Bluetooth: hci0: command 0x0405 tx timeout
Bluetooth: hci0: command 0x0405 tx timeout
Bluetooth: hci0: command 0x0405 tx timeout
watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.6:13245]
Modules linked in:
irq event stamp: 2263917
hardirqs last  enabled at (2263916): [<ffffffff84a564bb>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (2263917): [<ffffffff84a54e7f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (276302): [<ffffffff813a992c>] handle_softirqs+0x50c/0x770
softirqs last disabled at (276305): [<ffffffff813a9cc4>] __irq_exit_rcu+0xc4/0x100
CPU: 0 UID: 0 PID: 13245 Comm: syz-executor.6 Not tainted 6.13.0-rc2-next-20241212 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:stack_depot_save_flags+0x154/0x9b0
Code: 02 4d 39 f8 75 11 e9 35 02 00 00 4d 8b 3f 4d 39 f8 0f 84 29 02 00 00 41 39 5f 10 75 ee 41 3b 4f 14 75 e8 31 c0 49 8b 7c c7 20 <49> 39 3c c6 75 db 48 83 c0 01 48 39 c2 75 ec 45 85 c9 74 2e 41 8b
RSP: 0018:ffff88806ce09160 EFLAGS: 00000212
RAX: 0000000000000007 RBX: 0000000070425698 RCX: 0000000000000014
RDX: 0000000000000014 RSI: 0000000014eb3b35 RDI: ffffffff8456abcf
RBP: 0000000000000001 R08: ffff88806bd56980 R09: 0000000000000000
R10: ffffffff863fbd97 R11: 0000000000000003 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88806ce091c0 R15: ffff88803b7e6cf0
FS:  00007f21a6c9c700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2a4954b541 CR3: 000000003ff96000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 kasan_save_stack+0x34/0x50
 kasan_save_track+0x14/0x30
 kasan_save_free_info+0x3a/0x60
 __kasan_slab_free+0x38/0x50
 kfree+0x132/0x480
 ieee80211_inform_bss+0x7f6/0x10b0
 cfg80211_inform_single_bss_data+0x7fe/0x1c70
 cfg80211_inform_bss_data+0x20f/0x3510
 cfg80211_inform_bss_frame_data+0x250/0x6a0
 ieee80211_bss_info_update+0x2f6/0xa90
 ieee80211_scan_rx+0x474/0xac0
 ieee80211_rx_list+0x1e38/0x2840
 ieee80211_rx_napi+0xdc/0x3b0
 ieee80211_handle_queued_frames+0xd9/0x130
 tasklet_action_common+0x235/0x3b0
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:finish_task_switch.isra.0+0x20f/0x840
Code: 4c 89 ff 48 c7 03 00 00 00 00 e8 8c b2 61 03 4d 85 e4 75 ba 4c 89 ff e8 ff 98 61 03 e8 da 0f 34 00 fb 65 48 8b 1d d1 b8 bd 7e <48> 8d bb d0 14 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffff88803a83faa0 EFLAGS: 00000206
RAX: 0000000000000ac9 RBX: ffff88802ae71bc0 RCX: 1ffffffff0c7f069
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8145ee26
RBP: ffff88803a83fae0 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff863fbd97 R11: 0000000000000000 R12: ffff88806ce3b9d8
R13: ffff88803bba0000 R14: ffff88806ce3b9d8 R15: ffff88806ce3b9c0
 __schedule+0xc53/0x3030
 __cond_resched+0x45/0x70
 __mutex_lock+0xb9/0xac0
 __do_sys_perf_event_open+0x1979/0x2b00
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f21a9726b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f21a6c9c188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f21a9839f60 RCX: 00007f21a9726b19
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280
RBP: 00007f21a9780f6d R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffe939f1bf R14: 00007f21a6c9c300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.13.0-rc2-next-20241212 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:mark_held_locks+0xba/0xe0
Code: da ff a8 04 74 0c 48 89 ef e8 82 f0 ff ff 85 c0 74 10 83 c3 01 39 9d 40 0a 00 00 7f aa b8 01 00 00 00 48 83 c4 08 5b 5d 41 5c <41> 5d 41 5e e9 ed c2 57 03 e8 08 f8 5b 00 e9 6d ff ff ff 48 89 34
RSP: 0018:ffff888009737d90 EFLAGS: 00000086
RAX: 0000000000000001 RBX: ffff888009715340 RCX: 1ffffffff0c7f069
RDX: 1ffff110012e2bb0 RSI: 0000000000000002 RDI: ffff888009715d80
RBP: ffff888009715340 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff863fbd97 R11: 0000000000000000 R12: 0000000000000100
R13: dffffc0000000000 R14: ffff888009715d88 R15: 0000000000000006
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcf7f079210 CR3: 000000000de50000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 lockdep_hardirqs_on_prepare+0x12b/0x3f0
 trace_hardirqs_on+0x36/0x40
 handle_softirqs+0x16e/0x770
 run_ksoftirqd+0x2e/0x60
 smpboot_thread_fn+0x3eb/0x930
 kthread+0x3ab/0x720
 ret_from_fork+0x48/0x80
 ret_from_fork_asm+0x1a/0x30
 </TASK>
----------------
Code disassembly (best guess):
   0:	02 4d 39             	add    0x39(%rbp),%cl
   3:	f8                   	clc
   4:	75 11                	jne    0x17
   6:	e9 35 02 00 00       	jmpq   0x240
   b:	4d 8b 3f             	mov    (%r15),%r15
   e:	4d 39 f8             	cmp    %r15,%r8
  11:	0f 84 29 02 00 00    	je     0x240
  17:	41 39 5f 10          	cmp    %ebx,0x10(%r15)
  1b:	75 ee                	jne    0xb
  1d:	41 3b 4f 14          	cmp    0x14(%r15),%ecx
  21:	75 e8                	jne    0xb
  23:	31 c0                	xor    %eax,%eax
  25:	49 8b 7c c7 20       	mov    0x20(%r15,%rax,8),%rdi
* 2a:	49 39 3c c6          	cmp    %rdi,(%r14,%rax,8) <-- trapping instruction
  2e:	75 db                	jne    0xb
  30:	48 83 c0 01          	add    $0x1,%rax
  34:	48 39 c2             	cmp    %rax,%rdx
  37:	75 ec                	jne    0x25
  39:	45 85 c9             	test   %r9d,%r9d
  3c:	74 2e                	je     0x6c
  3e:	41                   	rex.B
  3f:	8b                   	.byte 0x8b