Bluetooth: hci4: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
Bluetooth: hci7: command 0x0406 tx timeout
Bluetooth: hci6: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor.3:4364]
Modules linked in:
irq event stamp: 4419981
hardirqs last  enabled at (4419980): [<ffffffff84000d02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
hardirqs last disabled at (4419981): [<ffffffff83e6274b>] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1094
softirqs last  enabled at (4414258): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
softirqs last disabled at (4414261): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
CPU: 1 PID: 4364 Comm: syz-executor.3 Not tainted 5.10.227 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:unwind_next_frame+0x30b/0x1a90 arch/x86/kernel/unwind_orc.c:461
Code: 85 49 12 00 00 41 c6 45 34 01 48 c7 c1 e0 8c eb 84 48 b8 00 00 00 00 00 fc ff df 4c 8d 79 04 4c 89 fa 48 c1 ea 03 0f b6 04 02 <4c> 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 b9 07 00 00 0f b6 41 04
RSP: 0018:ffff88806cf095d0 EFLAGS: 00000212
RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff85a1a87e
RDX: 1ffffffff0b43510 RSI: ffffffff85a1a878 RDI: ffffffff857285d8
RBP: ffff88806cf096dd R08: ffffffff85a1a878 R09: ffffffff85a1a884
R10: 0000000000032042 R11: 1ffff1100d9e12c2 R12: ffff88806cf096f0
R13: ffff88806cf096a8 R14: 1ffff1100d9e12c2 R15: ffffffff85a1a882
FS:  00007f6361f36700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000479ba000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 arch_stack_walk+0x83/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
 kasan_set_track mm/kasan/common.c:56 [inline]
 __kasan_kmalloc.constprop.0+0xc9/0xd0 mm/kasan/common.c:461
 slab_post_alloc_hook mm/slab.h:532 [inline]
 slab_alloc_node mm/slub.c:2896 [inline]
 slab_alloc mm/slub.c:2904 [inline]
 kmem_cache_alloc+0x13b/0x310 mm/slub.c:2909
 mem_pool_alloc mm/kmemleak.c:423 [inline]
 create_object.isra.0+0x3a/0xa20 mm/kmemleak.c:578
 kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
 slab_post_alloc_hook mm/slab.h:534 [inline]
 slab_alloc_node mm/slub.c:2896 [inline]
 kmem_cache_alloc_node+0x169/0x330 mm/slub.c:2932
 __alloc_skb+0x6d/0x5b0 net/core/skbuff.c:199
 __netdev_alloc_skb+0x6e/0x360 net/core/skbuff.c:447
 netdev_alloc_skb include/linux/skbuff.h:2854 [inline]
 dev_alloc_skb include/linux/skbuff.h:2867 [inline]
 __ieee80211_beacon_get+0x3af/0x1440 net/mac80211/tx.c:4876
 ieee80211_beacon_get_tim+0x88/0x9f0 net/mac80211/tx.c:4990
 ieee80211_beacon_get include/net/mac80211.h:4912 [inline]
 mac80211_hwsim_beacon_tx+0x111/0x940 drivers/net/wireless/mac80211_hwsim.c:1740
 __iterate_interfaces+0x1f0/0x550 net/mac80211/util.c:792
 ieee80211_iterate_active_interfaces_atomic+0x71/0x1c0 net/mac80211/util.c:828
 mac80211_hwsim_beacon+0xd1/0x1d0 drivers/net/wireless/mac80211_hwsim.c:1793
 __run_hrtimer kernel/time/hrtimer.c:1586 [inline]
 __hrtimer_run_queues+0x632/0xb40 kernel/time/hrtimer.c:1650
 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1667
 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298
 asm_call_irq_on_stack+0x12/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu kernel/softirq.c:423 [inline]
 irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:variable_test_bit arch/x86/include/asm/bitops.h:214 [inline]
RIP: 0010:test_bit include/asm-generic/bitops/instrumented-non-atomic.h:135 [inline]
RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:367 [inline]
RIP: 0010:trace_lock_acquire include/trace/events/lock.h:13 [inline]
RIP: 0010:lock_acquire+0xaf/0x470 kernel/locking/lockdep.c:5537
Code: 44 00 00 65 8b 15 a1 c2 da 7e 89 d2 be 08 00 00 00 48 89 d0 48 89 54 24 08 48 c1 f8 06 48 8d 3c c5 88 76 67 85 e8 d1 38 45 00 <48> 8b 54 24 08 48 0f a3 15 8c 23 40 04 0f 82 28 03 00 00 48 c7 c0
RSP: 0018:ffff888016fbf110 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 1ffff11002df7e24 RCX: ffffffff812752ef
RDX: fffffbfff0aceed2 RSI: 0000000000000008 RDI: ffffffff85677688
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8567768f
R10: fffffbfff0aceed1 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000000 R14: ffffffff84ff98e0 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:303 [inline]
 rcu_read_lock include/linux/rcupdate.h:717 [inline]
 hctx_lock+0xb3/0x200 block/blk-mq.c:721
 __blk_mq_run_hw_queue+0x124/0x290 block/blk-mq.c:1537
 __blk_mq_delay_run_hw_queue+0x4f1/0x550 block/blk-mq.c:1615
 blk_mq_run_hw_queue+0x170/0x2f0 block/blk-mq.c:1668
 blk_mq_sched_insert_request+0x384/0x440 block/blk-mq-sched.c:476
 blk_execute_rq+0xd4/0x1c0 block/blk-exec.c:86
 __scsi_execute+0x28e/0x630 drivers/scsi/scsi_lib.c:272
 scsi_execute_req include/scsi/scsi_device.h:461 [inline]
 sr_get_events drivers/scsi/sr.c:208 [inline]
 sr_check_events+0x182/0x9d0 drivers/scsi/sr.c:248
 cdrom_update_events drivers/cdrom/cdrom.c:1484 [inline]
 cdrom_check_events+0x64/0x110 drivers/cdrom/cdrom.c:1494
 sr_block_check_events+0x1b0/0x2c0 drivers/scsi/sr.c:666
 disk_check_events+0x137/0x5f0 block/genhd.c:2142
 disk_clear_events block/genhd.c:2075 [inline]
 bdev_check_media_change+0x12c/0x310 block/genhd.c:2106
 sr_block_open+0x1be/0x410 drivers/scsi/sr.c:542
 __blkdev_get+0x817/0x1660 fs/block_dev.c:1518
 blkdev_get fs/block_dev.c:1658 [inline]
 blkdev_open+0x227/0x300 fs/block_dev.c:1775
 do_dentry_open+0x4b7/0x1090 fs/open.c:817
 do_open fs/namei.c:3307 [inline]
 path_openat+0x19ba/0x2770 fs/namei.c:3425
 do_filp_open+0x190/0x3e0 fs/namei.c:3452
 do_sys_openat2+0x171/0x4d0 fs/open.c:1227
 do_sys_open fs/open.c:1243 [inline]
 __do_sys_openat fs/open.c:1259 [inline]
 __se_sys_openat fs/open.c:1254 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1254
 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x67/0xd1
RIP: 0033:0x7f63649c0b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6361f36188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f6364ad3f60 RCX: 00007f63649c0b19
RDX: 00000000000e8b02 RSI: 00000000200035c0 RDI: ffffffffffffff9c
RBP: 00007f6364a1af6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc2977f55f R14: 00007f6361f36300 R15: 0000000000022000
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.10.227 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Workqueue: events e1000_watchdog
RIP: 0010:e1000_update_stats+0x34d/0x1e70 drivers/net/ethernet/intel/e1000/e1000_main.c:3621
Code: 00 fc ff df 48 c1 e9 03 80 3c 01 00 0f 85 be 1a 00 00 45 89 ed 48 8b 83 c0 04 00 00 4c 01 ab c8 06 00 00 44 8b a8 ac 40 00 00 <48> 8d 83 10 07 00 00 48 89 c1 48 89 44 24 18 48 b8 00 00 00 00 00
RSP: 0018:ffff888008977b40 EFLAGS: 00000046
RAX: ffffc90000660000 RBX: ffff88800beecbc0 RCX: 1ffff110017dda51
RDX: 1ffff110017dd9be RSI: 0000000000000004 RDI: ffff88800beed280
RBP: 1ffff1100112ef77 R08: 0000000000000001 R09: 0000000000000003
R10: ffffed100112ef56 R11: 0000000000000001 R12: ffff88800beecdd8
R13: 0000000000000000 R14: ffff88800beec000 R15: ffff88800beecbc0
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f371e7f2010 CR3: 000000000d696000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 e1000_watchdog+0x341/0x1030 drivers/net/ethernet/intel/e1000/e1000_main.c:2498
 process_one_work+0x9a9/0x14b0 kernel/workqueue.c:2282
 worker_thread+0x61d/0x1310 kernel/workqueue.c:2428
 kthread+0x38f/0x470 kernel/kthread.c:328
 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:298
----------------
Code disassembly (best guess):
   0:	85 49 12             	test   %ecx,0x12(%rcx)
   3:	00 00                	add    %al,(%rax)
   5:	41 c6 45 34 01       	movb   $0x1,0x34(%r13)
   a:	48 c7 c1 e0 8c eb 84 	mov    $0xffffffff84eb8ce0,%rcx
  11:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  18:	fc ff df
  1b:	4c 8d 79 04          	lea    0x4(%rcx),%r15
  1f:	4c 89 fa             	mov    %r15,%rdx
  22:	48 c1 ea 03          	shr    $0x3,%rdx
  26:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax
* 2a:	4c 89 fa             	mov    %r15,%rdx <-- trapping instruction
  2d:	83 e2 07             	and    $0x7,%edx
  30:	38 d0                	cmp    %dl,%al
  32:	7f 08                	jg     0x3c
  34:	84 c0                	test   %al,%al
  36:	0f 85 b9 07 00 00    	jne    0x7f5
  3c:	0f b6 41 04          	movzbl 0x4(%rcx),%eax