Warning: Permanently added '10.128.0.65' (ED25519) to the list of known hosts. [ 32.437242][ T4230] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 32.439653][ T4230] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 32.441514][ T4230] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 32.444539][ T4230] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 32.446623][ T4230] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 32.448449][ T4230] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 36.512357][ T4230] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 36.514356][ T4230] Bluetooth: hci0: Injecting HCI hardware error event [ 36.516144][ T4230] Bluetooth: hci0: hardware error 0x00 [ 36.517708][ T4230] [ 36.518258][ T4230] ====================================================== [ 36.519911][ T4230] WARNING: possible circular locking dependency detected [ 36.521574][ T4230] 6.1.60-syzkaller #0 Not tainted [ 36.522746][ T4230] ------------------------------------------------------ [ 36.524311][ T4230] kworker/u5:1/4230 is trying to acquire lock: [ 36.525809][ T4230] ffff0000c4912130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0xec/0x498 [ 36.528187][ T4230] [ 36.528187][ T4230] but task is already holding lock: [ 36.529898][ T4230] ffff800017f37608 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb0/0x27c [ 36.532243][ T4230] [ 36.532243][ T4230] which lock already depends on the new lock. [ 36.532243][ T4230] [ 36.534658][ T4230] [ 36.534658][ T4230] the existing dependency chain (in reverse order) is: [ 36.536813][ T4230] [ 36.536813][ T4230] -> #2 (hci_cb_list_lock){+.+.}-{3:3}: [ 36.538512][ T4230] __mutex_lock_common+0x190/0x21a0 [ 36.539864][ T4230] mutex_lock_nested+0x38/0x44 [ 36.541035][ T4230] hci_remote_features_evt+0x458/0x8c4 [ 36.542388][ T4230] hci_event_packet+0x748/0x109c [ 36.543682][ T4230] hci_rx_work+0x318/0xa68 [ 36.544849][ T4230] process_one_work+0x7ac/0x1404 [ 36.546141][ T4230] worker_thread+0x8e4/0xfec [ 36.547414][ T4230] kthread+0x250/0x2d8 [ 36.548522][ T4230] ret_from_fork+0x10/0x20 [ 36.549664][ T4230] [ 36.549664][ T4230] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 36.551377][ T4230] __mutex_lock_common+0x190/0x21a0 [ 36.552663][ T4230] mutex_lock_nested+0x38/0x44 [ 36.553936][ T4230] sco_sock_connect+0x170/0x84c [ 36.555207][ T4230] __sys_connect+0x268/0x290 [ 36.556388][ T4230] __arm64_sys_connect+0x7c/0x94 [ 36.557600][ T4230] invoke_syscall+0x98/0x2c0 [ 36.558775][ T4230] el0_svc_common+0x138/0x258 [ 36.559968][ T4230] do_el0_svc+0x64/0x218 [ 36.561053][ T4230] el0_svc+0x58/0x168 [ 36.562136][ T4230] el0t_64_sync_handler+0x84/0xf0 [ 36.563486][ T4230] el0t_64_sync+0x18c/0x190 [ 36.564617][ T4230] [ 36.564617][ T4230] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 36.566782][ T4230] __lock_acquire+0x3338/0x764c [ 36.568002][ T4230] lock_acquire+0x26c/0x7cc [ 36.569209][ T4230] lock_sock_nested+0x78/0x138 [ 36.570462][ T4230] sco_conn_del+0xec/0x498 [ 36.571649][ T4230] sco_disconn_cfm+0x8c/0xdc [ 36.572869][ T4230] hci_conn_hash_flush+0x104/0x27c [ 36.574160][ T4230] hci_dev_close_sync+0x7e0/0xf1c [ 36.575430][ T4230] hci_error_reset+0xf4/0x248 [ 36.576656][ T4230] process_one_work+0x7ac/0x1404 [ 36.577945][ T4230] worker_thread+0x8e4/0xfec [ 36.579155][ T4230] kthread+0x250/0x2d8 [ 36.580261][ T4230] ret_from_fork+0x10/0x20 [ 36.581431][ T4230] [ 36.581431][ T4230] other info that might help us debug this: [ 36.581431][ T4230] [ 36.583801][ T4230] Chain exists of: [ 36.583801][ T4230] sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock [ 36.583801][ T4230] [ 36.587228][ T4230] Possible unsafe locking scenario: [ 36.587228][ T4230] [ 36.588982][ T4230] CPU0 CPU1 [ 36.590220][ T4230] ---- ---- [ 36.591508][ T4230] lock(hci_cb_list_lock); [ 36.592461][ T4230] lock(&hdev->lock); [ 36.594066][ T4230] lock(hci_cb_list_lock); [ 36.595667][ T4230] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 36.597034][ T4230] [ 36.597034][ T4230] *** DEADLOCK *** [ 36.597034][ T4230] [ 36.598870][ T4230] 5 locks held by kworker/u5:1/4230: [ 36.600062][ T4230] #0: ffff0000d4d80138 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 [ 36.602527][ T4230] #1: ffff80001dc87c20 ((work_completion)(&hdev->error_reset)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 [ 36.605236][ T4230] #2: ffff0000d54f10b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_error_reset+0xec/0x248 [ 36.607561][ T4230] #3: ffff0000d54f0078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x39c/0xf1c [ 36.609887][ T4230] #4: ffff800017f37608 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb0/0x27c [ 36.611628][ T4230] [ 36.611628][ T4230] stack backtrace: [ 36.612633][ T4230] CPU: 1 PID: 4230 Comm: kworker/u5:1 Not tainted 6.1.60-syzkaller #0 [ 36.614024][ T4230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 36.616081][ T4230] Workqueue: hci0 hci_error_reset [ 36.617232][ T4230] Call trace: [ 36.618024][ T4230] dump_backtrace+0x1c8/0x1f4 [ 36.619119][ T4230] show_stack+0x2c/0x3c [ 36.620114][ T4230] dump_stack_lvl+0x108/0x170 [ 36.621243][ T4230] dump_stack+0x1c/0x58 [ 36.622272][ T4230] print_circular_bug+0x150/0x1b8 [ 36.623459][ T4230] check_noncircular+0x2cc/0x378 [ 36.624662][ T4230] __lock_acquire+0x3338/0x764c [ 36.625818][ T4230] lock_acquire+0x26c/0x7cc [ 36.626881][ T4230] lock_sock_nested+0x78/0x138 [ 36.628032][ T4230] sco_conn_del+0xec/0x498 [ 36.629078][ T4230] sco_disconn_cfm+0x8c/0xdc [ 36.630134][ T4230] hci_conn_hash_flush+0x104/0x27c [ 36.631338][ T4230] hci_dev_close_sync+0x7e0/0xf1c [ 36.632520][ T4230] hci_error_reset+0xf4/0x248 [ 36.633632][ T4230] process_one_work+0x7ac/0x1404 [ 36.634822][ T4230] worker_thread+0x8e4/0xfec [ 36.635860][ T4230] kthread+0x250/0x2d8 [ 36.636836][ T4230] ret_from_fork+0x10/0x20