Bluetooth: hci7: command 0x0406 tx timeout watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor.0:9461] Modules linked in: irq event stamp: 8802935 hardirqs last enabled at (8802934): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 hardirqs last disabled at (8802935): [] sysvec_apic_timer_interrupt+0xf/0xc0 softirqs last enabled at (8799550): [] __irq_exit_rcu+0x11b/0x180 softirqs last disabled at (8799553): [] __irq_exit_rcu+0x11b/0x180 CPU: 1 PID: 9461 Comm: syz-executor.0 Not tainted 6.1.0-rc7-next-20221202 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__local_bh_enable_ip+0xac/0x130 Code: 1d 51 50 eb 7e 65 8b 05 4a 50 eb 7e a9 00 ff ff 00 74 49 bf 01 00 00 00 e8 b1 b5 09 00 e8 6c f1 37 00 fb 65 8b 05 2c 50 eb 7e <85> c0 74 5c 5b 5d e9 dd 42 29 03 65 8b 05 8e 4c ea 7e 85 c0 75 9e RSP: 0018:ffff88806cf09820 EFLAGS: 00000206 RAX: 0000000000000100 RBX: 00000000fffffe00 RCX: ffffffff812b7bcf RDX: 0000000000000000 RSI: 0000000000000100 RDI: 0000000000000000 RBP: ffffffff8409a00f R08: 0000000000000001 R09: ffffffff8762b8ef R10: fffffbfff0ec571d R11: 0000000000000001 R12: ffff88806cf09d70 R13: 0000000000000003 R14: ffff88806cf09b78 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000562a2f1eb628 CR3: 000000000bb1a000 CR4: 0000000000350ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: ieee80211_rx_handlers+0x17df/0xa9c0 ieee80211_prepare_and_rx_handle+0x1cda/0x5d50 ieee80211_rx_for_interface+0x141/0x3b0 ieee80211_rx_list+0x18b1/0x2eb0 ieee80211_rx_napi+0xdf/0x380 ieee80211_tasklet_handler+0xd8/0x140 tasklet_action_common.constprop.0+0x208/0x2f0 __do_softirq+0x1c7/0x8f9 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x9/0x30 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:lock_is_held_type+0xfc/0x130 Code: 80 00 87 84 e8 b5 0e 00 00 b8 ff ff ff ff 65 0f c1 05 70 4e c3 7b 83 f8 01 75 26 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 <44> 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 a6 42 02 00 45 31 ed eb RSP: 0018:ffff888048dcf698 EFLAGS: 00000282 RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffff856085e0 R08: 0000000000000006 R09: 00007f2da364a000 R10: 00007f2da37aa000 R11: 0000000000000001 R12: ffff888038af3580 R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888038af3ee0 __might_resched+0x25/0x2d0 unmap_page_range+0xd78/0x2c10 unmap_single_vma+0x190/0x2a0 unmap_vmas+0x226/0x380 exit_mmap+0x158/0x680 mmput+0xd5/0x390 do_exit+0x99b/0x2720 do_group_exit+0xd4/0x2a0 get_signal+0x21b7/0x22f0 arch_do_signal_or_restart+0x79/0x5a0 exit_to_user_mode_prepare+0x131/0x1a0 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f2da3e32b19 Code: Unable to access opcode bytes at 0x7f2da3e32aef. RSP: 002b:00007f2da1387188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: 0000000000000003 RBX: 00007f2da3f46020 RCX: 00007f2da3e32b19 RDX: 0000000000000006 RSI: 0000000000000003 RDI: 0000000000000010 RBP: 00007f2da3e8cf6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffee996c15f R14: 00007f2da1387300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 9460 Comm: syz-executor.7 Not tainted 6.1.0-rc7-next-20221202 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__lock_acquire+0x8a/0x5e70 Code: 24 08 48 89 44 24 30 48 01 d0 48 c7 84 24 a0 00 00 00 70 af 2b 81 c7 00 f1 f1 f1 f1 c7 40 04 f1 f1 04 f2 c7 40 08 00 f3 f3 f3 <65> 48 8b 04 25 28 00 00 00 48 89 84 24 08 01 00 00 31 c0 48 c7 c0 RSP: 0018:ffff88806ce093b8 EFLAGS: 00000082 RAX: ffffed100d9c1289 RBX: 1ffff1100d9c12a6 RCX: 0000000000000002 RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff85627b88 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 R10: fffffbfff0ba0efa R11: 0000000000000001 R12: ffff88801a550000 R13: 0000000000000000 R14: ffffffff85627b88 R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd3b8f83010 CR3: 000000000bb1a000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: lock_acquire+0x1a6/0x530 ktime_get+0x80/0x1f0 clockevents_program_event+0x14f/0x360 tick_program_event+0xb0/0x150 hrtimer_interrupt+0x36a/0x770 __sysvec_apic_timer_interrupt+0x148/0x500 sysvec_apic_timer_interrupt+0x3f/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:cfg80211_rx_mgmt_ext+0x4/0xb20 Code: fd e9 fb fd ff ff e8 1b cb 4c 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <41> 57 41 56 49 89 f6 41 55 49 89 fd 41 54 55 53 48 83 ec 28 e8 53 RSP: 0018:ffff88806ce09830 EFLAGS: 00000246 RAX: ffff8880489dcb40 RBX: ffff888047d98850 RCX: 0000000000000100 RDX: ffff88801a550000 RSI: ffff88806ce099b0 RDI: ffff8880489dcb50 RBP: ffff888042606b40 R08: 0000000000000003 R09: 00000000000000d0 R10: 0000000000000080 R11: 0000000000000001 R12: ffff88806ce09d70 R13: 000000000000004c R14: ffff888042606b40 R15: dffffc0000000000 ieee80211_rx_handlers+0x4784/0xa9c0 ieee80211_prepare_and_rx_handle+0x1cda/0x5d50 ieee80211_rx_for_interface+0x141/0x3b0 ieee80211_rx_list+0x18b1/0x2eb0 ieee80211_rx_napi+0xdf/0x380 ieee80211_tasklet_handler+0xd8/0x140 tasklet_action_common.constprop.0+0x208/0x2f0 __do_softirq+0x1c7/0x8f9 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x9/0x30 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:unmap_page_range+0xbf0/0x2c10 Code: eb 18 48 c1 e8 03 48 c1 e3 06 80 3c 28 00 0f 85 f5 17 00 00 48 03 1d 8f e8 bc 03 48 8d 7b 28 48 89 f8 48 c1 e8 03 80 3c 28 00 <0f> 85 cf 17 00 00 48 8b 43 28 48 bb 00 f0 ff ff ff ff 0f 00 48 89 RSP: 0018:ffff888048567700 EFLAGS: 00000246 RAX: 1ffffd400008504d RBX: ffffea0000428240 RCX: 0000000000000000 RDX: ffff88801a550000 RSI: ffffffff816cf749 RDI: ffffea0000428268 RBP: dffffc0000000000 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000010a09 R13: 0000000010a09067 R14: 0000000000000000 R15: ffff888048567ad8 unmap_single_vma+0x190/0x2a0 unmap_vmas+0x226/0x380 exit_mmap+0x158/0x680 mmput+0xd5/0x390 do_exit+0x99b/0x2720 do_group_exit+0xd4/0x2a0 get_signal+0x21b7/0x22f0 arch_do_signal_or_restart+0x79/0x5a0 exit_to_user_mode_prepare+0x131/0x1a0 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f39dd5d0b19 Code: Unable to access opcode bytes at 0x7f39dd5d0aef. RSP: 002b:00007f39dab25188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: fffffffffffffe00 RBX: 00007f39dd6e4020 RCX: 00007f39dd5d0b19 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 RBP: 00007f39dd62af6d R08: 0000000000000000 R09: 0000000000000000 R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe2b01543f R14: 00007f39dab25300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 1d 51 50 eb 7e sbb $0x7eeb5051,%eax 5: 65 8b 05 4a 50 eb 7e mov %gs:0x7eeb504a(%rip),%eax # 0x7eeb5056 c: a9 00 ff ff 00 test $0xffff00,%eax 11: 74 49 je 0x5c 13: bf 01 00 00 00 mov $0x1,%edi 18: e8 b1 b5 09 00 callq 0x9b5ce 1d: e8 6c f1 37 00 callq 0x37f18e 22: fb sti 23: 65 8b 05 2c 50 eb 7e mov %gs:0x7eeb502c(%rip),%eax # 0x7eeb5056 * 2a: 85 c0 test %eax,%eax <-- trapping instruction 2c: 74 5c je 0x8a 2e: 5b pop %rbx 2f: 5d pop %rbp 30: e9 dd 42 29 03 jmpq 0x3294312 35: 65 8b 05 8e 4c ea 7e mov %gs:0x7eea4c8e(%rip),%eax # 0x7eea4cca 3c: 85 c0 test %eax,%eax 3e: 75 9e jne 0xffffffde