program: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000004280)={&(0x7f0000004300)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0xd0, 0x16, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x78, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'netdevsim0\x00'}, {0x14, 0x1, 'syzkaller0\x00'}, {0x14, 0x1, 'bond0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7fff}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_batadv\x00'}, {0x14, 0x1, 'vlan1\x00'}]}]}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0xd}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x3}]}}}, {0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}]}]}], {0x14}}, 0x19c}}, 0x4804) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) syz_emit_ethernet(0x4a, &(0x7f0000004180)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd608a35f2001406fffe8000000000000000000000000000bb2001000000000000000000000000000200024e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50070000ac7800007f41633fe071dfbabf8a392c1b944c02b5628c7dff46df283b702392b0896f33888c8e896afaa226b44d4ff636c635c557ce4ee8077dca843cce50a53d17459303fbaade169fedc56f806d42baca533070edef6ec752445d12003cf3efe0c8963403a47bacb5787e9003b2b778b2f16345491e3d33c0a1b3d76b64af64d3575f247d85d170e43adc1f747d1ff015e1c08bf5b84a21b3687820518e2906f4d60b7ed50bc1b660887314"], 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x5ab39b866ce7a721) syz_emit_ethernet(0x6e, &(0x7f00000040c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00006a9ce7f386dd6040000000380600fc000000000000000000000000000003fe8000000000000000000000000000aa4e204e21", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="e1c2000290780005131299d83532f572d63c13bd62a33a588eb6887f0f54131297e79e45ec3b4016a2f0eb471664a226aa63b53c52dc229be834cf27033532a8aa0e026d3cf3c1be9dafb9373fa174330fb7efe614d9d771"], 0x0) read$FUSE(r2, &(0x7f0000002080)={0x2020}, 0x2020) r3 = accept$ax25(r2, &(0x7f0000000040)={{}, [@rose, @null, @bcast, @bcast, @default, @null, @rose]}, &(0x7f0000000100)=0x48) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b3001929da8493e6ff7f0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') read$FUSE(r4, &(0x7f0000000080)={0x2020}, 0x2020) bind(r3, &(0x7f0000000140)=@pppoe={0x18, 0x0, {0x1, @random="f883c8bcb455", 'veth0_to_bridge\x00'}}, 0x80) r5 = socket$inet6(0xa, 0x1, 0x100) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r7, 0x400caed0, &(0x7f0000000040)={[{0x3, 0x81, 0xff, 0x0, 0x0, 0xc5, 0x70, 0x8, 0x7, 0xc, 0xa, 0x19}, {0xfffffffc, 0xf3f, 0xfe, 0x7d, 0x8, 0x4, 0x2, 0x4, 0x2, 0x2, 0x10, 0x42, 0xf000000000000000}, {0x4, 0x4, 0x13, 0xfc, 0x5, 0x7, 0x8, 0xd, 0x2, 0xf4, 0x3, 0xe, 0x7ffffffffffffffc}]}) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c) [ 68.574465][ T4661] Bluetooth: hci0: command tx timeout [ 68.672095][ T5315] [ 68.673081][ T5315] ====================================================== [ 68.675611][ T5315] WARNING: possible circular locking dependency detected [ 68.678169][ T5315] 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 Not tainted [ 68.680850][ T5315] ------------------------------------------------------ [ 68.683554][ T5315] syz.0.0/5315 is trying to acquire lock: [ 68.685686][ T5315] ffffffff8fcb2b08 (rtnl_mutex){+.+.}-{4:4}, at: smc_vlan_by_tcpsk+0x399/0x4e0 [ 68.688913][ T5315] [ 68.688913][ T5315] but task is already holding lock: [ 68.691368][ T5315] ffff88801cdd0258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: smc_connect+0xb7/0xde0 [ 68.694587][ T5315] [ 68.694587][ T5315] which lock already depends on the new lock. [ 68.694587][ T5315] [ 68.698551][ T5315] [ 68.698551][ T5315] the existing dependency chain (in reverse order) is: [ 68.702001][ T5315] [ 68.702001][ T5315] -> #1 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 68.705044][ T5315] lock_acquire+0x1ed/0x550 [ 68.707056][ T5315] lock_sock_nested+0x48/0x100 [ 68.709091][ T5315] do_ipv6_setsockopt+0xbf7/0x3640 [ 68.711378][ T5315] ipv6_setsockopt+0x5d/0x170 [ 68.713253][ T5315] do_sock_setsockopt+0x3af/0x720 [ 68.715250][ T5315] __x64_sys_setsockopt+0x1ee/0x280 [ 68.717554][ T5315] do_syscall_64+0xf3/0x230 [ 68.719537][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.721939][ T5315] [ 68.721939][ T5315] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 68.724828][ T5315] validate_chain+0x18ef/0x5920 [ 68.726643][ T5315] __lock_acquire+0x1397/0x2100 [ 68.728521][ T5315] lock_acquire+0x1ed/0x550 [ 68.730268][ T5315] __mutex_lock+0x1ac/0xee0 [ 68.732149][ T5315] smc_vlan_by_tcpsk+0x399/0x4e0 [ 68.734235][ T5315] __smc_connect+0x292/0x1850 [ 68.736201][ T5315] smc_connect+0x868/0xde0 [ 68.738192][ T5315] __sys_connect+0x288/0x2d0 [ 68.740090][ T5315] __x64_sys_connect+0x7a/0x90 [ 68.741984][ T5315] do_syscall_64+0xf3/0x230 [ 68.743894][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.746314][ T5315] [ 68.746314][ T5315] other info that might help us debug this: [ 68.746314][ T5315] [ 68.749992][ T5315] Possible unsafe locking scenario: [ 68.749992][ T5315] [ 68.752644][ T5315] CPU0 CPU1 [ 68.754560][ T5315] ---- ---- [ 68.756443][ T5315] lock(sk_lock-AF_INET6); [ 68.758069][ T5315] lock(rtnl_mutex); [ 68.760666][ T5315] lock(sk_lock-AF_INET6); [ 68.763224][ T5315] lock(rtnl_mutex); [ 68.764661][ T5315] [ 68.764661][ T5315] *** DEADLOCK *** [ 68.764661][ T5315] [ 68.767730][ T5315] 1 lock held by syz.0.0/5315: [ 68.769527][ T5315] #0: ffff88801cdd0258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: smc_connect+0xb7/0xde0 [ 68.773050][ T5315] [ 68.773050][ T5315] stack backtrace: [ 68.775335][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc4-syzkaller-00004-gf07044dd0df0 #0 [ 68.779310][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.783544][ T5315] Call Trace: [ 68.784848][ T5315] [ 68.786046][ T5315] dump_stack_lvl+0x241/0x360 [ 68.787889][ T5315] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.789839][ T5315] ? __pfx__printk+0x10/0x10 [ 68.791554][ T5315] print_circular_bug+0x13a/0x1b0 [ 68.793375][ T5315] check_noncircular+0x36a/0x4a0 [ 68.795240][ T5315] ? __pfx_check_noncircular+0x10/0x10 [ 68.797341][ T5315] ? lockdep_lock+0x123/0x2b0 [ 68.799223][ T5315] ? __pfx_validate_chain+0x10/0x10 [ 68.801270][ T5315] validate_chain+0x18ef/0x5920 [ 68.803308][ T5315] ? __pfx_validate_chain+0x10/0x10 [ 68.805368][ T5315] ? mark_lock+0x9a/0x360 [ 68.807212][ T5315] ? __lock_acquire+0x1397/0x2100 [ 68.809611][ T5315] ? mark_lock+0x9a/0x360 [ 68.811431][ T5315] __lock_acquire+0x1397/0x2100 [ 68.813290][ T5315] lock_acquire+0x1ed/0x550 [ 68.815085][ T5315] ? smc_vlan_by_tcpsk+0x399/0x4e0 [ 68.817099][ T5315] ? __pfx_lock_acquire+0x10/0x10 [ 68.819034][ T5315] ? __pfx___might_resched+0x10/0x10 [ 68.821128][ T5315] ? __lock_acquire+0x1397/0x2100 [ 68.823110][ T5315] __mutex_lock+0x1ac/0xee0 [ 68.824837][ T5315] ? smc_vlan_by_tcpsk+0x399/0x4e0 [ 68.826875][ T5315] ? smc_vlan_by_tcpsk+0x399/0x4e0 [ 68.828813][ T5315] ? __pfx___mutex_lock+0x10/0x10 [ 68.830570][ T5315] ? __pfx_lock_release+0x10/0x10 [ 68.832508][ T5315] smc_vlan_by_tcpsk+0x399/0x4e0 [ 68.834312][ T5315] ? __pfx_smc_vlan_by_tcpsk+0x10/0x10 [ 68.836409][ T5315] ? __kmalloc_cache_noprof+0x243/0x390 [ 68.838459][ T5315] ? __smc_connect+0x1c3/0x1850 [ 68.840485][ T5315] __smc_connect+0x292/0x1850 [ 68.842313][ T5315] smc_connect+0x868/0xde0 [ 68.844125][ T5315] __sys_connect+0x288/0x2d0 [ 68.846152][ T5315] ? __pfx___sys_connect+0x10/0x10 [ 68.848196][ T5315] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 68.850464][ T5315] ? do_syscall_64+0x100/0x230 [ 68.852235][ T5315] __x64_sys_connect+0x7a/0x90 [ 68.853874][ T5315] do_syscall_64+0xf3/0x230 [ 68.855591][ T5315] ? clear_bhb_loop+0x35/0x90 [ 68.857394][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.859676][ T5315] RIP: 0033:0x7efd51785d29 [ 68.861391][ T5315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.868266][ T5315] RSP: 002b:00007efd5262d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 68.871305][ T5315] RAX: ffffffffffffffda RBX: 00007efd51975fa0 RCX: 00007efd51785d29 [ 68.874363][ T5315] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000007 [ 68.877565][ T5315] RBP: 00007efd51801aa8 R08: 0000000000000000 R09: 0000000000000000 [ 68.880646][ T5315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.883703][ T5315] R13: 0000000000000000 R14: 00007efd51975fa0 R15: 00007ffc23eb9fb8 [ 68.886588][ T5315]