Bluetooth: hci4: command tx timeout
Bluetooth: hci3: command tx timeout
Bluetooth: hci5: command tx timeout
Bluetooth: hci6: command tx timeout
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3541 at fs/namespace.c:163 mnt_ns_release+0x173/0x1e0
Modules linked in:
CPU: 1 UID: 0 PID: 3541 Comm: syz-executor.4 Not tainted 6.13.0-rc3-next-20241220 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:mnt_ns_release+0x173/0x1e0
Code: ff 48 c7 c7 50 d4 d0 85 e8 9a 76 ed 02 bf 01 00 00 00 89 c3 89 c6 e8 dc 1b b7 ff 83 fb 01 0f 85 e6 fe ff ff e8 de 20 b7 ff 90 <0f> 0b 90 e9 d8 fe ff ff e8 d0 20 b7 ff 4c 89 e7 e8 38 55 b3 ff eb
RSP: 0018:ffff88806cf09e40 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81baa864
RDX: ffff88800e665340 RSI: ffffffff81baa872 RDI: 0000000000000005
RBP: ffff888019102400 R08: 0000000000000001 R09: fffffbfff0c7f992
R10: 0000000000000001 R11: 1ffff1100d9e7919 R12: 0000000000000001
R13: ffff88806cf09ee0 R14: ffffffff815aedc4 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa8351246f4 CR3: 000000000709e000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 rcu_core+0x7c9/0x17a0
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:lock_acquire.part.0+0x10e/0x320
Code: b6 c9 e8 35 a7 ff ff b8 ff ff ff ff 48 83 c4 28 65 0f c1 05 fc 42 b2 7e 83 f8 01 0f 85 aa 01 00 00 48 85 ed 0f 85 9b 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffff88803312fa68 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff11006625f50 RCX: 1ffff11006625f35
RDX: 1ffff11001cccbb0 RSI: 0000000000000001 RDI: ffffffff8788bb98
RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff0fdfbe6
R10: ffffffff87efdf37 R11: 0000000000000000 R12: ffffffff85d0d450
R13: ffff88800e665c68 R14: 0000000000000000 R15: ffff88800ef9de80
 _raw_spin_lock+0x2b/0x40
 free_mnt_ns+0xff/0x250
 put_mnt_ns+0xfc/0x130
 free_nsproxy+0x47/0x460
 switch_task_namespaces+0xe2/0x100
 do_exit+0xab5/0x2a40
 do_group_exit+0xd3/0x2a0
 get_signal+0x2240/0x2320
 arch_do_signal_or_restart+0x81/0x780
 syscall_exit_to_user_mode+0x123/0x1e0
 do_syscall_64+0xcc/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faa741eb8d7
Code: Unable to access opcode bytes at 0x7faa741eb8ad.
RSP: 002b:00007ffdd7996aa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffed RBX: 0000000000000004 RCX: 00007faa741eb8d7
RDX: 00007ffdd7996ab0 RSI: 0000000000008933 RDI: 0000000000000004
RBP: 0000000000000004 R08: 0000000000000200 R09: 0000000000000006
R10: 00007faa74245b80 R11: 0000000000000246 R12: 00007ffdd7996ab0
R13: 0000000000000003 R14: 00007ffdd7996b3c R15: 0000000000000040
 </TASK>
irq event stamp: 128394
hardirqs last  enabled at (128406): [<ffffffff81528b38>] __up_console_sem+0x78/0x80
hardirqs last disabled at (128415): [<ffffffff81528b1d>] __up_console_sem+0x5d/0x80
softirqs last  enabled at (127200): [<ffffffff813a9e4c>] handle_softirqs+0x50c/0x770
softirqs last disabled at (127297): [<ffffffff813aa1e4>] __irq_exit_rcu+0xc4/0x100
---[ end trace 0000000000000000 ]---
Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci0: command tx timeout
Bluetooth: hci1: command tx timeout
Bluetooth: hci2: command tx timeout
Bluetooth: hci3: command tx timeout
Bluetooth: hci4: command tx timeout
Bluetooth: hci6: command tx timeout
Bluetooth: hci5: command tx timeout
Bluetooth: hci7: command tx timeout
Bluetooth: hci0: command tx timeout
Bluetooth: hci2: command tx timeout
Bluetooth: hci1: command tx timeout
Bluetooth: hci3: command tx timeout
Bluetooth: hci4: command tx timeout
Bluetooth: hci6: command tx timeout
Bluetooth: hci7: command tx timeout
Bluetooth: hci5: command tx timeout
Bluetooth: hci0: command tx timeout
Bluetooth: hci2: command tx timeout
Bluetooth: hci1: command tx timeout
Bluetooth: hci3: command tx timeout
Bluetooth: hci4: command tx timeout
Bluetooth: hci6: command tx timeout
Bluetooth: hci7: command tx timeout
Bluetooth: hci5: command tx timeout
----------------
Code disassembly (best guess):
   0:	b6 c9                	mov    $0xc9,%dh
   2:	e8 35 a7 ff ff       	callq  0xffffa73c
   7:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
   c:	48 83 c4 28          	add    $0x28,%rsp
  10:	65 0f c1 05 fc 42 b2 	xadd   %eax,%gs:0x7eb242fc(%rip)        # 0x7eb24314
  17:	7e
  18:	83 f8 01             	cmp    $0x1,%eax
  1b:	0f 85 aa 01 00 00    	jne    0x1cb
  21:	48 85 ed             	test   %rbp,%rbp
  24:	0f 85 9b 01 00 00    	jne    0x1c5
* 2a:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  31:	fc ff df
  34:	48 01 c3             	add    %rax,%rbx
  37:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  3e:	48                   	rex.W
  3f:	c7                   	.byte 0xc7