Bluetooth: hci7: command 0x0406 tx timeout Bluetooth: hci2: command 0x0406 tx timeout Bluetooth: hci0: command 0x0406 tx timeout Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.4:4029] Modules linked in: irq event stamp: 11111249 hardirqs last enabled at (11111248): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (11111249): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1106 softirqs last enabled at (11106460): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (11106463): [] asm_call_irq_on_stack+0x12/0x20 CPU: 0 PID: 4029 Comm: syz-executor.4 Not tainted 5.10.233 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:load_balance+0x1/0x2a10 kernel/sched/fair.c:9839 Code: 48 89 74 24 20 89 4c 24 18 44 89 04 24 e8 d7 ef 4a 00 8b 54 24 28 48 8b 74 24 20 8b 4c 24 18 44 8b 04 24 e9 cc df ff ff 90 55 <48> 89 e5 41 57 41 56 4d 89 c6 41 55 41 54 53 48 89 d3 48 81 ec a0 RSP: 0018:ffff88806ce09e78 EFLAGS: 00000212 RAX: 00000000ffff440b RBX: ffff888008883400 RCX: 0000000000000001 RDX: ffff888008883400 RSI: ffff88806ce3b2c0 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffff88806ce09f10 R09: 0000000000000001 R10: 0000000000000000 R11: ffffffff8122055c R12: ffff888008883440 R13: ffff88806ce3b2c0 R14: fffffbfff09c1e30 R15: 00000000000fba96 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1d1706c998 CR3: 0000000004e26000 CR4: 0000000000350ef0 Call Trace: rebalance_domains+0x65b/0xc20 kernel/sched/fair.c:10301 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1106 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:free_pages_prepare mm/page_alloc.c:1247 [inline] RIP: 0010:free_pcp_prepare+0x8c/0x510 mm/page_alloc.c:1293 Code: 04 0f 82 9c 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8d 6d 18 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 ce 03 00 00 f6 45 18 03 <74> 08 48 c7 45 18 00 00 00 00 0f 1f 44 00 00 48 b8 00 00 00 00 00 RSP: 0018:ffff888048d6f5b8 EFLAGS: 00000202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8166226b RDX: 1ffffd4000255e4b RSI: 0000000000000008 RDI: ffff88806ce3c128 RBP: ffffea00012af240 R08: 0000000000000000 R09: ffffffff8567778f R10: fffffbfff0aceef1 R11: 0000000000000001 R12: 000000000004abc9 R13: ffffea00012af258 R14: fffffbfff0991ac8 R15: ffffea00011cb180 free_unref_page_prepare mm/page_alloc.c:3161 [inline] free_unref_page_list+0x166/0x680 mm/page_alloc.c:3231 release_pages+0x806/0xc20 mm/swap.c:952 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:240 [inline] tlb_flush_mmu+0xe9/0x6e0 mm/mmu_gather.c:247 zap_pte_range mm/memory.c:1355 [inline] zap_pmd_range mm/memory.c:1404 [inline] zap_pud_range mm/memory.c:1433 [inline] zap_p4d_range mm/memory.c:1454 [inline] unmap_page_range+0x17d9/0x1fe0 mm/memory.c:1475 unmap_single_vma+0x198/0x300 mm/memory.c:1520 unmap_vmas+0x16d/0x300 mm/memory.c:1552 exit_mmap+0x27f/0x4f0 mm/mmap.c:3253 __mmput kernel/fork.c:1101 [inline] mmput+0xca/0x340 kernel/fork.c:1122 exit_mm kernel/exit.c:536 [inline] do_exit+0xa96/0x2600 kernel/exit.c:847 do_group_exit+0x125/0x310 kernel/exit.c:982 get_signal+0x4bc/0x2350 kernel/signal.c:2762 arch_do_signal_or_restart+0x2b7/0x1990 arch/x86/kernel/signal.c:805 handle_signal_work kernel/entry/common.c:145 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x10f/0x190 kernel/entry/common.c:199 syscall_exit_to_user_mode+0x38/0x1d0 kernel/entry/common.c:274 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7f04a96a2b19 Code: Unable to access opcode bytes at RIP 0x7f04a96a2aef. RSP: 002b:00007f04a6bf7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000124 RAX: 0000000000000003 RBX: 00007f04a97b6020 RCX: 00007f04a96a2b19 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 RBP: 00007f04a96fcf6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffca9cdbf4f R14: 00007f04a6bf7300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] NMI backtrace for cpu 1 skipped: idling at default_idle+0xe/0x20 arch/x86/kernel/process.c:706 ---------------- Code disassembly (best guess): 0: 48 89 74 24 20 mov %rsi,0x20(%rsp) 5: 89 4c 24 18 mov %ecx,0x18(%rsp) 9: 44 89 04 24 mov %r8d,(%rsp) d: e8 d7 ef 4a 00 callq 0x4aefe9 12: 8b 54 24 28 mov 0x28(%rsp),%edx 16: 48 8b 74 24 20 mov 0x20(%rsp),%rsi 1b: 8b 4c 24 18 mov 0x18(%rsp),%ecx 1f: 44 8b 04 24 mov (%rsp),%r8d 23: e9 cc df ff ff jmpq 0xffffdff4 28: 90 nop 29: 55 push %rbp * 2a: 48 89 e5 mov %rsp,%rbp <-- trapping instruction 2d: 41 57 push %r15 2f: 41 56 push %r14 31: 4d 89 c6 mov %r8,%r14 34: 41 55 push %r13 36: 41 54 push %r12 38: 53 push %rbx 39: 48 89 d3 mov %rdx,%rbx 3c: 48 rex.W 3d: 81 .byte 0x81 3e: ec in (%dx),%al 3f: a0 .byte 0xa0