program:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000080))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="050000000454dffd880000000400000028399bc5000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000000000000000000f0ffffff18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000066090600000003e70400000006000000180100002020702500000000002020207b9af8ff00000000ac9100000000000037010000f8ffffffb702000008000000b70300000000000014000000060000005d93000000000000b50302000000000085000000d2000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) (async)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000080)) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="050000000454dffd880000000400000028399bc5000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000000000000000000f0ffffff18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000066090600000003e70400000006000000180100002020702500000000002020207b9af8ff00000000ac9100000000000037010000f8ffffffb702000008000000b70300000000000014000000060000005d93000000000000b50302000000000085000000d2000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)

[   69.750716][ T5304] Bluetooth: hci0: command tx timeout
[   70.651239][ T5320] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   70.654397][ T5320] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   70.692957][    T9] 
[   70.699710][    T9] ======================================================
[   70.717268][    T9] WARNING: possible circular locking dependency detected
[   70.731115][    T9] 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0 Not tainted
[   70.734047][    T9] ------------------------------------------------------
[   70.747410][    T9] kworker/0:0/9 is trying to acquire lock:
[   70.749965][    T9] ffff888040de2338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0
[   70.754053][    T9] 
[   70.754053][    T9] but task is already holding lock:
[   70.757359][    T9] ffffc900001b7c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0
[   70.790671][    T9] 
[   70.790671][    T9] which lock already depends on the new lock.
[   70.790671][    T9] 
[   70.794779][    T9] 
[   70.794779][    T9] the existing dependency chain (in reverse order) is:
[   70.820525][    T9] 
[   70.820525][    T9] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   70.824678][    T9]        lock_acquire+0x1ed/0x550
[   70.826829][    T9]        __flush_work+0x739/0xc60
[   70.828760][    T9]        __cancel_work_sync+0xbc/0x110
[   70.842673][    T9]        l2cap_conn_del+0x507/0x690
[   70.860460][    T9]        l2cap_connect_cfm+0x11f/0x1220
[   70.863212][    T9]        hci_conn_failed+0x1ce/0x300
[   70.865683][    T9]        hci_abort_conn_sync+0x59f/0xeb0
[   70.868077][    T9]        hci_disconnect_all_sync+0x264/0x460
[   70.872114][    T9]        hci_suspend_sync+0x41a/0xca0
[   70.875268][    T9]        hci_suspend_dev+0x2be/0x4c0
[   70.893050][    T9]        hci_suspend_notifier+0xf2/0x2b0
[   70.896642][    T9]        notifier_call_chain+0x1a5/0x3f0
[   70.898777][    T9]        blocking_notifier_call_chain_robust+0xe8/0x1e0
[   70.901555][    T9]        pm_notifier_call_chain_robust+0x2c/0x60
[   70.904197][    T9]        snapshot_open+0x19b/0x280
[   70.906224][    T9]        misc_open+0x2cc/0x340
[   70.908112][    T9]        chrdev_open+0x521/0x600
[   70.910089][    T9]        do_dentry_open+0xdec/0x1960
[   70.929517][    T9]        vfs_open+0x3b/0x370
[   70.933462][    T9]        path_openat+0x2c81/0x3590
[   70.938351][    T9]        do_filp_open+0x27f/0x4e0
[   70.955700][    T9]        do_sys_openat2+0x13e/0x1d0
[   70.958032][    T9]        __x64_sys_openat+0x247/0x2a0
[   70.960456][    T9]        do_syscall_64+0xf3/0x230
[   70.962430][    T9]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.964845][    T9] 
[   70.964845][    T9] -> #0 (&conn->lock#2){+.+.}-{4:4}:
[   70.969016][    T9]        validate_chain+0x18ef/0x5920
[   70.988287][    T9]        __lock_acquire+0x1397/0x2100
[   70.990662][    T9]        lock_acquire+0x1ed/0x550
[   70.992576][    T9]        __mutex_lock+0x19c/0x1010
[   70.994530][    T9]        l2cap_info_timeout+0x60/0xa0
[   70.997080][    T9]        process_scheduled_works+0xabe/0x18e0
[   71.000056][    T9]        worker_thread+0x870/0xd30
[   71.014606][    T9]        kthread+0x7a9/0x920
[   71.017350][    T9]        ret_from_fork+0x4b/0x80
[   71.020850][    T9]        ret_from_fork_asm+0x1a/0x30
[   71.023262][    T9] 
[   71.023262][    T9] other info that might help us debug this:
[   71.023262][    T9] 
[   71.027621][    T9]  Possible unsafe locking scenario:
[   71.027621][    T9] 
[   71.045098][    T9]        CPU0                    CPU1
[   71.047341][    T9]        ----                    ----
[   71.049675][    T9]   lock((work_completion)(&(&conn->info_timer)->work));
[   71.052811][    T9]                                lock(&conn->lock#2);
[   71.055843][    T9]                                lock((work_completion)(&(&conn->info_timer)->work));
[   71.074552][    T9]   lock(&conn->lock#2);
[   71.076939][    T9] 
[   71.076939][    T9]  *** DEADLOCK ***
[   71.076939][    T9] 
[   71.080296][    T9] 2 locks held by kworker/0:0/9:
[   71.082828][    T9]  #0: ffff88801b074d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0
[   71.087224][    T9]  #1: ffffc900001b7c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0
[   71.107226][    T9] 
[   71.107226][    T9] stack backtrace:
[   71.109940][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0
[   71.109956][    T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.109964][    T9] Workqueue: events l2cap_info_timeout
[   71.109985][    T9] Call Trace:
[   71.109992][    T9]  <TASK>
[   71.109998][    T9]  dump_stack_lvl+0x241/0x360
[   71.110013][    T9]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.110023][    T9]  ? __pfx__printk+0x10/0x10
[   71.110035][    T9]  print_circular_bug+0x13a/0x1b0
[   71.110047][    T9]  check_noncircular+0x36a/0x4a0
[   71.110058][    T9]  ? __pfx_check_noncircular+0x10/0x10
[   71.110069][    T9]  ? lockdep_lock+0x123/0x2b0
[   71.110082][    T9]  ? __lock_acquire+0x1397/0x2100
[   71.110097][    T9]  validate_chain+0x18ef/0x5920
[   71.110113][    T9]  ? __pfx_validate_chain+0x10/0x10
[   71.110122][    T9]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   71.110138][    T9]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.110152][    T9]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.110165][    T9]  ? finish_task_switch+0x1e5/0x870
[   71.110175][    T9]  ? lockdep_hardirqs_on+0x99/0x150
[   71.110190][    T9]  ? finish_task_switch+0x1e5/0x870
[   71.110201][    T9]  ? __schedule+0x1916/0x4c90
[   71.110215][    T9]  ? mark_lock+0x9a/0x360
[   71.110225][    T9]  __lock_acquire+0x1397/0x2100
[   71.110241][    T9]  lock_acquire+0x1ed/0x550
[   71.110255][    T9]  ? l2cap_info_timeout+0x60/0xa0
[   71.110270][    T9]  ? __pfx_lock_acquire+0x10/0x10
[   71.110285][    T9]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.110299][    T9]  ? __pfx___might_resched+0x10/0x10
[   71.110312][    T9]  ? irqentry_exit+0x63/0x90
[   71.110327][    T9]  __mutex_lock+0x19c/0x1010
[   71.110341][    T9]  ? l2cap_info_timeout+0x60/0xa0
[   71.110385][    T9]  ? lock_acquire+0x264/0x550
[   71.110402][    T9]  ? l2cap_info_timeout+0x60/0xa0
[   71.110415][    T9]  ? __pfx___mutex_lock+0x10/0x10
[   71.110428][    T9]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   71.110442][    T9]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.110459][    T9]  l2cap_info_timeout+0x60/0xa0
[   71.110474][    T9]  ? process_scheduled_works+0x9c6/0x18e0
[   71.110486][    T9]  process_scheduled_works+0xabe/0x18e0
[   71.110503][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.110517][    T9]  ? assign_work+0x364/0x3d0
[   71.110530][    T9]  worker_thread+0x870/0xd30
[   71.110545][    T9]  ? __kthread_parkme+0x169/0x1d0
[   71.110558][    T9]  ? __pfx_worker_thread+0x10/0x10
[   71.110570][    T9]  kthread+0x7a9/0x920
[   71.110585][    T9]  ? __pfx_kthread+0x10/0x10
[   71.110598][    T9]  ? __pfx_worker_thread+0x10/0x10
[   71.110611][    T9]  ? __pfx_kthread+0x10/0x10
[   71.110624][    T9]  ? __pfx_kthread+0x10/0x10
[   71.110638][    T9]  ? __pfx_kthread+0x10/0x10
[   71.110652][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[   71.110665][    T9]  ? lockdep_hardirqs_on+0x99/0x150
[   71.110679][    T9]  ? __pfx_kthread+0x10/0x10
[   71.110693][    T9]  ret_from_fork+0x4b/0x80
[   71.110706][    T9]  ? __pfx_kthread+0x10/0x10
[   71.110721][    T9]  ret_from_fork_asm+0x1a/0x30
[   71.110746][    T9]  </TASK>
[   71.936333][ T5304] Bluetooth: hci0: command 0x040f tx timeout
[   74.016664][ T5304] Bluetooth: hci0: command 0x040f tx timeout
[   76.096278][ T5304] Bluetooth: hci0: command 0x040f tx timeout
[   76.177436][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[   76.179632][ T1310] ieee802154 phy1 wpan1: encryption failed: -22