Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci4: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
Bluetooth: hci7: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#1 stuck for 24s! [syz-executor.4:4320]
Modules linked in:
irq event stamp: 6965297
hardirqs last  enabled at (6965296): [<ffffffff84000d02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
hardirqs last disabled at (6965297): [<ffffffff83e657ab>] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1106
softirqs last  enabled at (6960672): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
softirqs last disabled at (6960675): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
CPU: 1 PID: 4320 Comm: syz-executor.4 Not tainted 5.10.232 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:lockdep_enabled kernel/locking/lockdep.c:90 [inline]
RIP: 0010:lock_is_held_type+0x3a/0x110 kernel/locking/lockdep.c:5598
Code: d4 00 00 00 65 8b 05 b5 1d 1c 7c 85 c0 0f 85 c5 00 00 00 41 57 41 56 41 55 41 54 55 53 65 4c 8b 24 25 80 6f 02 00 48 83 ec 08 <41> 8b 94 24 44 09 00 00 85 d2 0f 85 88 00 00 00 48 89 fd 41 89 f6
RSP: 0018:ffff88806cf09898 EFLAGS: 00000292
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001
RDX: 1ffffffff0a00386 RSI: 00000000ffffffff RDI: ffffffff84ff9a20
RBP: ffff88806cf09d98 R08: 0000000000000001 R09: ffff8880494b8d5f
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888047a79a40
R13: ffff8880494f0bc0 R14: ffff88806cf09db8 R15: 0000000000000000
FS:  00007f788ae33700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001d80 CR3: 0000000049da4000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 ieee80211_rx_get_bigtk+0x29f/0x4b0 net/mac80211/rx.c:1886
 ieee80211_rx_h_decrypt net/mac80211/rx.c:2020 [inline]
 ieee80211_rx_handlers+0x3631/0xa3f0 net/mac80211/rx.c:3866
 ieee80211_invoke_rx_handlers net/mac80211/rx.c:3918 [inline]
 ieee80211_prepare_and_rx_handle+0x17d4/0x5890 net/mac80211/rx.c:4605
 __ieee80211_rx_handle_packet net/mac80211/rx.c:4666 [inline]
 ieee80211_rx_list+0xdd0/0x2370 net/mac80211/rx.c:4846
 ieee80211_rx_napi+0xdc/0x3c0 net/mac80211/rx.c:4867
 ieee80211_rx include/net/mac80211.h:4502 [inline]
 ieee80211_tasklet_handler+0xd3/0x130 net/mac80211/main.c:237
 tasklet_action_common.constprop.0+0x244/0x2f0 kernel/softirq.c:560
 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298
 asm_call_irq_on_stack+0x12/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu kernel/softirq.c:423 [inline]
 irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:__slab_free+0x61/0x5d0 mm/slub.c:2989
Code: 00 00 00 31 c0 0f 1f 44 00 00 49 8d 44 24 20 41 89 db 4d 89 f0 48 89 44 24 48 4c 89 e0 83 e0 0f 48 89 44 24 50 49 8b 5c 24 28 <4d> 8b 6c 24 20 41 8b 40 28 41 89 df 48 89 9c 24 88 00 00 00 4d 89
RSP: 0018:ffff888048bdf420 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000120012 RCX: ffff88801e2575f0
RDX: ffff88801e2575f0 RSI: ffffea0000789580 RDI: ffff88800804d640
RBP: ffff888048bdf4f8 R08: ffff88800804d640 R09: ffffffff816cb1f5
R10: ffff88801e2575f0 R11: 0000000000000001 R12: ffffea0000789580
R13: 0000000080000000 R14: ffff88800804d640 R15: ffff8880196c5cb0
 qlink_free mm/kasan/quarantine.c:151 [inline]
 qlist_free_all+0x59/0xe0 mm/kasan/quarantine.c:170
 quarantine_reduce+0x184/0x210 mm/kasan/quarantine.c:267
 __kasan_kmalloc.constprop.0+0xa2/0xd0 mm/kasan/common.c:442
 slab_post_alloc_hook mm/slab.h:532 [inline]
 slab_alloc_node mm/slub.c:2896 [inline]
 slab_alloc mm/slub.c:2904 [inline]
 kmem_cache_alloc+0x13b/0x310 mm/slub.c:2909
 mem_pool_alloc mm/kmemleak.c:423 [inline]
 create_object.isra.0+0x3a/0xa20 mm/kmemleak.c:578
 kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
 slab_post_alloc_hook mm/slab.h:534 [inline]
 slab_alloc_node mm/slub.c:2896 [inline]
 slab_alloc mm/slub.c:2904 [inline]
 __kmalloc+0x16e/0x390 mm/slub.c:3967
 kmalloc_array include/linux/slab.h:592 [inline]
 kcalloc include/linux/slab.h:603 [inline]
 ext4_find_extent+0xa77/0xd70 fs/ext4/extents.c:906
 ext4_ext_map_blocks+0x1c8/0x5830 fs/ext4/extents.c:4159
 ext4_map_blocks+0x63f/0x1910 fs/ext4/inode.c:672
 ext4_getblk+0x144/0x680 fs/ext4/inode.c:869
 ext4_bread+0x29/0x1f0 fs/ext4/inode.c:921
 ext4_append+0x228/0x4e0 fs/ext4/namei.c:83
 ext4_init_new_dir+0x25e/0x4d0 fs/ext4/namei.c:2876
 ext4_mkdir+0x3c1/0xb10 fs/ext4/namei.c:2921
 vfs_mkdir+0x493/0x750 fs/namei.c:3706
 do_mkdirat+0x150/0x2b0 fs/namei.c:3728
 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x67/0xd1
RIP: 0033:0x7f788d8bcc27
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f788ae32fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f788d8bcc27
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000180
RBP: 00007f788ae33040 R08: 0000000000000000 R09: 0000000000100000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000180 R14: 00007f788ae33000 R15: 0000000000000000
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.232 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:kvm_guest_apic_eoi_write+0x1/0x90 arch/x86/kernel/kvm.c:342
Code: 7c 04 84 c0 75 13 3b 2d 31 75 57 04 72 df 5b 5d 41 5c 41 5d e9 a0 3c 10 03 48 c7 c7 44 78 67 85 e8 74 ab 5c 00 eb df 66 90 53 <48> c7 c3 08 7b 02 00 65 48 03 1d 38 12 f2 7e be 08 00 00 00 48 89
RSP: 0018:ffff88806ce09fd0 EFLAGS: 00000046
RAX: ffffffff81100330 RBX: 0000000000000000 RCX: 1ffffffff0d7ef3c
RDX: 1ffffffff0992574 RSI: 0000000000000000 RDI: 00000000000000b0
RBP: ffffffff84c92ba0 R08: 0000000000000000 R09: ffff88806ce3bd1b
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2964ad96f0 CR3: 0000000009dc6000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 apic_eoi arch/x86/include/asm/apic.h:401 [inline]
 ack_APIC_irq arch/x86/include/asm/apic.h:447 [inline]
 __sysvec_apic_timer_interrupt+0x63/0x310 arch/x86/kernel/apic/apic.c:1110
 asm_call_irq_on_stack+0x12/0x20
 </IRQ>
 __run_sysvec_on_irqstack arch/x86/include/asm/irq_stack.h:37 [inline]
 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:89 [inline]
 sysvec_apic_timer_interrupt+0x7f/0xa0 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:default_idle+0xe/0x20 arch/x86/kernel/process.c:707
Code: 4e ff ff ff 4c 89 e7 e8 60 c5 84 fd eb 8f 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 e9 07 00 00 00 0f 00 2d 14 56 5a 00 fb f4 <e9> 4d 56 38 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 41 55 41 54
RSP: 0018:ffffffff84e07e38 EFLAGS: 00000202
RAX: ffffffff83e7e960 RBX: 0000000000000000 RCX: ffffffff83e6653c
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff83e7ef68
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88806ce3c12b
R10: ffffed100d9c7825 R11: 0000000000000001 R12: 0000000000000000
R13: ffffffff85677688 R14: 0000000000000000 R15: dffffc0000000000
 default_idle_call+0xbf/0x2c0 kernel/sched/idle.c:112
 cpuidle_idle_call kernel/sched/idle.c:194 [inline]
 do_idle+0x3b3/0x520 kernel/sched/idle.c:306
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:402
 start_kernel+0x464/0x489 init/main.c:1046
 secondary_startup_64_no_verify+0xbe/0xcb
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	00 00                	add    %al,(%rax)
   2:	00 65 8b             	add    %ah,-0x75(%rbp)
   5:	05 b5 1d 1c 7c       	add    $0x7c1c1db5,%eax
   a:	85 c0                	test   %eax,%eax
   c:	0f 85 c5 00 00 00    	jne    0xd7
  12:	41 57                	push   %r15
  14:	41 56                	push   %r14
  16:	41 55                	push   %r13
  18:	41 54                	push   %r12
  1a:	55                   	push   %rbp
  1b:	53                   	push   %rbx
  1c:	65 4c 8b 24 25 80 6f 	mov    %gs:0x26f80,%r12
  23:	02 00
  25:	48 83 ec 08          	sub    $0x8,%rsp
* 29:	41 8b 94 24 44 09 00 	mov    0x944(%r12),%edx <-- trapping instruction
  30:	00
  31:	85 d2                	test   %edx,%edx
  33:	0f 85 88 00 00 00    	jne    0xc1
  39:	48 89 fd             	mov    %rdi,%rbp
  3c:	41 89 f6             	mov    %esi,%r14d