program: r0 = socket$inet6(0xa, 0x1, 0x100) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000800) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x20, 0x1410, 0x8b7fbbc5948fecd9, 0x70bd29, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4040080) syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c) [ 81.359383][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 81.366168][ T4667] Bluetooth: hci0: command tx timeout [ 81.380032][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 81.437128][ T789] cfg80211: failed to load regulatory.db [ 81.512396][ T5321] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 81.518354][ T5321] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 81.551687][ T5321] [ 81.552706][ T5321] ====================================================== [ 81.555467][ T5321] WARNING: possible circular locking dependency detected [ 81.558158][ T5321] 6.13.0-rc5-syzkaller-00006-g56e6a3499e14 #0 Not tainted [ 81.561134][ T5321] ------------------------------------------------------ [ 81.563642][ T5321] syz.0.0/5321 is trying to acquire lock: [ 81.565756][ T5321] ffffffff8fcb2b88 (rtnl_mutex){+.+.}-{4:4}, at: smc_vlan_by_tcpsk+0x399/0x4e0 [ 81.569261][ T5321] [ 81.569261][ T5321] but task is already holding lock: [ 81.571987][ T5321] ffff888036bd8258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: smc_connect+0xb7/0xde0 [ 81.575088][ T5321] [ 81.575088][ T5321] which lock already depends on the new lock. [ 81.575088][ T5321] [ 81.578763][ T5321] [ 81.578763][ T5321] the existing dependency chain (in reverse order) is: [ 81.582209][ T5321] [ 81.582209][ T5321] -> #2 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 81.585031][ T5321] lock_acquire+0x1ed/0x550 [ 81.586950][ T5321] lock_sock_nested+0x48/0x100 [ 81.589031][ T5321] sock_set_reuseaddr+0x17/0x60 [ 81.591037][ T5321] siw_create_listen+0x196/0xfe0 [ 81.593110][ T5321] iw_cm_listen+0x15e/0x230 [ 81.595012][ T5321] rdma_listen+0x941/0xd60 [ 81.596905][ T5321] cma_listen_on_dev+0x3e3/0x6f0 [ 81.598929][ T5321] cma_add_one+0x7d7/0xcd0 [ 81.600748][ T5321] add_client_context+0x536/0x8b0 [ 81.602781][ T5321] enable_device_and_get+0x1e6/0x440 [ 81.604980][ T5321] ib_register_device+0x10d4/0x13e0 [ 81.607012][ T5321] siw_newlink+0x9d9/0xe50 [ 81.608882][ T5321] nldev_newlink+0x5c0/0x640 [ 81.610707][ T5321] rdma_nl_rcv+0x6dd/0x9e0 [ 81.612540][ T5321] netlink_unicast+0x7f6/0x990 [ 81.614518][ T5321] netlink_sendmsg+0x8e4/0xcb0 [ 81.616573][ T5321] __sock_sendmsg+0x221/0x270 [ 81.618329][ T5321] ____sys_sendmsg+0x52a/0x7e0 [ 81.620286][ T5321] __sys_sendmsg+0x269/0x350 [ 81.622231][ T5321] do_syscall_64+0xf3/0x230 [ 81.624116][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.626656][ T5321] [ 81.626656][ T5321] -> #1 (lock#8){+.+.}-{4:4}: [ 81.629348][ T5321] lock_acquire+0x1ed/0x550 [ 81.631224][ T5321] __mutex_lock+0x1ac/0xee0 [ 81.633120][ T5321] cma_init+0x1e/0x140 [ 81.634712][ T5321] do_one_initcall+0x248/0x870 [ 81.636633][ T5321] do_initcall_level+0x157/0x210 [ 81.638665][ T5321] do_initcalls+0x3f/0x80 [ 81.640446][ T5321] kernel_init_freeable+0x435/0x5d0 [ 81.642457][ T5321] kernel_init+0x1d/0x2b0 [ 81.644136][ T5321] ret_from_fork+0x4b/0x80 [ 81.645926][ T5321] ret_from_fork_asm+0x1a/0x30 [ 81.647906][ T5321] [ 81.647906][ T5321] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 81.650863][ T5321] validate_chain+0x18ef/0x5920 [ 81.652960][ T5321] __lock_acquire+0x1397/0x2100 [ 81.654894][ T5321] lock_acquire+0x1ed/0x550 [ 81.657273][ T5321] __mutex_lock+0x1ac/0xee0 [ 81.659217][ T5321] smc_vlan_by_tcpsk+0x399/0x4e0 [ 81.661235][ T5321] __smc_connect+0x292/0x1850 [ 81.663242][ T5321] smc_connect+0x868/0xde0 [ 81.665153][ T5321] __sys_connect+0x288/0x2d0 [ 81.667187][ T5321] __x64_sys_connect+0x7a/0x90 [ 81.669242][ T5321] do_syscall_64+0xf3/0x230 [ 81.671201][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.673689][ T5321] [ 81.673689][ T5321] other info that might help us debug this: [ 81.673689][ T5321] [ 81.677531][ T5321] Chain exists of: [ 81.677531][ T5321] rtnl_mutex --> lock#8 --> sk_lock-AF_INET6 [ 81.677531][ T5321] [ 81.682066][ T5321] Possible unsafe locking scenario: [ 81.682066][ T5321] [ 81.684946][ T5321] CPU0 CPU1 [ 81.687098][ T5321] ---- ---- [ 81.689280][ T5321] lock(sk_lock-AF_INET6); [ 81.691063][ T5321] lock(lock#8); [ 81.693539][ T5321] lock(sk_lock-AF_INET6); [ 81.696238][ T5321] lock(rtnl_mutex); [ 81.697804][ T5321] [ 81.697804][ T5321] *** DEADLOCK *** [ 81.697804][ T5321] [ 81.700931][ T5321] 1 lock held by syz.0.0/5321: [ 81.702737][ T5321] #0: ffff888036bd8258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: smc_connect+0xb7/0xde0 [ 81.705989][ T5321] [ 81.705989][ T5321] stack backtrace: [ 81.708171][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller-00006-g56e6a3499e14 #0 [ 81.711918][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.715853][ T5321] Call Trace: [ 81.717154][ T5321] [ 81.718305][ T5321] dump_stack_lvl+0x241/0x360 [ 81.720071][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.721965][ T5321] ? __pfx__printk+0x10/0x10 [ 81.723743][ T5321] print_circular_bug+0x13a/0x1b0 [ 81.725684][ T5321] check_noncircular+0x36a/0x4a0 [ 81.727551][ T5321] ? __pfx_check_noncircular+0x10/0x10 [ 81.729592][ T5321] ? lockdep_lock+0x123/0x2b0 [ 81.731296][ T5321] ? __pfx_validate_chain+0x10/0x10 [ 81.733227][ T5321] validate_chain+0x18ef/0x5920 [ 81.735047][ T5321] ? __pfx_validate_chain+0x10/0x10 [ 81.736920][ T5321] ? mark_lock+0x9a/0x360 [ 81.738599][ T5321] ? __lock_acquire+0x1397/0x2100 [ 81.740582][ T5321] ? mark_lock+0x9a/0x360 [ 81.742217][ T5321] __lock_acquire+0x1397/0x2100 [ 81.744048][ T5321] lock_acquire+0x1ed/0x550 [ 81.745810][ T5321] ? smc_vlan_by_tcpsk+0x399/0x4e0 [ 81.747769][ T5321] ? __pfx_lock_acquire+0x10/0x10 [ 81.749681][ T5321] ? __pfx___might_resched+0x10/0x10 [ 81.751527][ T5321] ? __lock_acquire+0x1397/0x2100 [ 81.753299][ T5321] __mutex_lock+0x1ac/0xee0 [ 81.754976][ T5321] ? smc_vlan_by_tcpsk+0x399/0x4e0 [ 81.756953][ T5321] ? smc_vlan_by_tcpsk+0x399/0x4e0 [ 81.758874][ T5321] ? __pfx___mutex_lock+0x10/0x10 [ 81.760826][ T5321] ? __pfx_lock_release+0x10/0x10 [ 81.762699][ T5321] smc_vlan_by_tcpsk+0x399/0x4e0 [ 81.764370][ T5321] ? __pfx_smc_vlan_by_tcpsk+0x10/0x10 [ 81.766402][ T5321] ? __kmalloc_cache_noprof+0x243/0x390 [ 81.768437][ T5321] ? __smc_connect+0x1c3/0x1850 [ 81.770304][ T5321] __smc_connect+0x292/0x1850 [ 81.772163][ T5321] smc_connect+0x868/0xde0 [ 81.773846][ T5321] __sys_connect+0x288/0x2d0 [ 81.775551][ T5321] ? __pfx___sys_connect+0x10/0x10 [ 81.777557][ T5321] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 81.780017][ T5321] ? do_syscall_64+0x100/0x230 [ 81.781806][ T5321] __x64_sys_connect+0x7a/0x90 [ 81.783611][ T5321] do_syscall_64+0xf3/0x230 [ 81.785384][ T5321] ? clear_bhb_loop+0x35/0x90 [ 81.787153][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.789414][ T5321] RIP: 0033:0x7f2971585d29 [ 81.791081][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.798510][ T5321] RSP: 002b:00007f2972490038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 81.801683][ T5321] RAX: ffffffffffffffda RBX: 00007f2971775fa0 RCX: 00007f2971585d29 [ 81.804644][ T5321] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000003 [ 81.807590][ T5321] RBP: 00007f2971601b08 R08: 0000000000000000 R09: 0000000000000000 [ 81.810538][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.813495][ T5321] R13: 0000000000000000 R14: 00007f2971775fa0 R15: 00007fff608f2fc8 [ 81.816490][ T5321]