program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x4000000)
r1 = syz_clone(0x0, 0x0, 0x43, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
r2 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000002e40)=ANY=[@ANYBLOB="00020201"], 0x18)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}, 0x1c)
r3 = dup(r2)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000440)={0xa0, 0x0, 0x0, {{0x2, 0x0, 0x2, 0xae74, 0x1, 0x1, {0x5, 0xe, 0x0, 0x52, 0x4, 0xfffffffffffffffb, 0xfd73, 0xe4400000, 0xfffffff3, 0x4000, 0x0, 0x0, 0xee01, 0x4553ae1}}, {0x0, 0xe}}}, 0xa0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x54, r4, 0x300, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x4}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0x4}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x5}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0xfffffff4}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x9b}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x8}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x3}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x804}, 0x4010)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYRES8=r5], 0xe0}}, 0x85)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
r6 = socket(0x10, 0x80002, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x803}, 0xe)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="02c82028002400010007d3040007c4faff020c04000300d3"], 0x2d)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r8, 0x400448ca, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYRES64=r5, @ANYRESOCT=0x0, @ANYRES32=r3], 0x270}, 0x1, 0x0, 0x0, 0x40008011}, 0x40000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a0b0400000000000000000200000044000480400001800a0001006d6174636800000030000280080002400000000118000300d6feffffffffffffff537c4c3060c6a405106c720a0001006f776e65720000000900010073797a30000000000900020073797a32"], 0x98}}, 0x4048010)
r10 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r11=>0x0})
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x40d, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r11}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x5}]}}}]}, 0x3c}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

[   86.251117][ T5341] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   86.277855][ T5341] 
[   86.278857][ T5341] ======================================================
[   86.281760][ T5341] WARNING: possible circular locking dependency detected
[   86.284760][ T5341] syzkaller #0 Not tainted
[   86.286749][ T5341] ------------------------------------------------------
[   86.289752][ T5341] syz.0.0/5341 is trying to acquire lock:
[   86.292186][ T5341] ffff8880111b4840 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0
[   86.297376][ T5341] 
[   86.297376][ T5341] but task is already holding lock:
[   86.300493][ T5341] ffff8880111b4b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[   86.304487][ T5341] 
[   86.304487][ T5341] which lock already depends on the new lock.
[   86.304487][ T5341] 
[   86.308553][ T5341] 
[   86.308553][ T5341] the existing dependency chain (in reverse order) is:
[   86.312210][ T5341] 
[   86.312210][ T5341] -> #1 (&conn->lock#2){+.+.}-{4:4}:
[   86.315472][ T5341]        __mutex_lock+0x187/0x1350
[   86.317704][ T5341]        l2cap_info_timeout+0x60/0xa0
[   86.320143][ T5341]        process_scheduled_works+0xad1/0x1770
[   86.322694][ T5341]        worker_thread+0x8a0/0xda0
[   86.324885][ T5341]        kthread+0x711/0x8a0
[   86.326907][ T5341]        ret_from_fork+0x599/0xb30
[   86.329121][ T5341]        ret_from_fork_asm+0x1a/0x30
[   86.331350][ T5341] 
[   86.331350][ T5341] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   86.335675][ T5341]        __lock_acquire+0x15a6/0x2cf0
[   86.337993][ T5341]        lock_acquire+0x117/0x340
[   86.340112][ T5341]        __flush_work+0x6b8/0xbc0
[   86.342243][ T5341]        __cancel_work_sync+0xbe/0x110
[   86.344550][ T5341]        l2cap_conn_del+0x4f3/0x680
[   86.346960][ T5341]        hci_conn_hash_flush+0x10d/0x230
[   86.349458][ T5341]        hci_dev_close_sync+0x821/0xff0
[   86.351735][ T5341]        hci_dev_close+0x108/0x200
[   86.353932][ T5341]        sock_do_ioctl+0xdc/0x300
[   86.356119][ T5341]        sock_ioctl+0x576/0x790
[   86.358392][ T5341]        __se_sys_ioctl+0xfc/0x170
[   86.360638][ T5341]        do_syscall_64+0xfa/0xf80
[   86.362785][ T5341]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.365567][ T5341] 
[   86.365567][ T5341] other info that might help us debug this:
[   86.365567][ T5341] 
[   86.369999][ T5341]  Possible unsafe locking scenario:
[   86.369999][ T5341] 
[   86.373231][ T5341]        CPU0                    CPU1
[   86.375539][ T5341]        ----                    ----
[   86.377813][ T5341]   lock(&conn->lock#2);
[   86.379696][ T5341]                                lock((work_completion)(&(&conn->info_timer)->work));
[   86.383620][ T5341]                                lock(&conn->lock#2);
[   86.386999][ T5341]   lock((work_completion)(&(&conn->info_timer)->work));
[   86.390697][ T5341] 
[   86.390697][ T5341]  *** DEADLOCK ***
[   86.390697][ T5341] 
[   86.394280][ T5341] 5 locks held by syz.0.0/5341:
[   86.396384][ T5341]  #0: ffff888045248ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_close+0x100/0x200
[   86.400512][ T5341]  #1: ffff8880452480c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0xff0
[   86.404477][ T5341]  #2: ffffffff8f476848 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[   86.408866][ T5341]  #3: ffff8880111b4b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[   86.412818][ T5341]  #4: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0
[   86.416786][ T5341] 
[   86.416786][ T5341] stack backtrace:
[   86.419337][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.419353][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.419361][ T5341] Call Trace:
[   86.419368][ T5341]  <TASK>
[   86.419375][ T5341]  dump_stack_lvl+0x189/0x250
[   86.419394][ T5341]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.419406][ T5341]  ? __pfx__printk+0x10/0x10
[   86.419420][ T5341]  ? print_lock_name+0xde/0x100
[   86.419433][ T5341]  print_circular_bug+0x2e2/0x300
[   86.419447][ T5341]  check_noncircular+0x12e/0x150
[   86.419460][ T5341]  __lock_acquire+0x15a6/0x2cf0
[   86.419471][ T5341]  ? do_raw_spin_unlock+0x4d/0x240
[   86.419484][ T5341]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   86.419499][ T5341]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.419515][ T5341]  ? __flush_work+0xd2/0xbc0
[   86.419526][ T5341]  lock_acquire+0x117/0x340
[   86.419535][ T5341]  ? __flush_work+0xd2/0xbc0
[   86.419547][ T5341]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.419559][ T5341]  ? __flush_work+0xd2/0xbc0
[   86.419570][ T5341]  __flush_work+0x6b8/0xbc0
[   86.419581][ T5341]  ? __flush_work+0xd2/0xbc0
[   86.419593][ T5341]  ? __flush_work+0xd2/0xbc0
[   86.419604][ T5341]  ? __pfx___flush_work+0x10/0x10
[   86.419613][ T5341]  ? __pfx_wq_barrier_func+0x10/0x10
[   86.419625][ T5341]  ? __pfx___cancel_work+0x10/0x10
[   86.419637][ T5341]  ? l2cap_conn_del+0x3de/0x680
[   86.419650][ T5341]  ? __cancel_work_sync+0x5c/0x110
[   86.419663][ T5341]  __cancel_work_sync+0xbe/0x110
[   86.419675][ T5341]  l2cap_conn_del+0x4f3/0x680
[   86.419689][ T5341]  ? __pfx_l2cap_disconn_cfm+0x10/0x10
[   86.419703][ T5341]  hci_conn_hash_flush+0x10d/0x230
[   86.419717][ T5341]  hci_dev_close_sync+0x821/0xff0
[   86.419731][ T5341]  ? __pfx_hci_dev_close_sync+0x10/0x10
[   86.419744][ T5341]  ? __cancel_work_sync+0x5c/0x110
[   86.419757][ T5341]  hci_dev_close+0x108/0x200
[   86.419770][ T5341]  sock_do_ioctl+0xdc/0x300
[   86.419784][ T5341]  ? __pfx_sock_do_ioctl+0x10/0x10
[   86.419803][ T5341]  ? do_futex+0x395/0x420
[   86.419819][ T5341]  sock_ioctl+0x576/0x790
[   86.419832][ T5341]  ? __pfx_sock_ioctl+0x10/0x10
[   86.419845][ T5341]  ? __fget_files+0x3a0/0x420
[   86.419862][ T5341]  ? __fget_files+0x2a/0x420
[   86.419876][ T5341]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.419885][ T5341]  ? __pfx_sock_ioctl+0x10/0x10
[   86.419892][ T5341]  __se_sys_ioctl+0xfc/0x170
[   86.419903][ T5341]  do_syscall_64+0xfa/0xf80
[   86.419912][ T5341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.419923][ T5341]  ? clear_bhb_loop+0x60/0xb0
[   86.419934][ T5341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.419945][ T5341] RIP: 0033:0x7fda8718f7c9
[   86.419957][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.419966][ T5341] RSP: 002b:00007fda88077038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.419978][ T5341] RAX: ffffffffffffffda RBX: 00007fda873e5fa0 RCX: 00007fda8718f7c9
[   86.419985][ T5341] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 000000000000000a
[   86.419990][ T5341] RBP: 00007fda87213f91 R08: 0000000000000000 R09: 0000000000000000
[   86.419994][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.419998][ T5341] R13: 00007fda873e6038 R14: 00007fda873e5fa0 R15: 00007ffc3803b7e8
[   86.420005][ T5341]  </TASK>
[   86.558965][ T4681] Bluetooth: hci0: command tx timeout
[   88.597258][ T4681] Bluetooth: hci0: command tx timeout
[   90.677269][ T4681] Bluetooth: hci0: command tx timeout
[   91.641769][    T9] cfg80211: failed to load regulatory.db