BUG: sleeping function called from invalid context at net/core/sock.c:3627
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6441, name: kworker/u9:3
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
4 locks held by kworker/u9:3/6441:
 #0: ffff0000d885b948 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x60c/0x15cc kernel/workqueue.c:3210
 #1: ffff80009d187c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6a4/0x15cc kernel/workqueue.c:3210
 #2: ffff0000d840da20 (&conn->lock#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #2: ffff0000d840da20 (&conn->lock#2){+.+.}-{3:3}, at: sco_conn_ready net/bluetooth/sco.c:1328 [inline]
 #2: ffff0000d840da20 (&conn->lock#2){+.+.}-{3:3}, at: sco_connect_cfm+0x24c/0x8f4 net/bluetooth/sco.c:1415
 #3: ffff0000c59a7258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1623 [inline]
 #3: ffff0000c59a7258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_ready net/bluetooth/sco.c:1341 [inline]
 #3: ffff0000c59a7258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3d8/0x8f4 net/bluetooth/sco.c:1415
Preemption disabled at:
[<ffff80008a91f9b8>] spin_lock include/linux/spinlock.h:351 [inline]
[<ffff80008a91f9b8>] sco_conn_ready net/bluetooth/sco.c:1328 [inline]
[<ffff80008a91f9b8>] sco_connect_cfm+0x24c/0x8f4 net/bluetooth/sco.c:1415
CPU: 1 UID: 0 PID: 6441 Comm: kworker/u9:3 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: hci1 hci_rx_work
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 __might_resched+0x374/0x4d0 kernel/sched/core.c:8758
 __might_sleep+0x90/0xe4 kernel/sched/core.c:8687
 lock_sock_nested+0x6c/0x11c net/core/sock.c:3627
 lock_sock include/net/sock.h:1623 [inline]
 sco_conn_ready net/bluetooth/sco.c:1341 [inline]
 sco_connect_cfm+0x3d8/0x8f4 net/bluetooth/sco.c:1415
 hci_connect_cfm+0x120/0x1d4 include/net/bluetooth/hci_core.h:2057
 hci_conn_request_evt+0x66c/0xb08 net/bluetooth/hci_event.c:3328
 hci_event_func net/bluetooth/hci_event.c:7473 [inline]
 hci_event_packet+0x8dc/0x106c net/bluetooth/hci_event.c:7525
 hci_rx_work+0x31c/0xb04 net/bluetooth/hci_core.c:4035
 process_one_work+0x7a8/0x15cc kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3317 [inline]
 worker_thread+0x97c/0xeec kernel/workqueue.c:3398
 kthread+0x288/0x310 kernel/kthread.c:389
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Bluetooth: hci1: unexpected event 0x03 length: 17 > 11
Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
Bluetooth: hci1: command 0x042a tx timeout