watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.3:4787]
Modules linked in:
irq event stamp: 22069503
hardirqs last  enabled at (22069502): [<ffffffff84200d82>] asm_sysvec_irq_work+0x12/0x20
hardirqs last disabled at (22069503): [<ffffffff8415b78b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (21905224): [<ffffffff81167b73>] __irq_exit_rcu+0x113/0x170
softirqs last disabled at (21905227): [<ffffffff81167b73>] __irq_exit_rcu+0x113/0x170
CPU: 1 PID: 4787 Comm: syz-executor.3 Not tainted 5.18.0-rc4-next-20220429 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:unwind_get_return_address+0x51/0x90
Code: 05 31 c0 5b 5d c3 48 b8 00 00 00 00 00 fc ff df 48 8d 6b 58 48 89 ea 48 c1 ea 03 80 3c 02 00 75 32 48 8b 7b 58 e8 cf 79 0b 00 <85> c0 74 d3 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 80
RSP: 0018:ffff88806cf09a60 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffff88806cf09a78 RCX: 0000000000000000
RDX: 1ffff1100d9e135a RSI: ffff88804b567900 RDI: ffffffff83a8dd0e
RBP: ffff88806cf09ad0 R08: ffffffff85f8e98c R09: ffffffff85f8e990
R10: ffff88806cf09ff8 R11: ffff88806cf09ab8 R12: ffff88806cf09b40
R13: 0000000000000000 R14: ffff888042791b00 R15: ffff88801d730c50
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9f5846e010 CR3: 000000000e412000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 arch_stack_walk+0x99/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 kasan_set_track+0x21/0x30
 kasan_set_free_info+0x20/0x30
 __kasan_slab_free+0x108/0x170
 kmem_cache_free+0xe0/0x420
 rcu_core+0x7e5/0x1ff0
 __do_softirq+0x270/0x8c7
 __irq_exit_rcu+0x113/0x170
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20
RIP: 0010:__slab_free+0x79/0x390
Code: e8 1f 4d 85 e4 66 89 5c 24 50 89 04 24 41 0f 94 c3 66 85 db 74 05 45 84 db 74 06 80 3c 24 00 74 38 41 8b 7e 08 4c 8b 4c 24 50 <4d> 89 e8 4c 89 e2 48 89 ee e8 a9 d5 ff ff 84 c0 74 a2 44 0f b6 24
RSP: 0018:ffff88804b5674e0 EFLAGS: 00000282
RAX: 0000000000000000 RBX: 000000000010000f RCX: 0000000000100010
RDX: ffff888048cb7c00 RSI: ffffea0001232d00 RDI: 0000000048000000
RBP: ffffea0001232d00 R08: 0000000000000001 R09: 000000008010000f
R10: fffffbfff0d4bceb R11: 0000000000000001 R12: 0000000000000000
R13: ffff888048cb7c00 R14: ffff888007841c80 R15: 0000000000000001
 qlist_free_all+0x6d/0x190
 kasan_quarantine_reduce+0x180/0x200
 __kasan_slab_alloc+0x78/0x80
 kmem_cache_alloc+0x1aa/0x480
 create_object.isra.0+0x3a/0xa20
 kmem_cache_alloc_node+0x248/0x490
 __alloc_skb+0x211/0x340
 alloc_uevent_skb+0x7b/0x210
 kobject_uevent_env+0xaa4/0xfa0
 device_del+0x9dd/0xfc0
 hci_conn_del_sysfs+0xd8/0x100
 hci_conn_cleanup+0x323/0x6a0
 hci_conn_del+0x23e/0x650
 hci_conn_hash_flush+0x191/0x230
 hci_dev_close_sync+0x4e8/0xf20
 hci_unregister_dev+0x14f/0x3e0
 vhci_release+0x7c/0xf0
 __fput+0x272/0x9d0
 task_work_run+0xe2/0x1a0
 do_exit+0xaf7/0x27e0
 do_group_exit+0xd2/0x2f0
 get_signal+0x2303/0x2350
 arch_do_signal_or_restart+0x88/0x1a40
 exit_to_user_mode_prepare+0x131/0x1a0
 irqentry_exit_to_user_mode+0x5/0x30
 asm_sysvec_apic_timer_interrupt+0x12/0x20
RIP: 0033:0x7fc9908ddb19
Code: Unable to access opcode bytes at RIP 0x7fc9908ddaef.
RSP: 002b:00007fc98de53218 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 00007fc9909f0f68 RCX: 00007fc9908ddb19
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc9909f0f6c
RBP: 00007fc9909f0f60 R08: 0000000000000009 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fc9909f0f6c
R13: 00007ffdd863511f R14: 00007fc98de53300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at default_idle+0xb/0x10
----------------
Code disassembly (best guess):
   0:	05 31 c0 5b 5d       	add    $0x5d5bc031,%eax
   5:	c3                   	retq
   6:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
   d:	fc ff df
  10:	48 8d 6b 58          	lea    0x58(%rbx),%rbp
  14:	48 89 ea             	mov    %rbp,%rdx
  17:	48 c1 ea 03          	shr    $0x3,%rdx
  1b:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
  1f:	75 32                	jne    0x53
  21:	48 8b 7b 58          	mov    0x58(%rbx),%rdi
  25:	e8 cf 79 0b 00       	callq  0xb79f9
* 2a:	85 c0                	test   %eax,%eax <-- trapping instruction
  2c:	74 d3                	je     0x1
  2e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  35:	fc ff df
  38:	48 89 ea             	mov    %rbp,%rdx
  3b:	48 c1 ea 03          	shr    $0x3,%rdx
  3f:	80                   	.byte 0x80