netdevsim netdevsi netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 BUG: MAX_LOCKDEP_CHAINS too low! turning off the locking correctness validator. CPU: 0 UID: 0 PID: 41 Comm: kworker/u8:2 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: netns cleanup_net Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 add_chain_cache kernel/locking/lockdep.c:-1 [inline] lookup_chain_cache_add kernel/locking/lockdep.c:3855 [inline] validate_chain kernel/locking/lockdep.c:3876 [inline] __lock_acquire+0xf9c/0x30a4 kernel/locking/lockdep.c:5237 lock_acquire+0x140/0x2e0 kernel/locking/lockdep.c:5868 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x48/0x60 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] kernfs_put+0x138/0x480 fs/kernfs/dir.c:587 sysfs_put include/linux/sysfs.h:808 [inline] __kobject_del+0xf0/0x2f8 lib/kobject.c:605 kobject_cleanup lib/kobject.c:680 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x2e0/0x4f4 lib/kobject.c:737 net_rx_queue_update_kobjects+0x5c4/0x690 net/core/net-sysfs.c:1338 remove_queue_kobjects net/core/net-sysfs.c:2169 [inline] netdev_unregister_kobject+0xf0/0x3bc net/core/net-sysfs.c:2325 unregister_netdevice_many_notify+0x19fc/0x2110 net/core/dev.c:12416 unregister_netdevice_many net/core/dev.c:12444 [inline] unregister_netdevice_queue+0x26c/0x2fc net/core/dev.c:12258 unregister_netdevice include/linux/netdevice.h:3405 [inline] nsim_destroy+0x1c8/0x600 drivers/net/netdevsim/netdev.c:1180 __nsim_dev_port_del+0x13c/0x19c drivers/net/netdevsim/dev.c:1528 nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1540 [inline] nsim_dev_reload_destroy+0x240/0x43c drivers/net/netdevsim/dev.c:1763 nsim_dev_reload_down+0x9c/0xd4 drivers/net/netdevsim/dev.c:1038 devlink_reload+0x184/0x750 net/devlink/dev.c:461 devlink_pernet_pre_exit+0x184/0x380 net/devlink/core.c:509 ops_pre_exit_list net/core/net_namespace.c:161 [inline] ops_undo_list+0x154/0x7ec net/core/net_namespace.c:234 cleanup_net+0x3fc/0x638 net/core/net_namespace.c:696 process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x958/0xed8 kernel/workqueue.c:3421 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bond0 (unregistering): (slave wlan1): Releasing backup interface ================================================================== BUG: KASAN: slab-out-of-bounds in ieee80211_add_virtual_monitor+0xa24/0xe1c net/mac80211/iface.c:1255 Read of size 1 at addr ffff0000e8173d90 by task kworker/u8:2/41 CPU: 0 UID: 0 PID: 41 Comm: kworker/u8:2 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: netns cleanup_net Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 print_address_description+0xa8/0x238 mm/kasan/report.c:378 print_report+0x68/0x84 mm/kasan/report.c:482 kasan_report+0xb0/0x110 mm/kasan/report.c:595 __asan_report_load1_noabort+0x20/0x2c mm/kasan/report_generic.c:378 ieee80211_add_virtual_monitor+0xa24/0xe1c net/mac80211/iface.c:1255 ieee80211_do_stop+0x13a4/0x1a84 net/mac80211/iface.c:746 ieee80211_stop+0x1ac/0x220 net/mac80211/iface.c:828 __dev_close_many+0x3a8/0x704 net/core/dev.c:1756 netif_close_many+0x1e8/0x448 net/core/dev.c:1781 netif_close+0x148/0x1f8 net/core/dev.c:1798 dev_close+0xf8/0x1e4 net/core/dev_api.c:220 __bond_release_one+0x98c/0xe00 drivers/net/bonding/bond_main.c:2472 bond_uninit+0x264/0x3c4 drivers/net/bonding/bond_main.c:5954 unregister_netdevice_many_notify+0x1914/0x2110 net/core/dev.c:12402 unregister_netdevice_many+0x28/0x38 net/core/dev.c:12444 ops_exit_rtnl_list net/core/net_namespace.c:187 [inline] ops_undo_list+0x32c/0x7ec net/core/net_namespace.c:248 cleanup_net+0x3fc/0x638 net/core/net_namespace.c:696 process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x958/0xed8 kernel/workqueue.c:3421 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x128170 head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 memcg:ffff0000ceba4082 flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) page_type: f8(unknown) raw: 05ffc00000000040 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000f8000000 ffff0000ceba4082 head: 05ffc00000000040 0000000000000000 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000f8000000 ffff0000ceba4082 head: 05ffc00000000002 fffffdffc3a05c01 00000000ffffffff 00000000ffffffff head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000e8173c80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ffff0000e8173d00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe >ffff0000e8173d80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ ffff0000e8173e00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ffff0000e8173e80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ================================================================== bond0 (unregistering): Released all slaves bond1 (unregistering): Released all slaves bond2 (unregistering): Released all slaves bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): Released all slaves tipc: Left network mode hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bridge_slave_1: left allmulticast mode bridge_slave_1: left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state bridge_slave_0: left allmulticast mode bridge_slave_0: left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): Released all slaves bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): Released all slaves bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): Released all slaves bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): (slave batadv0): Releasing backup interface bond0 (unregistering): Released all slaves bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): Released all slaves : left promiscuous mode tipc: Disabling bearer tipc: Disabling bearer tipc: Left network mode hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_1 hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_1 hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 hsr_slave_0: left promiscuous mode hsr_slave_1: left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode veth1_macvtap: left promiscuous mode veth0_macvtap: left promiscuous mode veth1_vlan: left promiscuous mode veth0_vlan: left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed IPVS: stop unused estimator thread 0...