BUG: sleeping function called from invalid context at net/bluetooth/hci_sync.c:169 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 6060, name: kworker/u5:5 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 4 locks held by kworker/u5:5/6060: #0: ffff0000d5b7ed38 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_one_work+0x560/0x1204 kernel/workqueue.c:2603 #1: ffff800097157c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x5a0/0x1204 kernel/workqueue.c:2605 #2: ffff0000c53cc078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xc0/0x95c net/bluetooth/hci_event.c:7036 #3: ffff80008e373700 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:302 CPU: 0 PID: 6060 Comm: kworker/u5:5 Not tainted 6.6.0-rc3-syzkaller-gbf6547d8715b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Workqueue: hci3 hci_rx_work Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233 show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 dump_stack+0x1c/0x28 lib/dump_stack.c:113 __might_resched+0x374/0x4d0 kernel/sched/core.c:10187 __might_sleep+0x90/0xe4 kernel/sched/core.c:10116 __hci_cmd_sync_sk+0x5f0/0xd4c net/bluetooth/hci_sync.c:167 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:248 [inline] __hci_cmd_sync_status net/bluetooth/hci_sync.c:274 [inline] hci_le_terminate_big_sync+0xc4/0x1dc net/bluetooth/hci_sync.c:1673 hci_le_create_big_complete_evt+0x7cc/0x95c net/bluetooth/hci_event.c:7073 hci_le_meta_evt+0x280/0x40c net/bluetooth/hci_event.c:7305 hci_event_func net/bluetooth/hci_event.c:7635 [inline] hci_event_packet+0x604/0xf44 net/bluetooth/hci_event.c:7690 hci_rx_work+0x32c/0x8c8 net/bluetooth/hci_core.c:4094 process_one_work+0x694/0x1204 kernel/workqueue.c:2630 process_scheduled_works kernel/workqueue.c:2703 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2784 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:853 ------------[ cut here ]------------ Voluntary context switch within RCU read-side critical section! WARNING: CPU: 0 PID: 6060 at kernel/rcu/tree_plugin.h:320 rcu_note_context_switch+0xb80/0x1008 kernel/rcu/tree_plugin.h:320 Modules linked in: CPU: 0 PID: 6060 Comm: kworker/u5:5 Tainted: G W 6.6.0-rc3-syzkaller-gbf6547d8715b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Workqueue: hci3 hci_rx_work pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : rcu_note_context_switch+0xb80/0x1008 kernel/rcu/tree_plugin.h:320 lr : rcu_note_context_switch+0xb80/0x1008 kernel/rcu/tree_plugin.h:320 sp : ffff800097157110 x29: ffff8000971571a0 x28: dfff800000000000 x27: 1ffff00011c340b9 x26: 0000000000000000 x25: 0000000100002cab x24: 0000000100000001 x23: 1fffe00018ca5a69 x22: ffff8001260c9000 x21: ffff0000c652d348 x20: ffff0000c652d734 x19: ffff0000c652d340 x18: 1fffe000368379ce x17: 0000000000000000 x16: ffff80008a576ca0 x15: 0000000000000001 x14: 1ffff00012e2ad3c x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000040000 x10: 0000000000018d6b x9 : 46b354c261dbb700 x8 : 46b354c261dbb700 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000971569f8 x4 : ffff80008e280f80 x3 : ffff80008036c568 x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000 Call trace: rcu_note_context_switch+0xb80/0x1008 kernel/rcu/tree_plugin.h:320 __schedule+0x2c0/0x23b4 kernel/sched/core.c:6595 schedule+0xc4/0x170 kernel/sched/core.c:6771 schedule_timeout+0x1d8/0x348 kernel/time/timer.c:2167 __hci_cmd_sync_sk+0x6d0/0xd4c net/bluetooth/hci_sync.c:167 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:248 [inline] __hci_cmd_sync_status net/bluetooth/hci_sync.c:274 [inline] hci_le_terminate_big_sync+0xc4/0x1dc net/bluetooth/hci_sync.c:1673 hci_le_create_big_complete_evt+0x7cc/0x95c net/bluetooth/hci_event.c:7073 hci_le_meta_evt+0x280/0x40c net/bluetooth/hci_event.c:7305 hci_event_func net/bluetooth/hci_event.c:7635 [inline] hci_event_packet+0x604/0xf44 net/bluetooth/hci_event.c:7690 hci_rx_work+0x32c/0x8c8 net/bluetooth/hci_core.c:4094 process_one_work+0x694/0x1204 kernel/workqueue.c:2630 process_scheduled_works kernel/workqueue.c:2703 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2784 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:853 irq event stamp: 3510 hardirqs last enabled at (3509): [] raw_spin_rq_unlock_irq kernel/sched/sched.h:1384 [inline] hardirqs last enabled at (3509): [] finish_lock_switch+0xbc/0x1e4 kernel/sched/core.c:5134 hardirqs last disabled at (3510): [] __schedule+0x2b4/0x23b4 kernel/sched/core.c:6594 softirqs last enabled at (3492): [] softirq_handle_end kernel/softirq.c:399 [inline] softirqs last enabled at (3492): [] __do_softirq+0xac0/0xd54 kernel/softirq.c:582 softirqs last disabled at (3471): [] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80 ---[ end trace 0000000000000000 ]--- Bluetooth: hci3: Opcode 0x206a failed: -110 Bluetooth: hci3: command 0x206a tx timeout