program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x0, 0xe, "a465d3", 0x3, 0xaa})
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000080)={[{@shortname_winnt}, {@uni_xlate}, {@shortname_lower}, {@utf8}, {@fat=@codepage={'codepage', 0x3d, '864'}}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@utf8}]}, 0x1, 0x248, &(0x7f0000002340)="$eJzs2s9rHGUYB/BnYkublHQj/iIF8UUP6mVocvbQIC2IAUW7QhWkUzPRJeNuyCyBFbE56dW/QDyLR2+C9ChCQPwLPHjLJccexJF2tzbRRSKy2UU/n8s+8OyX532Z5d33MAcvff7hVlbnm0U/5rIs5q7EXtzNYinm4oG9ePH5G98//eaNt19dW1+/+kZK19aur6ymlC4+89072dfP3ulfeOubi9+ei/2ldw8OV3/Zf3J/+eC36x906tSpU7fXT0W61ev1i1tVmTY69Vae0utVWdRl6nTrcudYf7PqbW8PUtHdWFzY3inrOhXdQdoqB6nfS/2dQSreLzrdlOd5WlwI/o32V3ebJg6bszejaZr5L+PCnVj8OVqRPZqyx65kT9zMntrLlg+bpjXtpTIRnv//25FD/XxE9dlue7c9/Bz21zajE1WUcTla8Wvc+5mMDOtrr6xfvZzuW4pPq9uj/O3d9iPH8yvRiqXx+ZVhPh3Pn4uFo/nVaMXj4/OrY/Pn44XnjuTzaMVP70UvqtiIe9mH+U9WUnr5tfU/5S/d/x4AwH9Nnv4w9v6W50f7Xyw/7A/z/+B+OLxfzY8Gt8/EpTPT2zdD9eCjraKqyp2JFwujWdlo8mRmzcUpbefvix9mYxmK2SnmZ2MZJy7+elb8+PFpn05M2tl48NBPnvG3DQAAAAAAAAAAMH2n8TrhtPcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMtt8DAAD//9qBzNQ=")
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={'trans=virtio,', {[{@cache_mmap}, {@noextend}, {@version_9p2000}, {@afid={'afid', 0x3d, 0x5}}, {@version_u}]}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))

[   96.765342][ T1348] cfg80211: failed to load regulatory.db
[   96.772379][ T4683] Bluetooth: hci0: command tx timeout
[   96.830066][ T5337] 
[   96.831049][ T5337] ======================================================
[   96.833971][ T5337] WARNING: possible circular locking dependency detected
[   96.836931][ T5337] syzkaller #0 Not tainted
[   96.838934][ T5337] ------------------------------------------------------
[   96.841912][ T5337] kworker/0:5/5337 is trying to acquire lock:
[   96.844498][ T5337] ffff8880387a2b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0
[   96.848472][ T5337] 
[   96.848472][ T5337] but task is already holding lock:
[   96.851669][ T5337] ffffc9000c18fb80 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[   96.856842][ T5337] 
[   96.856842][ T5337] which lock already depends on the new lock.
[   96.856842][ T5337] 
[   96.861265][ T5337] 
[   96.861265][ T5337] the existing dependency chain (in reverse order) is:
[   96.865089][ T5337] 
[   96.865089][ T5337] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   96.869477][ T5337]        __flush_work+0x6b8/0xbc0
[   96.871815][ T5337]        __cancel_work_sync+0xbe/0x110
[   96.874149][ T5337]        l2cap_conn_del+0x402/0x5b0
[   96.876514][ T5337]        hci_conn_hash_flush+0x10d/0x260
[   96.879051][ T5337]        hci_dev_close_sync+0x821/0x1100
[   96.881596][ T5337]        hci_dev_close+0x108/0x270
[   96.883820][ T5337]        sock_do_ioctl+0xdc/0x300
[   96.885998][ T5337]        sock_ioctl+0x576/0x790
[   96.888113][ T5337]        __se_sys_ioctl+0xfc/0x170
[   96.890383][ T5337]        do_syscall_64+0xfa/0xf80
[   96.892632][ T5337]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.895358][ T5337] 
[   96.895358][ T5337] -> #0 (&conn->lock#2){+.+.}-{4:4}:
[   96.898458][ T5337]        __lock_acquire+0x15a6/0x2cf0
[   96.900699][ T5337]        lock_acquire+0x117/0x340
[   96.902807][ T5337]        __mutex_lock+0x187/0x1350
[   96.904966][ T5337]        l2cap_info_timeout+0x60/0xa0
[   96.907515][ T5337]        process_scheduled_works+0xad1/0x1770
[   96.910639][ T5337]        worker_thread+0x8a0/0xda0
[   96.912843][ T5337]        kthread+0x711/0x8a0
[   96.914751][ T5337]        ret_from_fork+0x599/0xb30
[   96.916868][ T5337]        ret_from_fork_asm+0x1a/0x30
[   96.919031][ T5337] 
[   96.919031][ T5337] other info that might help us debug this:
[   96.919031][ T5337] 
[   96.923264][ T5337]  Possible unsafe locking scenario:
[   96.923264][ T5337] 
[   96.926143][ T5337]        CPU0                    CPU1
[   96.928221][ T5337]        ----                    ----
[   96.930486][ T5337]   lock((work_completion)(&(&conn->info_timer)->work));
[   96.933466][ T5337]                                lock(&conn->lock#2);
[   96.936343][ T5337]                                lock((work_completion)(&(&conn->info_timer)->work));
[   96.940144][ T5337]   lock(&conn->lock#2);
[   96.941868][ T5337] 
[   96.941868][ T5337]  *** DEADLOCK ***
[   96.941868][ T5337] 
[   96.945131][ T5337] 2 locks held by kworker/0:5/5337:
[   96.947364][ T5337]  #0: ffff88801a467548 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[   96.953133][ T5337]  #1: ffffc9000c18fb80 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[   96.958659][ T5337] 
[   96.958659][ T5337] stack backtrace:
[   96.961314][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) 
[   96.961335][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   96.961410][ T5337] Workqueue: events l2cap_info_timeout
[   96.961435][ T5337] Call Trace:
[   96.961457][ T5337]  <TASK>
[   96.961463][ T5337]  dump_stack_lvl+0x189/0x250
[   96.961479][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.961492][ T5337]  ? __pfx__printk+0x10/0x10
[   96.961508][ T5337]  ? print_lock_name+0xde/0x100
[   96.961523][ T5337]  print_circular_bug+0x2e2/0x300
[   96.961538][ T5337]  check_noncircular+0x12e/0x150
[   96.961552][ T5337]  __lock_acquire+0x15a6/0x2cf0
[   96.961567][ T5337]  ? l2cap_info_timeout+0x60/0xa0
[   96.961580][ T5337]  lock_acquire+0x117/0x340
[   96.961589][ T5337]  ? l2cap_info_timeout+0x60/0xa0
[   96.961602][ T5337]  ? preempt_schedule_irq+0xde/0x150
[   96.961629][ T5337]  __mutex_lock+0x187/0x1350
[   96.961662][ T5337]  ? l2cap_info_timeout+0x60/0xa0
[   96.961676][ T5337]  ? irqentry_exit+0x5dd/0x660
[   96.961686][ T5337]  ? l2cap_info_timeout+0x60/0xa0
[   96.961707][ T5337]  ? __pfx___mutex_lock+0x10/0x10
[   96.961720][ T5337]  l2cap_info_timeout+0x60/0xa0
[   96.961740][ T5337]  ? process_scheduled_works+0x9ef/0x1770
[   96.961753][ T5337]  process_scheduled_works+0xad1/0x1770
[   96.961770][ T5337]  ? __pfx_process_scheduled_works+0x10/0x10
[   96.961784][ T5337]  worker_thread+0x8a0/0xda0
[   96.961801][ T5337]  kthread+0x711/0x8a0
[   96.961815][ T5337]  ? __pfx_worker_thread+0x10/0x10
[   96.961825][ T5337]  ? __pfx_kthread+0x10/0x10
[   96.961838][ T5337]  ? _raw_spin_unlock_irq+0x23/0x50
[   96.961853][ T5337]  ? lockdep_hardirqs_on+0x98/0x140
[   96.961863][ T5337]  ? __pfx_kthread+0x10/0x10
[   96.961876][ T5337]  ret_from_fork+0x599/0xb30
[   96.961886][ T5337]  ? __pfx_ret_from_fork+0x10/0x10
[   96.961898][ T5337]  ? __pfx_kthread+0x10/0x10
[   96.961911][ T5337]  ret_from_fork_asm+0x1a/0x30
[   96.961928][ T5337]  </TASK>
[   97.049657][ T5343] loop0: detected capacity change from 0 to 128
[   98.843943][ T4683] Bluetooth: hci0: command tx timeout
[  100.924549][ T4683] Bluetooth: hci0: command tx timeout