program: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket(0x2b, 0x1, 0x1) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000540)='./file1\x00', 0x8c08, &(0x7f0000000cc0)=ANY=[], 0x1, 0x5c6, &(0x7f0000001280)="$eJzs3F1vHFcZAOAzjl2vXAhIFU2aRuo07UW4iLu7Jo6scpFlPLan3d1ZzYwr5wpVxCkWdkEEJJq73BQqQFxxjXrLL+Af8Gv6G4xmPxJ/b9x8GOjzSPY5u/POOe8Zr+aVRzsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAQJavNZisK3ay/uRWfLlkt8t4Z2yfj/St879/D5ri5A79DFEJU/4RGI1wdvXX1jaexP6p/3QhXRq+uhEbdNMKj19/84YdvzM7UO85FUTgjoVfi4RePfvXp7u72by86kRdgPzr/PutpPyvzrNdZT+OszOOV5eXmBxtrZbyWddPyXlmlvTgp0k6VF/HN5G4IYWUpThfv5Zv99dVON41vJj+OWysrd261m83l+KPFQdopyrz/wUeLZbKRdbs/mAmhjqk332q/E+7UH8SPsyqu0k4vjh/s7G4vTUuyDmo9S1B7WlC72W63Wu12a/n2yu07zWZj/Gl98sZs84hwdJfZi//Q8sq9Fhp/rj8owxeTc9xrL/pcDue1n/ztolMAAAAAXrJoeI09Gl6XvzrsrWXdtHkoZj86ac/Gq0oRAAAAeE7Df+2vjC8AhHA1RMf//wcAAAD+t/3pzHvsQhSFcjAfTW5VGWy9H+116l5n79LorUtHR6zWrkWXx4MMm+XZ8askvR69NQp6axL9zbh5MC2PqCjmosfPnMBsCOFYAuEv4doo5tr9UXt/smU0y8Ja1k0Xk7z7YSt0OpdnqnSr+v3nO38IoSj2L33V712OwoOd3e3FX/x69/4wl8f1KI/3xt+QOPZFicMHYz4cyOV3T+57HK/47uEVzw0vxNSr/qrfWxjN2zy4/pnh3vvH/qSn/wHCl+HtUczbC6N24fD6G/WcrcUTVn8wi9Zg6/358WTjlc+dL4vro5jrN9+rm/dujrfMHciiPS2L9sHjPzoWYeYcWWyelsXBY7F0Rhb7YWd3e+k5swC4KA+OVqFR3Q1P6/+xuvstznJTqntdwqdW919OneXL8O4o5t1rs09r8ZEzenNaXWk+Y10P4eQs/hlu/OPvIWyGG5Pg02psPe9fD1XVaO/reoevj807+bJl2W1H9YtL83u/CW8+/OLRrZ29Tz/b/mz783Z7abn5k2bzdjvMDZcxbs6sPZECBPAdlRbfRAvVH6OiyAY/b62stDrVRhoXefJxXGSr62mc9au0SDY6/fU0HhR5lSd5t+58kq2mZVxuDgZ5UcVreREP8jLbGj75JR4/+qVMe51+lSXloJt2yjRO8n7VSap4NSuTeLD5s25WbqTFcOdykCbZWpZ0qizvx2W+WSTpYhyXaXogMFtN+1W2ltXdfjwosl6nuBd/knc3e2m8mpZJkQ2qfDTgZK6sv5YXveGwixd9sAHgv8TDMH6C3ZNH2Z27ExpTYk6a99jVAwDglTlapecvOiEAAAAAAAAAAAAAAOCYg7fr/XR8U95z3xF4ZqcRXtbI487d10/a9M7LnfS8nRDC7EudYvLgpAtf6f9Hp1F3ZsJFpzF5zuK3HScKIUwP/n4dc1FnJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA43X8CAAD//0Ymj2g=") r2 = open(&(0x7f0000000080)='.\x00', 0x323840, 0x0) getdents64(r2, &(0x7f0000002ec0)=""/4096, 0x1000) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) [ 75.433310][ T4685] Bluetooth: hci0: command tx timeout [ 75.514786][ T5338] loop0: detected capacity change from 0 to 736 [ 75.605738][ T5337] [ 75.606877][ T5337] ====================================================== [ 75.610114][ T5337] WARNING: possible circular locking dependency detected [ 75.613392][ T5337] syzkaller #0 Not tainted [ 75.615496][ T5337] ------------------------------------------------------ [ 75.618501][ T5337] syz.0.0/5337 is trying to acquire lock: [ 75.620976][ T5337] ffff8880426f96d8 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0 [ 75.625906][ T5337] [ 75.625906][ T5337] but task is already holding lock: [ 75.629119][ T5337] ffff8880426f8260 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x255/0x560 [ 75.633064][ T5337] [ 75.633064][ T5337] which lock already depends on the new lock. [ 75.633064][ T5337] [ 75.637664][ T5337] [ 75.637664][ T5337] the existing dependency chain (in reverse order) is: [ 75.641509][ T5337] [ 75.641509][ T5337] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 75.644834][ T5337] lock_sock_nested+0x48/0x100 [ 75.647192][ T5337] smc_listen_out+0x109/0x3e0 [ 75.649601][ T5337] smc_listen_work+0x581/0xf50 [ 75.651955][ T5337] process_scheduled_works+0xad1/0x1770 [ 75.654618][ T5337] worker_thread+0x8a0/0xda0 [ 75.656802][ T5337] kthread+0x711/0x8a0 [ 75.658797][ T5337] ret_from_fork+0x510/0xa50 [ 75.660981][ T5337] ret_from_fork_asm+0x1a/0x30 [ 75.663209][ T5337] [ 75.663209][ T5337] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 75.667584][ T5337] __lock_acquire+0x15a6/0x2cf0 [ 75.669980][ T5337] lock_acquire+0x107/0x340 [ 75.672212][ T5337] __flush_work+0x6b8/0xbc0 [ 75.674442][ T5337] __cancel_work_sync+0xbe/0x110 [ 75.677065][ T5337] smc_clcsock_release+0x60/0xf0 [ 75.679979][ T5337] __smc_release+0x66b/0x7e0 [ 75.682646][ T5337] smc_close_non_accepted+0xd5/0x1f0 [ 75.685573][ T5337] smc_close_active+0xb68/0xf10 [ 75.688310][ T5337] __smc_release+0x8d/0x7e0 [ 75.690906][ T5337] smc_release+0x2ce/0x560 [ 75.693198][ T5337] sock_close+0xc3/0x240 [ 75.695480][ T5337] __fput+0x44c/0xa70 [ 75.697510][ T5337] task_work_run+0x1d4/0x260 [ 75.699878][ T5337] exit_to_user_mode_loop+0xef/0x4e0 [ 75.702777][ T5337] do_syscall_64+0x2c1/0xf80 [ 75.705498][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.708347][ T5337] [ 75.708347][ T5337] other info that might help us debug this: [ 75.708347][ T5337] [ 75.712758][ T5337] Possible unsafe locking scenario: [ 75.712758][ T5337] [ 75.716078][ T5337] CPU0 CPU1 [ 75.718397][ T5337] ---- ---- [ 75.720789][ T5337] lock(sk_lock-AF_SMC/1); [ 75.722812][ T5337] lock((work_completion)(&new_smc->smc_listen_work)); [ 75.726864][ T5337] lock(sk_lock-AF_SMC/1); [ 75.730216][ T5337] lock((work_completion)(&new_smc->smc_listen_work)); [ 75.733417][ T5337] [ 75.733417][ T5337] *** DEADLOCK *** [ 75.733417][ T5337] [ 75.737407][ T5337] 3 locks held by syz.0.0/5337: [ 75.739674][ T5337] #0: ffff888046f6f5c8 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 75.744121][ T5337] #1: ffff8880426f8260 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x255/0x560 [ 75.748196][ T5337] #2: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0 [ 75.752011][ T5337] [ 75.752011][ T5337] stack backtrace: [ 75.754675][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.754689][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.754697][ T5337] Call Trace: [ 75.754705][ T5337] [ 75.754711][ T5337] dump_stack_lvl+0xe8/0x150 [ 75.754727][ T5337] print_circular_bug+0x2e2/0x300 [ 75.754744][ T5337] check_noncircular+0x12e/0x150 [ 75.754756][ T5337] __lock_acquire+0x15a6/0x2cf0 [ 75.754768][ T5337] ? do_raw_spin_lock+0x121/0x290 [ 75.754784][ T5337] ? __flush_work+0xd2/0xbc0 [ 75.754796][ T5337] lock_acquire+0x107/0x340 [ 75.754805][ T5337] ? __flush_work+0xd2/0xbc0 [ 75.754817][ T5337] ? __flush_work+0xd2/0xbc0 [ 75.754828][ T5337] __flush_work+0x6b8/0xbc0 [ 75.754839][ T5337] ? __flush_work+0xd2/0xbc0 [ 75.754851][ T5337] ? __flush_work+0xd2/0xbc0 [ 75.754863][ T5337] ? __pfx___flush_work+0x10/0x10 [ 75.754875][ T5337] ? __pfx_wq_barrier_func+0x10/0x10 [ 75.754891][ T5337] ? __cancel_work_sync+0x5c/0x110 [ 75.754904][ T5337] __cancel_work_sync+0xbe/0x110 [ 75.754917][ T5337] smc_clcsock_release+0x60/0xf0 [ 75.754929][ T5337] __smc_release+0x66b/0x7e0 [ 75.754942][ T5337] ? __local_bh_enable_ip+0xd0/0x130 [ 75.754955][ T5337] smc_close_non_accepted+0xd5/0x1f0 [ 75.754970][ T5337] smc_close_active+0xb68/0xf10 [ 75.754980][ T5337] ? __pfx_sock_def_readable+0x10/0x10 [ 75.754995][ T5337] __smc_release+0x8d/0x7e0 [ 75.755007][ T5337] ? __local_bh_enable_ip+0xd0/0x130 [ 75.755018][ T5337] smc_release+0x2ce/0x560 [ 75.755032][ T5337] sock_close+0xc3/0x240 [ 75.755045][ T5337] ? __pfx_sock_close+0x10/0x10 [ 75.755057][ T5337] __fput+0x44c/0xa70 [ 75.755072][ T5337] task_work_run+0x1d4/0x260 [ 75.755088][ T5337] ? __pfx_task_work_run+0x10/0x10 [ 75.755105][ T5337] exit_to_user_mode_loop+0xef/0x4e0 [ 75.755117][ T5337] ? rcu_is_watching+0x15/0xb0 [ 75.755130][ T5337] do_syscall_64+0x2c1/0xf80 [ 75.755141][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.755152][ T5337] ? trace_irq_disable+0x37/0x100 [ 75.755166][ T5337] ? clear_bhb_loop+0x60/0xb0 [ 75.755178][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.755189][ T5337] RIP: 0033:0x7f36ba98f7c9 [ 75.755202][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.755211][ T5337] RSP: 002b:00007ffde6d28f38 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 75.755224][ T5337] RAX: 0000000000000000 RBX: 000000000001263b RCX: 00007f36ba98f7c9 [ 75.755231][ T5337] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 75.755238][ T5337] RBP: 00007f36babe7da0 R08: 0000000000000001 R09: 0000000ae6d2922f [ 75.755245][ T5337] R10: 00007f36ba7ff02c R11: 0000000000000246 R12: 00007f36babe5fac [ 75.755252][ T5337] R13: 00007f36babe5fa0 R14: ffffffffffffffff R15: 00007ffde6d29050 [ 75.755264][ T5337]