Bluetooth: Unknown BR/EDR signaling command 0x11
Bluetooth: Wrong link type (-22)
============================================
WARNING: possible recursive locking detected
6.11.0-rc6-syzkaller-00326-gd1f2d51b711a-dirty #0 Not tainted
--------------------------------------------
kworker/u9:1/4615 is trying to acquire lock:
ffff888062afc078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_connect_req net/bluetooth/l2cap_core.c:4075 [inline]
ffff888062afc078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]
ffff888062afc078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]
ffff888062afc078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_recv_frame+0xe9d/0x8eb0 net/bluetooth/l2cap_core.c:6825

but task is already holding lock:
ffff888062afc078 (&hdev->lock){+.+.}-{3:3}, at: hci_acldata_packet net/bluetooth/hci_core.c:3783 [inline]
ffff888062afc078 (&hdev->lock){+.+.}-{3:3}, at: hci_rx_work+0x96b/0x1610 net/bluetooth/hci_core.c:4029

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&hdev->lock);
  lock(&hdev->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by kworker/u9:1/4615:
 #0: ffff8880301df948 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 kernel/workqueue.c:3206
 #1: ffffc9000d83fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 kernel/workqueue.c:3207
 #2: ffff888062afc078 (&hdev->lock){+.+.}-{3:3}, at: hci_acldata_packet net/bluetooth/hci_core.c:3783 [inline]
 #2: ffff888062afc078 (&hdev->lock){+.+.}-{3:3}, at: hci_rx_work+0x96b/0x1610 net/bluetooth/hci_core.c:4029

stack backtrace:
CPU: 0 UID: 0 PID: 4615 Comm: kworker/u9:1 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: hci2 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119
 check_deadlock kernel/locking/lockdep.c:3061 [inline]
 validate_chain kernel/locking/lockdep.c:3855 [inline]
 __lock_acquire+0x2167/0x3cb0 kernel/locking/lockdep.c:5142
 lock_acquire kernel/locking/lockdep.c:5759 [inline]
 lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
 l2cap_connect_req net/bluetooth/l2cap_core.c:4075 [inline]
 l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]
 l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]
 l2cap_recv_frame+0xe9d/0x8eb0 net/bluetooth/l2cap_core.c:6825
 l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514
 hci_acldata_packet net/bluetooth/hci_core.c:3790 [inline]
 hci_rx_work+0xaa1/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>