possible deadlock in ieee80211_remove_interfaces ====================================================== WARNING: possible circular locking dependency detected 6.13.0-syzkaller-05252-gbc8198dc7ebc #0 Not tainted ------------------------------------------------------ kworker/u8:7/1150 is trying to acquire lock: ffffffff8f60a888 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline] ffffffff8f60a888 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xacf/0x2270 net/core/dev.c:11792 but task is already holding lock: ffff88805aa30768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline] ffff88805aa30768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6b0 net/mac80211/iface.c:2280 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x198/0x1000 kernel/locking/mutex.c:730 wiphy_lock include/net/cfg80211.h:6046 [inline] wiphy_register+0x1a2f/0x2770 net/wireless/core.c:1006 ieee80211_register_hw+0x3540/0x4220 net/mac80211/main.c:1587 mac80211_hwsim_new_radio+0x2a9b/0x4a80 drivers/net/wireless/virtual/mac80211_hwsim.c:5558 init_mac80211_hwsim+0x876/0xb00 drivers/net/wireless/virtual/mac80211_hwsim.c:6910 do_one_initcall+0x244/0x840 init/main.c:1267 do_initcall_level+0x157/0x210 init/main.c:1329 do_initcalls+0x3f/0x80 init/main.c:1345 kernel_init_freeable+0x431/0x5d0 init/main.c:1578 kernel_init+0x19/0x2b0 init/main.c:1467 Warning: Permanently added '10.128.1.76' (ED25519) to the list of known hosts. 2025/01/24 05:24:10 ignoring optional flag "sandboxArg"="0" 2025/01/24 05:24:11 parsed 1 programs [ 81.166445][ T5763] cgroup: Unknown subsys name 'net' [ 81.363933][ T5763] cgroup: Unknown subsys name 'cpuset' [ 81.372190][ T5763] cgroup: Unknown subsys name 'rlimit' [ 81.377979][ T5763] cgroup: Unknown subsys name 'memory' [ 82.930051][ T5763] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.090969][ T5794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.122215][ T5794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.136119][ T5794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.150613][ T5794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.163136][ T5794] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.173521][ T5794] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.090821][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 88.181976][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.198171][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.288754][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.295935][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.303365][ T5821] bridge_slave_0: entered allmulticast mode [ 88.310675][ T5821] bridge_slave_0: entered promiscuous mode [ 88.327965][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.335458][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.342785][ T5821] bridge_slave_1: entered allmulticast mode [ 88.351553][ T5821] bridge_slave_1: entered promiscuous mode [ 88.387019][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.411253][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.529554][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.535199][ T5821] team0: Port device team_slave_0 added [ 88.547618][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.602973][ T5821] team0: Port device team_slave_1 added [ 88.735588][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.761005][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.791709][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.805935][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.813502][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.840552][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.899587][ T5821] hsr_slave_0: entered promiscuous mode [ 88.906644][ T5821] hsr_slave_1: entered promiscuous mode [ 89.271088][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.285435][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.296983][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.307212][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.400022][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.423146][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.435597][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.443254][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.460265][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.467467][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.615485][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.652474][ T5821] veth0_vlan: entered promiscuous mode [ 89.664992][ T5821] veth1_vlan: entered promiscuous mode [ 89.691404][ T5821] veth0_macvtap: entered promiscuous mode [ 89.700630][ T5821] veth1_macvtap: entered promiscuous mode [ 89.717348][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.732425][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.744136][ T5821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.753675][ T5821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.762838][ T5821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.772080][ T5821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/01/24 05:24:23 executed programs: 0 [ 89.891944][ T5821] syz-executor (5821) used greatest stack depth: 19176 bytes left [ 89.908450][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.917986][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.926225][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.935243][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.945057][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.947350][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.952543][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.032086][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.107059][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.147821][ T5861] chnl_net:caif_netlink_parms(): no params data found [ 90.190572][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.245584][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.253037][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.260876][ T5861] bridge_slave_0: entered allmulticast mode [ 90.267671][ T5861] bridge_slave_0: entered promiscuous mode [ 90.276971][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.284662][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.292393][ T5861] bridge_slave_1: entered allmulticast mode [ 90.300320][ T5861] bridge_slave_1: entered promiscuous mode [ 90.329310][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.347314][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.374734][ T5861] team0: Port device team_slave_0 added [ 90.384450][ T5861] team0: Port device team_slave_1 added [ 90.406280][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.413670][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.441411][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.458604][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.465690][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.492183][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.532541][ T5861] hsr_slave_0: entered promiscuous mode [ 90.539340][ T5861] hsr_slave_1: entered promiscuous mode [ 90.545460][ T5861] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.553527][ T5861] Cannot create hsr debugfs directory [ 92.019717][ T5794] Bluetooth: hci0: command tx timeout [ 92.260871][ T966] cfg80211: failed to load regulatory.db [ 93.115508][ T53] bridge_slave_1: left allmulticast mode [ 93.125693][ T53] bridge_slave_1: left promiscuous mode [ 93.138469][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.159700][ T53] bridge_slave_0: left allmulticast mode [ 93.165425][ T53] bridge_slave_0: left promiscuous mode [ 93.173763][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.544657][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 93.556097][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 93.566810][ T53] bond0 (unregistering): Released all slaves [ 93.731954][ T53] hsr_slave_0: left promiscuous mode [ 93.745071][ T53] hsr_slave_1: left promiscuous mode [ 93.751600][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.759469][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.768274][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.775739][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.792948][ T53] veth1_macvtap: left promiscuous mode [ 93.799126][ T53] veth0_macvtap: left promiscuous mode [ 93.804820][ T53] veth1_vlan: left promiscuous mode [ 93.811127][ T53] veth0_vlan: left promiscuous mode [ 94.098340][ T5794] Bluetooth: hci0: command tx timeout [ 94.137344][ T53] team0 (unregistering): Port device team_slave_1 removed [ 94.171006][ T53] team0 (unregistering): Port device team_slave_0 removed [ 94.511973][ T5861] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.531123][ T5861] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.547147][ T5861] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.559384][ T5861] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.704560][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.731425][ T5861] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.747994][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.755321][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.784039][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.791255][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.824537][ T5861] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.836759][ T5861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.011699][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.062694][ T5861] veth0_vlan: entered promiscuous mode [ 95.077999][ T5861] veth1_vlan: entered promiscuous mode [ 95.113895][ T5861] veth0_macvtap: entered promiscuous mode [ 95.124830][ T5861] veth1_macvtap: entered promiscuous mode [ 95.150475][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.167721][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.185708][ T5861] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.197139][ T5861] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.206619][ T5861] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.217646][ T5861] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.317007][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.339560][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.372101][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.381776][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.456864][ T1150] [ 96.459348][ T1150] ====================================================== [ 96.466407][ T1150] WARNING: possible circular locking dependency detected [ 96.473472][ T1150] 6.13.0-syzkaller-05252-gbc8198dc7ebc #0 Not tainted [ 96.480268][ T1150] ------------------------------------------------------ [ 96.487308][ T1150] kworker/u8:7/1150 is trying to acquire lock: [ 96.493577][ T1150] ffffffff8f60a888 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xacf/0x2270 [ 96.504021][ T1150] [ 96.504021][ T1150] but task is already holding lock: [ 96.511550][ T1150] ffff88805aa30768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6b0 [ 96.521978][ T1150] [ 96.521978][ T1150] which lock already depends on the new lock. [ 96.521978][ T1150] [ 96.532416][ T1150] [ 96.532416][ T1150] the existing dependency chain (in reverse order) is: [ 96.541463][ T1150] [ 96.541463][ T1150] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 96.549260][ T1150] __mutex_lock+0x198/0x1000 [ 96.554433][ T1150] wiphy_register+0x1a2f/0x2770 [ 96.559848][ T1150] ieee80211_register_hw+0x3540/0x4220 [ 96.565866][ T1150] mac80211_hwsim_new_radio+0x2a9b/0x4a80 [ 96.572432][ T1150] init_mac80211_hwsim+0x876/0xb00 [ 96.578116][ T1150] do_one_initcall+0x244/0x840 [ 96.584147][ T1150] do_initcall_level+0x157/0x210 [ 96.590573][ T1150] do_initcalls+0x3f/0x80 [ 96.595579][ T1150] kernel_init_freeable+0x431/0x5d0 [ 96.601388][ T1150] kernel_init+0x19/0x2b0 [ 96.606286][ syzkaller build log: go env (err=) GO111MODULE='auto' GOARCH='amd64' GOBIN='' GOCACHE='/syzkaller/.cache/go-build' GOENV='/syzkaller/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/syzkaller/jobs-2/linux/gopath' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.22.7' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build997661943=/tmp/go-build -gno-record-gcc-switches' git status (err=) HEAD detached at a44b0418ac nothing to commit, working tree clean tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen make .descriptions tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env bin/syz-sysgen go fmt ./sys/... >/dev/null touch .descriptions GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=a44b0418acb3ae8fdad9277c2f2aaa6446b97530 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250122-142208'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog mkdir -p ./bin/linux_amd64 g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \ -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \ -DHOSTGOOS_linux=1 -DGIT_REVISION=\"a44b0418acb3ae8fdad9277c2f2aaa6446b97530\" /usr/bin/ld: /tmp/ccoOmF90.o: in function `Connection::Connect(char const*, char const*)': executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking