Warning: Permanently added '[localhost]:1609' (ECDSA) to the list of known hosts. 2025/11/14 08:06:20 fuzzer started 2025/11/14 08:06:20 dialing manager at localhost:37161 syzkaller login: [ 50.924615] cgroup: Unknown subsys name 'net' [ 50.987507] cgroup: Unknown subsys name 'cpuset' [ 51.003927] cgroup: Unknown subsys name 'rlimit' 2025/11/14 08:06:31 syscalls: 2214 2025/11/14 08:06:31 code coverage: enabled 2025/11/14 08:06:31 comparison tracing: enabled 2025/11/14 08:06:31 extra coverage: enabled 2025/11/14 08:06:31 setuid sandbox: enabled 2025/11/14 08:06:31 namespace sandbox: enabled 2025/11/14 08:06:31 Android sandbox: enabled 2025/11/14 08:06:31 fault injection: enabled 2025/11/14 08:06:31 leak checking: enabled 2025/11/14 08:06:31 net packet injection: enabled 2025/11/14 08:06:31 net device setup: enabled 2025/11/14 08:06:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/11/14 08:06:31 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/11/14 08:06:31 USB emulation: enabled 2025/11/14 08:06:31 hci packet injection: enabled 2025/11/14 08:06:31 wifi device emulation: enabled 2025/11/14 08:06:31 802.15.4 emulation: enabled 2025/11/14 08:06:31 fetching corpus: 0, signal 0/2000 (executing program) 2025/11/14 08:06:31 fetching corpus: 32, signal 15934/19185 (executing program) 2025/11/14 08:06:31 fetching corpus: 60, signal 22584/27070 (executing program) 2025/11/14 08:06:31 fetching corpus: 82, signal 30482/35850 (executing program) 2025/11/14 08:06:31 fetching corpus: 111, signal 37418/43397 (executing program) 2025/11/14 08:06:31 fetching corpus: 145, signal 42385/48967 (executing program) 2025/11/14 08:06:31 fetching corpus: 189, signal 49391/55988 (executing program) 2025/11/14 08:06:31 fetching corpus: 238, signal 56836/63116 (executing program) 2025/11/14 08:06:31 fetching corpus: 288, signal 61534/67777 (executing program) 2025/11/14 08:06:32 fetching corpus: 334, signal 67849/73449 (executing program) 2025/11/14 08:06:32 fetching corpus: 381, signal 74619/79167 (executing program) 2025/11/14 08:06:32 fetching corpus: 427, signal 78147/82196 (executing program) 2025/11/14 08:06:32 fetching corpus: 474, signal 82215/85448 (executing program) 2025/11/14 08:06:32 fetching corpus: 524, signal 84836/87539 (executing program) 2025/11/14 08:06:32 fetching corpus: 571, signal 87346/89451 (executing program) 2025/11/14 08:06:33 fetching corpus: 616, signal 90666/91786 (executing program) 2025/11/14 08:06:33 fetching corpus: 661, signal 92924/93409 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93445/93806 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93445/93823 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/93864 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/93888 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/93903 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/93923 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/93943 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/93954 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/93978 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/94002 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/94026 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/94047 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/94059 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93466/94078 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93468/94100 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93468/94116 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93468/94139 (executing program) 2025/11/14 08:06:33 fetching corpus: 670, signal 93468/94158 (executing program) 2025/11/14 08:06:33 fetching corpus: 671, signal 93471/94178 (executing program) 2025/11/14 08:06:33 fetching corpus: 671, signal 93471/94199 (executing program) 2025/11/14 08:06:33 fetching corpus: 671, signal 93471/94213 (executing program) 2025/11/14 08:06:33 fetching corpus: 672, signal 93476/94237 (executing program) 2025/11/14 08:06:33 fetching corpus: 672, signal 93476/94259 (executing program) 2025/11/14 08:06:33 fetching corpus: 673, signal 93486/94292 (executing program) 2025/11/14 08:06:33 fetching corpus: 674, signal 93496/94320 (executing program) 2025/11/14 08:06:33 fetching corpus: 674, signal 93496/94360 (executing program) 2025/11/14 08:06:33 fetching corpus: 674, signal 93496/94387 (executing program) 2025/11/14 08:06:33 fetching corpus: 674, signal 93496/94418 (executing program) 2025/11/14 08:06:33 fetching corpus: 674, signal 93496/94446 (executing program) 2025/11/14 08:06:33 fetching corpus: 674, signal 93496/94470 (executing program) 2025/11/14 08:06:33 fetching corpus: 675, signal 93506/94495 (executing program) 2025/11/14 08:06:33 fetching corpus: 675, signal 93506/94495 (executing program) 2025/11/14 08:06:35 starting 8 fuzzer processes 08:06:35 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='smaps_rollup\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/76, 0x4c}], 0x1, 0x0, 0x0) 08:06:35 executing program 7: perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000002ac0), 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, 0x0) syz_io_uring_complete(0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file0\x00'}) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x11, 0x7, 0x0, 0x0) 08:06:35 executing program 1: perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) close(r0) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) execve(&(0x7f0000000580)='./file0\x00', 0x0, 0x0) 08:06:35 executing program 2: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) lseek(r0, 0x80000000, 0x1) 08:06:35 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) 08:06:35 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_int(r0, 0x1, 0x12, 0x0, &(0x7f0000000080)) 08:06:35 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x18, &(0x7f0000000180), 0x14) [ 65.596974] audit: type=1400 audit(1763107595.576:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 08:06:35 executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) [ 66.763765] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.769617] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.772636] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.777940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.781552] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.790965] ================================================================== [ 66.792337] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x66d/0x6d0 [ 66.793610] Read of size 2 at addr ffff88800bc333f8 by task kworker/u11:0/290 [ 66.800528] [ 66.800854] CPU: 0 UID: 0 PID: 290 Comm: kworker/u11:0 Not tainted 6.18.0-rc5-next-20251114 #1 PREEMPT(voluntary) [ 66.800888] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 66.800906] Workqueue: hci0 hci_cmd_work [ 66.800943] Call Trace: [ 66.800952] [ 66.800962] dump_stack_lvl+0xca/0x120 [ 66.800995] print_report+0xcb/0x610 [ 66.801028] ? __virt_addr_valid+0x100/0x5d0 [ 66.801058] ? hci_cmd_work+0x66d/0x6d0 [ 66.801089] ? hci_cmd_work+0x66d/0x6d0 [ 66.801131] kasan_report+0xca/0x100 [ 66.801178] ? hci_cmd_work+0x66d/0x6d0 [ 66.801232] hci_cmd_work+0x66d/0x6d0 [ 66.801284] process_one_work+0x8e1/0x19c0 [ 66.801328] ? __pfx_process_one_work+0x10/0x10 [ 66.801363] ? move_linked_works+0x172/0x270 [ 66.801392] ? assign_work+0x196/0x240 [ 66.801446] worker_thread+0x67e/0xe90 [ 66.801481] ? trace_irq_enable.constprop.0+0xc2/0x100 [ 66.801513] ? __pfx_worker_thread+0x10/0x10 [ 66.801549] kthread+0x3c8/0x740 [ 66.801581] ? __pfx_kthread+0x10/0x10 [ 66.801612] ? ret_from_fork+0x79/0x7a0 [ 66.801638] ? lock_release+0xc8/0x290 [ 66.801676] ? __pfx_kthread+0x10/0x10 [ 66.801709] ret_from_fork+0x67a/0x7a0 [ 66.801733] ? __pfx_ret_from_fork+0x10/0x10 [ 66.801760] ? __switch_to+0x759/0x1060 [ 66.801794] ? __pfx_kthread+0x10/0x10 [ 66.801826] ret_from_fork_asm+0x1a/0x30 [ 66.801868] [ 66.801877] [ 66.825141] Allocated by task 282: [ 66.825834] kasan_save_stack+0x24/0x50 [ 66.826573] kasan_save_track+0x14/0x30 [ 66.827291] __kasan_slab_alloc+0x59/0x70 [ 66.828007] kmem_cache_alloc_node_noprof+0x228/0x6b0 [ 66.828925] __alloc_skb+0x2ab/0x370 [ 66.829622] hci_cmd_sync_alloc+0x34/0x300 [ 66.830404] __hci_cmd_sync_sk+0xf7/0x5c0 [ 66.831161] __hci_cmd_sync_status_sk+0x4d/0x1a0 [ 66.832012] hci_cmd_sync_status+0x4c/0x70 [ 66.832773] hci_dev_cmd+0x4d5/0x980 [ 66.833171] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 66.833463] hci_sock_ioctl+0x493/0x810 [ 66.835281] sock_do_ioctl+0xd1/0x240 [ 66.835945] sock_ioctl+0x40d/0x630 [ 66.836606] __x64_sys_ioctl+0x18f/0x210 [ 66.837345] do_syscall_64+0xbf/0x430 [ 66.838035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.838955] [ 66.839287] Freed by task 293: [ 66.839316] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 66.839842] kasan_save_stack+0x24/0x50 [ 66.841634] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 66.842702] kasan_save_track+0x14/0x30 [ 66.843327] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 66.843319] kasan_save_free_info+0x3a/0x60 [ 66.843355] __kasan_slab_free+0x43/0x70 [ 66.845503] kmem_cache_free+0x26f/0x500 [ 66.846131] kfree_skbmem+0x18a/0x1f0 [ 66.846722] sk_skb_reason_drop+0x10e/0x1b0 [ 66.847266] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.847393] vhci_read+0x3d5/0x5d0 [ 66.848822] vfs_read+0x1eb/0xc70 [ 66.849362] ksys_read+0x121/0x240 [ 66.849914] do_syscall_64+0xbf/0x430 [ 66.850505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.851289] [ 66.851551] The buggy address belongs to the object at ffff88800bc333c0 [ 66.851551] which belongs to the cache skbuff_head_cache of size 232 [ 66.853506] The buggy address is located 56 bytes inside of [ 66.853506] freed 232-byte region [ffff88800bc333c0, ffff88800bc334a8) [ 66.855265] [ 66.855519] The buggy address belongs to the physical page: [ 66.856353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xbc33 [ 66.857552] flags: 0x100000000000000(node=0|zone=1) [ 66.858296] page_type: f5(slab) [ 66.858784] raw: 0100000000000000 ffff8880096c78c0 dead000000000122 0000000000000000 [ 66.859899] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 66.861014] page dumped because: kasan: bad access detected [ 66.861851] [ 66.862110] Memory state around the buggy address: [ 66.862849] ffff88800bc33280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.863921] ffff88800bc33300: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 66.864977] >ffff88800bc33380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 66.866030] ^ [ 66.867095] ffff88800bc33400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.868187] ffff88800bc33480: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 66.869261] ================================================================== [ 66.870467] Disabling lock debugging due to kernel taint [ 66.887550] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 66.890370] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 66.891757] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 66.893590] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.895088] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 66.897028] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.900731] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.902528] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.917522] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 66.920166] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 66.921451] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.922664] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 66.923956] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 66.925123] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 66.926250] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 66.928004] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 66.928076] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 66.934089] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 66.936451] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.952686] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 66.954610] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 66.959572] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 66.961383] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 66.964865] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 66.968759] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 66.968881] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 66.971284] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 66.980060] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 66.983666] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 66.985135] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.921277] Bluetooth: hci0: command tx timeout [ 68.921783] Bluetooth: hci1: command tx timeout [ 68.985299] Bluetooth: hci2: command tx timeout [ 68.985752] Bluetooth: hci3: command tx timeout [ 69.049272] Bluetooth: hci4: command tx timeout [ 69.049713] Bluetooth: hci5: command tx timeout [ 69.050092] Bluetooth: hci7: command tx timeout [ 69.051067] Bluetooth: hci6: command tx timeout [ 70.969922] Bluetooth: hci0: command tx timeout [ 70.970455] Bluetooth: hci1: command tx timeout [ 71.033317] Bluetooth: hci3: command tx timeout [ 71.033775] Bluetooth: hci2: command tx timeout [ 71.097282] Bluetooth: hci6: command tx timeout [ 71.097727] Bluetooth: hci4: command tx timeout [ 71.098101] Bluetooth: hci7: command tx timeout [ 71.098843] Bluetooth: hci5: command tx timeout [ 73.018225] Bluetooth: hci0: command tx timeout [ 73.018689] Bluetooth: hci1: command tx timeout [ 73.081243] Bluetooth: hci3: command tx timeout [ 73.081694] Bluetooth: hci2: command tx timeout [ 73.146027] Bluetooth: hci5: command tx timeout [ 73.146634] Bluetooth: hci7: command tx timeout [ 73.147005] Bluetooth: hci4: command tx timeout [ 73.147403] Bluetooth: hci6: command tx timeout [ 75.065353] Bluetooth: hci1: command tx timeout [ 75.065813] Bluetooth: hci0: command tx timeout [ 75.129350] Bluetooth: hci2: command tx timeout [ 75.129786] Bluetooth: hci3: command tx timeout [ 75.193344] Bluetooth: hci4: command tx timeout [ 75.193809] Bluetooth: hci6: command tx timeout [ 75.194727] Bluetooth: hci7: command tx timeout [ 75.195108] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 08:06:36 Registers: info registers vcpu 0 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8293dd05 RDI=ffffffff889747c0 RBP=ffffffff88974780 RSP=ffff88801be5f618 R8 =0000000000000000 R9 =ffffed1001410046 R10=0000000000000066 R11=6230303838386652 R12=0000000000000066 R13=0000000000000010 R14=ffffffff88974780 R15=ffffffff8293dcf0 RIP=ffffffff8293dd5d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e538f000 00000000 00000000 LDT=0000 fffffe6b00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fee7528c000 CR3=000000000c5f2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f5898aa07c000007f5898aa07c8 XMM02=00007f5898aa07e000007f5898aa07c0 XMM03=00007f5898aa07c800007f5898aa07c0 XMM04=ffffffffffffffffffffffffffffff00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000003fe55 RBX=0000000000000001 RCX=ffffffff84c7add7 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff814d3ad0 RBP=dffffc0000000000 RSP=ffff8880096efe58 R8 =0000000000000001 R9 =ffffed100d9e639a R10=ffff88806cf31cd3 R11=0000000000000001 R12=ffffffff8664ed50 R13=1ffff110012ddfd2 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff84c797ce RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e548f000 00000000 00000000 LDT=0000 fffffe6300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005569787dcdf8 CR3=000000001bd30000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffff00000000000000 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=49006d756e203c2069000a313a56000a XMM09=00000000000000000000000000000000 XMM10=00000020200000000000002020000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000