Bluetooth: hci5: command 0x040f tx timeout ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7 at kernel/workqueue.c:1450 __queue_work+0xee4/0x114c kernel/workqueue.c:1450 Modules linked in: CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 5.15.111-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 Workqueue: events hci_cmd_timeout pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __queue_work+0xee4/0x114c kernel/workqueue.c:1450 lr : __queue_work+0xee4/0x114c kernel/workqueue.c:1450 sp : ffff8000188b7a40 x29: ffff8000188b7a80 x28: ffff0001b4810500 x27: 0000000000000008 x26: ffff0000d4b2f000 x25: dfff800000000000 x24: ffff0000d4b2f1c0 x23: 1fffe0001a965e38 x22: ffff0000c08fb688 x21: 1fffe0001811f6d1 x20: 00000000000b0012 x19: ffff0000c1bdcb30 x18: 0000000000000001 x17: ff808000083359dc x16: ffff8000082ea2a4 x15: ffff8000083359dc x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000 x11: ff80800008204f08 x10: 0000000000000000 x9 : ffff800008204f08 x8 : ffff0000c08fb680 x7 : 0000000000000000 x6 : 0000000000060108 x5 : ffff8000188b7178 x4 : 0000000000000000 x3 : ffff800008203f30 x2 : ffff0000c1bdcb30 x1 : 0000000000200000 x0 : 0000000000000000 Call trace: __queue_work+0xee4/0x114c kernel/workqueue.c:1450 queue_work_on+0xc4/0x17c kernel/workqueue.c:1556 queue_work include/linux/workqueue.h:502 [inline] hci_cmd_timeout+0x170/0x1c8 net/bluetooth/hci_core.c:2787 process_one_work+0x790/0x11b8 kernel/workqueue.c:2307 worker_thread+0x910/0x1034 kernel/workqueue.c:2454 kthread+0x37c/0x45c kernel/kthread.c:319 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 irq event stamp: 1270514 hardirqs last enabled at (1270513): [] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257 hardirqs last disabled at (1270514): [] queue_work_on+0x7c/0x17c kernel/workqueue.c:1553 softirqs last enabled at (1270432): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (1270432): [] nsim_dev_trap_report drivers/net/netdevsim/dev.c:739 [inline] softirqs last enabled at (1270432): [] nsim_dev_trap_report_work+0x610/0x90c drivers/net/netdevsim/dev.c:765 softirqs last disabled at (1270430): [] spin_lock_bh include/linux/spinlock.h:368 [inline] softirqs last disabled at (1270430): [] nsim_dev_trap_report drivers/net/netdevsim/dev.c:735 [inline] softirqs last disabled at (1270430): [] nsim_dev_trap_report_work+0x58c/0x90c drivers/net/netdevsim/dev.c:765 ---[ end trace a8f1547068e9f78b ]--- usb 1-1: new high-speed USB device number 33 using dummy_hcd usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 usb 1-1: config 0 descriptor?? keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0003/input/input16 keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready