------------[ cut here ]------------ ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5879 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 ------------[ cut here ]------------ Modules linked in: CPU: 1 PID: 5879 Comm: kworker/u5:1 Not tainted 4.19.182-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci5 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Code: 87 e8 8e af eb ff 0f 0b e9 85 31 36 ff e8 46 cf b9 fa 48 c7 c7 e0 62 cd 87 e8 5e a2 02 00 48 c7 c7 a0 66 cd 87 e8 6a af eb ff <0f> 0b e9 60 db 37 ff e8 22 cf b9 fa 48 c7 c7 60 6c cd 87 e8 3a a2 WARNING: CPU: 0 PID: 5903 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 RSP: 0018:ffff8881ee10fd40 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881f3894820 RCX: 0000000000000000 Modules linked in: RDX: 0000000000000000 RSI: ffffffff876789c0 RDI: ffffffff8a19faa0 RBP: ffff8881ee10fd58 R08: ffffed103ed25081 R09: ffffed103ed25080 CPU: 0 PID: 5903 Comm: kworker/u5:5 Not tainted 4.19.182-syzkaller #0 R10: ffffed103ed25080 R11: ffff8881f6928407 R12: ffff8881f3894700 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 R13: ffff8881f28d8d80 R14: ffff8881e9786400 R15: ffff8881f3894820 Workqueue: hci4 hci_conn_timeout FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Code: 87 e8 8e af eb ff 0f 0b e9 85 31 36 ff e8 46 cf b9 fa 48 c7 c7 e0 62 cd 87 e8 5e a2 02 00 48 c7 c7 a0 66 cd 87 e8 6a af eb ff <0f> 0b e9 60 db 37 ff e8 22 cf b9 fa 48 c7 c7 60 6c cd 87 e8 3a a2 CR2: 0000000000533198 CR3: 000000000846d001 CR4: 00000000001606e0 RSP: 0018:ffff8881ddc47d40 EFLAGS: 00010286 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RAX: 0000000000000024 RBX: ffff8881dd4e6f20 RCX: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 RDX: 0000000000000000 RSI: ffffffff876789c0 RDI: ffffffff8a19faa0 Call Trace: RBP: ffff8881ddc47d58 R08: ffffed103ed05081 R09: ffffed103ed05080 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152 R10: ffffed103ed05080 R11: ffff8881f6828407 R12: ffff8881dd4e6e00 R13: ffff8881f28d8d80 R14: ffff8881e9786c00 R15: ffff8881dd4e6f20 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000534bf8 CR3: 000000000846d002 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 worker_thread+0x85/0xb60 kernel/workqueue.c:2295 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 54606 worker_thread+0x85/0xb60 kernel/workqueue.c:2295 hardirqs last enabled at (54605): [] console_unlock+0xb9e/0xe20 kernel/printk/printk.c:2464 hardirqs last disabled at (54606): [] trace_hardirqs_off_thunk+0x1a/0x1c kthread+0x347/0x410 kernel/kthread.c:259 softirqs last enabled at (52830): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last disabled at (52821): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (52821): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 ---[ end trace 43311f8a71051f65 ]--- ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 ------------[ cut here ]------------ irq event stamp: 31072 hardirqs last enabled at (31071): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (31071): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (31072): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (31068): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last disabled at (31025): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (31025): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 ---[ end trace 43311f8a71051f66 ]--- ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5902 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 ------------[ cut here ]------------ Modules linked in: WARNING: CPU: 0 PID: 5884 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 CPU: 1 PID: 5902 Comm: kworker/u5:4 Tainted: G W 4.19.182-syzkaller #0 Modules linked in: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 CPU: 0 PID: 5884 Comm: kworker/u5:2 Tainted: G W 4.19.182-syzkaller #0 Workqueue: hci3 hci_conn_timeout Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Workqueue: hci1 hci_conn_timeout Code: 87 e8 8e af eb ff 0f 0b e9 85 31 36 ff e8 46 cf b9 fa 48 c7 c7 e0 62 cd 87 e8 5e a2 02 00 48 c7 c7 a0 66 cd 87 e8 6a af eb ff <0f> 0b e9 60 db 37 ff e8 22 cf b9 fa 48 c7 c7 60 6c cd 87 e8 3a a2 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 RSP: 0018:ffff8881d30ffd40 EFLAGS: 00010286 Code: 87 e8 8e af eb ff 0f 0b e9 85 31 36 ff e8 46 cf b9 fa 48 c7 c7 e0 62 cd 87 e8 5e a2 02 00 48 c7 c7 a0 66 cd 87 e8 6a af eb ff <0f> 0b e9 60 db 37 ff e8 22 cf b9 fa 48 c7 c7 60 6c cd 87 e8 3a a2 RAX: 0000000000000024 RBX: ffff8881d31e6be0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff876789c0 RDI: ffffffff8a19faa0 RSP: 0000:ffff8881ee057d40 EFLAGS: 00010286 RBP: ffff8881d30ffd58 R08: ffffed103ed25081 R09: ffffed103ed25080 RAX: 0000000000000024 RBX: ffff8881f53e46a0 RCX: 0000000000000000 R10: ffffed103ed25080 R11: ffff8881f6928407 R12: ffff8881d31e6ac0 RDX: 0000000000000000 RSI: ffffffff876789c0 RDI: ffffffff8a19faa0 R13: ffff8881f28d8d80 R14: ffff8881f4742400 R15: ffff8881d31e6be0 RBP: ffff8881ee057d58 R08: ffffed103ed05081 R09: ffffed103ed05080 R10: ffffed103ed05080 R11: ffff8881f6828407 R12: ffff8881f53e4580 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 R13: ffff8881f28d8d80 R14: ffff8881d5eddc00 R15: ffff8881f53e46a0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CR2: 0000000000533198 CR3: 000000000846d001 CR4: 00000000001606e0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 CR2: 00007f9fdfa67000 CR3: 000000000846d002 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152 Call Trace: process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152 worker_thread+0x85/0xb60 kernel/workqueue.c:2295 worker_thread+0x85/0xb60 kernel/workqueue.c:2295 kthread+0x347/0x410 kernel/kthread.c:259 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 1558 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 hardirqs last enabled at (1557): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (1557): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 irq event stamp: 1208 hardirqs last disabled at (1558): [] trace_hardirqs_off_thunk+0x1a/0x1c hardirqs last enabled at (1207): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (1207): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 softirqs last enabled at (1492): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 hardirqs last disabled at (1208): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last disabled at (1157): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (1157): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 softirqs last enabled at (1084): [] spin_unlock_bh include/linux/spinlock.h:374 [inline] softirqs last enabled at (1084): [] peernet2id+0x8b/0xc0 net/core/net_namespace.c:266 softirqs last disabled at (1082): [] spin_lock_bh include/linux/spinlock.h:334 [inline] softirqs last disabled at (1082): [] peernet2id+0x6d/0xc0 net/core/net_namespace.c:264 ---[ end trace 43311f8a71051f67 ]--- ---[ end trace 43311f8a71051f68 ]--- WARNING: CPU: 1 PID: 1229 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 WARNING: CPU: 0 PID: 5892 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Modules linked in: Modules linked in: CPU: 1 PID: 1229 Comm: kworker/u5:0 Tainted: G W 4.19.182-syzkaller #0 CPU: 0 PID: 5892 Comm: kworker/u5:3 Tainted: G W 4.19.182-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci2 hci_conn_timeout Workqueue: hci0 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Code: 87 e8 8e af eb ff 0f 0b e9 85 31 36 ff e8 46 cf b9 fa 48 c7 c7 e0 62 cd 87 e8 5e a2 02 00 48 c7 c7 a0 66 cd 87 e8 6a af eb ff <0f> 0b e9 60 db 37 ff e8 22 cf b9 fa 48 c7 c7 60 6c cd 87 e8 3a a2 Code: 87 e8 8e af eb ff 0f 0b e9 85 31 36 ff e8 46 cf b9 fa 48 c7 c7 e0 62 cd 87 e8 5e a2 02 00 48 c7 c7 a0 66 cd 87 e8 6a af eb ff <0f> 0b e9 60 db 37 ff e8 22 cf b9 fa 48 c7 c7 60 6c cd 87 e8 3a a2 RSP: 0018:ffff8881f292fd40 EFLAGS: 00010286 RSP: 0018:ffff8881d3847d40 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881f4b8e7a0 RCX: 0000000000000000 RAX: 0000000000000024 RBX: ffff8881f46d26e0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff876789c0 RDI: ffffffff8a19faa0 RDX: 0000000000000000 RSI: ffffffff876789c0 RDI: ffffffff8a19faa0 RBP: ffff8881d3847d58 R08: ffffed103ed05081 R09: ffffed103ed05080 RBP: ffff8881f292fd58 R08: ffffed103ed25081 R09: ffffed103ed25080 R10: ffffed103ed05080 R11: ffff8881f6828407 R12: ffff8881f46d25c0 R13: ffff8881f28d8d80 R14: ffff8881f4742c00 R15: ffff8881f46d26e0 R10: ffffed103ed25080 R11: ffff8881f6928407 R12: ffff8881f4b8e680 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 R13: ffff8881f28d8d80 R14: ffff8881d5edd400 R15: ffff8881f4b8e7a0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CR2: 00007fc87cbd7000 CR3: 000000000846d002 CR4: 00000000001606f0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 CR2: 0000000000533198 CR3: 000000000846d002 CR4: 00000000001606e0 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152 worker_thread+0x85/0xb60 kernel/workqueue.c:2295 kthread+0x347/0x410 kernel/kthread.c:259 worker_thread+0x85/0xb60 kernel/workqueue.c:2295 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 960 hardirqs last enabled at (959): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (959): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 hardirqs last disabled at (960): [] trace_hardirqs_off_thunk+0x1a/0x1c irq event stamp: 1270 softirqs last enabled at (952): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last disabled at (945): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (945): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 hardirqs last enabled at (1269): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (1269): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 ---[ end trace 43311f8a71051f69 ]--- hardirqs last disabled at (1270): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1118): [] spin_unlock_bh include/linux/spinlock.h:374 [inline] softirqs last enabled at (1118): [] peernet2id+0x8b/0xc0 net/core/net_namespace.c:266 softirqs last disabled at (1116): [] spin_lock_bh include/linux/spinlock.h:334 [inline] softirqs last disabled at (1116): [] peernet2id+0x6d/0xc0 net/core/net_namespace.c:264 ---[ end trace 43311f8a71051f6a ]--- Bluetooth: hci3: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout Bluetooth: hci0: command 0x0406 tx timeout Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci2: command 0x0406 tx timeout