Bluetooth: hci1: command 0x0406 tx timeout
Bluetooth: hci6: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor.3:6449]
Modules linked in:
irq event stamp: 2372427
hardirqs last  enabled at (2372426): [<ffffffff8484f79b>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (2372427): [<ffffffff8484e15f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (2372376): [<ffffffff811a997c>] handle_softirqs+0x50c/0x770
softirqs last disabled at (2372381): [<ffffffff811a9d14>] __irq_exit_rcu+0xc4/0x100
CPU: 1 UID: 0 PID: 6449 Comm: syz-executor.3 Not tainted 6.12.0-next-20241128 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:kcov_remote_start+0x2d3/0x5b0
Code: 02 00 00 49 c7 44 24 28 00 00 00 00 4c 89 e7 48 8d 35 00 00 00 00 e8 1c 21 de ff 48 85 ed 74 06 e8 02 f3 07 00 fb 48 83 c4 10 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 2e 23 35 03 e8 39 f1 07 00 e9 a2
RSP: 0018:ffff88806cf09c78 EFLAGS: 00000286
RAX: 000000000024332a RBX: 0000000000000000 RCX: 1ffffffff0fdfeb6
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff815215de
RBP: 0000000000000200 R08: 0000000000000001 R09: fffffbfff0fdddf1
R10: ffffffff87eeef8f R11: ffff88806cf09ff8 R12: ffff88806cf2da88
R13: ffff88806cf2da88 R14: 0000000000000000 R15: ffff88800b960e20
FS:  00007fb729bfb700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0bbad361c8 CR3: 000000003b056000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 ieee80211_rx_list+0x5e6/0x2840
 ieee80211_rx_napi+0xdc/0x3b0
 ieee80211_handle_queued_frames+0xd9/0x130
 tasklet_action_common+0x235/0x3b0
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:unwind_next_frame+0xc6e/0x2490
Code: 08 00 00 00 4c 89 ff 49 01 c6 4c 89 f6 e8 ca f1 ff ff 4d 8d 4f 40 84 c0 0f 84 a4 f6 ff ff 4c 89 f7 e8 b6 e9 ff ff 49 8d 7f 50 <48> 89 fa 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c
RSP: 0018:ffff88803c3c7598 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001
RDX: ffff88803c3c7e01 RSI: ffff88803c3c7ee0 RDI: ffff88803c3c7658
RBP: ffff88803c3c7660 R08: 0000000000000001 R09: ffff88803c3c7648
R10: 000000000003c001 R11: 0000000000026a91 R12: ffff88803c3c7668
R13: ffff88803c3c7650 R14: ffff88803c3c7ee0 R15: ffff88803c3c7608
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x8f/0xc0
 kasan_save_stack+0x24/0x50
 kasan_save_track+0x14/0x30
 kasan_save_free_info+0x3a/0x60
 __kasan_slab_free+0x38/0x50
 kfree+0x132/0x480
 __free_slab+0x10d/0x130
 qlist_free_all+0x50/0x160
 kasan_quarantine_reduce+0x19f/0x240
 __kasan_slab_alloc+0x49/0x70
 __kmalloc_node_noprof+0x191/0x4a0
 alloc_slab_obj_exts+0x35/0x90
 new_slab+0xbe/0x210
 ___slab_alloc+0x8a8/0x1200
 kmem_cache_alloc_lru_noprof+0x230/0x3c0
 shmem_alloc_inode+0x27/0x50
 alloc_inode+0x63/0x240
 new_inode+0x1c/0x190
 __shmem_get_inode+0x175/0xd90
 shmem_mknod+0x64/0x250
 shmem_mkdir+0x31/0x70
 vfs_mkdir+0x291/0x4f0
 do_mkdirat+0x1a4/0x350
 __x64_sys_mkdirat+0x84/0xb0
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb72c685b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb729bfb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007fb72c798f60 RCX: 00007fb72c685b19
RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000008
RBP: 00007fb72c6dff6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff5293785f R14: 00007fb729bfb300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 344 Comm: kworker/u9:7 Not tainted 6.12.0-next-20241128 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Workqueue: writeback wb_workfn (flush-8:0)
RIP: 0010:smp_call_function_many_cond+0x419/0xf80
Code: 31 ff 83 e5 01 89 ee e8 65 6e 0b 00 85 ed 74 43 4d 89 ec 4c 89 ed 49 c1 ec 03 83 e5 07 4d 01 fc 83 c5 03 e8 19 6b 0b 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 8c 09 00 00 8b 43 08 31
RSP: 0018:ffff888015f069f0 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffff88806cf41300 RCX: ffffffff8146987d
RDX: ffff888039705280 RSI: ffffffff81469857 RDI: 0000000000000005
RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff0fdddec
R10: 0000000000000001 R11: 0000000000000128 R12: ffffed100d9e8261
R13: ffff88806cf41308 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0bbaddb4d0 CR3: 000000000c100000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 on_each_cpu_cond_mask+0x57/0xa0
 kvm_flush_tlb_multi+0x1e9/0x320
 flush_tlb_mm_range+0x2f4/0x490
 ptep_clear_flush+0x133/0x160
 page_vma_mkclean_one.constprop.0+0x371/0x5e0
 page_mkclean_one+0x189/0x250
 rmap_walk_file+0x31d/0x6a0
 folio_mkclean+0x20f/0x380
 folio_clear_dirty_for_io+0x142/0x6a0
 mpage_submit_folio+0x7c/0x270
 mpage_process_page_bufs+0x5fb/0x820
 mpage_prepare_extent_to_map+0xc75/0x1280
 ext4_do_writepages+0xad4/0x30d0
 ext4_writepages+0x2f2/0x700
 do_writepages+0x1aa/0x810
 __writeback_single_inode+0x110/0xe30
 writeback_sb_inodes+0x5b8/0xe50
 __writeback_inodes_wb+0xbe/0x270
 wb_writeback+0x68a/0xa70
 wb_workfn+0x6c2/0xb50
 process_one_work+0x8ee/0x1a10
 worker_thread+0x674/0xe70
 kthread+0x2c2/0x3a0
 ret_from_fork+0x48/0x80
 ret_from_fork_asm+0x1a/0x30
 </TASK>
----------------
Code disassembly (best guess):
   0:	02 00                	add    (%rax),%al
   2:	00 49 c7             	add    %cl,-0x39(%rcx)
   5:	44 24 28             	rex.R and $0x28,%al
   8:	00 00                	add    %al,(%rax)
   a:	00 00                	add    %al,(%rax)
   c:	4c 89 e7             	mov    %r12,%rdi
   f:	48 8d 35 00 00 00 00 	lea    0x0(%rip),%rsi        # 0x16
  16:	e8 1c 21 de ff       	callq  0xffde2137
  1b:	48 85 ed             	test   %rbp,%rbp
  1e:	74 06                	je     0x26
  20:	e8 02 f3 07 00       	callq  0x7f327
  25:	fb                   	sti
  26:	48 83 c4 10          	add    $0x10,%rsp
* 2a:	5b                   	pop    %rbx <-- trapping instruction
  2b:	5d                   	pop    %rbp
  2c:	41 5c                	pop    %r12
  2e:	41 5d                	pop    %r13
  30:	41 5e                	pop    %r14
  32:	41 5f                	pop    %r15
  34:	e9 2e 23 35 03       	jmpq   0x3352367
  39:	e8 39 f1 07 00       	callq  0x7f177
  3e:	e9                   	.byte 0xe9
  3f:	a2                   	.byte 0xa2