program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000280)=<r3=>0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = dup(r7)
ioctl$KVM_SET_VAPIC_ADDR(r8, 0xc008aec1, &(0x7f00000000c0)=0xffff)
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(r9, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, 0x0})
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r2, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x8004)
write$nci(r0, &(0x7f0000000000)=@NCI_GID_PROPRIETARY_RSP={0xf, 0x1, 0x2, 0x0, 0x8, "056481ebc07c30a7b544e38e403b5d8f1de5e73845c2351be3747f4fb33c6c2d10a9c6f223aa93d5e99bcd598192faf6ae13ea883cf6a039158047397b5a6ae04ff13947681bc9874f798ec8395d524cf69579d661d4fa4271c06bc91fc8fa"}, 0x62)
write$nci(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="508403c102b306"], 0x7)

[   79.475478][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[   79.478444][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[   79.491874][ T5299] Bluetooth: hci0: command tx timeout
[   79.555291][ T5307] 
[   79.556436][ T5307] ======================================================
[   79.559247][ T5307] WARNING: possible circular locking dependency detected
[   79.562209][ T5307] 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 Not tainted
[   79.565148][ T5307] ------------------------------------------------------
[   79.567987][ T5307] kworker/0:4/5307 is trying to acquire lock:
[   79.570500][ T5307] ffff888033f03338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0
[   79.574448][ T5307] 
[   79.574448][ T5307] but task is already holding lock:
[   79.577534][ T5307] ffffc9000d327c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0
[   79.582731][ T5307] 
[   79.582731][ T5307] which lock already depends on the new lock.
[   79.582731][ T5307] 
[   79.586959][ T5307] 
[   79.586959][ T5307] the existing dependency chain (in reverse order) is:
[   79.590746][ T5307] 
[   79.590746][ T5307] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   79.595036][ T5307]        lock_acquire+0x120/0x360
[   79.597184][ T5307]        __flush_work+0x6b8/0xbc0
[   79.599366][ T5307]        __cancel_work_sync+0xbe/0x110
[   79.601856][ T5307]        l2cap_conn_del+0x4f0/0x680
[   79.604052][ T5307]        hci_conn_hash_flush+0x10a/0x230
[   79.606326][ T5307]        hci_dev_reset+0x3e0/0x5c0
[   79.608336][ T5307]        sock_do_ioctl+0xd9/0x300
[   79.610511][ T5307]        sock_ioctl+0x576/0x790
[   79.612492][ T5307]        __se_sys_ioctl+0xf9/0x170
[   79.614667][ T5307]        do_syscall_64+0xf6/0x210
[   79.616759][ T5307]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.619393][ T5307] 
[   79.619393][ T5307] -> #0 (&conn->lock#2){+.+.}-{4:4}:
[   79.622556][ T5307]        validate_chain+0xb9b/0x2140
[   79.624728][ T5307]        __lock_acquire+0xaac/0xd20
[   79.627248][ T5307]        lock_acquire+0x120/0x360
[   79.629632][ T5307]        __mutex_lock+0x182/0xe80
[   79.631799][ T5307]        l2cap_info_timeout+0x60/0xa0
[   79.634004][ T5307]        process_scheduled_works+0xadb/0x17a0
[   79.636463][ T5307]        worker_thread+0x8a0/0xda0
[   79.638541][ T5307]        kthread+0x70e/0x8a0
[   79.640468][ T5307]        ret_from_fork+0x4b/0x80
[   79.642496][ T5307]        ret_from_fork_asm+0x1a/0x30
[   79.644583][ T5307] 
[   79.644583][ T5307] other info that might help us debug this:
[   79.644583][ T5307] 
[   79.648639][ T5307]  Possible unsafe locking scenario:
[   79.648639][ T5307] 
[   79.651591][ T5307]        CPU0                    CPU1
[   79.653776][ T5307]        ----                    ----
[   79.655954][ T5307]   lock((work_completion)(&(&conn->info_timer)->work));
[   79.658722][ T5307]                                lock(&conn->lock#2);
[   79.661552][ T5307]                                lock((work_completion)(&(&conn->info_timer)->work));
[   79.665320][ T5307]   lock(&conn->lock#2);
[   79.666967][ T5307] 
[   79.666967][ T5307]  *** DEADLOCK ***
[   79.666967][ T5307] 
[   79.670257][ T5307] 2 locks held by kworker/0:4/5307:
[   79.672596][ T5307]  #0: ffff88801a074d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0
[   79.677529][ T5307]  #1: ffffc9000d327c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0
[   79.682673][ T5307] 
[   79.682673][ T5307] stack backtrace:
[   79.685119][ T5307] CPU: 0 UID: 0 PID: 5307 Comm: kworker/0:4 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   79.685130][ T5307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.685135][ T5307] Workqueue: events l2cap_info_timeout
[   79.685150][ T5307] Call Trace:
[   79.685155][ T5307]  <TASK>
[   79.685159][ T5307]  dump_stack_lvl+0x189/0x250
[   79.685171][ T5307]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.685179][ T5307]  ? __pfx__printk+0x10/0x10
[   79.685186][ T5307]  ? print_lock_name+0xde/0x100
[   79.685196][ T5307]  print_circular_bug+0x2ee/0x310
[   79.685203][ T5307]  check_noncircular+0x134/0x160
[   79.685211][ T5307]  validate_chain+0xb9b/0x2140
[   79.685220][ T5307]  ? arch_stack_walk+0x11c/0x150
[   79.685231][ T5307]  ? ret_from_fork_asm+0x1a/0x30
[   79.685241][ T5307]  __lock_acquire+0xaac/0xd20
[   79.685255][ T5307]  ? l2cap_info_timeout+0x60/0xa0
[   79.685267][ T5307]  lock_acquire+0x120/0x360
[   79.685278][ T5307]  ? l2cap_info_timeout+0x60/0xa0
[   79.685293][ T5307]  __mutex_lock+0x182/0xe80
[   79.685305][ T5307]  ? l2cap_info_timeout+0x60/0xa0
[   79.685317][ T5307]  ? irqentry_exit+0x74/0x90
[   79.685327][ T5307]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.685337][ T5307]  ? l2cap_info_timeout+0x60/0xa0
[   79.685352][ T5307]  ? __pfx___mutex_lock+0x10/0x10
[   79.685366][ T5307]  l2cap_info_timeout+0x60/0xa0
[   79.685379][ T5307]  ? process_scheduled_works+0x9ec/0x17a0
[   79.685392][ T5307]  process_scheduled_works+0xadb/0x17a0
[   79.685404][ T5307]  ? __pfx_process_scheduled_works+0x10/0x10
[   79.685414][ T5307]  worker_thread+0x8a0/0xda0
[   79.685420][ T5307]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   79.685427][ T5307]  ? __kthread_parkme+0x7b/0x200
[   79.685435][ T5307]  kthread+0x70e/0x8a0
[   79.685442][ T5307]  ? __pfx_worker_thread+0x10/0x10
[   79.685447][ T5307]  ? __pfx_kthread+0x10/0x10
[   79.685454][ T5307]  ? __pfx_kthread+0x10/0x10
[   79.685460][ T5307]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.685466][ T5307]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.685472][ T5307]  ? __pfx_kthread+0x10/0x10
[   79.685478][ T5307]  ret_from_fork+0x4b/0x80
[   79.685485][ T5307]  ? __pfx_kthread+0x10/0x10
[   79.685491][ T5307]  ret_from_fork_asm+0x1a/0x30
[   79.685498][ T5307]  </TASK>