program: r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0x4030582b, 0x0) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x4) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x64180, 0x0) r3 = perf_event_open(&(0x7f00000000c0)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r4, &(0x7f0000001340)=[{&(0x7f0000000a40)='e', 0x1}], 0x1) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071113b00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) r5 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0xb]}}]}}]}, 0x8c}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r9, 0x1, 0x70bd2a, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x224e}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="200000000000000084b995ff0100000004000091400000000d00000002c6e0ca28b6df18e86aa62bed387ca4aa2e95356b69cdbe73326301ce0e66fe592dd109a246521b99900d70d2a205c1fa3abd8f2070e8db86f87e2c1e710aeaa2695d6815d59e2700fc44e0ffc5991d41a802b63a34fd02b749bb403344e6446a0a5ce0844f1f107c09f43b62200eeba6eb3a94f28100cea3f7bc0dbbe98f103dc8eaafff5ae292dfda87767a24c2a93689466e8cbb589c76b43561d62bb8f66649083150a2128da6da59f1aaced0a79da2c3f3d62914fbae1b4a1909f70258499e039837cd8652e370363b6cef8b2d70ddab2aa7a3834757339a1a418d2a370c9046eab2", @ANYRESDEC=r3], 0x20}, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r10) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r10, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r11 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r11, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r10, 0x0, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) r13 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newchain={0xa0, 0x64, 0x400, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r14, {0x10, 0xfff3}, {0x7, 0xffff}, {0xffff, 0xfffe}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4c, 0x2, [@TCA_BPF_ACT={0x48, 0x1, [@m_csum={0x44, 0xa, 0x0, 0x0, {{0x9}, {0x4}, {0x17, 0x6, "1122b5b53fcfd1287f968cc46672cde0993b76"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x7}}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}, @TCA_RATE={0x6, 0x5, {0x3, 0xe}}, @TCA_RATE={0x6, 0x5, {0x3, 0xc}}, @TCA_RATE={0x6, 0x5, {0x3, 0x40}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x404}, 0x801) socket$inet6_tcp(0xa, 0x1, 0x0) [ 89.227527][ T5095] Bluetooth: hci0: command tx timeout [ 89.348478][ C0] [ 89.349512][ C0] ============================================ [ 89.351876][ C0] WARNING: possible recursive locking detected [ 89.354275][ C0] 6.11.0-rc7-syzkaller #0 Not tainted [ 89.356218][ C0] -------------------------------------------- [ 89.358398][ C0] syz.0.0/5111 is trying to acquire lock: [ 89.360360][ C0] ffff888011901958 (k-slock-AF_INET){+.-.}-{2:2}, at: sk_clone_lock+0x2cd/0xf40 [ 89.363649][ C0] [ 89.363649][ C0] but task is already holding lock: [ 89.366282][ C0] ffff888034fff018 (k-slock-AF_INET){+.-.}-{2:2}, at: sk_clone_lock+0x2cd/0xf40 [ 89.369533][ C0] [ 89.369533][ C0] other info that might help us debug this: [ 89.372311][ C0] Possible unsafe locking scenario: [ 89.372311][ C0] [ 89.375066][ C0] CPU0 [ 89.376456][ C0] ---- [ 89.377879][ C0] lock(k-slock-AF_INET); [ 89.379671][ C0] lock(k-slock-AF_INET); [ 89.381424][ C0] [ 89.381424][ C0] *** DEADLOCK *** [ 89.381424][ C0] [ 89.384467][ C0] May be due to missing lock nesting notation [ 89.384467][ C0] [ 89.387609][ C0] 7 locks held by syz.0.0/5111: [ 89.389601][ C0] #0: ffff888011900e18 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_stream_connect+0x50/0xa0 [ 89.393375][ C0] #1: ffff888034ffe458 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_connect+0x501/0x920 [ 89.397119][ C0] #2: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: __ip_queue_xmit+0x5f/0x1b80 [ 89.400943][ C0] #3: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ip_finish_output2+0x45f/0x1390 [ 89.404737][ C0] #4: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: process_backlog+0x33b/0x15b0 [ 89.408529][ C0] #5: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ip_local_deliver_finish+0x230/0x5f0 [ 89.412467][ C0] #6: ffff888034fff018 (k-slock-AF_INET){+.-.}-{2:2}, at: sk_clone_lock+0x2cd/0xf40 [ 89.416290][ C0] [ 89.416290][ C0] stack backtrace: [ 89.418739][ C0] CPU: 0 UID: 0 PID: 5111 Comm: syz.0.0 Not tainted 6.11.0-rc7-syzkaller #0 [ 89.422178][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.426350][ C0] Call Trace: [ 89.427682][ C0] [ 89.428831][ C0] dump_stack_lvl+0x241/0x360 [ 89.430719][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.432741][ C0] ? print_deadlock_bug+0x479/0x620 [ 89.434792][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 89.437187][ C0] validate_chain+0x15d3/0x5900 [ 89.439152][ C0] ? mark_lock+0x9a/0x350 [ 89.440915][ C0] ? __pfx_validate_chain+0x10/0x10 [ 89.442956][ C0] ? __lock_acquire+0x137a/0x2040 [ 89.444946][ C0] ? look_up_lock_class+0x77/0x160 [ 89.446998][ C0] ? register_lock_class+0x102/0x980 [ 89.449090][ C0] ? __pfx_register_lock_class+0x10/0x10 [ 89.451321][ C0] ? mark_lock+0x9a/0x350 [ 89.453106][ C0] ? mark_lock+0x9a/0x350 [ 89.454853][ C0] __lock_acquire+0x137a/0x2040 [ 89.456805][ C0] lock_acquire+0x1ed/0x550 [ 89.458667][ C0] ? sk_clone_lock+0x2cd/0xf40 [ 89.460564][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 89.462532][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 89.464875][ C0] ? sock_lock_init+0x3cd/0x7f0 [ 89.466834][ C0] _raw_spin_lock+0x2e/0x40 [ 89.468577][ C0] ? sk_clone_lock+0x2cd/0xf40 [ 89.470450][ C0] sk_clone_lock+0x2cd/0xf40 [ 89.472299][ C0] mptcp_sk_clone_init+0x32/0x13c0 [ 89.474334][ C0] ? __pfx_tcp_v4_syn_recv_sock+0x10/0x10 [ 89.476555][ C0] subflow_syn_recv_sock+0x931/0x1920 [ 89.478661][ C0] ? __pfx_subflow_syn_recv_sock+0x10/0x10 [ 89.480936][ C0] tcp_check_req+0xfe4/0x1a20 [ 89.482768][ C0] ? __pfx_tcp_check_req+0x10/0x10 [ 89.484698][ C0] ? tcp_v4_rcv+0x1987/0x37f0 [ 89.486506][ C0] tcp_v4_rcv+0x1c3e/0x37f0 [ 89.488291][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 89.490178][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 89.492081][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 89.493962][ C0] ip_protocol_deliver_rcu+0x22e/0x440 [ 89.496190][ C0] ? ip_local_deliver_finish+0x230/0x5f0 [ 89.498471][ C0] ip_local_deliver_finish+0x341/0x5f0 [ 89.500620][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 89.502938][ C0] NF_HOOK+0x3a4/0x450 [ 89.504543][ C0] ? NF_HOOK+0x9a/0x450 [ 89.506048][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 89.507727][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 89.510002][ C0] ? ip_rcv_finish+0x406/0x560 [ 89.511780][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 89.513801][ C0] NF_HOOK+0x3a4/0x450 [ 89.515346][ C0] ? __lock_acquire+0x137a/0x2040 [ 89.517427][ C0] ? NF_HOOK+0x9a/0x450 [ 89.519039][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 89.520787][ C0] ? ip_rcv_core+0x801/0xd10 [ 89.522597][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 89.524585][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 89.526392][ C0] __netif_receive_skb+0x2bf/0x650 [ 89.528365][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 89.530366][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 89.532467][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 89.534751][ C0] ? __pfx_lock_release+0x10/0x10 [ 89.536606][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 89.538579][ C0] process_backlog+0x662/0x15b0 [ 89.540420][ C0] ? process_backlog+0x33b/0x15b0 [ 89.542377][ C0] ? __pfx_process_backlog+0x10/0x10 [ 89.544409][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 89.546605][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 89.549024][ C0] __napi_poll+0xcb/0x490 [ 89.550851][ C0] net_rx_action+0x89b/0x1240 [ 89.552600][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 89.554596][ C0] ? do_softirq+0x11b/0x1e0 [ 89.556373][ C0] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 89.558580][ C0] ? lockdep_softirqs_on+0x334/0x5a0 [ 89.560639][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 89.563039][ C0] handle_softirqs+0x2c4/0x970 [ 89.564724][ C0] ? do_softirq+0x11b/0x1e0 [ 89.566321][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 89.568309][ C0] do_softirq+0x11b/0x1e0 [ 89.569982][ C0] [ 89.571149][ C0] [ 89.572301][ C0] ? __pfx_do_softirq+0x10/0x10 [ 89.574135][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 89.576229][ C0] ? rcu_is_watching+0x15/0xb0 [ 89.578101][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 89.580066][ C0] ? dev_hard_start_xmit+0x773/0x7e0 [ 89.582178][ C0] ? __dev_queue_xmit+0x2da/0x3e90 [ 89.584075][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 89.586308][ C0] ? __dev_queue_xmit+0x2da/0x3e90 [ 89.588302][ C0] __dev_queue_xmit+0x1763/0x3e90 [ 89.590261][ C0] ? __dev_queue_xmit+0x2da/0x3e90 [ 89.592202][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 89.594058][ C0] ? mark_lock+0x9a/0x350 [ 89.595547][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 89.597637][ C0] ? ip_finish_output2+0xa14/0x1390 [ 89.599513][ C0] ? ip_finish_output2+0x45f/0x1390 [ 89.601345][ C0] ip_finish_output2+0xd41/0x1390 [ 89.603149][ C0] ? ip_finish_output2+0x45f/0x1390 [ 89.605018][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 89.606960][ C0] ? ip_skb_dst_mtu+0x6ba/0x9b0 [ 89.608657][ C0] ? __ip_finish_output+0x349/0x400 [ 89.610508][ C0] __ip_queue_xmit+0x118c/0x1b80 [ 89.612416][ C0] ? __pfx_mptcp_write_options+0x10/0x10 [ 89.614600][ C0] ? __ip_queue_xmit+0x5f/0x1b80 [ 89.616513][ C0] ? __pfx_ip_queue_xmit+0x10/0x10 [ 89.618517][ C0] __tcp_transmit_skb+0x2544/0x3b30 [ 89.620509][ C0] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 89.622632][ C0] ? __tcp_send_ack+0x17e/0x600 [ 89.624482][ C0] tcp_rcv_state_process+0x2c32/0x4570 [ 89.626574][ C0] ? down_read_trylock+0xb8/0x3c0 [ 89.628577][ C0] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 89.630851][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 89.632945][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 89.635040][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 89.637215][ C0] ? __release_sock+0x9a/0x350 [ 89.639037][ C0] tcp_v4_do_rcv+0x77d/0xc70 [ 89.640863][ C0] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 89.642870][ C0] __release_sock+0x214/0x350 [ 89.644611][ C0] release_sock+0x61/0x1f0 [ 89.646342][ C0] mptcp_connect+0x68b/0x920 [ 89.648121][ C0] __inet_stream_connect+0x262/0xf30 [ 89.650119][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 89.652457][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 89.654588][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 89.656611][ C0] ? __pfx___inet_stream_connect+0x10/0x10 [ 89.658910][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 89.661080][ C0] ? inet_stream_connect+0x50/0xa0 [ 89.663033][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 89.665271][ C0] inet_stream_connect+0x65/0xa0 [ 89.667190][ C0] __sys_connect+0x2df/0x310 [ 89.668948][ C0] ? __pfx___sys_connect+0x10/0x10 [ 89.670987][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 89.673528][ C0] ? do_syscall_64+0x100/0x230 [ 89.675428][ C0] __x64_sys_connect+0x7a/0x90 [ 89.677349][ C0] do_syscall_64+0xf3/0x230 [ 89.679173][ C0] ? clear_bhb_loop+0x35/0x90 [ 89.681054][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.683342][ C0] RIP: 0033:0x7f3050f7cef9 [ 89.685106][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.692594][ C0] RSP: 002b:00007f3050dff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 89.695869][ C0] RAX: ffffffffffffffda RBX: 00007f3051135f80 RCX: 00007f3050f7cef9 [ 89.698785][ C0] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 000000000000000c [ 89.701884][ C0] RBP: 00007f3050fef046 R08: 0000000000000000 R09: 0000000000000000 [ 89.704912][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.707903][ C0] R13: 0000000000000000 R14: 00007f3051135f80 R15: 00007ffdf4f797c8 [ 89.710844][ C0]