INFO: task kworker/0:0:9 blocked  for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0     state:D stack:23176 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: events bpf_prog_free_deferred
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 text_poke_set+0xa3/0x180
 bpf_arch_text_invalidate+0x22/0x40
 bpf_prog_pack_free+0x1d0/0x420
 bpf_jit_binary_pack_free+0x39/0x80
 bpf_jit_free+0x119/0x430
 process_one_work+0x949/0x1650
 worker_thread+0x9af/0xee0
 kthread+0x388/0x470
 ret_from_fork+0x51e/0xb90
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/u8:4:5902 blocked  for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:4    state:D stack:23048 pid:5902  tgid:5902  ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 synchronize_rcu_expedited+0x619/0x770
 wg_socket_reinit+0x1bd/0x360
 wg_netns_pre_exit+0xd6/0x200
 ops_undo_list+0x187/0x940
 cleanup_net+0x4df/0x7b0
 process_one_work+0x949/0x1650
 worker_thread+0x9af/0xee0
 kthread+0x388/0x470
 ret_from_fork+0x51e/0xb90
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/1:4:5936 blocked  for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:4     state:D stack:23560 pid:5936  tgid:5936  ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: events xfrm_state_gc_task
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 synchronize_rcu_expedited+0x619/0x770
 xfrm_state_gc_task+0xdc/0x950
 process_one_work+0x949/0x1650
 worker_thread+0x9af/0xee0
 kthread+0x388/0x470
 ret_from_fork+0x51e/0xb90
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/u10:7:7315 blocked  for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u10:7   state:D stack:22408 pid:7315  tgid:7315  ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: events_unbound linkwatch_event
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 linkwatch_event+0xe/0x60
 process_one_work+0x949/0x1650
 worker_thread+0x9af/0xee0
 kthread+0x388/0x470
 ret_from_fork+0x51e/0xb90
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/u10:1:17411 blocked  for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u10:1   state:D stack:25064 pid:17411 tgid:17411 ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: events_unbound toggle_allocation_gate
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 static_key_enable_cpuslocked+0xcb/0x240
 static_key_enable+0x1a/0x20
 toggle_allocation_gate+0xab/0x290
 process_one_work+0x949/0x1650
 worker_thread+0x9af/0xee0
 kthread+0x388/0x470
 ret_from_fork+0x51e/0xb90
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task syz.8.5325:19089 blocked  for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.5325      state:D stack:26120 pid:19089 tgid:19077 ppid:18757  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 text_poke_copy+0x2a/0xe0
 bpf_arch_text_copy+0x25/0x40
 bpf_jit_binary_pack_finalize+0x3e/0xf0
 bpf_int_jit_compile+0xa1a/0x1480
 bpf_prog_select_runtime+0x4a3/0x810
 bpf_prog_load+0x14b3/0x1ae0
 __sys_bpf+0x618/0x950
 __x64_sys_bpf+0x7c/0x90
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f116679acb9
RSP: 002b:00007f1167626028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1166a16090 RCX: 00007f116679acb9
RDX: 0000000000000094 RSI: 0000200000000880 RDI: 0000000000000005
RBP: 00007f1166808bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1166a16128 R14: 00007f1166a16090 R15: 00007ffdf783f078
 </TASK>
INFO: task syz.8.5325:19093 blocked  for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.5325      state:D stack:28800 pid:19093 tgid:19077 ppid:18757  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 perf_trace_init+0x50/0x2d0
 perf_tp_event_init+0x8d/0x120
 perf_try_init_event+0x17f/0x870
 perf_event_alloc+0x1444/0x2e30
 __se_sys_perf_event_open+0x7a9/0x1d60
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f116679acb9
RSP: 002b:00007f1167605028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f1166a16180 RCX: 00007f116679acb9
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000200000000040
RBP: 00007f1166808bf7 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1166a16218 R14: 00007f1166a16180 R15: 00007ffdf783f078
 </TASK>
INFO: task syz.8.5325:19095 blocked  for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.5325      state:D stack:26120 pid:19095 tgid:19077 ppid:18757  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 bpf_prog_pack_alloc+0x35/0x540
 bpf_jit_binary_pack_alloc+0xe2/0x2f0
 bpf_int_jit_compile+0x7ef/0x1480
 bpf_prog_select_runtime+0x4a3/0x810
 bpf_prog_load+0x14b3/0x1ae0
 __sys_bpf+0x618/0x950
 __x64_sys_bpf+0x7c/0x90
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f116679acb9
RSP: 002b:00007f11675e4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1166a16270 RCX: 00007f116679acb9
RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005
RBP: 00007f1166808bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1166a16308 R14: 00007f1166a16270 R15: 00007ffdf783f078
 </TASK>
INFO: task syz.4.5331:19091 blocked  for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.5331      state:D stack:26520 pid:19091 tgid:19090 ppid:18073  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 perf_trace_init+0x50/0x2d0
 perf_tp_event_init+0x8d/0x120
 perf_try_init_event+0x17f/0x870
 perf_event_alloc+0x1444/0x2e30
 __se_sys_perf_event_open+0x7a9/0x1d60
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3f7399acb9
RSP: 002b:00007f3f7479a028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f3f73c15fa0 RCX: 00007f3f7399acb9
RDX: ffffffffffffffff RSI: 00000000000000e6 RDI: 0000200000000640
RBP: 00007f3f73a08bf7 R08: 0000000000000002 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3f73c16038 R14: 00007f3f73c15fa0 R15: 00007ffc75e9ffd8
 </TASK>
INFO: task syz.4.5331:19094 blocked  for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.5331      state:D stack:26120 pid:19094 tgid:19090 ppid:18073  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 __schedule+0x153e/0x5070
 schedule+0x164/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7fe/0x1300
 bpf_prog_pack_alloc+0x35/0x540
 bpf_jit_binary_pack_alloc+0xe2/0x2f0
 bpf_int_jit_compile+0x7ef/0x1480
 bpf_prog_select_runtime+0x4a3/0x810
 bpf_prog_load+0x14b3/0x1ae0
 __sys_bpf+0x618/0x950
 __x64_sys_bpf+0x7c/0x90
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3f7399acb9
RSP: 002b:00007f3f74779028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f3f73c16090 RCX: 00007f3f7399acb9
RDX: 0000000000000094 RSI: 0000200000000880 RDI: 0000000000000005
RBP: 00007f3f73a08bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3f73c16128 R14: 00007f3f73c16090 R15: 00007ffc75e9ffd8
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings

Showing all locks held in the system:
4 locks held by kworker/0:0/9:
 #0: ffff88810006b548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc900000e7c40 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffffffff8e5e9288 (pack_mutex){+.+.}-{4:4}, at: bpf_prog_pack_free+0x35/0x420
 #3: ffffffff8e404c88 (text_mutex){+.+.}-{4:4}, at: text_poke_set+0xa3/0x180
3 locks held by kworker/0:1/10:
 #0: ffff88810006a148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc900000f7c40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xa5/0xfe0
1 lock held by khungtaskd/34:
 #0: ffffffff8e560120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
2 locks held by getty/5633:
 #0: ffff88817706d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc9000356e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
5 locks held by kworker/u11:2/5887:
 #0: ffff88810fac5148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc90004b37c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffff88810a8b8ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400
 #3: ffff88810a8b80c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x8a3/0xed0
 #4: ffffffff8fb505c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340
6 locks held by kworker/u11:5/5895:
 #0: ffff8881bc89f948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc90004b97c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffff8881be41cec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400
 #3: ffff8881be41c0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x8a3/0xed0
 #4: ffffffff8fb505c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340
 #5: ffff88810a1e42f8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5c0
5 locks held by kworker/u11:6/5896:
 #0: ffff888012042148 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc90004a37c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffff888115270ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400
 #3: ffff8881152700c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x8a3/0xed0
 #4: ffffffff8fb505c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340
5 locks held by kworker/u8:4/5902:
 #0: ffff8881012ae148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc90004a07c40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffffffff8f9b4df0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xfe/0x7b0
 #3: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x200
 #4: ffff88811bdb9528 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_netns_pre_exit+0xb0/0x200
2 locks held by kworker/1:4/5936:
 #0: ffff88810006b548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc90004357c40 (xfrm_state_gc_work){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
3 locks held by kworker/u10:7/7315:
 #0: ffff8881000ac148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc900052b7c40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
4 locks held by kworker/u10:1/17411:
 #0: ffff8881000ac148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc90007237c40 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffffffff8e3ef390 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_enable+0x12/0x20
 #3: ffffffff8e62d788 (jump_label_mutex){+.+.}-{4:4}, at: static_key_enable_cpuslocked+0xcb/0x240
3 locks held by kworker/u8:2/17658:
 #0: ffff888110497948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc90003b67c40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
1 lock held by syz.1.5323/19073:
 #0: ffffffff8e5663b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
2 locks held by syz.8.5325/19077:
 #0: ffff8881a78c6e08 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x89/0x250
 #1: ffffffff8e5663b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
9 locks held by syz.8.5325/19080:
1 lock held by syz.8.5325/19089:
 #0: ffffffff8e404c88 (text_mutex){+.+.}-{4:4}, at: text_poke_copy+0x2a/0xe0
3 locks held by syz.8.5325/19093:
 #0: ffffffff9a087ab8 (&pmus_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x2c/0x60
 #1: ffffffff9a087ab8 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0x1057/0x2e30
 #2: ffffffff8e5cfe08 (event_mutex){+.+.}-{4:4}, at: perf_trace_init+0x50/0x2d0
1 lock held by syz.8.5325/19095:
 #0: ffffffff8e5e9288 (pack_mutex){+.+.}-{4:4}, at: bpf_prog_pack_alloc+0x35/0x540
3 locks held by syz.4.5331/19091:
 #0: ffffffff9a087ab8 (&pmus_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x2c/0x60
 #1: ffffffff9a087ab8 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0x1057/0x2e30
 #2: ffffffff8e5cfe08 (event_mutex){+.+.}-{4:4}, at: perf_trace_init+0x50/0x2d0
1 lock held by syz.4.5331/19094:
 #0: ffffffff8e5e9288 (pack_mutex){+.+.}-{4:4}, at: bpf_prog_pack_alloc+0x35/0x540
1 lock held by syz-executor/19102:
 #0: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19107:
 #0: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19109:
 #0: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19114:
 #0: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19117:
 #0: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19121:
 #0: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by dhcpcd/19123:
 #0: ffff88811b9fa260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
1 lock held by dhcpcd/19124:
 #0: ffff8881157aa260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
1 lock held by dhcpcd/19125:
 #0: ffff888101bd6260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
4 locks held by kworker/u11:0/19126:
 #0: ffff8881013c5148 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc900086ffc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffff88811ac680c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x950
 #3: ffffffff8fb505c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x54c/0x950
1 lock held by dhcpcd/19127:
 #0: ffff888119386260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
1 lock held by dhcpcd/19128:
 #0: ffff88810fbe8260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
1 lock held by dhcpcd/19129:
 #0: ffff88801e424260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
4 locks held by kworker/u11:1/19130:
 #0: ffff88801e73a948 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc900083efc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffff8881128500c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x950
 #3: ffffffff8fb505c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x54c/0x950
1 lock held by syz-executor/19134:
 #0: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19138:
 #0: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
1 lock held by syz-executor/19143:
 #0: ffffffff8f9c3d08 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
4 locks held by kworker/u11:7/19144:
 #0: ffff88802a6dc948 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_one_work+0x855/0x1650
 #1: ffffc900078bfc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650
 #2: ffff8881153840c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x950
 #3: ffffffff8fb505c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x54c/0x950

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150
 nmi_cpu_backtrace+0x274/0x2d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 sys_info+0x135/0x170
 watchdog+0x103d/0x1090
 kthread+0x388/0x470
 ret_from_fork+0x51e/0xb90
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 19080 Comm: syz.8.5325 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:asm_exc_int3+0x0/0x40
Code: e9 f5 08 00 00 90 90 90 90 90 f3 0f 1e fa 0f 1f 00 fc 6a ff e8 a1 07 00 00 48 89 c4 48 89 e7 e8 b6 e0 8d 0a e9 d1 08 00 00 90 <f3> 0f 1e fa 0f 1f 00 fc 6a ff f6 44 24 10 03 75 18 ff 74 24 28 ff
RSP: 0018:ffffc90000a07258 EFLAGS: 00000086
RAX: 2915d267c6f7e100 RBX: 0000000000000001 RCX: ffff88811905ba00
RDX: 0000000000010100 RSI: ffffffff81fa18f7 RDI: ffffffff8e560120
RBP: ffffc90000a07470 R08: ffffc90000a073f7 R09: 0000000000000000
R10: ffffc90000a073e0 R11: fffff52000140e7f R12: ffffc90000a074c0
R13: ffffffff81fa18f7 R14: ffffffff8e560120 R15: 1ffff92000140e70
FS:  00007f11676476c0(0000) GS:ffff8882a96a4000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f014bdc480 CR3: 0000000111936000 CR4: 00000000000006f0
DR0: 0000000000000002 DR1: 0000200000000300 DR2: 0000200000000300
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
RIP: 0010:lock_release+0x26/0x3d0
Code: 90 90 90 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 83 ec 30 49 89 f5 49 89 fe 65 48 8b 05 c0 21 57 11 48 89 44 24 28 cc <05> 03 00 00 65 8b 05 c3 21 57 11 83 f8 08 0f 83 56 02 00 00 89 c0
RSP: 0018:ffffc90000a07288 EFLAGS: 00000086
 rcu_read_unlock+0x93/0xa0
 perf_output_begin_forward+0x9ea/0xab0
 perf_event_output_forward+0x2d4/0x480
 __perf_event_overflow+0x87a/0xec0
 perf_swevent_hrtimer+0x3e0/0x590
 __hrtimer_run_queues+0x4e7/0xcc0
 hrtimer_interrupt+0x45b/0xaa0
 __sysvec_apic_timer_interrupt+0x102/0x460
 sysvec_apic_timer_interrupt+0x52/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:unwind_next_frame+0x4d5/0x23c0
Code: 15 00 00 83 f8 01 4c 8b 7c 24 50 48 bd 00 00 00 00 00 fc ff df 4c 8b 64 24 20 4c 8b 6c 24 48 0f 84 72 15 00 00 e9 03 02 00 00 <49> 89 d5 48 89 d5 48 89 d8 48 29 e8 48 89 c1 48 c1 f9 02 48 c1 e8
RSP: 0018:ffffc90000a07c98 EFLAGS: 00000297
RAX: ffffffff9123b526 RBX: ffffffff9072380c RCX: 0000000000000300
RDX: ffffffff907237f4 RSI: ffffffff9123b4fc RDI: ffffffff8c076ca0
RBP: dffffc0000000000 R08: 0000000000000007 R09: ffffffff8e560120
R10: ffffc90000a07db8 R11: ffffffff81af6830 R12: ffffffff8adc90b6
R13: ffffffff907237f4 R14: ffffc90000a07d68 R15: 000000000009dc90
 arch_stack_walk+0x11b/0x150
 stack_trace_save+0xa9/0x100
 kasan_save_stack+0x3e/0x60
 kasan_record_aux_stack+0xbd/0xd0
 kvfree_call_rcu+0xff/0x430
 cfg80211_update_known_bss+0x830/0x1590
 __cfg80211_bss_update+0x147/0x2110
 cfg80211_inform_single_bss_data+0xbd1/0x1b70
 cfg80211_inform_bss_data+0x24d/0x3be0
 cfg80211_inform_bss_frame_data+0x3c7/0x760
 ieee80211_bss_info_update+0x794/0xa40
 ieee80211_scan_rx+0x552/0xa40
 ieee80211_rx_list+0x29e5/0x3710
 ieee80211_rx_napi+0x1b1/0x3e0
 ieee80211_handle_queued_frames+0xe8/0x1e0
 tasklet_action_common+0x2da/0x4b0
 handle_softirqs+0x22a/0x870
 __irq_exit_rcu+0x5f/0x150
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0xa6/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:preempt_schedule_irq+0x48/0xa0
Code: 49 be 00 00 00 00 00 fc ff df eb 09 48 f7 03 10 00 00 00 74 53 bf 01 00 00 00 e8 93 90 03 f6 e8 ae 23 3c f6 fb bf 01 00 00 00 <e8> 23 a9 ff ff 9c 58 fa a9 00 02 00 00 74 05 e8 84 25 3c f6 bf 01
RSP: 0018:ffffc900049476a0 EFLAGS: 00000202
RAX: 000000000043da4f RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000006 RSI: ffffffff8dcf1fb8 RDI: 0000000000000001
RBP: 0000000000000000 R08: ffffffff8ff0e0b7 R09: 1ffffffff1fe1c16
R10: dffffc0000000000 R11: fffffbfff1fe1c17 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
 irqentry_exit+0x599/0x620
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:smp_text_poke_batch_finish+0x98f/0x1160
Code: 8b 74 24 08 49 63 46 f6 48 8d b8 00 00 00 81 48 8d b4 24 90 00 00 00 48 89 da 4c 89 f9 49 89 d8 e8 76 d5 8b 00 48 8b 5c 24 18 <42> c6 44 2b 0a f8 42 c6 44 2b 06 f8 49 ff c4 44 8b 3d cb bd 92 11
RSP: 0018:ffffc900049477c0 EFLAGS: 00000246
RAX: 2915d267c6f7e100 RBX: 1ffff92000928f04 RCX: 0000000000000000
RDX: 0000000000000006 RSI: ffffffff8dcf1fb8 RDI: 00000000ffffffff
RBP: ffffc900049478f8 R08: ffffffff8ff0e0b7 R09: 1ffffffff1fe1c16
R10: dffffc0000000000 R11: fffffbfff1fe1c17 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffffff92fccd6a R15: ffffffff92fccd6a
 arch_jump_label_transform_apply+0x1c/0x30
 static_key_enable_cpuslocked+0x128/0x240
 static_key_enable+0x1a/0x20
 tracepoint_add_func+0x89d/0xa50
 tracepoint_probe_register+0x5d/0x90
 perf_trace_event_init+0x4e1/0x9d0
 perf_trace_init+0x23d/0x2d0
 perf_tp_event_init+0x8d/0x120
 perf_try_init_event+0x17f/0x870
 perf_event_alloc+0x1444/0x2e30
 __se_sys_perf_event_open+0x7a9/0x1d60
 do_syscall_64+0x14d/0xf80
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f116679acb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1167647028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f1166a15fa0 RCX: 00007f116679acb9
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000640
RBP: 00007f1166808bf7 R08: 0000000000000002 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1166a16038 R14: 00007f1166a15fa0 R15: 00007ffdf783f078
 </TASK>
