possible deadlock in ieee80211_remove_interfaces
======================================================
WARNING: possible circular locking dependency detected
6.13.0-syzkaller-gbc8198dc7ebc #0 Not tainted
------------------------------------------------------
kworker/u8:7/1123 is trying to acquire lock:
ffffffff8fef6fa8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
ffffffff8fef6fa8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1a51/0x21a0 net/core/dev.c:11792
but task is already holding lock:
ffff888034770768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
ffff888034770768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 net/mac80211/iface.c:2280
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730
wiphy_lock include/net/cfg80211.h:6046 [inline]
wiphy_register+0x1c9c/0x2860 net/wireless/core.c:1006
ieee80211_register_hw+0x2455/0x4060 net/mac80211/main.c:1587
mac80211_hwsim_new_radio+0x304e/0x54d0 drivers/net/wireless/virtual/mac80211_hwsim.c:5558
init_mac80211_hwsim+0x432/0x8c0 drivers/net/wireless/virtual/mac80211_hwsim.c:6910
do_one_initcall+0x128/0x700 init/main.c:1267
do_initcall_level init/main.c:1329 [inline]
do_initcalls init/main.c:1345 [inline]
do_basic_setup init/main.c:1364 [inline]
kernel_init_freeable+0x5c7/0x900 init/main.c:1578
kernel_init+0x1c/0x2b0 init/main.c:1467
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain kernel/locking/lockdep.c:3906 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5228
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0x1a51/0x21a0 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x64b/0x830 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x34f/0x720 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x55/0x3a0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio drivers/net/wireless/virtual/mac80211_hwsim.c:5664 [inline]
hwsim_exit_net+0x3ad/0x7d0 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list+0xb0/0x180 net/core/net_namespace.c:172
cleanup_net+0x5c6/0xbf0 net/core/net_namespace.c:652
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
*** DEADLOCK ***
4 locks held by kworker/u8:7/1123:
#0: ffff88801beeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
#1: ffffc9000438fd18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
#2: ffffffff8fee1390 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xbf0 net/core/net_namespace.c:606
#3: ffff888034770768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
#3: ffff888034770768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 net/mac80211/iface.c:2280
stack backtrace:
CPU: 0 UID: 0 PID: 1123 Comm: kworker/u8:7 Not tainted 6.13.0-syzkaller-gbc8198dc7ebc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_circular_bug+0x490/0x760 kernel/locking/lockdep.c:2076
check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain kernel/locking/lockdep.c:3906 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5228
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0x1a51/0x21a0 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x64b/0x830 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x34f/0x720 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x55/0x3a0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio drivers/net/wireless/virtual/mac80211_hwsim.c:5664 [inline]
hwsim_exit_net+0x3ad/0x7d0 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list+0xb0/0x180 net/core/net_namespace.c:172
cleanup_net+0x5c6/0xbf0 net/core/net_namespace.c:652
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Warning: Permanently added '10.128.0.66' (ED25519) to the list of known hosts.
2025/01/24 08:27:45 ignoring optional flag "sandboxArg"="0"
2025/01/24 08:27:45 ignoring optional flag "type"="gce"
2025/01/24 08:27:45 parsed 1 programs
[ 60.809012][ T29] audit: type=1400 audit(1737707265.401:88): avc: denied { node_bind } for pid=5810 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 62.769337][ T29] audit: type=1400 audit(1737707267.361:89): avc: denied { mounton } for pid=5816 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 62.775832][ T5816] cgroup: Unknown subsys name 'net'
[ 62.792083][ T29] audit: type=1400 audit(1737707267.361:90): avc: denied { mount } for pid=5816 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 62.819791][ T29] audit: type=1400 audit(1737707267.401:91): avc: denied { unmount } for pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 62.956004][ T5816] cgroup: Unknown subsys name 'cpuset'
[ 62.963906][ T5816] cgroup: Unknown subsys name 'rlimit'
[ 63.102870][ T29] audit: type=1400 audit(1737707267.691:92): avc: denied { setattr } for pid=5816 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 63.133753][ T29] audit: type=1400 audit(1737707267.701:93): avc: denied { create } for pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 63.157845][ T29] audit: type=1400 audit(1737707267.701:94): avc: denied { write } for pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 63.180041][ T29] audit: type=1400 audit(1737707267.701:95): avc: denied { read } for pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 63.194716][ T5820] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 63.200780][ T29] audit: type=1400 audit(1737707267.711:96): avc: denied { mounton } for pid=5816 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 63.234103][ T29] audit: type=1400 audit(1737707267.711:97): avc: denied { mount } for pid=5816 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 64.114903][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 65.819371][ T29] kauditd_printk_skb: 11 callbacks suppressed
[ 65.819385][ T29] audit: type=1400 audit(1737707270.411:109): avc: denied { mounton } for pid=5824 comm="syz-executor" path="/root/syzkaller.N8Xqje/syz-tmp" dev="sda1" ino=1933 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 65.850113][ T29] audit: type=1400 audit(1737707270.411:110): avc: denied { mount } for pid=5824 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 65.872286][ T29] audit: type=1400 audit(1737707270.411:111): avc: denied { mounton } for pid=5824 comm="syz-executor" path="/root/syzkaller.N8Xqje/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 65.897603][ T29] audit: type=1400 audit(1737707270.411:112): avc: denied { mount } for pid=5824 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 65.919872][ T29] audit: type=1400 audit(1737707270.431:113): avc: denied { unmount } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 65.939499][ T29] audit: type=1400 audit(1737707270.451:114): avc: denied { mounton } for pid=5824 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=2723 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 65.962508][ T29] audit: type=1400 audit(1737707270.451:115): avc: denied { mount } for pid=5824 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 65.989626][ T5824] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 66.014506][ T29] audit: type=1400 audit(1737707270.611:116): avc: denied { read write } for pid=5824 comm="syz-executor" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 66.038718][ T29] audit: type=1400 audit(1737707270.611:117): avc: denied { open } for pid=5824 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 66.064268][ T29] audit: type=1400 audit(1737707270.611:118): avc: denied { ioctl } for pid=5824 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 66.294983][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.303169][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.346776][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.355022][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.680944][ T1123]
[ 66.683302][ T1123] ======================================================
[ 66.690314][ T1123] WARNING: possible circular locking dependency detected
[ 66.697342][ T1123] 6.13.0-syzkaller-gbc8198dc7ebc #0 Not tainted
[ 66.703580][ T1123] ------------------------------------------------------
[ 66.711027][ T1123] kworker/u8:7/1123 is trying to acquire lock:
[ 66.717166][ T1123] ffffffff8fef6fa8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1a51/0x21a0
[ 66.727594][ T1123]
[ 66.727594][ T1123] but task is already holding lock:
[ 66.734952][ T1123] ffff888034770768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720
[ 66.745236][ T1123]
[ 66.745236][ T1123] which lock already depends on the new lock.
[ 66.745236][ T1123]
[ 66.755815][ T1123]
[ 66.755815][ T1123] the existing dependency chain (in reverse order) is:
[ 66.764827][ T1123]
[ 66.764827][ T1123] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 66.772545][ T1123] __mutex_lock+0x19b/0xb10
[ 66.777575][ T1123] wiphy_register+0x1c9c/0x2860
[ 66.782935][ T1123] ieee80211_register_hw+0x2455/0x4060
[ 66.788903][ T1123] mac80211_hwsim_new_radio+0x304e/0x54d0
[ 66.795141][ T1123] init_mac80211_hwsim+0x432/0x8c0
[ 66.800763][ T1123] do_one_initcall+0x128/0x700
[ 66.806121][ T1123] kernel_init_freeable+0x5c7/0x900
[ 66.811827][ T1123] kernel_init+0x1c/0x2b0
[ 66.816666][ T1123] ret_from_fork+0x45/0x80
[ 66.821586][ T1123] ret_from_fork_asm+0x1a/0x30
[ 66.826874][ T1123]
[ 66.826874][ T1123] -> #0 (rtnl_mutex){+.+.}-{4:4}:
[ 66.834074][ T1123] __lock_acquire+0x249e/0x3c40
[ 66.839453][ T1123] lock_acquire.part.0+0x11b/0x380
[ 66.845071][ T1123] __mutex_lock+0x19b/0xb10
[ 66.850085][ T1123] unregister_netdevice_many_notify+0x1a51/0x21a0
[ 66.857010][ T1123] unregister_netdevice_queue+0x307/0x3f0
[ 66.863242][ T1123] _cfg80211_unregister_wdev+0x64b/0x830
[ 66.869386][ T1123] ieee80211_remove_interfaces+0x34f/0x720
[ 66.875707][ T1123] ieee80211_unregister_hw+0x55/0x3a0
[ 66.881602][ T1123] hwsim_exit_net+0x3ad/0x7d0
[ 66.886804][ T1123] ops_exit_list+0xb0/0x180
[ 66.891923][ T1123] cleanup_net+0x5c6/0xbf0
[ 66.896862][ T1123] process_one_work+0x9c5/0x1ba0
[ 66.902308][ T1123] worker_thread+0x6c8/0xf00
[ 66.907407][ T1123] kthread+0x3af/0x750
[ 66.911979][ T1123] ret_from_fork+0x45/0x80
[ 66.916900][ T1123] ret_from_fork_asm+0x1a/0x30
[ 66.922177][ T1123]
[ 66.922177][ T1123] other info that might help us debug this:
[ 66.922177][ T1123]
[ 66.932384][ T1123] Possible unsafe locking scenario:
[ 66.932384][ T1123]
[ 66.939811][ T1123] CPU0 CPU1
[ 66.945161][ T1123] ---- ----
[ 66.950503][ T1123] lock(&rdev->wiphy.mtx);
[ 66.955022][ T1123] lock(rtnl_mutex);
[ 66.961562][ T1123] lock(&rdev->wiphy.mtx);
[ 66.968565][ T1123] lock(rtnl_mutex);
[ 66.972547][ T1123]
[ 66.972547][ T1123] *** DEADLOCK ***
[ 66.972547][ T1123]
[ 66.980667][ T1123] 4 locks held by kworker/u8:7/1123:
[ 66.985931][ T1123] #0: ffff88801beeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[ 66.996271][ T1123] #1: ffffc9000438fd18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[ 67.006171][ T1123] #2: ffffffff8fee1390 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xbf0
[ 67.015469][ T1123] #3: ffff888034770768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720
[ 67.026164][ T1123]
[ 67.026164][ T1123] stack backtrace:
[ 67.032041][ T1123] CPU: 0 UID: 0 PID: 1123 Comm: kworker/u8:7 Not tainted 6.13.0-syzkaller-gbc8198dc7ebc #0
[ 67.032057][ T1123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 67.032068][ T1123] Workqueue: netns cleanup_net
[ 67.032092][ T1123] Call Trace:
[ 67.032099][ T1123]
[ 67.032106][ T1123] dump_stack_lvl+0x116/0x1f0
[ 67.032127][ T1123] print_circular_bug+0x490/0x760
[ 67.032145][ T1123] check_noncircular+0x31a/0x400
[ 67.032161][ T1123] ? __pfx_check_noncircular+0x10/0x10
[ 67.032178][ T1123] ? lockdep_lock+0xc6/0x200
[ 67.032198][ T1123] ? __pfx_lockdep_lock+0x10/0x10
[ 67.032218][ T1123] ? __pfx_lock_release+0x10/0x10
[ 67.032235][ T1123] __lock_acquire+0x249e/0x3c40
[ 67.032255][ T1123] ? __pfx___lock_acquire+0x10/0x10
[ 67.032271][ T1123] ? synchronize_rcu_expedited+0x424/0x450
[ 67.032288][ T1123] ? __pfx_lock_release+0x10/0x10
[ 67.032305][ T1123] lock_acquire.part.0+0x11b/0x380
[ 67.032321][ T1123] ? unregister_netdevice_many_notify+0x1a51/0x21a0
[ 67.032345][ T1123] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 67.032362][ T1123] ? rcu_is_watching+0x12/0xc0
[ 67.032382][ T1123] ? trace_lock_acquire+0x14e/0x1f0
[ 67.032404][ T1123] ? unregister_netdevice_many_notify+0x1a51/0x21a0
[ 67.032426][ T1123] ? lock_acquire+0x2f/0xb0
[ 67.032441][ T1123] ? unregister_netdevice_many_notify+0x1a51/0x21a0
[ 67.032464][ T1123] __mutex_lock+0x19b/0xb10
[ 67.032481][ T1123] ? unregister_netdevice_many_notify+0x1a51/0x21a0
[ 67.032503][ T1123] ? unregister_netdevice_many_notify+0x1a51/0x21a0
[ 67.032525][ T1123] ? __pfx___mutex_lock+0x10/0x10
[ 67.032544][ T1123] ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 67.032560][ T1123] ? __pfx___might_resched+0x10/0x10
[ 67.032578][ T1123] ? unregister_netdevice_many_notify+0x959/0x21a0
[ 67.032600][ T1123] ? unregister_netdevice_many_notify+0x1a51/0x21a0
[ 67.032621][ T1123] unregister_netdevice_many_notify+0x1a51/0x21a0
[ 67.032646][ T1123] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 67.032669][ T1123] ? find_held_lock+0x2d/0x110
[ 67.032695][ T1123] ? kernfs_remove_by_name_ns+0xc4/0x130
[ 67.032716][ T1123] ? __pfx_lock_release+0x10/0x10
[ 67.032731][ T1123] ? __call_rcu_common.constprop.0+0x3ea/0x870
[ 67.032751][ T1123] unregister_netdevice_queue+0x307/0x3f0
[ 67.032773][ T1123] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 67.032797][ T1123] _cfg80211_unregister_wdev+0x64b/0x830
[ 67.032819][ T1123] ieee80211_remove_interfaces+0x34f/0x720
[ 67.032835][ T1123] ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 67.032853][ T1123] ieee80211_unregister_hw+0x55/0x3a0
[ 67.032871][ T1123] hwsim_exit_net+0x3ad/0x7d0
[ 67.032892][ T1123] ? __pfx_hwsim_exit_net+0x10/0x10
[ 67.032912][ T1123] ? ip_vs_sync_net_cleanup+0x72/0xb0
[ 67.032931][ T1123] ? __ip_vs_dev_cleanup_batch+0xb1/0x290
[ 67.032945][ T1123] ? __pfx_hwsim_exit_net+0x10/0x10
[ 67.032963][ T1123] ops_exit_list+0xb0/0x180
[ 67.032983][ T1123] cleanup_net+0x5c6/0xbf0
[ 67.033005][ T1123] ? __pfx_cleanup_net+0x10/0x10
[ 67.033027][ T1123] ? lock_acquire+0x2f/0xb0
[ 67.033042][ T1123] ? process_one_work+0x921/0x1ba0
[ 67.033058][ T1123] process_one_work+0x9c5/0x1ba0
[ 67.033076][ T1123] ? __pfx_toggle_allocation_gate+0x10/0x10
[ 67.033096][ T1123] ? __pfx_process_one_work+0x10/0x10
[ 67.033111][ T1123] ? rcu_is_watching+0x12/0xc0
[ 67.033133][ T1123] ? assign_work+0x1a0/0x250
[ 67.033147][ T1123] worker_thread+0x6c8/0xf00
[ 67.033165][ T1123] ? __pfx_worker_thread+0x10/0x10
[ 67.033180][ T1123] kthread+0x3af/0x750
[ 67.033194][ T1123] ? __pfx_kthread+0x10/0x10
[ 67.033207][ T1123] ? lock_acquire+0x2f/0xb0
[ 67.033223][ T1123] ? __pfx_kthread+0x10/0x10
[ 67.033237][ T1123] ret_from_fork+0x45/0x80
[ 67.033252][ T1123] ? __pfx_kthread+0x10/0x10
[ 67.033265][ T1123] ret_from_fork_asm+0x1a/0x30
[ 67.033291][ T1123]
[ 67.530596][ T5852] chnl_net:caif_netlink_parms(): no params data found
[ 67.564146][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.571213][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.578517][ T5852] bridge_slave_0: entered allmulticast mode
[ 67.585342][ T5852] bridge_slave_0: entered promiscuous mode
[ 67.592440][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.599519][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.606670][ T5852] bridge_slave_1: entered allmulticast mode
[ 67.613181][ T5852] bridge_slave_1: entered promiscuous mode
[ 67.631522][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 67.642247][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 67.659748][ T5852] team0: Port device team_slave_0 added
[ 67.666629][ T5852] team0: Port device team_slave_1 added
[ 67.680623][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 67.687628][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.714308][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 67.726610][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 67.733573][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.759482][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 67.803870][ T5852] hsr_slave_0: entered promiscuous mode
[ 67.809821][ T5852] hsr_slave_1: entered promiscuous mode
[ 67.867099][ T5852] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 67.879614][ T5852] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 67.887821][ T5852] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 67.896060][ T5852] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 67.909645][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.916728][ T5852] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 67.924061][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.931125][ T5852] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 67.968477][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[ 67.980373][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.988687][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.999352][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[ 68.009099][ T53] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.016169][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.026162][ T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.033224][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.102271][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.124438][ T5852] veth0_vlan: entered promiscuous mode
[ 68.132080][ T5852] veth1_vlan: entered promiscuous mode
[ 68.145750][ T5852] veth0_macvtap: entered promiscuous mode
[ 68.152840][ T5852] veth1_macvtap: entered promiscuous mode
[ 68.164522][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 68.174989][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 68.184363][ T5852] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.193520][ T5852] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.202369][ T5852] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.211428][ T5852] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 68.287290][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.327195][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.385010][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.448678][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 68.713358][ T5896] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.720535][ T5896] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.727699][ T5896] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.735284][ T5896] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.742540][ T5896] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 68.750499][ T5896] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/01/24 08:27:53 executed programs: 0
[ 68.856566][ T5131] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.863806][ T5131] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.870980][ T5131] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.878988][ T5131] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.886324][ T5131] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 68.893905][ T5131] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.950457][ T5901] chnl_net:caif_netlink_parms(): no params data found
[ 68.978869][ T5901] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.986346][ T5901] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.993729][ T5901] bridge_slave_0: entered allmulticast mode
[ 68.999989][ T5901] bridge_slave_0: entered promiscuous mode
[ 69.007826][ T5901] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.015028][ T5901] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.022119][ T5901] bridge_slave_1: entered allmulticast mode
[ 69.028811][ T5901] bridge_slave_1: entered promiscuous mode
[ 69.043673][ T5901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.054339][ T5901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.072216][ T5901] team0: Port device team_slave_0 added
[ 69.079052][ T5901] team0: Port device team_slave_1 added
[ 69.092437][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.099532][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 69.125630][ T5901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 69.137807][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 69.145077][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 69.170973][ T5901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 69.192021][ T5901] hsr_slave_0: entered promiscuous mode
[ 69.197953][ T5901] hsr_slave_1: entered promiscuous mode
[ 69.203809][ T5901] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 69.211433][ T5901] Cannot create hsr debugfs directory
[ 70.973034][ T5896] Bluetooth: hci0: command tx timeout
[ 71.374203][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.380504][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.661573][ T29] kauditd_printk_skb: 12 callbacks suppressed
[ 71.661589][ T29] audit: type=1400 audit(1737707276.251:131): avc: denied { search } for pid=5486 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 71.694471][ T53] bridge_slave_1: left allmulticast mode
[ 71.700135][ T53] bridge_slave_1: left promiscuous mode
[ 71.706180][ T53] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.714538][ T53] bridge_slave_0: left allmulticast mode
[ 71.720158][ T53] bridge_slave_0: left promiscuous mode
[ 71.726571][ T53] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.815875][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 71.825715][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 71.834937][ T53] bond0 (unregistering): Released all slaves
[ 71.873262][ T29] audit: type=1400 audit(1737707276.471:132): avc: denied { read } for pid=5912 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 71.897227][ T29] audit: type=1400 audit(1737707276.471:133): avc: denied { open } for pid=5912 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 71.922982][ T29] audit: type=1400 audit(1737707276.471:134): avc: denied { getattr } for pid=5912 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 71.953486][ T53] hsr_slave_0: left promiscuous mode
[ 71.959064][ T53] hsr_slave_1: left promiscuous mode
[ 71.966120][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 71.973863][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 71.983661][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 71.991061][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 72.000214][ T53] veth1_macvtap: left promiscuous mode
[ 72.006560][ T53] veth0_macvtap: left promiscuous mode
[ 72.012115][ T53] veth1_vlan: left promiscuous mode
[ 72.017702][ T29] audit: type=1400 audit(1737707276.611:135): avc: denied { write } for pid=5911 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1705 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 72.042465][ T53] veth0_vlan: left promiscuous mode
[ 72.064849][ T29] audit: type=1400 audit(1737707276.611:136): avc: denied { add_name } for pid=5911 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 72.091640][ T29] audit: type=1400 audit(1737707276.651:137): avc: denied { remove_name } for pid=5922 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=1879 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 72.149446][ T53] team0 (unregistering): Port device team_slave_1 removed
[ 72.160674][ T53] team0 (unregistering): Port device team_slave_0 removed
[ 72.246582][ T5901] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 72.258516][ T5901] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 72.268259][ T5901] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 72.277048][ T5901] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 72.330353][ T5901] 8021q: adding VLAN 0 to HW filter on device bond0
[ 72.349410][ T5901] 8021q: adding VLAN 0 to HW filter on device team0
[ 72.360090][ T35] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.367204][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 72.391088][ T5901] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 72.402369][ T5901] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 72.415429][ T35] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.422481][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 72.539702][ T5901] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 72.561240][ T5901] veth0_vlan: entered promiscuous mode
[ 72.577376][ T5901] veth1_vlan: entered promiscuous mode
[ 72.599155][ T5901] veth0_macvtap: entered promiscuous mode
[ 72.607429][ T5901] veth1_macvtap: entered promiscuous mode
[ 72.618440][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 72.628726][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 72.646768][ T5901] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.656004][ T5901] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.665497][ T5901] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.674586][ T5901] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.696605][ T5901] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 72.722052][ T129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.732622][ T5901] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 72.744511][ T129] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 72.762655][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.770973][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build4192555921=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at de12cf655e
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=de12cf655e7d248264f289ee995511560d8b056b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240807-184726'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"de12cf655e7d248264f289ee995511560d8b056b\"
/usr/bin/ld: /tmp/ccLX0wKb.o: in function `test_cover_filter()':
executor.cc:(.text+0x13e6b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccLX0wKb.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking