possible deadlock in ieee80211_remove_interfaces
======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc7-syzkaller-gcf33d96f5090 #0 Not tainted
------------------------------------------------------
kworker/u8:3/54 is trying to acquire lock:
ffffffff8fcb4e08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
ffffffff8fcb4e08 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
but task is already holding lock:
ffff888064070768 (
&rdev->wiphy.mtx
){+.+.}-{4:4}
, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
wiphy_lock include/net/cfg80211.h:6046 [inline]
wiphy_register+0x1a49/0x27b0 net/wireless/core.c:1006
ieee80211_register_hw+0x354e/0x4240 net/mac80211/main.c:1587
mac80211_hwsim_new_radio+0x2a9f/0x4a90 drivers/net/wireless/virtual/mac80211_hwsim.c:5558
init_mac80211_hwsim+0x87a/0xb00 drivers/net/wireless/virtual/mac80211_hwsim.c:6910
do_one_initcall+0x248/0x870 init/main.c:1266
do_initcall_level+0x157/0x210 init/main.c:1328
do_initcalls+0x3f/0x80 init/main.c:1344
kernel_init_freeable+0x435/0x5d0 init/main.c:1577
kernel_init+0x1d/0x2b0 init/main.c:1466
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
*** DEADLOCK ***
4 locks held by kworker/u8:3/54:
#0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
#0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
#1: ffffc90000be7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
#1: ffffc90000be7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
#2: ffffffff8fca8850 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606
#3: ffff888064070768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
#3: ffff888064070768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
stack backtrace:
CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc7-syzkaller-gcf33d96f5090 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Warning: Permanently added '10.128.0.116' (ED25519) to the list of known hosts.
2025/01/22 08:31:36 ignoring optional flag "sandboxArg"="0"
2025/01/22 08:31:36 ignoring optional flag "type"="gce"
2025/01/22 08:31:37 parsed 1 programs
[ 63.665177][ T5829] cgroup: Unknown subsys name 'net'
[ 63.795698][ T5829] cgroup: Unknown subsys name 'cpuset'
[ 63.804625][ T5829] cgroup: Unknown subsys name 'rlimit'
[ 65.030062][ T5829] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 67.482327][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 67.892135][ T5855] chnl_net:caif_netlink_parms(): no params data found
[ 67.957731][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.965649][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.973275][ T5855] bridge_slave_0: entered allmulticast mode
[ 67.980005][ T5855] bridge_slave_0: entered promiscuous mode
[ 67.989373][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.997308][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.004886][ T5855] bridge_slave_1: entered allmulticast mode
[ 68.012691][ T5855] bridge_slave_1: entered promiscuous mode
[ 68.039725][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 68.050750][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 68.075159][ T5855] team0: Port device team_slave_0 added
[ 68.082323][ T5855] team0: Port device team_slave_1 added
[ 68.123992][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 68.130976][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 68.157631][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 68.171055][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 68.178163][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 68.204250][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 68.246250][ T5855] hsr_slave_0: entered promiscuous mode
[ 68.252441][ T5855] hsr_slave_1: entered promiscuous mode
[ 68.347666][ T5855] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 68.359525][ T5855] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 68.369182][ T5855] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 68.379207][ T5855] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 68.410331][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.417533][ T5855] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.425404][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.432479][ T5855] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.480088][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[ 68.496975][ T2208] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.506536][ T2208] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.522601][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[ 68.534666][ T2208] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.541870][ T2208] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.557072][ T2208] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.564199][ T2208] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.681637][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.716790][ T5855] veth0_vlan: entered promiscuous mode
[ 68.728394][ T5855] veth1_vlan: entered promiscuous mode
[ 68.751186][ T5855] veth0_macvtap: entered promiscuous mode
[ 68.759916][ T5855] veth1_macvtap: entered promiscuous mode
[ 68.776982][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.790741][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.801680][ T5855] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.811258][ T5855] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.820630][ T5855] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.829557][ T5855] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.913439][ T5855] syz-executor (5855) used greatest stack depth: 18960 bytes left
[ 68.938408][ T54] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.009403][ T54] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.097765][ T54] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.195602][ T54] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 69.310899][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 69.319768][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 69.328622][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 69.337513][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 69.345877][ T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 69.353843][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 69.834721][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.846226][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.869308][ T4476] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.877659][ T4476] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/01/22 08:31:46 executed programs: 0
[ 70.550773][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 70.559279][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 70.568031][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 70.576592][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 70.584711][ T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 70.592191][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 70.696734][ T5919] chnl_net:caif_netlink_parms(): no params data found
[ 70.745279][ T5919] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.752550][ T5919] bridge0: port 1(bridge_slave_0) entered disabled state
[ 70.760219][ T5919] bridge_slave_0: entered allmulticast mode
[ 70.767651][ T5919] bridge_slave_0: entered promiscuous mode
[ 70.775828][ T5919] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.783782][ T5919] bridge0: port 2(bridge_slave_1) entered disabled state
[ 70.790974][ T5919] bridge_slave_1: entered allmulticast mode
[ 70.798021][ T5919] bridge_slave_1: entered promiscuous mode
[ 70.820565][ T5919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 70.832267][ T5919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 70.857390][ T5919] team0: Port device team_slave_0 added
[ 70.865837][ T5919] team0: Port device team_slave_1 added
[ 70.884264][ T5919] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 70.891476][ T5919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.918352][ T5919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.932580][ T5919] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.939630][ T5919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.966352][ T5919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.997700][ T5919] hsr_slave_0: entered promiscuous mode
[ 71.004019][ T5919] hsr_slave_1: entered promiscuous mode
[ 71.010208][ T5919] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 71.018252][ T5919] Cannot create hsr debugfs directory
[ 71.745461][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.751914][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.910819][ T54] bridge_slave_1: left allmulticast mode
[ 71.918043][ T54] bridge_slave_1: left promiscuous mode
[ 71.926490][ T54] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.941115][ T54] bridge_slave_0: left allmulticast mode
[ 71.946975][ T54] bridge_slave_0: left promiscuous mode
[ 71.952873][ T54] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.210848][ T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 72.221975][ T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 72.232213][ T54] bond0 (unregistering): Released all slaves
[ 72.407494][ T54] hsr_slave_0: left promiscuous mode
[ 72.421989][ T54] hsr_slave_1: left promiscuous mode
[ 72.429301][ T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 72.436998][ T54] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 72.446164][ T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 72.453949][ T54] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 72.477522][ T54] veth1_macvtap: left promiscuous mode
[ 72.485755][ T54] veth0_macvtap: left promiscuous mode
[ 72.491386][ T54] veth1_vlan: left promiscuous mode
[ 72.498158][ T54] veth0_vlan: left promiscuous mode
[ 72.637605][ T5145] Bluetooth: hci0: command tx timeout
[ 72.818293][ T54] team0 (unregistering): Port device team_slave_1 removed
[ 72.846543][ T54] team0 (unregistering): Port device team_slave_0 removed
[ 73.117081][ T5919] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 73.127148][ T5919] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 73.143620][ T5919] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 73.159949][ T5919] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 73.306427][ T5919] 8021q: adding VLAN 0 to HW filter on device bond0
[ 73.336507][ T5919] 8021q: adding VLAN 0 to HW filter on device team0
[ 73.367728][ T4331] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.375006][ T4331] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 73.403727][ T4331] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.410861][ T4331] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 73.781997][ T5919] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 73.921965][ T5919] veth0_vlan: entered promiscuous mode
[ 73.928889][ T54]
[ 73.931258][ T54] ======================================================
[ 73.937005][ T5919] veth1_vlan: entered promiscuous mode
[ 73.938348][ T54] WARNING: possible circular locking dependency detected
[ 73.938369][ T54] 6.13.0-rc7-syzkaller-gcf33d96f5090 #0 Not tainted
[ 73.957423][ T54] ------------------------------------------------------
[ 73.959635][ T5919] veth0_macvtap: entered promiscuous mode
[ 73.964438][ T54] kworker/u8:3/54 is trying to acquire lock:
[ 73.964451][ T54] ffffffff8fcb4e08 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030
[ 73.973592][ T5919] veth1_macvtap: entered promiscuous mode
[ 73.976238][ T54]
[ 73.976238][ T54] but task is already holding lock:
[ 73.976247][ T54] ffff888064070768 (
[ 73.996259][ T5919] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 73.999874][ T54] &rdev->wiphy.mtx
[ 74.008473][ T5919] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.010922][ T54] ){+.+.}-{4:4}
[ 74.019661][ T5919] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.021788][ T54] , at: ieee80211_remove_interfaces+0x129/0x700
[ 74.025366][ T5919] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.033866][ T54]
[ 74.033866][ T54] which lock already depends on the new lock.
[ 74.033866][ T54]
[ 74.033874][ T54]
[ 74.033874][ T54] the existing dependency chain (in reverse order) is:
[ 74.033879][ T54]
[ 74.033879][ T54] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 74.033908][ T54] lock_acquire+0x1ed/0x550
[ 74.033928][ T54] __mutex_lock+0x1ac/0xee0
[ 74.033945][ T54] wiphy_register+0x1a49/0x27b0
[ 74.033969][ T54] ieee80211_register_hw+0x354e/0x4240
[ 74.042331][ T5919] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.048835][ T54] mac80211_hwsim_new_radio+0x2a9f/0x4a90
[ 74.048862][ T54] init_mac80211_hwsim+0x87a/0xb00
[ 74.048881][ T54] do_one_initcall+0x248/0x870
[ 74.048902][ T54] do_initcall_level+0x157/0x210
[ 74.048920][ T54] do_initcalls+0x3f/0x80
[ 74.048936][ T54] kernel_init_freeable+0x435/0x5d0
[ 74.048953][ T54] kernel_init+0x1d/0x2b0
[ 74.048973][ T54] ret_from_fork+0x4b/0x80
[ 74.060531][ T5919] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.068342][ T54] ret_from_fork_asm+0x1a/0x30
[ 74.068365][ T54]
[ 74.068365][ T54] -> #0 (rtnl_mutex){+.+.}-{4:4}:
[ 74.068393][ T54] validate_chain+0x18ef/0x5920
[ 74.068413][ T54] __lock_acquire+0x1397/0x2100
[ 74.068430][ T54] lock_acquire+0x1ed/0x550
[ 74.068446][ T54] __mutex_lock+0x1ac/0xee0
[ 74.068464][ T54] unregister_netdevice_many_notify+0xac2/0x2030
[ 74.068486][ T54] unregister_netdevice_queue+0x303/0x370
[ 74.068506][ T54] _cfg80211_unregister_wdev+0x163/0x590
[ 74.068520][ T54] ieee80211_remove_interfaces+0x4ef/0x700
[ 74.216703][ T54] ieee80211_unregister_hw+0x5d/0x2c0
[ 74.222603][ T54] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 74.228670][ T54] hwsim_exit_net+0x5c1/0x670
[ 74.233950][ T54] cleanup_net+0x812/0xd60
[ 74.238887][ T54] process_scheduled_works+0xa66/0x1840
[ 74.244975][ T54] worker_thread+0x870/0xd30
[ 74.250074][ T54] kthread+0x2f0/0x390
[ 74.254655][ T54] ret_from_fork+0x4b/0x80
[ 74.259592][ T54] ret_from_fork_asm+0x1a/0x30
[ 74.264864][ T54]
[ 74.264864][ T54] other info that might help us debug this:
[ 74.264864][ T54]
[ 74.275086][ T54] Possible unsafe locking scenario:
[ 74.275086][ T54]
[ 74.282523][ T54] CPU0 CPU1
[ 74.287874][ T54] ---- ----
[ 74.293226][ T54] lock(&rdev->wiphy.mtx);
[ 74.297732][ T54] lock(rtnl_mutex);
[ 74.304320][ T54] lock(&rdev->wiphy.mtx);
[ 74.311337][ T54] lock(rtnl_mutex);
[ 74.315318][ T54]
[ 74.315318][ T54] *** DEADLOCK ***
[ 74.315318][ T54]
[ 74.323448][ T54] 4 locks held by kworker/u8:3/54:
[ 74.328541][ T54] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[ 74.339408][ T54] #1: ffffc90000be7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[ 74.349952][ T54] #2: ffffffff8fca8850 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60
[ 74.359440][ T54] #3: ffff888064070768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 74.370346][ T54]
[ 74.370346][ T54] stack backtrace:
[ 74.376274][ T54] CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc7-syzkaller-gcf33d96f5090 #0
[ 74.386430][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 74.396584][ T54] Workqueue: netns cleanup_net
[ 74.401429][ T54] Call Trace:
[ 74.404706][ T54]
[ 74.407633][ T54] dump_stack_lvl+0x241/0x360
[ 74.412399][ T54] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.417588][ T54] ? __pfx__printk+0x10/0x10
[ 74.422173][ T54] print_circular_bug+0x13a/0x1b0
[ 74.427284][ T54] check_noncircular+0x36a/0x4a0
[ 74.432218][ T54] ? __pfx_check_noncircular+0x10/0x10
[ 74.437671][ T54] ? lockdep_lock+0x123/0x2b0
[ 74.442340][ T54] validate_chain+0x18ef/0x5920
[ 74.447184][ T54] ? __lock_acquire+0x1397/0x2100
[ 74.452201][ T54] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 74.458179][ T54] ? __pfx_validate_chain+0x10/0x10
[ 74.463374][ T54] ? mark_lock+0x9a/0x360
[ 74.467698][ T54] ? __lock_acquire+0x1397/0x2100
[ 74.472716][ T54] ? mark_lock+0x9a/0x360
[ 74.477040][ T54] __lock_acquire+0x1397/0x2100
[ 74.481885][ T54] lock_acquire+0x1ed/0x550
[ 74.486477][ T54] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 74.493160][ T54] ? __pfx_lock_acquire+0x10/0x10
[ 74.498197][ T54] ? __pfx___might_resched+0x10/0x10
[ 74.503492][ T54] ? finish_wait+0xd4/0x1e0
[ 74.508022][ T54] __mutex_lock+0x1ac/0xee0
[ 74.512541][ T54] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 74.519129][ T54] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 74.525653][ T54] ? __pfx___mutex_lock+0x10/0x10
[ 74.530697][ T54] ? __pfx___might_resched+0x10/0x10
[ 74.535977][ T54] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 74.542478][ T54] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 74.549081][ T54] unregister_netdevice_many_notify+0xac2/0x2030
[ 74.555406][ T54] ? mark_lock+0x9a/0x360
[ 74.559730][ T54] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 74.566486][ T54] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 74.572245][ T54] ? __pfx_lock_release+0x10/0x10
[ 74.577331][ T54] unregister_netdevice_queue+0x303/0x370
[ 74.583062][ T54] ? __pfx_up_write+0x10/0x10
[ 74.587740][ T54] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 74.593993][ T54] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 74.599730][ T54] _cfg80211_unregister_wdev+0x163/0x590
[ 74.605365][ T54] ieee80211_remove_interfaces+0x4ef/0x700
[ 74.611167][ T54] ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 74.617490][ T54] ? rcu_is_watching+0x15/0xb0
[ 74.622371][ T54] ieee80211_unregister_hw+0x5d/0x2c0
[ 74.627749][ T54] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 74.633335][ T54] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 74.639437][ T54] hwsim_exit_net+0x5c1/0x670
[ 74.644116][ T54] ? __pfx_hwsim_exit_net+0x10/0x10
[ 74.649313][ T54] ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 74.655298][ T54] cleanup_net+0x812/0xd60
[ 74.659799][ T54] ? __pfx_cleanup_net+0x10/0x10
[ 74.664749][ T54] ? process_scheduled_works+0x976/0x1840
[ 74.670485][ T54] process_scheduled_works+0xa66/0x1840
[ 74.676041][ T54] ? __pfx_process_scheduled_works+0x10/0x10
[ 74.682024][ T54] ? assign_work+0x364/0x3d0
[ 74.686622][ T54] worker_thread+0x870/0xd30
[ 74.691220][ T54] ? __kthread_parkme+0x169/0x1d0
[ 74.696251][ T54] ? __pfx_worker_thread+0x10/0x10
[ 74.701372][ T54] kthread+0x2f0/0x390
[ 74.705696][ T54] ? __pfx_worker_thread+0x10/0x10
[ 74.710798][ T54] ? __pfx_kthread+0x10/0x10
[ 74.715486][ T54] ret_from_fork+0x4b/0x80
[ 74.719894][ T54] ? __pfx_kthread+0x10/0x10
[ 74.724501][ T54] ret_from_fork_asm+0x1a/0x30
[ 74.729262][ T54]
[ 74.740810][ T5145] Bluetooth: hci0: command tx timeout
[ 74.761553][ T5919] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 76.782951][ T5145] Bluetooth: hci0: command tx timeout
[ 78.863002][ T5145] Bluetooth: hci0: command tx timeout
[ 81.984583][ T58] cfg80211: failed to load regulatory.db
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build184658979=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at 215bec2d00
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=215bec2d0092e093aeaa7baeea4b670277102694 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240716-162657'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"215bec2d0092e093aeaa7baeea4b670277102694\"
/usr/bin/ld: /tmp/cc5B9nux.o: in function `test_cover_filter()':
executor.cc:(.text+0x133bb): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/cc5B9nux.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x1a0): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking