======================================================
WARNING: possible circular locking dependency detected
6.0.0-rc3-next-20220829 #1 Not tainted
------------------------------------------------------
kworker/u5:6/318 is trying to acquire lock:
ffff888044e6f130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x11c/0x2c0

but task is already holding lock:
ffffffff859d9c28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm+0x26/0x140

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (hci_cb_list_lock){+.+.}-{3:3}:
       __mutex_lock+0x136/0x14d0
       hci_connect_cfm+0x26/0x140
       hci_remote_features_evt+0x474/0x870
       hci_event_packet+0x919/0xf60
       hci_rx_work+0xa82/0x1000
       process_one_work+0xa0f/0x1690
       worker_thread+0x637/0x1260
       kthread+0x2ed/0x3a0
       ret_from_fork+0x22/0x30

-> #1 (&hdev->lock){+.+.}-{3:3}:
       __mutex_lock+0x136/0x14d0
       sco_sock_connect+0x1e4/0xa60
       __sys_connect_file+0x155/0x1a0
       __sys_connect+0x165/0x1a0
       __x64_sys_connect+0x6f/0xb0
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
       __lock_acquire+0x2a02/0x5e70
       lock_acquire+0x1a2/0x530
       lock_sock_nested+0x3d/0xf0
       sco_conn_del+0x11c/0x2c0
       sco_connect_cfm+0x222/0x840
       hci_connect_cfm+0x94/0x140
       hci_sync_conn_complete_evt+0x2a2/0x9b0
       hci_event_packet+0x919/0xf60
       hci_rx_work+0xa82/0x1000
       process_one_work+0xa0f/0x1690
       worker_thread+0x637/0x1260
       kthread+0x2ed/0x3a0
       ret_from_fork+0x22/0x30

other info that might help us debug this:

Chain exists of:
  sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(hci_cb_list_lock);
                               lock(&hdev->lock);
                               lock(hci_cb_list_lock);
  lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);

 *** DEADLOCK ***

4 locks held by kworker/u5:6/318:
 #0: ffff88801c0e5938 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_one_work+0x90d/0x1690
 #1: ffff888008a4fdb0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x941/0x1690
 #2: ffff88801773c078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xe2/0x9b0
 #3: ffffffff859d9c28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm+0x26/0x140

stack backtrace:
CPU: 0 PID: 318 Comm: kworker/u5:6 Not tainted 6.0.0-rc3-next-20220829 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: hci7 hci_rx_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x8b/0xb3
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2a02/0x5e70
 lock_acquire+0x1a2/0x530
 lock_sock_nested+0x3d/0xf0
 sco_conn_del+0x11c/0x2c0
 sco_connect_cfm+0x222/0x840
 hci_connect_cfm+0x94/0x140
 hci_sync_conn_complete_evt+0x2a2/0x9b0
 hci_event_packet+0x919/0xf60
 hci_rx_work+0xa82/0x1000
 process_one_work+0xa0f/0x1690
 worker_thread+0x637/0x1260
 kthread+0x2ed/0x3a0
 ret_from_fork+0x22/0x30
 </TASK>
Bluetooth: Unexpected continuation frame (len 96)
Bluetooth: Unexpected continuation frame (len 96)
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
misc raw-gadget: fail, usb_gadget_register_driver returned -16
UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
misc raw-gadget: fail, usb_gadget_register_driver returned -16
Bluetooth: hci6: command 0x0409 tx timeout
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
Bluetooth: MGMT ver 1.22
Bluetooth: hci6: command 0x0409 tx timeout