Bluetooth: hci6: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.2:16823]
Modules linked in:
irq event stamp: 5214399
hardirqs last  enabled at (5214398): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (5214399): [<ffffffff843f20bf>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (5194390): [<ffffffff811824cb>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (5194393): [<ffffffff811824cb>] __irq_exit_rcu+0x11b/0x180
CPU: 1 PID: 16823 Comm: syz-executor.2 Not tainted 6.1.0-rc6-next-20221123 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:unwind_next_frame+0x1a3/0x2130
Code: 00 80 84 0f 83 34 01 00 00 44 8b 1d 2f 82 17 04 4c 89 fe 48 81 ee 00 00 00 81 48 c1 ee 08 41 8d 43 ff 39 c6 0f 83 8c 15 00 00 <48> b8 00 00 00 00 00 fc ff df 89 f2 48 8d 3c 95 94 84 49 86 48 89
RSP: 0018:ffff88806cf099f8 EFLAGS: 00000287
RAX: 0000000000038000 RBX: 0000000000000002 RCX: 1ffff1100d9e135a
RDX: dffffc0000000000 RSI: 0000000000001824 RDI: 0000000000000001
RBP: ffff88806cf09ad0 R08: ffffffff8646a6ba R09: ffffffff8646a6be
R10: ffffed100d9e135c R11: 0000000000038001 R12: ffff88806cf09ab9
R13: ffff88806cf09ad8 R14: ffff88806cf09a78 R15: ffffffff811824ca
FS:  00007f32a23dd700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff11152f88 CR3: 0000000045f30000 CR4: 0000000000350ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 kasan_save_free_info+0x2e/0x50
 __kasan_slab_free+0x10a/0x190
 kmem_cache_free+0xfb/0x610
 rcu_core+0x7cf/0x2070
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__stack_depot_save+0x139/0x4e0
Code: 95 83 ff 02 0f 84 80 00 00 00 83 ff 03 74 78 83 ff 01 74 79 48 8b 05 86 b8 d7 05 89 da 23 15 8a b8 d7 05 4c 8d 14 d0 4d 8b 0a <4d> 85 c9 75 11 e9 a5 00 00 00 4d 8b 09 4d 85 c9 0f 84 99 00 00 00
RSP: 0018:ffff888020e07440 EFLAGS: 00000206
RAX: ffff88806c400000 RBX: 000000008d928981 RCX: 0000000000000012
RDX: 0000000000028981 RSI: ffff888020e07534 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000012 R09: ffff888010a0c1f0
R10: ffff88806c544c08 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000092cc0 R15: ffff888020e074b0
 kasan_save_stack+0x35/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x5c/0x70
 kmem_cache_alloc+0x1e0/0x410
 __create_object+0x3d/0xc10
 kmem_cache_alloc_bulk+0x409/0x790
 mas_alloc_nodes+0x2ff/0x800
 mas_preallocate+0x1bf/0x370
 __vma_adjust+0x19a/0x1ac0
 __split_vma+0x2a5/0x5d0
 do_mas_align_munmap.constprop.0+0x273/0x1000
 do_mas_munmap+0x1ec/0x2c0
 mmap_region+0x21f/0x1b90
 do_mmap+0x82c/0xf50
 vm_mmap_pgoff+0x1b3/0x270
 ksys_mmap_pgoff+0x3d4/0x500
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f32a4e67b62
Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64
RSP: 002b:00007f32a23dd0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f32a4e67b62
RDX: 0000000000000003 RSI: 0000000000200000 RDI: 0000000020ffb000
RBP: 0000000020ffb000 R08: 0000000000000009 R09: 0000000010000000
R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000480
R13: 0000000020ffb000 R14: 0000000020000440 R15: 0000000020fff000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at default_idle+0xf/0x20
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	80 84 0f 83 34 01 00 	addb   $0x0,0x13483(%rdi,%rcx,1)
   7:	00
   8:	44 8b 1d 2f 82 17 04 	mov    0x417822f(%rip),%r11d        # 0x417823e
   f:	4c 89 fe             	mov    %r15,%rsi
  12:	48 81 ee 00 00 00 81 	sub    $0xffffffff81000000,%rsi
  19:	48 c1 ee 08          	shr    $0x8,%rsi
  1d:	41 8d 43 ff          	lea    -0x1(%r11),%eax
  21:	39 c6                	cmp    %eax,%esi
  23:	0f 83 8c 15 00 00    	jae    0x15b5
* 29:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  30:	fc ff df
  33:	89 f2                	mov    %esi,%edx
  35:	48 8d 3c 95 94 84 49 	lea    -0x79b67b6c(,%rdx,4),%rdi
  3c:	86
  3d:	48                   	rex.W
  3e:	89                   	.byte 0x89