./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3723442406 <...> Warning: Permanently added '10.128.1.175' (ED25519) to the list of known hosts. execve("./syz-executor3723442406", ["./syz-executor3723442406"], 0x7ffc1bcb92d0 /* 10 vars */) = 0 brk(NULL) = 0x55555752b000 brk(0x55555752bd40) = 0x55555752bd40 arch_prctl(ARCH_SET_FS, 0x55555752b3c0) = 0 set_tid_address(0x55555752b690) = 5022 set_robust_list(0x55555752b6a0, 24) = 0 rseq(0x55555752bce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3723442406", 4096) = 28 getrandom("\x00\x95\x77\x5b\xb1\x67\x91\x21", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555752bd40 brk(0x55555754cd40) = 0x55555754cd40 brk(0x55555754d000) = 0x55555754d000 mprotect(0x7f99353d4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555752b690) = 5023 ./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5023] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5023] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 5023] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5023] dup2(4, 202) = 202 [pid 5023] close(4) = 0 [pid 5023] write(202, "\xff\x00", 2) = 2 [pid 5023] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5023] rt_sigaction(SIGRT_1, {sa_handler=0x7f9935375c40, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f99353672c0}, NULL, 8) = 0 [pid 5023] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5023] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9934b10000 [pid 5023] mprotect(0x7f9934b11000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9935310990, parent_tid=0x7f9935310990, exit_signal=0, stack=0x7f9934b10000, stack_size=0x800300, tls=0x7f99353106c0}./strace-static-x86_64: Process 5026 attached => {parent_tid=[2]}, 88) = 2 [pid 5026] rseq(0x7f9935310fe0, 0x20, 0, 0x53053053 [pid 5023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5023] ioctl(3, HCIDEVUP [pid 5026] <... rseq resumed>) = 0 [pid 5026] set_robust_list(0x7f99353109a0, 24) = 0 [pid 5026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5026] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5026] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5026] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5026] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5026] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 5026] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5026] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5026] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5026] read(202, "\x01\x38\x0c\x00", 1024) = 4 [ 57.570699][ T5025] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.578992][ T5025] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.587025][ T5025] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.598020][ T5025] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.607828][ T5025] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5026] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5026] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5026] read(202, [pid 5023] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5023] ioctl(3, HCISETSCAN [pid 5026] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5026] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 5023] <... ioctl resumed>, 0x7ffc6815958c) = 0 [pid 5023] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13 [pid 5023] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 5023] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 5023] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 5023] futex(0x7f9935310990, FUTEX_WAIT_BITSET|FUTEX_CLOCK_REALTIME, 2, NULL, FUTEX_BITSET_MATCH_ANY [pid 5026] rt_sigprocmask(SIG_BLOCK, ~[RT_1], NULL, 8) = 0 [pid 5026] madvise(0x7f9934b10000, 8372224, MADV_DONTNEED) = 0 [pid 5026] exit(0) = ? [pid 5026] +++ exited with 0 +++ [pid 5023] <... futex resumed>) = 0 [pid 5023] close(3) = 0 [pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5023] setsid() = 1 [pid 5023] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5023] dup2(3, 201) = 201 [pid 5023] close(3) = 0 [pid 5023] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5023] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5023] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5023] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5023] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5023] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5023] unshare(CLONE_NEWNS) = 0 [pid 5023] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5023] unshare(CLONE_NEWIPC) = 0 [pid 5023] unshare(CLONE_NEWCGROUP) = 0 [pid 5023] unshare(CLONE_NEWUTS) = 0 [pid 5023] unshare(CLONE_SYSVSEM) = 0 [pid 5023] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "16777216", 8) = 8 [pid 5023] close(3) = 0 [pid 5023] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "536870912", 9) = 9 [pid 5023] close(3) = 0 [pid 5023] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1024", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "8192", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1024", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1024", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5023] close(3) = 0 [pid 5023] getpid() = 1 [pid 5023] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 2 [pid 5023] unshare(CLONE_NEWNET) = 0 [pid 5023] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "0 65535", 7) = 7 [pid 5023] close(3) = 0 [pid 5023] mkdir("/dev/binderfs", 0777) = 0 [pid 5023] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 5023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5029 attached , child_tidptr=0x55555752b690) = 3 [pid 5029] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5029] setpgid(0, 0) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5029] write(3, "1000", 4) = 4 [pid 5029] close(3) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5029] setns(201, 0) = 0 [pid 5029] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5029] setns(3, 0) = 0 [pid 5029] close(3) = 0 [ 59.687986][ T5025] Bluetooth: hci0: command 0x0409 tx timeout [ 61.767386][ T5025] Bluetooth: hci0: command 0x041b tx timeout [pid 5029] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-3, SIGKILL [pid 5029] <... connect resumed>) = ? [pid 5029] +++ killed by SIGKILL +++ [pid 5023] <... kill resumed>) = 0 [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] kill(3, SIGKILL) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555752b690) = 4 ./strace-static-x86_64: Process 5030 attached [pid 5030] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5030] setpgid(0, 0) = 0 [pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5030] write(3, "1000", 4) = 4 [pid 5030] close(3) = 0 [pid 5030] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5030] setns(201, 0) = 0 [pid 5030] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5030] setns(3, 0) = 0 [pid 5030] close(3) = 0 [ 63.847387][ T5025] Bluetooth: hci0: command 0x040f tx timeout [ 65.927403][ T5025] Bluetooth: hci0: command 0x0419 tx timeout [pid 5030] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-4, SIGKILL [pid 5030] <... connect resumed>) = ? [pid 5023] <... kill resumed>) = 0 [pid 5023] kill(4, SIGKILL) = 0 [pid 5030] +++ killed by SIGKILL +++ [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=4, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] restart_syscall(<... resuming interrupted kill ...>) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5031 attached , child_tidptr=0x55555752b690) = 5 [pid 5031] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5031] setpgid(0, 0) = 0 [pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5031] write(3, "1000", 4) = 4 [pid 5031] close(3) = 0 [pid 5031] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5031] setns(201, 0) = 0 [pid 5031] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5031] setns(3, 0) = 0 [pid 5031] close(3) = 0 [pid 5031] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-5, SIGKILL) = 0 [pid 5023] kill(5, SIGKILL) = 0 [pid 5031] <... connect resumed>) = ? [pid 5031] +++ killed by SIGKILL +++ [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] restart_syscall(<... resuming interrupted kill ...>) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555752b690) = 6 ./strace-static-x86_64: Process 5032 attached [pid 5032] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5032] setpgid(0, 0) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5032] write(3, "1000", 4) = 4 [pid 5032] close(3) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5032] setns(201, 0) = 0 [pid 5032] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5032] setns(3, 0) = 0 [pid 5032] close(3) = 0 [ 76.569679][ T1132] cfg80211: failed to load regulatory.db [pid 5032] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-6, SIGKILL) = 0 [pid 5032] <... connect resumed>) = ? [pid 5023] kill(6, SIGKILL) = 0 [pid 5032] +++ killed by SIGKILL +++ [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] restart_syscall(<... resuming interrupted kill ...>) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555752b690) = 7 ./strace-static-x86_64: Process 5034 attached [pid 5034] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1000", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5034] setns(201, 0) = 0 [pid 5034] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5034] setns(3, 0) = 0 [pid 5034] close(3) = 0 [pid 5034] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-7, SIGKILL) = 0 [pid 5034] <... connect resumed>) = ? [pid 5023] kill(7, SIGKILL) = 0 [pid 5034] +++ killed by SIGKILL +++ [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555752b690) = 8 ./strace-static-x86_64: Process 5036 attached [pid 5036] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] setpgid(0, 0) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1000", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5036] setns(201, 0) = 0 [pid 5036] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5036] setns(3, 0) = 0 [pid 5036] close(3) = 0 [pid 5036] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-8, SIGKILL) = 0 [pid 5036] <... connect resumed>) = ? [pid 5023] kill(8, SIGKILL) = 0 [pid 5036] +++ killed by SIGKILL +++ [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=8, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] restart_syscall(<... resuming interrupted kill ...>) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5039 attached , child_tidptr=0x55555752b690) = 9 [pid 5039] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5039] setns(201, 0) = 0 [pid 5039] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5039] setns(3, 0) = 0 [pid 5039] close(3) = 0 [pid 5039] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-9, SIGKILL [pid 5039] <... connect resumed>) = ? [pid 5023] <... kill resumed>) = 0 [pid 5039] +++ killed by SIGKILL +++ [pid 5023] kill(9, SIGKILL) = 0 [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555752b690) = 10 ./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5042] setns(201, 0) = 0 [pid 5042] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5042] setns(3, 0) = 0 [pid 5042] close(3) = 0 [pid 5042] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-10, SIGKILL) = 0 [pid 5042] <... connect resumed>) = ? [pid 5023] kill(10, SIGKILL) = 0 [pid 5042] +++ killed by SIGKILL +++ [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5050 attached , child_tidptr=0x55555752b690) = 11 [pid 5050] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [pid 5050] close(3) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5050] setns(201, 0) = 0 [pid 5050] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5050] setns(3, 0) = 0 [pid 5050] close(3) = 0 [pid 5050] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-11, SIGKILL [pid 5050] <... connect resumed>) = ? [pid 5023] <... kill resumed>) = 0 [pid 5050] +++ killed by SIGKILL +++ [pid 5023] kill(11, SIGKILL) = 0 [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=11, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached , child_tidptr=0x55555752b690) = 12 [pid 5053] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5053] setns(201, 0) = 0 [pid 5053] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5053] setns(3, 0) = 0 [pid 5053] close(3) = 0 [ 102.761775][ T5025] Bluetooth: hci0: link tx timeout [ 102.767088][ T5025] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 102.775468][ T5025] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 [ 102.784935][ T5025] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5025, name: kworker/u5:2 [ 102.794200][ T5025] preempt_count: 0, expected: 0 [ 102.799093][ T5025] RCU nest depth: 1, expected: 0 [ 102.804032][ T5025] 3 locks held by kworker/u5:2/5025: [ 102.809635][ T5025] #0: ffff8880769a3938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0 [ 102.821987][ T5025] #1: ffffc90003b9fd80 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0 [ 102.833847][ T5025] #2: ffffffff8c9a7b40 (rcu_read_lock){....}-{1:2}, at: __check_timeout+0x1d4/0x4e0 [ 102.843699][ T5025] CPU: 0 PID: 5025 Comm: kworker/u5:2 Not tainted 6.5.0-rc6-syzkaller-01634-g669a55560e4b #0 [ 102.853955][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 102.864378][ T5025] Workqueue: hci0 hci_tx_work [ 102.869277][ T5025] Call Trace: [ 102.872567][ T5025] [ 102.875523][ T5025] dump_stack_lvl+0x125/0x1b0 [ 102.880234][ T5025] __might_resched+0x3c3/0x5e0 [ 102.885062][ T5025] ? llist_add_batch+0x100/0x160 [ 102.890086][ T5025] ? preempt_count_sub+0x150/0x150 [ 102.895232][ T5025] ? llist_reverse_order+0x60/0x60 [ 102.900357][ T5025] __mutex_lock+0xee/0x1340 [ 102.904870][ T5025] ? tick_nohz_tick_stopped+0x17/0x90 [ 102.910340][ T5025] ? hci_cmd_sync_submit+0x3f/0x340 [ 102.915551][ T5025] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 102.921100][ T5025] ? vprintk_emit+0x12a/0x640 [ 102.925812][ T5025] ? _printk+0xc8/0x100 [ 102.930008][ T5025] ? syslog_print_all+0x3f0/0x3f0 [ 102.935068][ T5025] ? hci_get_route+0x510/0x510 [ 102.939921][ T5025] ? hci_get_route+0x510/0x510 [ 102.944691][ T5025] ? hci_cmd_sync_submit+0x3f/0x340 [ 102.949898][ T5025] hci_cmd_sync_submit+0x3f/0x340 [ 102.954939][ T5025] ? hci_get_route+0x510/0x510 [ 102.959717][ T5025] hci_cmd_sync_queue+0x79/0xa0 [ 102.964576][ T5025] hci_abort_conn+0x15b/0x330 [ 102.969261][ T5025] hci_disconnect+0xc4/0x220 [ 102.973869][ T5025] ? hci_abort_conn+0x330/0x330 [ 102.978794][ T5025] ? debug_object_deactivate+0x28b/0x320 [ 102.984799][ T5025] __check_timeout+0x331/0x4e0 [ 102.989597][ T5025] ? hci_ncmd_timeout+0xb0/0xb0 [ 102.994465][ T5025] hci_tx_work+0x818/0x1d30 [ 102.998986][ T5025] ? lock_sync+0x190/0x190 [ 103.003418][ T5025] ? reacquire_held_locks+0x4b0/0x4b0 [ 103.008809][ T5025] ? __check_timeout+0x4e0/0x4e0 [ 103.013766][ T5025] ? spin_bug+0x1d0/0x1d0 [ 103.018106][ T5025] process_one_work+0xaa2/0x16f0 [ 103.023078][ T5025] ? lock_sync+0x190/0x190 [ 103.027528][ T5025] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 103.032931][ T5025] ? spin_bug+0x1d0/0x1d0 [ 103.037300][ T5025] worker_thread+0x687/0x1110 [ 103.041998][ T5025] ? __kthread_parkme+0x152/0x220 [ 103.047026][ T5025] ? process_one_work+0x16f0/0x16f0 [ 103.052231][ T5025] kthread+0x33a/0x430 [ 103.056301][ T5025] ? kthread_complete_and_exit+0x40/0x40 [ 103.062028][ T5025] ret_from_fork+0x2c/0x70 [ 103.066447][ T5025] ? kthread_complete_and_exit+0x40/0x40 [ 103.072086][ T5025] ret_from_fork_asm+0x11/0x20 [ 103.076867][ T5025] [ 103.080235][ T5025] [ 103.082570][ T5025] ============================= [ 103.087493][ T5025] [ BUG: Invalid wait context ] [ 103.092336][ T5025] 6.5.0-rc6-syzkaller-01634-g669a55560e4b #0 Tainted: G W [ 103.100823][ T5025] ----------------------------- [ 103.105659][ T5025] kworker/u5:2/5025 is trying to lock: [ 103.111105][ T5025] ffff88802cfcc9b0 (&hdev->unregister_lock){+.+.}-{3:3}, at: hci_cmd_sync_submit+0x3f/0x340 [ 103.121205][ T5025] other info that might help us debug this: [ 103.127085][ T5025] context-{4:4} [ 103.130533][ T5025] 3 locks held by kworker/u5:2/5025: [ 103.135806][ T5025] #0: ffff8880769a3938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0 [ 103.146259][ T5025] #1: ffffc90003b9fd80 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0 [ 103.157659][ T5025] #2: ffffffff8c9a7b40 (rcu_read_lock){....}-{1:2}, at: __check_timeout+0x1d4/0x4e0 [ 103.167152][ T5025] stack backtrace: [ 103.170858][ T5025] CPU: 0 PID: 5025 Comm: kworker/u5:2 Tainted: G W 6.5.0-rc6-syzkaller-01634-g669a55560e4b #0 [ 103.182482][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 103.192537][ T5025] Workqueue: hci0 hci_tx_work [ 103.197224][ T5025] Call Trace: [ 103.200504][ T5025] [ 103.203454][ T5025] dump_stack_lvl+0xd9/0x1b0 [ 103.208057][ T5025] __lock_acquire+0x1575/0x5de0 [ 103.212918][ T5025] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 103.219092][ T5025] ? mark_held_locks+0x9f/0xe0 [ 103.223872][ T5025] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 103.230040][ T5025] ? lockdep_hardirqs_on+0x7d/0x100 [ 103.235242][ T5025] lock_acquire+0x1ae/0x510 [ 103.239751][ T5025] ? hci_cmd_sync_submit+0x3f/0x340 [ 103.244989][ T5025] ? lock_sync+0x190/0x190 [ 103.249409][ T5025] ? dump_stack_lvl+0x15c/0x1b0 [ 103.254277][ T5025] ? add_taint+0x5f/0xd0 [ 103.258525][ T5025] ? __might_resched+0x3cf/0x5e0 [ 103.263470][ T5025] ? llist_add_batch+0x100/0x160 [ 103.268408][ T5025] ? preempt_count_sub+0x150/0x150 [ 103.273530][ T5025] ? llist_reverse_order+0x60/0x60 [ 103.278643][ T5025] __mutex_lock+0x181/0x1340 [ 103.283236][ T5025] ? hci_cmd_sync_submit+0x3f/0x340 [ 103.288460][ T5025] ? tick_nohz_tick_stopped+0x17/0x90 [ 103.293833][ T5025] ? hci_cmd_sync_submit+0x3f/0x340 [ 103.299038][ T5025] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 103.304583][ T5025] ? vprintk_emit+0x12a/0x640 [ 103.309269][ T5025] ? _printk+0xc8/0x100 [ 103.313425][ T5025] ? syslog_print_all+0x3f0/0x3f0 [ 103.318459][ T5025] ? hci_get_route+0x510/0x510 [ 103.323238][ T5025] ? hci_get_route+0x510/0x510 [ 103.328003][ T5025] ? hci_cmd_sync_submit+0x3f/0x340 [ 103.333207][ T5025] hci_cmd_sync_submit+0x3f/0x340 [ 103.338240][ T5025] ? hci_get_route+0x510/0x510 [ 103.343035][ T5025] hci_cmd_sync_queue+0x79/0xa0 [ 103.347925][ T5025] hci_abort_conn+0x15b/0x330 [ 103.352615][ T5025] hci_disconnect+0xc4/0x220 [ 103.357209][ T5025] ? hci_abort_conn+0x330/0x330 [ 103.362076][ T5025] ? debug_object_deactivate+0x28b/0x320 [ 103.367713][ T5025] __check_timeout+0x331/0x4e0 [ 103.372484][ T5025] ? hci_ncmd_timeout+0xb0/0xb0 [ 103.377343][ T5025] hci_tx_work+0x818/0x1d30 [ 103.381857][ T5025] ? lock_sync+0x190/0x190 [ 103.386283][ T5025] ? reacquire_held_locks+0x4b0/0x4b0 [ 103.391662][ T5025] ? __check_timeout+0x4e0/0x4e0 [ 103.396605][ T5025] ? spin_bug+0x1d0/0x1d0 [ 103.400942][ T5025] process_one_work+0xaa2/0x16f0 [ 103.405927][ T5025] ? lock_sync+0x190/0x190 [ 103.410349][ T5025] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 103.415728][ T5025] ? spin_bug+0x1d0/0x1d0 [ 103.420067][ T5025] worker_thread+0x687/0x1110 [ 103.424749][ T5025] ? __kthread_parkme+0x152/0x220 [ 103.429778][ T5025] ? process_one_work+0x16f0/0x16f0 [ 103.434982][ T5025] kthread+0x33a/0x430 [ 103.439056][ T5025] ? kthread_complete_and_exit+0x40/0x40 [ 103.444689][ T5025] ret_from_fork+0x2c/0x70 [ 103.449104][ T5025] ? kthread_complete_and_exit+0x40/0x40 [ 103.454737][ T5025] ret_from_fork_asm+0x11/0x20 [ 103.459517][ T5025] [ 105.527401][ T5025] Bluetooth: hci0: command 0x0406 tx timeout [pid 5053] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-12, SIGKILL) = 0 [pid 5023] kill(12, SIGKILL) = 0 [pid 5053] <... connect resumed>) = ? [pid 5053] +++ killed by SIGKILL +++ [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=12, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] restart_syscall(<... resuming interrupted kill ...>) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555752b690) = 13 ./strace-static-x86_64: Process 5055 attached [pid 5055] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5055] setpgid(0, 0) = 0 [pid 5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5055] write(3, "1000", 4) = 4 [pid 5055] close(3) = 0 [pid 5055] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5055] setns(201, 0) = 0 [pid 5055] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5055] setns(3, 0) = 0 [pid 5055] close(3) = 0 [pid 5055] connect(4, {sa_family=AF_BLUETOOTH, l2_psm=htobs(L2CAP_PSM_3DSP), l2_bdaddr=aa:aa:aa:aa:aa:10, l2_cid=htobs(0 /* L2CAP_CID_??? */), l2_bdaddr_type=BDADDR_BREDR}, 14 [pid 5023] kill(-13, SIGKILL [pid 5055] <... connect resumed>) = ? [pid 5023] <... kill resumed>) = 0 [pid 5023] kill(13, SIGKILL) = 0 [pid 5055] +++ killed by SIGKILL +++ [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=13, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- [pid 5023] restart_syscall(<... resuming interrupted kill ...>) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5057 attached , child_tidptr=0x55555752b690) = 14 [pid 5057] set_robust_list(0x55555752b6a0, 24) = 0 [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5057] setpgid(0, 0) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5057] write(3, "1000", 4) = 4 [pid 5057] close(3) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/ns/net", O_RDONLY) = 3 [pid 5057] setns(201, 0) = 0 [pid 5057] socket(AF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP) = 4 [pid 5057] setns(3, 0) = 0 [pid 5057] close(3) = 0