Bluetooth: hci6: command tx timeout Bluetooth: hci4: command tx timeout Bluetooth: hci6: command tx timeout Bluetooth: hci6: command tx timeout Bluetooth: hci6: command tx timeout watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor.5:3908] Modules linked in: irq event stamp: 5281667 hardirqs last enabled at (5281666): [] irqentry_exit+0x3b/0x90 hardirqs last disabled at (5281667): [] sysvec_apic_timer_interrupt+0xf/0x80 softirqs last enabled at (5278400): [] handle_softirqs+0x50c/0x770 softirqs last disabled at (5278409): [] irq_exit_rcu+0x94/0xc0 CPU: 1 UID: 0 PID: 3908 Comm: syz-executor.5 Not tainted 6.12.0-rc5-next-20241104 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:ieee80211_rx_handlers+0x58b/0x9100 Code: 88 00 00 00 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 93 7b 00 00 48 8b 44 24 38 48 8d b8 a8 00 00 00 48 83 80 88 00 00 00 01 <48> 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 d1 7a 00 00 48 8b 44 24 RSP: 0018:ffff88806cf098a0 EFLAGS: 00000202 RAX: ffff88803fc48a40 RBX: 0000000000000000 RCX: ffffffff84587bce RDX: ffff888015cc5280 RSI: ffffffff84586c59 RDI: ffff88803fc48ae8 RBP: ffff88803e446de8 R08: 0000000000000000 R09: ffffed1007f8902f R10: 0000000000000000 R11: 00000000000c33ea R12: dffffc0000000000 R13: ffff88803e446dc0 R14: ffff88803f9ed550 R15: ffff88806cf09d78 FS: 00007fdb27052700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f53eb2b4c8 CR3: 000000000efd6000 CR4: 0000000000350ef0 Call Trace: ieee80211_prepare_and_rx_handle+0x1f7f/0x5d50 ieee80211_rx_for_interface+0x10e/0x200 ieee80211_rx_list+0x1bec/0x2840 ieee80211_rx_napi+0xdc/0x3b0 ieee80211_handle_queued_frames+0xd9/0x130 tasklet_action_common+0x235/0x3b0 handle_softirqs+0x1b1/0x770 irq_exit_rcu+0x94/0xc0 sysvec_apic_timer_interrupt+0x70/0x80 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:qlist_free_all+0x96/0x160 Code: 0f 82 e0 00 00 00 48 c7 c2 00 00 00 80 48 2b 15 28 bf f1 03 48 01 ca 48 c1 ea 0c 48 c1 e2 06 48 03 15 06 bf f1 03 48 8b 72 08 <48> 89 d1 40 f6 c6 01 0f 85 a1 00 00 00 66 90 80 79 33 f5 ba 00 00 RSP: 0018:ffff88803fcd7650 EFLAGS: 00000282 RAX: ffff88800da4e5c8 RBX: ffff88800da4e5c8 RCX: ffff88808da4e5c8 RDX: ffffea0000369380 RSI: ffff888008c4f780 RDI: ffffffff81846b56 RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff0fdc5e9 R10: ffffffff87ee2f4f R11: 0000000000000000 R12: 0000000000000000 R13: ffff88803fcd7688 R14: ffff88803ecfd250 R15: ffff88803ecfd250 kasan_quarantine_reduce+0x19f/0x240 __kasan_slab_alloc+0x49/0x70 kmem_cache_alloc_lru_noprof+0x14c/0x3c0 __d_alloc+0x31/0x990 d_alloc+0x4a/0x1e0 d_alloc_parallel+0xe6/0x1140 lookup_open.isra.0+0x960/0x1550 path_openat+0xc91/0x2980 do_filp_open+0x1b8/0x410 do_sys_openat2+0x164/0x1d0 __x64_sys_openat+0x143/0x200 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fdb29adcb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdb27052188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007fdb29beff60 RCX: 00007fdb29adcb19 RDX: 0000000000004042 RSI: 0000000020000100 RDI: ffffffffffffff9c RBP: 00007fdb29b36f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe7aa7b20f R14: 00007fdb27052300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 4484 Comm: kworker/u9:10 Not tainted 6.12.0-rc5-next-20241104 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Workqueue: events_unbound cfg80211_wiphy_work RIP: 0010:unwind_next_frame+0x297/0x2490 Code: 48 8d 3c 40 4c 8d 84 3f 68 28 76 86 83 c2 01 49 81 f8 38 69 c2 86 0f 83 c1 13 00 00 89 d7 48 8d 3c 7f 48 8d bc 3f 68 28 76 86 <48> 81 ff 38 69 c2 86 0f 87 a6 13 00 00 44 29 da 48 8d 3c 85 88 52 RSP: 0018:ffff88806ce099c8 EFLAGS: 00000283 RAX: 0000000000023c5b RBX: 0000000000000002 RCX: ffffffff818b8233 RDX: 0000000000023c68 RSI: 0000000000008b82 RDI: ffffffff868392d8 RBP: ffff88806ce09a90 R08: ffffffff8683928a R09: ffff88806ce09a78 R10: 000000000003c001 R11: 0000000000023c5b R12: ffff88806ce09a98 R13: ffff88806ce09a80 R14: ffff88806ce09a79 R15: ffff88806ce09a38 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fce121b46f4 CR3: 000000001e0e2000 CR4: 0000000000350ef0 Call Trace: arch_stack_walk+0x87/0xf0 stack_trace_save+0x8f/0xc0 kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3a/0x60 __kasan_slab_free+0x38/0x50 kfree+0x132/0x480 slab_free_after_rcu_debug+0x6f/0x290 rcu_core+0x7c9/0x1790 handle_softirqs+0x1b1/0x770 do_softirq+0x48/0x80 __local_bh_enable_ip+0xf1/0x110 cfg80211_inform_single_bss_data+0x898/0x1c50 cfg80211_inform_bss_data+0x20f/0x3510 cfg80211_inform_bss_frame_data+0x250/0x690 ieee80211_bss_info_update+0x2f6/0xa90 ieee80211_ibss_rx_queued_mgmt+0x18ba/0x2f90 ieee80211_iface_work+0xb5f/0xe40 cfg80211_wiphy_work+0x38d/0x610 process_one_work+0x8ee/0x1a00 worker_thread+0x674/0xe70 kthread+0x2c2/0x3a0 ret_from_fork+0x48/0x80 ret_from_fork_asm+0x1a/0x30 ---------------- Code disassembly (best guess): 0: 88 00 mov %al,(%rax) 2: 00 00 add %al,(%rax) 4: 48 89 f8 mov %rdi,%rax 7: 48 c1 e8 03 shr $0x3,%rax b: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) 10: 0f 85 93 7b 00 00 jne 0x7ba9 16: 48 8b 44 24 38 mov 0x38(%rsp),%rax 1b: 48 8d b8 a8 00 00 00 lea 0xa8(%rax),%rdi 22: 48 83 80 88 00 00 00 addq $0x1,0x88(%rax) 29: 01 * 2a: 48 89 f8 mov %rdi,%rax <-- trapping instruction 2d: 48 c1 e8 03 shr $0x3,%rax 31: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) 36: 0f 85 d1 7a 00 00 jne 0x7b0d 3c: 48 rex.W 3d: 8b .byte 0x8b 3e: 44 rex.R 3f: 24 .byte 0x24