possible deadlock in ieee80211_remove_interfaces
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
======================================================
WARNING: possible circular locking dependency detected
6.13.0-syzkaller-g7004a2e46d16 #0 Not tainted
------------------------------------------------------
kworker/u4:2/30 is trying to acquire lock:
ffffffff8fcc13c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
ffffffff8fcc13c8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
but task is already holding lock:
ffff8880333e0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
ffff8880333e0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
wiphy_lock include/net/cfg80211.h:6046 [inline]
wiphy_register+0x1a49/0x27b0 net/wireless/core.c:1006
ieee80211_register_hw+0x354e/0x4240 net/mac80211/main.c:1587
mac80211_hwsim_new_radio+0x2a9f/0x4a90 drivers/net/wireless/virtual/mac80211_hwsim.c:5558
init_mac80211_hwsim+0x87a/0xb00 drivers/net/wireless/virtual/mac80211_hwsim.c:6910
do_one_initcall+0x248/0x870 init/main.c:1267
do_initcall_level+0x157/0x210 init/main.c:1329
do_initcalls+0x3f/0x80 init/main.c:1345
kernel_init_freeable+0x435/0x5d0 init/main.c:1578
kernel_init+0x1d/0x2b0 init/main.c:1467
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #0 (rtnl_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
lock(&rdev->wiphy.mtx);
lock(rtnl_mutex);
*** DEADLOCK ***
4 locks held by kworker/u4:2/30:
#0: ffff88801baef148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
#0: ffff88801baef148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
#1: ffffc90000517c60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
#1: ffffc90000517c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
#2: ffffffff8fcb4e10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 net/core/net_namespace.c:606
#3: ffff8880333e0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
#3: ffff8880333e0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 net/mac80211/iface.c:2280
stack backtrace:
CPU: 0 UID: 0 PID: 30 Comm: kworker/u4:2 Not tainted 6.13.0-syzkaller-g7004a2e46d16 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0xac2/0x2030 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x4ef/0x700 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x5d/0x2c0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x2c4/0x4c0 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x5c1/0x670 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list net/core/net_namespace.c:172 [inline]
cleanup_net+0x812/0xd60 net/core/net_namespace.c:652
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
worker_thread+0x870/0xd30 kernel/workqueue.c:3398
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
Warning: Permanently added '[localhost]:5570' (ED25519) to the list of known hosts.
2025/01/23 02:47:26 ignoring optional flag "sandboxArg"="0"
2025/01/23 02:47:27 parsed 1 programs
[ 72.983793][ T5305] cgroup: Unknown subsys name 'net'
[ 73.055732][ T5305] cgroup: Unknown subsys name 'cpuset'
[ 73.059753][ T5305] cgroup: Unknown subsys name 'rlimit'
[ 74.731416][ T5305] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 76.385241][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.387851][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 79.521151][ T5315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 80.419752][ T5327] chnl_net:caif_netlink_parms(): no params data found
[ 80.509673][ T5327] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.523112][ T5327] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.526091][ T5327] bridge_slave_0: entered allmulticast mode
[ 80.533036][ T5327] bridge_slave_0: entered promiscuous mode
[ 80.544044][ T5327] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.546926][ T5327] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.550049][ T5327] bridge_slave_1: entered allmulticast mode
[ 80.564366][ T5327] bridge_slave_1: entered promiscuous mode
[ 80.608282][ T5327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.624356][ T5327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 80.654277][ T5327] team0: Port device team_slave_0 added
[ 80.662745][ T5327] team0: Port device team_slave_1 added
[ 80.693034][ T5327] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 80.695837][ T5327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 80.721868][ T5327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 80.735045][ T5327] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 80.737716][ T5327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 80.761991][ T5327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 80.819796][ T5327] hsr_slave_0: entered promiscuous mode
[ 80.833520][ T5327] hsr_slave_1: entered promiscuous mode
[ 81.042854][ T5327] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 81.049752][ T5327] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 81.067125][ T5327] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 81.074206][ T5327] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 81.130120][ T5327] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.133359][ T5327] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.136995][ T5327] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.140131][ T5327] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.243648][ T5327] 8021q: adding VLAN 0 to HW filter on device bond0
[ 81.270906][ T1031] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.276091][ T1031] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.296826][ T5327] 8021q: adding VLAN 0 to HW filter on device team0
[ 81.339367][ T1031] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.342462][ T1031] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.353061][ T1031] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.355972][ T1031] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.608464][ T5327] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.664427][ T5327] veth0_vlan: entered promiscuous mode
[ 81.670322][ T5327] veth1_vlan: entered promiscuous mode
[ 81.715033][ T5327] veth0_macvtap: entered promiscuous mode
[ 81.724832][ T5327] veth1_macvtap: entered promiscuous mode
[ 81.754838][ T5327] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 81.774969][ T5327] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 81.779873][ T5327] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.792347][ T5327] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.795829][ T5327] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.799201][ T5327] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.977562][ T5327] syz-executor (5327) used greatest stack depth: 18512 bytes left
[ 82.054772][ T30] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.145263][ T30] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.225820][ T30] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.314174][ T30] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.952705][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.955930][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.991671][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.996567][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 84.603390][ T30] bridge_slave_1: left allmulticast mode
[ 84.605857][ T30] bridge_slave_1: left promiscuous mode
[ 84.608745][ T30] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.675320][ T5385] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 84.680793][ T5385] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 84.685408][ T5385] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 84.688772][ T5385] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 84.693711][ T5385] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 84.696547][ T5385] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 84.715434][ T30] bridge_slave_0: left allmulticast mode
[ 84.717621][ T30] bridge_slave_0: left promiscuous mode
[ 84.719815][ T30] bridge0: port 1(bridge_slave_0) entered disabled state
[ 85.125527][ T30] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 85.130834][ T30] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 85.136032][ T30] bond0 (unregistering): Released all slaves
[ 85.222943][ T30] hsr_slave_0: left promiscuous mode
[ 85.234388][ T30] hsr_slave_1: left promiscuous mode
[ 85.243257][ T30] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 85.246060][ T30] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 85.261714][ T30] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 85.265524][ T30] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 85.291532][ T30] veth1_macvtap: left promiscuous mode
[ 85.298836][ T30] veth0_macvtap: left promiscuous mode
[ 85.301066][ T30] veth1_vlan: left promiscuous mode
[ 85.332379][ T30] veth0_vlan: left promiscuous mode
[ 85.739135][ T30] team0 (unregistering): Port device team_slave_1 removed
[ 85.761242][ T30] team0 (unregistering): Port device team_slave_0 removed
[ 86.643552][ T52] cfg80211: failed to load regulatory.db
[ 87.053472][ T30]
[ 87.054468][ T30] ======================================================
[ 87.057103][ T30] WARNING: possible circular locking dependency detected
[ 87.059757][ T30] 6.13.0-syzkaller-g7004a2e46d16 #0 Not tainted
[ 87.063218][ T30] ------------------------------------------------------
[ 87.065987][ T30] kworker/u4:2/30 is trying to acquire lock:
[ 87.068230][ T30] ffffffff8fcc13c8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030
[ 87.072228][ T30]
[ 87.072228][ T30] but task is already holding lock:
[ 87.075087][ T30] ffff8880333e0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 87.079085][ T30]
[ 87.079085][ T30] which lock already depends on the new lock.
[ 87.079085][ T30]
[ 87.082984][ T30]
[ 87.082984][ T30] the existing dependency chain (in reverse order) is:
[ 87.086515][ T30]
[ 87.086515][ T30] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 87.089390][ T30] lock_acquire+0x1ed/0x550
[ 87.091299][ T30] __mutex_lock+0x19c/0x1010
[ 87.093255][ T30] wiphy_register+0x1a49/0x27b0
[ 87.095315][ T30] ieee80211_register_hw+0x354e/0x4240
[ 87.097919][ T30] mac80211_hwsim_new_radio+0x2a9f/0x4a90
[ 87.100418][ T30] init_mac80211_hwsim+0x87a/0xb00
[ 87.102575][ T30] do_one_initcall+0x248/0x870
[ 87.104648][ T30] do_initcall_level+0x157/0x210
[ 87.106788][ T30] do_initcalls+0x3f/0x80
[ 87.108784][ T30] kernel_init_freeable+0x435/0x5d0
[ 87.111036][ T30] kernel_init+0x1d/0x2b0
[ 87.113356][ T30] ret_from_fork+0x4b/0x80
[ 87.115772][ T30] ret_from_fork_asm+0x1a/0x30
[ 87.117854][ T30]
[ 87.117854][ T30] -> #0 (rtnl_mutex){+.+.}-{4:4}:
[ 87.120595][ T30] validate_chain+0x18ef/0x5920
[ 87.122730][ T30] __lock_acquire+0x1397/0x2100
[ 87.124783][ T30] lock_acquire+0x1ed/0x550
[ 87.127170][ T30] __mutex_lock+0x19c/0x1010
[ 87.129100][ T30] unregister_netdevice_many_notify+0xac2/0x2030
[ 87.131763][ T30] unregister_netdevice_queue+0x303/0x370
[ 87.134187][ T30] _cfg80211_unregister_wdev+0x163/0x590
[ 87.136577][ T30] ieee80211_remove_interfaces+0x4ef/0x700
[ 87.139090][ T30] ieee80211_unregister_hw+0x5d/0x2c0
[ 87.141534][ T30] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 87.143845][ T30] hwsim_exit_net+0x5c1/0x670
[ 87.145875][ T30] cleanup_net+0x812/0xd60
[ 87.147735][ T30] process_scheduled_works+0xa66/0x1840
[ 87.150050][ T30] worker_thread+0x870/0xd30
[ 87.152032][ T30] kthread+0x7a9/0x920
[ 87.153751][ T30] ret_from_fork+0x4b/0x80
[ 87.155710][ T30] ret_from_fork_asm+0x1a/0x30
[ 87.157714][ T30]
[ 87.157714][ T30] other info that might help us debug this:
[ 87.157714][ T30]
[ 87.161629][ T30] Possible unsafe locking scenario:
[ 87.161629][ T30]
[ 87.164686][ T30] CPU0 CPU1
[ 87.166760][ T30] ---- ----
[ 87.168810][ T30] lock(&rdev->wiphy.mtx);
[ 87.170549][ T30] lock(rtnl_mutex);
[ 87.173018][ T30] lock(&rdev->wiphy.mtx);
[ 87.175881][ T30] lock(rtnl_mutex);
[ 87.177504][ T30]
[ 87.177504][ T30] *** DEADLOCK ***
[ 87.177504][ T30]
[ 87.180568][ T30] 4 locks held by kworker/u4:2/30:
[ 87.182477][ T30] #0: ffff88801baef148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[ 87.186598][ T30] #1: ffffc90000517c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[ 87.190528][ T30] #2: ffffffff8fcb4e10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60
[ 87.194075][ T30] #3: ffff8880333e0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700
[ 87.198270][ T30]
[ 87.198270][ T30] stack backtrace:
[ 87.200532][ T30] CPU: 0 UID: 0 PID: 30 Comm: kworker/u4:2 Not tainted 6.13.0-syzkaller-g7004a2e46d16 #0
[ 87.200546][ T30] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.200554][ T30] Workqueue: netns cleanup_net
[ 87.200575][ T30] Call Trace:
[ 87.200583][ T30]
[ 87.200589][ T30] dump_stack_lvl+0x241/0x360
[ 87.200606][ T30] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.200618][ T30] ? __pfx__printk+0x10/0x10
[ 87.200632][ T30] print_circular_bug+0x13a/0x1b0
[ 87.200649][ T30] check_noncircular+0x36a/0x4a0
[ 87.200664][ T30] ? __pfx_check_noncircular+0x10/0x10
[ 87.200679][ T30] ? lockdep_lock+0x123/0x2b0
[ 87.200691][ T30] ? rcu_read_lock_sched_held+0x8d/0x130
[ 87.200706][ T30] validate_chain+0x18ef/0x5920
[ 87.200724][ T30] ? __pfx_validate_chain+0x10/0x10
[ 87.200740][ T30] ? mark_lock+0x9a/0x360
[ 87.200753][ T30] ? __lock_acquire+0x1397/0x2100
[ 87.200769][ T30] ? mark_lock+0x9a/0x360
[ 87.200778][ T30] __lock_acquire+0x1397/0x2100
[ 87.200787][ T30] lock_acquire+0x1ed/0x550
[ 87.200794][ T30] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 87.200804][ T30] ? __pfx_lock_acquire+0x10/0x10
[ 87.200811][ T30] ? __pfx___might_resched+0x10/0x10
[ 87.200820][ T30] ? finish_wait+0xd4/0x1e0
[ 87.200829][ T30] __mutex_lock+0x19c/0x1010
[ 87.200835][ T30] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 87.200845][ T30] ? unregister_netdevice_many_notify+0xac2/0x2030
[ 87.200856][ T30] ? __pfx___mutex_lock+0x10/0x10
[ 87.200865][ T30] ? __pfx___might_resched+0x10/0x10
[ 87.200875][ T30] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 87.200888][ T30] ? unregister_netdevice_many_notify+0x9fa/0x2030
[ 87.200902][ T30] unregister_netdevice_many_notify+0xac2/0x2030
[ 87.200914][ T30] ? mark_lock+0x9a/0x360
[ 87.200928][ T30] ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 87.200939][ T30] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 87.200953][ T30] ? __pfx_lock_release+0x10/0x10
[ 87.200967][ T30] unregister_netdevice_queue+0x303/0x370
[ 87.200979][ T30] ? __pfx_up_write+0x10/0x10
[ 87.200987][ T30] ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 87.201000][ T30] ? kernfs_remove_by_name_ns+0x11b/0x160
[ 87.201014][ T30] _cfg80211_unregister_wdev+0x163/0x590
[ 87.201030][ T30] ieee80211_remove_interfaces+0x4ef/0x700
[ 87.201045][ T30] ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 87.201056][ T30] ? rcu_is_watching+0x15/0xb0
[ 87.201070][ T30] ieee80211_unregister_hw+0x5d/0x2c0
[ 87.201083][ T30] mac80211_hwsim_del_radio+0x2c4/0x4c0
[ 87.201098][ T30] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 87.201111][ T30] hwsim_exit_net+0x5c1/0x670
[ 87.201122][ T30] ? __pfx_hwsim_exit_net+0x10/0x10
[ 87.201132][ T30] ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 87.201144][ T30] cleanup_net+0x812/0xd60
[ 87.201156][ T30] ? __pfx_cleanup_net+0x10/0x10
[ 87.201168][ T30] ? process_scheduled_works+0x976/0x1840
[ 87.201178][ T30] process_scheduled_works+0xa66/0x1840
[ 87.201220][ T30] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.201234][ T30] ? assign_work+0x364/0x3d0
[ 87.201245][ T30] worker_thread+0x870/0xd30
[ 87.201257][ T30] ? __kthread_parkme+0x169/0x1d0
[ 87.201269][ T30] ? __pfx_worker_thread+0x10/0x10
[ 87.201279][ T30] kthread+0x7a9/0x920
[ 87.201290][ T30] ? __pfx_kthread+0x10/0x10
[ 87.201301][ T30] ? __pfx_worker_thread+0x10/0x10
[ 87.201311][ T30] ? __pfx_kthread+0x10/0x10
[ 87.201322][ T30] ? __pfx_kthread+0x10/0x10
[ 87.201333][ T30] ? __pfx_kthread+0x10/0x10
[ 87.201344][ T30] ? _raw_spin_unlock_irq+0x23/0x50
[ 87.201357][ T30] ? lockdep_hardirqs_on+0x99/0x150
[ 87.201372][ T30] ? __pfx_kthread+0x10/0x10
[ 87.201383][ T30] ret_from_fork+0x4b/0x80
[ 87.201395][ T30] ? __pfx_kthread+0x10/0x10
[ 87.201406][ T30] ret_from_fork_asm+0x1a/0x30
[ 87.201419][ T30]
2025/01/23 02:47:44 executed programs: 0
[ 87.534715][ T4663] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 87.548325][ T4663] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 87.559314][ T4663] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 87.570021][ T4663] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 87.573822][ T4663] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 87.577328][ T4663] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 87.764265][ T5418] chnl_net:caif_netlink_parms(): no params data found
[ 87.898862][ T5418] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.901642][ T5418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.911980][ T5418] bridge_slave_0: entered allmulticast mode
[ 87.923317][ T5418] bridge_slave_0: entered promiscuous mode
[ 87.935931][ T5418] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.939001][ T5418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.941726][ T5418] bridge_slave_1: entered allmulticast mode
[ 87.970419][ T5418] bridge_slave_1: entered promiscuous mode
[ 88.013058][ T5418] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 88.017704][ T5418] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 88.078142][ T5418] team0: Port device team_slave_0 added
[ 88.081400][ T5418] team0: Port device team_slave_1 added
[ 88.124441][ T5418] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 88.127084][ T5418] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.152457][ T5418] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 88.179135][ T5418] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 88.193478][ T5418] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.222222][ T5418] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 88.251404][ T5418] hsr_slave_0: entered promiscuous mode
[ 88.273965][ T5418] hsr_slave_1: entered promiscuous mode
[ 88.655691][ T5418] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 88.662855][ T5418] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 88.693509][ T5418] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 88.705237][ T5418] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 88.817329][ T5418] 8021q: adding VLAN 0 to HW filter on device bond0
[ 88.843905][ T5418] 8021q: adding VLAN 0 to HW filter on device team0
[ 88.872947][ T30] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.875856][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 88.879402][ T30] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.882183][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 89.103643][ T5418] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 89.139474][ T5418] veth0_vlan: entered promiscuous mode
[ 89.155427][ T5418] veth1_vlan: entered promiscuous mode
[ 89.184205][ T5418] veth0_macvtap: entered promiscuous mode
[ 89.203041][ T5418] veth1_macvtap: entered promiscuous mode
[ 89.211171][ T5418] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 89.235010][ T5418] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 89.252325][ T5418] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.256309][ T5418] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.259748][ T5418] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.271864][ T5418] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.314143][ T5418] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 89.336380][ T30] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.339566][ T30] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.344891][ T5418] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 89.381166][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.385886][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.080411][ T41] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 92.635290][ T41] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 92.665109][ T41] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 92.696051][ T41] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 92.767693][ T41] bridge_slave_1: left allmulticast mode
[ 92.769904][ T41] bridge_slave_1: left promiscuous mode
[ 92.774595][ T41] bridge0: port 2(bridge_slave_1) entered disabled state
[ 92.779249][ T41] bridge_slave_0: left allmulticast mode
[ 92.781658][ T41] bridge_slave_0: left promiscuous mode
[ 92.792678][ T41] bridge0: port 1(bridge_slave_0) entered disabled state
[ 92.904779][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 92.913186][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 92.923716][ T41] bond0 (unregistering): Released all slaves
[ 93.033405][ T41] hsr_slave_0: left promiscuous mode
[ 93.037348][ T41] hsr_slave_1: left promiscuous mode
[ 93.043477][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 93.052649][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 93.062750][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 93.065605][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 93.072622][ T41] veth1_macvtap: left promiscuous mode
[ 93.074782][ T41] veth0_macvtap: left promiscuous mode
[ 93.076931][ T41] veth1_vlan: left promiscuous mode
[ 93.078993][ T41] veth0_vlan: left promiscuous mode
[ 93.205729][ T41] team0 (unregistering): Port device team_slave_1 removed
[ 93.211018][ T41] team0 (unregistering): Port device team_slave_0 removed
VM DIAGNOSIS:
02:47:44 Registers:
info registers vcpu 0
CPU#0
RAX=000000000000007a RBX=ffffffff9a73e940 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc900005164b0
R8 =ffffffff855598cb R9 =1ffff11003d2e046 R10=dffffc0000000000 R11=ffffffff85559880
R12=dffffc0000000000 R13=ffffffff9a438f41 R14=000000000000007a R15=00000000000003f8
RIP=ffffffff855598fe RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9f70508000 CR3=00000000454c6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d3f33330d3f33330 d3f33330d3f33330
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f451c2b2f451c2b 2f451c2b2f451c2b
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 09931f9009931f90 09931f9009931f90
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b32dd19c2675c1dd 3dd47171e8eab577
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a7d19bb1c32f53a eb5fd1db4938ef26
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 984f016aa1ed66d1 9e52e70730feab08
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b3da3ccd201af972 dacd8d9c1e8ea063
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3c6e987715ca1b95 7f08fd51b51f40d2
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 240402fcb499a573 a1bd405126eef758
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 78f16a6d5adb2f4c 99190688ccd73427
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 32c2f25983637d52 95e4b1d0109c1367
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c59e1a51c59e1a51 c59e1a51c59e1a51
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 724194ae724194ae 724194ae724194ae
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 dd6c087add6c087a dd6c087add6c087a
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
syzkaller build log:
go env (err=)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1880340760=/tmp/go-build -gno-record-gcc-switches'
git status (err=)
HEAD detached at fb888278a6b
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=fb888278a6b21eda7fa63551c83fd17b90305ba1 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241030-093306'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"fb888278a6b21eda7fa63551c83fd17b90305ba1\"
/usr/bin/ld: /tmp/cc17lMZW.o: in function `test_cover_filter()':
executor.cc:(.text+0x1426b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/cc17lMZW.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking