possible deadlock in ieee80211_remove_interfaces
======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc7-syzkaller-g41c5d104f338-dirty #0 Not tainted
------------------------------------------------------
kworker/u8:3/52 is trying to acquire lock:
ffffffff8fcb4bc8 (rtnl_mutex){+.+.}-{4:4}
, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10268 [inline]
, at: unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11768
but task is already holding lock:
ffff888022680768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6034 [inline]
ffff888022680768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2276
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
wiphy_lock include/net/cfg80211.h:6019 [inline]
wiphy_register+0x1a49/0x27b0 net/wireless/core.c:1006
ieee80211_register_hw+0x30fb/0x3e10 net/mac80211/main.c:1582
mac80211_hwsim_new_radio+0x2a9f/0x4a90 drivers/net/wireless/virtual/mac80211_hwsim.c:5558
init_mac80211_hwsim+0x87a/0xb00 drivers/net/wireless/virtual/mac80211_hwsim.c:6910
do_one_initcall+0x248/0x870 init/main.c:1266
do_initcall_level+0x157/0x210 init/main.c:1328
do_initcalls+0x3f/0x80 init/main.c:1344
kernel_init_freeable+0x435/0x5d0 init/main.c:1577
kernel_init+0x1d/0x2b0 init/main.c:1466
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
rtnl_acquire_if_cleanup_net net/core/dev.c:10268 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11768
unregister_netdevice_many net/core/dev.c:11851 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11717
unregister_netdevice include/linux/netdevice.h:3320 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2301
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1676
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
*** DEADLOCK ***
4 locks held by kworker/u8:3/52:
#0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
#0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
#1: ffffc90000bc7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
#1: ffffc90000bc7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
#2: ffffffff8fca8610 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606
#3: ffff888022680768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6034 [inline]
#3: ffff888022680768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2276
stack backtrace:
CPU: 0 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc7-syzkaller-g41c5d104f338-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
rtnl_acquire_if_cleanup_net net/core/dev.c:10268 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11768
unregister_netdevice_many net/core/dev.c:11851 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11717
unregister_netdevice include/linux/netdevice.h:3320 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2301
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1676
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Warning: Permanently added '10.128.1.95' (ED25519) to the list of known hosts.
2025/01/18 11:33:42 ignoring optional flag "sandboxArg"="0"
2025/01/18 11:33:42 parsed 1 programs
[ 63.135139][ T5828] cgroup: Unknown subsys name 'net'
[ 63.308148][ T5828] cgroup: Unknown subsys name 'cpuset'
[ 63.316011][ T5828] cgroup: Unknown subsys name 'rlimit'
[ 64.565246][ T5828] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 67.030948][ T5837] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 67.429438][ T5848] chnl_net:caif_netlink_parms(): no params data found
[ 67.510728][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.519730][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.528117][ T5848] bridge_slave_0: entered allmulticast mode
[ 67.535558][ T5848] bridge_slave_0: entered promiscuous mode
[ 67.547457][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.554649][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.563571][ T5848] bridge_slave_1: entered allmulticast mode
[ 67.570885][ T5848] bridge_slave_1: entered promiscuous mode
[ 67.597655][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 67.608563][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 67.634275][ T5848] team0: Port device team_slave_0 added
[ 67.643527][ T5848] team0: Port device team_slave_1 added
[ 67.666061][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 67.673092][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.699280][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 67.712929][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 67.721235][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.748044][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 67.785295][ T5848] hsr_slave_0: entered promiscuous mode
[ 67.791505][ T5848] hsr_slave_1: entered promiscuous mode
[ 67.884099][ T5848] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 67.895376][ T5848] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 67.904388][ T5848] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 67.914056][ T5848] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 67.938798][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.946065][ T5848] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 67.954272][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.961513][ T5848] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.013164][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[ 68.035334][ T52] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.047301][ T52] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.066815][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[ 68.080671][ T2912] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.088113][ T2912] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.099963][ T2912] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.107130][ T2912] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.237835][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.270012][ T5848] veth0_vlan: entered promiscuous mode
[ 68.279613][ T5848] veth1_vlan: entered promiscuous mode
[ 68.306172][ T5848] veth0_macvtap: entered promiscuous mode
[ 68.315348][ T5848] veth1_macvtap: entered promiscuous mode
[ 68.336270][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.349048][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.362062][ T5848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.371232][ T5848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.380509][ T5848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.390138][ T5848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.481879][ T5848] syz-executor (5848) used greatest stack depth: 18288 bytes left
[ 68.530253][ T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.542237][ T5866] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.551040][ T5866] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.559388][ T5866] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.568128][ T5866] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.578023][ T5866] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 68.586219][ T5866] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.620423][ T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.693417][ T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.778066][ T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.288288][ T2912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.296889][ T2912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.322329][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.330437][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/01/18 11:33:52 executed programs: 0
[ 70.884961][ T5866] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 70.893567][ T5866] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 70.903144][ T5866] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 70.912216][ T5866] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 70.922010][ T5866] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 70.929902][ T5866] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 71.027371][ T5921] chnl_net:caif_netlink_parms(): no params data found
[ 71.072355][ T5921] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.079775][ T5921] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.087105][ T5921] bridge_slave_0: entered allmulticast mode
[ 71.093717][ T5921] bridge_slave_0: entered promiscuous mode
[ 71.101190][ T5921] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.108569][ T5921] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.117387][ T5921] bridge_slave_1: entered allmulticast mode
[ 71.123910][ T5921] bridge_slave_1: entered promiscuous mode
[ 71.146979][ T5921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 71.158781][ T5921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 71.184379][ T5921] team0: Port device team_slave_0 added
[ 71.192152][ T5921] team0: Port device team_slave_1 added
[ 71.212442][ T5921] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 71.219636][ T5921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 71.245715][ T5921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 71.258513][ T5921] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 71.265647][ T5921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 71.291996][ T5921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 71.321987][ T5921] hsr_slave_0: entered promiscuous mode
[ 71.328221][ T5921] hsr_slave_1: entered promiscuous mode
[ 71.334223][ T5921] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 71.342456][ T5921] Cannot create hsr debugfs directory
[ 71.929099][ T52] bridge_slave_1: left allmulticast mode
[ 71.940906][ T52] bridge_slave_1: left promiscuous mode
[ 71.956079][ T52] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.979877][ T52] bridge_slave_0: left allmulticast mode
[ 71.994643][ T52] bridge_slave_0: left promiscuous mode
[ 72.001544][ T52] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.191789][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 72.202174][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.356579][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 72.368682][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 72.378812][ T52] bond0 (unregistering): Released all slaves
[ 72.497588][ T52] hsr_slave_0: left promiscuous mode
[ 72.503680][ T52] hsr_slave_1: left promiscuous mode
[ 72.517610][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 72.525384][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 72.534301][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 72.543334][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 72.558287][ T52] veth1_macvtap: left promiscuous mode
[ 72.564051][ T52] veth0_macvtap: left promiscuous mode
[ 72.570624][ T52] veth1_vlan: left promiscuous mode
[ 72.576143][ T52] veth0_vlan: left promiscuous mode
[ 72.844032][ T52] team0 (unregistering): Port device team_slave_1 removed
[ 72.875447][ T52] team0 (unregistering): Port device team_slave_0 removed
[ 72.988099][ T5866] Bluetooth: hci0: command tx timeout
[ 73.179937][ T5921] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 73.205434][ T5921] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 73.217882][ T5921] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 73.236628][ T5921] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 73.342605][ T5921] 8021q: adding VLAN 0 to HW filter on device bond0
[ 73.370126][ T5921] 8021q: adding VLAN 0 to HW filter on device team0
[ 73.387661][ T1899] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.394773][ T1899] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 73.433491][ T1899] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.440768][ T1899] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.117012][ T52]
[ 74.119371][ T52] ======================================================
[ 74.126377][ T52] WARNING: possible circular locking dependency detected
[ 74.133548][ T52] 6.13.0-rc7-syzkaller-g41c5d104f338-dirty #0 Not tainted
[ 74.140756][ T52] ------------------------------------------------------
[ 74.147857][ T52] kworker/u8:3/52 is trying to acquire lock:
[ 74.153852][ T52] ffffffff8fcb4bc8 (rtnl_mutex){+.+.}-{4:4}
[ 74.153921][ T5921] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 74.153901][ T52] , at: unregister_netdevice_many_notify+0xac2/0x2030
[ 74.153942][ T52]
[ 74.153942][ T52] but task is already holding lock:
[ 74.180685][ T52] ffff888022680768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 74.183583][ T5921] veth0_vlan: entered promiscuous mode
[ 74.191061][ T52]
[ 74.191061][ T52] which lock already depends on the new lock.
[ 74.191061][ T52]
[ 74.191069][ T52]
[ 74.191069][ T52] the existing dependency chain (in reverse order) is:
[ 74.191075][ T52]
[ 74.191075][ T52] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 74.191103][ T52] lock_acquire+0x1ed/0x550
[ 74.202674][ T5921] veth1_vlan: entered promiscuous mode
[ 74.206946][ T52] __mutex_lock+0x1ac/0xee0
[ 74.206974][ T52] wiphy_register+0x1a49/0x27b0
[ 74.206999][ T52] ieee80211_register_hw+0x30fb/0x3e10
[ 74.232754][ T5921] veth0_macvtap: entered promiscuous mode
[ 74.234151][ T52] mac80211_hwsim_new_radio+0x2a9f/0x4a90
[ 74.242216][ T5921] veth1_macvtap: entered promiscuous mode
[ 74.244595][ T52] init_mac80211_hwsim+0x87a/0xb00
[ 74.260771][ T5921] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 74.262564][ T52] do_one_initcall+0x248/0x870
[ 74.273588][ T5921] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.273873][ T52] do_initcall_level+0x157/0x210
[ 74.285635][ T5921] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.286402][ T52] do_initcalls+0x3f/0x80
[ 74.293737][ T5921] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.299019][ T52] kernel_init_freeable+0x435/0x5d0
[ 74.299045][ T52] kernel_init+0x1d/0x2b0
[ 74.299060][ T52] ret_from_fork+0x4b/0x80
[ 74.299077][ T52] ret_from_fork_asm+0x1a/0x30
[ 74.299092][ T52]
[ 74.299092][ T52] -> #0 (rtnl_mutex){+.+.}-{4:4}:
[ 74.299119][ T52] validate_chain+0x18ef/0x5920
[ 74.299140][ T52] __lock_acquire+0x1397/0x2100
[ 74.299157][ T52] lock_acquire+0x1ed/0x550
[ 74.299174][ T52] __mutex_lock+0x1ac/0xee0
[ 74.299194][ T52] unregister_netdevice_many_notify+0xac2/0x2030
[ 74.299215][ T52] unregister_netdevice_queue+0x303/0x370
[ 74.310452][ T5921] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.312695][ T52] _cfg80211_unregister_wdev+0x163/0x590
[ 74.321744][ T5921] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.327055][ T52] ieee80211_remove_interfaces+0x4ef/0x700
[ 74.327078][ T52] ieee80211_unregister_hw+0x5d/0x2c0
[ 74.327092][ T52] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 74.327113][ T52] hwsim_exit_net+0x5c1/0x670
[ 74.327131][ T52] cleanup_net+0x812/0xd60
[ 74.327147][ T52] process_scheduled_works+0xa66/0x1840
[ 74.327164][ T52] worker_thread+0x870/0xd30
[ 74.327179][ T52] kthread+0x2f0/0x390
[ 74.327197][ T52] ret_from_fork+0x4b/0x80
[ 74.327213][ T52] ret_from_fork_asm+0x1a/0x30
[ 74.461683][ T52]
[ 74.461683][ T52] other info that might help us debug this:
[ 74.461683][ T52]
[ 74.471904][ T52] Possible unsafe locking scenario:
[ 74.471904][ T52]
[ 74.479345][ T52] CPU0 CPU1
[ 74.484699][ T52] ---- ----
[ 74.490054][ T52] lock(&rdev->wiphy.mtx);
[ 74.494557][ T52] lock(rtnl_mutex);
[ 74.501049][ T52] lock(&rdev->wiphy.mtx);
[ 74.508240][ T52] lock(rtnl_mutex);
[ 74.512320][ T52]
[ 74.512320][ T52] *** DEADLOCK ***
[ 74.512320][ T52]
[ 74.520453][ T52] 4 locks held by kworker/u8:3/52:
[ 74.525551][ T52] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[ 74.536426][ T52] #1: ffffc90000bc7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[ 74.546950][ T52] #2: ffffffff8fca8610 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60
[ 74.556428][ T52] #3: ffff888022680768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 74.567211][ T52]
[ 74.567211][ T52] stack backtrace:
[ 74.573099][ T52] CPU: 0 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc7-syzkaller-g41c5d104f338-dirty #0
[ 74.583835][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 74.593989][ T52] Workqueue: netns cleanup_net
[ 74.598777][ T52] Call Trace:
[ 74.602139][ T52]
[ 74.605061][ T52] dump_stack_lvl+0x241/0x360
[ 74.609741][ T52] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.615023][ T52] ? __pfx__printk+0x10/0x10
[ 74.619609][ T52] print_circular_bug+0x13a/0x1b0
[ 74.624632][ T52] check_noncircular+0x36a/0x4a0
[ 74.629567][ T52] ? __pfx_check_noncircular+0x10/0x10
[ 74.635022][ T52] ? lockdep_lock+0x123/0x2b0
[ 74.639697][ T52] ? mark_lock+0x9a/0x360
[ 74.644025][ T52] validate_chain+0x18ef/0x5920
[ 74.648869][ T52] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 74.655196][ T52] ? __pfx_validate_chain+0x10/0x10
[ 74.660392][ T52] ? __pfx___schedule+0x10/0x10
[ 74.665261][ T52] ? mark_lock+0x9a/0x360
[ 74.669612][ T52] __lock_acquire+0x1397/0x2100
[ 74.674480][ T52] lock_acquire+0x1ed/0x550
[ 74.679018][ T52] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 74.685545][ T52] ? __pfx_lock_acquire+0x10/0x10
[ 74.690678][ T52] ? __pfx___might_resched+0x10/0x10
[ 74.695976][ T52] ? kthread_queue_work+0x110/0x180
[ 74.701181][ T52] __mutex_lock+0x1ac/0xee0
[ 74.705690][ T52] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 74.712196][ T52] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 74.718709][ T52] ? __pfx___mutex_lock+0x10/0x10
[ 74.723733][ T52] ? __pfx___might_resched+0x10/0x10
[ 74.729044][ T52] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 74.735549][ T52] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 74.742051][ T52] unregister_netdevice_many_notify+0xac2/0x2030
[ 74.748380][ T52] ? mark_lock+0x9a/0x360
[ 74.752709][ T52] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 74.759594][ T52] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 74.765399][ T52] ? __pfx_lock_release+0x10/0x10
[ 74.770423][ T52] unregister_netdevice_queue+0x303/0x370
[ 74.776228][ T52] ? __pfx_up_write+0x10/0x10
[ 74.780907][ T52] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 74.787496][ T52] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 74.793224][ T52] _cfg80211_unregister_wdev+0x163/0x590
[ 74.798866][ T52] ieee80211_remove_interfaces+0x4ef/0x700
[ 74.804670][ T52] ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 74.811008][ T52] ? rcu_is_watching+0x15/0xb0
[ 74.815780][ T52] ieee80211_unregister_hw+0x5d/0x2c0
[ 74.821143][ T52] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 74.826690][ T52] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 74.832843][ T52] hwsim_exit_net+0x5c1/0x670
[ 74.837604][ T52] ? __pfx_hwsim_exit_net+0x10/0x10
[ 74.842805][ T52] ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 74.848606][ T52] cleanup_net+0x812/0xd60
[ 74.853017][ T52] ? __pfx_cleanup_net+0x10/0x10
[ 74.857953][ T52] ? process_scheduled_works+0x976/0x1840
[ 74.863675][ T52] process_scheduled_works+0xa66/0x1840
[ 74.869223][ T52] ? __pfx_process_scheduled_works+0x10/0x10
[ 74.875202][ T52] ? assign_work+0x364/0x3d0
[ 74.879783][ T52] worker_thread+0x870/0xd30
[ 74.884368][ T52] ? __kthread_parkme+0x169/0x1d0
[ 74.889647][ T52] ? __pfx_worker_thread+0x10/0x10
[ 74.894817][ T52] kthread+0x2f0/0x390
[ 74.898884][ T52] ? __pfx_worker_thread+0x10/0x10
[ 74.903996][ T52] ? __pfx_kthread+0x10/0x10
[ 74.908581][ T52] ret_from_fork+0x4b/0x80
[ 74.913082][ T52] ? __pfx_kthread+0x10/0x10
[ 74.917925][ T52] ret_from_fork_asm+0x1a/0x30
[ 74.922779][ T52]
[ 74.941059][ T5921] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 75.065026][ T5866] Bluetooth: hci0: command tx timeout
[ 77.145065][ T5866] Bluetooth: hci0: command tx timeout
[ 79.225077][ T5866] Bluetooth: hci0: command tx timeout
[ 82.426508][ T911] cfg80211: failed to load regulatory.db
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1358422923=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at f2cb035c8f
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=f2cb035c8f931efff4a020b164e657f16f51934b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250117-180932'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"f2cb035c8f931efff4a020b164e657f16f51934b\"
/usr/bin/ld: /tmp/ccnfUoRd.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking