program: syz_mount_image$vfat(&(0x7f0000000100), &(0x7f00000002c0)='./bus\x00', 0x1800840, &(0x7f0000000180)=ANY=[], 0x1, 0x367, &(0x7f0000000840)="$eJzs3U9oHFUYAPBvO0k2KdTkIBQFYfQmaOgfPOgppaRQ3IvKUvXkYlOVbCxkcTE9dBsv4lHwqCcv4kEPHnoWQRFvHrxaQariQXsrWH2yu7PZ2ewmpsK2Fn+/w/Lle++b995mkp1Msi8vrcT6+dm4cOPG9Zifr8TMyumVuFmJpchi4EqMm5uQAwDuDTdTit9T3wFLKlOeEgAwZb3X/1eOlDJvfblf/+TVHwDuecXP/wv79Znfq+HiVKYEAEzZ2P3/R0aa50Z/1T9T+qsAAOBe9dwLLz59qhbxbJ7PR2y83a636/HUsP3UhXgtmrEWx2IxbkX0LxS6D5Xe45mztdVjeZ534qelqHcr2vWIjU673r9SOJX16qtxPBZjqagvrjZSStmZz2qrx/OeiLjS6Y0fG5V2fTYOF+N/fzjW4kTkcf9YfcTZ2uqJvDhAfWNQ34nYHt636M5/ORbj25fjYjTj/MK5SGlwWVNbvXw8z0+n2kh9u16N8zvPwp53QAAAAAAAAAAAAAAAAAAAAAAA4F9Zzncs7ex/k4b79ywvT2jv7Y/Try/2B9ru7w+UqilS+u3Nx+vvZDGyP9Du/Xna9Zk4dHeXDgAAAAAAAAAAAAAAAAAAAP8Zra25aDSba5utrUvr5aCz2do6FBHdzOtff/LFQoz3+Ydgphij1JQXqUvrjZQNOqdspE8RZN3BB5mPr+7MuNynurOKidOo7t3UbB55+Mf3h5mHssGR/xr2yWLyArNd0ygHG/f1p3Q7T9Slk0VwYnKfwTKb11JKk4/zZ0pp/MhRiZi5/U/cSJDvzqRu8NX1Vx842Tr6RC/zeep79LHFc9fe+/CX9UazO3Jvyh/NbbZupfVG8fHkk23vICudP5XoB5XymTCzX/n2aKaRfffr8w+++83BRk/lzBsT+mT95Xy62dqqFF8pvaZK/7Tp5nZVLTTPZhG7jjM74eSfQnD0g5XG1cs//HzQqtI3CRt1AAAAAAAAAAAAAAAAAADAHVF6r3iheLPv7H5VTz4z/ZkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ0z/P//pWB7LHOQ4I9OjDdV1zZbEXN3e5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzP/R0AAP//pSBp3g==") ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3bcc9942, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3be5, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x748c2444, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x5]}) r0 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) write$binfmt_elf64(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc20380003"], 0xfebe) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x204040) close(r1) r2 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000bc0)=ANY=[@ANYBLOB="720ac4ff000000007110b50000000000950000e8534b15001eecec15922d88d6ee32979189df99ca5c2eb778df638af61c0cf3200a72810beb2eba6cf6645db065fc5260719a3adb8d1ed88b041d645345bfece008aa63457737aafdf519fd6269d4887d44fed387e0527eae66391c83ea39d6bb9df46986fe668ec856e277da7cafd5be0945b3ff46b14d03317875af0c9857fc74ee06c73b8c8a24fe51f24882a9aaa105add3cd48fa1afaf10e6c4fa29fadfbd706a0012c695c605af235a55516fece49d051328944044e9df24d951a98"], &(0x7f0000000480)='GPL\x00'}, 0x80) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x2710, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETLED(r5, 0x4b32, 0x6) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r7, 0x400448c8, &(0x7f00000000c0)={r6, r6, 0x206, 0x0, 0x0, 0x2, 0x72, 0x1, 0x3, 0x7, 0x0, 0x8, 'syz1\x00'}) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r8, 0x400448ca, 0x0) r9 = syz_kvm_setup_syzos_vm$x86(r4, &(0x7f0000169000/0x400000)=nil) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000500)=@bridge_newneigh={0x24, 0x1c, 0xd105d1610db53515, 0x0, 0x0, {0x2, 0x0, 0x0, r10, 0x83}, [@NDA_DST_IPV4={0x8}]}, 0x24}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000500)=@bridge_newneigh={0x24, 0x1c, 0xd105d1610db53515, 0x0, 0x0, {0x2, 0x0, 0x0, r10, 0x21}, [@NDA_DST_IPV4={0x8}]}, 0x24}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f00000016c0)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001680)={&(0x7f00000014c0)={0x18c, 0x0, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}]}, 0x18c}}, 0x4000008) r12 = syz_kvm_add_vcpu$x86(r9, &(0x7f0000000100)={0x0, 0x0}) ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f00000006c0)={0x1, 0x0, [{0x4b564d00, 0x0, 0xffe}]}) write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46"], 0x69) close(r2) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) [ 85.865889][ T5341] loop0: detected capacity change from 0 to 256 [ 85.884288][ T5341] ======================================================= [ 85.884288][ T5341] WARNING: The mand mount option has been deprecated and [ 85.884288][ T5341] and is ignored by this kernel. Remove the mand [ 85.884288][ T5341] option from the mount to silence this warning. [ 85.884288][ T5341] ======================================================= [ 85.976965][ T5341] FAT-fs (loop0): Directory bread(block 64) failed [ 85.980244][ T5341] FAT-fs (loop0): Directory bread(block 65) failed [ 85.992031][ T5341] FAT-fs (loop0): Directory bread(block 66) failed [ 86.002854][ T5341] FAT-fs (loop0): Directory bread(block 67) failed [ 86.005833][ T5341] FAT-fs (loop0): Directory bread(block 68) failed [ 86.008918][ T5341] FAT-fs (loop0): Directory bread(block 69) failed [ 86.011789][ T5341] FAT-fs (loop0): Directory bread(block 70) failed [ 86.015932][ T5341] FAT-fs (loop0): Directory bread(block 71) failed [ 86.019364][ T5341] FAT-fs (loop0): Directory bread(block 72) failed [ 86.022991][ T5341] FAT-fs (loop0): Directory bread(block 73) failed [ 86.082950][ T5341] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input5 [ 86.178449][ T5342] [ 86.179963][ T5342] ====================================================== [ 86.183269][ T5342] WARNING: possible circular locking dependency detected [ 86.186335][ T5342] syzkaller #0 Not tainted [ 86.188364][ T5342] ------------------------------------------------------ [ 86.191299][ T5342] syz.0.0/5342 is trying to acquire lock: [ 86.193757][ T5342] ffff888000c9e840 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0 [ 86.198631][ T5342] [ 86.198631][ T5342] but task is already holding lock: [ 86.201741][ T5342] ffff888000c9eb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5b0 [ 86.205644][ T5342] [ 86.205644][ T5342] which lock already depends on the new lock. [ 86.205644][ T5342] [ 86.210074][ T5342] [ 86.210074][ T5342] the existing dependency chain (in reverse order) is: [ 86.213884][ T5342] [ 86.213884][ T5342] -> #1 (&conn->lock#2){+.+.}-{4:4}: [ 86.217503][ T5342] __mutex_lock+0x187/0x1350 [ 86.219757][ T5342] l2cap_info_timeout+0x60/0xa0 [ 86.222023][ T5342] process_scheduled_works+0xad1/0x1770 [ 86.224648][ T5342] worker_thread+0x8a0/0xda0 [ 86.226820][ T5342] kthread+0x711/0x8a0 [ 86.228875][ T5342] ret_from_fork+0x510/0xa50 [ 86.231078][ T5342] ret_from_fork_asm+0x1a/0x30 [ 86.233404][ T5342] [ 86.233404][ T5342] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 86.237756][ T5342] __lock_acquire+0x15a6/0x2cf0 [ 86.240107][ T5342] lock_acquire+0x107/0x340 [ 86.242459][ T5342] __flush_work+0x6b8/0xbc0 [ 86.244767][ T5342] __cancel_work_sync+0xbe/0x110 [ 86.247178][ T5342] l2cap_conn_del+0x402/0x5b0 [ 86.249472][ T5342] hci_conn_hash_flush+0x10d/0x260 [ 86.251892][ T5342] hci_dev_close_sync+0x821/0x1100 [ 86.254227][ T5342] hci_dev_close+0x108/0x270 [ 86.256556][ T5342] sock_do_ioctl+0xdc/0x300 [ 86.258697][ T5342] sock_ioctl+0x576/0x790 [ 86.260828][ T5342] __se_sys_ioctl+0xfc/0x170 [ 86.263104][ T5342] do_syscall_64+0xec/0xf80 [ 86.265255][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.268050][ T5342] [ 86.268050][ T5342] other info that might help us debug this: [ 86.268050][ T5342] [ 86.272504][ T5342] Possible unsafe locking scenario: [ 86.272504][ T5342] [ 86.275829][ T5342] CPU0 CPU1 [ 86.278132][ T5342] ---- ---- [ 86.280406][ T5342] lock(&conn->lock#2); [ 86.282278][ T5342] lock((work_completion)(&(&conn->info_timer)->work)); [ 86.286457][ T5342] lock(&conn->lock#2); [ 86.289465][ T5342] lock((work_completion)(&(&conn->info_timer)->work)); [ 86.292505][ T5342] [ 86.292505][ T5342] *** DEADLOCK *** [ 86.292505][ T5342] [ 86.295889][ T5342] 5 locks held by syz.0.0/5342: [ 86.297986][ T5342] #0: ffff888037318ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_close+0x100/0x270 [ 86.302206][ T5342] #1: ffff8880373180c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x1100 [ 86.306374][ T5342] #2: ffffffff8f485c88 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260 [ 86.310639][ T5342] #3: ffff888000c9eb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5b0 [ 86.314652][ T5342] #4: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0 [ 86.318682][ T5342] [ 86.318682][ T5342] stack backtrace: [ 86.321297][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.321309][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.321314][ T5342] Call Trace: [ 86.321322][ T5342] [ 86.321327][ T5342] dump_stack_lvl+0xe8/0x150 [ 86.321340][ T5342] print_circular_bug+0x2e2/0x300 [ 86.321353][ T5342] check_noncircular+0x12e/0x150 [ 86.321363][ T5342] __lock_acquire+0x15a6/0x2cf0 [ 86.321373][ T5342] ? do_raw_spin_lock+0x121/0x290 [ 86.321384][ T5342] ? __flush_work+0xd2/0xbc0 [ 86.321394][ T5342] lock_acquire+0x107/0x340 [ 86.321401][ T5342] ? __flush_work+0xd2/0xbc0 [ 86.321410][ T5342] ? __flush_work+0xd2/0xbc0 [ 86.321418][ T5342] __flush_work+0x6b8/0xbc0 [ 86.321426][ T5342] ? __flush_work+0xd2/0xbc0 [ 86.321433][ T5342] ? __flush_work+0xd2/0xbc0 [ 86.321441][ T5342] ? __pfx___flush_work+0x10/0x10 [ 86.321448][ T5342] ? __pfx_wq_barrier_func+0x10/0x10 [ 86.321457][ T5342] ? __cancel_work_sync+0x5c/0x110 [ 86.321464][ T5342] __cancel_work_sync+0xbe/0x110 [ 86.321472][ T5342] l2cap_conn_del+0x402/0x5b0 [ 86.321482][ T5342] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 86.321491][ T5342] hci_conn_hash_flush+0x10d/0x260 [ 86.321500][ T5342] hci_dev_close_sync+0x821/0x1100 [ 86.321509][ T5342] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 86.321516][ T5342] ? lockdep_hardirqs_on+0x7b/0x110 [ 86.321524][ T5342] ? enable_work+0x1e9/0x220 [ 86.321534][ T5342] hci_dev_close+0x108/0x270 [ 86.321543][ T5342] sock_do_ioctl+0xdc/0x300 [ 86.321553][ T5342] ? __pfx_sock_do_ioctl+0x10/0x10 [ 86.321560][ T5342] ? do_futex+0x333/0x420 [ 86.321567][ T5342] ? call_rcu+0x644/0x890 [ 86.321578][ T5342] sock_ioctl+0x576/0x790 [ 86.321588][ T5342] ? __pfx_sock_ioctl+0x10/0x10 [ 86.321598][ T5342] ? __fget_files+0x2a/0x420 [ 86.321610][ T5342] ? __fget_files+0x3a0/0x420 [ 86.321620][ T5342] ? __fget_files+0x2a/0x420 [ 86.321630][ T5342] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.321645][ T5342] ? __pfx_sock_ioctl+0x10/0x10 [ 86.321653][ T5342] __se_sys_ioctl+0xfc/0x170 [ 86.321663][ T5342] do_syscall_64+0xec/0xf80 [ 86.321669][ T5342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.321676][ T5342] ? trace_irq_disable+0x37/0x100 [ 86.321684][ T5342] ? clear_bhb_loop+0x60/0xb0 [ 86.321691][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.321698][ T5342] RIP: 0033:0x7f632278f7c9 [ 86.321707][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.321713][ T5342] RSP: 002b:00007f6323659038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.321722][ T5342] RAX: ffffffffffffffda RBX: 00007f63229e6090 RCX: 00007f632278f7c9 [ 86.321727][ T5342] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 000000000000000c [ 86.321731][ T5342] RBP: 00007f6322813f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.321736][ T5342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.321740][ T5342] R13: 00007f63229e6128 R14: 00007f63229e6090 R15: 00007fffee852978 [ 86.321747][ T5342] [ 86.456911][ T47] Bluetooth: hci0: command tx timeout [ 86.574005][ T5341] process 'syz.0.0' launched '/dev/fd/4' with NULL argv: empty string added [ 86.644635][ T1046] kworker/u4:8: attempt to access beyond end of device [ 86.644635][ T1046] loop0: rw=1, sector=1160, nr_sectors = 4 limit=256 [ 88.462285][ T47] Bluetooth: hci0: command tx timeout [ 90.542947][ T47] Bluetooth: hci0: command tx timeout [ 91.665348][ T10] cfg80211: failed to load regulatory.db