Buffer I/O error on dev sr0, logical block 6, async page read
sr 1:0:0:0: [sr0] tag#0 unaligned transfer
I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
Buffer I/O error on dev sr0, logical block 7, async page read
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.5:14344]
Modules linked in:
irq event stamp: 4991221
hardirqs last  enabled at (4991220): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (4991221): [<ffffffff844237ef>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (4960146): [<ffffffff81181eab>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (4960149): [<ffffffff81181eab>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 14344 Comm: syz-executor.5 Not tainted 6.2.0-rc2-next-20230106 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__orc_find+0x83/0xf0
Code: 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 50 48 63 03 <48> 01 d8 48 39 c1 73 b0 4c 8d 63 fc 49 39 ec 73 b3 4d 29 ee 49 c1
RSP: 0018:ffff88806ce096d8 EFLAGS: 00000246
RAX: fffffffffd54af3c RBX: ffffffff85f60ebc RCX: ffffffff834abec6
RDX: 0000000000000000 RSI: ffffffff86361962 RDI: ffffffff85f60ebc
RBP: ffffffff85f60ebc R08: ffffffff86361962 R09: ffffffff86361894
R10: ffff88806ce09ff8 R11: 0000000000038001 R12: ffffffff85f60ebc
R13: ffffffff85f60ebc R14: ffffffff85f60ebc R15: dffffc0000000000
FS:  00007feb7eb80700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 000000000ce34000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 unwind_next_frame+0x2b1/0x2130
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x5c/0x70
 kmem_cache_alloc_node+0x187/0x310
 __alloc_skb+0x21a/0x310
 __netdev_alloc_skb+0x76/0x3e0
 __ieee80211_beacon_get+0x3d9/0x13c0
 ieee80211_beacon_get_tim+0x99/0x540
 mac80211_hwsim_beacon_tx+0x1d2/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x913
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x50/0x70
Code: 0e 85 c9 74 35 8b 82 14 14 00 00 85 c0 74 2b 8b 82 f0 13 00 00 83 f8 02 75 20 48 8b 8a f8 13 00 00 8b 92 f4 13 00 00 48 8b 01 <48> 83 c0 01 48 39 c2 76 07 48 89 01 48 89 34 c1 e9 5f 11 fb 02 66
RSP: 0018:ffff8880472173e0 EFLAGS: 00000246
RAX: 000000000003ffff RBX: 0000000000000001 RCX: ffffc90007bfd000
RDX: 0000000000040000 RSI: ffffffff837d1b00 RDI: 0000000000000000
RBP: 0000000000000050 R08: 0000000000000001 R09: ffffffff8764e98f
R10: fffffbfff0ec9d31 R11: 0000000000000001 R12: 0000000000000000
R13: ffff888014168710 R14: ffff888014168718 R15: 0000000000000010
 ip_finish_output2+0x740/0x2120
 ip_do_fragment+0x1e14/0x24e0
 ip_fragment.constprop.0+0x16b/0x240
 __ip_finish_output.part.0+0x883/0xd10
 ip_output+0x2ec/0x8e0
 ip_push_pending_frames+0x30b/0x5c0
 raw_sendmsg+0x120d/0x2c00
 inet_sendmsg+0x121/0x150
 sock_sendmsg+0x140/0x190
 ____sys_sendmsg+0x744/0x930
 ___sys_sendmsg+0x110/0x1b0
 __sys_sendmsg+0xf7/0x1d0
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7feb8160ab19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007feb7eb80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007feb8171df60 RCX: 00007feb8160ab19
RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000005
RBP: 00007feb81664f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff3479b6df R14: 00007feb7eb80300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 14355 Comm: syz-executor.4 Not tainted 6.2.0-rc2-next-20230106 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:kasan_check_range+0x18/0x1d0
Code: 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 85 f6 0f 84 73 01 00 00 48 89 f8 41 54 44 0f b6 c2 55 53 <48> 01 f0 72 14 eb 2c 0f 1f 00 48 ba ff ff ff ff ff ff ff fe 48 39
RSP: 0018:ffff88806cf09518 EFLAGS: 00000002
RAX: ffffffff85d0c210 RBX: 0000000000000001 RCX: ffffffff81396e18
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff85d0c210
RBP: ffff8880472eaa80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff88806cf2b8c0 R14: ffff88806cf2b940 R15: dffffc0000000000
FS:  00007f4527135700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f15c1ea6547 CR3: 0000000044a16000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 trace_hrtimer_start+0x38/0x250
 __hrtimer_run_queues+0x937/0xcb0
 hrtimer_interrupt+0x319/0x770
 __sysvec_apic_timer_interrupt+0x148/0x510
 sysvec_apic_timer_interrupt+0x3f/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__read_once_word_nocheck+0x3/0x10
Code: e9 8b fd ff ff e8 8d d8 6a 00 e9 43 fd ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 8b 07 <e9> 8c d1 31 03 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
RSP: 0018:ffff88806cf097d8 EFLAGS: 00000202
RAX: 0000000000000003 RBX: 0000000000000001 RCX: 0000000000000001
RDX: ffff88801edff701 RSI: ffff88801edff768 RDI: ffff88801edff768
RBP: ffff88801edff768 R08: ffffffff86137580 R09: ffffffff86137584
R10: ffff88806cf09ff8 R11: ffff88806cf098a0 R12: ffff88806cf098a1
R13: ffff88806cf098c0 R14: ffff88806cf09860 R15: 0000000000000005
 unwind_next_frame+0x14f9/0x2130
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x95/0xb0
 __call_rcu_common.constprop.0+0x6a/0xa00
 __kmem_cache_free+0x8b/0x2f0
 skb_release_data+0x6d8/0x810
 consume_skb+0xcb/0x170
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x913
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:chksum_update+0xd/0xb0
Code: b9 28 83 ff eb cf 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 54 49 89 f4 55 89 d5 53 <48> 89 fb 48 83 ec 08 e8 77 0e 4f ff 89 ea 48 8d 6b 08 48 b8 00 00
RSP: 0018:ffff88801edff168 EFLAGS: 00000246
RAX: ffffffff81fa63f0 RBX: ffffffff857ef860 RCX: ffffc900033d9000
RDX: 0000000000000002 RSI: ffff8880441cc17e RDI: ffff88801edff228
RBP: 0000000000000002 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880441cc17e
R13: 0000000000000002 R14: 0000000000000000 R15: ffff88801edff228
 crypto_shash_update+0xce/0x130
 ext4_inode_csum+0x306/0x8f0
 ext4_inode_csum_set+0x16d/0x360
 ext4_fill_raw_inode+0x11ad/0x1e90
 ext4_mark_iloc_dirty+0x52c/0x1c00
 __ext4_mark_inode_dirty+0x207/0x890
 __ext4_ext_dirty+0x1b2/0x230
 ext4_ext_remove_space+0x12d8/0x4140
 ext4_ext_truncate+0x330/0x3f0
 ext4_truncate+0xe68/0x1410
 ext4_setattr+0x1c67/0x2700
 notify_change+0xca5/0x1400
 do_truncate+0x143/0x200
 path_openat+0x20d0/0x2a50
 do_filp_open+0x1ba/0x410
 do_sys_openat2+0x171/0x4c0
 __x64_sys_openat+0x143/0x200
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f4529bbfb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4527135188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f4529cd2f60 RCX: 00007f4529bbfb19
RDX: 0000000000004200 RSI: 0000000020000180 RDI: ffffffffffffff9c
RBP: 00007f4529c19f6d R08: 0000000000000000 R09: 0000000000000000
R10: 00000000000000c0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff76522f2f R14: 00007f4527135300 R15: 0000000000022000
 </TASK>
Bluetooth: hci6: command 0x0406 tx timeout
Bluetooth: hci1: command 0x0406 tx timeout
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci7: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
----------------
Code disassembly (best guess):
   0:	01 d0                	add    %edx,%eax
   2:	48 d1 f8             	sar    %rax
   5:	48 8d 5c 85 00       	lea    0x0(%rbp,%rax,4),%rbx
   a:	48 89 d8             	mov    %rbx,%rax
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	42 0f b6 14 38       	movzbl (%rax,%r15,1),%edx
  16:	48 89 d8             	mov    %rbx,%rax
  19:	83 e0 07             	and    $0x7,%eax
  1c:	83 c0 03             	add    $0x3,%eax
  1f:	38 d0                	cmp    %dl,%al
  21:	7c 04                	jl     0x27
  23:	84 d2                	test   %dl,%dl
  25:	75 50                	jne    0x77
  27:	48 63 03             	movslq (%rbx),%rax
* 2a:	48 01 d8             	add    %rbx,%rax <-- trapping instruction
  2d:	48 39 c1             	cmp    %rax,%rcx
  30:	73 b0                	jae    0xffffffe2
  32:	4c 8d 63 fc          	lea    -0x4(%rbx),%r12
  36:	49 39 ec             	cmp    %rbp,%r12
  39:	73 b3                	jae    0xffffffee
  3b:	4d 29 ee             	sub    %r13,%r14
  3e:	49                   	rex.WB
  3f:	c1                   	.byte 0xc1