Bluetooth: hci2: command tx timeout Bluetooth: hci1: command tx timeout Bluetooth: hci0: command tx timeout Bluetooth: hci2: command tx timeout Bluetooth: hci1: command tx timeout watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.3:3915] Modules linked in: irq event stamp: 3339185 hardirqs last enabled at (3339184): [] irqentry_exit+0x3b/0x90 hardirqs last disabled at (3339185): [] sysvec_apic_timer_interrupt+0xf/0x80 softirqs last enabled at (3304708): [] handle_softirqs+0x50c/0x770 softirqs last disabled at (3304713): [] irq_exit_rcu+0x94/0xc0 CPU: 0 UID: 0 PID: 3915 Comm: syz-executor.3 Not tainted 6.12.0-rc3-next-20241016 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:unwind_next_frame+0x1b0/0x2490 Code: 42 ff 39 c6 0f 83 bb 16 00 00 48 b8 00 00 00 00 00 fc ff df 89 f2 48 8d 3c 95 ec e7 c1 86 49 89 f8 49 c1 e8 03 45 0f b6 04 00 <48> 89 f8 83 e0 07 83 c0 03 44 38 c0 7c 32 45 84 c0 74 2d 48 89 54 RSP: 0018:ffff88806ce09778 EFLAGS: 00000212 RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff81c18939 RDX: 000000000000c189 RSI: 000000000000c189 RDI: ffffffff86c4ee10 RBP: ffff88806ce09840 R08: 0000000000000000 R09: ffff88806ce09828 R10: 000000000003c001 R11: 0000000000030473 R12: ffff88806ce09848 R13: ffff88806ce09830 R14: ffff88806ce09829 R15: ffff88806ce097e8 FS: 00007f47bd7fc700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d023000 CR3: 0000000030ab0000 CR4: 0000000000350ef0 Call Trace: arch_stack_walk+0x87/0xf0 stack_trace_save+0x8f/0xc0 kasan_save_stack+0x24/0x50 __kasan_record_aux_stack+0x8c/0xa0 __call_rcu_common.constprop.0+0x6a/0xaa0 kmem_cache_free+0x2ae/0x470 skb_release_data+0x814/0x990 consume_skb+0xd0/0x160 mac80211_hwsim_tx_frame+0x1f6/0x2a0 mac80211_hwsim_beacon_tx+0x546/0x950 __iterate_interfaces+0x2cb/0x5d0 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x1ab/0xa70 hrtimer_run_softirq+0x14c/0x310 handle_softirqs+0x1b1/0x770 irq_exit_rcu+0x94/0xc0 sysvec_apic_timer_interrupt+0x70/0x80 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:lock_acquire.part.0+0x10e/0x320 Code: b6 c9 e8 35 a7 ff ff b8 ff ff ff ff 48 83 c4 28 65 0f c1 05 2c 88 d2 7e 83 f8 01 0f 85 aa 01 00 00 48 85 ed 0f 85 9b 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7 RSP: 0018:ffff888034abee80 EFLAGS: 00000206 RAX: 0000000000000001 RBX: 1ffff11006957dd3 RCX: 1ffff11006957db8 RDX: 1ffff11003c43827 RSI: 0000000000000001 RDI: 0000000094d9f8ca RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff0fda9d4 R10: ffffffff87ed4ea7 R11: 00000000000007e0 R12: ffffffff85c14e40 R13: ffff88807ffd76a0 R14: ffffea000058d900 R15: ffff888016364000 __virt_addr_valid+0x1e2/0x5d0 kasan_addr_to_slab+0xd/0xa0 __kasan_record_aux_stack+0xe/0xa0 __call_rcu_common.constprop.0+0x6a/0xaa0 kfree+0x28e/0x480 __free_slab+0x100/0x120 __put_partials+0xd8/0x110 qlist_free_all+0x50/0x160 kasan_quarantine_reduce+0x19c/0x230 __kasan_slab_alloc+0x49/0x70 kmem_cache_alloc_noprof+0x13d/0x3d0 ext4_mb_new_blocks+0x2345/0x45b0 ext4_ext_map_blocks+0x1b14/0x5ac0 ext4_map_blocks+0x3f1/0x14d0 ext4_iomap_begin+0x3aa/0x710 iomap_iter+0x441/0x10e0 __iomap_dio_rw+0x6a3/0x1c70 iomap_dio_rw+0x40/0xa0 ext4_file_write_iter+0xb69/0x1690 vfs_write+0xbcc/0x1090 ksys_write+0x122/0x250 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f47c0286b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f47bd7fc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f47c0399f60 RCX: 00007f47c0286b19 RDX: 0000000000140000 RSI: 0000000020000200 RDI: 0000000000000005 RBP: 00007f47c02e0f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc355dbc0f R14: 00007f47bd7fc300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 4148 Comm: modprobe Not tainted 6.12.0-rc3-next-20241016 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:unwind_next_frame+0xc5a/0x2490 Code: 40 84 f6 0f 95 c0 84 c2 0f 85 3a 17 00 00 48 0f bf 41 02 ba 08 00 00 00 4c 89 ff 49 01 c6 4c 89 f6 e8 ca f1 ff ff 4d 8d 4f 40 <84> c0 0f 84 a4 f6 ff ff 4c 89 f7 e8 b6 e9 ff ff 49 8d 7f 50 48 89 RSP: 0018:ffff888030dff708 EFLAGS: 00000286 RAX: ffff888030e00001 RBX: 0000000000000001 RCX: 0000000000000001 RDX: ffff888030dfff01 RSI: ffff888030dfff00 RDI: ffff888030dff788 RBP: ffff888030dff7d0 R08: 0000000000000001 R09: ffff888030dff7b8 R10: 000000000003c001 R11: 0000000000020ae1 R12: ffff888030dff7d8 R13: ffff888030dff7c0 R14: ffff888030dfff00 R15: ffff888030dff778 FS: 00007fea24a65540(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fea24bc5270 CR3: 000000003b306000 CR4: 0000000000350ef0 Call Trace: arch_stack_walk+0x87/0xf0 stack_trace_save+0x8f/0xc0 kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x59/0x70 kmem_cache_alloc_noprof+0x13d/0x3d0 __alloc_object+0x2f/0x270 __create_object+0x1d/0x80 kmem_cache_alloc_noprof+0x300/0x3d0 vm_area_alloc+0x113/0x200 do_brk_flags+0x335/0x10d0 __do_sys_brk+0x690/0xa30 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fea24b82bb7 Code: ff ff 90 64 83 3b 0d 75 07 64 c7 03 01 00 00 00 5b b8 ff ff ff ff 5d 41 5c c3 66 0f 1f 84 00 00 00 00 00 b8 0c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 19 48 8b 15 02 93 0c 00 48 89 02 48 39 c7 77 RSP: 002b:00007ffea450b378 EFLAGS: 00000206 ORIG_RAX: 000000000000000c RAX: ffffffffffffffda RBX: 0000563c84df5000 RCX: 00007fea24b82bb7 RDX: 00007fea24c506e0 RSI: 0000000000021000 RDI: 0000563c84df5000 RBP: 00007fea24c506e0 R08: 0000000000000003 R09: 00007fea24c4cbe0 R10: 00000000000002b0 R11: 0000000000000206 R12: 0000563c84dd4000 R13: fffffffffffff000 R14: 00007fea24c4cbe0 R15: 00000000000002b0 Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 Bluetooth: hci3: command tx timeout Bluetooth: hci5: command tx timeout Bluetooth: hci6: command tx timeout Bluetooth: hci7: command tx timeout Bluetooth: hci3: command tx timeout Bluetooth: hci5: command tx timeout Bluetooth: hci6: command tx timeout Bluetooth: hci7: command tx timeout ---------------- Code disassembly (best guess): 0: 42 ff rex.X (bad) 2: 39 c6 cmp %eax,%esi 4: 0f 83 bb 16 00 00 jae 0x16c5 a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 11: fc ff df 14: 89 f2 mov %esi,%edx 16: 48 8d 3c 95 ec e7 c1 lea -0x793e1814(,%rdx,4),%rdi 1d: 86 1e: 49 89 f8 mov %rdi,%r8 21: 49 c1 e8 03 shr $0x3,%r8 25: 45 0f b6 04 00 movzbl (%r8,%rax,1),%r8d * 2a: 48 89 f8 mov %rdi,%rax <-- trapping instruction 2d: 83 e0 07 and $0x7,%eax 30: 83 c0 03 add $0x3,%eax 33: 44 38 c0 cmp %r8b,%al 36: 7c 32 jl 0x6a 38: 45 84 c0 test %r8b,%r8b 3b: 74 2d je 0x6a 3d: 48 rex.W 3e: 89 .byte 0x89 3f: 54 push %rsp