Bluetooth: hci6: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.3:9523]
Modules linked in:
irq event stamp: 7369395
hardirqs last  enabled at (7369394): [<ffffffff84400d06>] asm_sysvec_x86_platform_ipi-0xa/0x20
hardirqs last disabled at (7369395): [<ffffffff8433e99b>] sysvec_apic_timer_interrupt+0xb/0xd0
softirqs last  enabled at (7342034): [<ffffffff8117d26b>] __irq_exit_rcu+0x11b/0x190
softirqs last disabled at (7342037): [<ffffffff8117d26b>] __irq_exit_rcu+0x11b/0x190
CPU: 0 PID: 9523 Comm: syz-executor.3 Not tainted 6.1.0-rc1-next-20221021 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__module_text_address+0x13/0x1c0
Code: 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 54 55 53 48 89 fb e8 f4 87 11 00 4c 8b 25 fd 61 ca 03 <48> 89 df 4c 89 e6 e8 82 83 11 00 4c 39 e3 0f 82 9b 00 00 00 e8 d4
RSP: 0018:ffff88806ce09728 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00007fc2d39b7b19 RCX: 0000000000000100
RDX: ffff88803e06b580 RSI: ffffffff81368fbc RDI: 00007fc2d39b7b19
RBP: 00007fc2d39b7b19 R08: 0000000000000007 R09: ffffffffff600000
R10: 00007fc2d39b7000 R11: 0000000000036001 R12: ffffffffffffffff
R13: 0000000000000000 R14: ffff88803e06b580 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f13bfaef998 CR3: 0000000005026000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 is_module_text_address+0x1d/0x80
 kernel_text_address+0x31/0xc0
 __kernel_text_address+0x9/0x50
 unwind_get_return_address+0x55/0xb0
 arch_stack_walk+0x99/0x100
 stack_trace_save+0x8c/0xd0
 kasan_save_stack+0x1e/0x50
 kasan_set_track+0x21/0x40
 __kasan_slab_alloc+0x58/0x80
 kmem_cache_alloc_node+0x1c6/0x410
 __alloc_skb+0x210/0x310
 __netdev_alloc_skb+0x72/0x3f0
 __ieee80211_beacon_get+0x3de/0x1390
 ieee80211_beacon_get_tim+0x95/0x4f0
 mac80211_hwsim_beacon_tx+0x1ce/0xac0
 __iterate_interfaces+0x2d3/0x570
 ieee80211_iterate_active_interfaces_atomic+0x70/0x190
 mac80211_hwsim_beacon+0x101/0x210
 __hrtimer_run_queues+0x541/0xb60
 hrtimer_run_softirq+0x172/0x350
 __do_softirq+0x1c3/0x8f5
 __irq_exit_rcu+0x11b/0x190
 irq_exit_rcu+0x5/0x30
 sysvec_apic_timer_interrupt+0x8e/0xd0
 </IRQ>
 <TASK>
 asm_sysvec_x86_platform_ipi-0xa/0x20
RIP: 0010:page_remove_rmap+0x11d/0x4a0
Code: 89 ef e8 a6 c9 0c 00 49 8d 7d 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0f 03 00 00 49 8b 5d 20 <31> ff 81 e3 00 20 00 00 48 89 de e8 63 f6 d6 ff 48 85 db 0f 85 9d
RSP: 0018:ffff888044c5f6c0 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 00000000100400fb RCX: ffff888044c5f648
RDX: 1ffff11001c3613c RSI: 0000000000000001 RDI: ffff88800e1b09e0
RBP: ffffea0000fa0c40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: ffff88800e1b09c0 R14: 0000000000000000 R15: ffffea0000fa0c40
 unmap_page_range+0x1c26/0x2a20
 unmap_single_vma+0x190/0x2b0
 unmap_vmas+0x21e/0x380
 exit_mmap+0x154/0x690
 mmput+0xd1/0x3a0
 do_exit+0xa2e/0x2800
 do_group_exit+0xd0/0x2b0
 get_signal+0x2195/0x22e0
 arch_do_signal_or_restart+0x75/0x5b0
 exit_to_user_mode_prepare+0x131/0x1b0
 syscall_exit_to_user_mode+0x19/0x50
 do_syscall_64+0x48/0xa0
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7fc2d39b7b19
Code: Unable to access opcode bytes at 0x7fc2d39b7aef.
RSP: 002b:00007fc2d0f2d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039
RAX: fffffffffffffff4 RBX: 00007fc2d3acaf60 RCX: 00007fc2d39b7b19
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fc2d3a11f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdc29c7e1f R14: 00007fc2d0f2d300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0xb/0x20
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	00 00                	add    %al,(%rax)
   2:	0f 1f 40 00          	nopl   0x0(%rax)
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	41 54                	push   %r12
  18:	55                   	push   %rbp
  19:	53                   	push   %rbx
  1a:	48 89 fb             	mov    %rdi,%rbx
  1d:	e8 f4 87 11 00       	callq  0x118816
  22:	4c 8b 25 fd 61 ca 03 	mov    0x3ca61fd(%rip),%r12        # 0x3ca6226
* 29:	48 89 df             	mov    %rbx,%rdi <-- trapping instruction
  2c:	4c 89 e6             	mov    %r12,%rsi
  2f:	e8 82 83 11 00       	callq  0x1183b6
  34:	4c 39 e3             	cmp    %r12,%rbx
  37:	0f 82 9b 00 00 00    	jb     0xd8
  3d:	e8                   	.byte 0xe8
  3e:	d4                   	(bad)