possible deadlock in ieee80211_remove_interfaces
======================================================
WARNING: possible circular locking dependency detected
6.13.0-syzkaller-04060-g5de7665e0a07 #0 Not tainted
------------------------------------------------------
kworker/u4:5/1031 is trying to acquire lock:
ffffffff8fcc5a88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
ffffffff8fcc5a88 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
but task is already holding lock:
ffff888033810768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
ffff888033810768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
wiphy_lock include/net/cfg80211.h:6046 [inline]
wiphy_register+0x1a49/0x27b0 net/wireless/core.c:1006
ieee80211_register_hw+0x354e/0x4240 net/mac80211/main.c:1587
mac80211_hwsim_new_radio+0x2a9f/0x4a90 drivers/net/wireless/virtual/mac80211_hwsim.c:5558
init_mac80211_hwsim+0x87a/0xb00 drivers/net/wireless/virtual/mac80211_hwsim.c:6910
do_one_initcall+0x248/0x870 init/main.c:1267
do_initcall_level+0x157/0x210 init/main.c:1329
do_initcalls+0x3f/0x80 init/main.c:1345
kernel_init_freeable+0x435/0x5d0 init/main.c:1578
kernel_init+0x1d/0x2b0 init/main.c:1467
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
*** DEADLOCK ***
4 locks held by kworker/u4:5/1031:
#0: ffff888030427148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
#0: ffff888030427148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
#1: ffffc900025afc60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
#1: ffffc900025afc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
#2: ffffffff8fcb94d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606
#3: ffff888033810768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
#3: ffff888033810768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
stack backtrace:
CPU: 0 UID: 0 PID: 1031 Comm: kworker/u4:5 Not tainted 6.13.0-syzkaller-04060-g5de7665e0a07 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Warning: Permanently added '[localhost]:18542' (ED25519) to the list of known hosts.
2025/01/28 16:38:50 ignoring optional flag "sandboxArg"="0"
2025/01/28 16:38:51 parsed 1 programs
[ 72.689835][ T5311] cgroup: Unknown subsys name 'net'
[ 72.764854][ T5311] cgroup: Unknown subsys name 'cpuset'
[ 72.769429][ T5311] cgroup: Unknown subsys name 'rlimit'
[ 74.202281][ T5311] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 76.393672][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.396200][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 79.428381][ T5325] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 81.149327][ T5352] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 81.153313][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 81.156521][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 81.159593][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 81.162733][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 81.165586][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 83.468282][ T5379] chnl_net:caif_netlink_parms(): no params data found
[ 83.547599][ T5379] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.561257][ T5379] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.563891][ T5379] bridge_slave_0: entered allmulticast mode
[ 83.566672][ T5379] bridge_slave_0: entered promiscuous mode
[ 83.581714][ T5379] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.584483][ T5379] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.587472][ T5379] bridge_slave_1: entered allmulticast mode
[ 83.590430][ T5379] bridge_slave_1: entered promiscuous mode
[ 83.635367][ T5379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.640453][ T5379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.682675][ T5379] team0: Port device team_slave_0 added
[ 83.686368][ T5379] team0: Port device team_slave_1 added
[ 83.721648][ T5379] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 83.724372][ T5379] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 83.752095][ T5379] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 83.758206][ T5379] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 83.771645][ T5379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 83.792075][ T5379] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 83.851406][ T5379] hsr_slave_0: entered promiscuous mode
[ 83.854495][ T5379] hsr_slave_1: entered promiscuous mode
[ 84.053375][ T5379] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 84.063035][ T5379] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 84.073469][ T5379] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 84.083776][ T5379] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 84.133249][ T5379] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.136053][ T5379] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 84.139476][ T5379] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.142344][ T5379] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.238495][ T5379] 8021q: adding VLAN 0 to HW filter on device bond0
[ 84.266306][ T3077] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.270493][ T3077] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.284171][ T5379] 8021q: adding VLAN 0 to HW filter on device team0
[ 84.295894][ T3077] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.298630][ T3077] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.304632][ T3077] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.307348][ T3077] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 84.446840][ T5379] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 84.476681][ T5379] veth0_vlan: entered promiscuous mode
[ 84.485110][ T5379] veth1_vlan: entered promiscuous mode
[ 84.508754][ T5379] veth0_macvtap: entered promiscuous mode
[ 84.514249][ T5379] veth1_macvtap: entered promiscuous mode
[ 84.527059][ T5379] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 84.537558][ T5379] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 84.546323][ T5379] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.549853][ T5379] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.562155][ T5379] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.565576][ T5379] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 84.772509][ T1031] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.863294][ T1031] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 84.903914][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 84.907263][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.947549][ T1031] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 85.003577][ T3077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.006641][ T3077] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.047927][ T1031] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 86.651817][ T9] cfg80211: failed to load regulatory.db
2025/01/28 16:39:07 executed programs: 0
[ 86.854717][ T4664] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 86.858461][ T4664] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 86.881764][ T4664] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 86.885013][ T4664] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 86.887981][ T4664] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 86.891119][ T4664] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 87.093620][ T5408] chnl_net:caif_netlink_parms(): no params data found
[ 87.193335][ T5408] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.196146][ T5408] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.199018][ T5408] bridge_slave_0: entered allmulticast mode
[ 87.212696][ T5408] bridge_slave_0: entered promiscuous mode
[ 87.216767][ T5408] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.219430][ T5408] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.232914][ T5408] bridge_slave_1: entered allmulticast mode
[ 87.236244][ T5408] bridge_slave_1: entered promiscuous mode
[ 87.274899][ T5408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 87.279781][ T5408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 87.322529][ T5408] team0: Port device team_slave_0 added
[ 87.354234][ T5408] team0: Port device team_slave_1 added
[ 87.394177][ T5408] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 87.396801][ T5408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.421028][ T5408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 87.446934][ T5408] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 87.449646][ T5408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.502496][ T5408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.575083][ T1031] bridge_slave_1: left allmulticast mode
[ 87.577416][ T1031] bridge_slave_1: left promiscuous mode
[ 87.580616][ T1031] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.629708][ T1031] bridge_slave_0: left allmulticast mode
[ 87.650881][ T1031] bridge_slave_0: left promiscuous mode
[ 87.653189][ T1031] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.796637][ T5408] hsr_slave_0: entered promiscuous mode
[ 87.798987][ T5408] hsr_slave_1: entered promiscuous mode
[ 87.815542][ T5408] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 87.832715][ T5408] Cannot create hsr debugfs directory
[ 88.127441][ T1031] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 88.134993][ T1031] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 88.140077][ T1031] bond0 (unregistering): Released all slaves
[ 88.260947][ T1031] hsr_slave_0: left promiscuous mode
[ 88.264857][ T1031] hsr_slave_1: left promiscuous mode
[ 88.267416][ T1031] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 88.270349][ T1031] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 88.284476][ T1031] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 88.287466][ T1031] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 88.306328][ T1031] veth1_macvtap: left promiscuous mode
[ 88.309521][ T1031] veth0_macvtap: left promiscuous mode
[ 88.322199][ T1031] veth1_vlan: left promiscuous mode
[ 88.324565][ T1031] veth0_vlan: left promiscuous mode
[ 88.675201][ T1031] team0 (unregistering): Port device team_slave_1 removed
[ 88.695161][ T1031] team0 (unregistering): Port device team_slave_0 removed
[ 88.952032][ T48] Bluetooth: hci0: command tx timeout
[ 89.631907][ T5408] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 89.659179][ T5408] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 89.717959][ T5408] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 89.736871][ T1031]
[ 89.737867][ T1031] ======================================================
[ 89.740594][ T1031] WARNING: possible circular locking dependency detected
[ 89.743215][ T1031] 6.13.0-syzkaller-04060-g5de7665e0a07 #0 Not tainted
[ 89.747007][ T1031] ------------------------------------------------------
[ 89.749701][ T1031] kworker/u4:5/1031 is trying to acquire lock:
[ 89.752112][ T1031] ffffffff8fcc5a88 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030
[ 89.756189][ T1031]
[ 89.756189][ T1031] but task is already holding lock:
[ 89.758983][ T1031] ffff888033810768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 89.763030][ T1031]
[ 89.763030][ T1031] which lock already depends on the new lock.
[ 89.763030][ T1031]
[ 89.767080][ T1031]
[ 89.767080][ T1031] the existing dependency chain (in reverse order) is:
[ 89.770462][ T1031]
[ 89.770462][ T1031] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 89.773425][ T1031] lock_acquire+0x1ed/0x550
[ 89.775323][ T1031] __mutex_lock+0x19c/0x1010
[ 89.777306][ T1031] wiphy_register+0x1a49/0x27b0
[ 89.779338][ T1031] ieee80211_register_hw+0x354e/0x4240
[ 89.781807][ T1031] mac80211_hwsim_new_radio+0x2a9f/0x4a90
[ 89.784481][ T1031] init_mac80211_hwsim+0x87a/0xb00
[ 89.786968][ T1031] do_one_initcall+0x248/0x870
[ 89.788965][ T1031] do_initcall_level+0x157/0x210
[ 89.791140][ T1031] do_initcalls+0x3f/0x80
[ 89.793191][ T1031] kernel_init_freeable+0x435/0x5d0
[ 89.795785][ T1031] kernel_init+0x1d/0x2b0
[ 89.797590][ T1031] ret_from_fork+0x4b/0x80
[ 89.799465][ T1031] ret_from_fork_asm+0x1a/0x30
[ 89.801640][ T1031]
[ 89.801640][ T1031] -> #0 (rtnl_mutex){+.+.}-{4:4}:
[ 89.804455][ T1031] validate_chain+0x18ef/0x5920
[ 89.806549][ T1031] __lock_acquire+0x1397/0x2100
[ 89.808723][ T1031] lock_acquire+0x1ed/0x550
[ 89.810829][ T1031] __mutex_lock+0x19c/0x1010
[ 89.812802][ T1031] unregister_netdevice_many_notify+0xac2/0x2030
[ 89.815397][ T1031] unregister_netdevice_queue+0x303/0x370
[ 89.817801][ T1031] _cfg80211_unregister_wdev+0x163/0x590
[ 89.820149][ T1031] ieee80211_remove_interfaces+0x4ef/0x700
[ 89.822558][ T1031] ieee80211_unregister_hw+0x5d/0x2c0
[ 89.824792][ T1031] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 89.827155][ T1031] hwsim_exit_net+0x5c1/0x670
[ 89.829192][ T1031] cleanup_net+0x812/0xd60
[ 89.831083][ T1031] process_scheduled_works+0xa66/0x1840
[ 89.833497][ T1031] worker_thread+0x870/0xd30
[ 89.835487][ T1031] kthread+0x7a9/0x920
[ 89.837255][ T1031] ret_from_fork+0x4b/0x80
[ 89.839110][ T1031] ret_from_fork_asm+0x1a/0x30
[ 89.841145][ T1031]
[ 89.841145][ T1031] other info that might help us debug this:
[ 89.841145][ T1031]
[ 89.845026][ T1031] Possible unsafe locking scenario:
[ 89.845026][ T1031]
[ 89.847819][ T1031] CPU0 CPU1
[ 89.849869][ T1031] ---- ----
[ 89.851886][ T1031] lock(&rdev->wiphy.mtx);
[ 89.853655][ T1031] lock(rtnl_mutex);
[ 89.856194][ T1031] lock(&rdev->wiphy.mtx);
[ 89.858834][ T1031] lock(rtnl_mutex);
[ 89.860388][ T1031]
[ 89.860388][ T1031] *** DEADLOCK ***
[ 89.860388][ T1031]
[ 89.863452][ T1031] 4 locks held by kworker/u4:5/1031:
[ 89.865648][ T1031] #0: ffff888030427148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[ 89.869846][ T1031] #1: ffffc900025afc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[ 89.874052][ T1031] #2: ffffffff8fcb94d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60
[ 89.877611][ T1031] #3: ffff888033810768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 89.881724][ T1031]
[ 89.881724][ T1031] stack backtrace:
[ 89.884007][ T1031] CPU: 0 UID: 0 PID: 1031 Comm: kworker/u4:5 Not tainted 6.13.0-syzkaller-04060-g5de7665e0a07 #0
[ 89.884020][ T1031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 89.884028][ T1031] Workqueue: netns cleanup_net
[ 89.884041][ T1031] Call Trace:
[ 89.884048][ T1031]
[ 89.884054][ T1031] dump_stack_lvl+0x241/0x360
[ 89.884073][ T1031] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.884086][ T1031] ? __pfx__printk+0x10/0x10
[ 89.884102][ T1031] print_circular_bug+0x13a/0x1b0
[ 89.884114][ T1031] check_noncircular+0x36a/0x4a0
[ 89.884123][ T1031] ? __pfx_check_noncircular+0x10/0x10
[ 89.884132][ T1031] ? lockdep_lock+0x123/0x2b0
[ 89.884139][ T1031] ? rcu_read_lock_sched_held+0x8d/0x130
[ 89.884149][ T1031] validate_chain+0x18ef/0x5920
[ 89.884160][ T1031] ? __pfx_validate_chain+0x10/0x10
[ 89.884175][ T1031] ? mark_lock+0x9a/0x360
[ 89.884187][ T1031] ? __lock_acquire+0x1397/0x2100
[ 89.884202][ T1031] ? mark_lock+0x9a/0x360
[ 89.884215][ T1031] __lock_acquire+0x1397/0x2100
[ 89.884231][ T1031] lock_acquire+0x1ed/0x550
[ 89.884243][ T1031] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 89.884258][ T1031] ? __pfx_lock_acquire+0x10/0x10
[ 89.884269][ T1031] ? __pfx___might_resched+0x10/0x10
[ 89.884281][ T1031] ? finish_wait+0xd4/0x1e0
[ 89.884294][ T1031] __mutex_lock+0x19c/0x1010
[ 89.884309][ T1031] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 89.884324][ T1031] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 89.884337][ T1031] ? __pfx___mutex_lock+0x10/0x10
[ 89.884350][ T1031] ? __pfx___might_resched+0x10/0x10
[ 89.884361][ T1031] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 89.884375][ T1031] ? _raw_spin_unlock_irq+0x23/0x50
[ 89.884388][ T1031] unregister_netdevice_many_notify+0xac2/0x2030
[ 89.884401][ T1031] ? mark_lock+0x9a/0x360
[ 89.884417][ T1031] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 89.884429][ T1031] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 89.884445][ T1031] ? __pfx_lock_release+0x10/0x10
[ 89.884461][ T1031] unregister_netdevice_queue+0x303/0x370
[ 89.884473][ T1031] ? __pfx_up_write+0x10/0x10
[ 89.884481][ T1031] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 89.884492][ T1031] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 89.884506][ T1031] _cfg80211_unregister_wdev+0x163/0x590
[ 89.884530][ T1031] ieee80211_remove_interfaces+0x4ef/0x700
[ 89.884546][ T1031] ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 89.884557][ T1031] ? rcu_is_watching+0x15/0xb0
[ 89.884572][ T1031] ieee80211_unregister_hw+0x5d/0x2c0
[ 89.884584][ T1031] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 89.884599][ T1031] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 89.884614][ T1031] hwsim_exit_net+0x5c1/0x670
[ 89.884625][ T1031] ? __pfx_hwsim_exit_net+0x10/0x10
[ 89.884635][ T1031] ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 89.884651][ T1031] cleanup_net+0x812/0xd60
[ 89.884663][ T1031] ? __pfx_cleanup_net+0x10/0x10
[ 89.884673][ T1031] ? process_scheduled_works+0x976/0x1840
[ 89.884685][ T1031] process_scheduled_works+0xa66/0x1840
[ 89.884700][ T1031] ? __pfx_process_scheduled_works+0x10/0x10
[ 89.884712][ T1031] ? assign_work+0x364/0x3d0
[ 89.884723][ T1031] worker_thread+0x870/0xd30
[ 89.884736][ T1031] ? __kthread_parkme+0x169/0x1d0
[ 89.884748][ T1031] ? __pfx_worker_thread+0x10/0x10
[ 89.884758][ T1031] kthread+0x7a9/0x920
[ 89.884770][ T1031] ? __pfx_kthread+0x10/0x10
[ 89.884782][ T1031] ? __pfx_worker_thread+0x10/0x10
[ 89.884793][ T1031] ? __pfx_kthread+0x10/0x10
[ 89.884804][ T1031] ? __pfx_kthread+0x10/0x10
[ 89.884816][ T1031] ? __pfx_kthread+0x10/0x10
[ 89.884828][ T1031] ? _raw_spin_unlock_irq+0x23/0x50
[ 89.884840][ T1031] ? lockdep_hardirqs_on+0x99/0x150
[ 89.884854][ T1031] ? __pfx_kthread+0x10/0x10
[ 89.884866][ T1031] ret_from_fork+0x4b/0x80
[ 89.884906][ T1031] ? __pfx_kthread+0x10/0x10
[ 89.884920][ T1031] ret_from_fork_asm+0x1a/0x30
[ 89.884932][ T1031]
[ 90.035045][ T5408] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 91.030930][ T48] Bluetooth: hci0: command tx timeout
[ 93.110989][ T48] Bluetooth: hci0: command tx timeout
[ 95.190863][ T48] Bluetooth: hci0: command tx timeout
VM DIAGNOSIS:
16:39:10 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000061 RBX=ffffffff9a742940 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc900025ae4b0
R8 =ffffffff85558a5b R9 =1ffff11003dd1046 R10=dffffc0000000000 R11=ffffffff85558a10
R12=dffffc0000000000 R13=ffffffff9a43cf43 R14=0000000000000061 R15=00000000000003f8
RIP=ffffffff85558a8e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f808420015c CR3=0000000011a76000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000031 Opmask01=0000000000062000 Opmask02=0000000006000000 Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd780586c0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 73696d6f72702074 66656c203a6e616c 765f306874657620 5d31000064657600
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7363676572702074 6665662030646166 7655306274657620 5731000064657600
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0032203e20203430 203a68203a68656c 2038336330422020 3834202020205b5d
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0032203520000024 20202020303e3420 0033202020392020 2020202020205120
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a3f38693a0a0024 676f666865787a2a 6f627e2a6f7c6665 792a6e667f657d2a
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7a726f647f2a303a 6369622a30627e65 657e6f7f66482a57 323e5e2a2a2a5157
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3269927650=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at da72ac06e38
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=da72ac06e38cf1dd2ecbddd5502225ff7589542d -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250121-154645'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"da72ac06e38cf1dd2ecbddd5502225ff7589542d\"
/usr/bin/ld: /tmp/ccG3hyEh.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking