program:
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$inet(0x2b, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
socket(0x2b, 0x1, 0x1)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r2, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

[   85.124154][ T5317] Bluetooth: hci0: command tx timeout
[   85.306434][ T5340] 
[   85.307523][ T5340] ======================================================
[   85.310361][ T5340] WARNING: possible circular locking dependency detected
[   85.324435][ T5340] syzkaller #0 Not tainted
[   85.331252][ T5340] ------------------------------------------------------
[   85.334060][ T5340] syz.0.0/5340 is trying to acquire lock:
[   85.341554][ T5340] ffff888052531678 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0
[   85.350922][ T5340] 
[   85.350922][ T5340] but task is already holding lock:
[   85.361581][ T5340] ffff888052530258 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x255/0x560
[   85.366708][ T5340] 
[   85.366708][ T5340] which lock already depends on the new lock.
[   85.366708][ T5340] 
[   85.381746][ T5340] 
[   85.381746][ T5340] the existing dependency chain (in reverse order) is:
[   85.385309][ T5340] 
[   85.385309][ T5340] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}:
[   85.388540][ T5340]        lock_acquire+0x120/0x360
[   85.390576][ T5340]        lock_sock_nested+0x48/0x100
[   85.399641][ T5340]        smc_listen_out+0x109/0x3e0
[   85.401875][ T5340]        smc_listen_work+0x581/0xf50
[   85.404042][ T5340]        process_scheduled_works+0xade/0x17b0
[   85.407410][ T5340]        worker_thread+0x8a0/0xda0
[   85.410379][ T5340]        kthread+0x711/0x8a0
[   85.414752][ T5340]        ret_from_fork+0x436/0x7d0
[   85.419953][ T5340]        ret_from_fork_asm+0x1a/0x30
[   85.424561][ T5340] 
[   85.424561][ T5340] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}:
[   85.450737][ T5340]        validate_chain+0xb9b/0x2140
[   85.454924][ T5340]        __lock_acquire+0xab9/0xd20
[   85.458289][ T5340]        lock_acquire+0x120/0x360
[   85.467417][ T5340]        __flush_work+0x6b8/0xbc0
[   85.469822][ T5340]        __cancel_work_sync+0xbe/0x110
[   85.472457][ T5340]        smc_clcsock_release+0x60/0xf0
[   85.475072][ T5340]        __smc_release+0x66b/0x7e0
[   85.479131][ T5340]        smc_close_non_accepted+0xd5/0x1f0
[   85.492115][ T5340]        smc_close_active+0xb68/0xf10
[   85.494391][ T5340]        __smc_release+0x8d/0x7e0
[   85.496462][ T5340]        smc_release+0x2ce/0x560
[   85.498512][ T5340]        sock_close+0xc0/0x240
[   85.500459][ T5340]        __fput+0x44c/0xa70
[   85.527287][ T5340]        task_work_run+0x1d1/0x260
[   85.535909][ T5340]        exit_to_user_mode_loop+0xe9/0x110
[   85.538258][ T5340]        do_syscall_64+0x2bd/0x3b0
[   85.546943][ T5340]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.557865][ T5340] 
[   85.557865][ T5340] other info that might help us debug this:
[   85.557865][ T5340] 
[   85.567904][ T5340]  Possible unsafe locking scenario:
[   85.567904][ T5340] 
[   85.588757][ T5340]        CPU0                    CPU1
[   85.591348][ T5340]        ----                    ----
[   85.593762][ T5340]   lock(sk_lock-AF_SMC/1);
[   85.595782][ T5340]                                lock((work_completion)(&new_smc->smc_listen_work));
[   85.616375][ T5340]                                lock(sk_lock-AF_SMC/1);
[   85.620392][ T5340]   lock((work_completion)(&new_smc->smc_listen_work));
[   85.623364][ T5340] 
[   85.623364][ T5340]  *** DEADLOCK ***
[   85.623364][ T5340] 
[   85.626844][ T5340] 3 locks held by syz.0.0/5340:
[   85.629539][ T5340]  #0: ffff888043388208 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[   85.662705][ T5340]  #1: ffff888052530258 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x255/0x560
[   85.667018][ T5340]  #2: ffffffff8dd3a860 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0
[   85.671356][ T5340] 
[   85.671356][ T5340] stack backtrace:
[   85.678990][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.679010][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.679019][ T5340] Call Trace:
[   85.679027][ T5340]  <TASK>
[   85.679034][ T5340]  dump_stack_lvl+0x189/0x250
[   85.679055][ T5340]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.679068][ T5340]  ? __pfx__printk+0x10/0x10
[   85.679078][ T5340]  ? print_lock_name+0xde/0x100
[   85.679093][ T5340]  print_circular_bug+0x2ee/0x310
[   85.679107][ T5340]  check_noncircular+0x134/0x160
[   85.679121][ T5340]  validate_chain+0xb9b/0x2140
[   85.679134][ T5340]  ? do_raw_spin_lock+0x121/0x290
[   85.679149][ T5340]  ? look_up_lock_class+0x74/0x170
[   85.679165][ T5340]  ? register_lock_class+0x51/0x320
[   85.679177][ T5340]  __lock_acquire+0xab9/0xd20
[   85.679188][ T5340]  ? __flush_work+0xd2/0xbc0
[   85.679200][ T5340]  lock_acquire+0x120/0x360
[   85.679210][ T5340]  ? __flush_work+0xd2/0xbc0
[   85.679225][ T5340]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.679239][ T5340]  ? __flush_work+0xd2/0xbc0
[   85.679253][ T5340]  __flush_work+0x6b8/0xbc0
[   85.679264][ T5340]  ? __flush_work+0xd2/0xbc0
[   85.679278][ T5340]  ? __flush_work+0xd2/0xbc0
[   85.679292][ T5340]  ? __pfx___flush_work+0x10/0x10
[   85.679306][ T5340]  ? __pfx_wq_barrier_func+0x10/0x10
[   85.679321][ T5340]  ? __pfx___cancel_work+0x10/0x10
[   85.679333][ T5340]  ? __local_bh_enable_ip+0x12d/0x1c0
[   85.679345][ T5340]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.679360][ T5340]  ? __local_bh_enable_ip+0x12d/0x1c0
[   85.679373][ T5340]  __cancel_work_sync+0xbe/0x110
[   85.679387][ T5340]  smc_clcsock_release+0x60/0xf0
[   85.679399][ T5340]  __smc_release+0x66b/0x7e0
[   85.679414][ T5340]  ? do_raw_spin_unlock+0x4d/0x240
[   85.679428][ T5340]  smc_close_non_accepted+0xd5/0x1f0
[   85.679443][ T5340]  smc_close_active+0xb68/0xf10
[   85.679455][ T5340]  ? __pfx_sock_def_readable+0x10/0x10
[   85.679468][ T5340]  __smc_release+0x8d/0x7e0
[   85.679481][ T5340]  ? do_raw_spin_unlock+0x4d/0x240
[   85.679498][ T5340]  smc_release+0x2ce/0x560
[   85.679512][ T5340]  sock_close+0xc0/0x240
[   85.679525][ T5340]  ? __pfx_sock_close+0x10/0x10
[   85.679536][ T5340]  __fput+0x44c/0xa70
[   85.679555][ T5340]  task_work_run+0x1d1/0x260
[   85.679570][ T5340]  ? __pfx_task_work_run+0x10/0x10
[   85.679585][ T5340]  ? exit_to_user_mode_loop+0x40/0x110
[   85.679597][ T5340]  exit_to_user_mode_loop+0xe9/0x110
[   85.679608][ T5340]  do_syscall_64+0x2bd/0x3b0
[   85.679617][ T5340]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.679631][ T5340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.679643][ T5340]  ? clear_bhb_loop+0x60/0xb0
[   85.679653][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.679664][ T5340] RIP: 0033:0x7f3f5c38eec9
[   85.679676][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.679684][ T5340] RSP: 002b:00007f3f5d2d6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   85.679698][ T5340] RAX: 0000000000000000 RBX: 00007f3f5c5e5fa0 RCX: 00007f3f5c38eec9
[   85.679706][ T5340] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003
[   85.679713][ T5340] RBP: 00007f3f5c411f91 R08: 0000000000000000 R09: 0000000000000000
[   85.679720][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.679726][ T5340] R13: 00007f3f5c5e6038 R14: 00007f3f5c5e5fa0 R15: 00007ffc624f9218
[   85.679737][ T5340]  </TASK>