program: socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) r0 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r1, 0x0, 0x0}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000002380)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106, 0x4}}, 0x20) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in={{0x3, 0x0, @loopback}}}, 0x84) r5 = syz_open_pts(r3, 0x60c40) dup3(r5, r3, 0x0) clock_adjtime(0x1, &(0x7f00000002c0)={0x8, 0x7, 0xabb8, 0x8, 0x6, 0x9, 0x9, 0x96, 0x4, 0x3, 0x200, 0x6, 0x600000000000, 0x0, 0x6, 0x4f, 0x2, 0x0, 0x6, 0x7, 0x3, 0x0, 0x3, 0x2, 0x80000000, 0x26f3}) splice(r3, 0x0, r2, 0x0, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x12}, [@IFLA_MTU={0x8, 0x4, 0x46}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 73.780299][ T4667] Bluetooth: hci0: command tx timeout [ 74.276240][ T50] e1000 0000:00:06.0 eth0: Reset adapter [ 74.296525][ T5314] [ 74.297712][ T5314] ====================================================== [ 74.300710][ T5314] WARNING: possible circular locking dependency detected [ 74.303636][ T5314] 6.15.0-syzkaller-03478-gc89756bcf406 #0 Not tainted [ 74.306513][ T5314] ------------------------------------------------------ [ 74.309300][ T5314] syz.0.0/5314 is trying to acquire lock: [ 74.311604][ T5314] ffff8880336516f0 ((work_completion)(&adapter->reset_task)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0 [ 74.316323][ T5314] [ 74.316323][ T5314] but task is already holding lock: [ 74.319443][ T5314] ffffffff8f505008 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 74.323086][ T5314] [ 74.323086][ T5314] which lock already depends on the new lock. [ 74.323086][ T5314] [ 74.327403][ T5314] [ 74.327403][ T5314] the existing dependency chain (in reverse order) is: [ 74.331105][ T5314] [ 74.331105][ T5314] -> #1 (rtnl_mutex){+.+.}-{4:4}: [ 74.334128][ T5314] lock_acquire+0x120/0x360 [ 74.336338][ T5314] __mutex_lock+0x182/0xe80 [ 74.338522][ T5314] e1000_reset_task+0x56/0xc0 [ 74.340707][ T5314] process_scheduled_works+0xadb/0x17a0 [ 74.343318][ T5314] worker_thread+0x8a0/0xda0 [ 74.345519][ T5314] kthread+0x711/0x8a0 [ 74.347520][ T5314] ret_from_fork+0x3fc/0x770 [ 74.349724][ T5314] ret_from_fork_asm+0x1a/0x30 [ 74.351973][ T5314] [ 74.351973][ T5314] -> #0 ((work_completion)(&adapter->reset_task)){+.+.}-{0:0}: [ 74.355989][ T5314] validate_chain+0xb9b/0x2140 [ 74.358233][ T5314] __lock_acquire+0xab9/0xd20 [ 74.360509][ T5314] lock_acquire+0x120/0x360 [ 74.362584][ T5314] __flush_work+0x6b8/0xbc0 [ 74.364600][ T5314] __cancel_work_sync+0xbe/0x110 [ 74.366569][ T5314] e1000_down+0x402/0x6b0 [ 74.368356][ T5314] e1000_close+0x17b/0xa10 [ 74.370262][ T5314] __dev_close_many+0x364/0x6f0 [ 74.372561][ T5314] __dev_change_flags+0x2c7/0x6d0 [ 74.374988][ T5314] netif_change_flags+0x88/0x1a0 [ 74.377406][ T5314] do_setlink+0xcb9/0x40d0 [ 74.379525][ T5314] rtnl_newlink+0x149f/0x1c70 [ 74.381675][ T5314] rtnetlink_rcv_msg+0x7cf/0xb70 [ 74.383943][ T5314] netlink_rcv_skb+0x21c/0x490 [ 74.386092][ T5314] netlink_unicast+0x758/0x8d0 [ 74.388271][ T5314] netlink_sendmsg+0x805/0xb30 [ 74.390421][ T5314] __sock_sendmsg+0x219/0x270 [ 74.392542][ T5314] ____sys_sendmsg+0x505/0x830 [ 74.394815][ T5314] ___sys_sendmsg+0x21f/0x2a0 [ 74.397078][ T5314] __x64_sys_sendmsg+0x19b/0x260 [ 74.399400][ T5314] do_syscall_64+0xfa/0x3b0 [ 74.401648][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.404376][ T5314] [ 74.404376][ T5314] other info that might help us debug this: [ 74.404376][ T5314] [ 74.408647][ T5314] Possible unsafe locking scenario: [ 74.408647][ T5314] [ 74.411721][ T5314] CPU0 CPU1 [ 74.414004][ T5314] ---- ---- [ 74.416287][ T5314] lock(rtnl_mutex); [ 74.418004][ T5314] lock((work_completion)(&adapter->reset_task)); [ 74.421667][ T5314] lock(rtnl_mutex); [ 74.424393][ T5314] lock((work_completion)(&adapter->reset_task)); [ 74.427035][ T5314] [ 74.427035][ T5314] *** DEADLOCK *** [ 74.427035][ T5314] [ 74.430329][ T5314] 2 locks held by syz.0.0/5314: [ 74.432375][ T5314] #0: ffffffff8f505008 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 74.436109][ T5314] #1: ffffffff8e13cc00 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0 [ 74.439887][ T5314] [ 74.439887][ T5314] stack backtrace: [ 74.442301][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-03478-gc89756bcf406 #0 PREEMPT(full) [ 74.442317][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.442325][ T5314] Call Trace: [ 74.442333][ T5314] [ 74.442339][ T5314] dump_stack_lvl+0x189/0x250 [ 74.442361][ T5314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.442378][ T5314] ? __pfx__printk+0x10/0x10 [ 74.442390][ T5314] ? print_lock_name+0xde/0x100 [ 74.442403][ T5314] print_circular_bug+0x2ee/0x310 [ 74.442422][ T5314] check_noncircular+0x134/0x160 [ 74.442441][ T5314] validate_chain+0xb9b/0x2140 [ 74.442457][ T5314] ? do_raw_spin_lock+0x121/0x290 [ 74.442469][ T5314] ? look_up_lock_class+0x74/0x170 [ 74.442485][ T5314] ? register_lock_class+0x51/0x320 [ 74.442500][ T5314] __lock_acquire+0xab9/0xd20 [ 74.442514][ T5314] ? __flush_work+0xd2/0xbc0 [ 74.442530][ T5314] lock_acquire+0x120/0x360 [ 74.442543][ T5314] ? __flush_work+0xd2/0xbc0 [ 74.442561][ T5314] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.442576][ T5314] ? __flush_work+0xd2/0xbc0 [ 74.442592][ T5314] __flush_work+0x6b8/0xbc0 [ 74.442608][ T5314] ? __flush_work+0xd2/0xbc0 [ 74.442625][ T5314] ? __flush_work+0xd2/0xbc0 [ 74.442641][ T5314] ? __pfx___flush_work+0x10/0x10 [ 74.442658][ T5314] ? __pfx_wq_barrier_func+0x10/0x10 [ 74.442673][ T5314] ? __pfx___cancel_work+0x10/0x10 [ 74.442681][ T5314] ? __local_bh_enable_ip+0x12d/0x1c0 [ 74.442698][ T5314] __cancel_work_sync+0xbe/0x110 [ 74.442707][ T5314] e1000_down+0x402/0x6b0 [ 74.442725][ T5314] ? e1000_down+0xb2/0x6b0 [ 74.442739][ T5314] ? e1000_free_all_tx_resources+0x1d0/0x280 [ 74.442756][ T5314] e1000_close+0x17b/0xa10 [ 74.442770][ T5314] ? do_raw_spin_unlock+0x4d/0x240 [ 74.442781][ T5314] ? dev_deactivate_many+0xb82/0xd40 [ 74.442806][ T5314] ? __pfx_e1000_close+0x10/0x10 [ 74.442824][ T5314] ? dev_deactivate_many+0x258/0xd40 [ 74.442840][ T5314] ? __pfx_e1000_close+0x10/0x10 [ 74.442858][ T5314] __dev_close_many+0x364/0x6f0 [ 74.442876][ T5314] ? __pfx___dev_close_many+0x10/0x10 [ 74.442893][ T5314] __dev_change_flags+0x2c7/0x6d0 [ 74.442911][ T5314] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 74.442929][ T5314] ? __pfx___dev_change_flags+0x10/0x10 [ 74.442946][ T5314] ? netif_state_change+0x256/0x3a0 [ 74.442960][ T5314] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 74.442977][ T5314] ? kernel_text_address+0xa5/0xe0 [ 74.442990][ T5314] netif_change_flags+0x88/0x1a0 [ 74.443007][ T5314] do_setlink+0xcb9/0x40d0 [ 74.443027][ T5314] ? __pfx_do_setlink+0x10/0x10 [ 74.443041][ T5314] ? __lock_acquire+0xab9/0xd20 [ 74.443056][ T5314] ? __mutex_trylock_common+0x153/0x260 [ 74.443073][ T5314] ? __pfx___mutex_trylock_common+0x10/0x10 [ 74.443090][ T5314] ? rcu_is_watching+0x15/0xb0 [ 74.443105][ T5314] ? trace_contention_end+0x39/0x120 [ 74.443121][ T5314] ? __mutex_lock+0x330/0xe80 [ 74.443137][ T5314] ? __pfx_aa_get_newest_label+0x10/0x10 [ 74.443193][ T5314] ? rtnl_newlink+0x8db/0x1c70 [ 74.443212][ T5314] ? rcu_is_watching+0x15/0xb0 [ 74.443226][ T5314] ? __pfx___mutex_lock+0x10/0x10 [ 74.443245][ T5314] ? ns_capable+0x8a/0xf0 [ 74.443261][ T5314] ? rtnl_link_get_net_capable+0x16a/0x350 [ 74.443279][ T5314] rtnl_newlink+0x149f/0x1c70 [ 74.443298][ T5314] ? __pfx_rtnl_newlink+0x10/0x10 [ 74.443317][ T5314] ? __lock_acquire+0xab9/0xd20 [ 74.443334][ T5314] ? __lock_acquire+0xab9/0xd20 [ 74.443360][ T5314] ? is_bpf_text_address+0x26/0x2b0 [ 74.443375][ T5314] ? is_bpf_text_address+0x292/0x2b0 [ 74.443389][ T5314] ? is_bpf_text_address+0x26/0x2b0 [ 74.443409][ T5314] ? __lock_acquire+0xab9/0xd20 [ 74.443427][ T5314] ? __pfx_rtnl_newlink+0x10/0x10 [ 74.443441][ T5314] rtnetlink_rcv_msg+0x7cf/0xb70 [ 74.443455][ T5314] ? kasan_save_track+0x4f/0x80 [ 74.443467][ T5314] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 74.443480][ T5314] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 74.443494][ T5314] ? __lock_acquire+0xab9/0xd20 [ 74.443510][ T5314] netlink_rcv_skb+0x21c/0x490 [ 74.443526][ T5314] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 74.443540][ T5314] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 74.443558][ T5314] ? netlink_deliver_tap+0x2e/0x1b0 [ 74.443602][ T5314] ? netlink_deliver_tap+0x2e/0x1b0 [ 74.443619][ T5314] netlink_unicast+0x758/0x8d0 [ 74.443636][ T5314] netlink_sendmsg+0x805/0xb30 [ 74.443654][ T5314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.443670][ T5314] ? aa_sock_msg_perm+0x94/0x160 [ 74.443686][ T5314] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 74.443698][ T5314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.443714][ T5314] __sock_sendmsg+0x219/0x270 [ 74.443728][ T5314] ____sys_sendmsg+0x505/0x830 [ 74.443745][ T5314] ? __pfx_____sys_sendmsg+0x10/0x10 [ 74.443764][ T5314] ? import_iovec+0x74/0xa0 [ 74.443777][ T5314] ___sys_sendmsg+0x21f/0x2a0 [ 74.443800][ T5314] ? __pfx____sys_sendmsg+0x10/0x10 [ 74.443828][ T5314] ? __fget_files+0x2a/0x420 [ 74.443843][ T5314] ? __fget_files+0x3a0/0x420 [ 74.443860][ T5314] __x64_sys_sendmsg+0x19b/0x260 [ 74.443878][ T5314] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 74.443899][ T5314] ? rcu_is_watching+0x15/0xb0 [ 74.443916][ T5314] ? do_syscall_64+0xbe/0x3b0 [ 74.443933][ T5314] do_syscall_64+0xfa/0x3b0 [ 74.443949][ T5314] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.443963][ T5314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.443977][ T5314] ? clear_bhb_loop+0x60/0xb0 [ 74.443989][ T5314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.444001][ T5314] RIP: 0033:0x7f7b5778e969 [ 74.444013][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.444022][ T5314] RSP: 002b:00007f7b585e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.444034][ T5314] RAX: ffffffffffffffda RBX: 00007f7b579b6080 RCX: 00007f7b5778e969 [ 74.444042][ T5314] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004 [ 74.444049][ T5314] RBP: 00007f7b57810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 74.444056][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.444063][ T5314] R13: 0000000000000000 R14: 00007f7b579b6080 R15: 00007ffec2445fb8 [ 74.444074][ T5314] [ 75.842723][ T4667] Bluetooth: hci0: command tx timeout [ 76.484043][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.486511][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.926233][ T4667] Bluetooth: hci0: command tx timeout [ 80.002740][ T4667] Bluetooth: hci0: command tx timeout