last executing test programs: 2.183694759s ago: executing program 2 (id=3): close(0xffffffffffffffff) 2.131140566s ago: executing program 0 (id=6): write(0xffffffffffffffff, &(0x7f0000000000), 0x0) 2.129923292s ago: executing program 1 (id=7): socket(0x1, 0x1, 0x0) 2.127065827s ago: executing program 1 (id=8): mkdirat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 2.126809685s ago: executing program 0 (id=9): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) 2.126279284s ago: executing program 2 (id=10): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cmdline', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cmdline', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/cmdline', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cmdline', 0x800, 0x0) 2.115973664s ago: executing program 1 (id=11): unlink(&(0x7f0000000000)) 2.114972487s ago: executing program 4 (id=5): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x0) 2.091718299s ago: executing program 0 (id=12): mkdir(&(0x7f0000000000), 0x0) 2.091445562s ago: executing program 2 (id=13): getpid() 2.091270623s ago: executing program 3 (id=4): recvmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0) 2.027129302s ago: executing program 4 (id=14): setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x0) 2.026582705s ago: executing program 0 (id=15): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 2.026318635s ago: executing program 1 (id=16): perf_event_open(&(0x7f0000000000), 0x0, 0x0, 0xffffffffffffffff, 0x0) 2.025893766s ago: executing program 2 (id=17): clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) exit(0x0) 2.011202311s ago: executing program 0 (id=19): gettid() 1.346176986s ago: executing program 3 (id=21): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.339203284s ago: executing program 1 (id=20): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.149138131s ago: executing program 4 (id=18): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 864.151914ms ago: executing program 1 (id=24): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 837.273271ms ago: executing program 2 (id=23): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 830.530504ms ago: executing program 4 (id=26): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 823.114317ms ago: executing program 0 (id=22): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 556.95257ms ago: executing program 2 (id=31): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 344.974673ms ago: executing program 4 (id=29): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 3 (id=27): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts. [ 61.668640][ T5817] cgroup: Unknown subsys name 'net' [ 61.859341][ T5817] cgroup: Unknown subsys name 'cpuset' [ 61.867488][ T5817] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 63.240750][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 66.184022][ T5862] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 66.209315][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.219216][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.489242][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.500905][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.883483][ T5904] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.895925][ T5904] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.908229][ T5904] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.936519][ T5904] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.946468][ T5904] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.956281][ T5904] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.726229][ T2139] [ 67.728587][ T2139] ====================================================== [ 67.735770][ T2139] WARNING: possible circular locking dependency detected [ 67.742787][ T2139] 6.13.0-syzkaller-g7569fc94ad0e #0 Not tainted [ 67.749129][ T2139] ------------------------------------------------------ [ 67.756134][ T2139] kworker/u8:7/2139 is trying to acquire lock: [ 67.762275][ T2139] ffffffff8fcc1608 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 67.772636][ T2139] [ 67.772636][ T2139] but task is already holding lock: [ 67.780084][ T2139] ffff88807c0d0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 67.790629][ T2139] [ 67.790629][ T2139] which lock already depends on the new lock. [ 67.790629][ T2139] [ 67.801041][ T2139] [ 67.801041][ T2139] the existing dependency chain (in reverse order) is: [ 67.810061][ T2139] [ 67.810061][ T2139] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 67.817798][ T2139] lock_acquire+0x1ed/0x550 [ 67.822825][ T2139] __mutex_lock+0x19c/0x1010 [ 67.828052][ T2139] wiphy_register+0x1a49/0x27b0 [ 67.833420][ T2139] ieee80211_register_hw+0x354e/0x4240 [ 67.839404][ T2139] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 67.845813][ T2139] init_mac80211_hwsim+0x87a/0xb00 [ 67.851441][ T2139] do_one_initcall+0x248/0x870 [ 67.856716][ T2139] do_initcall_level+0x157/0x210 [ 67.862160][ T2139] do_initcalls+0x3f/0x80 [ 67.866998][ T2139] kernel_init_freeable+0x435/0x5d0 [ 67.872703][ T2139] kernel_init+0x1d/0x2b0 [ 67.877553][ T2139] ret_from_fork+0x4b/0x80 [ 67.882489][ T2139] ret_from_fork_asm+0x1a/0x30 [ 67.887776][ T2139] [ 67.887776][ T2139] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 67.895003][ T2139] validate_chain+0x18ef/0x5920 [ 67.900379][ T2139] __lock_acquire+0x1397/0x2100 [ 67.905841][ T2139] lock_acquire+0x1ed/0x550 [ 67.910859][ T2139] __mutex_lock+0x19c/0x1010 [ 67.915964][ T2139] unregister_netdevice_many_notify+0xac2/0x2030 [ 67.922809][ T2139] unregister_netdevice_queue+0x303/0x370 [ 67.929041][ T2139] _cfg80211_unregister_wdev+0x163/0x590 [ 67.935212][ T2139] ieee80211_remove_interfaces+0x4ef/0x700 [ 67.941527][ T2139] ieee80211_unregister_hw+0x5d/0x2c0 [ 67.947426][ T2139] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 67.953482][ T2139] hwsim_exit_net+0x5c1/0x670 [ 67.958669][ T2139] cleanup_net+0x812/0xd60 [ 67.963599][ T2139] process_scheduled_works+0xa66/0x1840 [ 67.969747][ T2139] worker_thread+0x870/0xd30 [ 67.974843][ T2139] kthread+0x7a9/0x920 [ 67.979482][ T2139] ret_from_fork+0x4b/0x80 [ 67.984409][ T2139] ret_from_fork_asm+0x1a/0x30 [ 67.989685][ T2139] [ 67.989685][ T2139] other info that might help us debug this: [ 67.989685][ T2139] [ 67.999920][ T2139] Possible unsafe locking scenario: [ 67.999920][ T2139] [ 68.007363][ T2139] CPU0 CPU1 [ 68.012822][ T2139] ---- ---- [ 68.018202][ T2139] lock(&rdev->wiphy.mtx); [ 68.022705][ T2139] lock(rtnl_mutex); [ 68.029283][ T2139] lock(&rdev->wiphy.mtx); [ 68.036313][ T2139] lock(rtnl_mutex); [ 68.040309][ T2139] [ 68.040309][ T2139] *** DEADLOCK *** [ 68.040309][ T2139] [ 68.048713][ T2139] 4 locks held by kworker/u8:7/2139: [ 68.054066][ T2139] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 68.065127][ T2139] #1: ffffc900051afc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 68.075660][ T2139] #2: ffffffff8fcb5050 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 68.085074][ T2139] #3: ffff88807c0d0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 68.095941][ T2139] [ 68.095941][ T2139] stack backtrace: [ 68.101915][ T2139] CPU: 1 UID: 0 PID: 2139 Comm: kworker/u8:7 Not tainted 6.13.0-syzkaller-g7569fc94ad0e #0 [ 68.101931][ T2139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 68.101940][ T2139] Workqueue: netns cleanup_net [ 68.101964][ T2139] Call Trace: [ 68.101972][ T2139] [ 68.101978][ T2139] dump_stack_lvl+0x241/0x360 [ 68.101999][ T2139] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.102016][ T2139] ? __pfx__printk+0x10/0x10 [ 68.102036][ T2139] print_circular_bug+0x13a/0x1b0 [ 68.102055][ T2139] check_noncircular+0x36a/0x4a0 [ 68.102073][ T2139] ? __pfx_check_noncircular+0x10/0x10 [ 68.102090][ T2139] ? lockdep_lock+0x123/0x2b0 [ 68.102104][ T2139] ? kvm_sched_clock_read+0x11/0x20 [ 68.102122][ T2139] ? psi_task_change+0xed/0x270 [ 68.102139][ T2139] ? sched_clock_cpu+0x76/0x490 [ 68.102157][ T2139] validate_chain+0x18ef/0x5920 [ 68.102180][ T2139] ? __pfx_validate_chain+0x10/0x10 [ 68.102197][ T2139] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 68.102213][ T2139] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 68.102229][ T2139] ? lockdep_hardirqs_on+0x99/0x150 [ 68.102246][ T2139] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 68.102261][ T2139] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.102277][ T2139] ? do_raw_spin_unlock+0x13c/0x8b0 [ 68.102291][ T2139] ? try_to_wake_up+0x959/0x1470 [ 68.102308][ T2139] ? mark_lock+0x9a/0x360 [ 68.102322][ T2139] ? __pfx_try_to_wake_up+0x10/0x10 [ 68.102337][ T2139] __lock_acquire+0x1397/0x2100 [ 68.102356][ T2139] lock_acquire+0x1ed/0x550 [ 68.102369][ T2139] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 68.102387][ T2139] ? __pfx_lock_acquire+0x10/0x10 [ 68.102401][ T2139] ? __pfx___might_resched+0x10/0x10 [ 68.102414][ T2139] ? finish_wait+0xd4/0x1e0 [ 68.102429][ T2139] __mutex_lock+0x19c/0x1010 [ 68.102453][ T2139] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 68.102471][ T2139] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 68.102487][ T2139] ? __pfx___mutex_lock+0x10/0x10 [ 68.102504][ T2139] ? __pfx___might_resched+0x10/0x10 [ 68.102518][ T2139] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 68.102534][ T2139] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 68.102550][ T2139] unregister_netdevice_many_notify+0xac2/0x2030 [ 68.102566][ T2139] ? mark_lock+0x9a/0x360 [ 68.102584][ T2139] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 68.102600][ T2139] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 68.102617][ T2139] ? __pfx_lock_release+0x10/0x10 [ 68.102637][ T2139] unregister_netdevice_queue+0x303/0x370 [ 68.102652][ T2139] ? __pfx_up_write+0x10/0x10 [ 68.102669][ T2139] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 68.102685][ T2139] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 68.102702][ T2139] _cfg80211_unregister_wdev+0x163/0x590 [ 68.102721][ T2139] ieee80211_remove_interfaces+0x4ef/0x700 [ 68.102737][ T2139] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 68.102751][ T2139] ? rcu_is_watching+0x15/0xb0 [ 68.102771][ T2139] ieee80211_unregister_hw+0x5d/0x2c0 [ 68.102790][ T2139] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 68.102808][ T2139] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 68.102826][ T2139] hwsim_exit_net+0x5c1/0x670 [ 68.102839][ T2139] ? __pfx_hwsim_exit_net+0x10/0x10 [ 68.102851][ T2139] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 68.102871][ T2139] cleanup_net+0x812/0xd60 [ 68.102890][ T2139] ? __pfx_cleanup_net+0x10/0x10 [ 68.102910][ T2139] ? process_scheduled_works+0x976/0x1840 [ 68.102929][ T2139] process_scheduled_works+0xa66/0x1840 [ 68.102955][ T2139] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.102976][ T2139] ? assign_work+0x364/0x3d0 [ 68.102995][ T2139] worker_thread+0x870/0xd30 [ 68.103010][ T2139] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 68.103027][ T2139] ? __kthread_parkme+0x169/0x1d0 [ 68.103041][ T2139] ? __pfx_worker_thread+0x10/0x10 [ 68.103053][ T2139] kthread+0x7a9/0x920 [ 68.103067][ T2139] ? __pfx_kthread+0x10/0x10 [ 68.103081][ T2139] ? __pfx_worker_thread+0x10/0x10 [ 68.103093][ T2139] ? __pfx_kthread+0x10/0x10 [ 68.103106][ T2139] ? __pfx_kthread+0x10/0x10 [ 68.103121][ T2139] ? __pfx_kthread+0x10/0x10 [ 68.103135][ T2139] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.103149][ T2139] ? lockdep_hardirqs_on+0x99/0x150 [ 68.103166][ T2139] ? __pfx_kthread+0x10/0x10 [ 68.103180][ T2139] ret_from_fork+0x4b/0x80 [ 68.103195][ T2139] ? __pfx_kthread+0x10/0x10 [ 68.103208][ T2139] ret_from_fork_asm+0x1a/0x30 [ 68.103225][ T2139] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 68.552870][ T5909] chnl_net:caif_netlink_parms(): no params data found [ 69.077512][ T2139] bond0 (unregistering): Released all slaves [ 71.787701][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.794089][ T1295] ieee802154 phy1 wpan1: encryption failed: -22