------------[ cut here ]------------ WARNING: CPU: 1 PID: 5925 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 ------------[ cut here ]------------ Modules linked in: CPU: 1 PID: 5925 Comm: kworker/u5:6 Not tainted 4.19.201-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci0 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Code: 87 e8 e1 aa eb ff 0f 0b e9 4b da 35 ff e8 7c eb b7 fa 48 c7 c7 c0 b8 cd 87 e8 07 a8 02 00 48 c7 c7 80 bc cd 87 e8 bd aa eb ff <0f> 0b e9 26 84 37 ff e8 58 eb b7 fa 48 c7 c7 40 c2 cd 87 e8 e3 a7 RSP: 0018:ffff8881d27cfd40 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881e6e8a160 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767a200 RDI: ffffffff8a19faa0 RBP: ffff8881d27cfd58 R08: ffffed103ed25081 R09: ffffed103ed25080 R10: ffffed103ed25080 R11: ffff8881f6928407 R12: ffff8881e6e8a040 R13: ffff8881f2826040 R14: ffff8881e3c23800 R15: ffff8881e6e8a160 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 ------------[ cut here ]------------ CR2: 000000000055d061 CR3: 000000000846d005 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 ------------[ cut here ]------------ worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 450348 hardirqs last enabled at (450347): [] console_unlock+0xa4a/0xe20 kernel/printk/printk.c:2489 hardirqs last disabled at (450348): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (443764): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last disabled at (443753): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (443753): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 WARNING: CPU: 0 PID: 5922 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 ---[ end trace 322d2de6529a2371 ]--- Modules linked in: ------------[ cut here ]------------ CPU: 0 PID: 5922 Comm: kworker/u5:4 Tainted: G W 4.19.201-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci4 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 WARNING: CPU: 1 PID: 5923 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Code: 87 e8 e1 aa eb ff 0f 0b e9 4b da 35 ff e8 7c eb b7 fa 48 c7 c7 c0 b8 cd 87 e8 07 a8 02 00 48 c7 c7 80 bc cd 87 e8 bd aa eb ff <0f> 0b e9 26 84 37 ff e8 58 eb b7 fa 48 c7 c7 40 c2 cd 87 e8 e3 a7 Modules linked in: RSP: 0018:ffff8881e8667d40 EFLAGS: 00010286 CPU: 1 PID: 5923 Comm: kworker/u5:5 Tainted: G W 4.19.201-syzkaller #0 RAX: 0000000000000024 RBX: ffff8881d1bce420 RCX: 0000000000000000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RDX: 0000000000000000 RSI: ffffffff8767a200 RDI: ffffffff8a19faa0 RBP: ffff8881e8667d58 R08: ffffed103ed05081 R09: ffffed103ed05080 Workqueue: hci1 hci_conn_timeout R10: ffffed103ed05080 R11: ffff8881f6828407 R12: ffff8881d1bce300 R13: ffff8881f2826040 R14: ffff8881efc69000 R15: ffff8881d1bce420 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 Code: 87 e8 e1 aa eb ff 0f 0b e9 4b da 35 ff e8 7c eb b7 fa 48 c7 c7 c0 b8 cd 87 e8 07 a8 02 00 48 c7 c7 80 bc cd 87 e8 bd aa eb ff <0f> 0b e9 26 84 37 ff e8 58 eb b7 fa 48 c7 c7 40 c2 cd 87 e8 e3 a7 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RSP: 0018:ffff8881d19bfd40 EFLAGS: 00010286 CR2: 0000000000533198 CR3: 000000000846d004 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RAX: 0000000000000024 RBX: ffff8881e778a760 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767a200 RDI: ffffffff8a19faa0 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 RBP: ffff8881d19bfd58 R08: ffffed103ed25081 R09: ffffed103ed25080 Call Trace: R10: ffffed103ed25080 R11: ffff8881f6928407 R12: ffff8881e778a640 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 R13: ffff8881f2826040 R14: ffff8881f4505c00 R15: ffff8881e778a760 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f50dc0360e8 CR3: 000000000846d005 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: worker_thread+0x85/0xb60 kernel/workqueue.c:2296 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 kthread+0x347/0x410 kernel/kthread.c:259 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 452 kthread+0x347/0x410 kernel/kthread.c:259 hardirqs last enabled at (451): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (451): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (452): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (446): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 softirqs last disabled at (435): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (435): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 irq event stamp: 450 ---[ end trace 322d2de6529a2372 ]--- ------------[ cut here ]------------ hardirqs last enabled at (449): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (449): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (450): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (0): [] copy_process.part.2+0x176b/0x7960 kernel/fork.c:1855 softirqs last disabled at (0): [<0000000000000000>] (null) ---[ end trace 322d2de6529a2373 ]--- WARNING: CPU: 1 PID: 5926 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 WARNING: CPU: 0 PID: 5919 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Modules linked in: Modules linked in: CPU: 1 PID: 5926 Comm: kworker/u5:7 Tainted: G W 4.19.201-syzkaller #0 CPU: 0 PID: 5919 Comm: kworker/u5:2 Tainted: G W 4.19.201-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci2 hci_conn_timeout Workqueue: hci3 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Code: 87 e8 e1 aa eb ff 0f 0b e9 4b da 35 ff e8 7c eb b7 fa 48 c7 c7 c0 b8 cd 87 e8 07 a8 02 00 48 c7 c7 80 bc cd 87 e8 bd aa eb ff <0f> 0b e9 26 84 37 ff e8 58 eb b7 fa 48 c7 c7 40 c2 cd 87 e8 e3 a7 Code: 87 e8 e1 aa eb ff 0f 0b e9 4b da 35 ff e8 7c eb b7 fa 48 c7 c7 c0 b8 cd 87 e8 07 a8 02 00 48 c7 c7 80 bc cd 87 e8 bd aa eb ff <0f> 0b e9 26 84 37 ff e8 58 eb b7 fa 48 c7 c7 40 c2 cd 87 e8 e3 a7 RSP: 0018:ffff8881d2adfd40 EFLAGS: 00010286 RSP: 0018:ffff8881e7a57d40 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881d26f89e0 RCX: 0000000000000000 RAX: 0000000000000024 RBX: ffff8881e7004560 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767a200 RDI: ffffffff8a19faa0 RBP: ffff8881d2adfd58 R08: ffffed103ed25081 R09: ffffed103ed25080 RDX: 0000000000000000 RSI: ffffffff8767a200 RDI: ffffffff8a19faa0 RBP: ffff8881e7a57d58 R08: ffffed103ed05081 R09: ffffed103ed05080 R10: ffffed103ed25080 R11: ffff8881f6928407 R12: ffff8881d26f88c0 R13: ffff8881f2826040 R14: ffff8881f4505400 R15: ffff8881d26f89e0 R10: ffffed103ed05080 R11: ffff8881f6828407 R12: ffff8881e7004440 R13: ffff8881f2826040 R14: ffff8881d73bd400 R15: ffff8881e7004560 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f50e8e5e000 CR3: 000000000846d005 CR4: 00000000001606e0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1805149000 CR3: 000000000846d004 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Call Trace: process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x347/0x410 kernel/kthread.c:259 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 1022 irq event stamp: 425764 hardirqs last enabled at (1021): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (1021): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last enabled at (425763): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (425763): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (1022): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1018): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 hardirqs last disabled at (425764): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (425760): [] __do_softirq+0x62d/0x919 kernel/softirq.c:318 softirqs last disabled at (1011): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (1011): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 softirqs last disabled at (425749): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (425749): [] irq_exit+0x17f/0x1c0 kernel/softirq.c:412 ---[ end trace 322d2de6529a2374 ]--- ---[ end trace 322d2de6529a2375 ]--- WARNING: CPU: 0 PID: 5920 at net/bluetooth/hci_conn.c:404 hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Modules linked in: CPU: 0 PID: 5920 Comm: kworker/u5:3 Tainted: G W 4.19.201-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: hci5 hci_conn_timeout RIP: 0010:hci_conn_timeout.cold.5+0xc/0x13 net/bluetooth/hci_conn.c:404 Code: 87 e8 e1 aa eb ff 0f 0b e9 4b da 35 ff e8 7c eb b7 fa 48 c7 c7 c0 b8 cd 87 e8 07 a8 02 00 48 c7 c7 80 bc cd 87 e8 bd aa eb ff <0f> 0b e9 26 84 37 ff e8 58 eb b7 fa 48 c7 c7 40 c2 cd 87 e8 e3 a7 RSP: 0018:ffff8881e879fd40 EFLAGS: 00010286 RAX: 0000000000000024 RBX: ffff8881e72304a0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8767a200 RDI: ffffffff8a19faa0 RBP: ffff8881e879fd58 R08: ffffed103ed05081 R09: ffffed103ed05080 R10: ffffed103ed05080 R11: ffff8881f6828407 R12: ffff8881e7230380 R13: ffff8881f2826040 R14: ffff8881e56f3400 R15: ffff8881e72304a0 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1805149000 CR3: 000000000846d004 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 560 hardirqs last enabled at (559): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (559): [] _raw_spin_unlock_irq+0x27/0x90 kernel/locking/spinlock.c:192 hardirqs last disabled at (560): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (0): [] copy_process.part.2+0x176b/0x7960 kernel/fork.c:1855 softirqs last disabled at (0): [<0000000000000000>] (null) ---[ end trace 322d2de6529a2376 ]--- Bluetooth: hci3: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci2: command 0x0406 tx timeout Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci0: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout