last executing test programs: 1.792415391s ago: executing program 1 (id=7): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.763010199s ago: executing program 2 (id=3): write(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.705501652s ago: executing program 1 (id=8): perf_event_open(&(0x7f0000000000), 0x0, 0x0, 0xffffffffffffffff, 0x0) 1.704095252s ago: executing program 3 (id=9): close(0xffffffffffffffff) 1.704017743s ago: executing program 4 (id=5): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x0) 1.703920778s ago: executing program 1 (id=10): socket(0x1e, 0x2, 0x0) 1.703659841s ago: executing program 3 (id=11): setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x0) 1.699943407s ago: executing program 4 (id=12): unlink(&(0x7f0000000000)) 1.698140204s ago: executing program 1 (id=13): getpid() 1.649811257s ago: executing program 2 (id=14): clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) exit(0x0) 1.649628368s ago: executing program 3 (id=15): mkdirat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.649555853s ago: executing program 0 (id=1): sendmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.649388642s ago: executing program 1 (id=16): mkdir(&(0x7f0000000000), 0x0) 1.620875685s ago: executing program 2 (id=18): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cmdline', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cmdline', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cmdline', 0x800, 0x0) 1.620668525s ago: executing program 3 (id=19): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) 1.620590282s ago: executing program 4 (id=20): gettid() 801.926889ms ago: executing program 3 (id=24): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 788.701925ms ago: executing program 0 (id=21): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 616.935809ms ago: executing program 2 (id=22): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 365.279829ms ago: executing program 1 (id=17): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 328.424502ms ago: executing program 4 (id=23): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 168.232606ms ago: executing program 0 (id=25): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 314.463µs ago: executing program 2 (id=27): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 3 (id=26): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.66' (ED25519) to the list of known hosts. [ 58.789057][ T5819] cgroup: Unknown subsys name 'net' [ 58.895251][ T5819] cgroup: Unknown subsys name 'cpuset' [ 58.903514][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 60.159901][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.849306][ T5867] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 62.849306][ T5871] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 62.883683][ T5057] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.891926][ T5057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.140317][ T5057] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.148262][ T5057] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.238103][ T1001] [ 64.240478][ T1001] ====================================================== [ 64.247505][ T1001] WARNING: possible circular locking dependency detected [ 64.254528][ T1001] 6.13.0-syzkaller-gdbf7cc560007 #0 Not tainted [ 64.260776][ T1001] ------------------------------------------------------ [ 64.267924][ T1001] kworker/u8:5/1001 is trying to acquire lock: [ 64.274096][ T1001] ffffffff8fed6808 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 64.284529][ T1001] [ 64.284529][ T1001] but task is already holding lock: [ 64.291901][ T1001] ffff88807a5d0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 64.302285][ T1001] [ 64.302285][ T1001] which lock already depends on the new lock. [ 64.302285][ T1001] [ 64.312689][ T1001] [ 64.312689][ T1001] the existing dependency chain (in reverse order) is: [ 64.321689][ T1001] [ 64.321689][ T1001] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 64.329424][ T1001] lock_acquire+0x1ed/0x550 [ 64.334521][ T1001] __mutex_lock+0x19c/0x1010 [ 64.339626][ T1001] wiphy_register+0x1913/0x2650 [ 64.345418][ T1001] ieee80211_register_hw+0x35d9/0x42e0 [ 64.351488][ T1001] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 64.357725][ T1001] init_mac80211_hwsim+0x87a/0xb00 [ 64.363348][ T1001] do_one_initcall+0x248/0x930 [ 64.368621][ T1001] do_initcall_level+0x157/0x210 [ 64.374099][ T1001] do_initcalls+0x71/0xd0 [ 64.378934][ T1001] kernel_init_freeable+0x435/0x5d0 [ 64.384688][ T1001] kernel_init+0x1d/0x2b0 [ 64.389525][ T1001] ret_from_fork+0x4b/0x80 [ 64.394452][ T1001] ret_from_fork_asm+0x1a/0x30 [ 64.399721][ T1001] [ 64.399721][ T1001] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 64.406919][ T1001] validate_chain+0x18ef/0x5920 [ 64.412284][ T1001] __lock_acquire+0x1397/0x2100 [ 64.417653][ T1001] lock_acquire+0x1ed/0x550 [ 64.422681][ T1001] __mutex_lock+0x19c/0x1010 [ 64.427786][ T1001] unregister_netdevice_many_notify+0xac2/0x2030 [ 64.434636][ T1001] unregister_netdevice_queue+0x303/0x370 [ 64.440867][ T1001] _cfg80211_unregister_wdev+0x163/0x590 [ 64.447021][ T1001] ieee80211_remove_interfaces+0x4ef/0x700 [ 64.453338][ T1001] ieee80211_unregister_hw+0x5d/0x2c0 [ 64.459223][ T1001] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 64.465280][ T1001] hwsim_exit_net+0x5c1/0x670 [ 64.470465][ T1001] cleanup_net+0x812/0xd60 [ 64.475387][ T1001] process_scheduled_works+0xabe/0x18e0 [ 64.481444][ T1001] worker_thread+0x870/0xd30 [ 64.486542][ T1001] kthread+0x7a9/0x920 [ 64.491122][ T1001] ret_from_fork+0x4b/0x80 [ 64.496084][ T1001] ret_from_fork_asm+0x1a/0x30 [ 64.501356][ T1001] [ 64.501356][ T1001] other info that might help us debug this: [ 64.501356][ T1001] [ 64.511567][ T1001] Possible unsafe locking scenario: [ 64.511567][ T1001] [ 64.519009][ T1001] CPU0 CPU1 [ 64.524378][ T1001] ---- ---- [ 64.529735][ T1001] lock(&rdev->wiphy.mtx); [ 64.534227][ T1001] lock(rtnl_mutex); [ 64.540716][ T1001] lock(&rdev->wiphy.mtx); [ 64.547754][ T1001] lock(rtnl_mutex); [ 64.551733][ T1001] [ 64.551733][ T1001] *** DEADLOCK *** [ 64.551733][ T1001] [ 64.559870][ T1001] 4 locks held by kworker/u8:5/1001: [ 64.565137][ T1001] #0: ffff88801bef5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 64.576022][ T1001] #1: ffffc90003b5fc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 64.586550][ T1001] #2: ffffffff8feca0d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 64.595946][ T1001] #3: ffff88807a5d0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 64.606730][ T1001] [ 64.606730][ T1001] stack backtrace: [ 64.612621][ T1001] CPU: 1 UID: 0 PID: 1001 Comm: kworker/u8:5 Not tainted 6.13.0-syzkaller-gdbf7cc560007 #0 [ 64.612636][ T1001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 64.612649][ T1001] Workqueue: netns cleanup_net [ 64.612668][ T1001] Call Trace: [ 64.612675][ T1001] [ 64.612681][ T1001] dump_stack_lvl+0x241/0x360 [ 64.612696][ T1001] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.612709][ T1001] ? __pfx__printk+0x10/0x10 [ 64.612730][ T1001] print_circular_bug+0x13a/0x1b0 [ 64.612745][ T1001] check_noncircular+0x36a/0x4a0 [ 64.612759][ T1001] ? __pfx_check_noncircular+0x10/0x10 [ 64.612772][ T1001] ? lockdep_lock+0x123/0x2b0 [ 64.612789][ T1001] ? kvm_sched_clock_read+0x11/0x20 [ 64.612806][ T1001] ? psi_task_change+0xed/0x270 [ 64.612819][ T1001] ? sched_clock_cpu+0x76/0x490 [ 64.612834][ T1001] validate_chain+0x18ef/0x5920 [ 64.612853][ T1001] ? __pfx_validate_chain+0x10/0x10 [ 64.612865][ T1001] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.612883][ T1001] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 64.612898][ T1001] ? lockdep_hardirqs_on+0x99/0x150 [ 64.612915][ T1001] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 64.612930][ T1001] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 64.612945][ T1001] ? do_raw_spin_unlock+0x13c/0x8b0 [ 64.612961][ T1001] ? try_to_wake_up+0x959/0x1470 [ 64.612980][ T1001] ? mark_lock+0x9a/0x360 [ 64.612991][ T1001] ? __pfx_try_to_wake_up+0x10/0x10 [ 64.613008][ T1001] __lock_acquire+0x1397/0x2100 [ 64.613028][ T1001] lock_acquire+0x1ed/0x550 [ 64.613045][ T1001] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 64.613064][ T1001] ? __pfx_lock_acquire+0x10/0x10 [ 64.613081][ T1001] ? __pfx___might_resched+0x10/0x10 [ 64.613096][ T1001] ? finish_wait+0xd4/0x1e0 [ 64.613113][ T1001] __mutex_lock+0x19c/0x1010 [ 64.613130][ T1001] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 64.613149][ T1001] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 64.613165][ T1001] ? __pfx___mutex_lock+0x10/0x10 [ 64.613182][ T1001] ? __pfx___might_resched+0x10/0x10 [ 64.613197][ T1001] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 64.613214][ T1001] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 64.613230][ T1001] unregister_netdevice_many_notify+0xac2/0x2030 [ 64.613247][ T1001] ? mark_lock+0x9a/0x360 [ 64.613260][ T1001] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 64.613277][ T1001] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 64.613294][ T1001] ? __pfx_lock_release+0x10/0x10 [ 64.613316][ T1001] unregister_netdevice_queue+0x303/0x370 [ 64.613331][ T1001] ? __pfx_up_write+0x10/0x10 [ 64.613343][ T1001] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 64.613359][ T1001] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 64.613376][ T1001] _cfg80211_unregister_wdev+0x163/0x590 [ 64.613392][ T1001] ieee80211_remove_interfaces+0x4ef/0x700 [ 64.613412][ T1001] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 64.613430][ T1001] ? rcu_is_watching+0x15/0xb0 [ 64.613445][ T1001] ieee80211_unregister_hw+0x5d/0x2c0 [ 64.613462][ T1001] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 64.613483][ T1001] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 64.613504][ T1001] hwsim_exit_net+0x5c1/0x670 [ 64.613520][ T1001] ? __pfx_hwsim_exit_net+0x10/0x10 [ 64.613536][ T1001] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 64.613552][ T1001] cleanup_net+0x812/0xd60 [ 64.613565][ T1001] ? __pfx_cleanup_net+0x10/0x10 [ 64.613585][ T1001] ? process_scheduled_works+0x9c6/0x18e0 [ 64.613600][ T1001] process_scheduled_works+0xabe/0x18e0 [ 64.613621][ T1001] ? __pfx_process_scheduled_works+0x10/0x10 [ 64.613638][ T1001] ? assign_work+0x364/0x3d0 [ 64.613653][ T1001] worker_thread+0x870/0xd30 [ 64.613670][ T1001] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 64.613687][ T1001] ? __kthread_parkme+0x169/0x1d0 [ 64.613703][ T1001] ? __pfx_worker_thread+0x10/0x10 [ 64.613718][ T1001] kthread+0x7a9/0x920 [ 64.613734][ T1001] ? __pfx_kthread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 64.613750][ T1001] ? __pfx_worker_thread+0x10/0x10 [ 64.613765][ T1001] ? __pfx_kthread+0x10/0x10 [ 64.613780][ T1001] ? __pfx_kthread+0x10/0x10 [ 64.613797][ T1001] ? __pfx_kthread+0x10/0x10 [ 64.613813][ T1001] ? _raw_spin_unlock_irq+0x23/0x50 [ 64.613828][ T1001] ? lockdep_hardirqs_on+0x99/0x150 [ 64.613844][ T1001] ? __pfx_kthread+0x10/0x10 [ 64.613860][ T1001] ret_from_fork+0x4b/0x80 [ 64.613875][ T1001] ? __pfx_kthread+0x10/0x10 [ 64.613892][ T1001] ret_from_fork_asm+0x1a/0x30 [ 64.613910][ T1001] [ 71.722697][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.728981][ T1297] ieee802154 phy1 wpan1: encryption failed: -22