Bluetooth: hci0: Opcode 0x0c20 failed: -22 ------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: timer_list hint: hci_cmd_timeout+0x0/0x1cc net/bluetooth/hci_core.c:1006 WARNING: CPU: 0 PID: 6541 at lib/debugobjects.c:518 debug_print_object lib/debugobjects.c:515 [inline] WARNING: CPU: 0 PID: 6541 at lib/debugobjects.c:518 __debug_check_no_obj_freed lib/debugobjects.c:979 [inline] WARNING: CPU: 0 PID: 6541 at lib/debugobjects.c:518 debug_check_no_obj_freed+0x394/0x478 lib/debugobjects.c:1009 Modules linked in: CPU: 0 PID: 6541 Comm: syz.3.548 Tainted: G W 6.1.122-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : debug_print_object lib/debugobjects.c:515 [inline] pc : __debug_check_no_obj_freed lib/debugobjects.c:979 [inline] pc : debug_check_no_obj_freed+0x394/0x478 lib/debugobjects.c:1009 lr : debug_print_object lib/debugobjects.c:515 [inline] lr : __debug_check_no_obj_freed lib/debugobjects.c:979 [inline] lr : debug_check_no_obj_freed+0x394/0x478 lib/debugobjects.c:1009 sp : ffff800021b77640 x29: ffff800021b77680 x28: 0000000000000000 x27: ffff8000124a9a60 x26: ffff0000d9f20c08 x25: dfff800000000000 x24: 0000000000000006 x23: ffff80001cf377e0 x22: ffff0000d9f20000 x21: 0000000000000000 x20: ffff80001150bf50 x19: ffff0000d9f20000 x18: 0000000000114c88 x17: 0000000000008a64 x16: ffff800012330d74 x15: ffff80002784c000 x14: 0000000000000001 x13: 0000000000000000 x12: 0000000000000007 x11: 0000000000ff0100 x10: 0000000000000003 x9 : ecf92b21a616e800 x8 : ecf92b21a616e800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800021b76f38 x4 : ffff800015b731e0 x3 : ffff800008586b18 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: debug_print_object lib/debugobjects.c:515 [inline] __debug_check_no_obj_freed lib/debugobjects.c:979 [inline] debug_check_no_obj_freed+0x394/0x478 lib/debugobjects.c:1009 slab_free_hook mm/slub.c:1699 [inline] slab_free_freelist_hook mm/slub.c:1750 [inline] slab_free mm/slub.c:3661 [inline] __kmem_cache_free+0x258/0x4b4 mm/slub.c:3674 kfree+0xcc/0x1b8 mm/slab_common.c:988 hci_release_dev+0x1040/0x11a8 net/bluetooth/hci_core.c:2766 bt_host_release+0x70/0x88 net/bluetooth/hci_sysfs.c:85 device_release+0x8c/0x1ac kobject_cleanup lib/kobject.c:681 [inline] kobject_release lib/kobject.c:712 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x2a8/0x41c lib/kobject.c:729 put_device+0x28/0x40 drivers/base/core.c:3804 hci_dev_put include/net/bluetooth/hci_core.h:1429 [inline] hci_dev_cmd+0x274/0x8dc net/bluetooth/hci_core.c:795 hci_sock_ioctl+0x4b8/0x82c net/bluetooth/hci_sock.c:1096 sock_do_ioctl+0x134/0x2dc net/socket.c:1204 sock_ioctl+0x4ec/0x858 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 irq event stamp: 2622 hardirqs last enabled at (2621): [] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (2622): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (2402): [] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (2402): [] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (1589): [] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]---