batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
======================================================
WARNING: possible circular locking dependency detected
6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 Not tainted
------------------------------------------------------
kworker/u8:5/142 is trying to acquire lock:
ffff888027be4768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6092 [inline]
ffff888027be4768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_netdev_notifier_call+0x1b3/0x1430 net/wireless/core.c:1547
but task is already holding lock:
ffff888035d0cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: netdev_lock include/linux/netdevice.h:2751 [inline]
ffff888035d0cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: netdev_lock_ops include/net/netdev_lock.h:42 [inline]
ffff888035d0cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 net/core/dev.c:11938
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&dev_instance_lock_key#3){+.+.}-{4:4}:
lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
__mutex_lock_common kernel/locking/mutex.c:601 [inline]
__mutex_lock+0x1a5/0x10c0 kernel/locking/mutex.c:746
netdev_lock include/linux/netdevice.h:2751 [inline]
netdev_lock_ops include/net/netdev_lock.h:42 [inline]
xsk_bind+0x2fd/0xfb0 net/xdp/xsk.c:1188
__sys_bind_socket net/socket.c:1810 [inline]
__sys_bind+0x1de/0x290 net/socket.c:1841
__do_sys_bind net/socket.c:1846 [inline]
__se_sys_bind net/socket.c:1844 [inline]
__x64_sys_bind+0x7a/0x90 net/socket.c:1844
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #2 (&xs->mutex){+.+.}-{4:4}:
lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
__mutex_lock_common kernel/locking/mutex.c:601 [inline]
__mutex_lock+0x1a5/0x10c0 kernel/locking/mutex.c:746
xsk_diag_fill net/xdp/xsk_diag.c:113 [inline]
xsk_diag_dump+0x5be/0x19d0 net/xdp/xsk_diag.c:166
netlink_dump+0x678/0xeb0 net/netlink/af_netlink.c:2309
__netlink_dump_start+0x5a2/0x790 net/netlink/af_netlink.c:2424
netlink_dump_start include/linux/netlink.h:340 [inline]
xsk_diag_handler_dump+0x1de/0x270 net/xdp/xsk_diag.c:193
sock_diag_rcv_msg+0x3dc/0x5f0 net/core/sock_diag.c:-1
netlink_rcv_skb+0x208/0x480 net/netlink/af_netlink.c:2534
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x7f8/0x9a0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x8c3/0xcd0 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:727
sock_write_iter+0x2d9/0x3f0 net/socket.c:1131
do_iter_readv_writev+0x71f/0x9d0 fs/read_write.c:-1
vfs_writev+0x38d/0xbc0 fs/read_write.c:1055
do_writev+0x1b8/0x360 fs/read_write.c:1101
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&net->xdp.lock){+.+.}-{4:4}:
lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
__mutex_lock_common kernel/locking/mutex.c:601 [inline]
__mutex_lock+0x1a5/0x10c0 kernel/locking/mutex.c:746
xsk_notifier+0x8b/0x230 net/xdp/xsk.c:1644
notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2212 [inline]
call_netdevice_notifiers net/core/dev.c:2226 [inline]
unregister_netdevice_many_notify+0x1572/0x2510 net/core/dev.c:11971
unregister_netdevice_many net/core/dev.c:12035 [inline]
unregister_netdevice_queue+0x383/0x400 net/core/dev.c:11887
unregister_netdevice include/linux/netdevice.h:3374 [inline]
_cfg80211_unregister_wdev+0x163/0x590 net/wireless/core.c:1256
ieee80211_if_remove+0x25d/0x320 net/mac80211/iface.c:2256
ieee80211_del_iface+0x19/0x30 net/mac80211/cfg.c:224
rdev_del_virtual_intf net/wireless/rdev-ops.h:62 [inline]
cfg80211_remove_virtual_intf+0x23f/0x410 net/wireless/util.c:2871
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0xb38/0xf00 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x208/0x480 net/netlink/af_netlink.c:2534
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x7f8/0x9a0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x8c3/0xcd0 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:727
____sys_sendmsg+0x523/0x860 net/socket.c:2566
___sys_sendmsg net/socket.c:2620 [inline]
__sys_sendmsg+0x271/0x360 net/socket.c:2652
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&rdev->wiphy.mtx){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3166 [inline]
check_prevs_add kernel/locking/lockdep.c:3285 [inline]
validate_chain+0xa69/0x24e0 kernel/locking/lockdep.c:3909
__lock_acquire+0xad5/0xd80 kernel/locking/lockdep.c:5235
lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
__mutex_lock_common kernel/locking/mutex.c:601 [inline]
__mutex_lock+0x1a5/0x10c0 kernel/locking/mutex.c:746
class_wiphy_constructor include/net/cfg80211.h:6092 [inline]
cfg80211_netdev_notifier_call+0x1b3/0x1430 net/wireless/core.c:1547
notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2212 [inline]
call_netdevice_notifiers net/core/dev.c:2226 [inline]
__dev_close_many+0x15d/0x760 net/core/dev.c:1671
dev_close_many+0x250/0x4c0 net/core/dev.c:1725
unregister_netdevice_many_notify+0x628/0x2510 net/core/dev.c:11940
unregister_netdevice_many net/core/dev.c:12035 [inline]
default_device_exit_batch+0x7ff/0x880 net/core/dev.c:12527
ops_exit_list net/core/net_namespace.c:177 [inline]
cleanup_net+0x8af/0xd60 net/core/net_namespace.c:654
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xac3/0x18e0 kernel/workqueue.c:3319
worker_thread+0x870/0xd50 kernel/workqueue.c:3400
kthread+0x7b7/0x940 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
other info that might help us debug this:
Chain exists of:
&rdev->wiphy.mtx --> &xs->mutex --> &dev_instance_lock_key#3
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&dev_instance_lock_key#3);
lock(&xs->mutex);
lock(&dev_instance_lock_key#3);
lock(&rdev->wiphy.mtx);
*** DEADLOCK ***
5 locks held by kworker/u8:5/142:
#0: ffff88801bef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
#0: ffff88801bef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 kernel/workqueue.c:3319
#1: ffffc90002e3fc60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
#1: ffffc90002e3fc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 kernel/workqueue.c:3319
#2: ffffffff900f0a90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17c/0xd60 net/core/net_namespace.c:608
#3: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xde/0x880 net/core/dev.c:12513
#4: ffff888035d0cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: netdev_lock include/linux/netdevice.h:2751 [inline]
#4: ffff888035d0cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: netdev_lock_ops include/net/netdev_lock.h:42 [inline]
#4: ffff888035d0cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 net/core/dev.c:11938
stack backtrace:
CPU: 0 UID: 0 PID: 142 Comm: kworker/u8:5 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: netns cleanup_net
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x2e1/0x300 kernel/locking/lockdep.c:2079
check_noncircular+0x142/0x160 kernel/locking/lockdep.c:2211
check_prev_add kernel/locking/lockdep.c:3166 [inline]
check_prevs_add kernel/locking/lockdep.c:3285 [inline]
validate_chain+0xa69/0x24e0 kernel/locking/lockdep.c:3909
__lock_acquire+0xad5/0xd80 kernel/locking/lockdep.c:5235
lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
__mutex_lock_common kernel/locking/mutex.c:601 [inline]
__mutex_lock+0x1a5/0x10c0 kernel/locking/mutex.c:746
class_wiphy_constructor include/net/cfg80211.h:6092 [inline]
cfg80211_netdev_notifier_call+0x1b3/0x1430 net/wireless/core.c:1547
notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2212 [inline]
call_netdevice_notifiers net/core/dev.c:2226 [inline]
__dev_close_many+0x15d/0x760 net/core/dev.c:1671
dev_close_many+0x250/0x4c0 net/core/dev.c:1725
unregister_netdevice_many_notify+0x628/0x2510 net/core/dev.c:11940
unregister_netdevice_many net/core/dev.c:12035 [inline]
default_device_exit_batch+0x7ff/0x880 net/core/dev.c:12527
ops_exit_list net/core/net_namespace.c:177 [inline]
cleanup_net+0x8af/0xd60 net/core/net_namespace.c:654
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xac3/0x18e0 kernel/workqueue.c:3319
worker_thread+0x870/0xd50 kernel/workqueue.c:3400
kthread+0x7b7/0x940 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode