370 [ 64.629109][ T1156] _cfg80211_unregister_wdev+0x163/0x590 [ 64.635346][ T1156] ieee80211_remove_interfaces+0x4ef/0x700 [ 64.641665][ T1156] ieee80211_unregister_hw+0x5d/0x2c0 [ 64.647554][ T1156] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 64.653614][ T1156] hwsim_exit_net+0x5c1/0x670 [ 64.658806][ T1156] cleanup_net+0x812/0xd60 [ 64.663733][ T1156] process_scheduled_works+0xa66/0x1840 [ 64.669788][ T1156] worker_thread+0x870/0xd30 [ 64.674889][ T1156] kthread+0x2f0/0x390 [ 64.679470][ T1156] ret_from_fork+0x4b/0x80 [ 64.684419][ T1156] ret_from_fork_asm+0x1a/0x30 [ 64.689693][ T1156] [ 64.689693][ T1156] other info that might help us debug this: [ 64.689693][ T1156] [ 64.699905][ T1156] Possible unsafe locking scenario: [ 64.699905][ T1156] [ 64.707339][ T1156] CPU0 CPU1 [ 64.712690][ T1156] ---- ---- [ 64.718042][ T1156] lock(&rdev->wiphy.mtx); [ 64.722536][ T1156] lock(rtnl_mutex); [ 64.729030][ T1156] lock(&rdev->wiphy.mtx); [ 64.736071][ T1156] lock(rtnl_mutex); [ 64.740045][ T1156] [ 64.740045][ T1156] *** DEADLOCK *** [ 64.740045][ T1156] [ 64.748179][ T1156] 4 locks held by kworker/u8:7/1156: [ 64.753452][ T1156] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 64.764318][ T1156] #1: ffffc90003e2fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 64.774835][ T1156] #2: ffffffff8fca8790 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 64.784228][ T1156] #3: ffff888022b20768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 64.795036][ T1156] [ 64.795036][ T1156] stack backtrace: [ 64.800928][ T1156] CPU: 0 UID: 0 PID: 1156 Comm: kworker/u8:7 Not tainted 6.13.0-rc7-syzkaller-01542-g59372af69d4d #0 [ 64.811780][ T1156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 64.821827][ T1156] Workqueue: netns cleanup_net [ 64.826596][ T1156] Call Trace: [ 64.829868][ T1156] [ 64.832790][ T1156] dump_stack_lvl+0x241/0x360 [ 64.837462][ T1156] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.842655][ T1156] ? __pfx__printk+0x10/0x10 [ 64.847240][ T1156] print_circular_bug+0x13a/0x1b0 [ 64.852273][ T1156] check_noncircular+0x36a/0x4a0 [ 64.857206][ T1156] ? __pfx_check_noncircular+0x10/0x10 [ 64.862665][ T1156] ? lockdep_lock+0x123/0x2b0 [ 64.867342][ T1156] ? kvm_sched_clock_read+0x11/0x20 [ 64.872541][ T1156] validate_chain+0x18ef/0x5920 [ 64.877393][ T1156] ? __pfx_validate_chain+0x10/0x10 [ 64.882586][ T1156] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 64.888572][ T1156] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.894891][ T1156] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 64.900788][ T1156] ? lockdep_hardirqs_on+0x99/0x150 [ 64.905975][ T1156] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 64.911862][ T1156] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 64.918187][ T1156] ? do_raw_spin_unlock+0x13c/0x8b0 [ 64.923406][ T1156] ? try_to_wake_up+0x959/0x1470 [ 64.928338][ T1156] ? mark_lock+0x9a/0x360 [ 64.932687][ T1156] __lock_acquire+0x1397/0x2100 [ 64.937566][ T1156] lock_acquire+0x1ed/0x550 [ 64.942073][ T1156] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 64.948582][ T1156] ? __pfx_lock_acquire+0x10/0x10 [ 64.953600][ T1156] ? __pfx___might_resched+0x10/0x10 [ 64.958879][ T1156] ? finish_wait+0xd4/0x1e0 [ 64.963397][ T1156] __mutex_lock+0x1ac/0xee0 [ 64.967891][ T1156] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 64.974474][ T1156] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 64.980980][ T1156] ? __pfx___mutex_lock+0x10/0x10 [ 64.985995][ T1156] ? __pfx___might_resched+0x10/0x10 [ 64.991300][ T1156] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 64.997802][ T1156] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 65.004298][ T1156] unregister_netdevice_many_notify+0xac2/0x2030 [ 65.010619][ T1156] ? mark_lock+0x9a/0x360 [ 65.014944][ T1156] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 65.021705][ T1156] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 65.027415][ T1156] ? __pfx_lock_release+0x10/0x10 [ 65.032447][ T1156] unregister_netdevice_queue+0x303/0x370 [ 65.038160][ T1156] ? __pfx_up_write+0x10/0x10 [ 65.042828][ T1156] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 65.049069][ T1156] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 65.054780][ T1156] _cfg80211_unregister_wdev+0x163/0x590 [ 65.060410][ T1156] ieee80211_remove_interfaces+0x4ef/0x700 [ 65.066216][ T1156] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 65.072539][ T1156] ? rcu_is_watching+0x15/0xb0 [ 65.077299][ T1156] ieee80211_unregister_hw+0x5d/0x2c0 [ 65.082665][ T1156] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 65.088229][ T1156] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 65.094291][ T1156] hwsim_exit_net+0x5c1/0x670 [ 65.098963][ T1156] ? __pfx_hwsim_exit_net+0x10/0x10 [ 65.104153][ T1156] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 65.109957][ T1156] cleanup_net+0x812/0xd60 [ 65.114373][ T1156] ? __pfx_cleanup_net+0x10/0x10 [ 65.119303][ T1156] ? process_scheduled_works+0x976/0x1840 [ 65.125009][ T1156] process_scheduled_works+0xa66/0x1840 [ 65.130573][ T1156] ? __pfx_process_scheduled_works+0x10/0x10 [ 65.136579][ T1156] ? assign_work+0x364/0x3d0 [ 65.141181][ T1156] worker_thread+0x870/0xd30 [ 65.145804][ T1156] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 65.151696][ T1156] ? __kthread_parkme+0x169/0x1d0 [ 65.156716][ T1156] ? __pfx_worker_thread+0x10/0x10 [ 65.161815][ T1156] kthread+0x2f0/0x390 [ 65.165876][ T1156] ? __pfx_worker_thread+0x10/0x10 [ 65.170978][ T1156] ? __pfx_kthread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 65.175560][ T1156] ret_from_fork+0x4b/0x80 [ 65.179974][ T1156] ? __pfx_kthread+0x10/0x10 [ 65.184555][ T1156] ret_from_fork_asm+0x1a/0x30 [ 65.189312][ T1156] [ 65.572351][ T1156] bridge_slave_1: left allmulticast mode [ 65.578074][ T1156] bridge_slave_1: left promiscuous mode [ 65.583711][ T1156] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.591848][ T1156] bridge_slave_0: left allmulticast mode [ 65.597483][ T1156] bridge_slave_0: left promiscuous mode [ 65.603241][ T1156] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.730934][ T1156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 65.740622][ T1156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 65.750008][ T1156] bond0 (unregistering): Released all slaves [ 65.841116][ T1156] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 65.849214][ T1156] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 65.870477][ T1156] team0 (unregistering): Port device team_slave_1 removed [ 65.886574][ T1156] team0 (unregistering): Port device team_slave_0 removed [ 71.639480][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.645774][ T1297] ieee802154 phy1 wpan1: encryption failed: -22