program:
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x39}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x20, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0xfffffeb7, 0x2, 0x1, 0x0, @remote}}}]}]}, 0xfeb0}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080)
syz_mount_image$squashfs(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x10, &(0x7f0000001e40)=ANY=[@ANYBLOB="005901e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5cfeeda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa43423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e305ecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRESDEC=0x0, @ANYRESHEX, @ANYRES32, @ANYBLOB="ac931ffe2e034b8dd14ac2bcafe2a3db3b6b1bc81660929531a71e9dfe005db566c55615c629269d611abb023c92c9d03851783821243b475e5892394d7ab8d9fceeacdc96380b83c7fded5a2d007577d07f19d851be5b07573412633702096e456bbf9941886a6ef49a0ae53fa62d7dbe4ddaa51a8039b620f2269d5c72239cf3", @ANYRESDEC, @ANYRES32], 0x1, 0x1f6, &(0x7f0000000480)="$eJzskr9rFEEUx7+zO7fZSEIOORFFEDVoLJLb22j8USjYeKggSIQYEDz2NnFx44/sgd6RYq1S2AgGIUEsBEkKC/EfcAsrsVEIdiGSOkUKG8m5MrNv17n/IMV8iv3uzPsx772Z+9GTqA9Ad2fBA8oQcFTw/RcDB3CUyS00zUxt0hukFtmvGpkmpH9Iu+c6U9MAC45vTBjJweYxVsZA5ffXTXgYuosLb69/+HGrtLS+f/v9Z+F/7Xb7E9ip5tC7Nx9fXlkelOnZnWk1j5kcWbFFIgCvdqc2NvkhVPJcwdL6AfuvV0LO6xkwZ8UGMPZldPmSM/jCoJxRu/OgEYb+fHT5uYFtedTPnQVP/NwDkKZpKnsHUAeg+oj21xSfwxyYBGAiLXw4/lNtzT2uRu3OaDDXmPVn/YeuOz7hnHGcs251Jgh9R3wBmqYMpwlC6GkA4pr6RQkss4sWd8lnH3phSmlkZ/1K+ZZydSMnemMNJTZXhqSI7SM/MYJJnIQY7dOYKbvDMguHbKwOBpMWNa7Ul51lS8OY9yhsLkL0RmGr4EWO2hZKxcJVF+Pn47zsRdJh0jrpKukWaf6i85fKZQaD3vNIDFh41mi15msWsDaAm98yi9xzreKvHKsDE6eWzd7mLprQaDQajUaj0Wg0mj3DvwAAAP//6cWYyg==") (async)
syz_mount_image$squashfs(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x10, &(0x7f0000001e40)=ANY=[@ANYBLOB="005901e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5cfeeda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa43423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e305ecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRESDEC=0x0, @ANYRESHEX, @ANYRES32, @ANYBLOB="ac931ffe2e034b8dd14ac2bcafe2a3db3b6b1bc81660929531a71e9dfe005db566c55615c629269d611abb023c92c9d03851783821243b475e5892394d7ab8d9fceeacdc96380b83c7fded5a2d007577d07f19d851be5b07573412633702096e456bbf9941886a6ef49a0ae53fa62d7dbe4ddaa51a8039b620f2269d5c72239cf3", @ANYRESDEC, @ANYRES32], 0x1, 0x1f6, &(0x7f0000000480)="$eJzskr9rFEEUx7+zO7fZSEIOORFFEDVoLJLb22j8USjYeKggSIQYEDz2NnFx44/sgd6RYq1S2AgGIUEsBEkKC/EfcAsrsVEIdiGSOkUKG8m5MrNv17n/IMV8iv3uzPsx772Z+9GTqA9Ad2fBA8oQcFTw/RcDB3CUyS00zUxt0hukFtmvGpkmpH9Iu+c6U9MAC45vTBjJweYxVsZA5ffXTXgYuosLb69/+HGrtLS+f/v9Z+F/7Xb7E9ip5tC7Nx9fXlkelOnZnWk1j5kcWbFFIgCvdqc2NvkhVPJcwdL6AfuvV0LO6xkwZ8UGMPZldPmSM/jCoJxRu/OgEYb+fHT5uYFtedTPnQVP/NwDkKZpKnsHUAeg+oj21xSfwxyYBGAiLXw4/lNtzT2uRu3OaDDXmPVn/YeuOz7hnHGcs251Jgh9R3wBmqYMpwlC6GkA4pr6RQkss4sWd8lnH3phSmlkZ/1K+ZZydSMnemMNJTZXhqSI7SM/MYJJnIQY7dOYKbvDMguHbKwOBpMWNa7Ul51lS8OY9yhsLkL0RmGr4EWO2hZKxcJVF+Pn47zsRdJh0jrpKukWaf6i85fKZQaD3vNIDFh41mi15msWsDaAm98yi9xzreKvHKsDE6eWzd7mLprQaDQajUaj0Wg0mj3DvwAAAP//6cWYyg==")
chdir(&(0x7f0000000040)='./file0\x00')
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
perf_event_open(&(0x7f00000000c0)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) (async)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
getxattr(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)=@random={'system.', '\'\x00'}, &(0x7f0000000680)=""/172, 0xac)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x18)
renameat2(r4, &(0x7f0000000080)='./file1\x00', r3, &(0x7f00000000c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000005c0)='./bus\x00')
rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000240), 0x208e24b)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0) (async)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
bind$bt_sco(r0, &(0x7f0000000000), 0x8)
listen(r0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="0404"], 0xd) (async)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="0404"], 0xd)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)

[   68.669507][ T4669] Bluetooth: hci0: command tx timeout
[   68.738576][ T5324] loop0: detected capacity change from 0 to 8
[   68.752586][ T5324] syz.0.0: attempt to access beyond end of device
[   68.752586][ T5324] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   68.769008][ T5324] SQUASHFS error: Failed to read block 0x0: -5
[   68.771345][ T5324] unable to read squashfs_super_block
[   68.794309][ T5323] loop0: detected capacity change from 0 to 1024
[   68.820328][ T5323] EXT4-fs: Ignoring removed orlov option
[   68.822790][ T5323] EXT4-fs: Ignoring removed nomblk_io_submit option
[   68.850226][ T5323] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.908461][ T4669] BUG: sleeping function called from invalid context at net/core/sock.c:3613
[   68.912322][ T4669] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4669, name: kworker/u5:1
[   68.916473][ T4669] preempt_count: 1, expected: 0
[   68.918418][ T4669] RCU nest depth: 0, expected: 0
[   68.920280][ T4669] 6 locks held by kworker/u5:1/4669:
[   68.922253][ T4669]  #0: ffff8880439f1948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   68.926487][ T4669]  #1: ffffc9000de67d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   68.930873][ T4669]  #2: ffff88804dd60078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xb1/0xaa0
[   68.934680][ T4669]  #3: ffffffff8fe40328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x532/0xaa0
[   68.938758][ T4669]  #4: ffff88804f27d020 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x28a/0xb40
[   68.941995][ T4669]  #5: ffff88803eebe258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x461/0xb40
[   68.946164][ T4669] Preemption disabled at:
[   68.946174][ T4669] [<0000000000000000>] 0x0
[   68.949448][ T4669] CPU: 0 UID: 0 PID: 4669 Comm: kworker/u5:1 Not tainted 6.12.0-rc5-syzkaller-00322-gb9021de3ec2f #0
[   68.953057][ T4669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.956530][ T4669] Workqueue: hci0 hci_rx_work
[   68.958168][ T4669] Call Trace:
[   68.959280][ T4669]  <TASK>
[   68.960417][ T4669]  dump_stack_lvl+0x241/0x360
[   68.962238][ T4669]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.964215][ T4669]  ? __pfx__printk+0x10/0x10
[   68.966019][ T4669]  __might_resched+0x5d4/0x780
[   68.967885][ T4669]  ? __pfx_lock_acquire+0x10/0x10
[   68.969792][ T4669]  ? __pfx___might_resched+0x10/0x10
[   68.972088][ T4669]  ? __pfx_lock_release+0x10/0x10
[   68.974014][ T4669]  ? do_raw_spin_lock+0x14f/0x370
[   68.975899][ T4669]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   68.978182][ T4669]  lock_sock_nested+0x5d/0x100
[   68.980118][ T4669]  sco_connect_cfm+0x461/0xb40
[   68.981884][ T4669]  ? __pfx_sco_connect_cfm+0x10/0x10
[   68.983951][ T4669]  ? hci_conn_add_sysfs+0xfc/0x200
[   68.985931][ T4669]  ? __pfx_sco_connect_cfm+0x10/0x10
[   68.988024][ T4669]  hci_sync_conn_complete_evt+0x5ab/0xaa0
[   68.990193][ T4669]  hci_event_packet+0xac2/0x1540
[   68.992093][ T4669]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[   68.994528][ T4669]  ? __pfx_hci_event_packet+0x10/0x10
[   68.996435][ T4669]  ? remove_advertising_complete+0x160/0x3f0
[   68.998874][ T4669]  ? kcov_remote_start+0x97/0x7d0
[   69.001002][ T4669]  hci_rx_work+0x3fe/0xd80
[   69.002584][ T4669]  ? process_scheduled_works+0x976/0x1850
[   69.004601][ T4669]  process_scheduled_works+0xa63/0x1850
[   69.006618][ T4669]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.008792][ T4669]  ? assign_work+0x364/0x3d0
[   69.010443][ T4669]  worker_thread+0x870/0xd30
[   69.012095][ T4669]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.014241][ T4669]  ? __kthread_parkme+0x169/0x1d0
[   69.016057][ T4669]  ? __pfx_worker_thread+0x10/0x10
[   69.017928][ T4669]  kthread+0x2f0/0x390
[   69.019404][ T4669]  ? __pfx_worker_thread+0x10/0x10
[   69.021224][ T4669]  ? __pfx_kthread+0x10/0x10
[   69.022903][ T4669]  ret_from_fork+0x4b/0x80
[   69.024557][ T4669]  ? __pfx_kthread+0x10/0x10
[   69.026273][ T4669]  ret_from_fork_asm+0x1a/0x30
[   69.028219][ T4669]  </TASK>
[   69.040482][ T5322] 
[   69.041505][ T5322] ======================================================
[   69.044111][ T5322] WARNING: possible circular locking dependency detected
[   69.046366][ T5322] 6.12.0-rc5-syzkaller-00322-gb9021de3ec2f #0 Tainted: G        W         
[   69.048812][ T5322] ------------------------------------------------------
[   69.050738][ T5322] syz.0.0/5322 is trying to acquire lock:
[   69.052455][ T5322] ffff88804f27d020 (&conn->lock#2){+.+.}-{2:2}, at: __sco_sock_close+0x338/0x570
[   69.055208][ T5322] 
[   69.055208][ T5322] but task is already holding lock:
[   69.057966][ T5322] ffff888043a4e258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: __sco_sock_close+0xec/0x570
[   69.061516][ T5322] 
[   69.061516][ T5322] which lock already depends on the new lock.
[   69.061516][ T5322] 
[   69.064984][ T5322] 
[   69.064984][ T5322] the existing dependency chain (in reverse order) is:
[   69.068126][ T5322] 
[   69.068126][ T5322] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}:
[   69.071197][ T5322]        lock_acquire+0x1ed/0x550
[   69.073139][ T5322]        lock_sock_nested+0x48/0x100
[   69.075062][ T5322]        bt_accept_dequeue+0xfa/0x570
[   69.077068][ T5322]        __sco_sock_close+0xd6/0x570
[   69.079029][ T5322]        sco_sock_release+0xb3/0x320
[   69.080978][ T5322]        sock_close+0xbc/0x240
[   69.082739][ T5322]        __fput+0x23f/0x880
[   69.084487][ T5322]        task_work_run+0x24f/0x310
[   69.086367][ T5322]        syscall_exit_to_user_mode+0x168/0x370
[   69.088366][ T5322]        do_syscall_64+0x100/0x230
[   69.090199][ T5322]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.092429][ T5322] 
[   69.092429][ T5322] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
[   69.095642][ T5322]        lock_acquire+0x1ed/0x550
[   69.097489][ T5322]        lock_sock_nested+0x48/0x100
[   69.099315][ T5322]        sco_connect_cfm+0x461/0xb40
[   69.101188][ T5322]        hci_sync_conn_complete_evt+0x5ab/0xaa0
[   69.103314][ T5322]        hci_event_packet+0xac2/0x1540
[   69.104793][ T5322]        hci_rx_work+0x3fe/0xd80
[   69.106148][ T5322]        process_scheduled_works+0xa63/0x1850
[   69.107819][ T5322]        worker_thread+0x870/0xd30
[   69.109190][ T5322]        kthread+0x2f0/0x390
[   69.110436][ T5322]        ret_from_fork+0x4b/0x80
[   69.111994][ T5322]        ret_from_fork_asm+0x1a/0x30
[   69.113839][ T5322] 
[   69.113839][ T5322] -> #0 (&conn->lock#2){+.+.}-{2:2}:
[   69.116575][ T5322]        validate_chain+0x18ef/0x5920
[   69.118470][ T5322]        __lock_acquire+0x1384/0x2050
[   69.120282][ T5322]        lock_acquire+0x1ed/0x550
[   69.121975][ T5322]        _raw_spin_lock+0x2e/0x40
[   69.123795][ T5322]        __sco_sock_close+0x338/0x570
[   69.125848][ T5322]        __sco_sock_close+0x154/0x570
[   69.127785][ T5322]        sco_sock_release+0xb3/0x320
[   69.129731][ T5322]        sock_close+0xbc/0x240
[   69.131549][ T5322]        __fput+0x23f/0x880
[   69.133213][ T5322]        task_work_run+0x24f/0x310
[   69.135025][ T5322]        syscall_exit_to_user_mode+0x168/0x370
[   69.137199][ T5322]        do_syscall_64+0x100/0x230
[   69.139013][ T5322]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.141145][ T5322] 
[   69.141145][ T5322] other info that might help us debug this:
[   69.141145][ T5322] 
[   69.144470][ T5322] Chain exists of:
[   69.144470][ T5322]   &conn->lock#2 --> sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> sk_lock-AF_BLUETOOTH
[   69.144470][ T5322] 
[   69.149456][ T5322]  Possible unsafe locking scenario:
[   69.149456][ T5322] 
[   69.152059][ T5322]        CPU0                    CPU1
[   69.153748][ T5322]        ----                    ----
[   69.155469][ T5322]   lock(sk_lock-AF_BLUETOOTH);
[   69.157069][ T5322]                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
[   69.159855][ T5322]                                lock(sk_lock-AF_BLUETOOTH);
[   69.162267][ T5322]   lock(&conn->lock#2);
[   69.163723][ T5322] 
[   69.163723][ T5322]  *** DEADLOCK ***
[   69.163723][ T5322] 
[   69.166473][ T5322] 3 locks held by syz.0.0/5322:
[   69.168269][ T5322]  #0: ffff888043def808 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240
[   69.171738][ T5322]  #1: ffff88803eebe258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_sock_release+0x5a/0x320
[   69.175665][ T5322]  #2: ffff888043a4e258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: __sco_sock_close+0xec/0x570
[   69.179200][ T5322] 
[   69.179200][ T5322] stack backtrace:
[   69.181336][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Tainted: G        W          6.12.0-rc5-syzkaller-00322-gb9021de3ec2f #0
[   69.185660][ T5322] Tainted: [W]=WARN
[   69.187128][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.190999][ T5322] Call Trace:
[   69.192269][ T5322]  <TASK>
[   69.193412][ T5322]  dump_stack_lvl+0x241/0x360
[   69.195199][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.197196][ T5322]  ? __pfx__printk+0x10/0x10
[   69.198894][ T5322]  print_circular_bug+0x13a/0x1b0
[   69.200828][ T5322]  check_noncircular+0x36a/0x4a0
[   69.202693][ T5322]  ? mark_lock+0x9a/0x360
[   69.204352][ T5322]  ? __pfx_check_noncircular+0x10/0x10
[   69.206515][ T5322]  ? lockdep_lock+0x123/0x2b0
[   69.208262][ T5322]  validate_chain+0x18ef/0x5920
[   69.210033][ T5322]  ? __pfx_validate_chain+0x10/0x10
[   69.211867][ T5322]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.214054][ T5322]  ? __mod_timer+0xb89/0xeb0
[   69.215691][ T5322]  ? __pfx_lock_release+0x10/0x10
[   69.217436][ T5322]  ? do_raw_spin_unlock+0x58/0x8b0
[   69.219221][ T5322]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.221249][ T5322]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.223357][ T5322]  ? mark_lock+0x9a/0x360
[   69.225128][ T5322]  __lock_acquire+0x1384/0x2050
[   69.227082][ T5322]  lock_acquire+0x1ed/0x550
[   69.228778][ T5322]  ? __sco_sock_close+0x338/0x570
[   69.230657][ T5322]  ? __pfx_lock_acquire+0x10/0x10
[   69.232572][ T5322]  ? queue_delayed_work_on+0x267/0x390
[   69.234586][ T5322]  ? __pfx_queue_delayed_work_on+0x10/0x10
[   69.236680][ T5322]  ? __pfx___cancel_work+0x10/0x10
[   69.238560][ T5322]  ? __cancel_work+0x2ee/0x390
[   69.240315][ T5322]  ? __pfx___cancel_work+0x10/0x10
[   69.242157][ T5322]  ? __sco_sock_close+0xec/0x570
[   69.244021][ T5322]  _raw_spin_lock+0x2e/0x40
[   69.245727][ T5322]  ? __sco_sock_close+0x338/0x570
[   69.247652][ T5322]  __sco_sock_close+0x338/0x570
[   69.249565][ T5322]  __sco_sock_close+0x154/0x570
[   69.251465][ T5322]  sco_sock_release+0xb3/0x320
[   69.253284][ T5322]  sock_close+0xbc/0x240
[   69.254869][ T5322]  ? __pfx_sock_close+0x10/0x10
[   69.256712][ T5322]  __fput+0x23f/0x880
[   69.258234][ T5322]  task_work_run+0x24f/0x310
[   69.259989][ T5322]  ? __pfx_task_work_run+0x10/0x10
[   69.261877][ T5322]  ? syscall_exit_to_user_mode+0xa3/0x370
[   69.264083][ T5322]  syscall_exit_to_user_mode+0x168/0x370
[   69.265900][ T5322]  do_syscall_64+0x100/0x230
[   69.267532][ T5322]  ? clear_bhb_loop+0x35/0x90
[   69.269200][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.271417][ T5322] RIP: 0033:0x7f2e6e57e719
[   69.273056][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.279860][ T5322] RSP: 002b:00007ffff653d218 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   69.283014][ T5322] RAX: 0000000000000000 RBX: 00007f2e6e737a80 RCX: 00007f2e6e57e719
[   69.285841][ T5322] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   69.288871][ T5322] RBP: 00007f2e6e737a80 R08: 0000000000000000 R09: 00007ffff653d50f
[   69.291538][ T5322] R10: 0000000000dffc98 R11: 0000000000000246 R12: 0000000000010f2b
[   69.294256][ T5322] R13: 00007ffff653d320 R14: 0000000000000032 R15: ffffffffffffffff
[   69.297089][ T5322]  </TASK>