Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci7: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout Bluetooth: hci2: command 0x0406 tx timeout Bluetooth: hci6: command 0x0406 tx timeout watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.5:4095] Modules linked in: irq event stamp: 28891167 hardirqs last enabled at (28891166): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (28891167): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1106 softirqs last enabled at (28890570): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (28890573): [] asm_call_irq_on_stack+0x12/0x20 CPU: 0 PID: 4095 Comm: syz-executor.5 Not tainted 5.10.234 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:lock_acquire+0x1b9/0x470 kernel/locking/lockdep.c:5534 Code: 31 db 7e e8 39 91 ff ff b8 ff ff ff ff 48 83 c4 20 65 0f c1 05 58 31 db 7e 83 f8 01 4c 8b 54 24 08 0f 85 48 02 00 00 41 52 9d <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7 RSP: 0018:ffff88806ce09d70 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 1ffff1100d9c13b0 RCX: 00000000ef9a6a3d RDX: 1ffff11004060470 RSI: d8b6f51bf2e96ed6 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8686c6e7 R10: 0000000000000246 R11: 0000000000000001 R12: 0000000000000002 R13: 0000000000000000 R14: ffffffff84ff9a20 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe97fdf3988 CR3: 000000001af9a000 CR4: 0000000000350ef0 Call Trace: rcu_lock_acquire include/linux/rcupdate.h:303 [inline] rcu_read_lock include/linux/rcupdate.h:717 [inline] ieee80211_rx_napi+0xa8/0x3c0 net/mac80211/rx.c:4866 ieee80211_rx include/net/mac80211.h:4502 [inline] ieee80211_tasklet_handler+0xd3/0x130 net/mac80211/main.c:237 tasklet_action_common.constprop.0+0x244/0x2f0 kernel/softirq.c:560 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1106 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:qlink_free mm/kasan/quarantine.c:151 [inline] RIP: 0010:qlist_free_all+0x3f/0xe0 mm/kasan/quarantine.c:170 Code: a3 00 00 00 49 89 fc 41 bd 00 00 00 80 49 c7 c6 00 00 00 80 48 bd 00 00 00 00 00 fc ff df eb 2c 48 63 87 c0 00 00 00 4c 8b 3e <48> c7 c2 65 b3 6c 81 48 29 c6 48 89 f0 48 c1 e8 03 c6 04 28 fb e8 RSP: 0018:ffff888017f4f448 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea0000744a7f RDX: 0000000000000000 RSI: ffff88800e914f30 RDI: ffff88800804d640 RBP: dffffc0000000000 R08: 0000000000000011 R09: ffffffff816cb301 R10: ffff88800dc84a20 R11: 0000000000000001 R12: ffff888017f4f480 R13: 0000000080000000 R14: ffffffff80000000 R15: ffff88800bf90a20 quarantine_reduce+0x184/0x210 mm/kasan/quarantine.c:267 __kasan_kmalloc.constprop.0+0xa2/0xd0 mm/kasan/common.c:442 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2896 [inline] kmem_cache_alloc_node+0x14b/0x330 mm/slub.c:2932 __alloc_skb+0x6d/0x5b0 net/core/skbuff.c:200 alloc_skb include/linux/skbuff.h:1099 [inline] nlmsg_new include/net/netlink.h:953 [inline] inet6_netconf_notify_devconf+0x84/0x1a0 net/ipv6/addrconf.c:573 __addrconf_sysctl_unregister net/ipv6/addrconf.c:7033 [inline] addrconf_sysctl_unregister+0x131/0x1c0 net/ipv6/addrconf.c:7057 addrconf_ifdown.isra.0+0x122b/0x15f0 net/ipv6/addrconf.c:3907 addrconf_notify+0x159/0x2410 net/ipv6/addrconf.c:3678 notifier_call_chain kernel/notifier.c:83 [inline] raw_notifier_call_chain+0xb3/0x110 kernel/notifier.c:410 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2047 call_netdevice_notifiers_extack net/core/dev.c:2059 [inline] call_netdevice_notifiers net/core/dev.c:2073 [inline] unregister_netdevice_many+0x852/0x1490 net/core/dev.c:10751 unregister_netdevice_queue+0x201/0x2c0 net/core/dev.c:10685 unregister_netdevice include/linux/netdevice.h:2891 [inline] __tun_detach+0xfc1/0x12b0 drivers/net/tun.c:697 tun_detach drivers/net/tun.c:713 [inline] tun_chr_close+0xc4/0x250 drivers/net/tun.c:3486 __fput+0x285/0x9f0 fs/file_table.c:281 task_work_run+0xe2/0x1a0 kernel/task_work.c:185 exit_task_work include/linux/task_work.h:33 [inline] do_exit+0xb6f/0x2600 kernel/exit.c:860 do_group_exit+0x125/0x310 kernel/exit.c:982 get_signal+0x4bc/0x2350 kernel/signal.c:2762 arch_do_signal_or_restart+0x2b7/0x1990 arch/x86/kernel/signal.c:805 handle_signal_work kernel/entry/common.c:145 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x10f/0x190 kernel/entry/common.c:199 syscall_exit_to_user_mode+0x38/0x1d0 kernel/entry/common.c:274 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7fb3e801ab19 Code: Unable to access opcode bytes at RIP 0x7fb3e801aaef. RSP: 002b:00007fb3e5590188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: 0000000000000000 RBX: 00007fb3e812df60 RCX: 00007fb3e801ab19 RDX: 0000000020000040 RSI: 00000000c028660f RDI: 0000000000000003 RBP: 00007fb3e8074f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdbb88b4bf R14: 00007fb3e5590300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] NMI backtrace for cpu 1 skipped: idling at default_idle+0xe/0x20 arch/x86/kernel/process.c:706 ---------------- Code disassembly (best guess), 3 bytes skipped: 0: e8 39 91 ff ff callq 0xffff913e 5: b8 ff ff ff ff mov $0xffffffff,%eax a: 48 83 c4 20 add $0x20,%rsp e: 65 0f c1 05 58 31 db xadd %eax,%gs:0x7edb3158(%rip) # 0x7edb316e 15: 7e 16: 83 f8 01 cmp $0x1,%eax 19: 4c 8b 54 24 08 mov 0x8(%rsp),%r10 1e: 0f 85 48 02 00 00 jne 0x26c 24: 41 52 push %r10 26: 9d popfq * 27: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax <-- trapping instruction 2e: fc ff df 31: 48 01 c3 add %rax,%rbx 34: 48 c7 03 00 00 00 00 movq $0x0,(%rbx) 3b: 48 rex.W 3c: c7 .byte 0xc7