------------[ cut here ]------------ WARNING: CPU: 1 PID: 5933 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Modules linked in: CPU: 1 PID: 5933 Comm: kworker/u5:2 Not tainted 4.19.206-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci5 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Code: 87 e8 58 aa eb ff 0f 0b e9 9e d6 35 ff e8 0f 06 b8 fa 48 c7 c7 c0 bc cd 87 e8 07 a8 02 00 48 c7 c7 80 c0 cd 87 e8 34 aa eb ff <0f> 0b e9 a9 80 37 ff e8 eb 05 b8 fa 48 c7 c7 40 c6 cd 87 e8 e3 a7 ------------[ cut here ]------------ RSP: 0018:ffff8881e880fd40 EFLAGS: 00010286 ------------[ cut here ]------------ RAX: 0000000000000024 RBX: ffff8881e700e4e0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767a460 RDI: ffffffff8a19faa0 RBP: ffff8881e880fd58 R08: ffffed103ed25091 R09: ffffed103ed25090 R10: ffffed103ed25090 R11: ffff8881f6928487 R12: ffff8881e700e3c0 R13: ffff8881f28dd200 R14: ffff8881f5173400 R15: ffff8881e700e4e0 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000533198 CR3: 000000000846d003 CR4: 00000000001606e0 WARNING: CPU: 0 PID: 5940 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Modules linked in: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 CPU: 0 PID: 5940 Comm: kworker/u5:8 Not tainted 4.19.206-syzkaller #0 Call Trace: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 Workqueue: hci4 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Code: 87 e8 58 aa eb ff 0f 0b e9 9e d6 35 ff e8 0f 06 b8 fa 48 c7 c7 c0 bc cd 87 e8 07 a8 02 00 48 c7 c7 80 c0 cd 87 e8 34 aa eb ff <0f> 0b e9 a9 80 37 ff e8 eb 05 b8 fa 48 c7 c7 40 c6 cd 87 e8 e3 a7 RSP: 0018:ffff8881d19ffd40 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881f04c0320 RCX: 0000000000000000 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 RDX: 0000000000000000 RSI: ffffffff8767a460 RDI: ffffffff8a19faa0 RBP: ffff8881d19ffd58 R08: ffffed103ed05091 R09: ffffed103ed05090 kthread+0x347/0x410 kernel/kthread.c:259 R10: ffffed103ed05090 R11: ffff8881f6828487 R12: ffff8881f04c0200 R13: ffff8881f28dd200 R14: ffff8881e2e41400 R15: ffff8881f04c0320 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 irq event stamp: 390086 CR2: 000000000055d061 CR3: 000000000846d006 CR4: 00000000001606f0 hardirqs last enabled at (390085): [] console_unlock+0xa4a/0xe20 kernel/printk/printk.c:2489 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 hardirqs last disabled at (390086): [] trace_hardirqs_off_thunk+0x1a/0x1c DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 softirqs last enabled at (383558): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 Call Trace: softirqs last disabled at (383267): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (383267): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 ---[ end trace 525839a59d45be6d ]--- ------------[ cut here ]------------ worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x347/0x410 kernel/kthread.c:259 ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1232 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Modules linked in: ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 CPU: 1 PID: 1232 Comm: kworker/u5:0 Tainted: G W 4.19.206-syzkaller #0 irq event stamp: 44712 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 hardirqs last enabled at (44711): [] trace_hardirqs_on_thunk+0x1a/0x1c Workqueue: hci0 hci_conn_timeout hardirqs last disabled at (44712): [] trace_hardirqs_off_thunk+0x1a/0x1c RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 softirqs last enabled at (44710): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 Code: 87 e8 58 aa eb ff 0f 0b e9 9e d6 35 ff e8 0f 06 b8 fa 48 c7 c7 c0 bc cd 87 e8 07 a8 02 00 48 c7 c7 80 c0 cd 87 e8 34 aa eb ff <0f> 0b e9 a9 80 37 ff e8 eb 05 b8 fa 48 c7 c7 40 c6 cd 87 e8 e3 a7 softirqs last disabled at (44703): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (44703): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 RSP: 0018:ffff8881f291fd40 EFLAGS: 00010286 ---[ end trace 525839a59d45be6e ]--- RAX: 0000000000000024 RBX: ffff8881d0f12ea0 RCX: 0000000000000000 ------------[ cut here ]------------ RDX: 0000000000000000 RSI: ffffffff8767a460 RDI: ffffffff8a19faa0 WARNING: CPU: 0 PID: 5938 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 RBP: ffff8881f291fd58 R08: ffffed103ed25091 R09: ffffed103ed25090 Modules linked in: R10: ffffed103ed25090 R11: ffff8881f6928487 R12: ffff8881d0f12d80 R13: ffff8881f28dd200 R14: ffff8881f5173c00 R15: ffff8881d0f12ea0 CPU: 0 PID: 5938 Comm: kworker/u5:6 Tainted: G W 4.19.206-syzkaller #0 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3261d8e018 CR3: 000000000846d003 CR4: 00000000001606e0 Workqueue: hci2 hci_conn_timeout DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Code: 87 e8 58 aa eb ff 0f 0b e9 9e d6 35 ff e8 0f 06 b8 fa 48 c7 c7 c0 bc cd 87 e8 07 a8 02 00 48 c7 c7 80 c0 cd 87 e8 34 aa eb ff <0f> 0b e9 a9 80 37 ff e8 eb 05 b8 fa 48 c7 c7 40 c6 cd 87 e8 e3 a7 Call Trace: RSP: 0018:ffff8881d0e0fd40 EFLAGS: 00010286 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 RAX: 0000000000000024 RBX: ffff8881e7c18420 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767a460 RDI: ffffffff8a19faa0 RBP: ffff8881d0e0fd58 R08: ffffed103ed05091 R09: ffffed103ed05090 R10: ffffed103ed05090 R11: ffff8881f6828487 R12: ffff8881e7c18300 R13: ffff8881f28dd200 R14: ffff8881d8f6e400 R15: ffff8881e7c18420 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kthread+0x347/0x410 kernel/kthread.c:259 CR2: 0000000000533198 CR3: 000000000846d001 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Call Trace: irq event stamp: 778 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 hardirqs last enabled at (777): [] console_unlock+0xb9e/0xe20 kernel/printk/printk.c:2464 hardirqs last disabled at (778): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (0): [] copy_process.part.2+0x176b/0x7960 kernel/fork.c:1855 softirqs last disabled at (0): [<0000000000000000>] (null) ---[ end trace 525839a59d45be6f ]--- WARNING: CPU: 1 PID: 5934 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 Modules linked in: CPU: 1 PID: 5934 Comm: kworker/u5:3 Tainted: G W 4.19.206-syzkaller #0 kthread+0x347/0x410 kernel/kthread.c:259 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci3 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Code: 87 e8 58 aa eb ff 0f 0b e9 9e d6 35 ff e8 0f 06 b8 fa 48 c7 c7 c0 bc cd 87 e8 07 a8 02 00 48 c7 c7 80 c0 cd 87 e8 34 aa eb ff <0f> 0b e9 a9 80 37 ff e8 eb 05 b8 fa 48 c7 c7 40 c6 cd 87 e8 e3 a7 irq event stamp: 391986 RSP: 0018:ffff8881e8c5fd40 EFLAGS: 00010286 hardirqs last enabled at (391985): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (391985): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 RAX: 0000000000000024 RBX: ffff8881d0eeade0 RCX: 0000000000000000 hardirqs last disabled at (391986): [] trace_hardirqs_off_thunk+0x1a/0x1c RDX: 0000000000000000 RSI: ffffffff8767a460 RDI: ffffffff8a19faa0 softirqs last enabled at (391982): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 RBP: ffff8881e8c5fd58 R08: ffffed103ed25091 R09: ffffed103ed25090 softirqs last disabled at (391969): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (391969): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 R10: ffffed103ed25090 R11: ffff8881f6928487 R12: ffff8881d0eeacc0 ---[ end trace 525839a59d45be70 ]--- R13: ffff8881f28dd200 R14: ffff8881e2e41c00 R15: ffff8881d0eeade0 WARNING: CPU: 0 PID: 5937 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 Modules linked in: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CPU: 0 PID: 5937 Comm: kworker/u5:5 Tainted: G W 4.19.206-syzkaller #0 CR2: 00007f3261d8e018 CR3: 000000000846d003 CR4: 00000000001606e0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Workqueue: hci1 hci_conn_timeout DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Call Trace: Code: 87 e8 58 aa eb ff 0f 0b e9 9e d6 35 ff e8 0f 06 b8 fa 48 c7 c7 c0 bc cd 87 e8 07 a8 02 00 48 c7 c7 80 c0 cd 87 e8 34 aa eb ff <0f> 0b e9 a9 80 37 ff e8 eb 05 b8 fa 48 c7 c7 40 c6 cd 87 e8 e3 a7 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 RSP: 0018:ffff8881e8e07d40 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881e8952e60 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767a460 RDI: ffffffff8a19faa0 RBP: ffff8881e8e07d58 R08: ffffed103ed05091 R09: ffffed103ed05090 R10: ffffed103ed05090 R11: ffff8881f6828487 R12: ffff8881e8952d40 R13: ffff8881f28dd200 R14: ffff8881d8f6ec00 R15: ffff8881e8952e60 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kthread+0x347/0x410 kernel/kthread.c:259 CR2: 0000000000533198 CR3: 000000000846d003 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Call Trace: irq event stamp: 544 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 hardirqs last enabled at (543): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (543): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (544): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (0): [] copy_process.part.2+0x176b/0x7960 kernel/fork.c:1855 softirqs last disabled at (0): [<0000000000000000>] (null) ---[ end trace 525839a59d45be71 ]--- worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 460 hardirqs last enabled at (459): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (459): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (460): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (456): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last disabled at (441): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (441): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 ---[ end trace 525839a59d45be72 ]--- Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci3: command 0x0406 tx timeout Bluetooth: hci0: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci2: command 0x0406 tx timeout