syzbot

BUG: sleeping function called from invalid context at net/core/sock.c:3537
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6265, name: kworker/u9:2
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
6 locks held by kworker/u9:2/6265:
 #0: ffff0000dcd47948 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_one_work+0x668/0x15d4 kernel/workqueue.c:3241
 #1: ffff800097c07c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6b4/0x15d4 kernel/workqueue.c:3241
 #2: ffff0000eafcc078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xa4/0x870 net/bluetooth/hci_event.c:5061
 #3: ffff800091d61788 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2010 [inline]
 #3: ffff800091d61788 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x3d4/0x870 net/bluetooth/hci_event.c:5144
 #4: ffff0000ef2adc20 (&conn->lock#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #4: ffff0000ef2adc20 (&conn->lock#2){+.+.}-{2:2}, at: sco_conn_ready net/bluetooth/sco.c:1273 [inline]
 #4: ffff0000ef2adc20 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x260/0x94c net/bluetooth/sco.c:1358
 #5: ffff0000ec9f4258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1673 [inline]
 #5: ffff0000ec9f4258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_ready net/bluetooth/sco.c:1286 [inline]
 #5: ffff0000ec9f4258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3e8/0x94c net/bluetooth/sco.c:1358
Preemption disabled at:
[<ffff80008a0d70d4>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80008a0d70d4>] sco_conn_ready net/bluetooth/sco.c:1273 [inline]
[<ffff80008a0d70d4>] sco_connect_cfm+0x260/0x94c net/bluetooth/sco.c:1358
CPU: 0 PID: 6265 Comm: kworker/u9:2 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: hci4 hci_rx_work
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:317
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:324
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:114
 dump_stack+0x1c/0x28 lib/dump_stack.c:123
 __might_resched+0x374/0x4d0 kernel/sched/core.c:10197
 __might_sleep+0x90/0xe4 kernel/sched/core.c:10126
 lock_sock_nested+0x6c/0x11c net/core/sock.c:3537
 lock_sock include/net/sock.h:1673 [inline]
 sco_conn_ready net/bluetooth/sco.c:1286 [inline]
 sco_connect_cfm+0x3e8/0x94c net/bluetooth/sco.c:1358
 hci_connect_cfm include/net/bluetooth/hci_core.h:2013 [inline]
 hci_sync_conn_complete_evt+0x438/0x870 net/bluetooth/hci_event.c:5144
 hci_event_func net/bluetooth/hci_event.c:7545 [inline]
 hci_event_packet+0x740/0x1098 net/bluetooth/hci_event.c:7597
 hci_rx_work+0x318/0xa78 net/bluetooth/hci_core.c:4171
 process_one_work+0x7b8/0x15d4 kernel/workqueue.c:3267
 process_scheduled_works kernel/workqueue.c:3348 [inline]
 worker_thread+0x938/0xef4 kernel/workqueue.c:3429
 kthread+0x288/0x310 kernel/kthread.c:388
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Bluetooth: hci4: command 0x0406 tx timeout