Unknown options in mask bb Bluetooth: hci1: command 0x0406 tx timeout ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.1:4640] Modules linked in: irq event stamp: 1261611 hardirqs last enabled at (1261610): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (1261611): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (1228514): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (1228517): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (1228517): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 0 PID: 4640 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:check_memory_region+0xb0/0x170 mm/kasan/kasan.c:268 Code: c0 08 48 39 d0 74 7b 48 83 38 00 74 f1 48 8d 50 08 eb 09 48 83 c0 01 48 39 d0 74 0e 80 38 00 74 f2 48 85 c0 0f 85 9c 00 00 00 <5b> 5d 41 5c c3 48 85 d2 74 f6 48 01 ea eb 09 48 83 c0 01 48 39 d0 RSP: 0018:ffff8880ba0078a0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: ffffed101740455b RBX: ffffed101740455b RCX: ffffffff81518c83 RDX: ffffed101740455b RSI: 0000000000000004 RDI: ffff8880ba022ad0 RBP: ffffed101740455a R08: 0000000000000000 R09: ffffed101740455a R10: ffff8880ba022ad3 R11: 0000000000000000 R12: ffffffff8950b9a0 R13: dffffc0000000000 R14: ffff8880aa66c140 R15: ffff8880ba007b18 FS: 00007f6d10c2e700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c01ed2b240 CR3: 000000008f56c000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:350 [inline] rcu_is_watching+0x53/0xc0 kernel/rcu/tree.c:1025 rcu_read_lock include/linux/rcupdate.h:628 [inline] __nf_conntrack_find_get+0xcba/0x1740 net/netfilter/nf_conntrack_core.c:748 resolve_normal_ct net/netfilter/nf_conntrack_core.c:1504 [inline] nf_conntrack_in+0x444/0xe20 net/netfilter/nf_conntrack_core.c:1584 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline] nf_hook_slow+0xc5/0x1e0 net/netfilter/core.c:511 nf_hook include/linux/netfilter.h:244 [inline] NF_HOOK include/linux/netfilter.h:287 [inline] ip_rcv+0x246/0x3c0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066 process_backlog+0x241/0x700 net/core/dev.c:5849 napi_poll net/core/dev.c:6280 [inline] net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:317 [inline] RIP: 0010:PageCompound include/linux/page-flags.h:156 [inline] RIP: 0010:PageHuge+0x21/0x160 mm/hugetlb.c:1374 Code: b5 42 04 00 e9 0b ff ff ff 41 54 55 53 48 89 fb e8 b4 65 ce ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 <0f> 85 13 01 00 00 48 8b 2b 31 ff 48 c1 ed 0f 83 e5 01 89 ee e8 b6 RSP: 0018:ffff888030daf6e0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: ffffea0002ab7dc0 RCX: ffffffff81518c83 RDX: 1ffffd4000556fb8 RSI: ffffffff81941fbc RDI: ffffea0002ab7dc0 RBP: ffffea0002ab7dc0 R08: 0000000000000000 R09: ffffed101740455a R10: ffff8880ba022ad3 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffffea0002ab7dc0 R15: 00007f6d11d46000 page_remove_file_rmap+0x3e/0xa30 mm/rmap.c:1215 page_remove_rmap+0xe5/0x120 mm/rmap.c:1297 zap_pte_range mm/memory.c:1350 [inline] zap_pmd_range mm/memory.c:1463 [inline] zap_pud_range mm/memory.c:1492 [inline] zap_p4d_range mm/memory.c:1513 [inline] unmap_page_range+0x147d/0x2c50 mm/memory.c:1534 unmap_single_vma+0x198/0x300 mm/memory.c:1579 unmap_vmas+0xa9/0x180 mm/memory.c:1609 exit_mmap+0x2b9/0x530 mm/mmap.c:3093 __mmput kernel/fork.c:1016 [inline] mmput+0x14e/0x4a0 kernel/fork.c:1037 exit_mm kernel/exit.c:549 [inline] do_exit+0xaec/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6d1233ce99 Code: Bad RIP value. RSP: 002b:00007f6d10c2e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f6d124502a8 RCX: 00007f6d1233ce99 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6d124502a8 RBP: 00007f6d124502a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d124502ac R13: 00007ffff7d3593f R14: 00007f6d10c2e300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 1003 Comm: kworker/u4:3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker RIP: 0010:lock_acquire+0x5b/0x3c0 kernel/locking/lockdep.c:3900 Code: 00 00 48 83 ec 18 48 89 fa 4c 89 0c 24 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 bd 02 00 00 <8b> b3 84 08 00 00 85 f6 0f 85 88 01 00 00 48 c7 c0 80 82 f1 89 48 RSP: 0018:ffff8880b3a77a08 EFLAGS: 00000046 RAX: 0000000000000007 RBX: ffff8880b396a180 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880b396aa04 RBP: ffffffff89f85fa0 R08: 0000000000000000 R09: 0000000000000000 R10: ffff8880b3a77bd7 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c011811018 CR3: 00000000a5b1b000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_lock_acquire include/linux/rcupdate.h:242 [inline] rcu_read_lock include/linux/rcupdate.h:627 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:1161 [inline] bpf_trace_run7+0xe2/0x2c0 kernel/trace/bpf_trace.c:1206 __bpf_trace_lock_acquire+0x1bc/0x200 include/trace/events/lock.h:13 trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0x298/0x3c0 kernel/locking/lockdep.c:3907 rcu_lock_acquire include/linux/rcupdate.h:242 [inline] rcu_read_lock include/linux/rcupdate.h:627 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:419 [inline] batadv_nc_worker+0x12d/0xd50 net/batman-adv/network-coding.c:730 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 ---------------- Code disassembly (best guess): 0: c0 08 48 rorb $0x48,(%rax) 3: 39 d0 cmp %edx,%eax 5: 74 7b je 0x82 7: 48 83 38 00 cmpq $0x0,(%rax) b: 74 f1 je 0xfffffffe d: 48 8d 50 08 lea 0x8(%rax),%rdx 11: eb 09 jmp 0x1c 13: 48 83 c0 01 add $0x1,%rax 17: 48 39 d0 cmp %rdx,%rax 1a: 74 0e je 0x2a 1c: 80 38 00 cmpb $0x0,(%rax) 1f: 74 f2 je 0x13 21: 48 85 c0 test %rax,%rax 24: 0f 85 9c 00 00 00 jne 0xc6 * 2a: 5b pop %rbx <-- trapping instruction 2b: 5d pop %rbp 2c: 41 5c pop %r12 2e: c3 retq 2f: 48 85 d2 test %rdx,%rdx 32: 74 f6 je 0x2a 34: 48 01 ea add %rbp,%rdx 37: eb 09 jmp 0x42 39: 48 83 c0 01 add $0x1,%rax 3d: 48 39 d0 cmp %rdx,%rax