program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="00000003000000000000"], 0xa) (async)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="00000003000000000000"], 0xa)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
landlock_create_ruleset(&(0x7f0000000100)={0x0, 0x3}, 0x10, 0x0) (async)
landlock_create_ruleset(&(0x7f0000000100)={0x0, 0x3}, 0x10, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)

[   70.873132][ T5307] Bluetooth: hci0: command tx timeout
[   71.060848][ T5306] 
[   71.061858][ T5306] ======================================================
[   71.067634][ T5306] WARNING: possible circular locking dependency detected
[   71.070753][ T5306] 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0 Not tainted
[   71.073352][ T5306] ------------------------------------------------------
[   71.080648][ T5306] kworker/0:3/5306 is trying to acquire lock:
[   71.083089][ T5306] ffff888035e7fb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_info_timeout+0x60/0xa0
[   71.086805][ T5306] 
[   71.086805][ T5306] but task is already holding lock:
[   71.101376][ T5306] ffffc9000d33fc60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0
[   71.112860][ T5306] 
[   71.112860][ T5306] which lock already depends on the new lock.
[   71.112860][ T5306] 
[   71.122424][ T5306] 
[   71.122424][ T5306] the existing dependency chain (in reverse order) is:
[   71.148377][ T5306] 
[   71.148377][ T5306] -> #1 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   71.157891][ T5306]        lock_acquire+0x1ed/0x550
[   71.163849][ T5306]        __flush_work+0x739/0xc60
[   71.168082][ T5306]        __cancel_work_sync+0xbc/0x110
[   71.188820][ T5306]        l2cap_conn_del+0x507/0x690
[   71.190976][ T5306]        hci_conn_hash_flush+0xff/0x240
[   71.193165][ T5306]        hci_dev_reset+0x3ed/0x5d0
[   71.213517][ T5306]        sock_do_ioctl+0x158/0x460
[   71.222867][ T5306]        sock_ioctl+0x626/0x8e0
[   71.228068][ T5306]        __se_sys_ioctl+0xf5/0x170
[   71.230248][ T5306]        do_syscall_64+0xf3/0x230
[   71.232517][ T5306]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.252420][ T5306] 
[   71.252420][ T5306] -> #0 (&conn->lock#2){+.+.}-{4:4}:
[   71.255241][ T5306]        validate_chain+0x18ef/0x5920
[   71.257251][ T5306]        __lock_acquire+0x1397/0x2100
[   71.260029][ T5306]        lock_acquire+0x1ed/0x550
[   71.262003][ T5306]        __mutex_lock+0x19c/0x1010
[   71.269318][ T5306]        l2cap_info_timeout+0x60/0xa0
[   71.271317][ T5306]        process_scheduled_works+0xabe/0x18e0
[   71.274831][ T5306]        worker_thread+0x870/0xd30
[   71.276900][ T5306]        kthread+0x7a9/0x920
[   71.278731][ T5306]        ret_from_fork+0x4b/0x80
[   71.280568][ T5306]        ret_from_fork_asm+0x1a/0x30
[   71.289716][ T5306] 
[   71.289716][ T5306] other info that might help us debug this:
[   71.289716][ T5306] 
[   71.299883][ T5306]  Possible unsafe locking scenario:
[   71.299883][ T5306] 
[   71.309692][ T5306]        CPU0                    CPU1
[   71.311817][ T5306]        ----                    ----
[   71.314308][ T5306]   lock((work_completion)(&(&conn->info_timer)->work));
[   71.317162][ T5306]                                lock(&conn->lock#2);
[   71.326025][ T5306]                                lock((work_completion)(&(&conn->info_timer)->work));
[   71.335584][ T5306]   lock(&conn->lock#2);
[   71.337471][ T5306] 
[   71.337471][ T5306]  *** DEADLOCK ***
[   71.337471][ T5306] 
[   71.346744][ T5306] 2 locks held by kworker/0:3/5306:
[   71.354711][ T5306]  #0: ffff88801b074d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0
[   71.361273][ T5306]  #1: ffffc9000d33fc60 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0
[   71.377660][ T5306] 
[   71.377660][ T5306] stack backtrace:
[   71.380828][ T5306] CPU: 0 UID: 0 PID: 5306 Comm: kworker/0:3 Not tainted 6.14.0-rc6-syzkaller-00180-g83158b21ae9a #0
[   71.380843][ T5306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.380851][ T5306] Workqueue: events l2cap_info_timeout
[   71.380875][ T5306] Call Trace:
[   71.380882][ T5306]  <TASK>
[   71.380892][ T5306]  dump_stack_lvl+0x241/0x360
[   71.380905][ T5306]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.380914][ T5306]  ? __pfx__printk+0x10/0x10
[   71.380924][ T5306]  print_circular_bug+0x13a/0x1b0
[   71.380940][ T5306]  check_noncircular+0x36a/0x4a0
[   71.380952][ T5306]  ? __pfx_check_noncircular+0x10/0x10
[   71.380962][ T5306]  ? lockdep_lock+0x123/0x2b0
[   71.380975][ T5306]  ? __lock_acquire+0x1397/0x2100
[   71.380989][ T5306]  validate_chain+0x18ef/0x5920
[   71.381002][ T5306]  ? __pfx_validate_chain+0x10/0x10
[   71.381011][ T5306]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   71.381025][ T5306]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.381037][ T5306]  ? do_raw_spin_unlock+0x58/0x8b0
[   71.381048][ T5306]  ? finish_task_switch+0x1e5/0x870
[   71.381058][ T5306]  ? lockdep_hardirqs_on+0x99/0x150
[   71.381071][ T5306]  ? finish_task_switch+0x1e5/0x870
[   71.381081][ T5306]  ? __schedule+0x1916/0x4c90
[   71.381094][ T5306]  ? mark_lock+0x9a/0x360
[   71.381103][ T5306]  __lock_acquire+0x1397/0x2100
[   71.381119][ T5306]  lock_acquire+0x1ed/0x550
[   71.381132][ T5306]  ? l2cap_info_timeout+0x60/0xa0
[   71.381146][ T5306]  ? __pfx_lock_acquire+0x10/0x10
[   71.381159][ T5306]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.381171][ T5306]  ? __pfx___might_resched+0x10/0x10
[   71.381183][ T5306]  ? irqentry_exit+0x63/0x90
[   71.381196][ T5306]  __mutex_lock+0x19c/0x1010
[   71.381208][ T5306]  ? l2cap_info_timeout+0x60/0xa0
[   71.381249][ T5306]  ? lock_acquire+0x264/0x550
[   71.381262][ T5306]  ? l2cap_info_timeout+0x60/0xa0
[   71.381273][ T5306]  ? __pfx___mutex_lock+0x10/0x10
[   71.381286][ T5306]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   71.381300][ T5306]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   71.381315][ T5306]  l2cap_info_timeout+0x60/0xa0
[   71.381326][ T5306]  ? process_scheduled_works+0x9c6/0x18e0
[   71.381337][ T5306]  process_scheduled_works+0xabe/0x18e0
[   71.381351][ T5306]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.381363][ T5306]  ? assign_work+0x364/0x3d0
[   71.381373][ T5306]  worker_thread+0x870/0xd30
[   71.381385][ T5306]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   71.381397][ T5306]  ? __kthread_parkme+0x169/0x1d0
[   71.381409][ T5306]  ? __pfx_worker_thread+0x10/0x10
[   71.381422][ T5306]  kthread+0x7a9/0x920
[   71.381435][ T5306]  ? __pfx_kthread+0x10/0x10
[   71.381448][ T5306]  ? __pfx_worker_thread+0x10/0x10
[   71.381458][ T5306]  ? __pfx_kthread+0x10/0x10
[   71.381469][ T5306]  ? __pfx_kthread+0x10/0x10
[   71.381483][ T5306]  ? __pfx_kthread+0x10/0x10
[   71.381494][ T5306]  ? _raw_spin_unlock_irq+0x23/0x50
[   71.381505][ T5306]  ? lockdep_hardirqs_on+0x99/0x150
[   71.381517][ T5306]  ? __pfx_kthread+0x10/0x10
[   71.381531][ T5306]  ret_from_fork+0x4b/0x80
[   71.381543][ T5306]  ? __pfx_kthread+0x10/0x10
[   71.381556][ T5306]  ret_from_fork_asm+0x1a/0x30
[   71.381570][ T5306]  </TASK>
[   76.406470][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[   76.409119][ T1309] ieee802154 phy1 wpan1: encryption failed: -22