netlink: 40 bytes leftover after parsing attributes in process `syz-executor348'.
team0: Port device wlan0 added
======================================================
WARNING: possible circular locking dependency detected
6.1.123-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor348/4301 is trying to acquire lock:
ffff0000cb19cd00 (team->team_lock_key){+.+.}-{3:3}, at: team_del_slave+0x38/0x1a8 drivers/net/team/team.c:2002

but task is already holding lock:
ffff0000dae987c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_del_interface+0x104/0x12c net/wireless/nl80211.c:4363

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}:
       __mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:603
       __mutex_lock kernel/locking/mutex.c:747 [inline]
       mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
       wiphy_lock include/net/cfg80211.h:5639 [inline]
       ieee80211_open+0x13c/0x1e0 net/mac80211/iface.c:458
       __dev_open+0x328/0x4fc net/core/dev.c:1457
       dev_open+0xa8/0x23c net/core/dev.c:1493
       team_port_add drivers/net/team/team.c:1218 [inline]
       team_add_slave+0x704/0x1f78 drivers/net/team/team.c:1988
       do_set_master net/core/rtnetlink.c:2627 [inline]
       do_setlink+0xc14/0x3318 net/core/rtnetlink.c:2837
       rtnl_setlink+0x37c/0x464 net/core/rtnetlink.c:3121
       rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6150
       netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2493
       rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6168
       netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline]
       netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1337
       netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1859
       sock_sendmsg_nosec net/socket.c:718 [inline]
       __sock_sendmsg net/socket.c:730 [inline]
       ____sys_sendmsg+0x55c/0x848 net/socket.c:2519
       ___sys_sendmsg net/socket.c:2573 [inline]
       __sys_sendmsg+0x26c/0x33c net/socket.c:2602
       __do_sys_sendmsg net/socket.c:2611 [inline]
       __se_sys_sendmsg net/socket.c:2609 [inline]
       __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
       el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

-> #0 (team->team_lock_key){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3090 [inline]
       check_prevs_add kernel/locking/lockdep.c:3209 [inline]
       validate_chain kernel/locking/lockdep.c:3825 [inline]
       __lock_acquire+0x3338/0x7680 kernel/locking/lockdep.c:5049
       lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
       __mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:603
       __mutex_lock kernel/locking/mutex.c:747 [inline]
       mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
       team_del_slave+0x38/0x1a8 drivers/net/team/team.c:2002
       team_device_event+0x260/0x4d0 drivers/net/team/team.c:3045
       notifier_call_chain kernel/notifier.c:87 [inline]
       raw_notifier_call_chain+0xd4/0x164 kernel/notifier.c:455
       call_netdevice_notifiers_info net/core/dev.c:1970 [inline]
       call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
       call_netdevice_notifiers net/core/dev.c:2022 [inline]
       unregister_netdevice_many+0xe44/0x175c net/core/dev.c:10945
       unregister_netdevice_queue+0x2d0/0x31c net/core/dev.c:10876
       unregister_netdevice include/linux/netdevice.h:3067 [inline]
       _cfg80211_unregister_wdev+0x16c/0x6e0 net/wireless/core.c:1205
       cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1261
       ieee80211_if_remove+0x1a4/0x2a8 net/mac80211/iface.c:2327
       ieee80211_del_iface+0x20/0x34 net/mac80211/cfg.c:202
       rdev_del_virtual_intf net/wireless/rdev-ops.h:62 [inline]
       cfg80211_remove_virtual_intf+0x280/0x548 net/wireless/util.c:2584
       nl80211_del_interface+0x110/0x12c net/wireless/nl80211.c:4365
       genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline]
       genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
       genl_rcv_msg+0x948/0xc2c net/netlink/genetlink.c:850
       netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2493
       genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
       netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline]
       netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1337
       netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1859
       sock_sendmsg_nosec net/socket.c:718 [inline]
       __sock_sendmsg net/socket.c:730 [inline]
       ____sys_sendmsg+0x55c/0x848 net/socket.c:2519
       ___sys_sendmsg net/socket.c:2573 [inline]
       __sys_sendmsg+0x26c/0x33c net/socket.c:2602
       __do_sys_sendmsg net/socket.c:2611 [inline]
       __se_sys_sendmsg net/socket.c:2609 [inline]
       __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
       do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
       el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&rdev->wiphy.mtx);
                               lock(team->team_lock_key);
                               lock(&rdev->wiphy.mtx);
  lock(team->team_lock_key);

 *** DEADLOCK ***

3 locks held by syz-executor348/4301:
 #0: ffff80001811f250 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 net/netlink/genetlink.c:860
 #1: ffff8000180c4608 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:74
 #2: ffff0000dae987c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_del_interface+0x104/0x12c net/wireless/nl80211.c:4363

stack backtrace:
CPU: 0 PID: 4301 Comm: syz-executor348 Not tainted 6.1.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2048
 check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2170
 check_prev_add kernel/locking/lockdep.c:3090 [inline]
 check_prevs_add kernel/locking/lockdep.c:3209 [inline]
 validate_chain kernel/locking/lockdep.c:3825 [inline]
 __lock_acquire+0x3338/0x7680 kernel/locking/lockdep.c:5049
 lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
 __mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:603
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 team_del_slave+0x38/0x1a8 drivers/net/team/team.c:2002
 team_device_event+0x260/0x4d0 drivers/net/team/team.c:3045
 notifier_call_chain kernel/notifier.c:87 [inline]
 raw_notifier_call_chain+0xd4/0x164 kernel/notifier.c:455
 call_netdevice_notifiers_info net/core/dev.c:1970 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
 call_netdevice_notifiers net/core/dev.c:2022 [inline]
 unregister_netdevice_many+0xe44/0x175c net/core/dev.c:10945
 unregister_netdevice_queue+0x2d0/0x31c net/core/dev.c:10876
 unregister_netdevice include/linux/netdevice.h:3067 [inline]
 _cfg80211_unregister_wdev+0x16c/0x6e0 net/wireless/core.c:1205
 cfg80211_unregister_wdev+0x24/0x34 net/wireless/core.c:1261
 ieee80211_if_remove+0x1a4/0x2a8 net/mac80211/iface.c:2327
 ieee80211_del_iface+0x20/0x34 net/mac80211/cfg.c:202
 rdev_del_virtual_intf net/wireless/rdev-ops.h:62 [inline]
 cfg80211_remove_virtual_intf+0x280/0x548 net/wireless/util.c:2584
 nl80211_del_interface+0x110/0x12c net/wireless/nl80211.c:4365
 genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
 genl_rcv_msg+0x948/0xc2c net/netlink/genetlink.c:850
 netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2493
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline]
 netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1337
 netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1859
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg net/socket.c:730 [inline]
 ____sys_sendmsg+0x55c/0x848 net/socket.c:2519
 ___sys_sendmsg net/socket.c:2573 [inline]
 __sys_sendmsg+0x26c/0x33c net/socket.c:2602
 __do_sys_sendmsg net/socket.c:2611 [inline]
 __se_sys_sendmsg net/socket.c:2609 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
team0: Port device wlan0 removed