================================ WARNING: inconsistent lock state 5.11.0-rc4-syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. kworker/u4:8/14911 [HC0[0]:SC1[1]:HE1:SE0] takes: ffff8880679c80a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline] ffff8880679c80a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: sco_sock_timeout+0x33/0x170 net/bluetooth/sco.c:83 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0x174/0x6c0 kernel/locking/lockdep.c:5437 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] sco_conn_del+0x113/0x2a0 net/bluetooth/sco.c:176 hci_disconn_cfm include/net/bluetooth/hci_core.h:1462 [inline] hci_conn_hash_flush+0x112/0x240 net/bluetooth/hci_conn.c:1565 hci_dev_do_close+0xa04/0xfe0 net/bluetooth/hci_core.c:1776 hci_unregister_dev+0x27d/0x16f0 net/bluetooth/hci_core.c:3872 vhci_release+0x73/0xc0 drivers/bluetooth/hci_vhci.c:340 __fput+0x34d/0x7a0 fs/file_table.c:280 task_work_run+0x137/0x1c0 kernel/task_work.c:140 exit_task_work include/linux/task_work.h:30 [inline] do_exit+0x769/0x2490 kernel/exit.c:825 do_group_exit+0x168/0x2d0 kernel/exit.c:922 get_signal+0x16e5/0x2070 kernel/signal.c:2773 arch_do_signal_or_restart+0x8e/0x6a0 arch/x86/kernel/signal.c:811 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0xac/0x1e0 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x48/0x190 kernel/entry/common.c:302 entry_SYSCALL_64_after_hwframe+0x44/0xa9 irq event stamp: 29925100 hardirqs last enabled at (29925100): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (29925100): [] _raw_spin_unlock_irq+0x1f/0x40 kernel/locking/spinlock.c:199 hardirqs last disabled at (29925099): [] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline] hardirqs last disabled at (29925099): [] _raw_spin_lock_irq+0x89/0xf0 kernel/locking/spinlock.c:167 softirqs last enabled at (29924922): [] local_bh_enable+0x5/0x20 include/linux/bottom_half.h:31 softirqs last disabled at (29924923): [] asm_call_irq_on_stack+0xf/0x20 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(slock-AF_BLUETOOTH-BTPROTO_SCO); lock(slock-AF_BLUETOOTH-BTPROTO_SCO); *** DEADLOCK *** 5 locks held by kworker/u4:8/14911: #0: ffff888011693138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x7aa/0x10c0 kernel/workqueue.c:2248 #1: ffffc90002ac7d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7e8/0x10c0 kernel/workqueue.c:2250 #2: ffffffff8d2e3070 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf0/0xc60 net/core/net_namespace.c:566 #3: ffffffff8d2ee9c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock_unregistering net/core/dev.c:11171 [inline] #3: ffffffff8d2ee9c8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x1a7/0x790 net/core/dev.c:11209 #4: ffffc90000007ca0 ((&sk->sk_timer)#3){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:45 [inline] #4: ffffc90000007ca0 ((&sk->sk_timer)#3){+.-.}-{0:0}, at: call_timer_fn+0xbd/0x210 kernel/time/timer.c:1407 stack backtrace: CPU: 0 PID: 14911 Comm: kworker/u4:8 Not tainted 5.11.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x183/0x22e lib/dump_stack.c:120 print_usage_bug+0xc6f/0x1110 kernel/locking/lockdep.c:3740 mark_lock_irq kernel/locking/lockdep.c:3751 [inline] mark_lock+0x17b1/0x1f70 kernel/locking/lockdep.c:4411 mark_usage kernel/locking/lockdep.c:4306 [inline] __lock_acquire+0xcb7/0x5e40 kernel/locking/lockdep.c:4786 lock_acquire+0x174/0x6c0 kernel/locking/lockdep.c:5437 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] sco_sock_timeout+0x33/0x170 net/bluetooth/sco.c:83 call_timer_fn+0xf6/0x210 kernel/time/timer.c:1417 expire_timers kernel/time/timer.c:1462 [inline] __run_timers+0x6ff/0x910 kernel/time/timer.c:1731 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1744 __do_softirq+0x372/0x7a6 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x9a/0xe0 arch/x86/kernel/irq_64.c:77 do_softirq+0x110/0x160 kernel/softirq.c:246 __local_bh_enable_ip+0x184/0x1c0 kernel/softirq.c:196 get_next_corpse net/netfilter/nf_conntrack_core.c:2221 [inline] nf_ct_iterate_cleanup+0x49c/0x570 net/netfilter/nf_conntrack_core.c:2244 nf_ct_iterate_cleanup_net+0x154/0x1c0 net/netfilter/nf_conntrack_core.c:2329 masq_device_event+0x9b/0xd0 net/netfilter/nf_nat_masquerade.c:88 notifier_call_chain kernel/notifier.c:83 [inline] raw_notifier_call_chain+0xe7/0x170 kernel/notifier.c:410 call_netdevice_notifiers_info net/core/dev.c:2040 [inline] call_netdevice_notifiers_extack net/core/dev.c:2052 [inline] call_netdevice_notifiers net/core/dev.c:2066 [inline] dev_close_many+0x38b/0x540 net/core/dev.c:1641 rollback_registered_many+0x51a/0x1770 net/core/dev.c:9472 unregister_netdevice_many net/core/dev.c:10735 [inline] default_device_exit_batch+0x489/0x790 net/core/dev.c:11218 ops_exit_list net/core/net_namespace.c:190 [inline] cleanup_net+0x7ec/0xc60 net/core/net_namespace.c:604 process_one_work+0x833/0x10c0 kernel/workqueue.c:2275 worker_thread+0xaa4/0x1460 kernel/workqueue.c:2421 kthread+0x39a/0x3c0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296