device vxlan0 entered promiscuous mode
device vxlan0 entered promiscuous mode
================================
WARNING: inconsistent lock state
4.19.177-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
000000005e24ca21 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: spin_lock include/linux/spinlock.h:329 [inline]
000000005e24ca21 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}, at: sco_sock_timeout+0x31/0x210 net/bluetooth/sco.c:82
{SOFTIRQ-ON-W} state was registered at:
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
  spin_lock include/linux/spinlock.h:329 [inline]
  sco_conn_del+0xe2/0x240 net/bluetooth/sco.c:175
  sco_disconn_cfm+0x74/0xb0 net/bluetooth/sco.c:1133
  hci_disconn_cfm include/net/bluetooth/hci_core.h:1261 [inline]
  hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1512
  hci_dev_do_close+0x659/0xf10 net/bluetooth/hci_core.c:1666
  hci_unregister_dev+0x18b/0x910 net/bluetooth/hci_core.c:3271
  vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:354
  __fput+0x2ce/0x890 fs/file_table.c:278
  task_work_run+0x148/0x1c0 kernel/task_work.c:113
  exit_task_work include/linux/task_work.h:22 [inline]
  do_exit+0xbf3/0x2be0 kernel/exit.c:870
  do_group_exit+0x125/0x310 kernel/exit.c:967
  get_signal+0x3f2/0x1f70 kernel/signal.c:2589
  do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:821
  exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
  prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
  syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
  do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
irq event stamp: 6193556
hardirqs last  enabled at (6193556): [<ffffffff88164e74>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last  enabled at (6193556): [<ffffffff88164e74>] _raw_spin_unlock_irq+0x24/0x80 kernel/locking/spinlock.c:192
hardirqs last disabled at (6193555): [<ffffffff88164b05>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (6193555): [<ffffffff88164b05>] _raw_spin_lock_irq+0x35/0x80 kernel/locking/spinlock.c:160
softirqs last  enabled at (6193552): [<ffffffff81392aad>] irq_enter+0xbd/0xd0 kernel/softirq.c:354
softirqs last disabled at (6193553): [<ffffffff81392cd5>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (6193553): [<ffffffff81392cd5>] irq_exit+0x215/0x260 kernel/softirq.c:412

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
  <Interrupt>
    lock(slock-AF_BLUETOOTH-BTPROTO_SCO);

 *** DEADLOCK ***

1 lock held by swapper/1/0:
 #0: 000000005540f0b5 ((&sk->sk_timer)#2){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:168 [inline]
 #0: 000000005540f0b5 ((&sk->sk_timer)#2){+.-.}, at: call_timer_fn+0xc9/0x700 kernel/time/timer.c:1328

stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.177-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2544
 valid_state kernel/locking/lockdep.c:2557 [inline]
 mark_lock_irq kernel/locking/lockdep.c:2751 [inline]
 mark_lock+0xc70/0x1160 kernel/locking/lockdep.c:3131
 mark_irqflags kernel/locking/lockdep.c:3009 [inline]
 __lock_acquire+0xdc4/0x3ff0 kernel/locking/lockdep.c:3372
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
 spin_lock include/linux/spinlock.h:329 [inline]
 sco_sock_timeout+0x31/0x210 net/bluetooth/sco.c:82
 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1696 [inline]
 run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x215/0x260 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:535 [inline]
 smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
Code: 48 89 df e8 14 d5 81 f9 e9 2e ff ff ff 48 89 df e8 07 d5 81 f9 eb 82 90 90 90 90 90 e9 07 00 00 00 0f 00 2d 14 46 51 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 04 46 51 00 f4 c3 90 90 41 56 41 55
RSP: 0018:ffff8880b5aafd40 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3044 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880b5a9ac44
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff89f18210
R13: 1ffff11016b55fb2 R14: 0000000000000000 R15: 0000000000000000
 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
 default_idle+0x49/0x310 arch/x86/kernel/process.c:557
 cpuidle_idle_call kernel/sched/idle.c:153 [inline]
 do_idle+0x2ec/0x4b0 kernel/sched/idle.c:263
 cpu_startup_entry+0xc5/0xe0 kernel/sched/idle.c:369
 start_secondary+0x435/0x5c0 arch/x86/kernel/smpboot.c:271
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
device vxlan0 entered promiscuous mode
FAT-fs (loop4): Unrecognized mount option "func=FIRMWARE_CHECK" or missing value
device vxlan0 entered promiscuous mode
xt_ct_set_helper: 26 callbacks suppressed
xt_CT: You must specify a L4 protocol and not use inversions on it
ptrace attach of "/root/syz-executor.1"[30045] was attempted by "/root/syz-executor.1"[30046]
xt_CT: You must specify a L4 protocol and not use inversions on it
xt_CT: You must specify a L4 protocol and not use inversions on it
xt_CT: You must specify a L4 protocol and not use inversions on it
ptrace attach of "/root/syz-executor.1"[30068] was attempted by "/root/syz-executor.1"[30069]
xt_CT: You must specify a L4 protocol and not use inversions on it
device vxlan0 entered promiscuous mode
ptrace attach of "/root/syz-executor.5"[30070] was attempted by "/root/syz-executor.5"[30071]
xt_CT: You must specify a L4 protocol and not use inversions on it
xt_CT: You must specify a L4 protocol and not use inversions on it
ptrace attach of "/root/syz-executor.1"[30084] was attempted by "/root/syz-executor.1"[30087]
xt_CT: You must specify a L4 protocol and not use inversions on it
hfsplus: unable to parse mount options
xt_CT: You must specify a L4 protocol and not use inversions on it
ptrace attach of "/root/syz-executor.5"[30096] was attempted by "/root/syz-executor.5"[30105]
xt_CT: You must specify a L4 protocol and not use inversions on it
device vxlan0 entered promiscuous mode
device vxlan0 entered promiscuous mode
device vxlan0 entered promiscuous mode
device vxlan0 entered promiscuous mode
device vxlan0 entered promiscuous mode
device vxlan0 entered promiscuous mode
device vxlan0 entered promiscuous mode
xt_ct_set_helper: 30 callbacks suppressed
xt_CT: You must specify a L4 protocol and not use inversions on it
device vxlan0 entered promiscuous mode
ptrace attach of "/root/syz-executor.5"[30326] was attempted by "/root/syz-executor.5"[30327]
xt_CT: You must specify a L4 protocol and not use inversions on it
xt_CT: You must specify a L4 protocol and not use inversions on it
device vxlan0 entered promiscuous mode
xt_CT: You must specify a L4 protocol and not use inversions on it
ptrace attach of "/root/syz-executor.5"[30369] was attempted by "/root/syz-executor.5"[30371]
xt_CT: You must specify a L4 protocol and not use inversions on it
device vxlan0 entered promiscuous mode
xt_CT: You must specify a L4 protocol and not use inversions on it
ptrace attach of "/root/syz-executor.5"[30388] was attempted by "/root/syz-executor.5"[30389]
xt_CT: You must specify a L4 protocol and not use inversions on it
device vxlan0 entered promiscuous mode
xt_CT: You must specify a L4 protocol and not use inversions on it
ptrace attach of "/root/syz-executor.5"[30411] was attempted by "/root/syz-executor.5"[30415]
device vxlan0 entered promiscuous mode
xt_CT: You must specify a L4 protocol and not use inversions on it
xt_CT: You must specify a L4 protocol and not use inversions on it
device vxlan0 entered promiscuous mode
device vxlan0 entered promiscuous mode