Bluetooth: hci7: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
Bluetooth: hci6: command 0x0406 tx timeout
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.3:8491]
Modules linked in:
irq event stamp: 2373629
hardirqs last  enabled at (2373628): [<ffffffff8484f79b>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (2373629): [<ffffffff8484e15f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (2372724): [<ffffffff811a997c>] handle_softirqs+0x50c/0x770
softirqs last disabled at (2372737): [<ffffffff811a9d14>] __irq_exit_rcu+0xc4/0x100
CPU: 1 UID: 0 PID: 8491 Comm: syz-executor.3 Not tainted 6.12.0-next-20241128 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__call_rcu_common.constprop.0+0x609/0xaa0
Code: 3c 02 00 0f 85 c9 03 00 00 48 8b 05 b1 2c 87 04 49 03 85 18 01 00 00 49 39 c4 0f 8f be 01 00 00 e8 dc 16 1f 00 fb 48 83 c4 20 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 08 47 4c 03 e8 c3 a8 fe ff e9 1d
RSP: 0018:ffff88806cf093d8 EFLAGS: 00000286
RAX: 00000000002437f4 RBX: ffff88803024bae8 RCX: 1ffffffff0fe6301
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff813af204
RBP: ffff88806cf3c898 R08: 0000000000000001 R09: fffffbfff0fdde01
R10: ffffffff87eef00f R11: 00000000000c3a23 R12: 0000000000000499
R13: ffff88806cf3c780 R14: ffff88806cf3c820 R15: 0000000000000000
FS:  00007fbbdce72700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f02b8bac004 CR3: 000000003ff5c000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 kfree+0x28e/0x480
 ieee80211_inform_bss+0x7f6/0x10b0
 cfg80211_inform_single_bss_data+0x7fe/0x1c70
 cfg80211_inform_bss_data+0x20f/0x3510
 cfg80211_inform_bss_frame_data+0x250/0x6a0
 ieee80211_bss_info_update+0x2f6/0xa90
 ieee80211_scan_rx+0x474/0xac0
 ieee80211_rx_list+0x1e38/0x2840
 ieee80211_rx_napi+0xdc/0x3b0
 ieee80211_handle_queued_frames+0xd9/0x130
 tasklet_action_common+0x235/0x3b0
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:_raw_spin_trylock+0x16/0x60
Code: 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 fb 65 ff 05 49 8e 7c 7b e8 bc 8f a9 fc 85 c0 <75> 0f 65 ff 0d 39 8e 7c 7b 74 31 5b e9 89 20 00 00 ff 74 24 08 48
RSP: 0018:ffff88800ec47528 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffff88806cf41500 RCX: ffffffff8130a8f4
RDX: 1ffff1100d9e82a2 RSI: 0000000000000004 RDI: ffff88806cf41510
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1001d88e99
R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
R13: 000000000000a95e R14: ffffea00002a5780 R15: ffff88807ffdcb80
 free_unref_page+0x397/0xe90
 qlist_free_all+0x50/0x160
 kasan_quarantine_reduce+0x19f/0x240
 __kasan_slab_alloc+0x49/0x70
 __kmalloc_noprof+0x195/0x4b0
 kmalloc_array_noprof+0x42/0x70
 ext4_find_extent+0x6fe/0x9b0
 ext4_ext_map_blocks+0x1ca/0x5b10
 ext4_map_query_blocks+0x82/0x2d0
 ext4_map_blocks+0x282/0x1500
 ext4_append+0x1b7/0x540
 ext4_init_new_dir+0x262/0x4c0
 ext4_mkdir+0x3d2/0xb30
 vfs_mkdir+0x291/0x4f0
 do_mkdirat+0x1a4/0x350
 __x64_sys_mkdir+0xf3/0x140
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbbdf8fbc27
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbbdce71fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbbdf8fbc27
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000100
RBP: 00007fbbdce72040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000100 R14: 00007fbbdce72000 R15: 0000000000000000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at default_idle+0x1e/0x30
9pnet_fd: Insufficient options for proto=fd
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
Restarting kernel threads ... done.
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy0 wpan0: encryption failed: -22
random: crng reseeded on system resumption
Restarting kernel threads ... done.
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy0 wpan0: encryption failed: -22
No source specified
No source specified
No source specified
No source specified
No source specified
sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] 
sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 0
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
Buffer I/O error on dev sr0, logical block 0, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
Buffer I/O error on dev sr0, logical block 1, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
Buffer I/O error on dev sr0, logical block 2, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
Buffer I/O error on dev sr0, logical block 3, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
Buffer I/O error on dev sr0, logical block 4, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
Buffer I/O error on dev sr0, logical block 5, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
Buffer I/O error on dev sr0, logical block 6, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
Buffer I/O error on dev sr0, logical block 7, async page read
sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] 
sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 0
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
Buffer I/O error on dev sr0, logical block 0, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
Buffer I/O error on dev sr0, logical block 1, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO
sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] 
sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
----------------
Code disassembly (best guess):
   0:	3c 02                	cmp    $0x2,%al
   2:	00 0f                	add    %cl,(%rdi)
   4:	85 c9                	test   %ecx,%ecx
   6:	03 00                	add    (%rax),%eax
   8:	00 48 8b             	add    %cl,-0x75(%rax)
   b:	05 b1 2c 87 04       	add    $0x4872cb1,%eax
  10:	49 03 85 18 01 00 00 	add    0x118(%r13),%rax
  17:	49 39 c4             	cmp    %rax,%r12
  1a:	0f 8f be 01 00 00    	jg     0x1de
  20:	e8 dc 16 1f 00       	callq  0x1f1701
  25:	fb                   	sti
  26:	48 83 c4 20          	add    $0x20,%rsp
* 2a:	5b                   	pop    %rbx <-- trapping instruction
  2b:	5d                   	pop    %rbp
  2c:	41 5c                	pop    %r12
  2e:	41 5d                	pop    %r13
  30:	41 5e                	pop    %r14
  32:	41 5f                	pop    %r15
  34:	e9 08 47 4c 03       	jmpq   0x34c4741
  39:	e8 c3 a8 fe ff       	callq  0xfffea901
  3e:	e9                   	.byte 0xe9
  3f:	1d                   	.byte 0x1d