possible deadlock in ieee80211_remove_interfaces
======================================================
WARNING: possible circular locking dependency detected
6.13.0-syzkaller-07632-gaa22f4da2a46 #0 Not tainted
------------------------------------------------------
kworker/u8:0/11 is trying to acquire lock:
ffffffff8f1fb0c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
ffffffff8f1fb0c8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xacf/0x2270 net/core/dev.c:11792
but task is already holding lock:
ffff88806c350768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
ffff88806c350768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6b0 net/mac80211/iface.c:2280
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x198/0x1000 kernel/locking/mutex.c:730
wiphy_lock include/net/cfg80211.h:6046 [inline]
wiphy_register+0x1a2f/0x2770 net/wireless/core.c:1006
ieee80211_register_hw+0x3540/0x4220 net/mac80211/main.c:1587
mac80211_hwsim_new_radio+0x2a9b/0x4a80 drivers/net/wireless/virtual/mac80211_hwsim.c:5558
init_mac80211_hwsim+0x876/0xb00 drivers/net/wireless/virtual/mac80211_hwsim.c:6910
do_one_initcall+0x244/0x840 init/main.c:1267
do_initcall_level+0x157/0x210 init/main.c:1329
do_initcalls+0x3f/0x80 init/main.c:1345
kernel_init_freeable+0x431/0x5d0 init/main.c:1578
kernel_init+0x19/0x2b0 init/main.c:1467
ret_from_fork+0x47/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (
rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain kernel/locking/lockdep.c:3906 [inline]
__lock_acquire+0x3012/0x81c0 kernel/locking/lockdep.c:5228
lock_acquire+0x1e9/0x540 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x198/0x1000 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xacf/0x2270 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x2ff/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x580 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4e3/0x6b0 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x59/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c0/0x4b0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5bd/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x80e/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa62/0x1820 kernel/workqueue.c:3317
worker_thread+0xa27/0xf70 kernel/workqueue.c:3398
kthread+0x7a5/0x910 kernel/kthread.c:464
ret_from_fork+0x47/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
*** DEADLOCK ***
4 locks held by kworker/u8:0/11:
#0: ffff88801aee5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
#0: ffff88801aee5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x937/0x1820 kernel/workqueue.c:3317
#1: ffffc90000107c80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
#1: ffffc90000107c80 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x972/0x1820 kernel/workqueue.c:3317
#2: ffffffff8f1eec50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x176/0xd60 net/core/net_namespace.c:606
#3: ffff88806c350768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
#3: ffff88806c350768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6b0 net/mac80211/iface.c:2280
stack backtrace:
CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-syzkaller-07632-gaa22f4da2a46 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x23d/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
check_noncircular+0x375/0x4a0 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain kernel/locking/lockdep.c:3906 [inline]
__lock_acquire+0x3012/0x81c0 kernel/locking/lockdep.c:5228
lock_acquire+0x1e9/0x540 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x198/0x1000 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xacf/0x2270 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x2ff/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x580 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4e3/0x6b0 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x59/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c0/0x4b0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5bd/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x80e/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa62/0x1820 kernel/workqueue.c:3317
worker_thread+0xa27/0xf70 kernel/workqueue.c:3398
kthread+0x7a5/0x910 kernel/kthread.c:464
ret_from_fork+0x47/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts.
2025/01/26 13:46:21 ignoring optional flag "sandboxArg"="0"
2025/01/26 13:46:22 parsed 1 programs
[ 67.853382][ T5156] cgroup: Unknown subsys name 'net'
[ 68.007434][ T5156] cgroup: Unknown subsys name 'cpuset'
[ 68.015796][ T5156] cgroup: Unknown subsys name 'rlimit'
[ 68.021568][ T5156] cgroup: Unknown subsys name 'memory'
[ 69.520848][ T5156] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 71.665717][ T1252] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.672434][ T1252] ieee802154 phy1 wpan1: encryption failed: -22
[ 73.399283][ T5197] chnl_net:caif_netlink_parms(): no params data found
[ 73.483942][ T5197] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.491694][ T5197] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.499443][ T5197] bridge_slave_0: entered allmulticast mode
[ 73.514489][ T5197] bridge_slave_0: entered promiscuous mode
[ 73.523633][ T5197] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.530753][ T5197] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.538171][ T5197] bridge_slave_1: entered allmulticast mode
[ 73.545312][ T5197] bridge_slave_1: entered promiscuous mode
[ 73.574075][ T5197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.585660][ T5197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.611362][ T5197] team0: Port device team_slave_0 added
[ 73.620470][ T5197] team0: Port device team_slave_1 added
[ 73.645411][ T5197] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.652419][ T5197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.678906][ T5197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.692878][ T5197] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.701089][ T5197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.727443][ T5197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 73.765538][ T5197] hsr_slave_0: entered promiscuous mode
[ 73.771736][ T5197] hsr_slave_1: entered promiscuous mode
[ 73.876931][ T5197] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 73.888250][ T5197] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 73.897666][ T5197] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 73.908178][ T5197] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 73.934108][ T5197] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.941448][ T5197] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 73.950111][ T5197] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.957271][ T5197] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.011528][ T5197] 8021q: adding VLAN 0 to HW filter on device bond0
[ 74.029275][ T66] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.038898][ T66] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.055617][ T5197] 8021q: adding VLAN 0 to HW filter on device team0
[ 74.068928][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.076078][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.091052][ T66] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.098211][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.240896][ T5197] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 74.276764][ T5197] veth0_vlan: entered promiscuous mode
[ 74.288896][ T5197] veth1_vlan: entered promiscuous mode
[ 74.316470][ T5197] veth0_macvtap: entered promiscuous mode
[ 74.325780][ T5197] veth1_macvtap: entered promiscuous mode
[ 74.342240][ T5197] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 74.357047][ T5197] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.368362][ T5197] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.378032][ T5197] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.386907][ T5197] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.396208][ T5197] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.509917][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.526188][ T5215] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 74.540895][ T5215] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 74.549699][ T5215] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 74.558547][ T5215] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 74.566896][ T5215] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 74.575247][ T5215] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 74.595287][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.714842][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.822434][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.321531][ T2936] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.331119][ T2936] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.362779][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.371604][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/01/26 13:46:33 executed programs: 0
[ 75.551675][ T5215] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 75.560424][ T5215] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 75.568821][ T5215] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 75.582158][ T5215] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 75.590254][ T5215] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 75.598314][ T5215] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 75.719345][ T5249] chnl_net:caif_netlink_parms(): no params data found
[ 75.776320][ T5249] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.783902][ T5249] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.791082][ T5249] bridge_slave_0: entered allmulticast mode
[ 75.798285][ T5249] bridge_slave_0: entered promiscuous mode
[ 75.807611][ T5249] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.815287][ T5249] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.822463][ T5249] bridge_slave_1: entered allmulticast mode
[ 75.829946][ T5249] bridge_slave_1: entered promiscuous mode
[ 75.857526][ T5249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 75.869343][ T5249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 75.899298][ T5249] team0: Port device team_slave_0 added
[ 75.907613][ T5249] team0: Port device team_slave_1 added
[ 75.931662][ T5249] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 75.939502][ T5249] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 75.965923][ T5249] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 75.979182][ T5249] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 75.986453][ T5249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 76.012736][ T5249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 76.051812][ T5249] hsr_slave_0: entered promiscuous mode
[ 76.058197][ T5249] hsr_slave_1: entered promiscuous mode
[ 76.064625][ T5249] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 76.072485][ T5249] Cannot create hsr debugfs directory
[ 77.375975][ T11] bridge_slave_1: left allmulticast mode
[ 77.382143][ T11] bridge_slave_1: left promiscuous mode
[ 77.389691][ T11] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.402458][ T11] bridge_slave_0: left allmulticast mode
[ 77.408762][ T11] bridge_slave_0: left promiscuous mode
[ 77.415314][ T11] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.658260][ T4553] Bluetooth: hci0: command tx timeout
[ 77.707432][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 77.718531][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 77.729233][ T11] bond0 (unregistering): Released all slaves
[ 77.825396][ T11] hsr_slave_0: left promiscuous mode
[ 77.831599][ T11] hsr_slave_1: left promiscuous mode
[ 77.838462][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 77.846081][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 77.858640][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 77.866856][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 77.888114][ T11] veth1_macvtap: left promiscuous mode
[ 77.898375][ T11] veth0_macvtap: left promiscuous mode
[ 77.906013][ T11] veth1_vlan: left promiscuous mode
[ 77.911573][ T11] veth0_vlan: left promiscuous mode
[ 78.328832][ T11] team0 (unregistering): Port device team_slave_1 removed
[ 78.359077][ T11] team0 (unregistering): Port device team_slave_0 removed
[ 78.737737][ T5249] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 78.762440][ T5249] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 78.777421][ T5249] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 78.800224][ T5249] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 78.915677][ T5249] 8021q: adding VLAN 0 to HW filter on device bond0
[ 78.945945][ T5249] 8021q: adding VLAN 0 to HW filter on device team0
[ 78.962481][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.970089][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.000271][ T2936] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.007645][ T2936] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.433770][ T11]
[ 79.436144][ T11] ======================================================
[ 79.443164][ T11] WARNING: possible circular locking dependency detected
[ 79.450199][ T11] 6.13.0-syzkaller-07632-gaa22f4da2a46 #0 Not tainted
[ 79.456907][ T5249] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 79.457204][ T11] ------------------------------------------------------
[ 79.471003][ T11] kworker/u8:0/11 is trying to acquire lock:
[ 79.477007][ T11] ffffffff8f1fb0c8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xacf/0x2270
[ 79.487426][ T11]
[ 79.487426][ T11] but task is already holding lock:
[ 79.492156][ T5249] veth0_vlan: entered promiscuous mode
[ 79.494801][ T11] ffff88806c350768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6b0
[ 79.507395][ T5249] veth1_vlan: entered promiscuous mode
[ 79.510697][ T11]
[ 79.510697][ T11] which lock already depends on the new lock.
[ 79.510697][ T11]
[ 79.510708][ T11]
[ 79.510708][ T11] the existing dependency chain (in reverse order) is:
[ 79.535628][ T11]
[ 79.535628][ T11] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 79.537472][ T5249] veth0_macvtap: entered promiscuous mode
[ 79.543401][ T11] __mutex_lock+0x198/0x1000
[ 79.543429][ T11] wiphy_register+0x1a2f/0x2770
[ 79.543459][ T11] ieee80211_register_hw+0x3540/0x4220
[ 79.543481][ T11] mac80211_hwsim_new_radio+0x2a9b/0x4a80
[ 79.552705][ T5249] veth1_macvtap: entered promiscuous mode
[ 79.554293][ T11] init_mac80211_hwsim+0x876/0xb00
[ 79.554319][ T11] do_one_initcall+0x244/0x840
[ 79.570952][ T5249] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 79.571901][ T11] do_initcall_level+0x157/0x210
[ 79.583783][ T5249] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 79.588516][ T11] do_initcalls+0x3f/0x80
[ 79.599930][ T5249] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.601139][ T11] kernel_init_freeable+0x431/0x5d0
[ 79.609226][ T5249] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.613192][ T11] kernel_init+0x19/0x2b0
[ 79.613222][ T11] ret_from_fork+0x47/0x80
[ 79.613252][ T11] ret_from_fork_asm+0x1a/0x30
[ 79.613280][ T11]
[ 79.613280][ T11] -> #0 (
[ 79.622408][ T5249] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.627640][ T11] rtnl_mutex){+.+.}-{4:4}:
[ 79.627666][ T11] __lock_acquire+0x3012/0x81c0
[ 79.627696][ T11] lock_acquire+0x1e9/0x540
[ 79.627722][ T11] __mutex_lock+0x198/0x1000
[ 79.627742][ T11] unregister_netdevice_many_notify+0xacf/0x2270
[ 79.637765][ T5249] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 79.641269][ T11] unregister_netdevice_queue+0x2ff/0x370
[ 79.706983][ T11] _cfg80211_unregister_wdev+0x163/0x580
[ 79.713150][ T11] ieee80211_remove_interfaces+0x4e3/0x6b0
[ 79.719489][ T11] ieee80211_unregister_hw+0x59/0x2c0
[ 79.725385][ T11] mac80211_hwsim_del_radio+0x2c0/0x4b0
[ 79.731473][ T11] hwsim_exit_net+0x5bd/0x670
[ 79.736672][ T11] cleanup_net+0x80e/0xd60
[ 79.741617][ T11] process_scheduled_works+0xa62/0x1820
[ 79.747687][ T11] worker_thread+0xa27/0xf70
[ 79.752829][ T11] kthread+0x7a5/0x910
[ 79.757449][ T11] ret_from_fork+0x47/0x80
[ 79.762412][ T11] ret_from_fork_asm+0x1a/0x30
[ 79.767720][ T11]
[ 79.767720][ T11] other info that might help us debug this:
[ 79.767720][ T11]
[ 79.777953][ T11] Possible unsafe locking scenario:
[ 79.777953][ T11]
[ 79.785436][ T11] CPU0 CPU1
[ 79.790884][ T11] ---- ----
[ 79.796245][ T11] lock(&rdev->wiphy.mtx);
[ 79.800753][ T11] lock(rtnl_mutex);
[ 79.807264][ T11] lock(&rdev->wiphy.mtx);
[ 79.814293][ T11] lock(rtnl_mutex);
[ 79.818285][ T11]
[ 79.818285][ T11] *** DEADLOCK ***
[ 79.818285][ T11]
[ 79.826429][ T11] 4 locks held by kworker/u8:0/11:
[ 79.831555][ T11] #0: ffff88801aee5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x937/0x1820
[ 79.842470][ T11] #1: ffffc90000107c80 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x972/0x1820
[ 79.853020][ T11] #2: ffffffff8f1eec50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x176/0xd60
[ 79.862446][ T11] #3: ffff88806c350768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6b0
[ 79.873273][ T11]
[ 79.873273][ T11] stack backtrace:
[ 79.879168][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-syzkaller-07632-gaa22f4da2a46 #0
[ 79.879187][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 79.879203][ T11] Workqueue: netns cleanup_net
[ 79.879231][ T11] Call Trace:
[ 79.879238][ T11]
[ 79.879245][ T11] dump_stack_lvl+0x23d/0x360
[ 79.879268][ T11] ? __pfx_dump_stack_lvl+0x10/0x10
[ 79.879288][ T11] ? __pfx__printk+0x10/0x10
[ 79.879312][ T11] print_circular_bug+0x13a/0x1b0
[ 79.879331][ T11] check_noncircular+0x375/0x4a0
[ 79.879354][ T11] ? __pfx_check_noncircular+0x10/0x10
[ 79.879371][ T11] ? lockdep_lock+0x11f/0x2e0
[ 79.879394][ T11] ? mark_lock+0x9a/0x350
[ 79.879417][ T11] ? finish_task_switch+0x1e5/0x840
[ 79.879444][ T11] __lock_acquire+0x3012/0x81c0
[ 79.879476][ T11] ? __pfx___lock_acquire+0x10/0x10
[ 79.879504][ T11] ? synchronize_rcu_expedited+0x69f/0x820
[ 79.879523][ T11] ? __pfx_lock_release+0x10/0x10
[ 79.879545][ T11] ? preempt_schedule_common+0x84/0xd0
[ 79.879572][ T11] ? preempt_schedule+0xdd/0xf0
[ 79.879602][ T11] lock_acquire+0x1e9/0x540
[ 79.879624][ T11] ? unregister_netdevice_many_notify+0xacf/0x2270
[ 79.879646][ T11] ? __pfx_lock_acquire+0x10/0x10
[ 79.879669][ T11] ? __pfx___might_resched+0x10/0x10
[ 79.879690][ T11] ? kthread_queue_work+0x10c/0x180
[ 79.879716][ T11] __mutex_lock+0x198/0x1000
[ 79.879733][ T11] ? unregister_netdevice_many_notify+0xacf/0x2270
[ 79.879755][ T11] ? unregister_netdevice_many_notify+0xacf/0x2270
[ 79.879774][ T11] ? __pfx___mutex_lock+0x10/0x10
[ 79.879791][ T11] ? __pfx___might_resched+0x10/0x10
[ 79.879811][ T11] ? unregister_netdevice_many_notify+0xa07/0x2270
[ 79.879830][ T11] ? unregister_netdevice_many_notify+0xa07/0x2270
[ 79.879850][ T11] unregister_netdevice_many_notify+0xacf/0x2270
[ 79.879871][ T11] ? mark_lock+0x9a/0x350
[ 79.879897][ T11] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 79.879918][ T11] ? kernfs_remove_by_name_ns+0x113/0x150
[ 79.879937][ T11] ? __pfx_lock_release+0x10/0x10
[ 79.879967][ T11] unregister_netdevice_queue+0x2ff/0x370
[ 79.879995][ T11] ? __pfx_up_write+0x10/0x10
[ 79.880011][ T11] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 79.880040][ T11] ? kernfs_remove_by_name_ns+0x113/0x150
[ 79.880059][ T11] _cfg80211_unregister_wdev+0x163/0x580
[ 79.880079][ T11] ieee80211_remove_interfaces+0x4e3/0x6b0
[ 79.880104][ T11] ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 79.880127][ T11] ? rcu_is_watching+0x11/0xb0
[ 79.880145][ T11] ieee80211_unregister_hw+0x59/0x2c0
[ 79.880165][ T11] mac80211_hwsim_del_radio+0x2c0/0x4b0
[ 79.880188][ T11] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 79.880212][ T11] hwsim_exit_net+0x5bd/0x670
[ 79.880239][ T11] ? __pfx_hwsim_exit_net+0x10/0x10
[ 79.880255][ T11] ? __ip_vs_dev_cleanup_batch+0x235/0x250
[ 79.880278][ T11] cleanup_net+0x80e/0xd60
[ 79.880301][ T11] ? __pfx_cleanup_net+0x10/0x10
[ 79.880326][ T11] ? process_scheduled_works+0x972/0x1820
[ 79.880352][ T11] process_scheduled_works+0xa62/0x1820
[ 79.880379][ T11] ? __pfx_process_scheduled_works+0x10/0x10
[ 79.880400][ T11] ? assign_work+0x364/0x3d0
[ 79.880419][ T11] worker_thread+0xa27/0xf70
[ 79.880444][ T11] ? __pfx_worker_thread+0x10/0x10
[ 79.880463][ T11] kthread+0x7a5/0x910
[ 79.880484][ T11] ? __pfx_kthread+0x10/0x10
[ 79.880506][ T11] ? __pfx_worker_thread+0x10/0x10
[ 79.880525][ T11] ? __pfx_kthread+0x10/0x10
[ 79.880546][ T11] ? __pfx_kthread+0x10/0x10
[ 79.880569][ T11] ? __pfx_kthread+0x10/0x10
[ 79.880590][ T11] ? _raw_spin_unlock_irq+0x1f/0x50
[ 79.880614][ T11] ? lockdep_hardirqs_on+0x95/0x140
[ 79.880628][ T11] ? __pfx_kthread+0x10/0x10
[ 79.880651][ T11] ret_from_fork+0x47/0x80
[ 79.880674][ T11] ? __pfx_kthread+0x10/0x10
[ 79.880696][ T11] ret_from_fork_asm+0x1a/0x30
[ 79.880723][ T11]
[ 80.263784][ T4553] Bluetooth: hci0: command tx timeout
[ 80.298237][ T5249] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 80.322300][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 80.325569][ T5249] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 80.332457][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 80.369190][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 80.377504][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1824516956=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at 15fa29791c
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=15fa29791c1707abd7faed4110e284d0ccb72fae -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241022-150553'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"15fa29791c1707abd7faed4110e284d0ccb72fae\"
/usr/bin/ld: /tmp/ccsVBOis.o: in function `test_cover_filter()':
executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccsVBOis.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking