Warning: Permanently added '10.128.0.236' (ED25519) to the list of known hosts.
executing program
[   49.439936][ T1933] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[   49.448516][ T1933] Bluetooth: hci0: Injecting HCI hardware error event
[   49.456349][ T3505] Bluetooth: hci0: hardware error 0x00
[   49.462672][ T3505] 
[   49.464990][ T3505] ======================================================
[   49.472015][ T3505] WARNING: possible circular locking dependency detected
[   49.479282][ T3505] 5.15.153-syzkaller #0 Not tainted
[   49.484460][ T3505] ------------------------------------------------------
[   49.491554][ T3505] kworker/u5:2/3505 is trying to acquire lock:
[   49.498316][ T3505] ffff888072ac5120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x104/0x300
[   49.508754][ T3505] 
[   49.508754][ T3505] but task is already holding lock:
[   49.516187][ T3505] ffffffff8db25068 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[   49.525816][ T3505] 
[   49.525816][ T3505] which lock already depends on the new lock.
[   49.525816][ T3505] 
[   49.536274][ T3505] 
[   49.536274][ T3505] the existing dependency chain (in reverse order) is:
[   49.545375][ T3505] 
[   49.545375][ T3505] -> #2 (hci_cb_list_lock){+.+.}-{3:3}:
[   49.553202][ T3505]        lock_acquire+0x1db/0x4f0
[   49.558213][ T3505]        __mutex_lock_common+0x1da/0x25a0
[   49.564005][ T3505]        mutex_lock_nested+0x17/0x20
[   49.569286][ T3505]        hci_remote_features_evt+0x52f/0xb50
[   49.575294][ T3505]        hci_event_packet+0x6fe/0x1550
[   49.580983][ T3505]        hci_rx_work+0x232/0x990
[   49.585920][ T3505]        process_one_work+0x8a1/0x10c0
[   49.591378][ T3505]        worker_thread+0xaca/0x1280
[   49.596582][ T3505]        kthread+0x3f6/0x4f0
[   49.601372][ T3505]        ret_from_fork+0x1f/0x30
[   49.606304][ T3505] 
[   49.606304][ T3505] -> #1 (&hdev->lock){+.+.}-{3:3}:
[   49.613575][ T3505]        lock_acquire+0x1db/0x4f0
[   49.618667][ T3505]        __mutex_lock_common+0x1da/0x25a0
[   49.624557][ T3505]        mutex_lock_nested+0x17/0x20
[   49.629915][ T3505]        sco_sock_connect+0x181/0x8e0
[   49.635271][ T3505]        __sys_connect+0x38b/0x410
[   49.640705][ T3505]        __x64_sys_connect+0x76/0x80
[   49.646271][ T3505]        do_syscall_64+0x3d/0xb0
[   49.651370][ T3505]        entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   49.657863][ T3505] 
[   49.657863][ T3505] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
[   49.667487][ T3505]        validate_chain+0x1649/0x5930
[   49.673289][ T3505]        __lock_acquire+0x1295/0x1ff0
[   49.678890][ T3505]        lock_acquire+0x1db/0x4f0
[   49.683993][ T3505]        lock_sock_nested+0x44/0x100
[   49.689259][ T3505]        sco_conn_del+0x104/0x300
[   49.694529][ T3505]        hci_conn_hash_flush+0x10d/0x220
[   49.700412][ T3505]        hci_dev_do_close+0x9f6/0x1070
[   49.706230][ T3505]        hci_error_reset+0x106/0x2d0
[   49.711508][ T3505]        process_one_work+0x8a1/0x10c0
[   49.716946][ T3505]        worker_thread+0xaca/0x1280
[   49.722206][ T3505]        kthread+0x3f6/0x4f0
[   49.726859][ T3505]        ret_from_fork+0x1f/0x30
[   49.731773][ T3505] 
[   49.731773][ T3505] other info that might help us debug this:
[   49.731773][ T3505] 
[   49.742347][ T3505] Chain exists of:
[   49.742347][ T3505]   sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock
[   49.742347][ T3505] 
[   49.757265][ T3505]  Possible unsafe locking scenario:
[   49.757265][ T3505] 
[   49.765098][ T3505]        CPU0                    CPU1
[   49.770454][ T3505]        ----                    ----
[   49.776112][ T3505]   lock(hci_cb_list_lock);
[   49.780608][ T3505]                                lock(&hdev->lock);
[   49.787177][ T3505]                                lock(hci_cb_list_lock);
[   49.794444][ T3505]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
[   49.800331][ T3505] 
[   49.800331][ T3505]  *** DEADLOCK ***
[   49.800331][ T3505] 
[   49.808884][ T3505] 5 locks held by kworker/u5:2/3505:
[   49.814248][ T3505]  #0: ffff88801d1ab938 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[   49.824532][ T3505]  #1: ffffc90002567d20 ((work_completion)(&hdev->error_reset)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[   49.836463][ T3505]  #2: ffff888079230ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070
[   49.846714][ T3505]  #3: ffff888079230078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070
[   49.856278][ T3505]  #4: ffffffff8db25068 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[   49.867137][ T3505] 
[   49.867137][ T3505] stack backtrace:
[   49.873018][ T3505] CPU: 1 PID: 3505 Comm: kworker/u5:2 Not tainted 5.15.153-syzkaller #0
[   49.881772][ T3505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   49.892233][ T3505] Workqueue: hci0 hci_error_reset
[   49.897419][ T3505] Call Trace:
[   49.900901][ T3505]  <TASK>
[   49.904079][ T3505]  dump_stack_lvl+0x1e3/0x2cb
[   49.908774][ T3505]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   49.914391][ T3505]  ? print_circular_bug+0x12b/0x1a0
[   49.919585][ T3505]  check_noncircular+0x2f8/0x3b0
[   49.924596][ T3505]  ? stack_trace_snprint+0xe0/0xe0
[   49.929869][ T3505]  ? add_chain_block+0x850/0x850
[   49.934784][ T3505]  ? lockdep_lock+0x11f/0x2a0
[   49.939732][ T3505]  ? lockdep_unlock+0x166/0x300
[   49.944576][ T3505]  ? lockdep_lock+0x2a0/0x2a0
[   49.949320][ T3505]  validate_chain+0x1649/0x5930
[   49.954151][ T3505]  ? reacquire_held_locks+0x660/0x660
[   49.959497][ T3505]  ? reacquire_held_locks+0x660/0x660
[   49.964848][ T3505]  ? mark_lock+0x98/0x340
[   49.969161][ T3505]  ? mark_lock+0x98/0x340
[   49.973475][ T3505]  __lock_acquire+0x1295/0x1ff0
[   49.978303][ T3505]  lock_acquire+0x1db/0x4f0
[   49.982782][ T3505]  ? sco_conn_del+0x104/0x300
[   49.987438][ T3505]  ? read_lock_is_recursive+0x10/0x10
[   49.992783][ T3505]  ? read_lock_is_recursive+0x10/0x10
[   49.998129][ T3505]  ? sco_conn_del+0xfa/0x300
[   50.002695][ T3505]  ? __lock_acquire+0x1ff0/0x1ff0
[   50.007695][ T3505]  ? do_raw_spin_lock+0x14a/0x370
[   50.012696][ T3505]  lock_sock_nested+0x44/0x100
[   50.017696][ T3505]  ? sco_conn_del+0x104/0x300
[   50.022440][ T3505]  sco_conn_del+0x104/0x300
[   50.027112][ T3505]  ? sco_connect_cfm+0xad0/0xad0
[   50.032111][ T3505]  hci_conn_hash_flush+0x10d/0x220
[   50.037378][ T3505]  hci_dev_do_close+0x9f6/0x1070
[   50.042576][ T3505]  hci_error_reset+0x106/0x2d0
[   50.047577][ T3505]  process_one_work+0x8a1/0x10c0
[   50.052593][ T3505]  ? worker_detach_from_pool+0x260/0x260
[   50.058291][ T3505]  ? _raw_spin_lock_irqsave+0x120/0x120
[   50.063916][ T3505]  ? kthread_data+0x4e/0xc0
[   50.068393][ T3505]  ? wq_worker_running+0x97/0x170
[   50.073508][ T3505]  worker_thread+0xaca/0x1280
[   50.078164][ T3505]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   50.084035][ T3505]  kthread+0x3f6/0x4f0
[   50.088188][ T3505]  ? rcu_lock_release+0x20/0x20
[