program:
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x4)
io_uring_setup(0x177f, &(0x7f0000000140))
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e607452d8d335fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d820"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r5, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
setsockopt$sock_attach_bpf(r5, 0x1, 0x34, &(0x7f0000000040)=r4, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="b7000000ecffffff0c0000000000000095000000000000005e0c83dfb64a3eb1cdfa541cd3957aa8a96b9fa4591c1eb556e38defc504b011face5a06294c2115a9ad943bac350e8d7961537181f79ead9176dc7c3ed2d45004deb987fa0d"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r7 = dup2(r6, r4)
setsockopt$sock_attach_bpf(r5, 0x1, 0x34, &(0x7f00000000c0)=r7, 0x4)
r8 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r8, 0xc080661a, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
r9 = syz_usbip_server_init(0x1)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0))
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYRES64, @ANYRES32=r2], 0x1c}}, 0x80c0)
close_range(r2, r9, 0x0)

[   75.564124][ T5301] Bluetooth: hci0: command tx timeout
[   75.820729][ T5328] loop0: detected capacity change from 0 to 128
[   75.860754][ T5328] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   75.896966][ T5328] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   75.932741][ T5328] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(13)
[   75.935865][ T5328] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   75.953584][ T5328] vhci_hcd vhci_hcd.0: Device attached
[   76.193838][ T5315] usb 6-1: new low-speed USB device number 2 using vhci_hcd
[   76.446934][ T5331] vhci_hcd: connection reset by peer
[   76.451219][   T25] vhci_hcd: stop threads
[   76.453290][   T25] vhci_hcd: release socket
[   76.462223][   T25] vhci_hcd: disconnect device
[   76.489597][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.492359][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.957250][ T5323] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   76.960785][ T5323] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   76.965046][ T5323] 
[   76.966041][ T5323] ======================================================
[   76.968919][ T5323] WARNING: possible circular locking dependency detected
[   76.971785][ T5323] syzkaller #0 Not tainted
[   76.973655][ T5323] ------------------------------------------------------
[   76.976543][ T5323] syz.0.0/5323 is trying to acquire lock:
[   76.978877][ T5323] ffff88804353b040 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0
[   76.982882][ T5323] 
[   76.982882][ T5323] but task is already holding lock:
[   76.985288][ T5323] ffff88804353b338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[   76.988545][ T5323] 
[   76.988545][ T5323] which lock already depends on the new lock.
[   76.988545][ T5323] 
[   76.992561][ T5323] 
[   76.992561][ T5323] the existing dependency chain (in reverse order) is:
[   76.996088][ T5323] 
[   76.996088][ T5323] -> #1 (&conn->lock#2){+.+.}-{4:4}:
[   76.999340][ T5323]        lock_acquire+0x120/0x360
[   77.001578][ T5323]        __mutex_lock+0x187/0x1350
[   77.003767][ T5323]        l2cap_info_timeout+0x60/0xa0
[   77.006235][ T5323]        process_scheduled_works+0xae1/0x17b0
[   77.008754][ T5323]        worker_thread+0x8a0/0xda0
[   77.010859][ T5323]        kthread+0x711/0x8a0
[   77.012780][ T5323]        ret_from_fork+0x4bc/0x870
[   77.014846][ T5323]        ret_from_fork_asm+0x1a/0x30
[   77.017091][ T5323] 
[   77.017091][ T5323] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   77.021311][ T5323]        validate_chain+0xb9b/0x2140
[   77.023488][ T5323]        __lock_acquire+0xab9/0xd20
[   77.025577][ T5323]        lock_acquire+0x120/0x360
[   77.027500][ T5323]        __flush_work+0x6b8/0xbc0
[   77.029759][ T5323]        __cancel_work_sync+0xbe/0x110
[   77.032008][ T5323]        l2cap_conn_del+0x4f0/0x680
[   77.034186][ T5323]        l2cap_connect_cfm+0x11d/0x1040
[   77.036628][ T5323]        hci_conn_failed+0x1ce/0x310
[   77.038974][ T5323]        hci_abort_conn_sync+0x658/0xe30
[   77.041346][ T5323]        hci_disconnect_all_sync+0x1b5/0x350
[   77.043828][ T5323]        hci_suspend_sync+0x3fc/0xc60
[   77.046177][ T5323]        hci_suspend_dev+0x28d/0x4d0
[   77.048476][ T5323]        hci_suspend_notifier+0xf2/0x290
[   77.050982][ T5323]        notifier_call_chain+0x1b6/0x3e0
[   77.053420][ T5323]        blocking_notifier_call_chain_robust+0x85/0x100
[   77.056386][ T5323]        pm_notifier_call_chain_robust+0x2c/0x60
[   77.059131][ T5323]        snapshot_open+0x19c/0x280
[   77.061392][ T5323]        misc_open+0x2d5/0x350
[   77.063604][ T5323]        chrdev_open+0x4cc/0x5e0
[   77.065805][ T5323]        do_dentry_open+0x953/0x13f0
[   77.068226][ T5323]        vfs_open+0x3b/0x340
[   77.070307][ T5323]        path_openat+0x2ee5/0x3830
[   77.072427][ T5323]        do_filp_open+0x1fa/0x410
[   77.074547][ T5323]        do_sys_openat2+0x121/0x1c0
[   77.076765][ T5323]        __x64_sys_openat+0x138/0x170
[   77.079084][ T5323]        do_syscall_64+0xfa/0xfa0
[   77.081243][ T5323]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.083690][ T5323] 
[   77.083690][ T5323] other info that might help us debug this:
[   77.083690][ T5323] 
[   77.088058][ T5323]  Possible unsafe locking scenario:
[   77.088058][ T5323] 
[   77.091053][ T5323]        CPU0                    CPU1
[   77.093342][ T5323]        ----                    ----
[   77.095218][ T5323]   lock(&conn->lock#2);
[   77.097203][ T5323]                                lock((work_completion)(&(&conn->info_timer)->work));
[   77.101405][ T5323]                                lock(&conn->lock#2);
[   77.104346][ T5323]   lock((work_completion)(&(&conn->info_timer)->work));
[   77.107414][ T5323] 
[   77.107414][ T5323]  *** DEADLOCK ***
[   77.107414][ T5323] 
[   77.110948][ T5323] 8 locks held by syz.0.0/5323:
[   77.113158][ T5323]  #0: ffffffff8e7776a8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[   77.116769][ T5323]  #1: ffffffff8dded268 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[   77.121403][ T5323]  #2: ffffffff8de10970 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[   77.126492][ T5323]  #3: ffff888041878dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_suspend_dev+0x285/0x4d0
[   77.130351][ T5323]  #4: ffff8880418780b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[   77.134463][ T5323]  #5: ffffffff8f438128 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[   77.138886][ T5323]  #6: ffff88804353b338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[   77.142975][ T5323]  #7: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0
[   77.146972][ T5323] 
[   77.146972][ T5323] stack backtrace:
[   77.149571][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.149587][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.149595][ T5323] Call Trace:
[   77.149602][ T5323]  <TASK>
[   77.149608][ T5323]  dump_stack_lvl+0x189/0x250
[   77.149628][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.149642][ T5323]  ? __pfx__printk+0x10/0x10
[   77.149653][ T5323]  ? print_lock_name+0xde/0x100
[   77.149663][ T5323]  print_circular_bug+0x2ee/0x310
[   77.149676][ T5323]  check_noncircular+0x134/0x160
[   77.149690][ T5323]  validate_chain+0xb9b/0x2140
[   77.149701][ T5323]  ? do_raw_spin_lock+0x121/0x290
[   77.149716][ T5323]  ? look_up_lock_class+0x74/0x170
[   77.149730][ T5323]  ? register_lock_class+0x51/0x320
[   77.149742][ T5323]  __lock_acquire+0xab9/0xd20
[   77.149754][ T5323]  ? __flush_work+0xd2/0xbc0
[   77.149765][ T5323]  lock_acquire+0x120/0x360
[   77.149775][ T5323]  ? __flush_work+0xd2/0xbc0
[   77.149787][ T5323]  ? _raw_spin_unlock_irq+0x23/0x50
[   77.149800][ T5323]  ? __flush_work+0xd2/0xbc0
[   77.149811][ T5323]  __flush_work+0x6b8/0xbc0
[   77.149822][ T5323]  ? __flush_work+0xd2/0xbc0
[   77.149835][ T5323]  ? __flush_work+0xd2/0xbc0
[   77.149847][ T5323]  ? __pfx___flush_work+0x10/0x10
[   77.149858][ T5323]  ? __pfx_wq_barrier_func+0x10/0x10
[   77.149872][ T5323]  ? __pfx___cancel_work+0x10/0x10
[   77.149884][ T5323]  ? rcu_is_watching+0x15/0xb0
[   77.149896][ T5323]  ? trace_contention_end+0x39/0x120
[   77.149909][ T5323]  __cancel_work_sync+0xbe/0x110
[   77.149922][ T5323]  l2cap_conn_del+0x4f0/0x680
[   77.149938][ T5323]  l2cap_connect_cfm+0x11d/0x1040
[   77.149955][ T5323]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[   77.149970][ T5323]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[   77.149984][ T5323]  hci_conn_failed+0x1ce/0x310
[   77.149999][ T5323]  ? hci_abort_conn_sync+0x24e/0xe30
[   77.150012][ T5323]  hci_abort_conn_sync+0x658/0xe30
[   77.150025][ T5323]  ? __lock_acquire+0xab9/0xd20
[   77.150035][ T5323]  ? __pfx_hci_abort_conn_sync+0x10/0x10
[   77.150049][ T5323]  ? hci_disconnect_all_sync+0x2e/0x350
[   77.150064][ T5323]  ? hci_disconnect_all_sync+0x2e/0x350
[   77.150076][ T5323]  ? hci_disconnect_all_sync+0x2e/0x350
[   77.150091][ T5323]  hci_disconnect_all_sync+0x1b5/0x350
[   77.150106][ T5323]  hci_suspend_sync+0x3fc/0xc60
[   77.150122][ T5323]  ? __pfx___mutex_lock+0x10/0x10
[   77.150135][ T5323]  ? enable_work+0x258/0x2c0
[   77.150147][ T5323]  ? __pfx_hci_suspend_sync+0x10/0x10
[   77.150162][ T5323]  ? mgmt_pending_find+0x152/0x170
[   77.150177][ T5323]  ? hci_cmd_sync_cancel_sync+0xc9/0x190
[   77.150188][ T5323]  hci_suspend_dev+0x28d/0x4d0
[   77.150201][ T5323]  ? __pfx_hci_suspend_dev+0x10/0x10
[   77.150212][ T5323]  ? rcu_barrier+0x474/0x570
[   77.150226][ T5323]  hci_suspend_notifier+0xf2/0x290
[   77.150238][ T5323]  notifier_call_chain+0x1b6/0x3e0
[   77.150251][ T5323]  blocking_notifier_call_chain_robust+0x85/0x100
[   77.150264][ T5323]  pm_notifier_call_chain_robust+0x2c/0x60
[   77.150275][ T5323]  snapshot_open+0x19c/0x280
[   77.150286][ T5323]  ? __pfx_snapshot_open+0x10/0x10
[   77.150295][ T5323]  misc_open+0x2d5/0x350
[   77.150306][ T5323]  chrdev_open+0x4cc/0x5e0
[   77.150322][ T5323]  ? __pfx_chrdev_open+0x10/0x10
[   77.150338][ T5323]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[   77.150355][ T5323]  ? __pfx_chrdev_open+0x10/0x10
[   77.150367][ T5323]  do_dentry_open+0x953/0x13f0
[   77.150379][ T5323]  vfs_open+0x3b/0x340
[   77.150388][ T5323]  ? path_openat+0x2ecd/0x3830
[   77.150400][ T5323]  path_openat+0x2ee5/0x3830
[   77.150417][ T5323]  ? __pfx_path_openat+0x10/0x10
[   77.150431][ T5323]  do_filp_open+0x1fa/0x410
[   77.150441][ T5323]  ? __lock_acquire+0xab9/0xd20
[   77.150451][ T5323]  ? __pfx_do_filp_open+0x10/0x10
[   77.150466][ T5323]  ? _raw_spin_unlock+0x28/0x50
[   77.150477][ T5323]  ? alloc_fd+0x64c/0x6c0
[   77.150492][ T5323]  do_sys_openat2+0x121/0x1c0
[   77.150502][ T5323]  ? __pfx_do_sys_openat2+0x10/0x10
[   77.150512][ T5323]  ? exc_page_fault+0x82/0x100
[   77.150534][ T5323]  ? do_user_addr_fault+0xc85/0x1380
[   77.150547][ T5323]  __x64_sys_openat+0x138/0x170
[   77.150559][ T5323]  do_syscall_64+0xfa/0xfa0
[   77.150574][ T5323]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.150588][ T5323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.150599][ T5323]  ? clear_bhb_loop+0x60/0xb0
[   77.150609][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.150619][ T5323] RIP: 0033:0x7f67c278f749
[   77.150631][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.150640][ T5323] RSP: 002b:00007f67c368a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   77.150651][ T5323] RAX: ffffffffffffffda RBX: 00007f67c29e5fa0 RCX: 00007f67c278f749
[   77.150660][ T5323] RDX: 0000000000040040 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[   77.150667][ T5323] RBP: 00007f67c2813f91 R08: 0000000000000000 R09: 0000000000000000
[   77.150674][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.150681][ T5323] R13: 00007f67c29e6038 R14: 00007f67c29e5fa0 R15: 00007ffc1eb4e808
[   77.150692][ T5323]  </TASK>
[   77.684182][ T5301] Bluetooth: hci0: command 0x040f tx timeout
[   79.764082][ T5301] Bluetooth: hci0: command 0x040f tx timeout
[   81.273881][ T5315] vhci_hcd: vhci_device speed not set
[   81.843874][ T5301] Bluetooth: hci0: command 0x040f tx timeout