Warning: Permanently added '[localhost]:14310' (ECDSA) to the list of known hosts. 2023/02/24 10:49:07 fuzzer started 2023/02/24 10:49:08 dialing manager at localhost:41417 syzkaller login: [ 35.378595] cgroup: Unknown subsys name 'net' [ 35.488151] cgroup: Unknown subsys name 'rlimit' 2023/02/24 10:49:20 syscalls: 2217 2023/02/24 10:49:20 code coverage: enabled 2023/02/24 10:49:20 comparison tracing: enabled 2023/02/24 10:49:20 extra coverage: enabled 2023/02/24 10:49:20 setuid sandbox: enabled 2023/02/24 10:49:20 namespace sandbox: enabled 2023/02/24 10:49:20 Android sandbox: enabled 2023/02/24 10:49:20 fault injection: enabled 2023/02/24 10:49:20 leak checking: enabled 2023/02/24 10:49:20 net packet injection: enabled 2023/02/24 10:49:20 net device setup: enabled 2023/02/24 10:49:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 10:49:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 10:49:20 USB emulation: enabled 2023/02/24 10:49:20 hci packet injection: enabled 2023/02/24 10:49:20 wifi device emulation: enabled 2023/02/24 10:49:20 802.15.4 emulation: enabled 2023/02/24 10:49:20 fetching corpus: 0, signal 0/0 (executing program) 2023/02/24 10:49:20 fetching corpus: 0, signal 0/0 (executing program) 2023/02/24 10:49:22 starting 8 fuzzer processes 10:49:22 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000140)=""/237) shmat(0x0, &(0x7f0000ff7000/0x1000)=nil, 0x4000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmctl$IPC_RMID(0x0, 0x0) finit_module(r0, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x1b}, 0x18) fcntl$getown(0xffffffffffffffff, 0x9) shmctl$IPC_RMID(0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r1, 0x3305) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff8000/0x4000)=nil) shmctl$IPC_RMID(0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1c5042, 0x0) write(r2, &(0x7f0000000200)='E', 0x140000) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) 10:49:22 executing program 1: connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x16}, 0x9}, 0x1c) socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8916, &(0x7f0000000380)={@empty, 0x0, r2}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r3, &(0x7f00000002c0)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @broadcast}, 0x14) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f0000000100)={'ip6gre0\x00', r5, 0x2f, 0x3d, 0x5, 0x5, 0xa, @remote, @private1, 0x10, 0x10, 0x5, 0x3}}) recvfrom(r0, &(0x7f0000000040), 0x0, 0x10042, &(0x7f0000000080)=@nl=@proc={0x10, 0x0, 0x25dfdbfe, 0x10000000}, 0x80) 10:49:22 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff3000/0x4000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x166}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmctl$IPC_RMID(0xffffffffffffffff, 0x0) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff8000/0x4000)=nil) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = memfd_create(&(0x7f0000000300)='B\xdb/\x89\x03l\xdeb\xcb\xb54\xed\xbeLK\xa4g?K)\xa0\xf0\x9b8Y\xb5Z\xe1\x12S\xf5G\xcc\xf3\xe9\x02h\v\xca(\x96\xe1C\xdf\x1c\xea\x85C\xfb\x10\x13\xfa\x03\x16\xcd\x17\xa2\x80\xa1z\xb4r\x95\xc3@\x9d\xa6\xf1\x92#}g\xd3`\xf7\xcez\xcb\xb3\x1a\xbb\xc48e\x8e\xb1&\xd1\x8a\xe6!\x7f\x8d\xea,qx\xa28\xbf\"\xc7e\x80L\xb06\xeb<$\xd7\xba\xe5\x01\x03\x94r\xab\xd4J\x03s\xaf\xf6A\xbfV\xfa\x1ew\x8d\xbf\x99I\x97\xd8\xd2\xe8\x11\xc4\x04\x00\x84\xd5i\xee\xaf\xae[E\x1f\xdd\xd7#rT+\xb621p\xaf[\x99\" 1\xeb\xc7)\xd2\x1dh\xf2\xd5s\xfd?\fa>\x9f;\xe5r\xe5\xbd\xb0|=\x8eZcPY\xf8\xbd\x13\xaa\x8b\xdf\xbc\x93u\xd5\xb0r\xfb\xde\xe7\xd9k\xe2\xc6\x1b\xf2o@&>\xf2M\xe7\x8c\xeb\xee\xf5\x02~\x85\x14\xf3\xc6v\xf15PE\x8c\xca\x16$\xc2\x01#\xb563\rbq\xbf64\xfaW\x17\xdfa\xe6\xca\x86\xd7\xf8\x81X\x9bg4\xc1\xdam\xcf=Rq6\xb0\xd4D=I\x1a\x0e\xd0\xabz\xe2\x19\x0fM\xad\xdco\xa4\xb2\x8c?\xc1\x10\xf273\xd00\xb3_\xe8\x9a*\xfcL\xea;\xc0\x9a\xdbx!N;\xb5x\t\xa4E\xbe\x93r\x04\xf5\xf0\xf5\x7f\x9a)\xf5\x1b\"\xa1\xd8\x06>\xc9\xe2r\xe9_\xee\xc0\b\x81\x98\x1c\xe2\xe0?\x8f\xa1\xbel\aN\x83@\xb1\x03)4A\x83\xd6\xcf\xf6\xb5\x82\xb7\x9dA\b$\xa2x\x8a@\xfaj~\xef\x93\xb1/L\x01\xe2\xba', 0x0) pwritev2(r1, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) shmctl$SHM_STAT_ANY(0x0, 0xf, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x0) mmap(&(0x7f0000fec000/0x2000)=nil, 0x2000, 0x1000004, 0x2810, r0, 0xc87f0000) shmctl$IPC_RMID(0x0, 0x0) shmat(0x0, &(0x7f0000fec000/0x4000)=nil, 0x7000) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r2, 0x3305) shmget$private(0x0, 0x3000, 0x400, &(0x7f0000ff2000/0x3000)=nil) 10:49:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002440)=ANY=[@ANYBLOB="140000001a0001"], 0x28}}, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000000)=0xffff, 0x4) recvmmsg(r0, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 49.211146] audit: type=1400 audit(1677235762.058:6): avc: denied { execmem } for pid=260 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:49:22 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) 10:49:22 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = fsopen(&(0x7f0000000080)='sysfs\x00', 0x0) r1 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x6, 0x0, 0x0, 0x0) dup3(r0, r1, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, 0x0, 0x0) 10:49:22 executing program 6: socket$packet(0x11, 0x0, 0x300) 10:49:22 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) fcntl$lock(r0, 0xf, &(0x7f0000000240)={0x0, 0x2}) [ 50.394873] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 50.398849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 50.400431] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 50.403775] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 50.405618] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 50.407021] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 50.442277] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 50.443909] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 50.445945] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 50.448428] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 50.449505] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 50.450548] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 50.451930] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 50.452928] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 50.453907] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 50.458109] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 50.459517] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 50.461310] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 50.462551] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 50.463881] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 50.465893] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 50.467046] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 50.472058] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 50.524018] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 50.525272] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 50.528076] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 50.536298] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 50.550148] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 50.552502] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 50.553953] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 50.576859] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 50.578874] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 50.592902] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 50.594916] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 50.594990] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 50.597766] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 50.602945] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 50.605756] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 50.607573] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 50.610051] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 50.611928] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 50.616056] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 52.474981] Bluetooth: hci0: command 0x0409 tx timeout [ 52.538361] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 52.538395] Bluetooth: hci1: command 0x0409 tx timeout [ 52.539664] Bluetooth: hci3: command 0x0409 tx timeout [ 52.540518] [ 52.540764] ====================================================== [ 52.541579] WARNING: possible circular locking dependency detected [ 52.542374] 6.2.0-next-20230224 #1 Not tainted [ 52.544815] ------------------------------------------------------ [ 52.547357] syz-executor.2/274 is trying to acquire lock: [ 52.548094] ffff888016820880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 52.549530] [ 52.549530] but task is already holding lock: [ 52.550307] ffff888016820920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 52.551596] [ 52.551596] which lock already depends on the new lock. [ 52.551596] [ 52.552662] [ 52.552662] the existing dependency chain (in reverse order) is: [ 52.553664] [ 52.553664] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 52.554631] __mutex_lock+0x133/0x14a0 [ 52.555273] hci_cmd_sync_work+0x1e6/0x320 [ 52.555958] process_one_work+0xa0f/0x1790 [ 52.556630] worker_thread+0x63b/0x1260 [ 52.557270] kthread+0x2e9/0x3a0 [ 52.557801] ret_from_fork+0x2c/0x50 [ 52.558388] [ 52.558388] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 52.559548] __lock_acquire+0x2d56/0x6380 [ 52.560240] lock_acquire.part.0+0xea/0x320 [ 52.560956] __flush_work+0x109/0xd80 [ 52.561615] __cancel_work_timer+0x39c/0x4e0 [ 52.562326] hci_cmd_sync_clear+0x52/0x250 [ 52.563020] hci_unregister_dev+0xf9/0x410 [ 52.563711] vhci_release+0x80/0x100 [ 52.564330] __fput+0x263/0xa40 [ 52.564883] task_work_run+0x174/0x280 [ 52.565524] do_exit+0xad8/0x2800 [ 52.566082] do_group_exit+0xd4/0x2a0 [ 52.566681] __x64_sys_exit_group+0x3e/0x50 [ 52.567350] do_syscall_64+0x3f/0x90 [ 52.567935] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 52.568710] [ 52.568710] other info that might help us debug this: [ 52.568710] [ 52.569781] Possible unsafe locking scenario: [ 52.569781] [ 52.570567] CPU0 CPU1 [ 52.571182] ---- ---- [ 52.571817] lock(&hdev->cmd_sync_work_lock); [ 52.572465] lock((work_completion)(&hdev->cmd_sync_work)); [ 52.573632] lock(&hdev->cmd_sync_work_lock); [ 52.574616] lock((work_completion)(&hdev->cmd_sync_work)); [ 52.575428] [ 52.575428] *** DEADLOCK *** [ 52.575428] [ 52.576242] 1 lock held by syz-executor.2/274: [ 52.576857] #0: ffff888016820920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 52.578210] [ 52.578210] stack backtrace: [ 52.578802] CPU: 1 PID: 274 Comm: syz-executor.2 Not tainted 6.2.0-next-20230224 #1 [ 52.579823] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 52.580894] Call Trace: [ 52.581308] [ 52.581650] dump_stack_lvl+0x91/0xf0 [ 52.582217] check_noncircular+0x263/0x2e0 [ 52.582854] ? __pfx_check_noncircular+0x10/0x10 [ 52.583571] ? queued_spin_lock_slowpath+0xd1/0xc50 [ 52.584319] __lock_acquire+0x2d56/0x6380 [ 52.584958] ? lock_is_held_type+0x9f/0x120 [ 52.585649] ? __pfx___lock_acquire+0x10/0x10 [ 52.586328] ? __pfx_register_lock_class+0x10/0x10 [ 52.587055] ? __wait_for_common+0x394/0x550 [ 52.587730] ? __pfx_lock_release+0x10/0x10 [ 52.588371] lock_acquire.part.0+0xea/0x320 [ 52.589010] ? __flush_work+0xdd/0xd80 [ 52.589611] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 52.590345] ? __flush_work+0xdd/0xd80 [ 52.590929] ? rcu_read_lock_sched_held+0x42/0x80 [ 52.591638] ? trace_lock_acquire+0x170/0x1e0 [ 52.592318] ? __flush_work+0xdd/0xd80 [ 52.592909] ? lock_acquire+0x32/0xc0 [ 52.593500] ? __flush_work+0xdd/0xd80 [ 52.594086] __flush_work+0x109/0xd80 [ 52.594660] ? __flush_work+0xdd/0xd80 [ 52.595251] ? __pfx_mark_lock.part.0+0x10/0x10 [ 52.595959] ? __pfx___flush_work+0x10/0x10 [ 52.596618] ? lock_acquire.part.0+0xea/0x320 [ 52.597312] ? hci_cmd_sync_clear+0x45/0x250 [ 52.597975] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 52.598704] ? hci_cmd_sync_clear+0x45/0x250 [ 52.599362] ? rcu_read_lock_sched_held+0x42/0x80 [ 52.600061] ? trace_lock_acquire+0x170/0x1e0 [ 52.600725] ? lock_is_held_type+0x9f/0x120 [ 52.601397] ? mark_held_locks+0x9e/0xe0 [ 52.602002] __cancel_work_timer+0x39c/0x4e0 [ 52.602248] Bluetooth: hci5: command 0x0409 tx timeout [ 52.602644] ? __pfx___cancel_work_timer+0x10/0x10 [ 52.603060] Bluetooth: hci2: command 0x0409 tx timeout [ 52.603733] ? __cancel_work_timer+0x2aa/0x4e0 [ 52.604815] ? __pfx___cancel_work_timer+0x10/0x10 [ 52.605554] ? lock_release+0x1e3/0x710 [ 52.606150] ? __pfx_lock_release+0x10/0x10 [ 52.606796] ? do_raw_write_lock+0x11e/0x3b0 [ 52.607447] ? __pfx_vhci_release+0x10/0x10 [ 52.608077] hci_cmd_sync_clear+0x52/0x250 [ 52.608698] ? __pfx_vhci_release+0x10/0x10 [ 52.609342] hci_unregister_dev+0xf9/0x410 [ 52.609926] vhci_release+0x80/0x100 [ 52.610449] __fput+0x263/0xa40 [ 52.610924] task_work_run+0x174/0x280 [ 52.611476] ? __pfx_task_work_run+0x10/0x10 [ 52.612087] ? do_raw_spin_unlock+0x53/0x220 [ 52.612701] do_exit+0xad8/0x2800 [ 52.613212] ? lock_release+0x1e3/0x710 [ 52.613775] ? __pfx_lock_release+0x10/0x10 [ 52.614376] ? do_raw_spin_lock+0x125/0x270 [ 52.614967] ? __pfx_do_exit+0x10/0x10 [ 52.615514] do_group_exit+0xd4/0x2a0 [ 52.616050] __x64_sys_exit_group+0x3e/0x50 [ 52.616645] do_syscall_64+0x3f/0x90 [ 52.617173] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 52.617870] RIP: 0033:0x7fc341f21b19 [ 52.618375] Code: Unable to access opcode bytes at 0x7fc341f21aef. [ 52.619214] RSP: 002b:00007ffe8821c868 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 52.620267] RAX: ffffffffffffffda RBX: 00007ffe8821d048 RCX: 00007fc341f21b19 [ 52.621242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 52.622220] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffe8821d048 [ 52.623202] R10: 0000000000000020 R11: 0000000000000246 R12: 00007fc341f7b233 [ 52.624192] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 52.625220] [ 52.666287] Bluetooth: hci4: command 0x0409 tx timeout [ 52.666299] Bluetooth: hci7: command 0x0409 tx timeout [ 54.523275] Bluetooth: hci0: command 0x041b tx timeout [ 54.586265] Bluetooth: hci3: command 0x041b tx timeout [ 54.586290] Bluetooth: hci1: command 0x041b tx timeout [ 54.650249] Bluetooth: hci2: command 0x041b tx timeout [ 54.650651] Bluetooth: hci5: command 0x041b tx timeout [ 54.714305] Bluetooth: hci4: command 0x041b tx timeout [ 54.714737] Bluetooth: hci7: command 0x041b tx timeout [ 55.148989] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 55.152985] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 55.156763] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 55.162361] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 55.166116] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 55.168010] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 56.570330] Bluetooth: hci0: command 0x040f tx timeout [ 56.634292] Bluetooth: hci3: command 0x040f tx timeout [ 56.635564] Bluetooth: hci1: command 0x040f tx timeout [ 56.699316] Bluetooth: hci5: command 0x040f tx timeout [ 56.699703] Bluetooth: hci2: command 0x040f tx timeout [ 56.763735] Bluetooth: hci7: command 0x040f tx timeout [ 56.764133] Bluetooth: hci4: command 0x040f tx timeout [ 57.211247] Bluetooth: hci6: command 0x0409 tx timeout [ 58.618325] Bluetooth: hci0: command 0x0419 tx timeout [ 58.682466] Bluetooth: hci1: command 0x0419 tx timeout [ 58.683157] Bluetooth: hci3: command 0x0419 tx timeout [ 58.746346] Bluetooth: hci2: command 0x0419 tx timeout [ 58.747031] Bluetooth: hci5: command 0x0419 tx timeout [ 58.810257] Bluetooth: hci4: command 0x0419 tx timeout [ 58.810942] Bluetooth: hci7: command 0x0419 tx timeout [ 59.258270] Bluetooth: hci6: command 0x041b tx timeout [ 61.306259] Bluetooth: hci6: command 0x040f tx timeout VM DIAGNOSIS: 10:49:25 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000000 RCX=ffff88801469f690 RDX=1ffff110028d3ec6 RSI=ffffffff813a4f10 RDI=ffff88801469f5f0 RBP=ffff88801469f648 RSP=ffff88801469f580 R8 =0000000000000001 R9 =ffff88801469f630 R10=0000000000038001 R11=0000000000000001 R12=ffff88801469f650 R13=ffff88801469f5f0 R14=ffff88801469f631 R15=0000000000000001 RIP=ffffffff81132670 RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe3455c8b000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe3455c89000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3ca7243368 CR3=00000000366b2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff8880319cf190 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000032 R11=0000000000000001 R12=0000000000000032 R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0201b18000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0201b16000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f781b394260 CR3=00000000365fc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000