last executing test programs: 2.046344818s ago: executing program 1 (id=6): write(0xffffffffffffffff, &(0x7f0000000000), 0x0) 2.012992391s ago: executing program 1 (id=7): close(0xffffffffffffffff) 1.98848873s ago: executing program 0 (id=1): sendmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.943643645s ago: executing program 1 (id=8): setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x0) 1.943455152s ago: executing program 2 (id=3): ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)) 1.942567064s ago: executing program 2 (id=9): clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) exit(0x0) 1.942312052s ago: executing program 1 (id=10): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cmdline', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cmdline', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cmdline', 0x800, 0x0) 1.94112205s ago: executing program 0 (id=11): socket(0x1, 0x1, 0x0) 1.913117926s ago: executing program 1 (id=12): socket$kcm(0x29, 0x2, 0x0) 1.912964184s ago: executing program 2 (id=13): mkdir(&(0x7f0000000000), 0x0) 1.910187322s ago: executing program 0 (id=14): gettid() 1.907664852s ago: executing program 3 (id=4): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x0) 1.897792542s ago: executing program 4 (id=5): mkdirat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.83166064s ago: executing program 2 (id=15): getpid() 1.83143486s ago: executing program 1 (id=16): socket(0x1e, 0x2, 0x0) 1.831344006s ago: executing program 0 (id=17): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) 1.831206412s ago: executing program 2 (id=18): perf_event_open(&(0x7f0000000000), 0x0, 0x0, 0xffffffffffffffff, 0x0) 1.072306314s ago: executing program 3 (id=19): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.071915472s ago: executing program 4 (id=21): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 847.98376ms ago: executing program 0 (id=22): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 750.383512ms ago: executing program 2 (id=23): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 4 (id=25): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.76' (ED25519) to the list of known hosts. [ 60.781164][ T5819] cgroup: Unknown subsys name 'net' [ 60.879696][ T5819] cgroup: Unknown subsys name 'cpuset' [ 60.888562][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 62.192595][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 64.692353][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.711249][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.816732][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.836662][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.846369][ T5866] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.083724][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 65.377783][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.387296][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.394572][ T5863] bridge_slave_0: entered allmulticast mode [ 65.417075][ T5863] bridge_slave_0: entered promiscuous mode [ 65.571727][ T5899] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.580527][ T5899] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.591414][ T5899] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.600179][ T5899] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.611966][ T5899] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.619426][ T5899] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.762436][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.769855][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.777100][ T5863] bridge_slave_1: entered allmulticast mode [ 65.783945][ T5863] bridge_slave_1: entered promiscuous mode [ 65.835187][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.851972][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.886261][ T5863] team0: Port device team_slave_0 added [ 65.894406][ T5863] team0: Port device team_slave_1 added [ 66.070570][ T12] [ 66.072942][ T12] ====================================================== [ 66.080007][ T12] WARNING: possible circular locking dependency detected [ 66.082916][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.087024][ T12] 6.13.0-syzkaller-gf9f03a0a6d2d #0 Not tainted [ 66.087036][ T12] ------------------------------------------------------ [ 66.087042][ T12] kworker/u8:1/12 is trying to acquire lock: [ 66.087051][ T12] ffffffff8fcc1608 (rtnl_mutex [ 66.094082][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.100240][ T12] ){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 66.100290][ T12] [ 66.100290][ T12] but task is already holding lock: [ 66.108286][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.113363][ T12] ffff88806f5a8768 [ 66.132557][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.144025][ T12] (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 66.144071][ T12] [ 66.144071][ T12] which lock already depends on the new lock. [ 66.144071][ T12] [ 66.144077][ T12] [ 66.144077][ T12] the existing dependency chain (in reverse order) is: [ 66.144083][ T12] [ 66.144083][ T12] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 66.144107][ T12] lock_acquire+0x1ed/0x550 [ 66.144125][ T12] __mutex_lock+0x19c/0x1010 [ 66.144146][ T12] wiphy_register+0x1a49/0x27b0 [ 66.152435][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.159738][ T12] ieee80211_register_hw+0x354e/0x4240 [ 66.159766][ T12] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 66.159782][ T12] init_mac80211_hwsim+0x87a/0xb00 [ 66.159798][ T12] do_one_initcall+0x248/0x870 [ 66.171772][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.174238][ T12] do_initcall_level+0x157/0x210 [ 66.298715][ T12] do_initcalls+0x3f/0x80 [ 66.303590][ T12] kernel_init_freeable+0x435/0x5d0 [ 66.309312][ T12] kernel_init+0x1d/0x2b0 [ 66.314185][ T12] ret_from_fork+0x4b/0x80 [ 66.319134][ T12] ret_from_fork_asm+0x1a/0x30 [ 66.324414][ T12] [ 66.324414][ T12] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 66.331622][ T12] validate_chain+0x18ef/0x5920 [ 66.337084][ T12] __lock_acquire+0x1397/0x2100 [ 66.342447][ T12] lock_acquire+0x1ed/0x550 [ 66.347460][ T12] __mutex_lock+0x19c/0x1010 [ 66.352998][ T12] unregister_netdevice_many_notify+0xac2/0x2030 [ 66.359842][ T12] unregister_netdevice_queue+0x303/0x370 [ 66.366072][ T12] _cfg80211_unregister_wdev+0x163/0x590 [ 66.372258][ T12] ieee80211_remove_interfaces+0x4ef/0x700 [ 66.378591][ T12] ieee80211_unregister_hw+0x5d/0x2c0 [ 66.384479][ T12] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 66.390551][ T12] hwsim_exit_net+0x5c1/0x670 [ 66.395913][ T12] cleanup_net+0x812/0xd60 [ 66.400842][ T12] process_scheduled_works+0xa66/0x1840 [ 66.406900][ T12] worker_thread+0x870/0xd30 [ 66.412019][ T12] kthread+0x7a9/0x920 [ 66.416624][ T12] ret_from_fork+0x4b/0x80 [ 66.421554][ T12] ret_from_fork_asm+0x1a/0x30 [ 66.426835][ T12] [ 66.426835][ T12] other info that might help us debug this: [ 66.426835][ T12] [ 66.437150][ T12] Possible unsafe locking scenario: [ 66.437150][ T12] [ 66.444589][ T12] CPU0 CPU1 [ 66.449948][ T12] ---- ---- [ 66.455301][ T12] lock(&rdev->wiphy.mtx); [ 66.459798][ T12] lock(rtnl_mutex); [ 66.466316][ T12] lock(&rdev->wiphy.mtx); [ 66.473415][ T12] lock(rtnl_mutex); [ 66.477399][ T12] [ 66.477399][ T12] *** DEADLOCK *** [ 66.477399][ T12] [ 66.485542][ T12] 4 locks held by kworker/u8:1/12: [ 66.490723][ T12] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 66.501604][ T12] #1: ffffc90000117c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 66.512211][ T12] #2: ffffffff8fcb5050 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 66.521624][ T12] #3: ffff88806f5a8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 66.532405][ T12] [ 66.532405][ T12] stack backtrace: [ 66.538387][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.13.0-syzkaller-gf9f03a0a6d2d #0 [ 66.538403][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 66.538412][ T12] Workqueue: netns cleanup_net [ 66.538438][ T12] Call Trace: [ 66.538445][ T12] [ 66.538451][ T12] dump_stack_lvl+0x241/0x360 [ 66.538472][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 66.538488][ T12] ? __pfx__printk+0x10/0x10 [ 66.538507][ T12] print_circular_bug+0x13a/0x1b0 [ 66.538527][ T12] check_noncircular+0x36a/0x4a0 [ 66.538546][ T12] ? __pfx_check_noncircular+0x10/0x10 [ 66.538562][ T12] ? lockdep_lock+0x123/0x2b0 [ 66.538576][ T12] ? rcu_read_lock_sched_held+0x8d/0x130 [ 66.538596][ T12] validate_chain+0x18ef/0x5920 [ 66.538619][ T12] ? __pfx_validate_chain+0x10/0x10 [ 66.538637][ T12] ? mark_lock+0x9a/0x360 [ 66.538653][ T12] ? __lock_acquire+0x1397/0x2100 [ 66.538671][ T12] ? mark_lock+0x9a/0x360 [ 66.538687][ T12] __lock_acquire+0x1397/0x2100 [ 66.538705][ T12] lock_acquire+0x1ed/0x550 [ 66.538718][ T12] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 66.538736][ T12] ? __pfx_lock_acquire+0x10/0x10 [ 66.538750][ T12] ? __pfx___might_resched+0x10/0x10 [ 66.538764][ T12] ? finish_wait+0xd4/0x1e0 [ 66.538779][ T12] __mutex_lock+0x19c/0x1010 [ 66.538797][ T12] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 66.538816][ T12] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 66.538832][ T12] ? __pfx___mutex_lock+0x10/0x10 [ 66.538849][ T12] ? __pfx___might_resched+0x10/0x10 [ 66.538862][ T12] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 66.538878][ T12] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 66.538894][ T12] unregister_netdevice_many_notify+0xac2/0x2030 [ 66.538910][ T12] ? mark_lock+0x9a/0x360 [ 66.538928][ T12] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 66.538943][ T12] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 66.538960][ T12] ? __pfx_lock_release+0x10/0x10 [ 66.538980][ T12] unregister_netdevice_queue+0x303/0x370 [ 66.538994][ T12] ? __pfx_up_write+0x10/0x10 [ 66.539011][ T12] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 66.539027][ T12] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 66.539044][ T12] _cfg80211_unregister_wdev+0x163/0x590 [ 66.539063][ T12] ieee80211_remove_interfaces+0x4ef/0x700 [ 66.539079][ T12] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 66.539094][ T12] ? rcu_is_watching+0x15/0xb0 [ 66.539113][ T12] ieee80211_unregister_hw+0x5d/0x2c0 [ 66.539132][ T12] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 66.539150][ T12] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 66.539167][ T12] hwsim_exit_net+0x5c1/0x670 [ 66.539180][ T12] ? __pfx_hwsim_exit_net+0x10/0x10 [ 66.539192][ T12] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 66.539212][ T12] cleanup_net+0x812/0xd60 [ 66.539231][ T12] ? __pfx_cleanup_net+0x10/0x10 [ 66.539251][ T12] ? process_scheduled_works+0x976/0x1840 [ 66.539276][ T12] process_scheduled_works+0xa66/0x1840 [ 66.539302][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 66.539323][ T12] ? assign_work+0x364/0x3d0 [ 66.539342][ T12] worker_thread+0x870/0xd30 [ 66.539358][ T12] ? __kthread_parkme+0x169/0x1d0 [ 66.539372][ T12] ? __pfx_worker_thread+0x10/0x10 [ 66.539384][ T12] kthread+0x7a9/0x920 [ 66.539398][ T12] ? __pfx_kthread+0x10/0x10 [ 66.539412][ T12] ? __pfx_worker_thread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 66.539424][ T12] ? __pfx_kthread+0x10/0x10 [ 66.539437][ T12] ? __pfx_kthread+0x10/0x10 [ 66.539452][ T12] ? __pfx_kthread+0x10/0x10 [ 66.539465][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.539481][ T12] ? lockdep_hardirqs_on+0x99/0x150 [ 66.539498][ T12] ? __pfx_kthread+0x10/0x10 [ 66.539512][ T12] ret_from_fork+0x4b/0x80 [ 66.539526][ T12] ? __pfx_kthread+0x10/0x10 [ 66.539540][ T12] ret_from_fork_asm+0x1a/0x30 [ 66.539556][ T12] [ 67.330193][ T12] bridge_slave_1: left allmulticast mode [ 67.335926][ T12] bridge_slave_1: left promiscuous mode [ 67.341597][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.349598][ T12] bridge_slave_0: left allmulticast mode [ 67.355250][ T12] bridge_slave_0: left promiscuous mode [ 67.360989][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.439674][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 67.449354][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 67.459000][ T12] bond0 (unregistering): Released all slaves [ 67.538903][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.546535][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.565701][ T12] team0 (unregistering): Port device team_slave_1 removed [ 67.576369][ T12] team0 (unregistering): Port device team_slave_0 removed [ 71.836908][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.843307][ T1300] ieee802154 phy1 wpan1: encryption failed: -22