program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$smc(&(0x7f00000033c0), r2)
sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003480)={&(0x7f00000000c0)={0x34, r3, 0x20, 0x70bd28, 0x25dfdbfe, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bridge_slave_0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x40004)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r3, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6erspan0\x00'}]}, 0x34}}, 0x800)
close(r0)
socket(0x2b, 0x1, 0x1)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

[   75.592549][ T5300] Bluetooth: hci0: command tx timeout
[   75.672930][ T5319] 
[   75.673975][ T5319] ======================================================
[   75.676958][ T5319] WARNING: possible circular locking dependency detected
[   75.679890][ T5319] syzkaller #0 Not tainted
[   75.681837][ T5319] ------------------------------------------------------
[   75.684968][ T5319] syz.0.0/5319 is trying to acquire lock:
[   75.687408][ T5319] ffff888011dc16d8 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x100/0xc50
[   75.692790][ T5319] 
[   75.692790][ T5319] but task is already holding lock:
[   75.695938][ T5319] ffff888011dc0260 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x255/0x560
[   75.700135][ T5319] 
[   75.700135][ T5319] which lock already depends on the new lock.
[   75.700135][ T5319] 
[   75.704431][ T5319] 
[   75.704431][ T5319] the existing dependency chain (in reverse order) is:
[   75.708135][ T5319] 
[   75.708135][ T5319] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}:
[   75.711480][ T5319]        lock_sock_nested+0x48/0x100
[   75.713820][ T5319]        smc_listen_out+0x109/0x3e0
[   75.716075][ T5319]        smc_listen_work+0x813/0x13f0
[   75.718332][ T5319]        process_scheduled_works+0xaec/0x17a0
[   75.720896][ T5319]        worker_thread+0xda6/0x1360
[   75.722984][ T5319]        kthread+0x726/0x8b0
[   75.724932][ T5319]        ret_from_fork+0x51b/0xa40
[   75.727031][ T5319]        ret_from_fork_asm+0x1a/0x30
[   75.729206][ T5319] 
[   75.729206][ T5319] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}:
[   75.733484][ T5319]        __lock_acquire+0x15a5/0x2cf0
[   75.736114][ T5319]        lock_acquire+0x106/0x330
[   75.738759][ T5319]        __flush_work+0x700/0xc50
[   75.741061][ T5319]        __cancel_work_sync+0xbe/0x110
[   75.743638][ T5319]        smc_clcsock_release+0x60/0xf0
[   75.745823][ T5319]        __smc_release+0x66b/0x7e0
[   75.747977][ T5319]        smc_close_non_accepted+0xd5/0x1f0
[   75.750277][ T5319]        smc_close_active+0xb67/0xf10
[   75.752544][ T5319]        __smc_release+0x8d/0x7e0
[   75.754681][ T5319]        smc_release+0x2ce/0x560
[   75.756805][ T5319]        sock_close+0xc3/0x240
[   75.758846][ T5319]        __fput+0x44f/0xa70
[   75.760696][ T5319]        task_work_run+0x1d9/0x270
[   75.762960][ T5319]        exit_to_user_mode_loop+0xed/0x480
[   75.765429][ T5319]        do_syscall_64+0x2b7/0xf80
[   75.767795][ T5319]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.770631][ T5319] 
[   75.770631][ T5319] other info that might help us debug this:
[   75.770631][ T5319] 
[   75.774765][ T5319]  Possible unsafe locking scenario:
[   75.774765][ T5319] 
[   75.777877][ T5319]        CPU0                    CPU1
[   75.780216][ T5319]        ----                    ----
[   75.782486][ T5319]   lock(sk_lock-AF_SMC/1);
[   75.784529][ T5319]                                lock((work_completion)(&new_smc->smc_listen_work));
[   75.788355][ T5319]                                lock(sk_lock-AF_SMC/1);
[   75.791012][ T5319]   lock((work_completion)(&new_smc->smc_listen_work));
[   75.793655][ T5319] 
[   75.793655][ T5319]  *** DEADLOCK ***
[   75.793655][ T5319] 
[   75.796622][ T5319] 3 locks held by syz.0.0/5319:
[   75.798553][ T5319]  #0: ffff88801183f008 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[   75.802244][ T5319]  #1: ffff888011dc0260 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x255/0x560
[   75.806041][ T5319]  #2: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: __flush_work+0x100/0xc50
[   75.809587][ T5319] 
[   75.809587][ T5319] stack backtrace:
[   75.812170][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.812180][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.812185][ T5319] Call Trace:
[   75.812191][ T5319]  <TASK>
[   75.812197][ T5319]  dump_stack_lvl+0xe8/0x150
[   75.812214][ T5319]  print_circular_bug+0x2e1/0x300
[   75.812229][ T5319]  check_noncircular+0x12e/0x150
[   75.812247][ T5319]  __lock_acquire+0x15a5/0x2cf0
[   75.812264][ T5319]  ? do_raw_spin_lock+0x12b/0x2f0
[   75.812292][ T5319]  ? __pfx___schedule+0x10/0x10
[   75.812303][ T5319]  ? irqentry_exit+0x59c/0x620
[   75.812310][ T5319]  ? __flush_work+0x100/0xc50
[   75.812317][ T5319]  lock_acquire+0x106/0x330
[   75.812326][ T5319]  ? __flush_work+0x100/0xc50
[   75.812333][ T5319]  ? preempt_schedule_thunk+0x16/0x30
[   75.812340][ T5319]  ? __flush_work+0x100/0xc50
[   75.812346][ T5319]  __flush_work+0x700/0xc50
[   75.812353][ T5319]  ? __flush_work+0x100/0xc50
[   75.812360][ T5319]  ? __flush_work+0x100/0xc50
[   75.812366][ T5319]  ? __pfx___flush_work+0x10/0x10
[   75.812373][ T5319]  ? __pfx_wq_barrier_func+0x10/0x10
[   75.812386][ T5319]  ? __cancel_work_sync+0x5c/0x110
[   75.812393][ T5319]  __cancel_work_sync+0xbe/0x110
[   75.812400][ T5319]  smc_clcsock_release+0x60/0xf0
[   75.812409][ T5319]  __smc_release+0x66b/0x7e0
[   75.812419][ T5319]  ? __local_bh_enable_ip+0xd0/0x130
[   75.812426][ T5319]  smc_close_non_accepted+0xd5/0x1f0
[   75.812433][ T5319]  smc_close_active+0xb67/0xf10
[   75.812441][ T5319]  ? __pfx_sock_def_readable+0x10/0x10
[   75.812451][ T5319]  __smc_release+0x8d/0x7e0
[   75.812460][ T5319]  ? __local_bh_enable_ip+0xd0/0x130
[   75.812466][ T5319]  smc_release+0x2ce/0x560
[   75.812476][ T5319]  sock_close+0xc3/0x240
[   75.812486][ T5319]  ? __pfx_sock_close+0x10/0x10
[   75.812497][ T5319]  __fput+0x44f/0xa70
[   75.812516][ T5319]  task_work_run+0x1d9/0x270
[   75.812529][ T5319]  ? __pfx_task_work_run+0x10/0x10
[   75.812543][ T5319]  exit_to_user_mode_loop+0xed/0x480
[   75.812557][ T5319]  ? rcu_is_watching+0x15/0xb0
[   75.812568][ T5319]  do_syscall_64+0x2b7/0xf80
[   75.812580][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.812590][ T5319]  ? trace_irq_disable+0x37/0x100
[   75.812601][ T5319]  ? clear_bhb_loop+0x60/0xb0
[   75.812613][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.812624][ T5319] RIP: 0033:0x7fdc9039aeb9
[   75.812636][ T5319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   75.812644][ T5319] RSP: 002b:00007ffc6b5cb0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   75.812656][ T5319] RAX: 0000000000000000 RBX: 00007ffc6b5cb1b0 RCX: 00007fdc9039aeb9
[   75.812663][ T5319] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   75.812669][ T5319] RBP: 00000000000126e5 R08: 0000000000000001 R09: 0000000000000000
[   75.812675][ T5319] R10: 00007fdc901ff030 R11: 0000000000000246 R12: 00007ffc6b5cb1f0
[   75.812682][ T5319] R13: 00007fdc90615fac R14: 000000000001272d R15: 00007fdc90615fa0
[   75.812697][ T5319]  </TASK>