program: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0xffff, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, 'hsr0\x00'}}, 0x1e) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002002000000004000100080004"], 0x44}}, 0x0) sendmmsg(r0, &(0x7f0000001cc0), 0x400000000000026, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000980)=@newlink={0x44, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @empty}]}]}, @IFLA_MTU={0x8, 0x4, 0xe5}]}, 0x44}}, 0x0) (async) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000980)=@newlink={0x44, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @empty}]}]}, @IFLA_MTU={0x8, 0x4, 0xe5}]}, 0x44}}, 0x0) [ 68.457033][ T5308] Bluetooth: hci0: command tx timeout [ 68.493452][ T5323] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 68.496206][ T5323] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 68.510296][ T5323] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 68.515033][ T5323] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 68.535938][ T5323] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 68.538576][ T5323] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 68.543897][ T5323] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 68.546608][ T5323] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 68.556504][ T5324] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 68.565202][ T5323] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 68.572522][ T5325] [ 68.573553][ T5325] ===================================== [ 68.575669][ T5325] WARNING: bad unlock balance detected! [ 68.577689][ T5325] 6.15.0-rc1-syzkaller-00025-gbec7dcbc242c #0 Not tainted [ 68.580372][ T5325] ------------------------------------- [ 68.582571][ T5325] syz.0.0/5325 is trying to release lock (&dev_instance_lock_key) at: [ 68.585697][ T5325] [] do_setlink+0xc26/0x43a0 [ 68.588067][ T5325] but there are no more locks to release! [ 68.590171][ T5325] [ 68.590171][ T5325] other info that might help us debug this: [ 68.593190][ T5325] 1 lock held by syz.0.0/5325: [ 68.594983][ T5325] #0: ffffffff900fd3c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xd68/0x1fe0 [ 68.598511][ T5325] [ 68.598511][ T5325] stack backtrace: [ 68.600814][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.15.0-rc1-syzkaller-00025-gbec7dcbc242c #0 PREEMPT(full) [ 68.600827][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.600834][ T5325] Call Trace: [ 68.600840][ T5325] [ 68.600845][ T5325] dump_stack_lvl+0x241/0x360 [ 68.600863][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.600877][ T5325] ? __pfx__printk+0x10/0x10 [ 68.600891][ T5325] ? print_lock+0x171/0x1a0 [ 68.600904][ T5325] ? do_setlink+0xc26/0x43a0 [ 68.600918][ T5325] print_unlock_imbalance_bug+0x185/0x1a0 [ 68.600942][ T5325] lock_release+0x1ed/0x3e0 [ 68.600953][ T5325] ? do_setlink+0xc26/0x43a0 [ 68.600967][ T5325] ? do_setlink+0xc26/0x43a0 [ 68.600981][ T5325] __mutex_unlock_slowpath+0xee/0x800 [ 68.601002][ T5325] ? validate_linkmsg+0x70e/0xa40 [ 68.601014][ T5325] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 68.601026][ T5325] ? __pfx_validate_linkmsg+0x10/0x10 [ 68.601038][ T5325] ? rcu_is_watching+0x15/0xb0 [ 68.601051][ T5325] do_setlink+0xc26/0x43a0 [ 68.601067][ T5325] ? stack_trace_save+0x11a/0x1d0 [ 68.601082][ T5325] ? __lock_acquire+0xad5/0xd80 [ 68.601092][ T5325] ? do_raw_spin_lock+0x151/0x370 [ 68.601106][ T5325] ? __pfx_do_setlink+0x10/0x10 [ 68.601119][ T5325] ? _raw_spin_unlock_irqrestore+0x90/0x140 [ 68.601128][ T5325] ? lockdep_hardirqs_on+0x9d/0x150 [ 68.601139][ T5325] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 68.601148][ T5325] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.601159][ T5325] ? rcu_is_watching+0x15/0xb0 [ 68.601171][ T5325] ? __mutex_lock+0xbe3/0x10c0 [ 68.601184][ T5325] ? __mutex_lock+0x5f3/0x10c0 [ 68.601196][ T5325] ? rtnl_newlink+0xd68/0x1fe0 [ 68.601209][ T5325] ? __pfx___mutex_lock+0x10/0x10 [ 68.601219][ T5325] ? ns_capable+0x8a/0xf0 [ 68.601226][ T5325] ? rtnl_link_get_net_capable+0x168/0x340 [ 68.601237][ T5325] rtnl_newlink+0x17e2/0x1fe0 [ 68.601250][ T5325] ? stack_depot_save_flags+0x44/0x940 [ 68.602043][ T5325] ? __pfx_rtnl_newlink+0x10/0x10 [ 68.602057][ T5325] ? __netlink_deliver_tap+0x561/0x7f0 [ 68.602072][ T5325] ? netlink_deliver_tap+0x19d/0x1b0 [ 68.602085][ T5325] ? netlink_unicast+0x7c6/0x9a0 [ 68.602102][ T5325] ? netlink_sendmsg+0x8c3/0xcd0 [ 68.602115][ T5325] ? __sock_sendmsg+0x221/0x270 [ 68.602127][ T5325] ? ____sys_sendmsg+0x523/0x860 [ 68.602143][ T5325] ? __sys_sendmsg+0x271/0x360 [ 68.602152][ T5325] ? do_syscall_64+0xf3/0x230 [ 68.602163][ T5325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.602184][ T5325] ? kasan_quarantine_put+0xdc/0x230 [ 68.602196][ T5325] ? lockdep_hardirqs_on+0x9d/0x150 [ 68.602211][ T5325] ? nlmon_xmit+0xaf/0x100 [ 68.602226][ T5325] ? __local_bh_enable_ip+0x168/0x200 [ 68.602236][ T5325] ? lockdep_hardirqs_on+0x9d/0x150 [ 68.602248][ T5325] ? aa_get_newest_label+0x101/0x6f0 [ 68.602263][ T5325] ? __lock_acquire+0xad5/0xd80 [ 68.602279][ T5325] ? __pfx_rtnl_newlink+0x10/0x10 [ 68.602292][ T5325] rtnetlink_rcv_msg+0x80f/0xd70 [ 68.602308][ T5325] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 68.602317][ T5325] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 68.602327][ T5325] ? ref_tracker_free+0x63e/0x7e0 [ 68.602334][ T5325] netlink_rcv_skb+0x208/0x480 [ 68.602343][ T5325] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 68.602352][ T5325] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 68.602362][ T5325] ? netlink_deliver_tap+0x2e/0x1b0 [ 68.602371][ T5325] ? netlink_deliver_tap+0x2e/0x1b0 [ 68.602379][ T5325] netlink_unicast+0x7f8/0x9a0 [ 68.602388][ T5325] ? __pfx_netlink_unicast+0x10/0x10 [ 68.602396][ T5325] ? skb_put+0x114/0x1f0 [ 68.602402][ T5325] netlink_sendmsg+0x8c3/0xcd0 [ 68.602413][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.602422][ T5325] ? aa_sock_msg_perm+0x91/0x160 [ 68.602431][ T5325] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.602439][ T5325] __sock_sendmsg+0x221/0x270 [ 68.602448][ T5325] ____sys_sendmsg+0x523/0x860 [ 68.602456][ T5325] ? __pfx_____sys_sendmsg+0x10/0x10 [ 68.602462][ T5325] ? __fget_files+0x2a/0x420 [ 68.602468][ T5325] ? __fget_files+0x2a/0x420 [ 68.602474][ T5325] __sys_sendmsg+0x271/0x360 [ 68.602480][ T5325] ? __lock_acquire+0xad5/0xd80 [ 68.602487][ T5325] ? __pfx___sys_sendmsg+0x10/0x10 [ 68.602500][ T5325] ? do_syscall_64+0xb6/0x230 [ 68.602507][ T5325] do_syscall_64+0xf3/0x230 [ 68.602514][ T5325] ? clear_bhb_loop+0x45/0xa0 [ 68.602522][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.602532][ T5325] RIP: 0033:0x7f3b9c58d169 [ 68.602543][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.602551][ T5325] RSP: 002b:00007f3b989f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.602563][ T5325] RAX: ffffffffffffffda RBX: 00007f3b9c7a6160 RCX: 00007f3b9c58d169 [ 68.602570][ T5325] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000007 [ 68.602575][ T5325] RBP: 00007f3b9c60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 68.602579][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.602583][ T5325] R13: 0000000000000000 R14: 00007f3b9c7a6160 R15: 00007ffefc9f39f8 [ 68.602589][ T5325]