wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
======================================================
WARNING: possible circular locking dependency detected
6.13.0-next-20250128 #1 Not tainted
------------------------------------------------------
kworker/u8:1/65 is trying to acquire lock:
ffffffff8621d9a8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80

but task is already holding lock:
ffff88803cbb0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
       __mutex_lock+0x13d/0xb50
       wiphy_register+0x1b2e/0x25d0
       ieee80211_register_hw+0x23a4/0x3d60
       mac80211_hwsim_new_radio+0x2759/0x4d60
       init_mac80211_hwsim+0x389/0x870
       do_one_initcall+0xf9/0x640
       kernel_init_freeable+0x53d/0x7a0
       kernel_init+0x1e/0x2d0
       ret_from_fork+0x48/0x80
       ret_from_fork_asm+0x1a/0x30

-> #0 (rtnl_mutex){+.+.}-{4:4}:
       __lock_acquire+0x29fd/0x4580
       lock_acquire+0x19b/0x520
       __mutex_lock+0x13d/0xb50
       unregister_netdevice_many_notify+0x1612/0x1c80
       unregister_netdevice_queue+0x224/0x2e0
       _cfg80211_unregister_wdev+0x57b/0x700
       ieee80211_remove_interfaces+0x2f2/0x6b0
       ieee80211_unregister_hw+0x55/0x3a0
       hwsim_exit_net+0x3a0/0x730
       ops_exit_list+0xb3/0x180
       cleanup_net+0x546/0xad0
       process_one_work+0x8ee/0x1a10
       worker_thread+0x674/0xe70
       kthread+0x3ab/0x720
       ret_from_fork+0x48/0x80
       ret_from_fork_asm+0x1a/0x30

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&rdev->wiphy.mtx);
                               lock(rtnl_mutex);
                               lock(&rdev->wiphy.mtx);
  lock(rtnl_mutex);

 *** DEADLOCK ***

4 locks held by kworker/u8:1/65:
 #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10
 #1: ffff88800ec7fd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10
 #2: ffffffff862119d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0
 #3: ffff88803cbb0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0

stack backtrace:
CPU: 1 UID: 0 PID: 65 Comm: kworker/u8:1 Not tainted 6.13.0-next-20250128 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 dump_stack_lvl+0xca/0x120
 print_circular_bug+0x47b/0x750
 check_noncircular+0x2e9/0x3c0
 __lock_acquire+0x29fd/0x4580
 lock_acquire+0x19b/0x520
 __mutex_lock+0x13d/0xb50
 unregister_netdevice_many_notify+0x1612/0x1c80
 unregister_netdevice_queue+0x224/0x2e0
 _cfg80211_unregister_wdev+0x57b/0x700
 ieee80211_remove_interfaces+0x2f2/0x6b0
 ieee80211_unregister_hw+0x55/0x3a0
 hwsim_exit_net+0x3a0/0x730
 ops_exit_list+0xb3/0x180
 cleanup_net+0x546/0xad0
 process_one_work+0x8ee/0x1a10
 worker_thread+0x674/0xe70
 kthread+0x3ab/0x720
 ret_from_fork+0x48/0x80
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci0: command tx timeout
Bluetooth: hci1: command tx timeout
Bluetooth: hci2: command tx timeout
Bluetooth: hci5: command tx timeout
Bluetooth: hci3: command tx timeout
Bluetooth: hci4: command tx timeout
Bluetooth: hci7: command tx timeout
Bluetooth: hci6: command tx timeout
Bluetooth: hci0: command tx timeout
Bluetooth: hci1: command tx timeout
Bluetooth: hci2: command tx timeout
Bluetooth: hci5: command tx timeout
Bluetooth: hci3: command tx timeout
Bluetooth: hci4: command tx timeout
Bluetooth: hci7: command tx timeout
Bluetooth: hci6: command tx timeout
Bluetooth: hci0: command tx timeout
Bluetooth: hci1: command tx timeout
Bluetooth: hci2: command tx timeout
Bluetooth: hci3: command tx timeout
Bluetooth: hci5: command tx timeout
Bluetooth: hci7: command tx timeout
Bluetooth: hci4: command tx timeout
Bluetooth: hci6: command tx timeout