possible deadlock in ieee80211_remove_interfaces wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 ====================================================== WARNING: possible circular locking dependency detected 6.13.0-syzkaller-04046-g0ad9617c78ac #0 Not tainted ------------------------------------------------------ kworker/u8:1/12 is trying to acquire lock: ffffffff8fcc3f88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline] ffffffff8fcc3f88 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792 but task is already holding lock: ffff888025460768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline] ffff888025460768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730 wiphy_lock include/net/cfg80211.h:6046 [inline] wiphy_register+0x1a49/0x27b0 net/wireless/core.c:1006 ieee80211_register_hw+0x354e/0x4240 net/mac80211/main.c:1587 mac80211_hwsim_new_radio+0x2a9f/0x4a90 drivers/net/wireless/virtual/mac80211_hwsim.c:5558 init_mac80211_hwsim+0x87a/0xb00 drivers/net/wireless/virtual/mac80211_hwsim.c:6910 do_one_initcall+0x248/0x870 init/main.c:1267 do_initcall_level+0x157/0x210 init/main.c:1329 do_initcalls+0x3f/0x80 init/main.c:1345 kernel_init_freeable+0x435/0x5d0 init/main.c:1578 kernel_init+0x1d/0x2b0 init/main.c:1467 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #0 (rtnl_mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3163 [inline] check_prevs_add kernel/locking/lockdep.c:3282 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730 rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline] unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792 unregister_netdevice_many net/core/dev.c:11875 [inline] unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741 unregister_netdevice include/linux/netdevice.h:3329 [inline] _cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251 ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305 ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681 mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664 hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544 ops_exit_list net/core/net_namespace.c:172 [inline] cleanup_net+0x812/0xd60 net/core/net_namespace.c:652 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317 worker_thread+0x870/0xd30 kernel/workqueue.c:3398 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&rdev->wiphy.mtx); lock(rtnl_mutex); lock(&rdev->wiphy.mtx); lock(rtnl_mutex); *** DEADLOCK *** 4 locks held by kworker/u8:1/12: #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317 #1: ffffc90000117c60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline] #1: ffffc90000117c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317 #2: ffffffff8fcb79d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606 #3: ffff888025460768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline] #3: ffff888025460768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280 stack backtrace: CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208 check_prev_add kernel/locking/lockdep.c:3163 [inline] check_prevs_add kernel/locking/lockdep.c:3282 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730 rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline] unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792 unregister_netdevice_many net/core/dev.c:11875 [inline] unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741 unregister_netdevice include/linux/netdevice.h:3329 [inline] _cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251 ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305 ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681 mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664 hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544 ops_exit_list net/core/net_namespace.c:172 [inline] cleanup_net+0x812/0xd60 net/core/net_namespace.c:652 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317 worker_thread+0x870/0xd30 kernel/workqueue.c:3398 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_fro Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts. 2025/01/30 19:15:22 ignoring optional flag "sandboxArg"="0" 2025/01/30 19:15:22 ignoring optional flag "type"="gce" 2025/01/30 19:15:22 parsed 1 programs [ 63.540517][ T5833] cgroup: Unknown subsys name 'net' [ 63.693257][ T5833] cgroup: Unknown subsys name 'cpuset' [ 63.701658][ T5833] cgroup: Unknown subsys name 'rlimit' [ 65.026668][ T5833] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.835526][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 67.835526][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 68.095778][ T5869] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.108454][ T5869] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.116132][ T5869] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.129179][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.145858][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.157132][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.532890][ T4604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.543534][ T4604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.686642][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.698874][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.742863][ T5914] chnl_net:caif_netlink_parms(): no params data found [ 69.866183][ T5914] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.874432][ T5914] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.883139][ T5914] bridge_slave_0: entered allmulticast mode [ 69.890218][ T5914] bridge_slave_0: entered promiscuous mode [ 69.900301][ T5914] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.907499][ T5914] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.914837][ T5914] bridge_slave_1: entered allmulticast mode [ 69.922036][ T5914] bridge_slave_1: entered promiscuous mode [ 69.988660][ T5914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.000952][ T5914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.060701][ T5914] team0: Port device team_slave_0 added [ 70.072172][ T5914] team0: Port device team_slave_1 added [ 70.104387][ T5914] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.111430][ T5914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.137841][ T5914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.150809][ T5914] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.157952][ T5914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.184613][ T5914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.227421][ T5914] hsr_slave_0: entered promiscuous mode [ 70.233783][ T5914] hsr_slave_1: entered promiscuous mode [ 70.343864][ T5914] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.354719][ T5914] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.365781][ T5914] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.374937][ T5914] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.396932][ T5914] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.404216][ T5914] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.412776][ T5914] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.419945][ T5914] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.465312][ T5914] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.483196][ T4604] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.492891][ T4604] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.507596][ T5914] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.520739][ T4604] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.527900][ T4604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.542166][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.549351][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.668449][ T5914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.699629][ T5914] veth0_vlan: entered promiscuous mode [ 70.709723][ T5914] veth1_vlan: entered promiscuous mode [ 70.732850][ T5914] veth0_macvtap: entered promiscuous mode [ 70.742494][ T5914] veth1_macvtap: entered promiscuous mode [ 70.758934][ T5914] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.773881][ T5914] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.784954][ T5914] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.794694][ T5914] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.803704][ T5914] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.812541][ T5914] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/01/30 19:15:32 executed programs: 0 [ 70.948980][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.958683][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.966710][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.976195][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.984571][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.992572][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.142102][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 71.200147][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.207410][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.215796][ T5944] bridge_slave_0: entered allmulticast mode [ 71.223955][ T5944] bridge_slave_0: entered promiscuous mode [ 71.231555][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.238982][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.246142][ T5944] bridge_slave_1: entered allmulticast mode [ 71.252917][ T5944] bridge_slave_1: entered promiscuous mode [ 71.274778][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.286280][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.320255][ T5944] team0: Port device team_slave_0 added [ 71.329278][ T5944] team0: Port device team_slave_1 added [ 71.350763][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.357903][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.384152][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.396131][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.403408][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.429704][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.464425][ T5944] hsr_slave_0: entered promiscuous mode [ 71.470834][ T5944] hsr_slave_1: entered promiscuous mode [ 71.476827][ T5944] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.484872][ T5944] Cannot create hsr debugfs directory [ 71.578544][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.588272][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.597933][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.607106][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.671120][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.686155][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.702219][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.709389][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.726185][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.733367][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.773373][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.780075][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.874783][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.904985][ T5944] veth0_vlan: entered promiscuous mode [ 71.915026][ T5944] veth1_vlan: entered promiscuous mode [ 71.937338][ T5944] veth0_macvtap: entered promiscuous mode [ 71.953904][ T5944] veth1_macvtap: entered promiscuous mode [ 71.969717][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.980621][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.992458][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.004351][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.015285][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.028160][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.041100][ T5944] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.050668][ T5944] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.059751][ T5944] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.069461][ T5944] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.123560][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.139238][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.162909][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.172144][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.334963][ T5914] syz-executor (5914) used greatest stack depth: 17616 bytes left [ 72.461503][ T12] [ 72.463894][ T12] ====================================================== [ 72.470922][ T12] WARNING: possible circular locking dependency detected [ 72.477950][ T12] 6.13.0-syzkaller-04046-g0ad9617c78ac #0 Not tainted [ 72.484898][ T12] ------------------------------------------------------ [ 72.491924][ T12] kworker/u8:1/12 is trying to acquire lock: [ 72.497891][ T12] ffffffff8fcc3f88 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 72.508256][ T12] [ 72.508256][ T12] but task is already holding lock: [ 72.515602][ T12] ffff888025460768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 72.526033][ T12] [ 72.526033][ T12] which lock already depends on the new lock. [ 72.526033][ T12] [ 72.536417][ T12] [ 72.536417][ T12] the existing dependency chain (in reverse order) is: [ 72.545416][ T12] [ 72.545416][ T12] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 72.553496][ T12] lock_acquire+0x1ed/0x550 [ 72.558528][ T12] __mutex_lock+0x19c/0x1010 [ 72.563631][ T12] wiphy_register+0x1a49/0x27b0 [ 72.569076][ T12] ieee80211_register_hw+0x354e/0x4240 [ 72.575052][ T12] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 72.581291][ T12] init_mac80211_hwsim+0x87a/0xb00 [ 72.586997][ T12] do_one_initcall+0x248/0x870 [ 72.592275][ T12] do_initcall_level+0x157/0x210 [ 72.597914][ T12] do_initcalls+0x3f/0x80 [ 72.602860][ T12] kernel_init_freeable+0x435/0x5d0 [ 72.608589][ T12] kernel_init+0x1d/0x2b0 [ 72.613433][ T12] ret_from_fork+0x4b/0x80 [ 72.618361][ T12] ret_from_fork_asm+0x1a/0x30 [ 72.623635][ T12] [ 72.623635][ T12] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 72.630925][ T12] validate_chain+0x18ef/0x5920 [ 72.636387][ T12] __lock_acquire+0x1397/0x2100 [ 72.641760][ T12] lock_acquire+0x1ed/0x550 [ 72.646952][ T12] __mutex_lock+0x19c/0x1010 [ 72.652056][ T12] unregister_netdevice_many_notify+0xac2/0x2030 [ 72.658989][ T12] unregister_netdevice_queue+0x303/0x370 [ 72.665228][ T12] _cfg80211_unregister_wdev+0x163/0x590 [ 72.671376][ T12] ieee80211_remove_interfaces+0x4ef/0x700 [ 72.677697][ T12] ieee80211_unregister_hw+0x5d/0x2c0 [ 72.683675][ T12] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 72.689729][ T12] hwsim_exit_net+0x5c1/0x670 [ 72.694915][ T12] cleanup_net+0x812/0xd60 [ 72.699851][ T12] process_scheduled_works+0xa66/0x1840 [ 72.705910][ T12] worker_thread+0x870/0xd30 [ 72.711004][ T12] kthread+0x7a9/0x920 [ 72.715578][ T12] ret_from_fork+0x4b/0x80 [ 72.720503][ T12] ret_from_fork_asm+0x1a/0x30 [ 72.725774][ T12] [ 72.725774][ T12] other info that might help us debug this: [ 72.725774][ T12] [ 72.735987][ T12] Possible unsafe locking scenario: [ 72.735987][ T12] [ 72.743422][ T12] CPU0 CPU1 [ 72.748867][ T12] ---- ---- [ 72.754228][ T12] lock(&rdev->wiphy.mtx); [ 72.758734][ T12] lock(rtnl_mutex); [ 72.765237][ T12] lock(&rdev->wiphy.mtx); [ 72.772258][ T12] lock(rtnl_mutex); [ 72.776234][ T12] [ 72.776234][ T12] *** DEADLOCK *** [ 72.776234][ T12] [ 72.784384][ T12] 4 locks held by kworker/u8:1/12: [ 72.789478][ T12] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 72.800352][ T12] #1: ffffc90000117c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 72.810871][ T12] #2: ffffffff8fcb79d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 72.820263][ T12] #3: ffff888025460768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 72.831076][ T12] [ 72.831076][ T12] stack backtrace: [ 72.836965][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.13.0-syzkaller-04046-g0ad9617c78ac #0 [ 72.836979][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 72.836988][ T12] Workqueue: netns cleanup_net [ 72.837008][ T12] Call Trace: [ 72.837014][ T12] [ 72.837020][ T12] dump_stack_lvl+0x241/0x360 [ 72.837039][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.837055][ T12] ? __pfx__printk+0x10/0x10 [ 72.837073][ T12] print_circular_bug+0x13a/0x1b0 [ 72.837090][ T12] check_noncircular+0x36a/0x4a0 [ 72.837113][ T12] ? __pfx_check_noncircular+0x10/0x10 [ 72.837128][ T12] ? lockdep_lock+0x123/0x2b0 [ 72.837142][ T12] ? mark_lock+0x9a/0x360 [ 72.837156][ T12] validate_chain+0x18ef/0x5920 [ 72.837175][ T12] ? lockdep_hardirqs_on+0x99/0x150 [ 72.837190][ T12] ? __pfx_validate_chain+0x10/0x10 [ 72.837211][ T12] ? __schedule+0x1874/0x4be0 [ 72.837228][ T12] ? __pfx___schedule+0x10/0x10 [ 72.837243][ T12] ? mark_lock+0x9a/0x360 [ 72.837257][ T12] __lock_acquire+0x1397/0x2100 [ 72.837274][ T12] lock_acquire+0x1ed/0x550 [ 72.837286][ T12] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 72.837307][ T12] ? __pfx_lock_acquire+0x10/0x10 [ 72.837320][ T12] ? __pfx___might_resched+0x10/0x10 [ 72.837339][ T12] ? kthread_queue_work+0x110/0x180 [ 72.837354][ T12] __mutex_lock+0x19c/0x1010 [ 72.837367][ T12] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 72.837388][ T12] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 72.837405][ T12] ? __pfx___mutex_lock+0x10/0x10 [ 72.837418][ T12] ? __pfx___might_resched+0x10/0x10 [ 72.837436][ T12] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 72.837459][ T12] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 72.837477][ T12] unregister_netdevice_many_notify+0xac2/0x2030 [ 72.837495][ T12] ? mark_lock+0x9a/0x360 [ 72.837511][ T12] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 72.837529][ T12] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 72.837544][ T12] ? __pfx_lock_release+0x10/0x10 [ 72.837567][ T12] unregister_netdevice_queue+0x303/0x370 [ 72.837584][ T12] ? __pfx_up_write+0x10/0x10 [ 72.837599][ T12] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 72.837617][ T12] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 72.837633][ T12] _cfg80211_unregister_wdev+0x163/0x590 [ 72.837648][ T12] ieee80211_remove_interfaces+0x4ef/0x700 [ 72.837668][ T12] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 72.837687][ T12] ? rcu_is_watching+0x15/0xb0 [ 72.837706][ T12] ieee80211_unregister_hw+0x5d/0x2c0 [ 72.837740][ T12] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 72.837758][ T12] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 72.837773][ T12] hwsim_exit_net+0x5c1/0x670 [ 72.837791][ T12] ? __pfx_hwsim_exit_net+0x10/0x10 [ 72.837807][ T12] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 72.837823][ T12] cleanup_net+0x812/0xd60 [ 72.837839][ T12] ? __pfx_cleanup_net+0x10/0x10 [ 72.837855][ T12] ? process_scheduled_works+0x976/0x1840 [ 72.837872][ T12] process_scheduled_works+0xa66/0x1840 [ 72.837896][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 72.837915][ T12] ? assign_work+0x364/0x3d0 [ 72.837933][ T12] worker_thread+0x870/0xd30 [ 72.837948][ T12] ? __kthread_parkme+0x169/0x1d0 [ 72.837966][ T12] ? __pfx_worker_thread+0x10/0x10 [ 72.837982][ T12] kthread+0x7a9/0x920 [ 72.837994][ T12] ? __pfx_kthread+0x10/0x10 [ 72.838013][ T12] ? __pfx_worker_thread+0x10/0x10 [ 72.838028][ T12] ? __pfx_kthread+0x10/0x10 [ 72.838040][ T12] ? __pfx_kthread+0x10/0x10 [ 72.838058][ T12] ? __pfx_kthread+0x10/0x10 [ 72.838070][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 72.838081][ T12] ? lockdep_hardirqs_on+0x99/0x150 [ 72.838093][ T12] ? __pfx_kthread+0x10/0x10 [ 72.838106][ T12] ret_from_fork+0x4b/0x80 [ 72.838123][ T12] ? __pfx_kthread+0x10/0x10 [ 72.838135][ T12] ret_fro syzkaller build log: go env (err=) GO111MODULE='auto' GOARCH='amd64' GOBIN='' GOCACHE='/syzkaller/.cache/go-build' GOENV='/syzkaller/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/syzkaller/jobs-2/linux/gopath' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.22.7' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2435066525=/tmp/go-build -gno-record-gcc-switches' git status (err=) HEAD detached at 73e8a46518 nothing to commit, working tree clean tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen make .descriptions tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env bin/syz-sysgen go fmt ./sys/... >/dev/null touch .descriptions GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=73e8a465188a43a0d783006a7cb71d0931a08492 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240912-165303'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog mkdir -p ./bin/linux_amd64 g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \ -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \ -DHOSTGOOS_linux=1 -DGIT_REVISION=\"73e8a465188a43a0d783006a7cb71d0931a08492\" /usr/bin/ld: /tmp/cc7gJix4.o: in function `test_cover_filter()': executor.cc:(.text+0x1413b): warning: the use of `tempnam' is dangerous, better use `mkstemp' /usr/bin/ld: /tmp/cc7gJix4.o: in function `Connection::Connect(char const*, char const*)': executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking