program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0) (async)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
r3 = socket(0x10, 0x3, 0x0) (async)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'tunl0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x8}]}}}]}, 0x3c}}, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x291, 0x0, 0x1000000000008}]}) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r9 = openat$cgroup_devices(r8, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0)
socket(0x27, 0x4, 0x0) (async)
write$cgroup_devices(r9, &(0x7f0000000140)=ANY=[@ANYBLOB='c 75:*\tw\nm'], 0xa) (async)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r1, &(0x7f0000000340)="07000000010000", 0x7)

[   79.521500][ T5308] Bluetooth: hci0: command tx timeout
[   79.525097][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[   79.536552][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[   79.608549][ T5320] 
[   79.609604][ T5320] ======================================================
[   79.612291][ T5320] WARNING: possible circular locking dependency detected
[   79.615204][ T5320] 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 Not tainted
[   79.618425][ T5320] ------------------------------------------------------
[   79.621240][ T5320] kworker/0:5/5320 is trying to acquire lock:
[   79.623637][ T5320] ffff88801237c338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0
[   79.627325][ T5320] 
[   79.627325][ T5320] but task is already holding lock:
[   79.630050][ T5320] ffffc9000d447c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0
[   79.634787][ T5320] 
[   79.634787][ T5320] which lock already depends on the new lock.
[   79.634787][ T5320] 
[   79.638420][ T5320] 
[   79.638420][ T5320] the existing dependency chain (in reverse order) is:
[   79.641800][ T5320] 
[   79.641800][ T5320] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   79.645389][ T5320]        lock_acquire+0x116/0x2f0
[   79.647382][ T5320]        __flush_work+0x75b/0xc60
[   79.649301][ T5320]        __cancel_work_sync+0xbc/0x110
[   79.651497][ T5320]        l2cap_conn_del+0x507/0x690
[   79.653511][ T5320]        hci_conn_hash_flush+0xff/0x240
[   79.655664][ T5320]        hci_dev_close_sync+0xa8d/0x1260
[   79.657680][ T5320]        hci_dev_close+0x112/0x210
[   79.659713][ T5320]        sock_do_ioctl+0x15a/0x490
[   79.661729][ T5320]        sock_ioctl+0x644/0x900
[   79.663705][ T5320]        __se_sys_ioctl+0xf1/0x160
[   79.665553][ T5320]        do_syscall_64+0xf3/0x230
[   79.667452][ T5320]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.669895][ T5320] 
[   79.669895][ T5320] -> #0 (&conn->lock#2){+.+.}-{4:4}:
[   79.672908][ T5320]        validate_chain+0xa69/0x24e0
[   79.674764][ T5320]        __lock_acquire+0xad5/0xd80
[   79.676755][ T5320]        lock_acquire+0x116/0x2f0
[   79.678739][ T5320]        __mutex_lock+0x1a5/0x10c0
[   79.680853][ T5320]        l2cap_info_timeout+0x60/0xa0
[   79.682559][ T5320]        process_scheduled_works+0xac3/0x18e0
[   79.684760][ T5320]        worker_thread+0x870/0xd50
[   79.686730][ T5320]        kthread+0x7b7/0x940
[   79.688376][ T5320]        ret_from_fork+0x4b/0x80
[   79.690244][ T5320]        ret_from_fork_asm+0x1a/0x30
[   79.692125][ T5320] 
[   79.692125][ T5320] other info that might help us debug this:
[   79.692125][ T5320] 
[   79.695901][ T5320]  Possible unsafe locking scenario:
[   79.695901][ T5320] 
[   79.698741][ T5320]        CPU0                    CPU1
[   79.700896][ T5320]        ----                    ----
[   79.703097][ T5320]   lock((work_completion)(&(&conn->info_timer)->work));
[   79.705880][ T5320]                                lock(&conn->lock#2);
[   79.708682][ T5320]                                lock((work_completion)(&(&conn->info_timer)->work));
[   79.712288][ T5320]   lock(&conn->lock#2);
[   79.713933][ T5320] 
[   79.713933][ T5320]  *** DEADLOCK ***
[   79.713933][ T5320] 
[   79.716987][ T5320] 2 locks held by kworker/0:5/5320:
[   79.718878][ T5320]  #0: ffff88801b074d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0
[   79.723036][ T5320]  #1: ffffc9000d447c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0
[   79.727876][ T5320] 
[   79.727876][ T5320] stack backtrace:
[   79.730007][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: kworker/0:5 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) 
[   79.730017][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.730023][ T5320] Workqueue: events l2cap_info_timeout
[   79.730036][ T5320] Call Trace:
[   79.730040][ T5320]  <TASK>
[   79.730044][ T5320]  dump_stack_lvl+0x241/0x360
[   79.730056][ T5320]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.730065][ T5320]  ? __pfx__printk+0x10/0x10
[   79.730074][ T5320]  ? print_lock+0x171/0x1a0
[   79.730083][ T5320]  print_circular_bug+0x2e1/0x300
[   79.730096][ T5320]  check_noncircular+0x142/0x160
[   79.730110][ T5320]  validate_chain+0xa69/0x24e0
[   79.730127][ T5320]  __lock_acquire+0xad5/0xd80
[   79.730139][ T5320]  lock_acquire+0x116/0x2f0
[   79.730149][ T5320]  ? l2cap_info_timeout+0x60/0xa0
[   79.730162][ T5320]  __mutex_lock+0x1a5/0x10c0
[   79.730174][ T5320]  ? l2cap_info_timeout+0x60/0xa0
[   79.730186][ T5320]  ? irqentry_exit+0x63/0x90
[   79.730196][ T5320]  ? lockdep_hardirqs_on+0x9d/0x150
[   79.730208][ T5320]  ? l2cap_info_timeout+0x60/0xa0
[   79.730218][ T5320]  ? __pfx___mutex_lock+0x10/0x10
[   79.730231][ T5320]  ? lock_acquire+0x167/0x2f0
[   79.730247][ T5320]  l2cap_info_timeout+0x60/0xa0
[   79.730259][ T5320]  ? process_scheduled_works+0x9cb/0x18e0
[   79.730269][ T5320]  process_scheduled_works+0xac3/0x18e0
[   79.730287][ T5320]  ? __pfx_process_scheduled_works+0x10/0x10
[   79.730300][ T5320]  ? assign_work+0x367/0x3d0
[   79.730312][ T5320]  worker_thread+0x870/0xd50
[   79.730326][ T5320]  ? __kthread_parkme+0x1a8/0x200
[   79.730334][ T5320]  ? __pfx_worker_thread+0x10/0x10
[   79.730342][ T5320]  kthread+0x7b7/0x940
[   79.730351][ T5320]  ? __pfx_worker_thread+0x10/0x10
[   79.730358][ T5320]  ? __pfx_kthread+0x10/0x10
[   79.730366][ T5320]  ? __pfx_kthread+0x10/0x10
[   79.730375][ T5320]  ? __pfx_kthread+0x10/0x10
[   79.730383][ T5320]  ? __pfx_kthread+0x10/0x10
[   79.730391][ T5320]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.730398][ T5320]  ? lockdep_hardirqs_on+0x9d/0x150
[   79.730407][ T5320]  ? __pfx_kthread+0x10/0x10
[   79.730419][ T5320]  ret_from_fork+0x4b/0x80
[   79.730430][ T5320]  ? __pfx_kthread+0x10/0x10
[   79.730442][ T5320]  ret_from_fork_asm+0x1a/0x30
[   79.730455][ T5320]  </TASK>
[   79.815931][ T5324] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   81.526372][ T5308] Bluetooth: hci0: command tx timeout
[   83.606535][ T5308] Bluetooth: hci0: command tx timeout
[   85.686328][ T5308] Bluetooth: hci0: command tx timeout
[   86.406883][   T10] cfg80211: failed to load regulatory.db