audit: type=1326 audit(1684669603.561:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4278 comm="syz-executor.6" exe="/syz-executor.6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f03a4481b19 code=0x0
Bluetooth: hci5: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.2:4277]
Modules linked in:
irq event stamp: 8347185
hardirqs last  enabled at (8347184): [<ffffffff8460158a>] asm_sysvec_irq_work+0x1a/0x20
hardirqs last disabled at (8347185): [<ffffffff844d034f>] sysvec_apic_timer_interrupt+0xf/0x90
softirqs last  enabled at (8347168): [<ffffffff8118d9e3>] irq_exit_rcu+0x93/0xc0
softirqs last disabled at (8347171): [<ffffffff8118d9e3>] irq_exit_rcu+0x93/0xc0
CPU: 1 PID: 4277 Comm: syz-executor.2 Not tainted 6.4.0-rc2-next-20230519 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:note_gp_changes+0x15f/0x1b0
Code: 02 0f 0b 4c 89 ee 4c 89 e7 e8 8d be 18 03 84 db 0f 84 7b ff ff ff 5b 5d 41 5c 41 5d 41 5e e9 b8 43 ff ff e8 c3 9c 1c 00 fb 5b <5d> 41 5c 41 5d 41 5e e9 c5 e8 18 03 e8 c0 9d 1c 00 e9 a9 fe ff ff
RSP: 0018:ffff88806cf09e40 EFLAGS: 00000206
RAX: 00000000007f5e2e RBX: ffff88806cf3a480 RCX: ffffffff812cd02f
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81368b2d
RBP: ffff88806cf3a480 R08: 0000000000000001 R09: fffffbfff0ef3b39
R10: ffffffff8779d9cf R11: 0000000000000001 R12: ffffffff85616140
R13: 0000000000000202 R14: 000000000002e4cd R15: ffff88806cf3a492
FS:  00007ff83b9f0700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c024000 CR3: 00000000169a2000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 rcu_core+0x169/0x2860
 __do_softirq+0x1b7/0x7d4
 irq_exit_rcu+0x93/0xc0
 sysvec_irq_work+0x6e/0x90
 </IRQ>
 <TASK>
 asm_sysvec_irq_work+0x1a/0x20
RIP: 0010:finish_task_switch.isra.0+0x20d/0x830
Code: 89 ff 48 c7 03 00 00 00 00 e8 2f 33 2c 03 4d 85 e4 75 ba 4c 89 ff e8 02 0e 2c 03 e8 2d ed 2f 00 fb 65 48 8b 1c 25 c0 8c 03 00 <48> 8d bb 80 14 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffff8880456174e0 EFLAGS: 00000202
RAX: 000000000000630b RBX: ffff88800f121b40 RCX: ffffffff812cd02f
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81233ac3
RBP: ffff888045617520 R08: 0000000000000001 R09: fffffbfff0ef3b39
R10: ffffffff8779d9cf R11: 0000000000000001 R12: ffff88806cf396d8
R13: ffff8880163bd1c0 R14: ffff888008ddd668 R15: ffff88806cf396c0
 __schedule+0x9b1/0x2b10
 __cond_resched+0x46/0x70
 kmem_cache_alloc+0x32c/0x390
 __create_object+0x3c/0xc90
 __kmem_cache_alloc_node+0x1f8/0x310
 __kmalloc+0x4a/0x160
 __register_sysctl_table+0x117/0x14f0
 sysctl_route_net_init+0x149/0x2b0
 ops_init+0xbb/0x6b0
 setup_net+0x3d9/0x990
 copy_net_ns+0x321/0x770
 create_new_namespaces+0x3f6/0xb30
 copy_namespaces+0x414/0x500
 copy_process+0x2b78/0x73b0
 kernel_clone+0xeb/0x7d0
 __do_sys_clone3+0x1d5/0x250
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7ff83e47ab19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff83b9f0188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007ff83e58df60 RCX: 00007ff83e47ab19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00
RBP: 00007ff83e4d4f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc609442af R14: 00007ff83b9f0300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at default_idle+0xf/0x20
----------------
Code disassembly (best guess):
   0:	02 0f                	add    (%rdi),%cl
   2:	0b 4c 89 ee          	or     -0x12(%rcx,%rcx,4),%ecx
   6:	4c 89 e7             	mov    %r12,%rdi
   9:	e8 8d be 18 03       	callq  0x318be9b
   e:	84 db                	test   %bl,%bl
  10:	0f 84 7b ff ff ff    	je     0xffffff91
  16:	5b                   	pop    %rbx
  17:	5d                   	pop    %rbp
  18:	41 5c                	pop    %r12
  1a:	41 5d                	pop    %r13
  1c:	41 5e                	pop    %r14
  1e:	e9 b8 43 ff ff       	jmpq   0xffff43db
  23:	e8 c3 9c 1c 00       	callq  0x1c9ceb
  28:	fb                   	sti
  29:	5b                   	pop    %rbx
* 2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	41 5c                	pop    %r12
  2d:	41 5d                	pop    %r13
  2f:	41 5e                	pop    %r14
  31:	e9 c5 e8 18 03       	jmpq   0x318e8fb
  36:	e8 c0 9d 1c 00       	callq  0x1c9dfb
  3b:	e9 a9 fe ff ff       	jmpq   0xfffffee9