program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket(0x2b, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x5)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r2)

[   73.836864][   T46] Bluetooth: hci0: command tx timeout
[   73.948946][ T5336] 
[   73.953934][ T5336] ======================================================
[   73.962710][ T5336] WARNING: possible circular locking dependency detected
[   73.965838][ T5336] syzkaller #0 Not tainted
[   73.967895][ T5336] ------------------------------------------------------
[   73.982320][ T5336] syz.0.0/5336 is trying to acquire lock:
[   73.984883][ T5336] ffff8880116d96d8 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0
[   73.996773][ T5336] 
[   73.996773][ T5336] but task is already holding lock:
[   74.000136][ T5336] ffff8880116d8260 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x255/0x560
[   74.004317][ T5336] 
[   74.004317][ T5336] which lock already depends on the new lock.
[   74.004317][ T5336] 
[   74.009228][ T5336] 
[   74.009228][ T5336] the existing dependency chain (in reverse order) is:
[   74.013411][ T5336] 
[   74.013411][ T5336] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}:
[   74.017067][ T5336]        lock_sock_nested+0x48/0x100
[   74.020515][ T5336]        smc_listen_out+0x109/0x3e0
[   74.022977][ T5336]        process_scheduled_works+0xad1/0x1770
[   74.025914][ T5336]        worker_thread+0x8a0/0xda0
[   74.029425][ T5336]        kthread+0x711/0x8a0
[   74.031926][ T5336]        ret_from_fork+0x510/0xa50
[   74.035421][ T5336]        ret_from_fork_asm+0x1a/0x30
[   74.038039][ T5336] 
[   74.038039][ T5336] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}:
[   74.043235][ T5336]        __lock_acquire+0x15a6/0x2cf0
[   74.045698][ T5336]        lock_acquire+0x107/0x340
[   74.048019][ T5336]        __flush_work+0x6b8/0xbc0
[   74.051315][ T5336]        __cancel_work_sync+0xbe/0x110
[   74.053862][ T5336]        smc_clcsock_release+0x60/0xf0
[   74.056406][ T5336]        __smc_release+0x66b/0x7e0
[   74.060593][ T5336]        smc_close_non_accepted+0xd5/0x1f0
[   74.063804][ T5336]        smc_close_active+0xb68/0xf10
[   74.066423][ T5336]        __smc_release+0x8d/0x7e0
[   74.071523][ T5336]        smc_release+0x2ce/0x560
[   74.073831][ T5336]        sock_close+0xc3/0x240
[   74.076006][ T5336]        __fput+0x44c/0xa70
[   74.083343][ T5336]        task_work_run+0x1d4/0x260
[   74.085221][ T5336]        exit_to_user_mode_loop+0xef/0x4e0
[   74.089238][ T5336]        do_syscall_64+0x2c1/0xf80
[   74.091166][ T5336]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.093656][ T5336] 
[   74.093656][ T5336] other info that might help us debug this:
[   74.093656][ T5336] 
[   74.099485][ T5336]  Possible unsafe locking scenario:
[   74.099485][ T5336] 
[   74.104492][ T5336]        CPU0                    CPU1
[   74.109918][ T5336]        ----                    ----
[   74.122464][ T5336]   lock(sk_lock-AF_SMC/1);
[   74.124224][ T5336]                                lock((work_completion)(&new_smc->smc_listen_work));
[   74.134375][ T5336]                                lock(sk_lock-AF_SMC/1);
[   74.146590][ T5336]   lock((work_completion)(&new_smc->smc_listen_work));
[   74.151098][ T5336] 
[   74.151098][ T5336]  *** DEADLOCK ***
[   74.151098][ T5336] 
[   74.154381][ T5336] 3 locks held by syz.0.0/5336:
[   74.174377][ T5336]  #0: ffff888045dc5ec8 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[   74.182020][ T5336]  #1: ffff8880116d8260 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x255/0x560
[   74.187899][ T5336]  #2: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0
[   74.197262][ T5336] 
[   74.197262][ T5336] stack backtrace:
[   74.200266][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.200284][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.200291][ T5336] Call Trace:
[   74.200298][ T5336]  <TASK>
[   74.200304][ T5336]  dump_stack_lvl+0xe8/0x150
[   74.200323][ T5336]  print_circular_bug+0x2e2/0x300
[   74.200337][ T5336]  check_noncircular+0x12e/0x150
[   74.200348][ T5336]  __lock_acquire+0x15a6/0x2cf0
[   74.200358][ T5336]  ? do_raw_spin_lock+0x121/0x290
[   74.200372][ T5336]  ? __flush_work+0xd2/0xbc0
[   74.200385][ T5336]  lock_acquire+0x107/0x340
[   74.200394][ T5336]  ? __flush_work+0xd2/0xbc0
[   74.200407][ T5336]  ? __flush_work+0xd2/0xbc0
[   74.200418][ T5336]  __flush_work+0x6b8/0xbc0
[   74.200428][ T5336]  ? __flush_work+0xd2/0xbc0
[   74.200440][ T5336]  ? __flush_work+0xd2/0xbc0
[   74.200452][ T5336]  ? __pfx___flush_work+0x10/0x10
[   74.200463][ T5336]  ? __pfx_wq_barrier_func+0x10/0x10
[   74.200478][ T5336]  ? __cancel_work_sync+0x5c/0x110
[   74.200490][ T5336]  __cancel_work_sync+0xbe/0x110
[   74.200502][ T5336]  smc_clcsock_release+0x60/0xf0
[   74.200515][ T5336]  __smc_release+0x66b/0x7e0
[   74.200528][ T5336]  ? __local_bh_enable_ip+0xd0/0x130
[   74.200540][ T5336]  smc_close_non_accepted+0xd5/0x1f0
[   74.200554][ T5336]  smc_close_active+0xb68/0xf10
[   74.200564][ T5336]  ? __pfx_sock_def_readable+0x10/0x10
[   74.200578][ T5336]  __smc_release+0x8d/0x7e0
[   74.200589][ T5336]  ? __local_bh_enable_ip+0xd0/0x130
[   74.200600][ T5336]  smc_release+0x2ce/0x560
[   74.200613][ T5336]  sock_close+0xc3/0x240
[   74.200627][ T5336]  ? __pfx_sock_close+0x10/0x10
[   74.200638][ T5336]  __fput+0x44c/0xa70
[   74.200653][ T5336]  task_work_run+0x1d4/0x260
[   74.200667][ T5336]  ? __pfx_task_work_run+0x10/0x10
[   74.200689][ T5336]  exit_to_user_mode_loop+0xef/0x4e0
[   74.200700][ T5336]  ? rcu_is_watching+0x15/0xb0
[   74.200713][ T5336]  do_syscall_64+0x2c1/0xf80
[   74.200724][ T5336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.200734][ T5336]  ? trace_irq_disable+0x37/0x100
[   74.200749][ T5336]  ? clear_bhb_loop+0x60/0xb0
[   74.200760][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.200770][ T5336] RIP: 0033:0x7fe9a538f7c9
[   74.200782][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.200791][ T5336] RSP: 002b:00007fffbfa988f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   74.200805][ T5336] RAX: 0000000000000000 RBX: 0000000000011ffd RCX: 00007fe9a538f7c9
[   74.200812][ T5336] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   74.200818][ T5336] RBP: 00007fe9a55e7da0 R08: 0000000000000001 R09: 0000000abfa98bef
[   74.200824][ T5336] R10: 00007fe9a51ff03c R11: 0000000000000246 R12: 00007fe9a55e5fac
[   74.200831][ T5336] R13: 00007fe9a55e5fa0 R14: ffffffffffffffff R15: 00007fffbfa98a10
[   74.200843][ T5336]  </TASK>