program:
mount$9p_virtio(0x0, 0x0, &(0x7f0000000140), 0x4008, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x1, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000ec0), 0x40000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448cb, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
r5 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe825, 0x4, @perf_config_ext={0x24, 0x3}, 0x80000, 0xca, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0xe, 0x0, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x1c0)
write$cgroup_subtree(r6, &(0x7f00000002c0)=ANY=[@ANYRES8=r1, @ANYBLOB="3eca", @ANYRES8=r5], 0x9a)
settimeofday(&(0x7f0000000140), &(0x7f00000000c0))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002380)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000005f9a000000000080000000000000000000002000000000"], 0x50)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
connect$inet6(r7, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r7, &(0x7f00000051c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)="11", 0x1}, {&(0x7f00000004c0)="66b90ccb35db9d3557600dda5eaf6b4afc7317ca5306131b2ccfd2109eeb5636dc5cc3383a2aa9aa60995b695c7ef55f26e3d967ba42974cf0cd15b958216ed4304e04704b1a1a8956b7ffaa7302b9bc3713ea7dbebc7dc9ae4e9f70d850b8b6decba4a55b4cee9b418250a2839447db40a3a66a417ffbae3dd0729dfd7cddf2a580f882d5f6b90d54480b549deaa817049c03a6f5c33986bfa1cb60d99d6bec9f068ba448fd9388b6151dc4f1eb5e4044fd3c493ebd2ba5a329c3b355f5947b8dce6c11", 0xc4}, {&(0x7f00000002c0)="091101a259f8b843be51275b7e5cd9e112821fddc0a4f1843b70961060989c950f1bf7d84c232498991f5885339816331156721b8e02c092fdda5613429353effbfd7808a4fd2b4cf173af137e19a9322aa4e28951de43e104409df54527e8f0fe99f7a684282f473a4d3621de63dcebdd104c1b5b5aa71f7a7d0e89ba8bb970d7dce952c1b44e8d48f98025374e370cf6a396b100cc815a7040", 0x9a}, {&(0x7f0000000780)="d101f19fde1e6d92bbe749f20277a70779b63cacc1c32305570e68b8679a2bd22e5f8702f19df25808cc4420d03bf1bff73f506ede361914698eb3735a7c09e1cb0bbee5c6231f7beffac711509d09d1455d9535dea87b29ecd1e54778f5754701aea5d047611dec52901c0b2c9eb1c940972370880c3002c2eed2358dd771b9e52aa3e35af557685bb29d65720b4724b7225ae06fdd7416cc09a9f7a660867842b6b8c1", 0xa4}, {&(0x7f0000000000)="26eb2d71df0376382f3cb6dadadb0b58887dcad0749c", 0x16}], 0x5}}], 0x1, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x42, &(0x7f0000000100)=0x80000001, 0x4)
r8 = dup(r7)
sendmmsg$inet(r8, &(0x7f000000d4c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)="9e3b074a8988e293861a347e432f5979dc366a208834c6d2a000bc8c67a48d77135afb45fe124800911b188a404dbb73455a75862204ea9a0fedea6988408c58e85ba4d1a4e491a6de5c60edba18f1b7ea7a08a5561df73ef826a79dfde7e6cc23a80962e8d56d361457f106add67ca5afe80d98e7c92de1156ebb54c01283942ac9b13d6f5a2d319cfd2104ae52bb40a3d35dc6340f126aeffdb8db0f61c11e854198723ba5eddf5f06a8", 0xab}, {&(0x7f00000005c0)="e26720e16aae858478df03560eb83aac4db01908cbd3140afe5d10120066c607350886ee667c97423f611a438b7a536f19d08b0554e1a6a8d7cd98f8c9888a946b8ee30cd3a38ff56506dbcf581e76981a61f453ac3001bf60d0200e0dcb44e7b012c0b508d54b265fa59502a3e5416269a98178c21fefa4ae2915ba2b14b77fc718f394f9cae62152c0afd5828bbed47223c6ee59a3faab261c981d6c3c657876954dfda6295d55a01db3d100dd7a9daf1db48e6d47e57f1fc4a67569c13b688278f4052fc301ece35b0c9009812b9246e9880bda78f4db6a2c1cbff39167c74c87d2d30af20ea4195468af5e2ed3e2002343aee9d11586d7b47bd8c06ad57dcfad78c271e36507a61f9fdc3e6abb10ac7e954583b9d8913b38b9e7373a0dec53581834ccfdf4ba6603af616c70856c84183a34d8192acb5bbbe6c9f0ca5047c62195692d1de3d636d66f776f6f45f805498bf35e9a27171a9774c980accc4cc759e397dbd5d7eed8753186a580e9d25778abbf1afd7455ae1530e4ee8cc62d5391d4c1e88ffa259700734b1db4647588a54480507a", 0x196}], 0x2}}], 0x1, 0x95)
read$FUSE(r8, &(0x7f00000075c0)={0x2020}, 0x2020)
read$FUSE(r8, &(0x7f0000005200)={0x2020}, 0x1694)
write$UHID_CREATE2(r8, &(0x7f0000000940)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x101, 0x5, 0x2, 0x8, 0x8000, 0x2332, "569235f609b07301220e84b37459de759a82a19687e9a60bd0c8b79b81ce908b0bd32bae2e26ab415379876069d85064c01c20c1d735e53fa2c09d1562301311e90b02c1f941c116d68567de6b2e715a1b9673d3bd576acc37efe25ce5bafbdc64b3092dd974623ce7b7509403737544fd57cee7b70bdd5c1c1edeed0d730c779f84b5145faf7b8d47c804c23244406c2529621c2960fb93c66572f9df0695c75d64bd978b2a21598506b0abca4a1c02192d2320e40d52e56327927401a0be20607ee856186ac10781080863108d6fc666c5f792ed60f7a56a3f9b943919be004441809ba637cbf32bc652fb39e2e57f76c5b9f0861fe257379bbe2514470bbdb2"}}, 0x219)

[   88.341586][   T53] usb 5-1: USB disconnect, device number 2
[   85.232774][ T4662] Bluetooth: hci0: command tx timeout
[   85.364882][ T5316] 
[   85.365854][ T5316] ======================================================
[   85.368700][ T5316] WARNING: possible circular locking dependency detected
[   85.371847][ T5316] syzkaller #0 Not tainted
[   85.374183][ T5316] ------------------------------------------------------
[   85.377560][ T5316] syz.0.0/5316 is trying to acquire lock:
[   85.379966][ T5316] ffff888041539840 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0x100/0xc50
[   85.385330][ T5316] 
[   85.385330][ T5316] but task is already holding lock:
[   85.389201][ T5316] ffff888041539af8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5c0
[   85.393503][ T5316] 
[   85.393503][ T5316] which lock already depends on the new lock.
[   85.393503][ T5316] 
[   85.397932][ T5316] 
[   85.397932][ T5316] the existing dependency chain (in reverse order) is:
[   85.401637][ T5316] 
[   85.401637][ T5316] -> #1 (&conn->lock#2){+.+.}-{4:4}:
[   85.405379][ T5316]        __mutex_lock+0x19f/0x1300
[   85.408060][ T5316]        l2cap_info_timeout+0x60/0xa0
[   85.410862][ T5316]        process_scheduled_works+0xb02/0x1830
[   85.413743][ T5316]        worker_thread+0xa50/0xfc0
[   85.416037][ T5316]        kthread+0x388/0x470
[   85.418026][ T5316]        ret_from_fork+0x51e/0xb90
[   85.420354][ T5316]        ret_from_fork_asm+0x1a/0x30
[   85.422766][ T5316] 
[   85.422766][ T5316] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   85.427892][ T5316]        __lock_acquire+0x15a5/0x2cf0
[   85.431533][ T5316]        lock_acquire+0xf0/0x2e0
[   85.433779][ T5316]        __flush_work+0x700/0xc50
[   85.435823][ T5316]        __cancel_work_sync+0xbe/0x110
[   85.438028][ T5316]        l2cap_conn_del+0x40f/0x5c0
[   85.440365][ T5316]        hci_conn_hash_flush+0x10d/0x260
[   85.443080][ T5316]        hci_dev_reset+0x41c/0x6d0
[   85.445662][ T5316]        sock_do_ioctl+0x101/0x320
[   85.448543][ T5316]        sock_ioctl+0x5c6/0x7f0
[   85.451573][ T5316]        __se_sys_ioctl+0xfc/0x170
[   85.455618][ T5316]        do_syscall_64+0x14d/0xf80
[   85.458358][ T5316]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.461441][ T5316] 
[   85.461441][ T5316] other info that might help us debug this:
[   85.461441][ T5316] 
[   85.465834][ T5316]  Possible unsafe locking scenario:
[   85.465834][ T5316] 
[   85.469616][ T5316]        CPU0                    CPU1
[   85.472340][ T5316]        ----                    ----
[   85.474829][ T5316]   lock(&conn->lock#2);
[   85.477018][ T5316]                                lock((work_completion)(&(&conn->info_timer)->work));
[   85.481503][ T5316]                                lock(&conn->lock#2);
[   85.485380][ T5316]   lock((work_completion)(&(&conn->info_timer)->work));
[   85.488840][ T5316] 
[   85.488840][ T5316]  *** DEADLOCK ***
[   85.488840][ T5316] 
[   85.492399][ T5316] 6 locks held by syz.0.0/5316:
[   85.494456][ T5316]  #0: ffff88803d720028 (&hdev->srcu){.+.+}-{0:0}, at: __hci_dev_get+0x103/0x270
[   85.498408][ T5316]  #1: ffff88803d720ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_reset+0x153/0x6d0
[   85.502886][ T5316]  #2: ffff88803d7200c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_reset+0x1e9/0x6d0
[   85.507435][ T5316]  #3: ffffffff8fd5bbe8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260
[   85.511913][ T5316]  #4: ffff888041539af8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5c0
[   85.516124][ T5316]  #5: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0x100/0xc50
[   85.521218][ T5316] 
[   85.521218][ T5316] stack backtrace:
[   85.524202][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.524224][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.524235][ T5316] Call Trace:
[   85.524244][ T5316]  <TASK>
[   85.524255][ T5316]  dump_stack_lvl+0xe8/0x150
[   85.524283][ T5316]  print_circular_bug+0x2e1/0x300
[   85.524308][ T5316]  check_noncircular+0x12e/0x150
[   85.524326][ T5316]  __lock_acquire+0x15a5/0x2cf0
[   85.524342][ T5316]  ? do_raw_spin_lock+0x12b/0x2f0
[   85.524359][ T5316]  ? do_raw_spin_unlock+0x4d/0x210
[   85.524371][ T5316]  lock_acquire+0xf0/0x2e0
[   85.524383][ T5316]  ? __flush_work+0x100/0xc50
[   85.524403][ T5316]  ? __flush_work+0x100/0xc50
[   85.524422][ T5316]  __flush_work+0x700/0xc50
[   85.524441][ T5316]  ? __flush_work+0x100/0xc50
[   85.524460][ T5316]  ? __flush_work+0x100/0xc50
[   85.524473][ T5316]  ? __pfx___flush_work+0x10/0x10
[   85.524487][ T5316]  ? __pfx_wq_barrier_func+0x10/0x10
[   85.524499][ T5316]  ? __cancel_work_sync+0x5c/0x110
[   85.524509][ T5316]  __cancel_work_sync+0xbe/0x110
[   85.524520][ T5316]  l2cap_conn_del+0x40f/0x5c0
[   85.524530][ T5316]  ? __pfx_l2cap_disconn_cfm+0x10/0x10
[   85.524539][ T5316]  hci_conn_hash_flush+0x10d/0x260
[   85.524549][ T5316]  hci_dev_reset+0x41c/0x6d0
[   85.524559][ T5316]  ? hci_sock_ioctl+0x5b7/0x940
[   85.524568][ T5316]  sock_do_ioctl+0x101/0x320
[   85.524578][ T5316]  ? __pfx_sock_do_ioctl+0x10/0x10
[   85.524586][ T5316]  ? do_futex+0x395/0x420
[   85.524622][ T5316]  sock_ioctl+0x5c6/0x7f0
[   85.524636][ T5316]  ? __pfx_sock_ioctl+0x10/0x10
[   85.524649][ T5316]  ? __fget_files+0x2a/0x420
[   85.524677][ T5316]  ? __fget_files+0x3a0/0x420
[   85.524689][ T5316]  ? __fget_files+0x2a/0x420
[   85.524706][ T5316]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.524767][ T5316]  ? __pfx_sock_ioctl+0x10/0x10
[   85.524784][ T5316]  __se_sys_ioctl+0xfc/0x170
[   85.524794][ T5316]  do_syscall_64+0x14d/0xf80
[   85.524811][ T5316]  ? trace_irq_disable+0x3b/0x150
[   85.524850][ T5316]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.524864][ T5316]  ? clear_bhb_loop+0x40/0x90
[   85.524879][ T5316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.524887][ T5316] RIP: 0033:0x7fb02b59c799
[   85.524899][ T5316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.524907][ T5316] RSP: 002b:00007fb02c483fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.524937][ T5316] RAX: ffffffffffffffda RBX: 00007fb02b815fa0 RCX: 00007fb02b59c799
[   85.524949][ T5316] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 000000000000000e
[   85.524957][ T5316] RBP: 00007fb02b632bd9 R08: 0000000000000000 R09: 0000000000000000
[   85.524968][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.524976][ T5316] R13: 00007fb02b816038 R14: 00007fb02b815fa0 R15: 00007ffc8a2c1448
[   85.524990][ T5316]  </TASK>
[   91.929739][    T9] cfg80211: failed to load regulatory.db