======================================================
WARNING: possible circular locking dependency detected
6.7.0-syzkaller-12263-gdbc153fd3c14 #0 Not tainted
------------------------------------------------------
syz-executor.3/23939 is trying to acquire lock:
ffff888044c090d0 (&priv->j1939_socks_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff888044c090d0 (&priv->j1939_socks_lock){+.-.}-{2:2}, at: j1939_sk_errqueue+0xaa/0x1a0 net/can/j1939/socket.c:1083

but task is already holding lock:
ffff888044c09088 (&priv->active_session_list_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff888044c09088 (&priv->active_session_list_lock){+.-.}-{2:2}, at: j1939_session_list_lock net/can/j1939/transport.c:238 [inline]
ffff888044c09088 (&priv->active_session_list_lock){+.-.}-{2:2}, at: j1939_cancel_active_session+0x41/0x360 net/can/j1939/transport.c:2183

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&priv->active_session_list_lock){+.-.}-{2:2}:
       __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
       _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
       spin_lock_bh include/linux/spinlock.h:356 [inline]
       j1939_session_list_lock net/can/j1939/transport.c:238 [inline]
       j1939_session_activate+0x4b/0x4a0 net/can/j1939/transport.c:1564
       j1939_sk_queue_activate_next_locked net/can/j1939/socket.c:181 [inline]
       j1939_sk_queue_activate_next+0x2bc/0x4d0 net/can/j1939/socket.c:208
       j1939_session_deactivate_activate_next net/can/j1939/transport.c:1108 [inline]
       j1939_tp_rxtimer+0x350/0x500 net/can/j1939/transport.c:1236
       __run_hrtimer kernel/time/hrtimer.c:1688 [inline]
       __hrtimer_run_queues+0x203/0xc20 kernel/time/hrtimer.c:1752
       hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1769
       __do_softirq+0x21a/0x8de kernel/softirq.c:553
       invoke_softirq kernel/softirq.c:427 [inline]
       __irq_exit_rcu kernel/softirq.c:632 [inline]
       irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
       sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076
       asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
       __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
       _raw_spin_unlock_irqrestore+0x31/0x70 kernel/locking/spinlock.c:194
       debug_object_deactivate+0x1ec/0x370 lib/debugobjects.c:778
       debug_rcu_head_unqueue kernel/rcu/rcu.h:239 [inline]
       debug_rcu_bhead_unqueue kernel/rcu/tree.c:2908 [inline]
       kvfree_rcu_bulk+0x12c/0x550 kernel/rcu/tree.c:2985
       kvfree_rcu_drain_ready kernel/rcu/tree.c:3166 [inline]
       kfree_rcu_monitor+0x47b/0x12d0 kernel/rcu/tree.c:3184
       process_one_work+0x886/0x15d0 kernel/workqueue.c:2633
       process_scheduled_works kernel/workqueue.c:2706 [inline]
       worker_thread+0x8b9/0x1290 kernel/workqueue.c:2787
       kthread+0x2c6/0x3a0 kernel/kthread.c:388
       ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242

-> #1 (&jsk->sk_session_queue_lock){+.-.}-{2:2}:
       __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
       _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
       spin_lock_bh include/linux/spinlock.h:356 [inline]
       j1939_sk_queue_drop_all+0x3b/0x2f0 net/can/j1939/socket.c:139
       j1939_sk_netdev_event_netdown+0x7f/0x160 net/can/j1939/socket.c:1282
       j1939_netdev_notify+0x1a2/0x1d0 net/can/j1939/main.c:381
       notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
       call_netdevice_notifiers_info+0xbe/0x130 net/core/dev.c:1966
       call_netdevice_notifiers_extack net/core/dev.c:2004 [inline]
       call_netdevice_notifiers net/core/dev.c:2018 [inline]
       __dev_notify_flags+0x1f5/0x2e0 net/core/dev.c:8689
       dev_change_flags+0x10c/0x160 net/core/dev.c:8725
       do_setlink+0x1aac/0x4080 net/core/rtnetlink.c:2903
       rtnl_group_changelink net/core/rtnetlink.c:3452 [inline]
       __rtnl_newlink+0xe04/0x1940 net/core/rtnetlink.c:3711
       rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3748
       rtnetlink_rcv_msg+0x3c7/0xe00 net/core/rtnetlink.c:6615
       netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2543
       netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
       netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367
       netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1908
       sock_sendmsg_nosec net/socket.c:730 [inline]
       __sock_sendmsg+0xd5/0x180 net/socket.c:745
       ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584
       ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638
       __sys_sendmsg+0x117/0x1e0 net/socket.c:2667
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

-> #0 (&priv->j1939_socks_lock){+.-.}-{2:2}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3869 [inline]
       __lock_acquire+0x2445/0x3b30 kernel/locking/lockdep.c:5137
       lock_acquire kernel/locking/lockdep.c:5754 [inline]
       lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719
       __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
       _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
       spin_lock_bh include/linux/spinlock.h:356 [inline]
       j1939_sk_errqueue+0xaa/0x1a0 net/can/j1939/socket.c:1083
       j1939_session_destroy+0x276/0x4f0 net/can/j1939/transport.c:271
       __j1939_session_release net/can/j1939/transport.c:294 [inline]
       kref_put include/linux/kref.h:65 [inline]
       j1939_session_put net/can/j1939/transport.c:299 [inline]
       j1939_session_deactivate_locked+0x28e/0x330 net/can/j1939/transport.c:1086
       j1939_cancel_active_session+0x183/0x360 net/can/j1939/transport.c:2194
       j1939_netdev_notify+0x19a/0x1d0 net/can/j1939/main.c:380
       notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
       call_netdevice_notifiers_info+0xbe/0x130 net/core/dev.c:1966
       call_netdevice_notifiers_extack net/core/dev.c:2004 [inline]
       call_netdevice_notifiers net/core/dev.c:2018 [inline]
       __dev_notify_flags+0x1f5/0x2e0 net/core/dev.c:8689
       dev_change_flags+0x10c/0x160 net/core/dev.c:8725
       do_setlink+0x1aac/0x4080 net/core/rtnetlink.c:2903
       rtnl_group_changelink net/core/rtnetlink.c:3452 [inline]
       __rtnl_newlink+0xe04/0x1940 net/core/rtnetlink.c:3711
       rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3748
       rtnetlink_rcv_msg+0x3c7/0xe00 net/core/rtnetlink.c:6615
       netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2543
       netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
       netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367
       netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1908
       sock_sendmsg_nosec net/socket.c:730 [inline]
       __sock_sendmsg+0xd5/0x180 net/socket.c:745
       ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584
       ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638
       __sys_sendmsg+0x117/0x1e0 net/socket.c:2667
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

other info that might help us debug this:

Chain exists of:
  &priv->j1939_socks_lock --> &jsk->sk_session_queue_lock --> &priv->active_session_list_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&priv->active_session_list_lock);
                               lock(&jsk->sk_session_queue_lock);
                               lock(&priv->active_session_list_lock);
  lock(&priv->j1939_socks_lock);

 *** DEADLOCK ***

2 locks held by syz-executor.3/23939:
 #0: ffffffff8ecbc728 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8ecbc728 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xe00 net/core/rtnetlink.c:6612
 #1: ffff888044c09088 (&priv->active_session_list_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
 #1: ffff888044c09088 (&priv->active_session_list_lock){+.-.}-{2:2}, at: j1939_session_list_lock net/can/j1939/transport.c:238 [inline]
 #1: ffff888044c09088 (&priv->active_session_list_lock){+.-.}-{2:2}, at: j1939_cancel_active_session+0x41/0x360 net/can/j1939/transport.c:2183

stack backtrace:
CPU: 0 PID: 23939 Comm: syz-executor.3 Not tainted 6.7.0-syzkaller-12263-gdbc153fd3c14 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
 check_noncircular+0x317/0x400 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3869 [inline]
 __lock_acquire+0x2445/0x3b30 kernel/locking/lockdep.c:5137
 lock_acquire kernel/locking/lockdep.c:5754 [inline]
 lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:356 [inline]
 j1939_sk_errqueue+0xaa/0x1a0 net/can/j1939/socket.c:1083
 j1939_session_destroy+0x276/0x4f0 net/can/j1939/transport.c:271
 __j1939_session_release net/can/j1939/transport.c:294 [inline]
 kref_put include/linux/kref.h:65 [inline]
 j1939_session_put net/can/j1939/transport.c:299 [inline]
 j1939_session_deactivate_locked+0x28e/0x330 net/can/j1939/transport.c:1086
 j1939_cancel_active_session+0x183/0x360 net/can/j1939/transport.c:2194
 j1939_netdev_notify+0x19a/0x1d0 net/can/j1939/main.c:380
 notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
 call_netdevice_notifiers_info+0xbe/0x130 net/core/dev.c:1966
 call_netdevice_notifiers_extack net/core/dev.c:2004 [inline]
 call_netdevice_notifiers net/core/dev.c:2018 [inline]
 __dev_notify_flags+0x1f5/0x2e0 net/core/dev.c:8689
 dev_change_flags+0x10c/0x160 net/core/dev.c:8725
 do_setlink+0x1aac/0x4080 net/core/rtnetlink.c:2903
 rtnl_group_changelink net/core/rtnetlink.c:3452 [inline]
 __rtnl_newlink+0xe04/0x1940 net/core/rtnetlink.c:3711
 rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3748
 rtnetlink_rcv_msg+0x3c7/0xe00 net/core/rtnetlink.c:6615
 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0xd5/0x180 net/socket.c:745
 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638
 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f9d2367cda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9d244340c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f9d237abf80 RCX: 00007f9d2367cda9
RDX: 0000000000000000 RSI: 0000000020006440 RDI: 0000000000000006
RBP: 00007f9d236c947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f9d237abf80 R15: 00007fff58eedf88
 </TASK>