program: r0 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0xc0, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x138) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETLED(r1, 0x4b32, 0x6) r2 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_PARM(r2, 0xc0cc5616, &(0x7f0000000180)={0x2, @raw_data="5f45d4e986e4f39ce70d55a007eea6f30d6b2a11d203c92ed588c292eb4ee32de08bf5c1c1dd97e31bea5f6bb37c3153e594fecc690e8a39a4a1f19ef6ea516761940cdc3b4b9a8fbf06348de695f133e482fd769b5be6debcc29f9ea9254f9e0f68f29f54ad02ace24b7a3cffd89721a911c70dde3c9eacb2ac19bd5c5d0f9e1a932cc4f7d6f05192fdcff227f3161e03dadb3a1c1bf0761c9abfb1d25277456e6f6659557be6ba508b5696fea23b6bd8fd443eb06b7938626518fbdf34576efbdabb48f0411d77"}) (async) ioctl$VIDIOC_S_PARM(r2, 0xc0cc5616, &(0x7f0000000180)={0x2, @raw_data="5f45d4e986e4f39ce70d55a007eea6f30d6b2a11d203c92ed588c292eb4ee32de08bf5c1c1dd97e31bea5f6bb37c3153e594fecc690e8a39a4a1f19ef6ea516761940cdc3b4b9a8fbf06348de695f133e482fd769b5be6debcc29f9ea9254f9e0f68f29f54ad02ace24b7a3cffd89721a911c70dde3c9eacb2ac19bd5c5d0f9e1a932cc4f7d6f05192fdcff227f3161e03dadb3a1c1bf0761c9abfb1d25277456e6f6659557be6ba508b5696fea23b6bd8fd443eb06b7938626518fbdf34576efbdabb48f0411d77"}) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) (async) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) (async) connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0xf, 0x0, "0c9e089c1b4a01860b479037073d223b3c1b324debec40e57a050000007eb48821996aff1e7154e746be4d7606000000c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd352a000000988d13"}, 0xd8) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) (async) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) close(r6) (async) close(r6) syz_emit_ethernet(0x36, &(0x7f0000002340)={@local, @random="d8be17d19221", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x24, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20, 0x2, 0x0, 0xe7}}}}}}, 0x0) syz_mount_image$vfat(&(0x7f0000000100), &(0x7f00000002c0)='./bus\x00', 0x1800840, &(0x7f0000000180)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c757466383d302c756e695f786c6174653d312c696f636861727365743d69736f383835392d31342c636f6465706167653d3935302c696f636861727365743d6d616363656e746575726f2c757466383d302c73686f72746e616d653d6c6f7765722c00eb35cd69a309a1cd59f889d47f6ece19f2f93c7c42fee6d42a74a07aedee8d38362cec0a8a369a2bd5754fa3f8c0626979e68e9ae4cf36"], 0x1, 0x367, &(0x7f0000000840)="$eJzs3U9oHFUYAPBvO0k2KdTkIBQFYfQmaOgfPOgppaRQ3IvKUvXkYlOVbCxkcTE9dBsv4lHwqCcv4kEPHnoWQRFvHrxaQariQXsrWH2yu7PZ2ewmpsK2Fn+/w/Lle++b995mkp1Msi8vrcT6+dm4cOPG9Zifr8TMyumVuFmJpchi4EqMm5uQAwDuDTdTit9T3wFLKlOeEgAwZb3X/1eOlDJvfblf/+TVHwDuecXP/wv79Znfq+HiVKYEAEzZ2P3/R0aa50Z/1T9T+qsAAOBe9dwLLz59qhbxbJ7PR2y83a636/HUsP3UhXgtmrEWx2IxbkX0LxS6D5Xe45mztdVjeZ534qelqHcr2vWIjU673r9SOJX16qtxPBZjqagvrjZSStmZz2qrx/OeiLjS6Y0fG5V2fTYOF+N/fzjW4kTkcf9YfcTZ2uqJvDhAfWNQ34nYHt636M5/ORbj25fjYjTj/MK5SGlwWVNbvXw8z0+n2kh9u16N8zvPwp53QAAAAAAAAAAAAAAAAAAAAAAA4F9Zzncs7ex/k4b79ywvT2jv7Y/Try/2B9ru7w+UqilS+u3Nx+vvZDGyP9Du/Xna9Zk4dHeXDgAAAAAAAAAAAAAAAAAAAP8Zra25aDSba5utrUvr5aCz2do6FBHdzOtff/LFQoz3+Ydgphij1JQXqUvrjZQNOqdspE8RZN3BB5mPr+7MuNynurOKidOo7t3UbB55+Mf3h5mHssGR/xr2yWLyArNd0ygHG/f1p3Q7T9Slk0VwYnKfwTKb11JKk4/zZ0pp/MhRiZi5/U/cSJDvzqRu8NX1Vx842Tr6RC/zeep79LHFc9fe+/CX9UazO3Jvyh/NbbZupfVG8fHkk23vICudP5XoB5XymTCzX/n2aKaRfffr8w+++83BRk/lzBsT+mT95Xy62dqqFF8pvaZK/7Tp5nZVLTTPZhG7jjM74eSfQnD0g5XG1cs//HzQqtI3CRt1AAAAAAAAAAAAAAAAAADAHVF6r3iheLPv7H5VTz4z/ZkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ0z/P//pWB7LHOQ4I9OjDdV1zZbEXN3e5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzP/R0AAP//pSBp3g==") ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3bcc9942, 0x0, 0x0, 0x0, 0x0, 0x78, 0x8, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3be5, 0x0, 0x0, 0x0, 0x0, 0x751, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0xf, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffe]}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3bcc9942, 0x0, 0x0, 0x0, 0x0, 0x78, 0x8, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3be5, 0x0, 0x0, 0x0, 0x0, 0x751, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0xf, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffe]}) r7 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) write$binfmt_elf64(r7, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc20380003"], 0xfebe) r8 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) write$qrtrtun(r8, &(0x7f0000000bc0)="b82e8f0cf525e4f4f7503e8801bc9ed30b5dc4309f5f10ddd8e024a06703d4a5e8572efde39b84daf90171c071614aea38a2864d8778d1ee3c2372b868afa8ac", 0x40) close(r8) (async) close(r8) execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (async) execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f00000000c0)={r3, r3, 0x206, 0x0, 0x0, 0x2, 0x72, 0x1, 0x3, 0x7, 0x0, 0x8, 'syz1\x00'}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r9, 0x400448ca, 0x0) [ 85.337297][ T5322] Bluetooth: hci0: command tx timeout [ 85.452999][ T5347] loop0: detected capacity change from 0 to 256 [ 85.490510][ T5347] ======================================================= [ 85.490510][ T5347] WARNING: The mand mount option has been deprecated and [ 85.490510][ T5347] and is ignored by this kernel. Remove the mand [ 85.490510][ T5347] option from the mount to silence this warning. [ 85.490510][ T5347] ======================================================= [ 85.598418][ T5347] FAT-fs (loop0): Directory bread(block 64) failed [ 85.616005][ T5347] FAT-fs (loop0): Directory bread(block 65) failed [ 85.618874][ T5347] FAT-fs (loop0): Directory bread(block 66) failed [ 85.621753][ T5347] FAT-fs (loop0): Directory bread(block 67) failed [ 85.624723][ T5347] FAT-fs (loop0): Directory bread(block 68) failed [ 85.660328][ T5347] FAT-fs (loop0): Directory bread(block 69) failed [ 85.663316][ T5347] FAT-fs (loop0): Directory bread(block 70) failed [ 85.690142][ T5347] FAT-fs (loop0): Directory bread(block 71) failed [ 85.693180][ T5347] FAT-fs (loop0): Directory bread(block 72) failed [ 85.697376][ T5347] FAT-fs (loop0): Directory bread(block 73) failed [ 85.740149][ T5348] process 'syz.0.0' launched '/dev/fd/11' with NULL argv: empty string added [ 85.776620][ T5348] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input5 [ 85.883657][ T5347] [ 85.885201][ T5347] ====================================================== [ 85.888936][ T5347] WARNING: possible circular locking dependency detected [ 85.892542][ T5347] syzkaller #0 Not tainted [ 85.894883][ T5347] ------------------------------------------------------ [ 85.898639][ T5347] syz.0.0/5347 is trying to acquire lock: [ 85.901847][ T5347] ffff888033f3a840 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0 [ 85.907814][ T5347] [ 85.907814][ T5347] but task is already holding lock: [ 85.911183][ T5347] ffff888033f3ab38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5b0 [ 85.915126][ T5347] [ 85.915126][ T5347] which lock already depends on the new lock. [ 85.915126][ T5347] [ 85.919596][ T5347] [ 85.919596][ T5347] the existing dependency chain (in reverse order) is: [ 85.924103][ T5347] [ 85.924103][ T5347] -> #1 (&conn->lock#2){+.+.}-{4:4}: [ 85.928295][ T5347] __mutex_lock+0x187/0x1350 [ 85.930610][ T5347] l2cap_info_timeout+0x60/0xa0 [ 85.933047][ T5347] process_scheduled_works+0xad1/0x1770 [ 85.935776][ T5347] worker_thread+0x8a0/0xda0 [ 85.937763][ T5347] kthread+0x711/0x8a0 [ 85.939460][ T5347] ret_from_fork+0x510/0xa50 [ 85.941493][ T5347] ret_from_fork_asm+0x1a/0x30 [ 85.943884][ T5347] [ 85.943884][ T5347] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}: [ 85.947851][ T5347] __lock_acquire+0x15a6/0x2cf0 [ 85.950121][ T5347] lock_acquire+0x107/0x340 [ 85.952283][ T5347] __flush_work+0x6b8/0xbc0 [ 85.954423][ T5347] __cancel_work_sync+0xbe/0x110 [ 85.956734][ T5347] l2cap_conn_del+0x402/0x5b0 [ 85.958994][ T5347] hci_conn_hash_flush+0x10d/0x260 [ 85.961325][ T5347] hci_dev_close_sync+0x821/0x1100 [ 85.963831][ T5347] hci_dev_close+0x108/0x270 [ 85.966092][ T5347] sock_do_ioctl+0xdc/0x300 [ 85.968077][ T5347] sock_ioctl+0x576/0x790 [ 85.969842][ T5347] __se_sys_ioctl+0xfc/0x170 [ 85.971850][ T5347] do_syscall_64+0xec/0xf80 [ 85.973650][ T5347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.975918][ T5347] [ 85.975918][ T5347] other info that might help us debug this: [ 85.975918][ T5347] [ 85.979860][ T5347] Possible unsafe locking scenario: [ 85.979860][ T5347] [ 85.982964][ T5347] CPU0 CPU1 [ 85.985167][ T5347] ---- ---- [ 85.987578][ T5347] lock(&conn->lock#2); [ 85.989505][ T5347] lock((work_completion)(&(&conn->info_timer)->work)); [ 85.993473][ T5347] lock(&conn->lock#2); [ 85.996176][ T5347] lock((work_completion)(&(&conn->info_timer)->work)); [ 85.999032][ T5347] [ 85.999032][ T5347] *** DEADLOCK *** [ 85.999032][ T5347] [ 86.002409][ T5347] 5 locks held by syz.0.0/5347: [ 86.004474][ T5347] #0: ffff888036e58ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_close+0x100/0x270 [ 86.008305][ T5347] #1: ffff888036e580c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x1100 [ 86.012139][ T5347] #2: ffffffff8f485c88 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x260 [ 86.016454][ T5347] #3: ffff888033f3ab38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5b0 [ 86.020429][ T5347] #4: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0 [ 86.024368][ T5347] [ 86.024368][ T5347] stack backtrace: [ 86.027059][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.027072][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.027079][ T5347] Call Trace: [ 86.027086][ T5347] [ 86.027091][ T5347] dump_stack_lvl+0xe8/0x150 [ 86.027107][ T5347] print_circular_bug+0x2e2/0x300 [ 86.027121][ T5347] check_noncircular+0x12e/0x150 [ 86.027133][ T5347] __lock_acquire+0x15a6/0x2cf0 [ 86.027145][ T5347] ? do_raw_spin_lock+0x121/0x290 [ 86.027161][ T5347] ? __flush_work+0xd2/0xbc0 [ 86.027171][ T5347] lock_acquire+0x107/0x340 [ 86.027180][ T5347] ? __flush_work+0xd2/0xbc0 [ 86.027192][ T5347] ? __flush_work+0xd2/0xbc0 [ 86.027203][ T5347] __flush_work+0x6b8/0xbc0 [ 86.027212][ T5347] ? __flush_work+0xd2/0xbc0 [ 86.027228][ T5347] ? __flush_work+0xd2/0xbc0 [ 86.027238][ T5347] ? __pfx___flush_work+0x10/0x10 [ 86.027248][ T5347] ? __pfx_wq_barrier_func+0x10/0x10 [ 86.027263][ T5347] ? __cancel_work_sync+0x5c/0x110 [ 86.027273][ T5347] __cancel_work_sync+0xbe/0x110 [ 86.027307][ T5347] l2cap_conn_del+0x402/0x5b0 [ 86.027323][ T5347] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 86.027335][ T5347] hci_conn_hash_flush+0x10d/0x260 [ 86.027349][ T5347] hci_dev_close_sync+0x821/0x1100 [ 86.027363][ T5347] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 86.027374][ T5347] ? lockdep_hardirqs_on+0x7b/0x110 [ 86.027383][ T5347] ? enable_work+0x1e9/0x220 [ 86.027395][ T5347] hci_dev_close+0x108/0x270 [ 86.027408][ T5347] sock_do_ioctl+0xdc/0x300 [ 86.027420][ T5347] ? __pfx_sock_do_ioctl+0x10/0x10 [ 86.027429][ T5347] ? do_futex+0x395/0x420 [ 86.027438][ T5347] ? call_rcu+0x644/0x890 [ 86.027454][ T5347] sock_ioctl+0x576/0x790 [ 86.027465][ T5347] ? __pfx_sock_ioctl+0x10/0x10 [ 86.027475][ T5347] ? __fget_files+0x2a/0x420 [ 86.027485][ T5347] ? __fget_files+0x3a0/0x420 [ 86.027494][ T5347] ? __fget_files+0x2a/0x420 [ 86.027504][ T5347] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.027518][ T5347] ? __pfx_sock_ioctl+0x10/0x10 [ 86.027529][ T5347] __se_sys_ioctl+0xfc/0x170 [ 86.027542][ T5347] do_syscall_64+0xec/0xf80 [ 86.027552][ T5347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.027561][ T5347] ? trace_irq_disable+0x37/0x100 [ 86.027573][ T5347] ? clear_bhb_loop+0x60/0xb0 [ 86.027583][ T5347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.027593][ T5347] RIP: 0033:0x7f298dd8f7c9 [ 86.027603][ T5347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.027612][ T5347] RSP: 002b:00007f298ebd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.027623][ T5347] RAX: ffffffffffffffda RBX: 00007f298dfe5fa0 RCX: 00007f298dd8f7c9 [ 86.027630][ T5347] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 000000000000000e [ 86.027637][ T5347] RBP: 00007f298de13f91 R08: 0000000000000000 R09: 0000000000000000 [ 86.027643][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.027648][ T5347] R13: 00007f298dfe6038 R14: 00007f298dfe5fa0 R15: 00007ffc71676578 [ 86.027657][ T5347] [ 87.385323][ T5322] Bluetooth: hci0: command tx timeout [ 89.465879][ T5322] Bluetooth: hci0: command tx timeout [ 91.545390][ T5322] Bluetooth: hci0: command tx timeout [ 91.550676][ T784] cfg80211: failed to load regulatory.db