Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci3: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci7: command 0x0406 tx timeout watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.2:4287] Modules linked in: irq event stamp: 4562621 hardirqs last enabled at (4562620): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (4562621): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1094 softirqs last enabled at (4553892): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (4553895): [] asm_call_irq_on_stack+0x12/0x20 CPU: 0 PID: 4287 Comm: syz-executor.2 Not tainted 5.10.215 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:cfg80211_rx_mgmt_khz+0x2/0x7f0 net/wireless/mlme.c:760 Code: e8 53 64 c3 fd e9 1e fb ff ff e8 49 64 c3 fd e9 42 fb ff ff e8 9f e5 3b 00 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 57 <41> 56 49 89 fe 41 55 41 54 55 48 89 cd 53 48 83 ec 48 89 54 24 20 RSP: 0018:ffff88806ce09908 EFLAGS: 00000246 RAX: ffff88800b980bc0 RBX: 000000000000004c RCX: ffff888049c15450 RDX: 00000000ffffffe2 RSI: 000000000024cde0 RDI: ffff88800b980bd0 RBP: 000000000024cde0 R08: 000000000000004c R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 00000000ffffffe2 R13: dffffc0000000000 R14: ffff88806ce09d98 R15: 0000000000000000 FS: 00007f497d67a700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff642222998 CR3: 000000000db78000 CR4: 0000000000350ef0 Call Trace: ieee80211_rx_h_userspace_mgmt net/mac80211/rx.c:3536 [inline] ieee80211_rx_handlers+0x650a/0xa3f0 net/mac80211/rx.c:3883 ieee80211_invoke_rx_handlers net/mac80211/rx.c:3917 [inline] ieee80211_prepare_and_rx_handle+0x17d4/0x5890 net/mac80211/rx.c:4604 __ieee80211_rx_handle_packet net/mac80211/rx.c:4665 [inline] ieee80211_rx_list+0xdd0/0x2370 net/mac80211/rx.c:4845 ieee80211_rx_napi+0xdc/0x3c0 net/mac80211/rx.c:4866 ieee80211_rx include/net/mac80211.h:4502 [inline] ieee80211_tasklet_handler+0xd3/0x130 net/mac80211/main.c:235 tasklet_action_common.constprop.0+0x244/0x2f0 kernel/softirq.c:560 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:filter_irq_stacks+0xf/0x60 lib/stackdepot.c:335 Code: 48 c1 e5 05 48 81 c5 60 6d 1e 85 eb ad e8 99 ac 43 ff 0f 0b e8 32 99 6f ff eb bf 89 f1 85 f6 74 47 41 89 f0 31 c0 48 8b 14 c7 <89> c6 48 81 fa 20 02 00 84 72 11 48 81 fa d0 0e 00 84 73 08 8d 46 RSP: 0018:ffff888048f676e8 EFLAGS: 00000216 RAX: 000000000000000b RBX: ffff888015263e20 RCX: 0000000000000011 RDX: ffffffff814e259f RSI: 000000000000000a RDI: ffff888048f676f0 RBP: 0000000000092800 R08: 0000000000000011 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000092800 R13: 0000000000000000 R14: ffff88800804d640 R15: 0000000000000170 kasan_save_stack+0x25/0x40 mm/kasan/common.c:49 kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xc9/0xd0 mm/kasan/common.c:461 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2896 [inline] slab_alloc mm/slub.c:2904 [inline] kmem_cache_alloc+0x13b/0x310 mm/slub.c:2909 mem_pool_alloc mm/kmemleak.c:423 [inline] create_object.isra.0+0x3a/0xa20 mm/kmemleak.c:578 kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] slab_post_alloc_hook mm/slab.h:534 [inline] slab_alloc_node mm/slub.c:2896 [inline] slab_alloc mm/slub.c:2904 [inline] kmem_cache_alloc_trace+0x151/0x320 mm/slub.c:2921 kmalloc include/linux/slab.h:552 [inline] build_map_info kernel/events/uprobes.c:986 [inline] register_for_each_vma+0x476/0xc00 kernel/events/uprobes.c:1043 __uprobe_register+0x4df/0x880 kernel/events/uprobes.c:1183 trace_uprobe_enable kernel/trace/trace_uprobe.c:1065 [inline] probe_event_enable+0x368/0xa20 kernel/trace/trace_uprobe.c:1134 trace_uprobe_register+0x54/0x730 kernel/trace/trace_uprobe.c:1463 perf_trace_event_reg kernel/trace/trace_event_perf.c:129 [inline] perf_trace_event_init+0x554/0x9c0 kernel/trace/trace_event_perf.c:204 perf_uprobe_init+0x173/0x210 kernel/trace/trace_event_perf.c:336 perf_uprobe_event_init+0xff/0x1d0 kernel/events/core.c:9804 perf_try_init_event+0x130/0x570 kernel/events/core.c:11139 perf_init_event kernel/events/core.c:11191 [inline] perf_event_alloc.part.0+0xd96/0x2b70 kernel/events/core.c:11469 perf_event_alloc kernel/events/core.c:11865 [inline] __do_sys_perf_event_open+0x579/0x2e60 kernel/events/core.c:11963 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xcc RIP: 0033:0x7f4980104b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f497d67a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007f4980217f60 RCX: 00007f4980104b19 RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000040 RBP: 00007f498015ef6d R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcac01d3ff R14: 00007f497d67a300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4294 Comm: syz-executor.1 Not tainted 5.10.215 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:asm_sysvec_apic_timer_interrupt+0x0/0x20 arch/x86/include/asm/idtentry.h:634 Code: 00 66 0f 1f 84 00 00 00 00 00 0f 01 ca 6a ff e8 16 05 00 00 48 89 e7 e8 fe 12 e5 ff e9 39 06 00 00 66 0f 1f 84 00 00 00 00 00 <0f> 01 ca 6a ff e8 f6 04 00 00 48 89 e7 e8 7e 11 e5 ff e9 19 06 00 RSP: 0018:ffff88806cf09b08 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 0000000000000246 RCX: 1ffffffff0d0cd12 RDX: ffff8880489a8000 RSI: ffffffff8131bedd RDI: ffffffff8131c031 RBP: 0000000000000200 R08: 0000000000000001 R09: ffffffff868646e7 R10: fffffbfff0d0c8dc R11: 0000000000000001 R12: ffff8880499aa500 R13: fffffbfff0a01f82 R14: ffffffff8500fc10 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9ef77c87b0 CR3: 000000000e82e000 CR4: 0000000000350ee0 Call Trace: RIP: 0010:native_restore_fl arch/x86/include/asm/irqflags.h:41 [inline] RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:84 [inline] RIP: 0010:seqcount_lockdep_reader_access include/linux/seqlock.h:105 [inline] RIP: 0010:ktime_get_with_offset+0xcf/0x260 kernel/time/timekeeping.c:876 Code: 00 00 00 31 f6 48 c7 c7 48 fb 00 85 e8 4a 85 f5 ff 48 8b 74 24 60 48 c7 c7 48 fb 00 85 e8 b9 7e f5 ff 58 e8 33 f8 0e 00 53 9d 07 e8 2a f8 0e 00 f3 90 8b 1d 52 3c cf 03 31 ff 89 dd 83 e5 01 ---------------- Code disassembly (best guess): 0: e8 53 64 c3 fd callq 0xfdc36458 5: e9 1e fb ff ff jmpq 0xfffffb28 a: e8 49 64 c3 fd callq 0xfdc36458 f: e9 42 fb ff ff jmpq 0xfffffb56 14: e8 9f e5 3b 00 callq 0x3be5b8 19: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1) 20: 00 00 00 00 24: 0f 1f 40 00 nopl 0x0(%rax) 28: 41 57 push %r15 * 2a: 41 56 push %r14 <-- trapping instruction 2c: 49 89 fe mov %rdi,%r14 2f: 41 55 push %r13 31: 41 54 push %r12 33: 55 push %rbp 34: 48 89 cd mov %rcx,%rbp 37: 53 push %rbx 38: 48 83 ec 48 sub $0x48,%rsp 3c: 89 54 24 20 mov %edx,0x20(%rsp)