possible deadlock in ieee80211_remove_interfaces
======================================================
WARNING: possible circular locking dependency detected
6.13.0-syzkaller-05004-gf9f03a0a6d2d #0 Not tainted
------------------------------------------------------
kworker/u8:2/35 is trying to acquire lock:
ffffffff8fcc1608 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
ffffffff8fcc1608 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
but task is already holding lock:
ffff888024818768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
ffff888024818768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
wiphy_lock include/net/cfg80211.h:6046 [inline]
wiphy_register+0x1a49/0x27b0 net/wireless/core.c:1006
ieee80211_register_hw+0x354e/0x4240 net/mac80211/main.c:1587
mac80211_hwsim_new_radio+0x2a9f/0x4a90 drivers/net/wireless/virtual/mac80211_hwsim.c:5558
init_mac80211_hwsim+0x87a/0xb00 drivers/net/wireless/virtual/mac80211_hwsim.c:6910
do_one_initcall+0x248/0x870 init/main.c:1267
do_initcall_level+0x157/0x210 init/main.c:1329
do_initcalls+0x3f/0x80 init/main.c:1345
kernel_init_freeable+0x435/0x5d0 init/main.c:1578
kernel_init+0x1d/0x2b0 init/main.c:1467
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
*** DEADLOCK ***
4 locks held by kworker/u8:2/35:
#0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
#0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
#1: ffffc90000ab7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
#1: ffffc90000ab7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
#2: ffffffff8fcb5050 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606
#3: ffff888024818768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
#3: ffff888024818768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
stack backtrace:
CPU: 1 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.13.0-syzkaller-05004-gf9f03a0a6d2d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Warning: Permanently added '10.128.1.25' (ED25519) to the list of known hosts.
2025/01/27 00:50:27 ignoring optional flag "sandboxArg"="0"
2025/01/27 00:50:28 parsed 1 programs
[ 65.340081][ T5830] cgroup: Unknown subsys name 'net'
[ 65.479498][ T5830] cgroup: Unknown subsys name 'cpuset'
[ 65.487364][ T5830] cgroup: Unknown subsys name 'rlimit'
[ 66.761878][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 69.219369][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 70.669480][ T5871] chnl_net:caif_netlink_parms(): no params data found
[ 70.719496][ T5871] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.727491][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state
[ 70.734724][ T5871] bridge_slave_0: entered allmulticast mode
[ 70.742137][ T5871] bridge_slave_0: entered promiscuous mode
[ 70.751367][ T5871] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.759740][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state
[ 70.767529][ T5871] bridge_slave_1: entered allmulticast mode
[ 70.774138][ T5871] bridge_slave_1: entered promiscuous mode
[ 70.801596][ T5871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 70.813682][ T5871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 70.841712][ T5871] team0: Port device team_slave_0 added
[ 70.850802][ T5871] team0: Port device team_slave_1 added
[ 70.869338][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 70.876656][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.902713][ T5871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.915193][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.922216][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.948131][ T5871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.978802][ T5871] hsr_slave_0: entered promiscuous mode
[ 70.984936][ T5871] hsr_slave_1: entered promiscuous mode
[ 71.073284][ T5871] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 71.083854][ T5871] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 71.093018][ T5871] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 71.103158][ T5871] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 71.125708][ T5871] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.132942][ T5871] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.140997][ T5871] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.148172][ T5871] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.194141][ T5871] 8021q: adding VLAN 0 to HW filter on device bond0
[ 71.211720][ T64] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.220571][ T64] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.236011][ T5871] 8021q: adding VLAN 0 to HW filter on device team0
[ 71.249053][ T52] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.256330][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.271801][ T35] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.278909][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.395818][ T5871] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 71.428850][ T5871] veth0_vlan: entered promiscuous mode
[ 71.438823][ T5871] veth1_vlan: entered promiscuous mode
[ 71.462033][ T5871] veth0_macvtap: entered promiscuous mode
[ 71.470790][ T5871] veth1_macvtap: entered promiscuous mode
[ 71.487763][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 71.502283][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 71.513038][ T5871] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.522086][ T5871] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.531782][ T5871] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.542063][ T5871] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.649657][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 71.722875][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.730567][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.751505][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 71.819726][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 71.926858][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 72.328803][ T5908] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.337431][ T5908] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.345085][ T5908] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.353347][ T5908] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.361121][ T5908] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 72.368718][ T5908] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.541754][ T2138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.550120][ T2138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 72.571744][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.579928][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/01/27 00:50:37 executed programs: 0
[ 73.103905][ T5146] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 73.112690][ T5146] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 73.120976][ T5146] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 73.130296][ T5146] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 73.139451][ T5146] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 73.147020][ T5146] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 73.245979][ T5926] chnl_net:caif_netlink_parms(): no params data found
[ 73.295823][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.303364][ T5926] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.311006][ T5926] bridge_slave_0: entered allmulticast mode
[ 73.318706][ T5926] bridge_slave_0: entered promiscuous mode
[ 73.329501][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.336833][ T5926] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.344050][ T5926] bridge_slave_1: entered allmulticast mode
[ 73.351358][ T5926] bridge_slave_1: entered promiscuous mode
[ 73.373044][ T5926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.384796][ T5926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.410093][ T5926] team0: Port device team_slave_0 added
[ 73.417444][ T5926] team0: Port device team_slave_1 added
[ 73.436542][ T5926] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.443593][ T5926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.470668][ T5926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.483141][ T5926] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.490301][ T5926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.516398][ T5926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.547538][ T5926] hsr_slave_0: entered promiscuous mode
[ 73.553624][ T5926] hsr_slave_1: entered promiscuous mode
[ 73.560179][ T5926] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 73.568403][ T5926] Cannot create hsr debugfs directory
[ 74.492644][ T35] bridge_slave_1: left allmulticast mode
[ 74.499598][ T35] bridge_slave_1: left promiscuous mode
[ 74.505939][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.518880][ T35] bridge_slave_0: left allmulticast mode
[ 74.524541][ T35] bridge_slave_0: left promiscuous mode
[ 74.531763][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.874290][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 74.886367][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 74.898046][ T35] bond0 (unregistering): Released all slaves
[ 75.056356][ T35] hsr_slave_0: left promiscuous mode
[ 75.065608][ T35] hsr_slave_1: left promiscuous mode
[ 75.079599][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 75.089754][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 75.099987][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 75.108687][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 75.128973][ T35] veth1_macvtap: left promiscuous mode
[ 75.134880][ T35] veth0_macvtap: left promiscuous mode
[ 75.141652][ T35] veth1_vlan: left promiscuous mode
[ 75.147397][ T35] veth0_vlan: left promiscuous mode
[ 75.238401][ T5146] Bluetooth: hci0: command tx timeout
[ 75.501372][ T35] team0 (unregistering): Port device team_slave_1 removed
[ 75.531365][ T35] team0 (unregistering): Port device team_slave_0 removed
[ 75.801687][ T5926] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 75.828399][ T5926] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 75.839350][ T5926] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 75.852374][ T5926] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 75.969536][ T5926] 8021q: adding VLAN 0 to HW filter on device bond0
[ 76.001716][ T5926] 8021q: adding VLAN 0 to HW filter on device team0
[ 76.034584][ T64] bridge0: port 1(bridge_slave_0) entered blocking state
[ 76.041817][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 76.054809][ T64] bridge0: port 2(bridge_slave_1) entered blocking state
[ 76.062023][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 76.550349][ T35]
[ 76.552725][ T35] ======================================================
[ 76.559783][ T35] WARNING: possible circular locking dependency detected
[ 76.566817][ T35] 6.13.0-syzkaller-05004-gf9f03a0a6d2d #0 Not tainted
[ 76.573583][ T35] ------------------------------------------------------
[ 76.580602][ T35] kworker/u8:2/35 is trying to acquire lock:
[ 76.586570][ T35] ffffffff8fcc1608 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030
[ 76.596933][ T35]
[ 76.596933][ T35] but task is already holding lock:
[ 76.604287][ T35] ffff888024818768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 76.614982][ T35]
[ 76.614982][ T35] which lock already depends on the new lock.
[ 76.614982][ T35]
[ 76.625378][ T35]
[ 76.625378][ T35] the existing dependency chain (in reverse order) is:
[ 76.634897][ T35]
[ 76.634897][ T35] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 76.642620][ T35] lock_acquire+0x1ed/0x550
[ 76.647897][ T35] __mutex_lock+0x19c/0x1010
[ 76.653087][ T35] wiphy_register+0x1a49/0x27b0
[ 76.658457][ T35] ieee80211_register_hw+0x354e/0x4240
[ 76.664427][ T35] mac80211_hwsim_new_radio+0x2a9f/0x4a90
[ 76.670655][ T35] init_mac80211_hwsim+0x87a/0xb00
[ 76.676273][ T35] do_one_initcall+0x248/0x870
[ 76.681546][ T35] do_initcall_level+0x157/0x210
[ 76.687131][ T35] do_initcalls+0x3f/0x80
[ 76.691965][ T35] kernel_init_freeable+0x435/0x5d0
[ 76.697671][ T35] kernel_init+0x1d/0x2b0
[ 76.702506][ T35] ret_from_fork+0x4b/0x80
[ 76.707436][ T35] ret_from_fork_asm+0x1a/0x30
[ 76.712966][ T35]
[ 76.712966][ T35] -> #0 (rtnl_mutex){+.+.}-{4:4}:
[ 76.720168][ T35] validate_chain+0x18ef/0x5920
[ 76.725528][ T35] __lock_acquire+0x1397/0x2100
[ 76.730914][ T35] lock_acquire+0x1ed/0x550
[ 76.735926][ T35] __mutex_lock+0x19c/0x1010
[ 76.741024][ T35] unregister_netdevice_many_notify+0xac2/0x2030
[ 76.747864][ T35] unregister_netdevice_queue+0x303/0x370
[ 76.754096][ T35] _cfg80211_unregister_wdev+0x163/0x590
[ 76.760256][ T35] ieee80211_remove_interfaces+0x4ef/0x700
[ 76.766583][ T35] ieee80211_unregister_hw+0x5d/0x2c0
[ 76.772468][ T35] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 76.778520][ T35] hwsim_exit_net+0x5c1/0x670
[ 76.783702][ T35] cleanup_net+0x812/0xd60
[ 76.788633][ T35] process_scheduled_works+0xa66/0x1840
[ 76.794690][ T35] worker_thread+0x870/0xd30
[ 76.799787][ T35] kthread+0x7a9/0x920
[ 76.804362][ T35] ret_from_fork+0x4b/0x80
[ 76.809289][ T35] ret_from_fork_asm+0x1a/0x30
[ 76.814560][ T35]
[ 76.814560][ T35] other info that might help us debug this:
[ 76.814560][ T35]
[ 76.824778][ T35] Possible unsafe locking scenario:
[ 76.824778][ T35]
[ 76.832213][ T35] CPU0 CPU1
[ 76.837570][ T35] ---- ----
[ 76.842917][ T35] lock(&rdev->wiphy.mtx);
[ 76.847411][ T35] lock(rtnl_mutex);
[ 76.853926][ T35] lock(&rdev->wiphy.mtx);
[ 76.861029][ T35] lock(rtnl_mutex);
[ 76.865013][ T35]
[ 76.865013][ T35] *** DEADLOCK ***
[ 76.865013][ T35]
[ 76.873140][ T35] 4 locks held by kworker/u8:2/35:
[ 76.878234][ T35] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[ 76.889140][ T35] #1: ffffc90000ab7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[ 76.899677][ T35] #2: ffffffff8fcb5050 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60
[ 76.909070][ T35] #3: ffff888024818768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 76.919874][ T35]
[ 76.919874][ T35] stack backtrace:
[ 76.925773][ T35] CPU: 1 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.13.0-syzkaller-05004-gf9f03a0a6d2d #0
[ 76.925789][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 76.925799][ T35] Workqueue: netns cleanup_net
[ 76.925828][ T35] Call Trace:
[ 76.925840][ T35]
[ 76.925847][ T35] dump_stack_lvl+0x241/0x360
[ 76.925868][ T35] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.925885][ T35] ? __pfx__printk+0x10/0x10
[ 76.925904][ T35] print_circular_bug+0x13a/0x1b0
[ 76.925925][ T35] check_noncircular+0x36a/0x4a0
[ 76.925944][ T35] ? __pfx_check_noncircular+0x10/0x10
[ 76.925961][ T35] ? lockdep_lock+0x123/0x2b0
[ 76.925975][ T35] ? kvm_sched_clock_read+0x11/0x20
[ 76.925993][ T35] ? psi_task_change+0xed/0x270
[ 76.926010][ T35] ? sched_clock_cpu+0x76/0x490
[ 76.926028][ T35] validate_chain+0x18ef/0x5920
[ 76.926051][ T35] ? __pfx_validate_chain+0x10/0x10
[ 76.926068][ T35] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 76.926084][ T35] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 76.926101][ T35] ? lockdep_hardirqs_on+0x99/0x150
[ 76.926119][ T35] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 76.926134][ T35] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 76.926150][ T35] ? do_raw_spin_unlock+0x13c/0x8b0
[ 76.926164][ T35] ? try_to_wake_up+0x959/0x1470
[ 76.926180][ T35] ? mark_lock+0x9a/0x360
[ 76.926194][ T35] ? __pfx_try_to_wake_up+0x10/0x10
[ 76.926209][ T35] __lock_acquire+0x1397/0x2100
[ 76.926228][ T35] lock_acquire+0x1ed/0x550
[ 76.926240][ T35] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 76.926258][ T35] ? __pfx_lock_acquire+0x10/0x10
[ 76.926273][ T35] ? __pfx___might_resched+0x10/0x10
[ 76.926285][ T35] ? finish_wait+0xd4/0x1e0
[ 76.926300][ T35] __mutex_lock+0x19c/0x1010
[ 76.926317][ T35] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 76.926336][ T35] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 76.926351][ T35] ? __pfx___mutex_lock+0x10/0x10
[ 76.926368][ T35] ? __pfx___might_resched+0x10/0x10
[ 76.926381][ T35] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 76.926397][ T35] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 76.926413][ T35] unregister_netdevice_many_notify+0xac2/0x2030
[ 76.926428][ T35] ? mark_lock+0x9a/0x360
[ 76.926446][ T35] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 76.926462][ T35] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 76.926479][ T35] ? __pfx_lock_release+0x10/0x10
[ 76.926498][ T35] unregister_netdevice_queue+0x303/0x370
[ 76.926512][ T35] ? __pfx_up_write+0x10/0x10
[ 76.926529][ T35] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 76.926545][ T35] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 76.926562][ T35] _cfg80211_unregister_wdev+0x163/0x590
[ 76.926581][ T35] ieee80211_remove_interfaces+0x4ef/0x700
[ 76.926598][ T35] ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 76.926612][ T35] ? rcu_is_watching+0x15/0xb0
[ 76.926631][ T35] ieee80211_unregister_hw+0x5d/0x2c0
[ 76.926651][ T35] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 76.926667][ T35] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 76.926684][ T35] hwsim_exit_net+0x5c1/0x670
[ 76.926697][ T35] ? __pfx_hwsim_exit_net+0x10/0x10
[ 76.926710][ T35] ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 76.926730][ T35] cleanup_net+0x812/0xd60
[ 76.926749][ T35] ? __pfx_cleanup_net+0x10/0x10
[ 76.926770][ T35] ? process_scheduled_works+0x976/0x1840
[ 76.926790][ T35] process_scheduled_works+0xa66/0x1840
[ 76.926816][ T35] ? __pfx_process_scheduled_works+0x10/0x10
[ 76.926843][ T35] ? assign_work+0x364/0x3d0
[ 76.926862][ T35] worker_thread+0x870/0xd30
[ 76.926878][ T35] ? __kthread_parkme+0x169/0x1d0
[ 76.926892][ T35] ? __pfx_worker_thread+0x10/0x10
[ 76.926904][ T35] kthread+0x7a9/0x920
[ 76.926918][ T35] ? __pfx_kthread+0x10/0x10
[ 76.926932][ T35] ? __pfx_worker_thread+0x10/0x10
[ 76.926944][ T35] ? __pfx_kthread+0x10/0x10
[ 76.926958][ T35] ? __pfx_kthread+0x10/0x10
[ 76.926972][ T35] ? __pfx_kthread+0x10/0x10
[ 76.926985][ T35] ? _raw_spin_unlock_irq+0x23/0x50
[ 76.927000][ T35] ? lockdep_hardirqs_on+0x99/0x150
[ 76.927016][ T35] ? __pfx_kthread+0x10/0x10
[ 76.927030][ T35] ret_from_fork+0x4b/0x80
[ 76.927043][ T35] ? __pfx_kthread+0x10/0x10
[ 76.927057][ T35] ret_from_fork_asm+0x1a/0x30
[ 76.927073][ T35]
[ 77.034951][ T5926] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 77.320971][ T5146] Bluetooth: hci0: command tx timeout
[ 77.350596][ T5926] veth0_vlan: entered promiscuous mode
[ 77.435932][ T5926] veth1_vlan: entered promiscuous mode
[ 77.464086][ T5926] veth0_macvtap: entered promiscuous mode
[ 77.486827][ T5926] veth1_macvtap: entered promiscuous mode
[ 77.506934][ T5926] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 77.519419][ T5926] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 77.529658][ T5926] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.538462][ T5926] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.550292][ T5926] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.559215][ T5926] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.605589][ T5926] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 77.649184][ T5926] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 77.657148][ T2952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 77.664966][ T2952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 77.698915][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 77.708458][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3692025138=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at 6dbc6a9bc7
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6dbc6a9bc76e06852841ed5c5bdbb78409b17f53 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250110-142744'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"6dbc6a9bc76e06852841ed5c5bdbb78409b17f53\"
/usr/bin/ld: /tmp/ccNuh2Dz.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking