possible deadlock in ieee80211_remove_interfaces
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
======================================================
WARNING: possible circular locking dependency detected
6.13.0-syzkaller-09585-gb4b0881156fb #0 Not tainted
------------------------------------------------------
kworker/u4:3/46 is trying to acquire lock:
ffffffff8fcbef88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
ffffffff8fcbef88 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
but task is already holding lock:
ffff888043fb8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
ffff888043fb8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
wiphy_lock include/net/cfg80211.h:6046 [inline]
wiphy_register+0x1a49/0x27b0 net/wireless/core.c:1003
ieee80211_register_hw+0x354e/0x4240 net/mac80211/main.c:1587
mac80211_hwsim_new_radio+0x2a9f/0x4aa0 drivers/net/wireless/virtual/mac80211_hwsim.c:5558
init_mac80211_hwsim+0x87a/0xb00 drivers/net/wireless/virtual/mac80211_hwsim.c:6910
do_one_initcall+0x248/0x870 init/main.c:1257
do_initcall_level+0x157/0x210 init/main.c:1319
do_initcalls+0x3f/0x80 init/main.c:1335
kernel_init_freeable+0x435/0x5d0 init/main.c:1568
kernel_init+0x1d/0x2b0 init/main.c:1457
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1248
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
*** DEADLOCK ***
4 locks held by kworker/u4:3/46:
#0: ffff88801baef148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
#0: ffff88801baef148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
#1: ffffc90000617c60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
#1: ffffc90000617c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
#2: ffffffff8fcb29d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606
#3: ffff888043fb8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
#3: ffff888043fb8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
stack backtrace:
CPU: 0 UID: 0 PID: 46 Comm: kworker/u4:3 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1248
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Warning: Permanently added '[localhost]:48171' (ED25519) to the list of known hosts.
2025/01/30 21:15:18 ignoring optional flag "sandboxArg"="0"
2025/01/30 21:15:19 parsed 1 programs
[ 73.006002][ T5306] cgroup: Unknown subsys name 'net'
[ 73.091688][ T5306] cgroup: Unknown subsys name 'cpuset'
[ 73.095939][ T5306] cgroup: Unknown subsys name 'rlimit'
[ 74.590368][ T5306] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 76.422450][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.425055][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[ 79.142727][ T5316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 79.841796][ T5330] chnl_net:caif_netlink_parms(): no params data found
[ 79.930325][ T5330] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.934051][ T5330] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.949391][ T5330] bridge_slave_0: entered allmulticast mode
[ 79.952718][ T5330] bridge_slave_0: entered promiscuous mode
[ 79.961229][ T5330] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.964119][ T5330] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.966910][ T5330] bridge_slave_1: entered allmulticast mode
[ 79.980771][ T5330] bridge_slave_1: entered promiscuous mode
[ 80.009647][ T5330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.029241][ T5330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 80.060665][ T5330] team0: Port device team_slave_0 added
[ 80.070605][ T5330] team0: Port device team_slave_1 added
[ 80.100688][ T5330] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 80.103596][ T5330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 80.129849][ T5330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 80.139716][ T5330] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 80.142354][ T5330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 80.169472][ T5330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 80.230399][ T5330] hsr_slave_0: entered promiscuous mode
[ 80.233150][ T5330] hsr_slave_1: entered promiscuous mode
[ 80.440969][ T5330] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 80.460103][ T5330] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 80.465562][ T5330] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 80.482770][ T5330] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 80.531893][ T5330] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.535080][ T5330] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.538414][ T5330] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.541280][ T5330] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.626826][ T5330] 8021q: adding VLAN 0 to HW filter on device bond0
[ 80.663872][ T11] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.668102][ T11] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.685464][ T5330] 8021q: adding VLAN 0 to HW filter on device team0
[ 80.712580][ T11] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.715356][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.719436][ T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.722188][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.982691][ T5330] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.041309][ T5330] veth0_vlan: entered promiscuous mode
[ 81.047562][ T5330] veth1_vlan: entered promiscuous mode
[ 81.090250][ T5330] veth0_macvtap: entered promiscuous mode
[ 81.101855][ T5330] veth1_macvtap: entered promiscuous mode
[ 81.123746][ T5330] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 81.142547][ T5330] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 81.153762][ T5330] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.157084][ T5330] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.180148][ T5330] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.183391][ T5330] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.429841][ T5330] syz-executor (5330) used greatest stack depth: 18544 bytes left
[ 81.474622][ T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.570552][ T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.652141][ T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.027229][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 82.031536][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 82.034729][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 82.038238][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 82.042950][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 82.045722][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 82.922856][ T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.850353][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.853340][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.894650][ T1036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.897598][ T1036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.190705][ T46] bridge_slave_1: left allmulticast mode
[ 84.193213][ T46] bridge_slave_1: left promiscuous mode
[ 84.196466][ T46] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.241706][ T46] bridge_slave_0: left allmulticast mode
[ 84.244042][ T46] bridge_slave_0: left promiscuous mode
[ 84.246377][ T46] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.752605][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 84.762427][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 84.780011][ T46] bond0 (unregistering): Released all slaves
[ 84.936071][ T46] hsr_slave_0: left promiscuous mode
[ 84.969216][ T46] hsr_slave_1: left promiscuous mode
[ 84.973152][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 84.976092][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 85.017922][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 85.049977][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 85.082193][ T46] veth1_macvtap: left promiscuous mode
[ 85.084685][ T46] veth0_macvtap: left promiscuous mode
[ 85.086891][ T46] veth1_vlan: left promiscuous mode
[ 85.112508][ T46] veth0_vlan: left promiscuous mode
[ 85.872301][ T46] team0 (unregistering): Port device team_slave_1 removed
[ 85.911091][ T46] team0 (unregistering): Port device team_slave_0 removed
[ 86.740794][ T9] cfg80211: failed to load regulatory.db
[ 87.454131][ T46]
[ 87.455139][ T46] ======================================================
[ 87.457713][ T46] WARNING: possible circular locking dependency detected
[ 87.460309][ T46] 6.13.0-syzkaller-09585-gb4b0881156fb #0 Not tainted
[ 87.462890][ T46] ------------------------------------------------------
[ 87.466700][ T46] kworker/u4:3/46 is trying to acquire lock:
[ 87.468975][ T46] ffffffff8fcbef88 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030
[ 87.472726][ T46]
[ 87.472726][ T46] but task is already holding lock:
[ 87.475334][ T46] ffff888043fb8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 87.479053][ T46]
[ 87.479053][ T46] which lock already depends on the new lock.
[ 87.479053][ T46]
[ 87.482869][ T46]
[ 87.482869][ T46] the existing dependency chain (in reverse order) is:
[ 87.486344][ T46]
[ 87.486344][ T46] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 87.489279][ T46] lock_acquire+0x1ed/0x550
[ 87.491218][ T46] __mutex_lock+0x19c/0x1010
[ 87.493216][ T46] wiphy_register+0x1a49/0x27b0
[ 87.495318][ T46] ieee80211_register_hw+0x354e/0x4240
[ 87.497657][ T46] mac80211_hwsim_new_radio+0x2a9f/0x4aa0
[ 87.500054][ T46] init_mac80211_hwsim+0x87a/0xb00
[ 87.502198][ T46] do_one_initcall+0x248/0x870
[ 87.504237][ T46] do_initcall_level+0x157/0x210
[ 87.506368][ T46] do_initcalls+0x3f/0x80
[ 87.508270][ T46] kernel_init_freeable+0x435/0x5d0
[ 87.510449][ T46] kernel_init+0x1d/0x2b0
[ 87.512328][ T46] ret_from_fork+0x4b/0x80
[ 87.514301][ T46] ret_from_fork_asm+0x1a/0x30
[ 87.516327][ T46]
[ 87.516327][ T46] -> #0 (rtnl_mutex){+.+.}-{4:4}:
[ 87.518678][ T46] validate_chain+0x18ef/0x5920
[ 87.520679][ T46] __lock_acquire+0x1397/0x2100
[ 87.522734][ T46] lock_acquire+0x1ed/0x550
[ 87.524713][ T46] __mutex_lock+0x19c/0x1010
[ 87.526715][ T46] unregister_netdevice_many_notify+0xac2/0x2030
[ 87.529315][ T46] unregister_netdevice_queue+0x303/0x370
[ 87.531608][ T46] _cfg80211_unregister_wdev+0x163/0x590
[ 87.533839][ T46] ieee80211_remove_interfaces+0x4ef/0x700
[ 87.536086][ T46] ieee80211_unregister_hw+0x5d/0x2c0
[ 87.538239][ T46] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 87.540480][ T46] hwsim_exit_net+0x5c1/0x670
[ 87.542472][ T46] cleanup_net+0x812/0xd60
[ 87.544390][ T46] process_scheduled_works+0xa66/0x1840
[ 87.546721][ T46] worker_thread+0x870/0xd30
[ 87.548572][ T46] kthread+0x7a9/0x920
[ 87.550349][ T46] ret_from_fork+0x4b/0x80
[ 87.552232][ T46] ret_from_fork_asm+0x1a/0x30
[ 87.554301][ T46]
[ 87.554301][ T46] other info that might help us debug this:
[ 87.554301][ T46]
[ 87.558130][ T46] Possible unsafe locking scenario:
[ 87.558130][ T46]
[ 87.560980][ T46] CPU0 CPU1
[ 87.563036][ T46] ---- ----
[ 87.565107][ T46] lock(&rdev->wiphy.mtx);
[ 87.566889][ T46] lock(rtnl_mutex);
[ 87.569369][ T46] lock(&rdev->wiphy.mtx);
[ 87.571995][ T46] lock(rtnl_mutex);
[ 87.573589][ T46]
[ 87.573589][ T46] *** DEADLOCK ***
[ 87.573589][ T46]
[ 87.576642][ T46] 4 locks held by kworker/u4:3/46:
[ 87.578594][ T46] #0: ffff88801baef148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[ 87.582575][ T46] #1: ffffc90000617c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[ 87.586609][ T46] #2: ffffffff8fcb29d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60
[ 87.590121][ T46] #3: ffff888043fb8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 87.594128][ T46]
[ 87.594128][ T46] stack backtrace:
[ 87.596394][ T46] CPU: 0 UID: 0 PID: 46 Comm: kworker/u4:3 Not tainted 6.13.0-syzkaller-09585-gb4b0881156fb #0
[ 87.596407][ T46] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.596415][ T46] Workqueue: netns cleanup_net
[ 87.596432][ T46] Call Trace:
[ 87.596439][ T46]
[ 87.596444][ T46] dump_stack_lvl+0x241/0x360
[ 87.596457][ T46] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.596467][ T46] ? __pfx__printk+0x10/0x10
[ 87.596484][ T46] print_circular_bug+0x13a/0x1b0
[ 87.596496][ T46] check_noncircular+0x36a/0x4a0
[ 87.596506][ T46] ? __pfx_check_noncircular+0x10/0x10
[ 87.596516][ T46] ? lockdep_lock+0x123/0x2b0
[ 87.596552][ T46] ? mark_lock+0x9a/0x360
[ 87.596567][ T46] validate_chain+0x18ef/0x5920
[ 87.596579][ T46] ? lockdep_hardirqs_on+0x99/0x150
[ 87.596593][ T46] ? __pfx_validate_chain+0x10/0x10
[ 87.596602][ T46] ? __schedule+0x1916/0x4c90
[ 87.596616][ T46] ? __pfx___schedule+0x10/0x10
[ 87.596630][ T46] ? mark_lock+0x9a/0x360
[ 87.596644][ T46] __lock_acquire+0x1397/0x2100
[ 87.596659][ T46] lock_acquire+0x1ed/0x550
[ 87.596672][ T46] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 87.596686][ T46] ? __pfx_lock_acquire+0x10/0x10
[ 87.596700][ T46] ? __pfx___might_resched+0x10/0x10
[ 87.596715][ T46] ? kthread_queue_work+0x110/0x180
[ 87.596731][ T46] __mutex_lock+0x19c/0x1010
[ 87.596743][ T46] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 87.596756][ T46] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 87.596767][ T46] ? __pfx___mutex_lock+0x10/0x10
[ 87.596779][ T46] ? __pfx___might_resched+0x10/0x10
[ 87.596790][ T46] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 87.596802][ T46] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 87.596813][ T46] unregister_netdevice_many_notify+0xac2/0x2030
[ 87.596824][ T46] ? mark_lock+0x9a/0x360
[ 87.596839][ T46] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 87.596850][ T46] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 87.596861][ T46] ? __pfx_lock_release+0x10/0x10
[ 87.596876][ T46] unregister_netdevice_queue+0x303/0x370
[ 87.596893][ T46] ? __pfx_up_write+0x10/0x10
[ 87.596903][ T46] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 87.596918][ T46] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 87.596930][ T46] _cfg80211_unregister_wdev+0x163/0x590
[ 87.596943][ T46] ieee80211_remove_interfaces+0x4ef/0x700
[ 87.596959][ T46] ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 87.596973][ T46] ? rcu_is_watching+0x15/0xb0
[ 87.596986][ T46] ieee80211_unregister_hw+0x5d/0x2c0
[ 87.597000][ T46] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 87.597017][ T46] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 87.597034][ T46] hwsim_exit_net+0x5c1/0x670
[ 87.597047][ T46] ? __pfx_hwsim_exit_net+0x10/0x10
[ 87.597060][ T46] ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 87.597075][ T46] cleanup_net+0x812/0xd60
[ 87.597088][ T46] ? __pfx_cleanup_net+0x10/0x10
[ 87.597102][ T46] ? process_scheduled_works+0x976/0x1840
[ 87.597119][ T46] process_scheduled_works+0xa66/0x1840
[ 87.597135][ T46] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.597150][ T46] ? assign_work+0x364/0x3d0
[ 87.597162][ T46] worker_thread+0x870/0xd30
[ 87.597176][ T46] ? __kthread_parkme+0x169/0x1d0
[ 87.597189][ T46] ? __pfx_worker_thread+0x10/0x10
[ 87.597201][ T46] kthread+0x7a9/0x920
[ 87.597213][ T46] ? __pfx_kthread+0x10/0x10
[ 87.597226][ T46] ? __pfx_worker_thread+0x10/0x10
[ 87.597238][ T46] ? __pfx_kthread+0x10/0x10
[ 87.597250][ T46] ? __pfx_kthread+0x10/0x10
[ 87.597262][ T46] ? __pfx_kthread+0x10/0x10
[ 87.597275][ T46] ? _raw_spin_unlock_irq+0x23/0x50
[ 87.597285][ T46] ? lockdep_hardirqs_on+0x99/0x150
[ 87.597295][ T46] ? __pfx_kthread+0x10/0x10
[ 87.597307][ T46] ret_from_fork+0x4b/0x80
[ 87.597320][ T46] ? __pfx_kthread+0x10/0x10
[ 87.597333][ T46] ret_from_fork_asm+0x1a/0x30
[ 87.597348][ T46]
2025/01/30 21:15:36 executed programs: 0
[ 88.105989][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 88.123549][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 88.134472][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 88.137573][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 88.141081][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 88.143977][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 88.363988][ T5433] chnl_net:caif_netlink_parms(): no params data found
[ 88.472282][ T5433] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.475298][ T5433] bridge0: port 1(bridge_slave_0) entered disabled state
[ 88.478010][ T5433] bridge_slave_0: entered allmulticast mode
[ 88.489846][ T5433] bridge_slave_0: entered promiscuous mode
[ 88.530254][ T5433] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.533159][ T5433] bridge0: port 2(bridge_slave_1) entered disabled state
[ 88.535805][ T5433] bridge_slave_1: entered allmulticast mode
[ 88.543585][ T5433] bridge_slave_1: entered promiscuous mode
[ 88.590898][ T5433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 88.621374][ T5433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 88.692673][ T5433] team0: Port device team_slave_0 added
[ 88.695934][ T5433] team0: Port device team_slave_1 added
[ 88.738930][ T5433] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 88.741690][ T5433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.768661][ T5433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 88.791418][ T5433] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 88.794102][ T5433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.829861][ T5433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 88.867225][ T5433] hsr_slave_0: entered promiscuous mode
[ 88.877438][ T5433] hsr_slave_1: entered promiscuous mode
[ 89.170187][ T5433] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 89.179360][ T5433] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 89.188098][ T5433] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 89.194403][ T5433] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 89.271360][ T5433] 8021q: adding VLAN 0 to HW filter on device bond0
[ 89.297599][ T5433] 8021q: adding VLAN 0 to HW filter on device team0
[ 89.310531][ T1036] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.313255][ T1036] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 89.329544][ T1036] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.332065][ T1036] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 89.486641][ T5433] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 89.535983][ T5433] veth0_vlan: entered promiscuous mode
[ 89.557609][ T5433] veth1_vlan: entered promiscuous mode
[ 89.603717][ T5433] veth0_macvtap: entered promiscuous mode
[ 89.622342][ T5433] veth1_macvtap: entered promiscuous mode
[ 89.647382][ T5433] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 89.670505][ T5433] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 89.675860][ T5433] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.681784][ T5433] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.685187][ T5433] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.688440][ T5433] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.734906][ T5433] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 89.769912][ T1040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.772971][ T1040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.779985][ T5433] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 89.810333][ T1040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.813831][ T1040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.625484][ T1036] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.122752][ T1036] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.166871][ T1036] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.198040][ T1036] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 93.285780][ T1036] bridge_slave_1: left allmulticast mode
[ 93.288072][ T1036] bridge_slave_1: left promiscuous mode
[ 93.296000][ T1036] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.309910][ T1036] bridge_slave_0: left allmulticast mode
[ 93.320178][ T1036] bridge_slave_0: left promiscuous mode
[ 93.322475][ T1036] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.442127][ T1036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 93.450308][ T1036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 93.461523][ T1036] bond0 (unregistering): Released all slaves
[ 93.589779][ T1036] hsr_slave_0: left promiscuous mode
[ 93.592158][ T1036] hsr_slave_1: left promiscuous mode
[ 93.594473][ T1036] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 93.597201][ T1036] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 93.609858][ T1036] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 93.612684][ T1036] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 93.629827][ T1036] veth1_macvtap: left promiscuous mode
[ 93.632003][ T1036] veth0_macvtap: left promiscuous mode
[ 93.634253][ T1036] veth1_vlan: left promiscuous mode
[ 93.636300][ T1036] veth0_vlan: left promiscuous mode
[ 93.743910][ T1036] team0 (unregistering): Port device team_slave_1 removed
[ 93.749839][ T1036] team0 (unregistering): Port device team_slave_0 removed
VM DIAGNOSIS:
21:15:36 Registers:
info registers vcpu 0
CPU#0
RAX=000000000000002d RBX=ffffffff9a7430c0 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc900006164b0
R8 =ffffffff8576838b R9 =1ffff110065bc046 R10=dffffc0000000000 R11=ffffffff85768340
R12=dffffc0000000000 R13=000000000000002d R14=000000000000002d R15=00000000000003f8
RIP=ffffffff857683be RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2ec14ff8 CR3=0000000041352000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000208001 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 4fdabc6a73c19100
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 00007ffc2f9a3d50
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6388106260 00007f6388106f68
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc2f9a3ea0 0000000000000003
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000003000000028 00007f6387f26452
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f638810c488 00007f638810c480 00007f638810c478 00007f638810c450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6388c6d100 00007f638810c440 00007f638810c458 00007f638810c4a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f638810c498 00007f638810c490 00007f638810c488 00007f638810c480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build878013875=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at 65e8686b0e9
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=65e8686b0e9e909b6ea5629f95a9b14e81927872 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241025-124232'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"65e8686b0e9e909b6ea5629f95a9b14e81927872\"
/usr/bin/ld: /tmp/cc32eoZn.o: in function `test_cover_filter()':
executor.cc:(.text+0x1426b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/cc32eoZn.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking