Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts. executing program [ 57.863100][ T1954] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 57.865027][ T1954] Bluetooth: hci0: Injecting HCI hardware error event [ 57.866895][ T3975] Bluetooth: hci0: hardware error 0x00 [ 57.868719][ T3975] [ 57.869245][ T3975] ====================================================== [ 57.870653][ T3975] WARNING: possible circular locking dependency detected [ 57.872231][ T3975] 5.15.148-syzkaller #0 Not tainted [ 57.873291][ T3975] ------------------------------------------------------ [ 57.874856][ T3975] kworker/u5:1/3975 is trying to acquire lock: [ 57.876214][ T3975] ffff0000c94c7120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0xf0/0x4cc [ 57.878475][ T3975] [ 57.878475][ T3975] but task is already holding lock: [ 57.880007][ T3975] ffff800016b4e8e8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 57.882081][ T3975] [ 57.882081][ T3975] which lock already depends on the new lock. [ 57.882081][ T3975] [ 57.884367][ T3975] [ 57.884367][ T3975] the existing dependency chain (in reverse order) is: [ 57.886365][ T3975] [ 57.886365][ T3975] -> #2 (hci_cb_list_lock){+.+.}-{3:3}: [ 57.887998][ T3975] __mutex_lock_common+0x194/0x2154 [ 57.889198][ T3975] mutex_lock_nested+0xa4/0xf8 [ 57.890337][ T3975] hci_remote_features_evt+0x480/0x940 [ 57.891610][ T3975] hci_event_packet+0x5ec/0x12b4 [ 57.892743][ T3975] hci_rx_work+0x1c0/0x7c4 [ 57.893796][ T3975] process_one_work+0x790/0x11b8 [ 57.895068][ T3975] worker_thread+0x910/0x1034 [ 57.896209][ T3975] kthread+0x37c/0x45c [ 57.897123][ T3975] ret_from_fork+0x10/0x20 [ 57.898282][ T3975] [ 57.898282][ T3975] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 57.899813][ T3975] __mutex_lock_common+0x194/0x2154 [ 57.901011][ T3975] mutex_lock_nested+0xa4/0xf8 [ 57.902133][ T3975] sco_sock_connect+0x170/0x848 [ 57.903228][ T3975] __sys_connect+0x268/0x290 [ 57.904262][ T3975] __arm64_sys_connect+0x7c/0x94 [ 57.905494][ T3975] invoke_syscall+0x98/0x2b8 [ 57.906575][ T3975] el0_svc_common+0x138/0x258 [ 57.907741][ T3975] do_el0_svc+0x58/0x14c [ 57.908857][ T3975] el0_svc+0x7c/0x1f0 [ 57.909827][ T3975] el0t_64_sync_handler+0x84/0xe4 [ 57.910992][ T3975] el0t_64_sync+0x1a0/0x1a4 [ 57.912123][ T3975] [ 57.912123][ T3975] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 57.914074][ T3975] __lock_acquire+0x32d4/0x7638 [ 57.915352][ T3975] lock_acquire+0x240/0x77c [ 57.916498][ T3975] lock_sock_nested+0xec/0x1ec [ 57.917647][ T3975] sco_conn_del+0xf0/0x4cc [ 57.918755][ T3975] sco_disconn_cfm+0x8c/0xdc [ 57.919809][ T3975] hci_conn_hash_flush+0x104/0x220 [ 57.921088][ T3975] hci_dev_do_close+0x7e4/0x1060 [ 57.922307][ T3975] hci_error_reset+0xd4/0x184 [ 57.923430][ T3975] process_one_work+0x790/0x11b8 [ 57.924672][ T3975] worker_thread+0x910/0x1034 [ 57.925824][ T3975] kthread+0x37c/0x45c [ 57.926834][ T3975] ret_from_fork+0x10/0x20 [ 57.927902][ T3975] [ 57.927902][ T3975] other info that might help us debug this: [ 57.927902][ T3975] [ 57.930097][ T3975] Chain exists of: [ 57.930097][ T3975] sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock [ 57.930097][ T3975] [ 57.933159][ T3975] Possible unsafe locking scenario: [ 57.933159][ T3975] [ 57.934726][ T3975] CPU0 CPU1 [ 57.935887][ T3975] ---- ---- [ 57.937099][ T3975] lock(hci_cb_list_lock); [ 57.938103][ T3975] lock(&hdev->lock); [ 57.939555][ T3975] lock(hci_cb_list_lock); [ 57.941107][ T3975] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 57.942389][ T3975] [ 57.942389][ T3975] *** DEADLOCK *** [ 57.942389][ T3975] [ 57.944144][ T3975] 5 locks held by kworker/u5:1/3975: [ 57.945333][ T3975] #0: ffff0000c8347138 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 [ 57.947590][ T3975] #1: ffff80001ca77c00 ((work_completion)(&hdev->error_reset)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 [ 57.950110][ T3975] #2: ffff0000c9d6cff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x64/0x1060 [ 57.952204][ T3975] #3: ffff0000c9d6c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x338/0x1060 [ 57.954307][ T3975] #4: ffff800016b4e8e8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 57.956458][ T3975] [ 57.956458][ T3975] stack backtrace: [ 57.957700][ T3975] CPU: 0 PID: 3975 Comm: kworker/u5:1 Not tainted 5.15.148-syzkaller #0 [ 57.959481][ T3975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 57.961817][ T3975] Workqueue: hci0 hci_error_reset [ 57.963036][ T3975] Call trace: [ 57.963826][ T3975] dump_backtrace+0x0/0x530 [ 57.964873][ T3975] show_stack+0x2c/0x3c [ 57.965824][ T3975] dump_stack_lvl+0x108/0x170 [ 57.966856][ T3975] dump_stack+0x1c/0x58 [ 57.967755][ T3975] print_circular_bug+0x150/0x1b8 [ 57.968836][ T3975] check_noncircular+0x2cc/0x378 [ 57.969868][ T3975] __lock_acquire+0x32d4/0x7638 [ 57.970902][ T3975] lock_acquire+0x240/0x77c [ 57.971884][ T3975] lock_sock_nested+0xec/0x1ec [ 57.972933][ T3975] sco_conn_del+0xf0/0x4cc [ 57.973956][ T3975] sco_disconn_cfm+0x8c/0xdc [ 57.974935][ T3975] hci_conn_hash_flush+0x104/0x220 [ 57.976127][ T3975] hci_dev_do_close+0x7e4/0x1060 [ 57.977238][ T3975] hci_error_reset+0xd4/0x184 [ 57.978279][ T3975] process_one_work+0x790/0x11b8 [ 57.979354][ T3975] worker_thread+0x910/0x1034 [ 57.980431][ T3975] kthread+0x37c/0x45c [ 57.981377][ T3975] ret_from_fork+0x10/0x20