Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
BUG: sleeping function called from invalid context at net/bluetooth/hci_sync.c:166
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 42, name: kworker/u5:0
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by kworker/u5:0/42:
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #2: ffff88810e290078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x2f0 net/bluetooth/hci_event.c:6921
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline]
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x2f0 net/bluetooth/hci_event.c:6917
CPU: 1 PID: 42 Comm: kworker/u5:0 Not tainted 6.4.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x3d/0x60 lib/dump_stack.c:106
 __might_resched+0x188/0x1e0 kernel/sched/core.c:10153
 __hci_cmd_sync_sk+0x152/0x590 net/bluetooth/hci_sync.c:166
 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:247 [inline]
 __hci_cmd_sync_status net/bluetooth/hci_sync.c:273 [inline]
 hci_le_terminate_big_sync+0x4d/0xd0 net/bluetooth/hci_sync.c:1671
 hci_le_create_big_complete_evt+0x249/0x2f0 net/bluetooth/hci_event.c:6956
 hci_event_func net/bluetooth/hci_event.c:7486 [inline]
 hci_event_packet+0x1f7/0x560 net/bluetooth/hci_event.c:7541
 hci_rx_work+0x9b/0x650 net/bluetooth/hci_core.c:4064
 process_one_work+0x285/0x4f0 kernel/workqueue.c:2405
 worker_thread+0x4e/0x340 kernel/workqueue.c:2552
 kthread+0xea/0x110 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Bluetooth: hci0: Opcode 0x206a failed: -110
BUG: sleeping function called from invalid context at net/bluetooth/hci_sync.c:166
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 42, name: kworker/u5:0
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by kworker/u5:0/42:
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #2: ffff88810e290078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x2f0 net/bluetooth/hci_event.c:6921
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline]
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x2f0 net/bluetooth/hci_event.c:6917
CPU: 1 PID: 42 Comm: kworker/u5:0 Tainted: G        W          6.4.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x3d/0x60 lib/dump_stack.c:106
 __might_resched+0x188/0x1e0 kernel/sched/core.c:10153
 __hci_cmd_sync_sk+0x152/0x590 net/bluetooth/hci_sync.c:166
 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:247 [inline]
 __hci_cmd_sync_status net/bluetooth/hci_sync.c:273 [inline]
 hci_le_terminate_big_sync+0x4d/0xd0 net/bluetooth/hci_sync.c:1671
 hci_le_create_big_complete_evt+0x249/0x2f0 net/bluetooth/hci_event.c:6956
 hci_event_func net/bluetooth/hci_event.c:7486 [inline]
 hci_event_packet+0x1f7/0x560 net/bluetooth/hci_event.c:7541
 hci_rx_work+0x9b/0x650 net/bluetooth/hci_core.c:4064
 process_one_work+0x285/0x4f0 kernel/workqueue.c:2405
 worker_thread+0x4e/0x340 kernel/workqueue.c:2552
 kthread+0xea/0x110 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Bluetooth: hci0: Opcode 0x206a failed: -110
BUG: sleeping function called from invalid context at net/bluetooth/hci_sync.c:166
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 42, name: kworker/u5:0
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by kworker/u5:0/42:
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #2: ffff88810e290078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x2f0 net/bluetooth/hci_event.c:6921
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline]
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x2f0 net/bluetooth/hci_event.c:6917
CPU: 1 PID: 42 Comm: kworker/u5:0 Tainted: G        W          6.4.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x3d/0x60 lib/dump_stack.c:106
 __might_resched+0x188/0x1e0 kernel/sched/core.c:10153
 __hci_cmd_sync_sk+0x152/0x590 net/bluetooth/hci_sync.c:166
 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:247 [inline]
 __hci_cmd_sync_status net/bluetooth/hci_sync.c:273 [inline]
 hci_le_terminate_big_sync+0x4d/0xd0 net/bluetooth/hci_sync.c:1671
 hci_le_create_big_complete_evt+0x249/0x2f0 net/bluetooth/hci_event.c:6956
 hci_event_func net/bluetooth/hci_event.c:7486 [inline]
 hci_event_packet+0x1f7/0x560 net/bluetooth/hci_event.c:7541
 hci_rx_work+0x9b/0x650 net/bluetooth/hci_core.c:4064
 process_one_work+0x285/0x4f0 kernel/workqueue.c:2405
 worker_thread+0x4e/0x340 kernel/workqueue.c:2552
 kthread+0xea/0x110 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Bluetooth: hci0: Opcode 0x206a failed: -110
BUG: sleeping function called from invalid context at net/bluetooth/hci_sync.c:166
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 42, name: kworker/u5:0
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by kworker/u5:0/42:
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #2: ffff88810e290078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x2f0 net/bluetooth/hci_event.c:6921
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline]
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x2f0 net/bluetooth/hci_event.c:6917
CPU: 1 PID: 42 Comm: kworker/u5:0 Tainted: G        W          6.4.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x3d/0x60 lib/dump_stack.c:106
 __might_resched+0x188/0x1e0 kernel/sched/core.c:10153
 __hci_cmd_sync_sk+0x152/0x590 net/bluetooth/hci_sync.c:166
 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:247 [inline]
 __hci_cmd_sync_status net/bluetooth/hci_sync.c:273 [inline]
 hci_le_terminate_big_sync+0x4d/0xd0 net/bluetooth/hci_sync.c:1671
 hci_le_create_big_complete_evt+0x249/0x2f0 net/bluetooth/hci_event.c:6956
 hci_event_func net/bluetooth/hci_event.c:7486 [inline]
 hci_event_packet+0x1f7/0x560 net/bluetooth/hci_event.c:7541
 hci_rx_work+0x9b/0x650 net/bluetooth/hci_core.c:4064
 process_one_work+0x285/0x4f0 kernel/workqueue.c:2405
 worker_thread+0x4e/0x340 kernel/workqueue.c:2552
 kthread+0xea/0x110 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Bluetooth: hci0: Opcode 0x206a failed: -110
BUG: sleeping function called from invalid context at net/bluetooth/hci_sync.c:166
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 42, name: kworker/u5:0
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by kworker/u5:0/42:
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #0: ffff88810ea89d38 ((wq_completion)hci0#2){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:863 [inline]
 #1: ffffc9000037be78 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x1f7/0x4f0 kernel/workqueue.c:2368
 #2: ffff88810e290078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x2f0 net/bluetooth/hci_event.c:6921
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline]
 #3: ffffffff83382ac0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x2f0 net/bluetooth/hci_event.c:6917
CPU: 0 PID: 42 Comm: kworker/u5:0 Tainted: G        W          6.4.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x3d/0x60 lib/dump_stack.c:106
 __might_resched+0x188/0x1e0 kernel/sched/core.c:10153
 __hci_cmd_sync_sk+0x152/0x590 net/bluetooth/hci_sync.c:166
 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:247 [inline]
 __hci_cmd_sync_status net/bluetooth/hci_sync.c:273 [inline]
 hci_le_terminate_big_sync+0x4d/0xd0 net/bluetooth/hci_sync.c:1671
 hci_le_create_big_complete_evt+0x249/0x2f0 net/bluetooth/hci_event.c:6956
 hci_event_func net/bluetooth/hci_event.c:7486 [inline]
 hci_event_packet+0x1f7/0x560 net/bluetooth/hci_event.c:7541
 hci_rx_work+0x9b/0x650 net/bluetooth/hci_core.c:4064
 process_one_work+0x285/0x4f0 kernel/workqueue.c:2405
 worker_thread+0x4e/0x340 kernel/workqueue.c:2552
 kthread+0xea/0x110 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>