last executing test programs: 2.029063072s ago: executing program 2 (id=6): write(0xffffffffffffffff, &(0x7f0000000000), 0x0) 2.009486074s ago: executing program 0 (id=1): sendmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.963912372s ago: executing program 4 (id=7): socket(0x1, 0x1, 0x0) 1.96327707s ago: executing program 2 (id=8): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.963054111s ago: executing program 4 (id=9): mkdirat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.962481621s ago: executing program 0 (id=10): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) 1.957781793s ago: executing program 4 (id=11): perf_event_open(&(0x7f0000000000), 0x0, 0x0, 0xffffffffffffffff, 0x0) 1.945355692s ago: executing program 2 (id=12): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cmdline', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cmdline', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cmdline', 0x800, 0x0) 1.891926387s ago: executing program 4 (id=13): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 1.891750277s ago: executing program 1 (id=2): ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 1.647855745s ago: executing program 3 (id=19): unlink(&(0x7f0000000000)) 1.64775558s ago: executing program 3 (id=20): setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x0) 1.629922361s ago: executing program 3 (id=21): mkdir(&(0x7f0000000000), 0x0) 1.599247297s ago: executing program 3 (id=22): clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) exit(0x0) 1.461600387s ago: executing program 2 (id=15): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.396928437s ago: executing program 0 (id=14): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.152455556s ago: executing program 1 (id=17): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 940.16836ms ago: executing program 3 (id=23): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 656.799449ms ago: executing program 2 (id=24): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 653.928751ms ago: executing program 4 (id=16): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 512.881595ms ago: executing program 0 (id=25): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 288.068033ms ago: executing program 4 (id=30): socket(0x1e, 0x2, 0x0) 178.752472ms ago: executing program 3 (id=27): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=29): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.239' (ED25519) to the list of known hosts. [ 57.717508][ T5817] cgroup: Unknown subsys name 'net' [ 57.846524][ T5817] cgroup: Unknown subsys name 'cpuset' [ 57.854455][ T5817] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 59.170164][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.541212][ T5857] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 61.755790][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.787686][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.137938][ T1321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.154525][ T1321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.594499][ T5904] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.606235][ T5904] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.623413][ T5904] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.632073][ T5904] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.643035][ T5904] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.651139][ T5904] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.517555][ T1338] [ 63.519941][ T1338] ====================================================== [ 63.526971][ T1338] WARNING: possible circular locking dependency detected [ 63.534232][ T1338] 6.13.0-syzkaller-gf9f03a0a6d2d #0 Not tainted [ 63.540104][ T5916] chnl_net:caif_netlink_parms(): no params data found [ 63.540476][ T1338] ------------------------------------------------------ [ 63.540484][ T1338] kworker/u8:8/1338 is trying to acquire lock: [ 63.560482][ T1338] ffffffff8fcc1608 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 63.570894][ T1338] [ 63.570894][ T1338] but task is already holding lock: [ 63.578264][ T1338] ffff8880582d0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 63.588608][ T1338] [ 63.588608][ T1338] which lock already depends on the new lock. [ 63.588608][ T1338] [ 63.599173][ T1338] [ 63.599173][ T1338] the existing dependency chain (in reverse order) is: [ 63.608184][ T1338] [ 63.608184][ T1338] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 63.616090][ T1338] lock_acquire+0x1ed/0x550 [ 63.621111][ T1338] __mutex_lock+0x19c/0x1010 [ 63.626215][ T1338] wiphy_register+0x1a49/0x27b0 [ 63.631574][ T1338] ieee80211_register_hw+0x354e/0x4240 [ 63.637560][ T1338] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 63.643792][ T1338] init_mac80211_hwsim+0x87a/0xb00 [ 63.649411][ T1338] do_one_initcall+0x248/0x870 [ 63.654691][ T1338] do_initcall_level+0x157/0x210 [ 63.660144][ T1338] do_initcalls+0x3f/0x80 [ 63.665207][ T1338] kernel_init_freeable+0x435/0x5d0 [ 63.670938][ T1338] kernel_init+0x1d/0x2b0 [ 63.675893][ T1338] ret_from_fork+0x4b/0x80 [ 63.680831][ T1338] ret_from_fork_asm+0x1a/0x30 [ 63.686108][ T1338] [ 63.686108][ T1338] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 63.693316][ T1338] validate_chain+0x18ef/0x5920 [ 63.698682][ T1338] __lock_acquire+0x1397/0x2100 [ 63.704072][ T1338] lock_acquire+0x1ed/0x550 [ 63.709083][ T1338] __mutex_lock+0x19c/0x1010 [ 63.714189][ T1338] unregister_netdevice_many_notify+0xac2/0x2030 [ 63.721029][ T1338] unregister_netdevice_queue+0x303/0x370 [ 63.727275][ T1338] _cfg80211_unregister_wdev+0x163/0x590 [ 63.733424][ T1338] ieee80211_remove_interfaces+0x4ef/0x700 [ 63.739833][ T1338] ieee80211_unregister_hw+0x5d/0x2c0 [ 63.745728][ T1338] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 63.751783][ T1338] hwsim_exit_net+0x5c1/0x670 [ 63.756965][ T1338] cleanup_net+0x812/0xd60 [ 63.761911][ T1338] process_scheduled_works+0xa66/0x1840 [ 63.767971][ T1338] worker_thread+0x870/0xd30 [ 63.773071][ T1338] kthread+0x7a9/0x920 [ 63.777651][ T1338] ret_from_fork+0x4b/0x80 [ 63.782574][ T1338] ret_from_fork_asm+0x1a/0x30 [ 63.787845][ T1338] [ 63.787845][ T1338] other info that might help us debug this: [ 63.787845][ T1338] [ 63.798059][ T1338] Possible unsafe locking scenario: [ 63.798059][ T1338] [ 63.805589][ T1338] CPU0 CPU1 [ 63.810947][ T1338] ---- ---- [ 63.816304][ T1338] lock(&rdev->wiphy.mtx); [ 63.820805][ T1338] lock(rtnl_mutex); [ 63.827297][ T1338] lock(&rdev->wiphy.mtx); [ 63.834401][ T1338] lock(rtnl_mutex); [ 63.838393][ T1338] [ 63.838393][ T1338] *** DEADLOCK *** [ 63.838393][ T1338] [ 63.846603][ T1338] 4 locks held by kworker/u8:8/1338: [ 63.851872][ T1338] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 63.862746][ T1338] #1: ffffc900053cfc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 63.873276][ T1338] #2: ffffffff8fcb5050 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 63.882674][ T1338] #3: ffff8880582d0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 63.893453][ T1338] [ 63.893453][ T1338] stack backtrace: [ 63.899440][ T1338] CPU: 1 UID: 0 PID: 1338 Comm: kworker/u8:8 Not tainted 6.13.0-syzkaller-gf9f03a0a6d2d #0 [ 63.899454][ T1338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 63.899464][ T1338] Workqueue: netns cleanup_net [ 63.899488][ T1338] Call Trace: [ 63.899496][ T1338] [ 63.899502][ T1338] dump_stack_lvl+0x241/0x360 [ 63.899523][ T1338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 63.899541][ T1338] ? __pfx__printk+0x10/0x10 [ 63.899560][ T1338] print_circular_bug+0x13a/0x1b0 [ 63.899579][ T1338] check_noncircular+0x36a/0x4a0 [ 63.899598][ T1338] ? __pfx_check_noncircular+0x10/0x10 [ 63.899615][ T1338] ? lockdep_lock+0x123/0x2b0 [ 63.899628][ T1338] ? kvm_sched_clock_read+0x11/0x20 [ 63.899646][ T1338] ? psi_task_change+0xed/0x270 [ 63.899663][ T1338] ? sched_clock_cpu+0x76/0x490 [ 63.899681][ T1338] validate_chain+0x18ef/0x5920 [ 63.899705][ T1338] ? __pfx_validate_chain+0x10/0x10 [ 63.899721][ T1338] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 63.899736][ T1338] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 63.899752][ T1338] ? lockdep_hardirqs_on+0x99/0x150 [ 63.899768][ T1338] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 63.899784][ T1338] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 63.899800][ T1338] ? do_raw_spin_unlock+0x13c/0x8b0 [ 63.899814][ T1338] ? try_to_wake_up+0x959/0x1470 [ 63.899831][ T1338] ? mark_lock+0x9a/0x360 [ 63.899845][ T1338] ? __pfx_try_to_wake_up+0x10/0x10 [ 63.899860][ T1338] __lock_acquire+0x1397/0x2100 [ 63.899879][ T1338] lock_acquire+0x1ed/0x550 [ 63.899892][ T1338] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 63.899910][ T1338] ? __pfx_lock_acquire+0x10/0x10 [ 63.899924][ T1338] ? __pfx___might_resched+0x10/0x10 [ 63.899937][ T1338] ? finish_wait+0xd4/0x1e0 [ 63.899952][ T1338] __mutex_lock+0x19c/0x1010 [ 63.899970][ T1338] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 63.899988][ T1338] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 63.900004][ T1338] ? __pfx___mutex_lock+0x10/0x10 [ 63.900022][ T1338] ? __pfx___might_resched+0x10/0x10 [ 63.900034][ T1338] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 63.900050][ T1338] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 63.900067][ T1338] unregister_netdevice_many_notify+0xac2/0x2030 [ 63.900082][ T1338] ? mark_lock+0x9a/0x360 [ 63.900100][ T1338] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 63.900116][ T1338] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 63.900133][ T1338] ? __pfx_lock_release+0x10/0x10 [ 63.900153][ T1338] unregister_netdevice_queue+0x303/0x370 [ 63.900167][ T1338] ? __pfx_up_write+0x10/0x10 [ 63.900184][ T1338] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 63.900200][ T1338] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 63.900217][ T1338] _cfg80211_unregister_wdev+0x163/0x590 [ 63.900236][ T1338] ieee80211_remove_interfaces+0x4ef/0x700 [ 63.900253][ T1338] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 63.900274][ T1338] ? rcu_is_watching+0x15/0xb0 [ 63.900293][ T1338] ieee80211_unregister_hw+0x5d/0x2c0 [ 63.900312][ T1338] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 63.900330][ T1338] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 63.900347][ T1338] hwsim_exit_net+0x5c1/0x670 [ 63.900360][ T1338] ? __pfx_hwsim_exit_net+0x10/0x10 [ 63.900373][ T1338] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 63.900393][ T1338] cleanup_net+0x812/0xd60 [ 63.900412][ T1338] ? __pfx_cleanup_net+0x10/0x10 [ 63.900432][ T1338] ? process_scheduled_works+0x976/0x1840 [ 63.900451][ T1338] process_scheduled_works+0xa66/0x1840 [ 63.900477][ T1338] ? __pfx_process_scheduled_works+0x10/0x10 [ 63.900498][ T1338] ? assign_work+0x364/0x3d0 [ 63.900517][ T1338] worker_thread+0x870/0xd30 [ 63.900533][ T1338] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 63.900549][ T1338] ? __kthread_parkme+0x169/0x1d0 [ 63.900563][ T1338] ? __pfx_worker_thread+0x10/0x10 [ 63.900575][ T1338] kthread+0x7a9/0x920 [ 63.900589][ T1338] ? __pfx_kthread+0x10/0x10 [ 63.900603][ T1338] ? __pfx_worker_thread+0x10/0x10 [ 63.900615][ T1338] ? __pfx_kthread+0x10/0x10 [ 63.900629][ T1338] ? __pfx_kthread+0x10/0x10 [ 63.900643][ T1338] ? __pfx_kthread+0x10/0x10 [ 63.900657][ T1338] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.900671][ T1338] ? lockdep_hardirqs_on+0x99/0x150 [ 63.900688][ T1338] ? __pfx_kthread+0x10/0x10 [ 63.900702][ T1338] ret_from_fork+0x4b/0x80 [ 63.900716][ T1338] ? __pfx_kthread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 63.900729][ T1338] ret_from_fork_asm+0x1a/0x30 [ 63.900745][ T1338] [ 64.779036][ T1338] bond0 (unregistering): Released all slaves [ 71.784705][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.791046][ T1295] ieee802154 phy1 wpan1: encryption failed: -22