======================================================
WARNING: possible circular locking dependency detected
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Not tainted
------------------------------------------------------
kworker/u4:15/10527 is trying to acquire lock:
ffff0001031720e8 ((work_completion)(&(&cp->cp_send_w)->work)){+.+.}-{0:0}, at: __flush_work+0x74/0x144 kernel/workqueue.c:3069

but task is already holding lock:
ffff0001042fbe70 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1712 [inline]
ffff0001042fbe70 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: rds_tcp_reset_callbacks+0xd8/0x188 net/rds/tcp.c:169

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (k-sk_lock-AF_INET6){+.+.}-{0:0}:
       lock_sock_nested+0x70/0xd8 net/core/sock.c:3393
       lock_sock include/net/sock.h:1712 [inline]
       tcp_sock_set_cork+0x2c/0xc8 net/ipv4/tcp.c:3337
       rds_tcp_xmit_path_prepare+0x2c/0x3c net/rds/tcp_send.c:45
       rds_send_xmit+0x120/0xfcc net/rds/send.c:194
       rds_send_worker+0x50/0x1cc net/rds/threads.c:200
       process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
       worker_thread+0x340/0x610 kernel/workqueue.c:2436
       kthread+0x12c/0x158 kernel/kthread.c:376
       ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

-> #0 ((work_completion)(&(&cp->cp_send_w)->work)){+.+.}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3095 [inline]
       check_prevs_add kernel/locking/lockdep.c:3214 [inline]
       validate_chain kernel/locking/lockdep.c:3829 [inline]
       __lock_acquire+0x1530/0x30a4 kernel/locking/lockdep.c:5053
       lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
       __flush_work+0x9c/0x144 kernel/workqueue.c:3069
       __cancel_work_timer+0x1c4/0x2ac kernel/workqueue.c:3160
       cancel_delayed_work_sync+0x24/0x38 kernel/workqueue.c:3301
       rds_tcp_reset_callbacks+0xe0/0x188 net/rds/tcp.c:171
       rds_tcp_accept_one+0x2e0/0x3a4 net/rds/tcp_listen.c:203
       rds_tcp_accept_worker+0x20/0x7c net/rds/tcp.c:529
       process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
       worker_thread+0x340/0x610 kernel/workqueue.c:2436
       kthread+0x12c/0x158 kernel/kthread.c:376
       ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(k-sk_lock-AF_INET6);
                               lock((work_completion)(&(&cp->cp_send_w)->work));
                               lock(k-sk_lock-AF_INET6);
  lock((work_completion)(&(&cp->cp_send_w)->work));

 *** DEADLOCK ***

4 locks held by kworker/u4:15/10527:
 #0: ffff0000c7900538 ((wq_completion)krdsd){+.+.}-{0:0}, at: process_one_work+0x270/0x504 kernel/workqueue.c:2262
 #1: ffff800015e9bd80 ((work_completion)(&rtn->rds_tcp_accept_w)){+.+.}-{0:0}, at: process_one_work+0x29c/0x504 kernel/workqueue.c:2264
 #2: ffff00010a2151c8 (&tc->t_conn_path_lock){+.+.}-{3:3}, at: rds_tcp_accept_one+0x290/0x3a4 net/rds/tcp_listen.c:195
 #3: ffff0001042fbe70 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1712 [inline]
 #3: ffff0001042fbe70 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: rds_tcp_reset_callbacks+0xd8/0x188 net/rds/tcp.c:169

stack backtrace:
CPU: 0 PID: 10527 Comm: kworker/u4:15 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Workqueue: krdsd rds_tcp_accept_worker
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 print_circular_bug+0x2c4/0x2c8 kernel/locking/lockdep.c:2053
 check_noncircular+0x14c/0x154 kernel/locking/lockdep.c:2175
 check_prev_add kernel/locking/lockdep.c:3095 [inline]
 check_prevs_add kernel/locking/lockdep.c:3214 [inline]
 validate_chain kernel/locking/lockdep.c:3829 [inline]
 __lock_acquire+0x1530/0x30a4 kernel/locking/lockdep.c:5053
 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
 __flush_work+0x9c/0x144 kernel/workqueue.c:3069
 __cancel_work_timer+0x1c4/0x2ac kernel/workqueue.c:3160
 cancel_delayed_work_sync+0x24/0x38 kernel/workqueue.c:3301
 rds_tcp_reset_callbacks+0xe0/0x188 net/rds/tcp.c:171
 rds_tcp_accept_one+0x2e0/0x3a4 net/rds/tcp_listen.c:203
 rds_tcp_accept_worker+0x20/0x7c net/rds/tcp.c:529
 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
 worker_thread+0x340/0x610 kernel/workqueue.c:2436
 kthread+0x12c/0x158 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860