Bluetooth: hci4: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#1 stuck for 25s! [syz-executor.1:15972]
Modules linked in:
irq event stamp: 3265963
hardirqs last  enabled at (3265962): [<ffffffff8482356b>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (3265963): [<ffffffff84821f2f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (3261790): [<ffffffff811a7dec>] handle_softirqs+0x50c/0x770
softirqs last disabled at (3261793): [<ffffffff811a87f4>] irq_exit_rcu+0x94/0xc0
CPU: 1 UID: 0 PID: 15972 Comm: syz-executor.1 Not tainted 6.12.0-rc3-next-20241016 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:arch_stack_walk+0x87/0xf0
Code: ff e8 cd 99 07 00 8b 95 68 ff ff ff 85 d2 75 24 eb 36 4c 89 e7 e8 49 51 77 03 84 c0 74 2a 48 8d bd 68 ff ff ff e8 09 75 07 00 <8b> 85 68 ff ff ff 85 c0 74 14 48 8d bd 68 ff ff ff e8 63 72 07 00
RSP: 0018:ffff88806cf08fe8 EFLAGS: 00000292
RAX: 0000000000000001 RBX: ffffffff813e8f70 RCX: 0000000000000001
RDX: ffff88806cf09ff0 RSI: ffff88806cf09fb8 RDI: ffff88806cf08ff8
RBP: ffff88806cf09080 R08: 0000000000000001 R09: ffff88806cf09028
R10: 000000000003c001 R11: 0000000000007fa2 R12: ffff88806cf090b0
R13: 0000000000000000 R14: ffff88803b755280 R15: ffffffff845e995c
FS:  00007efd7dcb8700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efd7dc97718 CR3: 000000001a4f4000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 stack_trace_save+0x8f/0xc0
 set_track_prepare+0x36/0x70
 __alloc_object+0xf4/0x270
 __create_object+0x1d/0x80
 __kmalloc_noprof+0x37e/0x4b0
 ieee802_11_parse_elems_full+0xec/0x15a0
 ieee80211_inform_bss+0xf7/0x10b0
 cfg80211_inform_single_bss_data+0x7fe/0x1c50
 cfg80211_inform_bss_data+0x20f/0x3510
 cfg80211_inform_bss_frame_data+0x250/0x690
 ieee80211_bss_info_update+0x2f6/0xa90
 ieee80211_scan_rx+0x474/0xac0
 ieee80211_rx_list+0x21ec/0x2cf0
 ieee80211_rx_napi+0xdc/0x3b0
 ieee80211_handle_queued_frames+0xd9/0x130
 tasklet_action_common+0x235/0x3b0
 handle_softirqs+0x1b1/0x770
 irq_exit_rcu+0x94/0xc0
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:find_bug+0xb8/0x480
Code: e8 fd 93 d8 fc 4c 89 e0 48 c1 e8 03 42 0f b6 14 28 4c 89 e0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 89 03 00 00 49 63 1c 24 <48> 89 ef 4c 01 e3 48 89 de e8 6a 96 d8 fc 48 39 dd 0f 84 26 02 00
RSP: 0018:ffff88803d8c7aa0 EFLAGS: 00000246
RAX: 0000000000000007 RBX: fffffffffd6a7d3f RCX: ffffc9000b455000
RDX: 0000000000000000 RSI: ffffffff8478e823 RDI: 0000000000000006
RBP: ffffffff81000050 R08: 0000000000000000 R09: fffffbfff0c7e4e9
R10: ffffffff83acac5e R11: 1ffffffff0f72b17 R12: ffffffff86423504
R13: dffffc0000000000 R14: ffff88800e2b9028 R15: ffffffff84ccdb40
 register_kprobe+0xba1/0x15f0
 __register_trace_kprobe+0x26a/0x2d0
 create_local_trace_kprobe+0x217/0x410
 perf_kprobe_init+0x119/0x210
 perf_kprobe_event_init+0xfc/0x1d0
 perf_try_init_event+0x13a/0xc40
 perf_event_alloc.part.0+0x10a3/0x3c30
 __do_sys_perf_event_open+0x4cb/0x2b60
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efd80763b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007efd7dcb8188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007efd80877020 RCX: 00007efd80763b19
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000280
RBP: 00007efd807bdf6d R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffea206dc8f R14: 00007efd7dcb8300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 15952 Comm: syz-executor.0 Not tainted 6.12.0-rc3-next-20241016 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x80
Code: 7e 60 e8 a3 ff ff ff 31 c0 e9 dc f4 32 03 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 34 24 65 48 8b 15 90 2a b2 7e 65 8b 05 91 2a b2
RSP: 0018:ffff88806ce093a0 EFLAGS: 00000002
RAX: 0000000000010103 RBX: 0000000000000002 RCX: ffffffff813fcf53
RDX: ffff88800a493700 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 00000064be640ea3 R08: 0000000000000000 R09: fffffbfff0c7e4e9
R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000001
R13: ffff888009635e38 R14: ffff88806ce2ce80 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c002227000 CR3: 000000000a5d6000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 __hrtimer_run_queues+0x88c/0xa70
 hrtimer_interrupt+0x2f2/0x750
 __sysvec_apic_timer_interrupt+0xc2/0x390
 sysvec_apic_timer_interrupt+0x34/0x80
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:stack_depot_save_flags+0xdc/0x900
Code: c1 c3 08 44 31 cb 41 89 d9 41 29 d8 01 c3 41 c1 c1 10 45 31 c8 45 89 c1 44 29 c0 41 01 d8 41 c1 c9 0d 44 31 c8 41 89 c1 29 c3 <44> 01 c0 41 c1 c1 04 44 31 cb 83 ff 03 77 89 83 ff 02 0f 84 c2 00
RSP: 0018:ffff88806ce09630 EFLAGS: 00000207
RAX: 00000000e788dd5c RBX: 0000000070008341 RCX: 0000000000000001
RDX: 0000000000000016 RSI: ffff88806ce096d8 RDI: 000000000000001a
RBP: 0000000000000001 R08: 0000000029ff4b97 R09: 00000000e788dd5c
R10: ffffffff863f274f R11: 00000000000c2f81 R12: 0000000000000000
R13: ffff88806ce09690 R14: 0000000000000016 R15: 0000000000092820
 kasan_save_stack+0x34/0x50
 kasan_save_track+0x14/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc_noprof+0x13d/0x3d0
 __alloc_object+0x2f/0x270
 __create_object+0x1d/0x80
 kmem_cache_alloc_node_noprof+0x311/0x3e0
 kmalloc_reserve+0x189/0x2b0
 __alloc_skb+0x162/0x370
 skb_copy+0x1d5/0x3b0
 mac80211_hwsim_tx_frame_no_nl.isra.0+0xafb/0x1320
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x546/0x950
 __iterate_interfaces+0x2cb/0x5d0
 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x1ab/0xa70
 hrtimer_run_softirq+0x14c/0x310
 handle_softirqs+0x1b1/0x770
 irq_exit_rcu+0x94/0xc0
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:_raw_spin_unlock_irqrestore+0x34/0x50
Code: c7 18 53 48 89 f3 48 8b 74 24 10 e8 16 a6 ab fc 48 89 ef e8 0e 17 ac fc 80 e7 02 74 06 e8 24 26 d5 fc fb 65 ff 0d a4 54 7f 7b <74> 07 5b 5d e9 b3 1e 00 00 0f 1f 44 00 00 5b 5d e9 a7 1e 00 00 0f
RSP: 0018:ffff88803dd7f5c8 EFLAGS: 00000202
RAX: 00000000003627dd RBX: 0000000000000293 RCX: 1ffffffff0fdae97
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8484521c
RBP: ffff88803af4e108 R08: 0000000000000001 R09: fffffbfff0fda9d4
R10: ffffffff87ed4ea7 R11: 00000000fa83b2da R12: ffff88803af4e108
R13: fffffffffffffff8 R14: 1ffff11007bafebf R15: ffffffffffffffe5
 percpu_counter_add_batch+0x1cf/0x240
 unmap_page_range+0x11d9/0x3530
 unmap_single_vma+0x19a/0x2b0
 unmap_vmas+0x1f1/0x450
 exit_mmap+0x187/0xa30
 mmput+0xd5/0x350
 do_exit+0x9ae/0x2a30
 do_group_exit+0xd3/0x2a0
 get_signal+0x219f/0x23d0
 arch_do_signal_or_restart+0x81/0x780
 syscall_exit_to_user_mode+0x123/0x1e0
 do_syscall_64+0xcc/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fac4a3e4b19
Code: Unable to access opcode bytes at 0x7fac4a3e4aef.
RSP: 002b:00007fac4795a188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: 0000000000000004 RBX: 00007fac4a4f7f60 RCX: 00007fac4a3e4b19
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280
RBP: 00007fac4a43ef6d R08: 000000000000000b R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe28f5932f R14: 00007fac4795a300 R15: 0000000000022000
 </TASK>
syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET)
audit: type=1400 audit(1729123730.249:10): avc:  denied  { write } for  pid=16026 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
audit: type=1400 audit(1729123730.254:11): avc:  denied  { read } for  pid=16026 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	e8 cd 99 07 00       	callq  0x799d2
   5:	8b 95 68 ff ff ff    	mov    -0x98(%rbp),%edx
   b:	85 d2                	test   %edx,%edx
   d:	75 24                	jne    0x33
   f:	eb 36                	jmp    0x47
  11:	4c 89 e7             	mov    %r12,%rdi
  14:	e8 49 51 77 03       	callq  0x3775162
  19:	84 c0                	test   %al,%al
  1b:	74 2a                	je     0x47
  1d:	48 8d bd 68 ff ff ff 	lea    -0x98(%rbp),%rdi
  24:	e8 09 75 07 00       	callq  0x77532
* 29:	8b 85 68 ff ff ff    	mov    -0x98(%rbp),%eax <-- trapping instruction
  2f:	85 c0                	test   %eax,%eax
  31:	74 14                	je     0x47
  33:	48 8d bd 68 ff ff ff 	lea    -0x98(%rbp),%rdi
  3a:	e8 63 72 07 00       	callq  0x772a2