Warning: Permanently added '10.128.0.238' (ED25519) to the list of known hosts. executing program [ 62.488388][ T23] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 62.496790][ T23] Bluetooth: hci0: Injecting HCI hardware error event [ 62.504416][ T4172] Bluetooth: hci0: hardware error 0x00 [ 62.510951][ T4172] [ 62.513275][ T4172] ====================================================== [ 62.520277][ T4172] WARNING: possible circular locking dependency detected [ 62.527280][ T4172] 5.15.182-syzkaller #0 Not tainted [ 62.532461][ T4172] ------------------------------------------------------ [ 62.539468][ T4172] kworker/u5:2/4172 is trying to acquire lock: [ 62.545622][ T4172] ffff888078d34120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x142/0x360 [ 62.556191][ T4172] [ 62.556191][ T4172] but task is already holding lock: [ 62.563545][ T4172] ffffffff8d370e08 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa4/0x220 [ 62.573100][ T4172] [ 62.573100][ T4172] which lock already depends on the new lock. [ 62.573100][ T4172] [ 62.583492][ T4172] [ 62.583492][ T4172] the existing dependency chain (in reverse order) is: [ 62.592489][ T4172] [ 62.592489][ T4172] -> #2 (hci_cb_list_lock){+.+.}-{3:3}: [ 62.600208][ T4172] __mutex_lock_common+0x1eb/0x2390 [ 62.605934][ T4172] mutex_lock_nested+0x17/0x20 [ 62.611207][ T4172] hci_remote_features_evt+0x5cf/0xa10 [ 62.617173][ T4172] hci_event_packet+0x613/0x12f0 [ 62.622615][ T4172] hci_rx_work+0x255/0xa10 [ 62.627559][ T4172] process_one_work+0x863/0x1000 [ 62.633007][ T4172] worker_thread+0xaa8/0x12a0 [ 62.638193][ T4172] kthread+0x436/0x520 [ 62.642770][ T4172] ret_from_fork+0x1f/0x30 [ 62.647701][ T4172] [ 62.647701][ T4172] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 62.655004][ T4172] __mutex_lock_common+0x1eb/0x2390 [ 62.660741][ T4172] mutex_lock_nested+0x17/0x20 [ 62.666010][ T4172] sco_sock_connect+0x18f/0x910 [ 62.671392][ T4172] __sys_connect+0x389/0x410 [ 62.676489][ T4172] __x64_sys_connect+0x76/0x80 [ 62.681778][ T4172] do_syscall_64+0x4c/0xa0 [ 62.686814][ T4172] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 62.693383][ T4172] [ 62.693383][ T4172] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 62.702528][ T4172] __lock_acquire+0x2c33/0x7c60 [ 62.707923][ T4172] lock_acquire+0x197/0x3f0 [ 62.712939][ T4172] lock_sock_nested+0x44/0x100 [ 62.718211][ T4172] sco_conn_del+0x142/0x360 [ 62.723221][ T4172] hci_conn_hash_flush+0x107/0x220 [ 62.728842][ T4172] hci_dev_do_close+0x991/0x1030 [ 62.734332][ T4172] hci_error_reset+0x101/0x2c0 [ 62.739609][ T4172] process_one_work+0x863/0x1000 [ 62.745064][ T4172] worker_thread+0xaa8/0x12a0 [ 62.750253][ T4172] kthread+0x436/0x520 [ 62.754838][ T4172] ret_from_fork+0x1f/0x30 [ 62.759777][ T4172] [ 62.759777][ T4172] other info that might help us debug this: [ 62.759777][ T4172] [ 62.769994][ T4172] Chain exists of: [ 62.769994][ T4172] sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock [ 62.769994][ T4172] [ 62.784235][ T4172] Possible unsafe locking scenario: [ 62.784235][ T4172] [ 62.791669][ T4172] CPU0 CPU1 [ 62.797109][ T4172] ---- ---- [ 62.802457][ T4172] lock(hci_cb_list_lock); [ 62.806968][ T4172] lock(&hdev->lock); [ 62.813546][ T4172] lock(hci_cb_list_lock); [ 62.820648][ T4172] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 62.826531][ T4172] [ 62.826531][ T4172] *** DEADLOCK *** [ 62.826531][ T4172] [ 62.834660][ T4172] 5 locks held by kworker/u5:2/4172: [ 62.839929][ T4172] #0: ffff888024171938 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 [ 62.850097][ T4172] #1: ffffc90002e9fd00 ((work_completion)(&hdev->error_reset)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 [ 62.861824][ T4172] #2: ffff88807c9a4ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x5f/0x1030 [ 62.871552][ T4172] #3: ffff88807c9a4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x3f4/0x1030 [ 62.881020][ T4172] #4: ffffffff8d370e08 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa4/0x220 [ 62.891007][ T4172] [ 62.891007][ T4172] stack backtrace: [ 62.896892][ T4172] CPU: 1 PID: 4172 Comm: kworker/u5:2 Not tainted 5.15.182-syzkaller #0 [ 62.905199][ T4172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 62.915244][ T4172] Workqueue: hci0 hci_error_reset [ 62.920271][ T4172] Call Trace: [ 62.923538][ T4172] [ 62.926455][ T4172] dump_stack_lvl+0x168/0x230 [ 62.931125][ T4172] ? load_image+0x3b0/0x3b0 [ 62.935615][ T4172] ? show_regs_print_info+0x20/0x20 [ 62.940805][ T4172] ? print_circular_bug+0x12b/0x1a0 [ 62.946104][ T4172] check_noncircular+0x274/0x310 [ 62.951029][ T4172] ? add_chain_block+0x940/0x940 [ 62.955950][ T4172] ? lockdep_lock+0xdc/0x1e0 [ 62.960527][ T4172] ? lockdep_unlock+0x134/0x2d0 [ 62.965367][ T4172] ? lockdep_lock+0x1e0/0x1e0 [ 62.970033][ T4172] ? mark_lock+0x94/0x320 [ 62.974350][ T4172] __lock_acquire+0x2c33/0x7c60 [ 62.979200][ T4172] ? verify_lock_unused+0x140/0x140 [ 62.984396][ T4172] ? __mutex_trylock_common+0x14f/0x250 [ 62.989931][ T4172] lock_acquire+0x197/0x3f0 [ 62.994422][ T4172] ? sco_conn_del+0x142/0x360 [ 62.999088][ T4172] ? read_lock_is_recursive+0x10/0x10 [ 63.004449][ T4172] ? __lock_acquire+0x7c60/0x7c60 [ 63.009462][ T4172] ? __rwlock_init+0x140/0x140 [ 63.014216][ T4172] lock_sock_nested+0x44/0x100 [ 63.018970][ T4172] ? sco_conn_del+0x142/0x360 [ 63.023636][ T4172] sco_conn_del+0x142/0x360 [ 63.028257][ T4172] ? sco_connect_cfm+0xa40/0xa40 [ 63.033197][ T4172] hci_conn_hash_flush+0x107/0x220 [ 63.038330][ T4172] hci_dev_do_close+0x991/0x1030 [ 63.043266][ T4172] hci_error_reset+0x101/0x2c0 [ 63.048020][ T4172] process_one_work+0x863/0x1000 [ 63.052952][ T4172] ? worker_detach_from_pool+0x240/0x240 [ 63.058572][ T4172] ? lockdep_hardirqs_off+0x70/0x100 [ 63.063849][ T4172] ? _raw_spin_lock_irq+0xab/0xe0 [ 63.068861][ T4172] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 63.074228][ T4172] ? wq_worker_running+0x97/0x170 [ 63.079242][ T4172] worker_thread+0xaa8/0x12a0 [ 63.083921][ T4172] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 63.089805][ T