program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40201, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="0000000000000000890200000000070095"], &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

[   78.348572][ T5308] Bluetooth: hci0: command tx timeout
[   78.352599][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[   78.355110][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[   78.464472][ T5321] 
[   78.465681][ T5321] ======================================================
[   78.468958][ T5321] WARNING: possible circular locking dependency detected
[   78.471602][ T5321] 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 Not tainted
[   78.474230][ T5321] ------------------------------------------------------
[   78.477001][ T5321] kworker/0:5/5321 is trying to acquire lock:
[   78.479373][ T5321] ffff888041beab38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0
[   78.482997][ T5321] 
[   78.482997][ T5321] but task is already holding lock:
[   78.485852][ T5321] ffffc9000d487c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0
[   78.490837][ T5321] 
[   78.490837][ T5321] which lock already depends on the new lock.
[   78.490837][ T5321] 
[   78.494733][ T5321] 
[   78.494733][ T5321] the existing dependency chain (in reverse order) is:
[   78.498189][ T5321] 
[   78.498189][ T5321] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   78.502121][ T5321]        lock_acquire+0x120/0x360
[   78.503771][ T5321]        __flush_work+0x6b8/0xbc0
[   78.505646][ T5321]        __cancel_work_sync+0xbe/0x110
[   78.507706][ T5321]        l2cap_conn_del+0x4f0/0x680
[   78.509665][ T5321]        hci_conn_hash_flush+0x10a/0x230
[   78.511852][ T5321]        hci_dev_reset+0x3e0/0x5c0
[   78.513699][ T5321]        sock_do_ioctl+0xd9/0x300
[   78.515520][ T5321]        sock_ioctl+0x576/0x790
[   78.517344][ T5321]        __se_sys_ioctl+0xf9/0x170
[   78.519159][ T5321]        do_syscall_64+0xf6/0x210
[   78.521114][ T5321]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.523529][ T5321] 
[   78.523529][ T5321] -> #0 (&conn->lock#2){+.+.}-{4:4}:
[   78.525951][ T5321]        validate_chain+0xb9b/0x2140
[   78.527934][ T5321]        __lock_acquire+0xaac/0xd20
[   78.529955][ T5321]        lock_acquire+0x120/0x360
[   78.531931][ T5321]        __mutex_lock+0x182/0xe80
[   78.533981][ T5321]        l2cap_info_timeout+0x60/0xa0
[   78.536131][ T5321]        process_scheduled_works+0xadb/0x17a0
[   78.538497][ T5321]        worker_thread+0x8a0/0xda0
[   78.540845][ T5321]        kthread+0x70e/0x8a0
[   78.542662][ T5321]        ret_from_fork+0x4b/0x80
[   78.544405][ T5321]        ret_from_fork_asm+0x1a/0x30
[   78.546418][ T5321] 
[   78.546418][ T5321] other info that might help us debug this:
[   78.546418][ T5321] 
[   78.550210][ T5321]  Possible unsafe locking scenario:
[   78.550210][ T5321] 
[   78.552895][ T5321]        CPU0                    CPU1
[   78.554884][ T5321]        ----                    ----
[   78.556803][ T5321]   lock((work_completion)(&(&conn->info_timer)->work));
[   78.559356][ T5321]                                lock(&conn->lock#2);
[   78.561973][ T5321]                                lock((work_completion)(&(&conn->info_timer)->work));
[   78.565602][ T5321]   lock(&conn->lock#2);
[   78.567318][ T5321] 
[   78.567318][ T5321]  *** DEADLOCK ***
[   78.567318][ T5321] 
[   78.570585][ T5321] 2 locks held by kworker/0:5/5321:
[   78.572809][ T5321]  #0: ffff88801a074d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0
[   78.577072][ T5321]  #1: ffffc9000d487c60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0
[   78.581944][ T5321] 
[   78.581944][ T5321] stack backtrace:
[   78.584267][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: kworker/0:5 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) 
[   78.584277][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.584283][ T5321] Workqueue: events l2cap_info_timeout
[   78.584296][ T5321] Call Trace:
[   78.584300][ T5321]  <TASK>
[   78.584304][ T5321]  dump_stack_lvl+0x189/0x250
[   78.584315][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.584323][ T5321]  ? __pfx__printk+0x10/0x10
[   78.584329][ T5321]  ? print_lock_name+0xde/0x100
[   78.584339][ T5321]  print_circular_bug+0x2ee/0x310
[   78.584349][ T5321]  check_noncircular+0x134/0x160
[   78.584358][ T5321]  validate_chain+0xb9b/0x2140
[   78.584366][ T5321]  ? rcu_is_watching+0x15/0xb0
[   78.584379][ T5321]  ? trace_sched_exit_tp+0x38/0x120
[   78.584390][ T5321]  ? __schedule+0x1700/0x4cd0
[   78.584408][ T5321]  __lock_acquire+0xaac/0xd20
[   78.584422][ T5321]  ? l2cap_info_timeout+0x60/0xa0
[   78.584438][ T5321]  lock_acquire+0x120/0x360
[   78.584450][ T5321]  ? l2cap_info_timeout+0x60/0xa0
[   78.584463][ T5321]  __mutex_lock+0x182/0xe80
[   78.584472][ T5321]  ? l2cap_info_timeout+0x60/0xa0
[   78.584483][ T5321]  ? rcu_is_watching+0x15/0xb0
[   78.584496][ T5321]  ? trace_irq_disable+0x37/0x110
[   78.584507][ T5321]  ? preempt_schedule_irq+0xde/0x150
[   78.584520][ T5321]  ? __pfx_preempt_schedule_irq+0x10/0x10
[   78.584533][ T5321]  ? l2cap_info_timeout+0x60/0xa0
[   78.584540][ T5321]  ? __pfx___mutex_lock+0x10/0x10
[   78.584546][ T5321]  ? irqentry_exit+0x74/0x90
[   78.584552][ T5321]  ? lockdep_hardirqs_on+0x9c/0x150
[   78.584558][ T5321]  ? process_scheduled_works+0x9ec/0x17a0
[   78.584567][ T5321]  ? __pfx_l2cap_info_timeout+0x10/0x10
[   78.584575][ T5321]  l2cap_info_timeout+0x60/0xa0
[   78.584583][ T5321]  ? process_scheduled_works+0x9ec/0x17a0
[   78.584591][ T5321]  process_scheduled_works+0xadb/0x17a0
[   78.584603][ T5321]  ? __pfx_process_scheduled_works+0x10/0x10
[   78.584614][ T5321]  worker_thread+0x8a0/0xda0
[   78.584620][ T5321]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   78.584630][ T5321]  ? __kthread_parkme+0x7b/0x200
[   78.584637][ T5321]  kthread+0x70e/0x8a0
[   78.584644][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   78.584649][ T5321]  ? __pfx_kthread+0x10/0x10
[   78.584655][ T5321]  ? __pfx_kthread+0x10/0x10
[   78.584661][ T5321]  ? _raw_spin_unlock_irq+0x23/0x50
[   78.584669][ T5321]  ? lockdep_hardirqs_on+0x9c/0x150
[   78.584677][ T5321]  ? __pfx_kthread+0x10/0x10
[   78.584686][ T5321]  ret_from_fork+0x4b/0x80
[   78.584695][ T5321]  ? __pfx_kthread+0x10/0x10
[   78.584704][ T5321]  ret_from_fork_asm+0x1a/0x30
[   78.584716][ T5321]  </TASK>
[   78.687612][ T5325] random: crng reseeded on system resumption
[   78.692848][ T5325] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff]
[   78.695781][ T5325] PM: hibernation: Marking nosave pages: [mem 0x0009f000-0x000fffff]
[   78.698887][ T5325] PM: hibernation: Basic memory bitmaps created
[   79.295184][ T5323] PM: hibernation: Basic memory bitmaps freed