program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000240)={0x1f, 0xffff, 0x2}, 0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000100000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0)
sendmsg$NFT_MSG_GETTABLE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x20, 0x1, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x4804)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600), 0x1, 0x56e, &(0x7f0000000640)="$eJzs3U9sHFcZAPBvdh0ndU1dm1pqysGBRLh/FNvtSk4NB8IBDhT1UiRUqRysZGMHr2Nju6I2F/fGiQoJBKiiasQBCSRiiQNwqChIHJAIEgIhLNRKIA78aQHhHggBjGZ3NtnYs2bBjhcyv5+02TdvnvO9t5vvafe9iSeAwjqR/pFE9EfE1YgYaBze2uBE4+kblY3ZK5WN2SS2t5/6U1Jvd7myMdts2vy5uyNiPSLuj4jvX4g4d2R33OXVtbnpWq26lB2Pr8wvji+vrp2+OD89U52pXqpUHp+anJw6MznxH4wm2fPsRxffGPrF7JMzL4/8/ekz81/5YxJn6+OOHeM4SHk96kkizt6OYF1QTscTEX0dth+uvvDKbe4SHfrc0OZ4+t7dFxGn6vk/EOX6uxnxvpee+ctAvPd6u5+9uvnS7w6zrwDAwdlOHd37NHBnKkX63T8pjUVEo1wqjY01vsPfF32l2sLyyiMXFp69dL6xRnBvHClduFirTmRrBffGkSQ9frRevnn82I7jSkQMRsSny3fVj8fOLdTOH+pMBzT1R7z+zU+c6717R/7/ttzIf+DOleb/z37w7e+m5bfK3e4NcJjS/P/aW/NPhPyHwpH/UFzyH4pL/kNxyX8oLvkPxSX/objkPxSX/Ifikv9QXK35L/2hmAZHXt1MImL9PXfVH6ne7FzOr+0B7iDb24n/5A8F5bM/FFdPtzsAdI3v+MDevzk74li7E4sH3xfgcJS63QGga0aP2/+DorL+D8Vl/R+Ky2d8wPo/FI/1fyiu/jb3/3pby727JiLinoj4UfnI0ea9voD/X/0Rr7949VvPRJR+n2Sf/0cHTvVPv/Ha91rb9SZ/rW8R9EbEJ1986gvPTa+sLD2a1v/5Rv3KF7P6x7o1GqATzTxt5jFQXMura3PTtVp1SUFBoXCF5jxwubIx23wc1tzzwsMRb76/cRFCGvdK9mic7cnWJo/V9yj7tpJbrlVIDmDv8jOnI9afj4j788afZPc7b+x89G2Vd8V/e/acPo5n6ydpm+EO45fv2V/8B1rij7TEf0eH8Tc/0mHD22Tw692N//Ivs9d/oqcn7/Xf77UxQ//m/BNf3WeAffrNr7sb/9RId+N/fiHi1XT+mcjLv1Kaljd2PnfOP/0t10n/tz41enP+u7Jr/ivdmP/Kbea/Ex3G+eHT1Y/l1Zd/HPHm8xEP5MZvxjtWj9W3VdoV/2TL/PPgHvH/8OGfzuXVn30tYvtyxGjkx2+NNb4yvzi+vLp2+uL89Ex1pnqpUnl8anJy6szkxHh9jXq8uVK925PXhz+QV3/yy43x97WJ3xx/u9d/e48xt1r70sf735lT/5PjjfgPnsx//4ey+I3Xv2dX/Hdlz+m/k39k1/Kmba5FxNGs/qGI+M4rgw/n9etD1xvxz7cZf+mW+LvH/0iH4//sr/75bF79cx/s8C8AAA5U+6WBbvcMAAA4aIex09jtMQL5+rZ6o3UbOFlv2VdYv7mvkNZfy/YXyusRf8v2GNL6h7JdsrScu9EA/M8ZXnv3z7vdBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICiW15dm5uu1apLy93uCXDY/hUAAP//T2kBHQ==")
syz_open_dev$usbfs(&(0x7f0000000080), 0x5, 0x0)

[   86.101278][ T4679] Bluetooth: hci0: command tx timeout
[   86.194925][ T5322] 
[   86.196059][ T5322] ======================================================
[   86.198790][ T5322] WARNING: possible circular locking dependency detected
[   86.201552][ T5322] syzkaller #0 Not tainted
[   86.203318][ T5322] ------------------------------------------------------
[   86.206034][ T5322] kworker/0:4/5322 is trying to acquire lock:
[   86.208339][ T5322] ffff88804147bb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0
[   86.212153][ T5322] 
[   86.212153][ T5322] but task is already holding lock:
[   86.215323][ T5322] ffffc9000ccd7b80 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[   86.220593][ T5322] 
[   86.220593][ T5322] which lock already depends on the new lock.
[   86.220593][ T5322] 
[   86.224857][ T5322] 
[   86.224857][ T5322] the existing dependency chain (in reverse order) is:
[   86.228577][ T5322] 
[   86.228577][ T5322] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   86.232994][ T5322]        __flush_work+0x6b8/0xbc0
[   86.235212][ T5322]        __cancel_work_sync+0xbe/0x110
[   86.237648][ T5322]        l2cap_conn_del+0x402/0x5b0
[   86.239838][ T5322]        hci_conn_hash_flush+0x10d/0x260
[   86.242150][ T5322]        hci_dev_close_sync+0x821/0x1100
[   86.244585][ T5322]        hci_dev_close+0x108/0x270
[   86.246811][ T5322]        sock_do_ioctl+0xdc/0x300
[   86.248949][ T5322]        sock_ioctl+0x576/0x790
[   86.251077][ T5322]        __se_sys_ioctl+0xfc/0x170
[   86.253447][ T5322]        do_syscall_64+0xfa/0xf80
[   86.255755][ T5322]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.258498][ T5322] 
[   86.258498][ T5322] -> #0 (&conn->lock#2){+.+.}-{4:4}:
[   86.261718][ T5322]        __lock_acquire+0x15a6/0x2cf0
[   86.264047][ T5322]        lock_acquire+0x117/0x340
[   86.266291][ T5322]        __mutex_lock+0x187/0x1350
[   86.268565][ T5322]        l2cap_info_timeout+0x60/0xa0
[   86.270976][ T5322]        process_scheduled_works+0xad1/0x1770
[   86.273629][ T5322]        worker_thread+0x8a0/0xda0
[   86.275901][ T5322]        kthread+0x711/0x8a0
[   86.277932][ T5322]        ret_from_fork+0x599/0xb30
[   86.280241][ T5322]        ret_from_fork_asm+0x1a/0x30
[   86.282631][ T5322] 
[   86.282631][ T5322] other info that might help us debug this:
[   86.282631][ T5322] 
[   86.287067][ T5322]  Possible unsafe locking scenario:
[   86.287067][ T5322] 
[   86.290319][ T5322]        CPU0                    CPU1
[   86.292738][ T5322]        ----                    ----
[   86.294905][ T5322]   lock((work_completion)(&(&conn->info_timer)->work));
[   86.297764][ T5322]                                lock(&conn->lock#2);
[   86.300780][ T5322]                                lock((work_completion)(&(&conn->info_timer)->work));
[   86.304925][ T5322]   lock(&conn->lock#2);
[   86.306807][ T5322] 
[   86.306807][ T5322]  *** DEADLOCK ***
[   86.306807][ T5322] 
[   86.310551][ T5322] 2 locks held by kworker/0:4/5322:
[   86.312838][ T5322]  #0: ffff88801a467548 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[   86.317537][ T5322]  #1: ffffc9000ccd7b80 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[   86.323043][ T5322] 
[   86.323043][ T5322] stack backtrace:
[   86.325289][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full) 
[   86.325304][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.325311][ T5322] Workqueue: events l2cap_info_timeout
[   86.325331][ T5322] Call Trace:
[   86.325339][ T5322]  <TASK>
[   86.325345][ T5322]  dump_stack_lvl+0x189/0x250
[   86.325359][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.325372][ T5322]  ? __pfx__printk+0x10/0x10
[   86.325389][ T5322]  ? print_lock_name+0xde/0x100
[   86.325402][ T5322]  print_circular_bug+0x2e2/0x300
[   86.325417][ T5322]  check_noncircular+0x12e/0x150
[   86.325433][ T5322]  __lock_acquire+0x15a6/0x2cf0
[   86.325448][ T5322]  ? l2cap_info_timeout+0x60/0xa0
[   86.325460][ T5322]  lock_acquire+0x117/0x340
[   86.325469][ T5322]  ? l2cap_info_timeout+0x60/0xa0
[   86.325485][ T5322]  __mutex_lock+0x187/0x1350
[   86.325496][ T5322]  ? l2cap_info_timeout+0x60/0xa0
[   86.325510][ T5322]  ? l2cap_info_timeout+0x60/0xa0
[   86.325523][ T5322]  ? __pfx___mutex_lock+0x10/0x10
[   86.325533][ T5322]  ? process_scheduled_works+0x9ef/0x1770
[   86.325547][ T5322]  l2cap_info_timeout+0x60/0xa0
[   86.325559][ T5322]  ? process_scheduled_works+0x9ef/0x1770
[   86.325570][ T5322]  process_scheduled_works+0xad1/0x1770
[   86.325585][ T5322]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.325619][ T5322]  worker_thread+0x8a0/0xda0
[   86.325632][ T5322]  ? __kthread_parkme+0x7b/0x200
[   86.325646][ T5322]  kthread+0x711/0x8a0
[   86.325659][ T5322]  ? __pfx_worker_thread+0x10/0x10
[   86.325670][ T5322]  ? __pfx_kthread+0x10/0x10
[   86.325682][ T5322]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.325696][ T5322]  ? lockdep_hardirqs_on+0x98/0x140
[   86.325705][ T5322]  ? __pfx_kthread+0x10/0x10
[   86.325718][ T5322]  ret_from_fork+0x599/0xb30
[   86.325729][ T5322]  ? __pfx_ret_from_fork+0x10/0x10
[   86.325741][ T5322]  ? __pfx_kthread+0x10/0x10
[   86.325755][ T5322]  ret_from_fork_asm+0x1a/0x30
[   86.325773][ T5322]  </TASK>
[   86.534973][ T5345] loop0: detected capacity change from 0 to 512
[   86.594421][ T5345] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.603676][ T5345] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.130001][ T4679] Bluetooth: hci0: command tx timeout
[   90.210156][ T4679] Bluetooth: hci0: command tx timeout
[   91.660658][  T786] cfg80211: failed to load regulatory.db
[   92.289968][ T4679] Bluetooth: hci0: command tx timeout