Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
Bluetooth: hci6: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#0 stuck for 24s! [syz-executor.0:8636]
Modules linked in:
irq event stamp: 7158189
hardirqs last  enabled at (7158188): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (7158189): [<ffffffff8442a24f>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (7061948): [<ffffffff81182fef>] irq_exit_rcu+0x11f/0x190
softirqs last disabled at (7061951): [<ffffffff81182fef>] irq_exit_rcu+0x11f/0x190
CPU: 0 PID: 8636 Comm: syz-executor.0 Not tainted 6.2.0-rc4-next-20230120 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__sanitizer_cov_trace_switch+0x16/0x90
Code: 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 56 41 55 41 54 49 89 fc 55 48 89 f5 53 48 8b 46 08 <48> 83 f8 20 74 6b 77 48 48 83 f8 08 74 5b 48 83 f8 10 75 2f 41 bd
RSP: 0018:ffff88806ce09c80 EFLAGS: 00000246
RAX: 0000000000000008 RBX: 0000000000000000 RCX: 0000000000000100
RDX: 0000000000000006 RSI: ffffffff84d20a40 RDI: 0000000000000000
RBP: ffffffff84d20a40 R08: 0000000000000001 R09: ffffffff8765b94f
R10: fffffbfff0ecb729 R11: 0000000000000001 R12: 0000000000000000
R13: ffff88803b5a3638 R14: 000000000000d0f4 R15: ffff88803b5a0e30
FS:  00007f277e9f8700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007feade4fc998 CR3: 0000000042e72000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 kfree_skbmem+0x50/0x1b0
 consume_skb+0xd8/0x170
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x567/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x274/0x8ff
 irq_exit_rcu+0x11f/0x190
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:lock_acquire.part.0+0x14f/0x340
Code: 87 84 48 83 c4 28 e8 00 88 16 03 b8 ff ff ff ff 65 0f c1 05 03 51 d6 7e 83 f8 01 0f 85 9f 01 00 00 48 85 ed 0f 85 90 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffff888018306d40 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff11003060daa RCX: 000000000b158650
RDX: 1ffff11007e9c7db RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8765b947
R10: fffffbfff0ecb728 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff8560af20
 __is_insn_slot_addr+0x41/0x290
 kernel_text_address+0x5b/0xc0
 __kernel_text_address+0xd/0x40
 unwind_get_return_address+0x59/0xa0
 arch_stack_walk+0x9d/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc+0x172/0x300
 __create_object+0x3d/0xc40
 kmem_cache_alloc+0x204/0x300
 __kernfs_new_node+0xd4/0x8c0
 kernfs_new_node+0x97/0x120
 __kernfs_create_file+0x55/0x350
 sysfs_add_file_mode_ns+0x21c/0x440
 internal_create_group+0x322/0xb20
 internal_create_groups.part.0+0x90/0x140
 sysfs_create_groups+0x29/0x50
 device_add+0x106d/0x1e60
 netdev_register_kobject+0x17e/0x3b0
 register_netdevice+0xd60/0x1530
 register_netdev+0x31/0x60
 loopback_net_init+0x7a/0x170
 ops_init+0xbb/0x6c0
 setup_net+0x40c/0x9d0
 copy_net_ns+0x321/0x770
 create_new_namespaces+0x3f6/0xb30
 copy_namespaces+0x414/0x500
 copy_process+0x2a5e/0x7390
 kernel_clone+0xeb/0x8c0
 __do_sys_clone3+0x1d5/0x2e0
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f2781482b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f277e9f8188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007f2781595f60 RCX: 00007f2781482b19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00
RBP: 00007f27814dcf6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffc1ec98ff R14: 00007f277e9f8300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0xf/0x20
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	f3 0f 1e fa          	endbr64
  18:	41 56                	push   %r14
  1a:	41 55                	push   %r13
  1c:	41 54                	push   %r12
  1e:	49 89 fc             	mov    %rdi,%r12
  21:	55                   	push   %rbp
  22:	48 89 f5             	mov    %rsi,%rbp
  25:	53                   	push   %rbx
  26:	48 8b 46 08          	mov    0x8(%rsi),%rax
* 2a:	48 83 f8 20          	cmp    $0x20,%rax <-- trapping instruction
  2e:	74 6b                	je     0x9b
  30:	77 48                	ja     0x7a
  32:	48 83 f8 08          	cmp    $0x8,%rax
  36:	74 5b                	je     0x93
  38:	48 83 f8 10          	cmp    $0x10,%rax
  3c:	75 2f                	jne    0x6d
  3e:	41                   	rex.B
  3f:	bd                   	.byte 0xbd