In the Linux kernel, the following vulnerability has been resolved:

net/rds: Fix circular locking dependency in rdstcptune

syzbot reported a circular locking dependency in rdstcptune() where sknetrefcnt_upgrade() is called while holding the socket lock:

======================================================

WARNING: possible circular locking dependency detected

kworker/u10:8/15040 is trying to acquire lock: ffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0}, at: __kmalloccachenoprof+0x4b/0x6f0

but task is already holding lock: ffff88805a3c1ce0 (k-sklock-AFINET6){+.+.}-{0:0}, at: rdstcptune+0xd7/0x930

The issue occurs because sknetrefcntupgrade() performs memory allocation (via getnettrack() -> reftrackeralloc()) while the socket lock is held, creating a circular dependency with fsreclaim.

Fix this by moving sknetrefcntupgrade() outside the socket lock critical section. This is safe because the fields modified by the sknetrefcntupgrade() call (sknetrefcnt, ns_tracker) are not accessed by any concurrent code path at this point.

v2: - Corrected fixes tag - check patch line wrap nits - ai commentary nits