Process accounting resumed Bluetooth: hci5: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Process accounting resumed Bluetooth: hci1: command 0x0406 tx timeout watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.7:13103] Modules linked in: irq event stamp: 4933057 hardirqs last enabled at (4933056): [] kasan_quarantine_put+0x8b/0x200 hardirqs last disabled at (4933057): [] sysvec_apic_timer_interrupt+0xb/0xd0 softirqs last enabled at (4913856): [] __irq_exit_rcu+0x11b/0x190 softirqs last disabled at (4913859): [] __irq_exit_rcu+0x11b/0x190 CPU: 1 PID: 13103 Comm: syz-executor.7 Not tainted 6.1.0-rc2-next-20221028 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kasan_quarantine_put+0x8d/0x200 Code: c7 45 00 00 00 00 00 48 03 58 10 48 89 58 10 48 81 fb 00 00 10 00 77 63 41 bc 01 00 00 00 4d 85 ed 74 43 e8 95 6d d3 ff fb 5b <44> 89 e0 5d 41 5c 41 5d 41 5e e9 24 61 bd 02 e8 3f 6c d3 ff 48 c7 RSP: 0018:ffff88806cf09c38 EFLAGS: 00000216 RAX: 00000000004b45c0 RBX: ffff88803f765dc0 RCX: ffffffff812ae21f RDX: 0000000000000000 RSI: 0000000000000101 RDI: 0000000000000000 RBP: ffff88803f765dc0 R08: 0000000000000001 R09: ffffffff8720e817 R10: fffffbfff0e41d02 R11: 0000000000000001 R12: 0000000000000001 R13: 0000000000000200 R14: 000000000000fc4c R15: ffff888007f7fdc0 FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6e80cc7344 CR3: 000000003cf4e000 CR4: 0000000000350ee0 Call Trace: kmem_cache_free+0xf7/0x620 kfree_skbmem+0xef/0x1c0 consume_skb+0xcf/0x170 mac80211_hwsim_tx_frame+0x1f6/0x2b0 mac80211_hwsim_beacon_tx+0x562/0xac0 __iterate_interfaces+0x2d3/0x570 ieee80211_iterate_active_interfaces_atomic+0x70/0x190 mac80211_hwsim_beacon+0x101/0x210 __hrtimer_run_queues+0x541/0xb60 hrtimer_run_softirq+0x172/0x350 __do_softirq+0x1c3/0x8f5 __irq_exit_rcu+0x11b/0x190 irq_exit_rcu+0x5/0x30 sysvec_apic_timer_interrupt+0x8e/0xd0 asm_sysvec_x86_platform_ipi-0xa/0x20 RIP: 0010:write_comp_data+0x3c/0xa0 Code: 81 e6 00 01 00 00 65 48 8b 14 25 c0 76 03 00 a9 00 01 ff 00 74 0e 85 f6 74 59 8b 82 0c 14 00 00 85 c0 74 4f 8b 82 e8 13 00 00 <83> f8 03 75 44 48 8b 82 f0 13 00 00 8b 92 ec 13 00 00 48 8b 38 48 RSP: 0018:ffff8880439f76d8 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff816b3f6c RDX: ffff888037df9ac0 RSI: 0000000000000000 RDI: 0000000000000001 RBP: ffff888013b57700 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888013b57b20 trace_rss_stat+0x4c/0x250 unmap_page_range+0xeaf/0x2a50 unmap_single_vma+0x190/0x2b0 unmap_vmas+0x21e/0x380 exit_mmap+0x154/0x690 mmput+0xd1/0x3a0 do_exit+0x993/0x2730 do_group_exit+0xd0/0x2b0 get_signal+0x2195/0x22e0 arch_do_signal_or_restart+0x75/0x5b0 exit_to_user_mode_prepare+0x131/0x1b0 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x48/0xa0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f7e9c544b19 Code: Unable to access opcode bytes at 0x7f7e9c544aef. RSP: 002b:00007f7e99aba188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: 0000000000000005 RBX: 00007f7e9c657f60 RCX: 00007f7e9c544b19 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000002 RBP: 00007f7e9c59ef6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2a79da5f R14: 00007f7e99aba300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 13075 Comm: syz-executor.3 Not tainted 6.1.0-rc2-next-20221028 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kasan_check_range+0x13/0x1d0 Code: 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 85 f6 0f 84 73 01 00 00 48 89 f8 41 54 44 0f b6 c2 55 <53> 48 01 f0 72 14 eb 2c 0f 1f 00 48 ba ff ff ff ff ff ff ff fe 48 RSP: 0018:ffff88806ce08d78 EFLAGS: 00000002 RAX: ffffffff8720e800 RBX: 0000000000000003 RCX: ffffffff812b249b RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8720e800 RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffff8720e807 R10: fffffbfff0e41d00 R11: 0000000000000001 R12: ffff88801664b580 R13: ffff88801664bf80 R14: ffff88801664bee0 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055cfeddab648 CR3: 0000000005026000 CR4: 0000000000350ef0 Call Trace: __lock_acquire+0xedb/0x5e80 lock_acquire+0x1a2/0x540 perf_output_begin_forward+0xb0/0xb10 perf_event_output_forward+0xf2/0x290 __perf_event_overflow+0x191/0x550 perf_swevent_hrtimer+0x35d/0x3e0 __hrtimer_run_queues+0x184/0xb60 hrtimer_interrupt+0x315/0x780 __sysvec_apic_timer_interrupt+0x144/0x510 sysvec_apic_timer_interrupt+0x3b/0xd0 asm_sysvec_x86_platform_ipi-0xa/0x20 RIP: 0010:unwind_next_frame+0x1be/0x2140 Code: 8d 43 ff 39 c6 0f 83 8c 15 00 00 48 b8 00 00 00 00 00 fc ff df 89 f2 48 8d 3c 95 28 03 09 86 48 89 f9 48 c1 e9 03 0f b6 0c 01 <48> 89 f8 83 e0 07 83 c0 03 38 c8 7c 27 84 c9 74 23 48 89 54 24 28 RSP: 0018:ffff88806ce096b8 EFLAGS: 00000217 RAX: dffffc0000000000 RBX: 0000000000000002 RCX: 0000000000000000 RDX: 00000000000244bd RSI: 00000000000244bd RDI: ffffffff8612161c RBP: ffff88806ce09790 R08: ffffffff85f5992e R09: ffffffff85f59932 R10: ffffed100d9c12f4 R11: 0000000000036001 R12: ffff88806ce09779 R13: ffff88806ce09798 R14: ffff88806ce09738 R15: ffffffff8344bda8 arch_stack_walk+0x83/0x100 stack_trace_save+0x8c/0xd0 kasan_save_stack+0x1e/0x50 kasan_set_track+0x21/0x40 __kasan_kmalloc+0x7e/0xa0 __kmalloc_node_track_caller+0x4d/0xc0 __alloc_skb+0xe5/0x320 skb_copy+0x139/0x3d0 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb6d/0x1370 mac80211_hwsim_tx_frame+0x1ee/0x2b0 mac80211_hwsim_beacon_tx+0x562/0xac0 __iterate_interfaces+0x2d3/0x570 ieee80211_iterate_active_interfaces_atomic+0x70/0x190 mac80211_hwsim_beacon+0x101/0x210 __hrtimer_run_queues+0x541/0xb60 hrtimer_run_softirq+0x172/0x350 __do_softirq+0x1c3/0x8f5 __irq_exit_rcu+0x11b/0x190 irq_exit_rcu+0x5/0x30 sysvec_apic_timer_interrupt+0x8e/0xd0 asm_sysvec_x86_platform_ipi-0xa/0x20 RIP: 0010:finish_task_switch.isra.0+0x237/0x8b0 Code: 89 ff 48 c7 03 00 00 00 00 e8 e5 54 17 03 4d 85 e4 75 ba 4c 89 ff e8 98 30 17 03 e8 33 67 2d 00 fb 65 48 8b 1c 25 c0 76 03 00 <48> 8d bb e8 13 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 RSP: 0018:ffff8880436375a0 EFLAGS: 00000206 RAX: 000000000052cec9 RBX: ffff88801664b580 RCX: ffffffff812ae21f RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff8880436375e0 R08: 0000000000000001 R09: ffffffff8720e82f R10: fffffbfff0e41d05 R11: 0000000000000001 R12: ffff88806ce38058 R13: ffff88800f6e8000 R14: ffff88801664ba30 R15: ffff88806ce38040 __schedule+0x89b/0x2480 preempt_schedule_common+0x45/0xd0 __cond_resched+0x17/0x40 unmap_page_range+0xd64/0x2a50 unmap_single_vma+0x190/0x2b0 unmap_vmas+0x21e/0x380 exit_mmap+0x154/0x690 mmput+0xd1/0x3a0 do_exit+0x993/0x2730 do_group_exit+0xd0/0x2b0 get_signal+0x2195/0x22e0 arch_do_signal_or_restart+0x75/0x5b0 exit_to_user_mode_prepare+0x131/0x1b0 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x48/0xa0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7feb32bc4b19 Code: Unable to access opcode bytes at 0x7feb32bc4aef. RSP: 002b:00007feb3013a108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 RAX: 0000000000000009 RBX: 00007feb32cd7f60 RCX: 00007feb32bc4b19 RDX: 00000000200b0000 RSI: 00000000200002c0 RDI: 0000000000004efe RBP: 00000000200002c0 R08: 0000000020000140 R09: 0000000020000140 R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 R13: 00000000200b0000 R14: 0000000020000100 R15: 0000000020ffe000 ---------------- Code disassembly (best guess): 0: c7 45 00 00 00 00 00 movl $0x0,0x0(%rbp) 7: 48 03 58 10 add 0x10(%rax),%rbx b: 48 89 58 10 mov %rbx,0x10(%rax) f: 48 81 fb 00 00 10 00 cmp $0x100000,%rbx 16: 77 63 ja 0x7b 18: 41 bc 01 00 00 00 mov $0x1,%r12d 1e: 4d 85 ed test %r13,%r13 21: 74 43 je 0x66 23: e8 95 6d d3 ff callq 0xffd36dbd 28: fb sti 29: 5b pop %rbx * 2a: 44 89 e0 mov %r12d,%eax <-- trapping instruction 2d: 5d pop %rbp 2e: 41 5c pop %r12 30: 41 5d pop %r13 32: 41 5e pop %r14 34: e9 24 61 bd 02 jmpq 0x2bd615d 39: e8 3f 6c d3 ff callq 0xffd36c7d 3e: 48 rex.W 3f: c7 .byte 0xc7