program: socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x600, {0x0, 0x0, 0x0, 0x0, 0x12}, [@IFLA_MTU={0x8, 0x4, 0x46}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) [ 74.300502][ T4663] Bluetooth: hci0: command tx timeout [ 74.679363][ T9] e1000 0000:00:06.0 eth0: Reset adapter [ 74.702457][ T5318] [ 74.703890][ T5318] ====================================================== [ 74.707442][ T5318] WARNING: possible circular locking dependency detected [ 74.711270][ T5318] 6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 Not tainted [ 74.714683][ T5318] ------------------------------------------------------ [ 74.717663][ T5318] syz.0.0/5318 is trying to acquire lock: [ 74.720183][ T5318] ffff8880353616f0 ((work_completion)(&adapter->reset_task)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0 [ 74.724833][ T5318] [ 74.724833][ T5318] but task is already holding lock: [ 74.728234][ T5318] ffffffff8f2fab48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 74.731711][ T5318] [ 74.731711][ T5318] which lock already depends on the new lock. [ 74.731711][ T5318] [ 74.735869][ T5318] [ 74.735869][ T5318] the existing dependency chain (in reverse order) is: [ 74.739504][ T5318] [ 74.739504][ T5318] -> #1 (rtnl_mutex){+.+.}-{4:4}: [ 74.742506][ T5318] lock_acquire+0x120/0x360 [ 74.744570][ T5318] __mutex_lock+0x182/0xe80 [ 74.746681][ T5318] e1000_reset_task+0x56/0xc0 [ 74.748954][ T5318] process_scheduled_works+0xadb/0x17a0 [ 74.751512][ T5318] worker_thread+0x8a0/0xda0 [ 74.753725][ T5318] kthread+0x70e/0x8a0 [ 74.755871][ T5318] ret_from_fork+0x4b/0x80 [ 74.758094][ T5318] ret_from_fork_asm+0x1a/0x30 [ 74.760369][ T5318] [ 74.760369][ T5318] -> #0 ((work_completion)(&adapter->reset_task)){+.+.}-{0:0}: [ 74.764090][ T5318] validate_chain+0xb9b/0x2140 [ 74.766235][ T5318] __lock_acquire+0xaac/0xd20 [ 74.768479][ T5318] lock_acquire+0x120/0x360 [ 74.770676][ T5318] __flush_work+0x6b8/0xbc0 [ 74.772814][ T5318] __cancel_work_sync+0xbe/0x110 [ 74.775149][ T5318] e1000_down+0x402/0x6b0 [ 74.777274][ T5318] e1000_close+0x17b/0xa10 [ 74.779599][ T5318] __dev_close_many+0x361/0x6f0 [ 74.781872][ T5318] __dev_change_flags+0x2c7/0x6d0 [ 74.784174][ T5318] netif_change_flags+0x88/0x1a0 [ 74.786460][ T5318] do_setlink+0xcb9/0x40d0 [ 74.788589][ T5318] rtnl_newlink+0x149f/0x1c70 [ 74.790641][ T5318] rtnetlink_rcv_msg+0x7cc/0xb70 [ 74.793008][ T5318] netlink_rcv_skb+0x219/0x490 [ 74.795726][ T5318] netlink_unicast+0x75b/0x8d0 [ 74.798121][ T5318] netlink_sendmsg+0x805/0xb30 [ 74.800259][ T5318] __sock_sendmsg+0x21c/0x270 [ 74.802505][ T5318] ____sys_sendmsg+0x505/0x830 [ 74.804839][ T5318] ___sys_sendmsg+0x21f/0x2a0 [ 74.806996][ T5318] __x64_sys_sendmsg+0x19b/0x260 [ 74.809361][ T5318] do_syscall_64+0xf6/0x210 [ 74.811647][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.814479][ T5318] [ 74.814479][ T5318] other info that might help us debug this: [ 74.814479][ T5318] [ 74.818697][ T5318] Possible unsafe locking scenario: [ 74.818697][ T5318] [ 74.821775][ T5318] CPU0 CPU1 [ 74.824073][ T5318] ---- ---- [ 74.826390][ T5318] lock(rtnl_mutex); [ 74.828195][ T5318] lock((work_completion)(&adapter->reset_task)); [ 74.831999][ T5318] lock(rtnl_mutex); [ 74.834747][ T5318] lock((work_completion)(&adapter->reset_task)); [ 74.837232][ T5318] [ 74.837232][ T5318] *** DEADLOCK *** [ 74.837232][ T5318] [ 74.840449][ T5318] 2 locks held by syz.0.0/5318: [ 74.842551][ T5318] #0: ffffffff8f2fab48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 74.846414][ T5318] #1: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0 [ 74.850262][ T5318] [ 74.850262][ T5318] stack backtrace: [ 74.852737][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) [ 74.852752][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.852758][ T5318] Call Trace: [ 74.852765][ T5318] [ 74.852771][ T5318] dump_stack_lvl+0x189/0x250 [ 74.852791][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.852804][ T5318] ? __pfx__printk+0x10/0x10 [ 74.852815][ T5318] ? print_lock_name+0xde/0x100 [ 74.852832][ T5318] print_circular_bug+0x2ee/0x310 [ 74.852844][ T5318] check_noncircular+0x134/0x160 [ 74.852856][ T5318] validate_chain+0xb9b/0x2140 [ 74.852865][ T5318] ? do_raw_spin_lock+0x121/0x290 [ 74.852878][ T5318] ? look_up_lock_class+0x74/0x170 [ 74.852890][ T5318] ? register_lock_class+0x51/0x320 [ 74.852903][ T5318] __lock_acquire+0xaac/0xd20 [ 74.852917][ T5318] ? __flush_work+0xd2/0xbc0 [ 74.852927][ T5318] lock_acquire+0x120/0x360 [ 74.852939][ T5318] ? __flush_work+0xd2/0xbc0 [ 74.852950][ T5318] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.852962][ T5318] ? __flush_work+0xd2/0xbc0 [ 74.852973][ T5318] __flush_work+0x6b8/0xbc0 [ 74.852991][ T5318] ? __flush_work+0xd2/0xbc0 [ 74.853010][ T5318] ? __flush_work+0xd2/0xbc0 [ 74.853022][ T5318] ? __pfx___flush_work+0x10/0x10 [ 74.853036][ T5318] ? __pfx_wq_barrier_func+0x10/0x10 [ 74.853049][ T5318] ? __pfx___cancel_work+0x10/0x10 [ 74.853063][ T5318] __cancel_work_sync+0xbe/0x110 [ 74.853078][ T5318] e1000_down+0x402/0x6b0 [ 74.853096][ T5318] ? e1000_down+0xb2/0x6b0 [ 74.853109][ T5318] ? e1000_free_all_tx_resources+0x1b0/0x280 [ 74.853124][ T5318] e1000_close+0x17b/0xa10 [ 74.853140][ T5318] ? do_raw_spin_unlock+0x4d/0x240 [ 74.853153][ T5318] ? dev_deactivate_many+0xb82/0xd40 [ 74.853167][ T5318] ? __pfx_e1000_close+0x10/0x10 [ 74.853183][ T5318] ? dev_deactivate_many+0x258/0xd40 [ 74.853195][ T5318] ? __pfx_e1000_close+0x10/0x10 [ 74.853209][ T5318] __dev_close_many+0x361/0x6f0 [ 74.853223][ T5318] ? __pfx___dev_close_many+0x10/0x10 [ 74.853237][ T5318] __dev_change_flags+0x2c7/0x6d0 [ 74.853252][ T5318] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 74.853265][ T5318] ? __pfx___dev_change_flags+0x10/0x10 [ 74.853277][ T5318] ? netif_state_change+0x256/0x3a0 [ 74.853289][ T5318] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 74.853304][ T5318] netif_change_flags+0x88/0x1a0 [ 74.853318][ T5318] do_setlink+0xcb9/0x40d0 [ 74.853335][ T5318] ? __pfx_do_setlink+0x10/0x10 [ 74.853347][ T5318] ? do_raw_spin_lock+0x121/0x290 [ 74.853360][ T5318] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.853371][ T5318] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 74.853390][ T5318] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.853402][ T5318] ? rcu_is_watching+0x15/0xb0 [ 74.853413][ T5318] ? __mutex_lock+0xa6d/0xe80 [ 74.853426][ T5318] ? __mutex_lock+0x51b/0xe80 [ 74.853445][ T5318] ? rtnl_newlink+0x8db/0x1c70 [ 74.853455][ T5318] ? __pfx___mutex_lock+0x10/0x10 [ 74.853469][ T5318] ? ns_capable+0x8a/0xf0 [ 74.853478][ T5318] ? rtnl_link_get_net_capable+0x16a/0x350 [ 74.853491][ T5318] rtnl_newlink+0x149f/0x1c70 [ 74.853506][ T5318] ? __pfx_rtnl_newlink+0x10/0x10 [ 74.853516][ T5318] ? __lock_acquire+0xaac/0xd20 [ 74.853535][ T5318] ? do_raw_spin_lock+0x121/0x290 [ 74.853550][ T5318] ? __lock_acquire+0xaac/0xd20 [ 74.853566][ T5318] ? __lock_acquire+0xaac/0xd20 [ 74.853583][ T5318] ? is_bpf_text_address+0x26/0x2b0 [ 74.853598][ T5318] ? is_bpf_text_address+0x292/0x2b0 [ 74.853610][ T5318] ? is_bpf_text_address+0x26/0x2b0 [ 74.853624][ T5318] ? aa_get_newest_label+0xf7/0x5d0 [ 74.853635][ T5318] ? __lock_acquire+0xaac/0xd20 [ 74.853654][ T5318] ? __pfx_rtnl_newlink+0x10/0x10 [ 74.853665][ T5318] rtnetlink_rcv_msg+0x7cc/0xb70 [ 74.853676][ T5318] ? kasan_save_track+0x4f/0x80 [ 74.853689][ T5318] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 74.853700][ T5318] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 74.853711][ T5318] ? __lock_acquire+0xaac/0xd20 [ 74.853728][ T5318] netlink_rcv_skb+0x219/0x490 [ 74.853740][ T5318] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 74.853751][ T5318] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 74.853767][ T5318] ? netlink_deliver_tap+0x2e/0x1b0 [ 74.853779][ T5318] ? netlink_deliver_tap+0x2e/0x1b0 [ 74.853793][ T5318] netlink_unicast+0x75b/0x8d0 [ 74.853807][ T5318] netlink_sendmsg+0x805/0xb30 [ 74.853820][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.853832][ T5318] ? aa_sock_msg_perm+0x94/0x160 [ 74.853843][ T5318] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 74.853855][ T5318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.853867][ T5318] __sock_sendmsg+0x21c/0x270 [ 74.853878][ T5318] ____sys_sendmsg+0x505/0x830 [ 74.853893][ T5318] ? __pfx_____sys_sendmsg+0x10/0x10 [ 74.853907][ T5318] ? import_iovec+0x74/0xa0 [ 74.853918][ T5318] ___sys_sendmsg+0x21f/0x2a0 [ 74.853926][ T5318] ? __pfx____sys_sendmsg+0x10/0x10 [ 74.853939][ T5318] ? __fget_files+0x2a/0x420 [ 74.853948][ T5318] ? __fget_files+0x3a0/0x420 [ 74.853958][ T5318] __x64_sys_sendmsg+0x19b/0x260 [ 74.853970][ T5318] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 74.853986][ T5318] ? do_syscall_64+0xba/0x210 [ 74.854009][ T5318] do_syscall_64+0xf6/0x210 [ 74.854022][ T5318] ? clear_bhb_loop+0x60/0xb0 [ 74.854036][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.854048][ T5318] RIP: 0033:0x7f2b0658e969 [ 74.854060][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.854069][ T5318] RSP: 002b:00007f2b07332038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.854081][ T5318] RAX: ffffffffffffffda RBX: 00007f2b067b5fa0 RCX: 00007f2b0658e969 [ 74.854089][ T5318] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004 [ 74.854096][ T5318] RBP: 00007f2b06610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 74.854102][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.854109][ T5318] R13: 0000000000000000 R14: 00007f2b067b5fa0 R15: 00007ffcf35d68d8 [ 74.854119][ T5318] [ 76.370497][ T4663] Bluetooth: hci0: command tx timeout [ 76.451776][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.454530][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 78.450934][ T4663] Bluetooth: hci0: command tx timeout [ 80.530476][ T4663] Bluetooth: hci0: command tx timeout