program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)={0x44, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}]}, 0x44}}, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r2, 0x400448ca, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x50005, &(0x7f0000000100), 0x0, 0x5aa, &(0x7f0000001940)="$eJzs3c9rHFUcAPDvm2zSpKkmFUFrDwYKtqAmTVpRRLDFevPgj4InwZikpXTbhiaCrRVTqP+B/gGCNy/isYgU9eLVm+AfIMUiNRdvkdnsbjfNbtptdzM18/nANPNmdvt9k/Dd9/bte7MBlNZE/k8WsS8iFlPEWMu5StRPTqw/7p/bV+ZWb1+ZS7G29t7fKVL9WOPxqf5ztP7k4Yj47acUTwxsjrt06fLZ2Wp14WK9PLV8bnFq6dLlF8+cmz29cHrh/Mz0y9MvHT0yc/RwT65zT0T8Mnmicu3UG/u/m/tm7+c/fHs9xbFmnVuvo1cmYqL5/7fKf6+v9DpYQQbq19P6J06VAitEVxp/v8GIeCrGYiCGmufG4ot3Cq0c0FdrKWINKKkk/6GkGv2A/P1vYyu2RwJsl1vH1wcAGmN7+RYjUTtYGxuM4drYwO7VFK3DOikiejEyl8dYfC6N5Vv0aRwOaG/lakQ83a79T7XcHK+N4uf5n23I/ywi3q7/zI+/+4DxJ+4qy3/YPg+T/x+25P9HDxhf/gMAAAAAAEDv3DgeES+0+/wva87/iTbzf0Yj4lgP4t/787/sZg/CAG3cOh7xWkSsts7/22h8oP45/2O1+QCD6dSZ6sLhiHg8Ig7F4K68PL1FjIn9vw52PNcy/y/fVocioj4XcF12s7Jr43PmZ5dnH/R6gTtuXY14ppLnf4qN+Z+a7X9q0/7nrweL9xlj7cTrP3c6tyn/b1+ZW9yQ/0C/rH0dcbBt+3/nzhVp6/tzTNX6A1ONXsFmn35w/ftO8eU/FCdv/3dvnf/jqfV+PUvdx/jsrz8eIv/b9/+H0snaLWcadyv5ZHZ5+eJ0xFB6a/Pxme7rDDtRIx8a+ZLn/6ED7fI/27L/PxIRK53DjLQWTv745rVOD9T+Q3Hy/J/vqv3vfufA+1/92yn+/bX/R2tt+qH6EeN/0FbW2LnfBC22ugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/5RFxJ5I2WRzP8smJyNGI+LJ2J1VLywtP3/qwsfn5/Nzte//zxrf9Du2Xk6N7/8fbynP3FU+EhF7I+LLgZFaeXLuQnW+6IsHAAAAAAAAAAAAAAAAAACAR8Roh/X/uT8Hiq4d0HeVoisAFEb+Q3l1l/9DfasHsM2Gu27/B/tVFWD76f9Decl/KC/5D+X1EPm/0st6ANuvsj4MCJSQ/j8AAAAAAOwoe5+98XuKiJVXR2pbtCzwMc8fdras6AoAhXGLHygvU3+gvLzHB9I9zndeHnCvZwIAAAAAAAAAAAAAvXJwn/X/UFbW/0N5Wf8P5WX9P5SX9/iA9f8AAAAAAAAAAAAA8OhbunT57Gy1unCxiJ1d9UoUE/2uneFCo9sp1U48GtXYaqfgFyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDpvwAAAP//PDTyjg==")

[   86.674313][ T5341] Bluetooth: hci0: command tx timeout
[   86.782742][   T10] cfg80211: failed to load regulatory.db
[   86.808745][ T5360] 
[   86.809857][ T5360] ======================================================
[   86.813560][ T5360] WARNING: possible circular locking dependency detected
[   86.818194][ T5360] syzkaller #0 Not tainted
[   86.821070][ T5360] ------------------------------------------------------
[   86.824918][ T5360] kworker/0:5/5360 is trying to acquire lock:
[   86.828202][ T5360] ffff88803fbceb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0
[   86.832890][ T5360] 
[   86.832890][ T5360] but task is already holding lock:
[   86.836493][ T5360] ffffc9000d337bc0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[   86.841785][ T5360] 
[   86.841785][ T5360] which lock already depends on the new lock.
[   86.841785][ T5360] 
[   86.846465][ T5360] 
[   86.846465][ T5360] the existing dependency chain (in reverse order) is:
[   86.850768][ T5360] 
[   86.850768][ T5360] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   86.855218][ T5360]        lock_acquire+0x120/0x360
[   86.857538][ T5360]        __flush_work+0x6b8/0xbc0
[   86.859982][ T5360]        __cancel_work_sync+0xbe/0x110
[   86.862703][ T5360]        l2cap_conn_del+0x4f0/0x680
[   86.865149][ T5360]        hci_conn_hash_flush+0x10d/0x230
[   86.867973][ T5360]        hci_dev_close_sync+0xaef/0x1330
[   86.870614][ T5360]        hci_dev_close+0x108/0x200
[   86.872917][ T5360]        sock_do_ioctl+0xd9/0x300
[   86.874988][ T5360]        sock_ioctl+0x576/0x790
[   86.877183][ T5360]        __se_sys_ioctl+0xfc/0x170
[   86.879856][ T5360]        do_syscall_64+0xfa/0x3b0
[   86.883284][ T5360]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.886472][ T5360] 
[   86.886472][ T5360] -> #0 (&conn->lock#2){+.+.}-{4:4}:
[   86.889733][ T5360]        validate_chain+0xb9b/0x2140
[   86.892144][ T5360]        __lock_acquire+0xab9/0xd20
[   86.894366][ T5360]        lock_acquire+0x120/0x360
[   86.896595][ T5360]        __mutex_lock+0x187/0x1350
[   86.898918][ T5360]        l2cap_info_timeout+0x60/0xa0
[   86.901539][ T5360]        process_scheduled_works+0xae1/0x17b0
[   86.904511][ T5360]        worker_thread+0x8a0/0xda0
[   86.906687][ T5360]        kthread+0x70e/0x8a0
[   86.908741][ T5360]        ret_from_fork+0x439/0x7d0
[   86.910967][ T5360]        ret_from_fork_asm+0x1a/0x30
[   86.913850][ T5360] 
[   86.913850][ T5360] other info that might help us debug this:
[   86.913850][ T5360] 
[   86.918943][ T5360]  Possible unsafe locking scenario:
[   86.918943][ T5360] 
[   86.921883][ T5360]        CPU0                    CPU1
[   86.924018][ T5360]        ----                    ----
[   86.926373][ T5360]   lock((work_completion)(&(&conn->info_timer)->work));
[   86.929876][ T5360]                                lock(&conn->lock#2);
[   86.933355][ T5360]                                lock((work_completion)(&(&conn->info_timer)->work));
[   86.937356][ T5360]   lock(&conn->lock#2);
[   86.939151][ T5360] 
[   86.939151][ T5360]  *** DEADLOCK ***
[   86.939151][ T5360] 
[   86.942602][ T5360] 2 locks held by kworker/0:5/5360:
[   86.944878][ T5360]  #0: ffff88801a874d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[   86.950731][ T5360]  #1: ffffc9000d337bc0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[   86.956377][ T5360] 
[   86.956377][ T5360] stack backtrace:
[   86.959461][ T5360] CPU: 0 UID: 0 PID: 5360 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) 
[   86.959482][ T5360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.959491][ T5360] Workqueue: events l2cap_info_timeout
[   86.959509][ T5360] Call Trace:
[   86.959518][ T5360]  <TASK>
[   86.959537][ T5360]  dump_stack_lvl+0x189/0x250
[   86.959580][ T5360]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.959594][ T5360]  ? __pfx__printk+0x10/0x10
[   86.959610][ T5360]  ? print_lock_name+0xde/0x100
[   86.959624][ T5360]  print_circular_bug+0x2ee/0x310
[   86.959638][ T5360]  check_noncircular+0x134/0x160
[   86.959650][ T5360]  validate_chain+0xb9b/0x2140
[   86.959667][ T5360]  __lock_acquire+0xab9/0xd20
[   86.959685][ T5360]  ? l2cap_info_timeout+0x60/0xa0
[   86.959694][ T5360]  lock_acquire+0x120/0x360
[   86.959709][ T5360]  ? l2cap_info_timeout+0x60/0xa0
[   86.959720][ T5360]  __mutex_lock+0x187/0x1350
[   86.959733][ T5360]  ? l2cap_info_timeout+0x60/0xa0
[   86.959744][ T5360]  ? irqentry_exit+0x74/0x90
[   86.959754][ T5360]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.959764][ T5360]  ? l2cap_info_timeout+0x60/0xa0
[   86.959774][ T5360]  ? __pfx___mutex_lock+0x10/0x10
[   86.959788][ T5360]  l2cap_info_timeout+0x60/0xa0
[   86.959797][ T5360]  ? process_scheduled_works+0x9ef/0x17b0
[   86.959811][ T5360]  process_scheduled_works+0xae1/0x17b0
[   86.959834][ T5360]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.959848][ T5360]  worker_thread+0x8a0/0xda0
[   86.959860][ T5360]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.959877][ T5360]  ? __kthread_parkme+0x7b/0x200
[   86.959890][ T5360]  kthread+0x70e/0x8a0
[   86.959904][ T5360]  ? __pfx_worker_thread+0x10/0x10
[   86.959914][ T5360]  ? __pfx_kthread+0x10/0x10
[   86.959927][ T5360]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.959942][ T5360]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.959951][ T5360]  ? __pfx_kthread+0x10/0x10
[   86.959962][ T5360]  ret_from_fork+0x439/0x7d0
[   86.959975][ T5360]  ? __pfx_ret_from_fork+0x10/0x10
[   86.959988][ T5360]  ? __pfx_kthread+0x10/0x10
[   86.960000][ T5360]  ret_from_fork_asm+0x1a/0x30
[   86.960018][ T5360]  </TASK>
[   87.128201][ T5371] loop0: detected capacity change from 0 to 1024
[   88.687154][ T5341] Bluetooth: hci0: command tx timeout
[   90.767826][ T5341] Bluetooth: hci0: command tx timeout
[   92.847590][ T5341] Bluetooth: hci0: command tx timeout