Warning: Permanently added '[localhost]:38106' (ECDSA) to the list of known hosts. 2023/02/24 10:49:20 fuzzer started 2023/02/24 10:49:20 dialing manager at localhost:41417 syzkaller login: [ 36.323683] cgroup: Unknown subsys name 'net' [ 36.440883] cgroup: Unknown subsys name 'rlimit' 2023/02/24 10:49:34 syscalls: 2217 2023/02/24 10:49:34 code coverage: enabled 2023/02/24 10:49:34 comparison tracing: enabled 2023/02/24 10:49:34 extra coverage: enabled 2023/02/24 10:49:34 setuid sandbox: enabled 2023/02/24 10:49:34 namespace sandbox: enabled 2023/02/24 10:49:34 Android sandbox: enabled 2023/02/24 10:49:34 fault injection: enabled 2023/02/24 10:49:34 leak checking: enabled 2023/02/24 10:49:34 net packet injection: enabled 2023/02/24 10:49:34 net device setup: enabled 2023/02/24 10:49:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 10:49:34 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 10:49:34 USB emulation: enabled 2023/02/24 10:49:34 hci packet injection: enabled 2023/02/24 10:49:34 wifi device emulation: enabled 2023/02/24 10:49:34 802.15.4 emulation: enabled 2023/02/24 10:49:34 fetching corpus: 0, signal 0/0 (executing program) 2023/02/24 10:49:34 fetching corpus: 0, signal 0/0 (executing program) 2023/02/24 10:49:36 starting 8 fuzzer processes 10:49:36 executing program 1: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x40) setsockopt$inet6_int(r0, 0x29, 0xfa, &(0x7f0000000040)=0x4, 0x4) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x29}}, 0x14) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r1, 0x29, 0x4, 0x0, &(0x7f00000000c0)) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x1d000000, @remote, 0x81}, 0x1c) 10:49:36 executing program 0: madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x18) 10:49:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x11, 0xb, &(0x7f000000f980)=0x2ba8, 0x4) 10:49:36 executing program 3: clone3(&(0x7f00000004c0)={0x0, 0x0, 0x0, &(0x7f0000000340), {}, 0x0, 0x0, &(0x7f00000003c0)=""/183, 0x0}, 0x58) 10:49:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000100000018d10000", @ANYRES32, @ANYBLOB="000000801d15a0040b23602867b90400"]) r2 = syz_open_dev$evdev(&(0x7f0000000480), 0x0, 0x0) ioctl$EVIOCGLED(r2, 0x80044584, &(0x7f0000000180)=""/170) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = dup(r3) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e1e, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000002880), 0x4000101, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e24, @multicast1}, 0x10) 10:49:36 executing program 5: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fchmod(r0, 0x0) 10:49:36 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x10d882, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000440)={0x8000, 0x9, 0x1, 0x5, 0xa, "59df70652c5ac7d4"}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r0, 0x0) close(r0) r1 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_io_uring_setup(0x773c, &(0x7f0000000100)={0x0, 0x2ff2, 0x0, 0x3, 0x3df}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f00000001c0), &(0x7f0000000200)) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0) write$rfkill(r2, 0x0, 0x72) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x4, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_config_ext={0x3, 0x9}, 0x8000, 0x7ff, 0x40, 0x7, 0x2, 0x0, 0x1, 0x0, 0x8, 0x0, 0x6}, r1, 0x5, r2, 0x9) syz_io_uring_setup(0x62e3, &(0x7f0000000300)={0x0, 0x7b1a, 0x0, 0x0, 0x18e}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380), &(0x7f00000003c0)) [ 51.929919] audit: type=1400 audit(1677235776.441:6): avc: denied { execmem } for pid=260 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:49:36 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000100)={@local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, 0x0, 0xca7}) [ 53.202594] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.205362] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.206766] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.211381] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.213053] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 53.214379] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.266747] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.268485] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.269964] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.270868] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.272032] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.276364] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.280359] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.285809] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.287167] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 53.290691] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.290790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 53.292853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.386065] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 53.389703] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 53.391762] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 53.399972] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 53.401645] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 53.402799] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 53.403968] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 53.405184] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 53.407249] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 53.416922] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 53.418050] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 53.421304] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 53.423580] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 53.425197] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 53.426182] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 53.427993] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 53.429320] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 53.433078] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 55.291713] Bluetooth: hci0: command 0x0409 tx timeout [ 55.354185] Bluetooth: hci1: command 0x0409 tx timeout [ 55.354247] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 55.356474] Bluetooth: hci2: command 0x0409 tx timeout [ 55.357222] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 55.358569] [ 55.358772] ====================================================== [ 55.359413] WARNING: possible circular locking dependency detected [ 55.360058] 6.2.0-next-20230224 #1 Not tainted [ 55.360763] ------------------------------------------------------ [ 55.364590] syz-executor.3/275 is trying to acquire lock: [ 55.365158] ffff888019f60880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 55.366255] [ 55.366255] but task is already holding lock: [ 55.366860] ffff888019f60920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 55.367859] [ 55.367859] which lock already depends on the new lock. [ 55.367859] [ 55.368664] [ 55.368664] the existing dependency chain (in reverse order) is: [ 55.369391] [ 55.369391] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 55.370103] __mutex_lock+0x133/0x14a0 [ 55.370572] hci_cmd_sync_work+0x1e6/0x320 [ 55.371067] process_one_work+0xa0f/0x1790 [ 55.371587] worker_thread+0x63b/0x1260 [ 55.372059] kthread+0x2e9/0x3a0 [ 55.372470] ret_from_fork+0x2c/0x50 [ 55.372913] [ 55.372913] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 55.373755] __lock_acquire+0x2d56/0x6380 [ 55.374271] lock_acquire.part.0+0xea/0x320 [ 55.374789] __flush_work+0x109/0xd80 [ 55.375256] __cancel_work_timer+0x39c/0x4e0 [ 55.375778] hci_cmd_sync_clear+0x52/0x250 [ 55.376279] hci_unregister_dev+0xf9/0x410 [ 55.376777] vhci_release+0x80/0x100 [ 55.377220] __fput+0x263/0xa40 [ 55.377615] task_work_run+0x174/0x280 [ 55.378084] do_exit+0xad8/0x2800 [ 55.378499] do_group_exit+0xd4/0x2a0 [ 55.378952] __x64_sys_exit_group+0x3e/0x50 [ 55.379456] do_syscall_64+0x3f/0x90 [ 55.379919] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 55.380504] [ 55.380504] other info that might help us debug this: [ 55.380504] [ 55.381303] Possible unsafe locking scenario: [ 55.381303] [ 55.381884] CPU0 CPU1 [ 55.382339] ---- ---- [ 55.382791] lock(&hdev->cmd_sync_work_lock); [ 55.383260] lock((work_completion)(&hdev->cmd_sync_work)); [ 55.384060] lock(&hdev->cmd_sync_work_lock); [ 55.384745] lock((work_completion)(&hdev->cmd_sync_work)); [ 55.385317] [ 55.385317] *** DEADLOCK *** [ 55.385317] [ 55.385903] 1 lock held by syz-executor.3/275: [ 55.386366] #0: ffff888019f60920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 55.387372] [ 55.387372] stack backtrace: [ 55.387834] CPU: 1 PID: 275 Comm: syz-executor.3 Not tainted 6.2.0-next-20230224 #1 [ 55.388586] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 55.389386] Call Trace: [ 55.389646] [ 55.389877] dump_stack_lvl+0x91/0xf0 [ 55.390278] check_noncircular+0x263/0x2e0 [ 55.390718] ? __pfx_check_noncircular+0x10/0x10 [ 55.391219] __lock_acquire+0x2d56/0x6380 [ 55.391662] ? lock_is_held_type+0x9f/0x120 [ 55.392105] ? __pfx___lock_acquire+0x10/0x10 [ 55.392571] ? __pfx_register_lock_class+0x10/0x10 [ 55.393072] ? __wait_for_common+0x394/0x550 [ 55.393534] ? __pfx_lock_release+0x10/0x10 [ 55.393981] lock_acquire.part.0+0xea/0x320 [ 55.394430] ? __flush_work+0xdd/0xd80 [ 55.394838] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 55.395340] ? __flush_work+0xdd/0xd80 [ 55.395762] ? rcu_read_lock_sched_held+0x42/0x80 [ 55.396253] ? trace_lock_acquire+0x170/0x1e0 [ 55.396715] ? __flush_work+0xdd/0xd80 [ 55.397117] ? lock_acquire+0x32/0xc0 [ 55.397526] ? __flush_work+0xdd/0xd80 [ 55.397937] __flush_work+0x109/0xd80 [ 55.398339] ? __flush_work+0xdd/0xd80 [ 55.398744] ? __pfx_mark_lock.part.0+0x10/0x10 [ 55.399219] ? __pfx___flush_work+0x10/0x10 [ 55.399669] ? lock_acquire.part.0+0xea/0x320 [ 55.400138] ? hci_cmd_sync_clear+0x45/0x250 [ 55.400583] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 55.401080] ? hci_cmd_sync_clear+0x45/0x250 [ 55.401533] ? rcu_read_lock_sched_held+0x42/0x80 [ 55.402014] ? trace_lock_acquire+0x170/0x1e0 [ 55.402473] ? lock_is_held_type+0x9f/0x120 [ 55.402916] ? mark_held_locks+0x9e/0xe0 [ 55.403341] __cancel_work_timer+0x39c/0x4e0 [ 55.403791] ? __pfx___cancel_work_timer+0x10/0x10 [ 55.404273] ? __cancel_work_timer+0x2aa/0x4e0 [ 55.404726] ? __pfx___cancel_work_timer+0x10/0x10 [ 55.405210] ? lock_release+0x1e3/0x710 [ 55.405625] ? __pfx_lock_release+0x10/0x10 [ 55.406063] ? do_raw_write_lock+0x11e/0x3b0 [ 55.406510] ? __pfx_vhci_release+0x10/0x10 [ 55.406952] hci_cmd_sync_clear+0x52/0x250 [ 55.407388] ? __pfx_vhci_release+0x10/0x10 [ 55.407838] hci_unregister_dev+0xf9/0x410 [ 55.408268] vhci_release+0x80/0x100 [ 55.408653] __fput+0x263/0xa40 [ 55.408991] task_work_run+0x174/0x280 [ 55.409389] ? __pfx_task_work_run+0x10/0x10 [ 55.409833] ? do_raw_spin_unlock+0x53/0x220 [ 55.410281] do_exit+0xad8/0x2800 [ 55.410637] ? lock_release+0x1e3/0x710 [ 55.411046] ? __pfx_lock_release+0x10/0x10 [ 55.411483] ? do_raw_spin_lock+0x125/0x270 [ 55.411921] ? __pfx_do_exit+0x10/0x10 [ 55.412317] do_group_exit+0xd4/0x2a0 [ 55.412700] __x64_sys_exit_group+0x3e/0x50 [ 55.413126] do_syscall_64+0x3f/0x90 [ 55.413500] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 55.414002] RIP: 0033:0x7ff86b720b19 [ 55.414370] Code: Unable to access opcode bytes at 0x7ff86b720aef. [ 55.414965] RSP: 002b:00007ffe797934e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 55.415693] RAX: ffffffffffffffda RBX: 00007ffe79793cc8 RCX: 00007ff86b720b19 [ 55.416367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 55.417047] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffe79793cc8 [ 55.417726] R10: 0000000000000020 R11: 0000000000000246 R12: 00007ff86b77a233 [ 55.418402] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 55.419090] [ 55.482157] Bluetooth: hci7: command 0x0409 tx timeout [ 55.482202] Bluetooth: hci4: command 0x0409 tx timeout [ 55.546144] Bluetooth: hci6: command 0x0409 tx timeout [ 57.338152] Bluetooth: hci0: command 0x041b tx timeout [ 57.402201] Bluetooth: hci2: command 0x041b tx timeout [ 57.402654] Bluetooth: hci1: command 0x041b tx timeout [ 57.530148] Bluetooth: hci7: command 0x041b tx timeout [ 57.530205] Bluetooth: hci4: command 0x041b tx timeout [ 57.594138] Bluetooth: hci6: command 0x041b tx timeout [ 58.054587] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 58.056851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 58.065910] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 58.073665] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 58.077602] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 58.078685] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 58.162282] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 58.174877] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 58.184596] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 58.192279] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 58.194276] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 58.196622] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 59.386141] Bluetooth: hci0: command 0x040f tx timeout [ 59.450947] Bluetooth: hci1: command 0x040f tx timeout [ 59.451693] Bluetooth: hci2: command 0x040f tx timeout [ 59.578296] Bluetooth: hci7: command 0x040f tx timeout [ 59.579002] Bluetooth: hci4: command 0x040f tx timeout [ 59.642151] Bluetooth: hci6: command 0x040f tx timeout [ 60.090183] Bluetooth: hci3: command 0x0409 tx timeout [ 60.218155] Bluetooth: hci5: command 0x0409 tx timeout [ 61.434192] Bluetooth: hci0: command 0x0419 tx timeout [ 61.498178] Bluetooth: hci2: command 0x0419 tx timeout [ 61.498881] Bluetooth: hci1: command 0x0419 tx timeout [ 61.626184] Bluetooth: hci4: command 0x0419 tx timeout [ 61.626891] Bluetooth: hci7: command 0x0419 tx timeout [ 61.690151] Bluetooth: hci6: command 0x0419 tx timeout [ 62.138553] Bluetooth: hci3: command 0x041b tx timeout [ 62.266189] Bluetooth: hci5: command 0x041b tx timeout [ 64.186229] Bluetooth: hci3: command 0x040f tx timeout [ 64.314172] Bluetooth: hci5: command 0x040f tx timeout VM DIAGNOSIS: 10:49:40 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffff88800ec9af00 RCX=0000000000000001 RDX=1ffff110037b0ec7 RSI=ffff88801bd87dd0 RDI=ffff88801bd87640 RBP=ffff88801bd87648 RSP=ffff88801bd87580 R8 =0000000000000001 R9 =ffff88801bd87630 R10=0000000000038001 R11=0000000000000001 R12=ffff88801bd87650 R13=ffff88801bd875f0 R14=ffff88801bd87dd0 R15=0000000000000001 RIP=ffffffff81133c5d RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe5412c6f000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe5412c6d000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4d497ce6f4 CR3=0000000016b7a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=6f732e616d7a6c62696c2f756e672d78 XMM02=00352e6f732e616d7a6c62696c2f756e XMM03=672d78756e696c2d34365f3638782f62 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88800c747190 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe68769ca000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe68769c8000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8dcae34260 CR3=0000000036c8c000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000