netlink: 40 bytes leftover after parsing attributes in process `syz-executor391'.
mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
team0: Port device wlan0 added
======================================================
WARNING: possible circular locking dependency detected
6.8.0-rc7-syzkaller-g707081b61156 #0 Not tainted
------------------------------------------------------
syz-executor391/6163 is trying to acquire lock:
ffff0000d6950d20 (team->team_lock_key){+.+.}-{3:3}, at: team_del_slave+0x38/0x1a4 drivers/net/team/team.c:1989

but task is already holding lock:
ffff0000d8398768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_del_interface+0x104/0x12c net/wireless/nl80211.c:4388

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}:
       __mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:608
       __mutex_lock kernel/locking/mutex.c:752 [inline]
       mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:804
       wiphy_lock include/net/cfg80211.h:5932 [inline]
       ieee80211_open+0xe4/0x1e4 net/mac80211/iface.c:449
       __dev_open+0x32c/0x500 net/core/dev.c:1446
       dev_open+0xa8/0x248 net/core/dev.c:1482
       team_port_add drivers/net/team/team.c:1215 [inline]
       team_add_slave+0x7b0/0x2368 drivers/net/team/team.c:1975
       do_set_master net/core/rtnetlink.c:2707 [inline]
       do_setlink+0xc30/0x3794 net/core/rtnetlink.c:2913
       rtnl_setlink+0x3ac/0x49c net/core/rtnetlink.c:3209
       rtnetlink_rcv_msg+0x748/0xdbc net/core/rtnetlink.c:6617
       netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2543
       rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6635
       netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
       netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1367
       netlink_sendmsg+0x83c/0xb20 net/netlink/af_netlink.c:1908
       sock_sendmsg_nosec net/socket.c:730 [inline]
       __sock_sendmsg net/socket.c:745 [inline]
       ____sys_sendmsg+0x56c/0x840 net/socket.c:2584
       ___sys_sendmsg net/socket.c:2638 [inline]
       __sys_sendmsg+0x26c/0x33c net/socket.c:2667
       __do_sys_sendmsg net/socket.c:2676 [inline]
       __se_sys_sendmsg net/socket.c:2674 [inline]
       __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674
       __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
       el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
       do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
       el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

-> #0 (team->team_lock_key){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3869 [inline]
       __lock_acquire+0x3384/0x763c kernel/locking/lockdep.c:5137
       lock_acquire+0x23c/0x71c kernel/locking/lockdep.c:5754
       __mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:608
       __mutex_lock kernel/locking/mutex.c:752 [inline]
       mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:804
       team_del_slave+0x38/0x1a4 drivers/net/team/team.c:1989
       team_device_event+0x25c/0x4cc drivers/net/team/team.c:3031
       notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93
       raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461
       call_netdevice_notifiers_info net/core/dev.c:1966 [inline]
       call_netdevice_notifiers_extack net/core/dev.c:2004 [inline]
       call_netdevice_notifiers net/core/dev.c:2018 [inline]
       unregister_netdevice_many_notify+0xd4c/0x17b8 net/core/dev.c:11083
       unregister_netdevice_many net/core/dev.c:11139 [inline]
       unregister_netdevice_queue+0x2d8/0x324 net/core/dev.c:11019
       unregister_netdevice include/linux/netdevice.h:3195 [inline]
       _cfg80211_unregister_wdev+0x164/0x6c4 net/wireless/core.c:1206
       cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1261
       ieee80211_if_remove+0x23c/0x37c net/mac80211/iface.c:2226
       ieee80211_del_iface+0x20/0x34 net/mac80211/cfg.c:202
       rdev_del_virtual_intf net/wireless/rdev-ops.h:62 [inline]
       cfg80211_remove_virtual_intf+0x244/0x710 net/wireless/util.c:2765
       nl80211_del_interface+0x110/0x12c net/wireless/nl80211.c:4390
       genl_family_rcv_msg_doit net/netlink/genetlink.c:1113 [inline]
       genl_family_rcv_msg net/netlink/genetlink.c:1193 [inline]
       genl_rcv_msg+0x874/0xb6c net/netlink/genetlink.c:1208
       netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2543
       genl_rcv+0x38/0x50 net/netlink/genetlink.c:1217
       netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
       netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1367
       netlink_sendmsg+0x83c/0xb20 net/netlink/af_netlink.c:1908
       sock_sendmsg_nosec net/socket.c:730 [inline]
       __sock_sendmsg net/socket.c:745 [inline]
       ____sys_sendmsg+0x56c/0x840 net/socket.c:2584
       ___sys_sendmsg net/socket.c:2638 [inline]
       __sys_sendmsg+0x26c/0x33c net/socket.c:2667
       __do_sys_sendmsg net/socket.c:2676 [inline]
       __se_sys_sendmsg net/socket.c:2674 [inline]
       __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674
       __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
       el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
       do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
       el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&rdev->wiphy.mtx);
                               lock(team->team_lock_key);
                               lock(&rdev->wiphy.mtx);
  lock(team->team_lock_key);

 *** DEADLOCK ***

3 locks held by syz-executor391/6163:
 #0: ffff8000919aea50 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 net/netlink/genetlink.c:1216
 #1: ffff80009194f2e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:79
 #2: ffff0000d8398768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_del_interface+0x104/0x12c net/wireless/nl80211.c:4388

stack backtrace:
CPU: 1 PID: 6163 Comm: syz-executor391 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 dump_stack+0x1c/0x28 lib/dump_stack.c:113
 print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2060
 check_noncircular+0x310/0x404 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3869 [inline]
 __lock_acquire+0x3384/0x763c kernel/locking/lockdep.c:5137
 lock_acquire+0x23c/0x71c kernel/locking/lockdep.c:5754
 __mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:608
 __mutex_lock kernel/locking/mutex.c:752 [inline]
 mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:804
 team_del_slave+0x38/0x1a4 drivers/net/team/team.c:1989
 team_device_event+0x25c/0x4cc drivers/net/team/team.c:3031
 notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93
 raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461
 call_netdevice_notifiers_info net/core/dev.c:1966 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:2004 [inline]
 call_netdevice_notifiers net/core/dev.c:2018 [inline]
 unregister_netdevice_many_notify+0xd4c/0x17b8 net/core/dev.c:11083
 unregister_netdevice_many net/core/dev.c:11139 [inline]
 unregister_netdevice_queue+0x2d8/0x324 net/core/dev.c:11019
 unregister_netdevice include/linux/netdevice.h:3195 [inline]
 _cfg80211_unregister_wdev+0x164/0x6c4 net/wireless/core.c:1206
 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1261
 ieee80211_if_remove+0x23c/0x37c net/mac80211/iface.c:2226
 ieee80211_del_iface+0x20/0x34 net/mac80211/cfg.c:202
 rdev_del_virtual_intf net/wireless/rdev-ops.h:62 [inline]
 cfg80211_remove_virtual_intf+0x244/0x710 net/wireless/util.c:2765
 nl80211_del_interface+0x110/0x12c net/wireless/nl80211.c:4390
 genl_family_rcv_msg_doit net/netlink/genetlink.c:1113 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:1193 [inline]
 genl_rcv_msg+0x874/0xb6c net/netlink/genetlink.c:1208
 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2543
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1217
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0x83c/0xb20 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x56c/0x840 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x26c/0x33c net/socket.c:2667
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
team0: Port device wlan0 removed