Bluetooth: hci1: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
Bluetooth: hci7: command 0x0406 tx timeout
EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.6:5557]
Modules linked in:
irq event stamp: 2909923
hardirqs last  enabled at (2909922): [<ffffffff8484f78b>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (2909923): [<ffffffff8484e14f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (2908380): [<ffffffff811a97cc>] handle_softirqs+0x50c/0x770
softirqs last disabled at (2908405): [<ffffffff811a9b64>] __irq_exit_rcu+0xc4/0x100
CPU: 0 UID: 0 PID: 5557 Comm: syz-executor.6 Not tainted 6.12.0-next-20241125 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:memset_orig+0x75/0xb0
Code: 89 47 30 48 89 47 38 48 8d 7f 40 75 d8 0f 1f 84 00 00 00 00 00 89 d1 83 e1 38 74 14 c1 e9 03 66 0f 1f 44 00 00 ff c9 48 89 07 <48> 8d 7f 08 75 f5 83 e2 07 74 0a ff ca 88 07 48 8d 7f 01 75 f6 4c
RSP: 0018:ffff88806ce09280 EFLAGS: 00000246
RAX: 7f7f7f7f7f7f7f7f RBX: ffff88800a699a50 RCX: 0000000000000000
RDX: 000000000000000d RSI: 000000000000007f RDI: ffff88800a699a70
RBP: ffff88806ce094e8 R08: 0000000000000003 R09: 0000000000000005
R10: ffff88800a699a6d R11: 00000000000c39c9 R12: ffff88806ce094f0
R13: 0000000000000398 R14: ffff88800a699800 R15: ffff88803e2b0700
FS:  00007fb03dfd3700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1175958fe8 CR3: 000000003ccfe000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 ieee80211_clear_tpe+0xce/0x290
 ieee802_11_parse_elems_full+0x249/0x15a0
 ieee80211_inform_bss+0xf7/0x10b0
 cfg80211_inform_single_bss_data+0x7fe/0x1c50
 cfg80211_inform_bss_data+0x20f/0x3510
 cfg80211_inform_bss_frame_data+0x250/0x690
 ieee80211_bss_info_update+0x2f6/0xa90
 ieee80211_scan_rx+0x474/0xac0
 ieee80211_rx_list+0x1e38/0x2840
 ieee80211_rx_napi+0xdc/0x3b0
 ieee80211_handle_queued_frames+0xd9/0x130
 tasklet_action_common+0x235/0x3b0
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:qlist_free_all+0x25/0x160
Code: 90 90 90 90 90 48 8b 07 48 85 c0 0f 84 41 01 00 00 41 57 41 56 41 55 49 89 fd 41 54 49 89 f4 55 53 eb 3e 48 63 95 c0 00 00 00 <48> 8b 18 48 89 ef 48 29 d0 48 89 c6 49 89 c6 e8 e7 f0 ff ff 49 89
RSP: 0018:ffff88803ef7f710 EFLAGS: 00000246
RAX: ffff88800c939b80 RBX: ffff88800c939b80 RCX: ffffea0000324e40
RDX: 0000000000000000 RSI: ffff888008fff3c0 RDI: ffffffff8184a5e6
RBP: ffff888008fff3c0 R08: 0000000000000001 R09: fffffbfff0fddff1
R10: ffffffff87eeff8f R11: 0000000000000000 R12: 0000000000000000
R13: ffff88803ef7f748 R14: ffff88800baa8100 R15: ffff88800baa8100
 kasan_quarantine_reduce+0x19f/0x240
 __kasan_kmalloc+0x6f/0x90
 __kmalloc_noprof+0x1f7/0x4b0
 ops_init+0x77/0x650
 setup_net+0x1d7/0x7a0
 copy_net_ns+0x2e3/0x6f0
 create_new_namespaces+0x3f6/0xaf0
 copy_namespaces+0x45c/0x580
 copy_process+0x2704/0x8e90
 kernel_clone+0xeb/0x850
 __do_sys_clone3+0x1d9/0x260
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb040a5db19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb03dfd3188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007fb040b70f60 RCX: 00007fb040a5db19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00
RBP: 00007fb040ab7f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffef48b1baf R14: 00007fb03dfd3300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5625 Comm: systemd-rfkill Not tainted 6.12.0-next-20241125 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:filter_irq_stacks+0x35/0x90
Code: 48 83 ec 08 85 f6 74 30 48 bd 00 00 00 00 00 fc ff df 31 db 48 89 f8 48 c1 e8 03 80 3c 28 00 75 53 48 8b 07 48 3d 30 02 a0 84 <72> 1c 48 3d d0 15 a0 84 73 14 44 8d 63 01 48 83 c4 08 44 89 e0 5b
RSP: 0018:ffff88803ec9f5c8 EFLAGS: 00000283
RAX: ffffffff818bc909 RBX: 0000000000000002 RCX: 0000000000000001
RDX: 0000000000092800 RSI: 0000000000000013 RDI: ffff88803ec9f660
RBP: dffffc0000000000 R08: 0000000000000001 R09: ffff88803f2fdcb8
R10: ffffffff863f9d17 R11: 00000000000c39c9 R12: 0000000000000013
R13: ffff88803ec9f650 R14: 00000000000000e8 R15: 0000000000092800
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f49ff14d514 CR3: 0000000016a9c000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 stack_depot_save_flags+0x2c/0x900
 kasan_save_stack+0x34/0x50
 kasan_save_track+0x14/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc_noprof+0x13d/0x3d0
 __alloc_object+0x2f/0x270
 __create_object+0x1d/0x80
 __kmalloc_cache_noprof+0x316/0x3e0
 kmem_cache_free+0x2cd/0x470
 __put_anon_vma+0x114/0x390
 unlink_anon_vmas+0x4ae/0x740
 free_pgtables+0x346/0x8e0
 exit_mmap+0x3a2/0xac0
 mmput+0xd5/0x350
 do_exit+0x9ae/0x2a30
 do_group_exit+0xd3/0x2a0
 __x64_sys_exit_group+0x3e/0x50
 x64_sys_call+0xf6a/0x1890
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f49ff994699
Code: Unable to access opcode bytes at 0x7f49ff99466f.
RSP: 002b:00007ffc54d62068 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f49ffa89610 RCX: 00007f49ff994699
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 0000000000000000 R08: fffffffffffffeb8 R09: 0000000000000000
R10: 0000000000000012 R11: 0000000000000246 R12: 00007f49ffa89610
R13: 0000000000000002 R14: 00007f49ffa89ae8 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	89 47 30             	mov    %eax,0x30(%rdi)
   3:	48 89 47 38          	mov    %rax,0x38(%rdi)
   7:	48 8d 7f 40          	lea    0x40(%rdi),%rdi
   b:	75 d8                	jne    0xffffffe5
   d:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  14:	00
  15:	89 d1                	mov    %edx,%ecx
  17:	83 e1 38             	and    $0x38,%ecx
  1a:	74 14                	je     0x30
  1c:	c1 e9 03             	shr    $0x3,%ecx
  1f:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  25:	ff c9                	dec    %ecx
  27:	48 89 07             	mov    %rax,(%rdi)
* 2a:	48 8d 7f 08          	lea    0x8(%rdi),%rdi <-- trapping instruction
  2e:	75 f5                	jne    0x25
  30:	83 e2 07             	and    $0x7,%edx
  33:	74 0a                	je     0x3f
  35:	ff ca                	dec    %edx
  37:	88 07                	mov    %al,(%rdi)
  39:	48 8d 7f 01          	lea    0x1(%rdi),%rdi
  3d:	75 f6                	jne    0x35
  3f:	4c                   	rex.WR