Warning: Permanently added '[localhost]:39102' (ECDSA) to the list of known hosts. 2023/02/24 11:02:23 fuzzer started 2023/02/24 11:02:23 dialing manager at localhost:41417 syzkaller login: [ 45.225892] cgroup: Unknown subsys name 'net' [ 45.315548] cgroup: Unknown subsys name 'rlimit' 2023/02/24 11:02:38 syscalls: 2217 2023/02/24 11:02:38 code coverage: enabled 2023/02/24 11:02:38 comparison tracing: enabled 2023/02/24 11:02:38 extra coverage: enabled 2023/02/24 11:02:38 setuid sandbox: enabled 2023/02/24 11:02:38 namespace sandbox: enabled 2023/02/24 11:02:38 Android sandbox: enabled 2023/02/24 11:02:38 fault injection: enabled 2023/02/24 11:02:38 leak checking: enabled 2023/02/24 11:02:38 net packet injection: enabled 2023/02/24 11:02:38 net device setup: enabled 2023/02/24 11:02:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 11:02:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 11:02:38 USB emulation: enabled 2023/02/24 11:02:38 hci packet injection: enabled 2023/02/24 11:02:38 wifi device emulation: enabled 2023/02/24 11:02:38 802.15.4 emulation: enabled 2023/02/24 11:02:38 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 11:02:38 fetching corpus: 29, signal 18482/22052 (executing program) 2023/02/24 11:02:38 fetching corpus: 63, signal 29227/34217 (executing program) 2023/02/24 11:02:38 fetching corpus: 96, signal 40180/46394 (executing program) 2023/02/24 11:02:39 fetching corpus: 146, signal 55110/62087 (executing program) 2023/02/24 11:02:39 fetching corpus: 196, signal 64802/72506 (executing program) 2023/02/24 11:02:39 fetching corpus: 246, signal 71218/79683 (executing program) 2023/02/24 11:02:39 fetching corpus: 296, signal 78574/87619 (executing program) 2023/02/24 11:02:39 fetching corpus: 346, signal 84243/93892 (executing program) 2023/02/24 11:02:39 fetching corpus: 396, signal 88438/98659 (executing program) 2023/02/24 11:02:40 fetching corpus: 446, signal 93019/103732 (executing program) 2023/02/24 11:02:40 fetching corpus: 496, signal 96394/107648 (executing program) 2023/02/24 11:02:40 fetching corpus: 546, signal 100443/112051 (executing program) 2023/02/24 11:02:40 fetching corpus: 596, signal 106129/117719 (executing program) 2023/02/24 11:02:40 fetching corpus: 646, signal 109191/121140 (executing program) 2023/02/24 11:02:40 fetching corpus: 696, signal 111327/123673 (executing program) 2023/02/24 11:02:40 fetching corpus: 746, signal 113867/126512 (executing program) 2023/02/24 11:02:41 fetching corpus: 796, signal 116624/129484 (executing program) 2023/02/24 11:02:41 fetching corpus: 845, signal 118973/132027 (executing program) 2023/02/24 11:02:41 fetching corpus: 895, signal 122202/135228 (executing program) 2023/02/24 11:02:41 fetching corpus: 945, signal 124916/137991 (executing program) 2023/02/24 11:02:41 fetching corpus: 994, signal 128782/141576 (executing program) 2023/02/24 11:02:42 fetching corpus: 1044, signal 131368/144022 (executing program) 2023/02/24 11:02:42 fetching corpus: 1094, signal 133888/146460 (executing program) 2023/02/24 11:02:42 fetching corpus: 1144, signal 136140/148624 (executing program) 2023/02/24 11:02:42 fetching corpus: 1194, signal 138500/150833 (executing program) 2023/02/24 11:02:42 fetching corpus: 1244, signal 141322/153278 (executing program) 2023/02/24 11:02:42 fetching corpus: 1293, signal 142976/154880 (executing program) 2023/02/24 11:02:43 fetching corpus: 1343, signal 144733/156464 (executing program) 2023/02/24 11:02:43 fetching corpus: 1391, signal 146629/158167 (executing program) 2023/02/24 11:02:43 fetching corpus: 1441, signal 148704/159931 (executing program) 2023/02/24 11:02:43 fetching corpus: 1491, signal 149942/161082 (executing program) 2023/02/24 11:02:43 fetching corpus: 1541, signal 151823/162634 (executing program) 2023/02/24 11:02:43 fetching corpus: 1591, signal 153641/164107 (executing program) 2023/02/24 11:02:43 fetching corpus: 1641, signal 154981/165236 (executing program) 2023/02/24 11:02:44 fetching corpus: 1691, signal 156314/166346 (executing program) 2023/02/24 11:02:44 fetching corpus: 1741, signal 157608/167376 (executing program) 2023/02/24 11:02:44 fetching corpus: 1791, signal 159006/168484 (executing program) 2023/02/24 11:02:44 fetching corpus: 1840, signal 159876/169250 (executing program) 2023/02/24 11:02:44 fetching corpus: 1890, signal 161331/170299 (executing program) 2023/02/24 11:02:44 fetching corpus: 1940, signal 163255/171593 (executing program) 2023/02/24 11:02:44 fetching corpus: 1990, signal 164636/172520 (executing program) 2023/02/24 11:02:44 fetching corpus: 2040, signal 165447/173129 (executing program) 2023/02/24 11:02:45 fetching corpus: 2090, signal 166929/174051 (executing program) 2023/02/24 11:02:45 fetching corpus: 2140, signal 168665/175076 (executing program) 2023/02/24 11:02:45 fetching corpus: 2190, signal 169597/175674 (executing program) 2023/02/24 11:02:45 fetching corpus: 2239, signal 170846/176445 (executing program) 2023/02/24 11:02:45 fetching corpus: 2289, signal 172023/177109 (executing program) 2023/02/24 11:02:45 fetching corpus: 2339, signal 173395/177835 (executing program) 2023/02/24 11:02:45 fetching corpus: 2389, signal 174571/178421 (executing program) 2023/02/24 11:02:46 fetching corpus: 2439, signal 175473/178918 (executing program) 2023/02/24 11:02:46 fetching corpus: 2489, signal 177017/179644 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178007/180156 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178009/180199 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178009/180249 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178009/180289 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178009/180328 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178009/180364 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178009/180407 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178009/180435 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178009/180486 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178009/180523 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180556 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180600 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180653 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180694 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180734 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180767 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180807 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180840 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180879 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180927 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/180974 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/181021 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/181067 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/181100 (executing program) 2023/02/24 11:02:46 fetching corpus: 2534, signal 178011/181149 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181186 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181224 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181268 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181304 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181336 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181370 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181416 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181446 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181497 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181545 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181578 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181638 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181681 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181728 (executing program) 2023/02/24 11:02:46 fetching corpus: 2535, signal 178023/181728 (executing program) 2023/02/24 11:02:49 starting 8 fuzzer processes 11:02:49 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x0, @remote}, {0x2, 0x0, @empty}, {0x2, 0x0, @broadcast}, 0x186}) 11:02:49 executing program 1: clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0xfffffffffffffffd, 0x0, 0x0, 0x0}, 0x58) 11:02:49 executing program 2: r0 = timerfd_create(0x1, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000000), 0x0) [ 69.860169] audit: type=1400 audit(1677236569.552:6): avc: denied { execmem } for pid=261 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:02:49 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={[{@mpol={'mpol', 0x3d, {'default', '', @val={0x3a, [0x2d]}}}}]}) 11:02:49 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000c00)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000c40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@noextend}]}}) 11:02:49 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, 0x0, &(0x7f0000000140)) 11:02:49 executing program 6: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$chown(0x4, r0, 0xee00, 0x0) r1 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000140)=ANY=[@ANYBLOB="01a25e05395ef433d0ba3f74f0cb1142000000000000", @ANYRES32=r0, @ANYBLOB="000000000000000000000000000000000000000000000080fa84d392d76a8a0061f3efc4936caf566263646566676809bde98319cb767778797a3031323334353604000000000000"]) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x228842, 0x120) r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r2, r3, 0x0, 0x0) keyctl$set_timeout(0xf, 0x0, 0xef6) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='ns\x00') inotify_add_watch(r5, &(0x7f0000000200)='./file1\x00', 0x0) vmsplice(r4, &(0x7f0000000100), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, {r4}}, './file1\x00'}) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='net/snmp6\x00') openat(0xffffffffffffffff, &(0x7f0000000240)='./file1\x00', 0x0, 0x80) pread64(r6, &(0x7f0000009780)=""/112, 0x70, 0xa52) r7 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r7, 0x4040942c, &(0x7f0000000040)={0x0, 0x2000000000f, [0x0, 0x156280000000002, 0x401, 0x1, 0x7a]}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r8, 0x4004662b, &(0x7f0000000340)) 11:02:49 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_int(r0, 0x1, 0x6, 0x0, &(0x7f00000001c0)) [ 71.122789] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.124902] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.126614] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.129671] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.131813] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 71.133375] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.136308] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.145463] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.146371] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.170959] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.175150] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.178417] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.184587] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 71.185959] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.186970] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.189907] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.195372] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 71.196624] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.248086] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.249349] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.252261] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.252953] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.254015] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.255769] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.257509] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.260369] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 71.261453] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 71.269425] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.280088] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 71.281491] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 71.330412] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.341391] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.351942] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.387233] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.399483] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 71.428231] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.199098] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 73.199230] Bluetooth: hci1: command 0x0409 tx timeout [ 73.201140] [ 73.201328] ====================================================== [ 73.201940] WARNING: possible circular locking dependency detected [ 73.202545] 6.2.0-next-20230224 #1 Not tainted [ 73.202993] ------------------------------------------------------ [ 73.207137] syz-executor.3/273 is trying to acquire lock: [ 73.207666] ffff888014630880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 73.208719] [ 73.208719] but task is already holding lock: [ 73.209283] ffff888014630920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 73.210217] [ 73.210217] which lock already depends on the new lock. [ 73.210217] [ 73.210989] [ 73.210989] the existing dependency chain (in reverse order) is: [ 73.211716] [ 73.211716] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 73.212410] __mutex_lock+0x133/0x14a0 [ 73.212862] hci_cmd_sync_work+0x1e6/0x320 [ 73.213343] process_one_work+0xa0f/0x1790 [ 73.213816] worker_thread+0x63b/0x1260 [ 73.214279] kthread+0x2e9/0x3a0 [ 73.214663] ret_from_fork+0x2c/0x50 [ 73.215098] [ 73.215098] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 73.215910] __lock_acquire+0x2d56/0x6380 [ 73.216377] lock_acquire.part.0+0xea/0x320 [ 73.216859] __flush_work+0x109/0xd80 [ 73.217283] __cancel_work_timer+0x39c/0x4e0 [ 73.217761] hci_cmd_sync_clear+0x52/0x250 [ 73.218235] hci_unregister_dev+0xf9/0x410 [ 73.218708] vhci_release+0x80/0x100 [ 73.219139] __fput+0x263/0xa40 [ 73.219543] task_work_run+0x174/0x280 [ 73.219986] do_exit+0xad8/0x2800 [ 73.220383] do_group_exit+0xd4/0x2a0 [ 73.220813] __x64_sys_exit_group+0x3e/0x50 [ 73.221281] do_syscall_64+0x3f/0x90 [ 73.221697] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 73.222238] [ 73.222238] other info that might help us debug this: [ 73.222238] [ 73.222975] Possible unsafe locking scenario: [ 73.222975] [ 73.223538] CPU0 CPU1 [ 73.223978] ---- ---- [ 73.224411] lock(&hdev->cmd_sync_work_lock); [ 73.224857] lock((work_completion)(&hdev->cmd_sync_work)); [ 73.225615] lock(&hdev->cmd_sync_work_lock); [ 73.226261] lock((work_completion)(&hdev->cmd_sync_work)); [ 73.226804] [ 73.226804] *** DEADLOCK *** [ 73.226804] [ 73.227353] 1 lock held by syz-executor.3/273: [ 73.227804] #0: ffff888014630920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 73.228761] [ 73.228761] stack backtrace: [ 73.229177] CPU: 1 PID: 273 Comm: syz-executor.3 Not tainted 6.2.0-next-20230224 #1 [ 73.229898] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 73.230662] Call Trace: [ 73.230917] [ 73.231139] dump_stack_lvl+0x91/0xf0 [ 73.231522] check_noncircular+0x263/0x2e0 [ 73.231941] ? __pfx_check_noncircular+0x10/0x10 [ 73.232411] ? queued_spin_lock_slowpath+0xd1/0xc50 [ 73.232913] __lock_acquire+0x2d56/0x6380 [ 73.233335] ? __pfx___lock_acquire+0x10/0x10 [ 73.233787] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 73.234312] ? __wait_for_common+0x394/0x550 [ 73.234752] ? __pfx_lock_release+0x10/0x10 [ 73.235186] lock_acquire.part.0+0xea/0x320 [ 73.235621] ? __flush_work+0xdd/0xd80 [ 73.236011] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 73.236495] ? __flush_work+0xdd/0xd80 [ 73.236893] ? rcu_read_lock_sched_held+0x42/0x80 [ 73.237358] ? trace_lock_acquire+0x170/0x1e0 [ 73.237809] ? __flush_work+0xdd/0xd80 [ 73.238201] ? lock_acquire+0x32/0xc0 [ 73.238587] ? __flush_work+0xdd/0xd80 [ 73.238985] __flush_work+0x109/0xd80 [ 73.239365] ? __flush_work+0xdd/0xd80 [ 73.239782] ? __pfx_mark_lock.part.0+0x10/0x10 [ 73.240246] ? __pfx___flush_work+0x10/0x10 [ 73.240671] ? lock_acquire.part.0+0xea/0x320 [ 73.241114] ? hci_cmd_sync_clear+0x45/0x250 [ 73.241551] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 73.242034] ? hci_cmd_sync_clear+0x45/0x250 [ 73.242467] ? rcu_read_lock_sched_held+0x42/0x80 [ 73.242933] ? trace_lock_acquire+0x170/0x1e0 [ 73.243381] ? lock_is_held_type+0x9f/0x120 [ 73.243812] ? mark_held_locks+0x9e/0xe0 [ 73.244218] __cancel_work_timer+0x39c/0x4e0 [ 73.244643] ? __pfx___cancel_work_timer+0x10/0x10 [ 73.245112] ? __cancel_work_timer+0x2aa/0x4e0 [ 73.245551] ? __pfx___cancel_work_timer+0x10/0x10 [ 73.246014] ? lock_release+0x1e3/0x710 [ 73.246410] ? __pfx_lock_release+0x10/0x10 [ 73.246835] ? do_raw_write_lock+0x11e/0x3b0 [ 73.247263] ? __pfx_vhci_release+0x10/0x10 [ 73.247693] hci_cmd_sync_clear+0x52/0x250 [ 73.248108] ? __pfx_vhci_release+0x10/0x10 [ 73.248529] hci_unregister_dev+0xf9/0x410 [ 73.248954] vhci_release+0x80/0x100 [ 73.249332] __fput+0x263/0xa40 [ 73.249665] task_work_run+0x174/0x280 [ 73.250087] ? __pfx_task_work_run+0x10/0x10 [ 73.250520] ? do_raw_spin_unlock+0x53/0x220 [ 73.250959] do_exit+0xad8/0x2800 [ 73.251307] ? lock_release+0x1e3/0x710 [ 73.251717] ? __pfx_lock_release+0x10/0x10 [ 73.252178] ? do_raw_spin_lock+0x125/0x270 [ 73.252587] ? __pfx_do_exit+0x10/0x10 [ 73.252982] do_group_exit+0xd4/0x2a0 [ 73.253363] __x64_sys_exit_group+0x3e/0x50 [ 73.253787] do_syscall_64+0x3f/0x90 [ 73.254164] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 73.254663] RIP: 0033:0x7f0ddb231b19 [ 73.255026] Code: Unable to access opcode bytes at 0x7f0ddb231aef. [ 73.255610] RSP: 002b:00007fff2c952008 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 73.256314] RAX: ffffffffffffffda RBX: 00007fff2c9527e8 RCX: 00007f0ddb231b19 [ 73.256988] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 73.257654] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007fff2c9527e8 [ 73.258315] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f0ddb28b233 [ 73.258969] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 73.259646] [ 73.261845] Bluetooth: hci0: command 0x0409 tx timeout [ 73.261872] Bluetooth: hci3: command 0x0409 tx timeout [ 73.262804] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 73.325798] Bluetooth: hci7: command 0x0409 tx timeout [ 73.326219] Bluetooth: hci5: command 0x0409 tx timeout [ 73.517744] Bluetooth: hci6: command 0x0409 tx timeout [ 75.245782] Bluetooth: hci1: command 0x041b tx timeout [ 75.309797] Bluetooth: hci0: command 0x041b tx timeout [ 75.310200] Bluetooth: hci3: command 0x041b tx timeout [ 75.373749] Bluetooth: hci5: command 0x041b tx timeout [ 75.374162] Bluetooth: hci7: command 0x041b tx timeout [ 75.565748] Bluetooth: hci6: command 0x041b tx timeout [ 77.293748] Bluetooth: hci1: command 0x040f tx timeout [ 77.357776] Bluetooth: hci3: command 0x040f tx timeout [ 77.357794] Bluetooth: hci0: command 0x040f tx timeout [ 77.421758] Bluetooth: hci7: command 0x040f tx timeout [ 77.421776] Bluetooth: hci5: command 0x040f tx timeout [ 77.613795] Bluetooth: hci6: command 0x040f tx timeout [ 77.805802] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 77.933794] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 79.341767] Bluetooth: hci1: command 0x0419 tx timeout [ 79.405757] Bluetooth: hci0: command 0x0419 tx timeout [ 79.406168] Bluetooth: hci3: command 0x0419 tx timeout [ 79.469748] Bluetooth: hci5: command 0x0419 tx timeout [ 79.470187] Bluetooth: hci7: command 0x0419 tx timeout [ 79.661777] Bluetooth: hci6: command 0x0419 tx timeout [ 82.221900] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 82.349791] Bluetooth: hci4: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 11:02:53 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88803b10f5a8 RCX=0000000000000001 RDX=1ffff11007621eb6 RSI=ffffffff811663d0 RDI=ffff88803b10f5b0 RBP=0000000000000006 RSP=ffff88803b10f4c0 R8 =0000000000000001 R9 =ffff88803b10f520 R10=0000000000038001 R11=0000000000000001 R12=ffff88803b10f5a8 R13=0000000000000000 R14=ffff88803b035040 R15=0000000000092cc0 RIP=ffffffff813a4cbf RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe66ab6ad000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe66ab6ab000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc15c931028 CR3=000000000edf0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=6f732e616d7a6c62696c2f756e672d78 XMM02=00352e6f732e616d7a6c62696c2f756e XMM03=672d78756e696c2d34365f3638782f62 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff888019807190 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe33a6c7b000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe33a6c79000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f83f9bf3610 CR3=000000003b07e000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00362e6f732e6362696c2f756e672d78 XMM02=ffff0000000000ffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000