------------[ cut here ]------------ ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5826 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline] WARNING: CPU: 0 PID: 5826 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline] WARNING: CPU: 0 PID: 5826 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline] WARNING: CPU: 0 PID: 5826 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419 WARNING: CPU: 1 PID: 5833 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline] WARNING: CPU: 1 PID: 5833 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline] WARNING: CPU: 1 PID: 5833 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline] WARNING: CPU: 1 PID: 5833 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419 Modules linked in: Modules linked in: CPU: 1 PID: 5833 Comm: kworker/u5:5 Not tainted 4.14.228-syzkaller #0 CPU: 0 PID: 5826 Comm: kworker/u5:4 Not tainted 4.14.228-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci5 hci_conn_timeout task: ffff8881d2b80580 task.stack: ffff8881e8d00000 RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404 RSP: 0018:ffff8881e8d07d48 EFLAGS: 00010282 RAX: 00000000ffffeb4c RBX: ffff8881e7becca0 RCX: ffffed103a5701c0 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881e7becb90 RBP: ffff8881e8d07d60 R08: 1ffff1103a5701c0 R09: ffff8881e8d07a68 R10: ffff8881e8d079e0 R11: ffff8881d2b80580 R12: ffff8881e9cd1f00 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 R13: ffff8881f2440080 R14: ffff8881e864d800 R15: ffff8881e7becca0 Workqueue: hci1 hci_conn_timeout FS: 0000000000000000(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000 task: ffff8881e7a1e040 task.stack: ffff8881d2bf8000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000055d061 CR3: 0000000007e6a006 CR4: 00000000001606f0 RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RSP: 0018:ffff8881d2bffd48 EFLAGS: 00010282 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: RAX: 00000000ffffeb54 RBX: ffff8881e7516c60 RCX: ffffed103cf43d18 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881e7516b50 process_one_work+0x74f/0x1620 kernel/workqueue.c:2116 RBP: ffff8881d2bffd60 R08: 1ffff1103cf43d18 R09: ffffffff8955c630 R10: 0000000000000028 R11: ffff8881e7a1e040 R12: ffff8881ea130100 worker_thread+0xcc/0xee0 kernel/workqueue.c:2250 R13: ffff8881f2440080 R14: ffff8881eed13800 R15: ffff8881e7516c60 FS: 0000000000000000(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000 kthread+0x338/0x400 kernel/kthread.c:232 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000536038 CR3: 0000000007e6a005 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Code: Call Trace: df process_one_work+0x74f/0x1620 kernel/workqueue.c:2116 48 8d worker_thread+0xcc/0xee0 kernel/workqueue.c:2250 93 kthread+0x338/0x400 kernel/kthread.c:232 80 02 00 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 00 Code: 48 df 89 48 f9 8d 48 93 c1 80 e9 02 03 00 00 48 89 80 f9 3c 48 01 c1 00 e9 75 03 45 80 48 3c 8b 01 35 00 85 75 45 88 48 02 8b 03 35 bf 85 40 88 00 02 00 03 00 bf e8 40 6b 00 92 00 89 00 fb e8 e9 6b 38 92 ff 89 ff fb ff e9 <0f> 38 0b ff e9 ff a2 ff fe <0f> ff 0b ff e9 e8 a2 fa fe 7c ff d1 ff fb e8 e9 fa 84 7c fe d1 ff fb ff e9 e8 84 b0 fe 7c ff d1 ff e8 ---[ end trace bda0ba17ed148ecc ]--- b0 ------------[ cut here ]------------ 7c WARNING: CPU: 0 PID: 5801 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline] WARNING: CPU: 0 PID: 5801 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline] WARNING: CPU: 0 PID: 5801 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline] WARNING: CPU: 0 PID: 5801 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419 d1 Modules linked in: ---[ end trace bda0ba17ed148ecd ]--- CPU: 0 PID: 5801 Comm: kworker/u5:1 Tainted: G W 4.14.228-syzkaller #0 ------------[ cut here ]------------ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 WARNING: CPU: 1 PID: 5804 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline] WARNING: CPU: 1 PID: 5804 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline] WARNING: CPU: 1 PID: 5804 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline] WARNING: CPU: 1 PID: 5804 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419 Workqueue: hci4 hci_conn_timeout Modules linked in: task: ffff8881e7d1c640 task.stack: ffff8881de750000 RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404 CPU: 1 PID: 5804 Comm: kworker/u5:2 Tainted: G W 4.14.228-syzkaller #0 RSP: 0018:ffff8881de757d48 EFLAGS: 00010282 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci3 hci_conn_timeout RAX: 00000000ffffeb40 RBX: ffff8881e8ea2ce0 RCX: ffffed103cfa39d8 task: ffff8881ef3f46c0 task.stack: ffff8881e2238000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881e8ea2bd0 RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404 RBP: ffff8881de757d60 R08: 1ffff1103cfa39d8 R09: ffffffff8955c630 RSP: 0018:ffff8881e223fd48 EFLAGS: 00010286 R10: 0000000000000028 R11: ffff8881e7d1c640 R12: ffff8881e9cd1c00 R13: ffff8881f2440080 R14: ffff8881e7c22400 R15: ffff8881e8ea2ce0 FS: 0000000000000000(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000 RAX: 00000000ffffebfa RBX: ffff8881e79ecc60 RCX: ffffed103de7e9e8 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881e79ecb50 RBP: ffff8881e223fd60 R08: 1ffff1103de7e9e8 R09: ffffffff8955c630 CR2: 000000000055d061 CR3: 0000000007e6a006 CR4: 00000000001606f0 R10: 0000000000000028 R11: ffff8881ef3f46c0 R12: ffff8881ea106d00 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 R13: ffff8881f2440080 R14: ffff8881e4716400 R15: ffff8881e79ecc60 FS: 0000000000000000(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8479995000 CR3: 0000000007e6a005 CR4: 00000000001606e0 Call Trace: process_one_work+0x74f/0x1620 kernel/workqueue.c:2116 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 worker_thread+0xcc/0xee0 kernel/workqueue.c:2250 Call Trace: kthread+0x338/0x400 kernel/kthread.c:232 process_one_work+0x74f/0x1620 kernel/workqueue.c:2116 worker_thread+0xcc/0xee0 kernel/workqueue.c:2250 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 kthread+0x338/0x400 kernel/kthread.c:232 Code: df 48 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 8d Code: 93 df 80 48 02 8d 00 93 00 80 48 02 89 00 f9 00 48 48 c1 89 e9 f9 03 48 80 c1 3c e9 01 03 00 80 75 3c 45 01 48 00 8b 75 35 45 85 48 88 8b 02 35 03 85 bf 88 40 02 00 03 00 bf 00 40 e8 00 6b 00 92 00 89 e8 fb 6b e9 92 38 89 ff fb ff e9 ff 38 <0f> ff 0b ff e9 ff a2 <0f> fe 0b ff e9 ff a2 e8 fe fa ff 7c ff d1 e8 fb fa e9 7c 84 d1 fe fb ff e9 ff 84 e8 fe b0 ff 7c ff d1 e8 b0 ---[ end trace bda0ba17ed148ece ]--- 7c ------------[ cut here ]------------ d1 WARNING: CPU: 0 PID: 5810 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline] WARNING: CPU: 0 PID: 5810 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline] WARNING: CPU: 0 PID: 5810 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline] WARNING: CPU: 0 PID: 5810 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419 Modules linked in: ---[ end trace bda0ba17ed148ecf ]--- CPU: 0 PID: 5810 Comm: kworker/u5:3 Tainted: G W 4.14.228-syzkaller #0 ------------[ cut here ]------------ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 WARNING: CPU: 1 PID: 1204 at net/bluetooth/hci_conn.c:404 queue_work include/linux/workqueue.h:491 [inline] WARNING: CPU: 1 PID: 1204 at net/bluetooth/hci_conn.c:404 schedule_work include/linux/workqueue.h:549 [inline] WARNING: CPU: 1 PID: 1204 at net/bluetooth/hci_conn.c:404 hci_connect_le_scan_remove net/bluetooth/hci_conn.c:185 [inline] WARNING: CPU: 1 PID: 1204 at net/bluetooth/hci_conn.c:404 hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:419 Workqueue: hci2 hci_conn_timeout Modules linked in: task: ffff8881e8158180 task.stack: ffff8881debd0000 CPU: 1 PID: 1204 Comm: kworker/u5:0 Tainted: G W 4.14.228-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404 Workqueue: hci0 hci_conn_timeout RSP: 0018:ffff8881debd7d48 EFLAGS: 00010282 task: ffff8881f2482040 task.stack: ffff8881f2468000 RIP: 0010:hci_conn_timeout+0x1aa/0x200 net/bluetooth/hci_conn.c:404 RAX: 00000000ffffec34 RBX: ffff8881dea728e0 RCX: ffffed103d02b140 RSP: 0018:ffff8881f246fd48 EFLAGS: 00010286 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881dea727d0 RBP: ffff8881debd7d60 R08: 1ffff1103d02b140 R09: ffffffff8955c630 R10: 0000000000000028 R11: ffff8881e8158180 R12: ffff8881e9e84f00 RAX: 00000000ffffeb2e RBX: ffff8881d3b9e320 RCX: ffffed103e490518 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881d3b9e210 R13: ffff8881f2440080 R14: ffff8881e7c22c00 R15: ffff8881dea728e0 FS: 0000000000000000(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000 RBP: ffff8881f246fd60 R08: 1ffff1103e490518 R09: ffffffff8955c630 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fef2f2a1000 CR3: 0000000007e6a002 CR4: 00000000001606f0 R10: 0000000000000028 R11: ffff8881f2482040 R12: ffff8881f2bcfe00 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 R13: ffff8881f2440080 R14: ffff8881eed13000 R15: ffff8881d3b9e320 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: FS: 0000000000000000(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000 process_one_work+0x74f/0x1620 kernel/workqueue.c:2116 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000055d061 CR3: 0000000007e6a005 CR4: 00000000001606e0 worker_thread+0xcc/0xee0 kernel/workqueue.c:2250 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kthread+0x338/0x400 kernel/kthread.c:232 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: process_one_work+0x74f/0x1620 kernel/workqueue.c:2116 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Code: worker_thread+0xcc/0xee0 kernel/workqueue.c:2250 df kthread+0x338/0x400 kernel/kthread.c:232 48 8d 93 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 80 Code: 02 df 00 48 00 8d 48 93 89 80 f9 02 48 00 c1 00 e9 03 48 80 89 3c f9 01 48 00 c1 75 e9 45 03 48 80 8b 3c 35 01 85 00 88 75 02 45 03 48 bf 8b 40 35 00 85 00 88 00 02 e8 03 6b bf 92 40 89 00 fb 00 e9 38 00 ff e8 ff 6b ff 92 <0f> 89 0b fb e9 e9 a2 38 fe ff ff ff ff ff e8 <0f> fa 0b 7c e9 d1 a2 fb fe e9 ff 84 ff fe e8 ff fa ff 7c e8 d1 b0 fb 7c e9 d1 84 ---[ end trace bda0ba17ed148ed0 ]--- fe ff ff e8 b0 7c d1 ---[ end trace bda0ba17ed148ed1 ]--- Bluetooth: hci0 command 0x0406 tx timeout Bluetooth: hci3 command 0x0406 tx timeout Bluetooth: hci4 command 0x0406 tx timeout Bluetooth: hci2 command 0x0406 tx timeout Bluetooth: hci5 command 0x0406 tx timeout Bluetooth: hci1 command 0x0406 tx timeout