program:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000005400)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000037c0)='-', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000003d80)=[{&(0x7f0000003ac0)="bb", 0x1}], 0x1}}], 0x2, 0x60cd894)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x12}, [@IFLA_MTU={0x8, 0x4, 0x46}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)

[   68.358429][ T5298] Bluetooth: hci0: command tx timeout
[   68.728610][ T5311] e1000 0000:00:06.0 eth0: Reset adapter
[   68.769657][ T5313] 
[   68.770598][ T5313] ======================================================
[   68.773254][ T5313] WARNING: possible circular locking dependency detected
[   68.775960][ T5313] 6.15.0-syzkaller #0 Not tainted
[   68.777706][ T5313] ------------------------------------------------------
[   68.780600][ T5313] syz.0.0/5313 is trying to acquire lock:
[   68.782801][ T5313] ffff8880331996f0 ((work_completion)(&adapter->reset_task)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0
[   68.787160][ T5313] 
[   68.787160][ T5313] but task is already holding lock:
[   68.790214][ T5313] ffffffff8f2fabc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[   68.793890][ T5313] 
[   68.793890][ T5313] which lock already depends on the new lock.
[   68.793890][ T5313] 
[   68.797991][ T5313] 
[   68.797991][ T5313] the existing dependency chain (in reverse order) is:
[   68.801345][ T5313] 
[   68.801345][ T5313] -> #1 (rtnl_mutex){+.+.}-{4:4}:
[   68.804156][ T5313]        lock_acquire+0x120/0x360
[   68.806079][ T5313]        __mutex_lock+0x182/0xe80
[   68.807875][ T5313]        e1000_reset_task+0x56/0xc0
[   68.810017][ T5313]        process_scheduled_works+0xadb/0x17a0
[   68.812389][ T5313]        worker_thread+0x8a0/0xda0
[   68.814576][ T5313]        kthread+0x70e/0x8a0
[   68.816531][ T5313]        ret_from_fork+0x4b/0x80
[   68.818797][ T5313]        ret_from_fork_asm+0x1a/0x30
[   68.821089][ T5313] 
[   68.821089][ T5313] -> #0 ((work_completion)(&adapter->reset_task)){+.+.}-{0:0}:
[   68.825310][ T5313]        validate_chain+0xb9b/0x2140
[   68.827679][ T5313]        __lock_acquire+0xaac/0xd20
[   68.830031][ T5313]        lock_acquire+0x120/0x360
[   68.832286][ T5313]        __flush_work+0x6b8/0xbc0
[   68.834483][ T5313]        __cancel_work_sync+0xbe/0x110
[   68.836830][ T5313]        e1000_down+0x402/0x6b0
[   68.838972][ T5313]        e1000_close+0x17b/0xa10
[   68.841110][ T5313]        __dev_close_many+0x361/0x6f0
[   68.843515][ T5313]        __dev_change_flags+0x2c7/0x6d0
[   68.845947][ T5313]        netif_change_flags+0x88/0x1a0
[   68.848387][ T5313]        do_setlink+0xcb9/0x40d0
[   68.850594][ T5313]        rtnl_newlink+0x149f/0x1c70
[   68.852922][ T5313]        rtnetlink_rcv_msg+0x7cc/0xb70
[   68.855355][ T5313]        netlink_rcv_skb+0x219/0x490
[   68.857714][ T5313]        netlink_unicast+0x75b/0x8d0
[   68.860007][ T5313]        netlink_sendmsg+0x805/0xb30
[   68.862305][ T5313]        __sock_sendmsg+0x21c/0x270
[   68.864520][ T5313]        ____sys_sendmsg+0x505/0x830
[   68.866761][ T5313]        ___sys_sendmsg+0x21f/0x2a0
[   68.869042][ T5313]        __x64_sys_sendmsg+0x19b/0x260
[   68.871454][ T5313]        do_syscall_64+0xf6/0x210
[   68.873695][ T5313]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.876535][ T5313] 
[   68.876535][ T5313] other info that might help us debug this:
[   68.876535][ T5313] 
[   68.880981][ T5313]  Possible unsafe locking scenario:
[   68.880981][ T5313] 
[   68.884289][ T5313]        CPU0                    CPU1
[   68.886670][ T5313]        ----                    ----
[   68.889092][ T5313]   lock(rtnl_mutex);
[   68.890908][ T5313]                                lock((work_completion)(&adapter->reset_task));
[   68.894856][ T5313]                                lock(rtnl_mutex);
[   68.897722][ T5313]   lock((work_completion)(&adapter->reset_task));
[   68.900595][ T5313] 
[   68.900595][ T5313]  *** DEADLOCK ***
[   68.900595][ T5313] 
[   68.903984][ T5313] 2 locks held by syz.0.0/5313:
[   68.906175][ T5313]  #0: ffffffff8f2fabc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[   68.910213][ T5313]  #1: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0
[   68.914109][ T5313] 
[   68.914109][ T5313] stack backtrace:
[   68.916659][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) 
[   68.916671][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.916676][ T5313] Call Trace:
[   68.916681][ T5313]  <TASK>
[   68.916686][ T5313]  dump_stack_lvl+0x189/0x250
[   68.916700][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.916709][ T5313]  ? __pfx__printk+0x10/0x10
[   68.916717][ T5313]  ? print_lock_name+0xde/0x100
[   68.916729][ T5313]  print_circular_bug+0x2ee/0x310
[   68.916738][ T5313]  check_noncircular+0x134/0x160
[   68.916746][ T5313]  validate_chain+0xb9b/0x2140
[   68.916753][ T5313]  ? do_raw_spin_lock+0x121/0x290
[   68.916764][ T5313]  ? look_up_lock_class+0x74/0x170
[   68.916773][ T5313]  ? register_lock_class+0x51/0x320
[   68.916786][ T5313]  __lock_acquire+0xaac/0xd20
[   68.916801][ T5313]  ? __flush_work+0xd2/0xbc0
[   68.916811][ T5313]  lock_acquire+0x120/0x360
[   68.916823][ T5313]  ? __flush_work+0xd2/0xbc0
[   68.916832][ T5313]  ? _raw_spin_unlock_irq+0x23/0x50
[   68.916840][ T5313]  ? __flush_work+0xd2/0xbc0
[   68.916846][ T5313]  __flush_work+0x6b8/0xbc0
[   68.916853][ T5313]  ? __flush_work+0xd2/0xbc0
[   68.916860][ T5313]  ? __flush_work+0xd2/0xbc0
[   68.916866][ T5313]  ? __pfx___flush_work+0x10/0x10
[   68.916873][ T5313]  ? __pfx_wq_barrier_func+0x10/0x10
[   68.916881][ T5313]  ? __pfx___cancel_work+0x10/0x10
[   68.916889][ T5313]  __cancel_work_sync+0xbe/0x110
[   68.916896][ T5313]  e1000_down+0x402/0x6b0
[   68.916906][ T5313]  ? e1000_down+0xb2/0x6b0
[   68.916914][ T5313]  ? e1000_free_all_tx_resources+0x1b0/0x280
[   68.916924][ T5313]  e1000_close+0x17b/0xa10
[   68.916936][ T5313]  ? do_raw_spin_unlock+0x4d/0x240
[   68.916947][ T5313]  ? dev_deactivate_many+0xb82/0xd40
[   68.916960][ T5313]  ? __pfx_e1000_close+0x10/0x10
[   68.916974][ T5313]  ? dev_deactivate_many+0x258/0xd40
[   68.916984][ T5313]  ? __pfx_e1000_close+0x10/0x10
[   68.916992][ T5313]  __dev_close_many+0x361/0x6f0
[   68.917001][ T5313]  ? __pfx___dev_close_many+0x10/0x10
[   68.917010][ T5313]  __dev_change_flags+0x2c7/0x6d0
[   68.917019][ T5313]  ? __pfx_netif_set_mtu_ext+0x10/0x10
[   68.917027][ T5313]  ? __pfx___dev_change_flags+0x10/0x10
[   68.917034][ T5313]  ? netif_state_change+0x256/0x3a0
[   68.917044][ T5313]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   68.917066][ T5313]  netif_change_flags+0x88/0x1a0
[   68.917085][ T5313]  do_setlink+0xcb9/0x40d0
[   68.917103][ T5313]  ? __pfx_do_setlink+0x10/0x10
[   68.917114][ T5313]  ? do_raw_spin_lock+0x121/0x290
[   68.917123][ T5313]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.917131][ T5313]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.917138][ T5313]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.917146][ T5313]  ? rcu_is_watching+0x15/0xb0
[   68.917152][ T5313]  ? __mutex_lock+0xa6d/0xe80
[   68.917162][ T5313]  ? __mutex_lock+0x51b/0xe80
[   68.917173][ T5313]  ? rtnl_newlink+0x8db/0x1c70
[   68.917184][ T5313]  ? __pfx___mutex_lock+0x10/0x10
[   68.917198][ T5313]  ? ns_capable+0x8a/0xf0
[   68.917208][ T5313]  ? rtnl_link_get_net_capable+0x16a/0x350
[   68.917222][ T5313]  rtnl_newlink+0x149f/0x1c70
[   68.917236][ T5313]  ? __pfx_rtnl_newlink+0x10/0x10
[   68.917245][ T5313]  ? __dev_queue_xmit+0x27e/0x3a70
[   68.917259][ T5313]  ? is_bpf_text_address+0x26/0x2b0
[   68.917275][ T5313]  ? __lock_acquire+0xaac/0xd20
[   68.917291][ T5313]  ? __lock_acquire+0xaac/0xd20
[   68.917309][ T5313]  ? is_bpf_text_address+0x26/0x2b0
[   68.917322][ T5313]  ? is_bpf_text_address+0x292/0x2b0
[   68.917335][ T5313]  ? is_bpf_text_address+0x26/0x2b0
[   68.917349][ T5313]  ? aa_get_newest_label+0xf7/0x5d0
[   68.917362][ T5313]  ? __lock_acquire+0xaac/0xd20
[   68.917380][ T5313]  ? __pfx_rtnl_newlink+0x10/0x10
[   68.917391][ T5313]  rtnetlink_rcv_msg+0x7cc/0xb70
[   68.917400][ T5313]  ? kasan_save_track+0x4f/0x80
[   68.917408][ T5313]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   68.917415][ T5313]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.917430][ T5313]  ? __lock_acquire+0xaac/0xd20
[   68.917447][ T5313]  netlink_rcv_skb+0x219/0x490
[   68.917460][ T5313]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.917474][ T5313]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   68.917490][ T5313]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.917504][ T5313]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.917516][ T5313]  netlink_unicast+0x75b/0x8d0
[   68.917529][ T5313]  netlink_sendmsg+0x805/0xb30
[   68.917541][ T5313]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.917552][ T5313]  ? aa_sock_msg_perm+0x94/0x160
[   68.917563][ T5313]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   68.917575][ T5313]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.917587][ T5313]  __sock_sendmsg+0x21c/0x270
[   68.917599][ T5313]  ____sys_sendmsg+0x505/0x830
[   68.917614][ T5313]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.917628][ T5313]  ? import_iovec+0x74/0xa0
[   68.917641][ T5313]  ___sys_sendmsg+0x21f/0x2a0
[   68.917655][ T5313]  ? __pfx____sys_sendmsg+0x10/0x10
[   68.917676][ T5313]  ? __fget_files+0x2a/0x420
[   68.917690][ T5313]  ? __fget_files+0x3a0/0x420
[   68.917702][ T5313]  __x64_sys_sendmsg+0x19b/0x260
[   68.917711][ T5313]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   68.917721][ T5313]  ? do_syscall_64+0xba/0x210
[   68.917730][ T5313]  do_syscall_64+0xf6/0x210
[   68.917740][ T5313]  ? clear_bhb_loop+0x60/0xb0
[   68.917747][ T5313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.917754][ T5313] RIP: 0033:0x7f1bdd58e969
[   68.917762][ T5313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.917768][ T5313] RSP: 002b:00007f1bd99f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   68.917776][ T5313] RAX: ffffffffffffffda RBX: 00007f1bdd7b5fa0 RCX: 00007f1bdd58e969
[   68.917781][ T5313] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[   68.917785][ T5313] RBP: 00007f1bdd610ab1 R08: 0000000000000000 R09: 0000000000000000
[   68.917789][ T5313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.917793][ T5313] R13: 0000000000000000 R14: 00007f1bdd7b5fa0 R15: 00007fffa90bbdf8
[   68.917799][ T5313]  </TASK>
[   70.418632][ T5298] Bluetooth: hci0: command tx timeout
[   72.498746][ T5298] Bluetooth: hci0: command tx timeout
[   74.578529][ T5298] Bluetooth: hci0: command tx timeout