program: r0 = socket$inet6(0xa, 0x1, 0x100) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @match={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x4}, @NFTA_MATCH_NAME={0xa, 0x1, 'quota\x00'}]}}}]}], {0x14, 0x10}}, 0xb0}}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000100)={0x4, {{0xa, 0x4e23, 0x3, @mcast2, 0x9}}, 0x0, 0x2, [{{0xa, 0x4e22, 0xcf, @loopback, 0x5}}, {{0xa, 0x4e21, 0x81, @mcast2, 0x5b4f}}]}, 0x190) [ 76.878694][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.881225][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.883764][ T5305] Bluetooth: hci0: command tx timeout [ 76.946025][ T5319] [ 76.946956][ T5319] ====================================================== [ 76.949383][ T5319] WARNING: possible circular locking dependency detected [ 76.952174][ T5319] 6.13.0-rc1-syzkaller-00378-g62b5a46999c7 #0 Not tainted [ 76.955647][ T5319] ------------------------------------------------------ [ 76.958957][ T5319] syz.0.0/5319 is trying to acquire lock: [ 76.961908][ T5319] ffff88803f261858 (sk_lock-AF_INET6){+.+.}-{0:0}, at: do_ipv6_setsockopt+0xbf7/0x3640 [ 76.966565][ T5319] [ 76.966565][ T5319] but task is already holding lock: [ 76.969246][ T5319] ffffffff8fcafc88 (rtnl_mutex){+.+.}-{4:4}, at: do_ipv6_setsockopt+0x9e8/0x3640 [ 76.972877][ T5319] [ 76.972877][ T5319] which lock already depends on the new lock. [ 76.972877][ T5319] [ 76.976902][ T5319] [ 76.976902][ T5319] the existing dependency chain (in reverse order) is: [ 76.979832][ T5319] [ 76.979832][ T5319] -> #1 (rtnl_mutex){+.+.}-{4:4}: [ 76.982300][ T5319] lock_acquire+0x1ed/0x550 [ 76.983866][ T5319] __mutex_lock+0x1ac/0xee0 [ 76.985457][ T5319] smc_vlan_by_tcpsk+0x399/0x4e0 [ 76.987197][ T5319] __smc_connect+0x292/0x1850 [ 76.989002][ T5319] smc_connect+0x868/0xde0 [ 76.990672][ T5319] __sys_connect+0x288/0x2d0 [ 76.992489][ T5319] __x64_sys_connect+0x7a/0x90 [ 76.994341][ T5319] do_syscall_64+0xf3/0x230 [ 76.996235][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.998672][ T5319] [ 76.998672][ T5319] -> #0 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 77.001413][ T5319] validate_chain+0x18ef/0x5920 [ 77.003202][ T5319] __lock_acquire+0x1397/0x2100 [ 77.005092][ T5319] lock_acquire+0x1ed/0x550 [ 77.006845][ T5319] lock_sock_nested+0x48/0x100 [ 77.008707][ T5319] do_ipv6_setsockopt+0xbf7/0x3640 [ 77.010738][ T5319] ipv6_setsockopt+0x5d/0x170 [ 77.012432][ T5319] dccp_setsockopt+0x17c/0x12c0 [ 77.014218][ T5319] do_sock_setsockopt+0x3af/0x720 [ 77.016285][ T5319] __x64_sys_setsockopt+0x1ee/0x280 [ 77.018383][ T5319] do_syscall_64+0xf3/0x230 [ 77.020251][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.022588][ T5319] [ 77.022588][ T5319] other info that might help us debug this: [ 77.022588][ T5319] [ 77.026284][ T5319] Possible unsafe locking scenario: [ 77.026284][ T5319] [ 77.028977][ T5319] CPU0 CPU1 [ 77.030965][ T5319] ---- ---- [ 77.032807][ T5319] lock(rtnl_mutex); [ 77.034336][ T5319] lock(sk_lock-AF_INET6); [ 77.036813][ T5319] lock(rtnl_mutex); [ 77.039122][ T5319] lock(sk_lock-AF_INET6); [ 77.040883][ T5319] [ 77.040883][ T5319] *** DEADLOCK *** [ 77.040883][ T5319] [ 77.043899][ T5319] 1 lock held by syz.0.0/5319: [ 77.045598][ T5319] #0: ffffffff8fcafc88 (rtnl_mutex){+.+.}-{4:4}, at: do_ipv6_setsockopt+0x9e8/0x3640 [ 77.049020][ T5319] [ 77.049020][ T5319] stack backtrace: [ 77.051121][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00378-g62b5a46999c7 #0 [ 77.054636][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.058529][ T5319] Call Trace: [ 77.059824][ T5319] [ 77.060771][ T5319] dump_stack_lvl+0x241/0x360 [ 77.062226][ T5319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.064261][ T5319] ? __pfx__printk+0x10/0x10 [ 77.066097][ T5319] print_circular_bug+0x13a/0x1b0 [ 77.068062][ T5319] check_noncircular+0x36a/0x4a0 [ 77.069931][ T5319] ? __pfx_validate_chain+0x10/0x10 [ 77.071763][ T5319] ? __pfx_check_noncircular+0x10/0x10 [ 77.073605][ T5319] ? lockdep_lock+0x123/0x2b0 [ 77.075046][ T5319] ? validate_chain+0x11e/0x5920 [ 77.076662][ T5319] ? __pfx_validate_chain+0x10/0x10 [ 77.078429][ T5319] validate_chain+0x18ef/0x5920 [ 77.080233][ T5319] ? __pfx_validate_chain+0x10/0x10 [ 77.082226][ T5319] ? __lock_acquire+0x1397/0x2100 [ 77.084153][ T5319] ? __pfx_validate_chain+0x10/0x10 [ 77.086111][ T5319] ? mark_lock+0x9a/0x360 [ 77.087638][ T5319] ? __lock_acquire+0x1397/0x2100 [ 77.089385][ T5319] ? look_up_lock_class+0x77/0x170 [ 77.091318][ T5319] ? register_lock_class+0x102/0x980 [ 77.093229][ T5319] ? __pfx_register_lock_class+0x10/0x10 [ 77.095210][ T5319] ? mark_lock+0x9a/0x360 [ 77.096844][ T5319] __lock_acquire+0x1397/0x2100 [ 77.098690][ T5319] lock_acquire+0x1ed/0x550 [ 77.100378][ T5319] ? do_ipv6_setsockopt+0xbf7/0x3640 [ 77.102295][ T5319] ? __pfx_lock_acquire+0x10/0x10 [ 77.104406][ T5319] ? __pfx___might_resched+0x10/0x10 [ 77.106560][ T5319] ? do_ipv6_setsockopt+0x9e8/0x3640 [ 77.108339][ T5319] ? __pfx___mutex_lock+0x10/0x10 [ 77.110033][ T5319] lock_sock_nested+0x48/0x100 [ 77.111734][ T5319] ? do_ipv6_setsockopt+0xbf7/0x3640 [ 77.113759][ T5319] do_ipv6_setsockopt+0xbf7/0x3640 [ 77.115438][ T5319] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 77.117224][ T5319] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 77.119090][ T5319] ? __pfx_validate_chain+0x10/0x10 [ 77.121074][ T5319] ? preempt_schedule_thunk+0x1a/0x30 [ 77.123526][ T5319] ? aa_label_sk_perm+0x4f3/0x6c0 [ 77.126242][ T5319] ? try_to_wake_up+0x9c3/0x1470 [ 77.128222][ T5319] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 77.130450][ T5319] ? __pfx___might_resched+0x10/0x10 [ 77.132914][ T5319] ? __lock_acquire+0x1397/0x2100 [ 77.135425][ T5319] ipv6_setsockopt+0x5d/0x170 [ 77.137814][ T5319] dccp_setsockopt+0x17c/0x12c0 [ 77.139889][ T5319] ? __pfx_dccp_setsockopt+0x10/0x10 [ 77.141927][ T5319] ? __pfx_lock_acquire+0x10/0x10 [ 77.143860][ T5319] ? aa_sock_opt_perm+0x79/0x120 [ 77.145726][ T5319] ? sock_common_setsockopt+0x37/0xc0 [ 77.147706][ T5319] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 77.149847][ T5319] do_sock_setsockopt+0x3af/0x720 [ 77.151700][ T5319] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 77.153760][ T5319] ? __fget_files+0x395/0x410 [ 77.155524][ T5319] ? __fget_files+0x2a/0x410 [ 77.157246][ T5319] __x64_sys_setsockopt+0x1ee/0x280 [ 77.159155][ T5319] do_syscall_64+0xf3/0x230 [ 77.160783][ T5319] ? clear_bhb_loop+0x35/0x90 [ 77.162556][ T5319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.164833][ T5319] RIP: 0033:0x7f4663b7fed9 [ 77.166517][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.173461][ T5319] RSP: 002b:00007f4664a27058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 77.176436][ T5319] RAX: ffffffffffffffda RBX: 00007f4663d45fa0 RCX: 00007f4663b7fed9 [ 77.179123][ T5319] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000005 [ 77.182034][ T5319] RBP: 00007f4663bf3cc8 R08: 0000000000000190 R09: 0000000000000000 [ 77.185046][ T5319] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000000 [ 77.187864][ T5319] R13: 0000000000000000 R14: 00007f4663d45fa0 R15: 00007fff8f77b1a8 [ 77.190830][ T5319]