last executing test programs: 3.440437099s ago: executing program 1 (id=6): clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) exit(0x0) 3.391074733s ago: executing program 1 (id=8): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x0) 3.390638523s ago: executing program 3 (id=9): mkdirat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 3.390298298s ago: executing program 1 (id=10): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 3.378546004s ago: executing program 2 (id=3): write(0xffffffffffffffff, &(0x7f0000000000), 0x0) 3.373683357s ago: executing program 4 (id=5): socket(0x1e, 0x2, 0x0) 3.296680233s ago: executing program 0 (id=12): perf_event_open(&(0x7f0000000000), 0x0, 0x0, 0xffffffffffffffff, 0x0) 3.296487212s ago: executing program 4 (id=13): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) 3.296408024s ago: executing program 3 (id=14): gettid() 3.29631699s ago: executing program 1 (id=15): socket$kcm(0x29, 0x2, 0x0) 3.295810071s ago: executing program 0 (id=16): mkdir(&(0x7f0000000000), 0x0) 3.295380902s ago: executing program 4 (id=17): setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x0) 3.271255811s ago: executing program 0 (id=19): getpid() 2.66343028s ago: executing program 0 (id=22): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.643547723s ago: executing program 3 (id=18): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.515341952s ago: executing program 1 (id=23): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.484364531s ago: executing program 2 (id=20): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.287870241s ago: executing program 3 (id=24): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.284492504s ago: executing program 0 (id=25): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 2.25883405s ago: executing program 4 (id=21): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.681131091s ago: executing program 1 (id=26): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cmdline', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cmdline', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cmdline', 0x800, 0x0) 1.349025706s ago: executing program 3 (id=28): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.286242235s ago: executing program 4 (id=30): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.260347514s ago: executing program 2 (id=27): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 943.30786ms ago: executing program 0 (id=32): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 765.232061ms ago: executing program 3 (id=35): expanding glob: /sys/**/* 478.748709ms ago: executing program 4 (id=33): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=34): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.233' (ED25519) to the list of known hosts. [ 57.462412][ T5819] cgroup: Unknown subsys name 'net' [ 57.593760][ T5819] cgroup: Unknown subsys name 'cpuset' [ 57.601914][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 59.026957][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.222967][ T5868] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.231969][ T5868] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.240121][ T5868] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.249857][ T5868] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.257942][ T5868] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 61.273746][ T5868] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.477481][ T5860] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 62.770529][ T3533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.778913][ T3533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.874537][ T3533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.882668][ T3533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.480046][ T5912] chnl_net:caif_netlink_parms(): no params data found [ 64.050731][ T5912] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.059193][ T5912] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.072375][ T5912] bridge_slave_0: entered allmulticast mode [ 64.081543][ T5912] bridge_slave_0: entered promiscuous mode [ 64.107706][ T5912] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.116117][ T5912] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.124191][ T5912] bridge_slave_1: entered allmulticast mode [ 64.136093][ T5912] bridge_slave_1: entered promiscuous mode [ 64.198339][ T5912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.262163][ T5912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.280427][ T75] [ 64.282976][ T75] ====================================================== [ 64.289995][ T75] WARNING: possible circular locking dependency detected [ 64.297021][ T75] 6.13.0-syzkaller-g0fc5dddb9409 #0 Not tainted [ 64.303255][ T75] ------------------------------------------------------ [ 64.310371][ T75] kworker/u8:5/75 is trying to acquire lock: [ 64.316346][ T75] ffffffff8fcc1608 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 64.326741][ T75] [ 64.326741][ T75] but task is already holding lock: [ 64.334294][ T75] ffff8880245f0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 64.344648][ T75] [ 64.344648][ T75] which lock already depends on the new lock. [ 64.344648][ T75] [ 64.355040][ T75] [ 64.355040][ T75] the existing dependency chain (in reverse order) is: [ 64.364052][ T75] [ 64.364052][ T75] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 64.371787][ T75] lock_acquire+0x1ed/0x550 [ 64.376807][ T75] __mutex_lock+0x19c/0x1010 [ 64.381916][ T75] wiphy_register+0x1a49/0x27b0 [ 64.387286][ T75] ieee80211_register_hw+0x354e/0x4240 [ 64.393262][ T75] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 64.399520][ T75] init_mac80211_hwsim+0x87a/0xb00 [ 64.405147][ T75] do_one_initcall+0x248/0x870 [ 64.410432][ T75] do_initcall_level+0x157/0x210 [ 64.415899][ T75] do_initcalls+0x3f/0x80 [ 64.420753][ T75] kernel_init_freeable+0x435/0x5d0 [ 64.426899][ T75] kernel_init+0x1d/0x2b0 [ 64.431745][ T75] ret_from_fork+0x4b/0x80 [ 64.436687][ T75] ret_from_fork_asm+0x1a/0x30 [ 64.441994][ T75] [ 64.441994][ T75] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 64.449344][ T75] validate_chain+0x18ef/0x5920 [ 64.454972][ T75] __lock_acquire+0x1397/0x2100 [ 64.460351][ T75] lock_acquire+0x1ed/0x550 [ 64.465370][ T75] __mutex_lock+0x19c/0x1010 [ 64.470577][ T75] unregister_netdevice_many_notify+0xac2/0x2030 [ 64.477509][ T75] unregister_netdevice_queue+0x303/0x370 [ 64.483744][ T75] _cfg80211_unregister_wdev+0x163/0x590 [ 64.489979][ T75] ieee80211_remove_interfaces+0x4ef/0x700 [ 64.496295][ T75] ieee80211_unregister_hw+0x5d/0x2c0 [ 64.502182][ T75] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 64.508239][ T75] hwsim_exit_net+0x5c1/0x670 [ 64.513614][ T75] cleanup_net+0x812/0xd60 [ 64.518547][ T75] process_scheduled_works+0xa66/0x1840 [ 64.524636][ T75] worker_thread+0x870/0xd30 [ 64.529745][ T75] kthread+0x7a9/0x920 [ 64.534414][ T75] ret_from_fork+0x4b/0x80 [ 64.539351][ T75] ret_from_fork_asm+0x1a/0x30 [ 64.544623][ T75] [ 64.544623][ T75] other info that might help us debug this: [ 64.544623][ T75] [ 64.555098][ T75] Possible unsafe locking scenario: [ 64.555098][ T75] [ 64.562535][ T75] CPU0 CPU1 [ 64.567887][ T75] ---- ---- [ 64.573305][ T75] lock(&rdev->wiphy.mtx); [ 64.577996][ T75] lock(rtnl_mutex); [ 64.584488][ T75] lock(&rdev->wiphy.mtx); [ 64.591609][ T75] lock(rtnl_mutex); [ 64.595843][ T75] [ 64.595843][ T75] *** DEADLOCK *** [ 64.595843][ T75] [ 64.604536][ T75] 4 locks held by kworker/u8:5/75: [ 64.609729][ T75] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 64.620607][ T75] #1: ffffc9000219fc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 64.631133][ T75] #2: ffffffff8fcb5050 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 64.640622][ T75] #3: ffff8880245f0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 64.651404][ T75] [ 64.651404][ T75] stack backtrace: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 64.657473][ T75] CPU: 1 UID: 0 PID: 75 Comm: kworker/u8:5 Not tainted 6.13.0-syzkaller-g0fc5dddb9409 #0 [ 64.657488][ T75] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 64.657498][ T75] Workqueue: netns cleanup_net [ 64.657523][ T75] Call Trace: [ 64.657529][ T75] [ 64.657535][ T75] dump_stack_lvl+0x241/0x360 [ 64.657555][ T75] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.657578][ T75] ? __pfx__printk+0x10/0x10 [ 64.657597][ T75] print_circular_bug+0x13a/0x1b0 [ 64.657616][ T75] check_noncircular+0x36a/0x4a0 [ 64.657634][ T75] ? __pfx_check_noncircular+0x10/0x10 [ 64.657651][ T75] ? lockdep_lock+0x123/0x2b0 [ 64.657665][ T75] ? kvm_sched_clock_read+0x11/0x20 [ 64.657683][ T75] ? psi_task_change+0xed/0x270 [ 64.657700][ T75] ? sched_clock_cpu+0x76/0x490 [ 64.657718][ T75] validate_chain+0x18ef/0x5920 [ 64.657742][ T75] ? __pfx_validate_chain+0x10/0x10 [ 64.657758][ T75] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.657773][ T75] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 64.657790][ T75] ? lockdep_hardirqs_on+0x99/0x150 [ 64.657807][ T75] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 64.657822][ T75] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 64.657838][ T75] ? do_raw_spin_unlock+0x13c/0x8b0 [ 64.657852][ T75] ? try_to_wake_up+0x959/0x1470 [ 64.657869][ T75] ? mark_lock+0x9a/0x360 [ 64.657883][ T75] ? __pfx_try_to_wake_up+0x10/0x10 [ 64.657898][ T75] __lock_acquire+0x1397/0x2100 [ 64.657917][ T75] lock_acquire+0x1ed/0x550 [ 64.657930][ T75] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 64.657948][ T75] ? __pfx_lock_acquire+0x10/0x10 [ 64.657962][ T75] ? __pfx___might_resched+0x10/0x10 [ 64.657975][ T75] ? finish_wait+0xd4/0x1e0 [ 64.657991][ T75] __mutex_lock+0x19c/0x1010 [ 64.658009][ T75] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 64.658027][ T75] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 64.658043][ T75] ? __pfx___mutex_lock+0x10/0x10 [ 64.658060][ T75] ? __pfx___might_resched+0x10/0x10 [ 64.658073][ T75] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 64.658089][ T75] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 64.658105][ T75] unregister_netdevice_many_notify+0xac2/0x2030 [ 64.658121][ T75] ? mark_lock+0x9a/0x360 [ 64.658139][ T75] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 64.658155][ T75] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 64.658172][ T75] ? __pfx_lock_release+0x10/0x10 [ 64.658192][ T75] unregister_netdevice_queue+0x303/0x370 [ 64.658206][ T75] ? __pfx_up_write+0x10/0x10 [ 64.658223][ T75] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 64.658239][ T75] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 64.658256][ T75] _cfg80211_unregister_wdev+0x163/0x590 [ 64.658276][ T75] ieee80211_remove_interfaces+0x4ef/0x700 [ 64.658293][ T75] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 64.658307][ T75] ? rcu_is_watching+0x15/0xb0 [ 64.658327][ T75] ieee80211_unregister_hw+0x5d/0x2c0 [ 64.658347][ T75] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 64.658364][ T75] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 64.658381][ T75] hwsim_exit_net+0x5c1/0x670 [ 64.658393][ T75] ? __pfx_hwsim_exit_net+0x10/0x10 [ 64.658406][ T75] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 64.658426][ T75] cleanup_net+0x812/0xd60 [ 64.658445][ T75] ? __pfx_cleanup_net+0x10/0x10 [ 64.658466][ T75] ? process_scheduled_works+0x976/0x1840 [ 64.658485][ T75] process_scheduled_works+0xa66/0x1840 [ 64.658511][ T75] ? __pfx_process_scheduled_works+0x10/0x10 [ 64.658532][ T75] ? assign_work+0x364/0x3d0 [ 64.658551][ T75] worker_thread+0x870/0xd30 [ 64.658586][ T75] ? __kthread_parkme+0x169/0x1d0 [ 64.658600][ T75] ? __pfx_worker_thread+0x10/0x10 [ 64.658613][ T75] kthread+0x7a9/0x920 [ 64.658627][ T75] ? __pfx_kthread+0x10/0x10 [ 64.658641][ T75] ? __pfx_worker_thread+0x10/0x10 [ 64.658654][ T75] ? __pfx_kthread+0x10/0x10 [ 64.658667][ T75] ? __pfx_kthread+0x10/0x10 [ 64.658682][ T75] ? __pfx_kthread+0x10/0x10 [ 64.658695][ T75] ? _raw_spin_unlock_irq+0x23/0x50 [ 64.658710][ T75] ? lockdep_hardirqs_on+0x99/0x150 [ 64.658726][ T75] ? __pfx_kthread+0x10/0x10 [ 64.658740][ T75] ret_from_fork+0x4b/0x80 [ 64.658754][ T75] ? __pfx_kthread+0x10/0x10 [ 64.658768][ T75] ret_from_fork_asm+0x1a/0x30 [ 64.658784][ T75] [ 65.396142][ T75] bridge_slave_1: left allmulticast mode [ 65.401874][ T75] bridge_slave_1: left promiscuous mode [ 65.407532][ T75] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.415760][ T75] bridge_slave_0: left allmulticast mode [ 65.421593][ T75] bridge_slave_0: left promiscuous mode [ 65.427238][ T75] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.535438][ T75] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 65.546030][ T75] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 65.555922][ T75] bond0 (unregistering): Released all slaves [ 71.791172][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.797631][ T1296] ieee802154 phy1 wpan1: encryption failed: -22