INFO: task kworker/0:1:10 blocked for more than 142 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:1     state:D stack:23504 pid:10    tgid:10    ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events xfrm_state_gc_task
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 synchronize_rcu_expedited+0x5f5/0x730
 synchronize_rcu+0x11a/0x310
 xfrm_state_gc_task+0xd6/0x6b0
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x439/0x7d0
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/u11:0:54 blocked for more than 142 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u11:0   state:D stack:27560 pid:54    tgid:54    ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: hci4 hci_rx_work
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 hci_remote_features_evt+0x516/0x8e0
 hci_event_packet+0x7e3/0x1200
 hci_rx_work+0x46a/0xe80
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x439/0x7d0
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/u11:4:5856 blocked for more than 142 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u11:4   state:D stack:26224 pid:5856  tgid:5856  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: hci0 hci_cmd_sync_work
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 synchronize_rcu_expedited+0x5f5/0x730
 synchronize_rcu+0x11a/0x310
 hci_chan_del+0x114/0x1b0
 l2cap_conn_del+0x513/0x680
 l2cap_connect_cfm+0x11d/0x1040
 hci_conn_failed+0x1ce/0x310
 hci_abort_conn_sync+0x658/0xe30
 hci_cmd_sync_work+0x213/0x3a0
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x439/0x7d0
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/u11:5:5859 blocked for more than 142 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u11:5   state:D stack:26216 pid:5859  tgid:5859  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: hci5 hci_rx_work
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 hci_remote_features_evt+0x516/0x8e0
 hci_event_packet+0x7e3/0x1200
 hci_rx_work+0x46a/0xe80
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x439/0x7d0
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task syz-executor:6285 blocked for more than 142 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:21832 pid:6285  tgid:6285  ppid:1      task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 synchronize_rcu_expedited+0x5f5/0x730
 namespace_unlock+0x533/0x760
 free_nsproxy+0x3e/0x350
 do_exit+0x6b0/0x2300
 do_group_exit+0x21c/0x2d0
 get_signal+0x1286/0x1340
 arch_do_signal_or_restart+0x9a/0x750
 exit_to_user_mode_loop+0x75/0x110
 do_syscall_64+0x2bd/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f51dbf8e157
RSP: 002b:00007ffe9a224058 EFLAGS: 00000202 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffff RBX: 0000000000007915 RCX: 00007f51dbf8e157
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffe9a224110
RBP: 00007ffe9a224110 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe9a225200
R13: 00007f51dc011c05 R14: 00005555848bf4a8 R15: 0000000000000007
 </TASK>
INFO: task syz.4.1503:11107 blocked for more than 142 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.1503      state:D stack:25904 pid:11107 tgid:11106 ppid:6305   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 __tun_chr_ioctl+0x37a/0x1df0
 __se_sys_ioctl+0xfc/0x170
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b97f8eba9
RSP: 002b:00007f1b98de6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f1b981d5fa0 RCX: 00007f1b97f8eba9
RDX: 0000200000000080 RSI: 00000000400454ca RDI: 0000000000000007
RBP: 00007f1b98011e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1b981d6038 R14: 00007f1b981d5fa0 R15: 00007ffc61a295b8
 </TASK>
INFO: task syz.4.1503:11108 blocked for more than 142 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.1503      state:D stack:28656 pid:11108 tgid:11106 ppid:6305   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 dev_ioctl+0x83c/0x1150
 sock_ioctl+0x719/0x790
 __se_sys_ioctl+0xfc/0x170
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b97f8eba9
RSP: 002b:00007f1b98dc5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f1b981d6090 RCX: 00007f1b97f8eba9
RDX: 0000200000000080 RSI: 00000000000089f8 RDI: 0000000000000009
RBP: 00007f1b98011e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1b981d6128 R14: 00007f1b981d6090 R15: 00007ffc61a295b8
 </TASK>
INFO: task syz.4.1503:11110 blocked for more than 142 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.1503      state:D stack:28208 pid:11110 tgid:11106 ppid:6305   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 dev_ethtool+0x1d0/0x19b0
 dev_ioctl+0x392/0x1150
 sock_do_ioctl+0x22c/0x300
 sock_ioctl+0x576/0x790
 __se_sys_ioctl+0xfc/0x170
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b97f8eba9
RSP: 002b:00007f1b98da4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f1b981d6180 RCX: 00007f1b97f8eba9
RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000016
RBP: 00007f1b98011e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1b981d6218 R14: 00007f1b981d6180 R15: 00007ffc61a295b8
 </TASK>
INFO: task syz-executor:11113 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:26864 pid:11113 tgid:11113 ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 inet_rtm_newaddr+0x3b0/0x18b0
 rtnetlink_rcv_msg+0x7cf/0xb70
 netlink_rcv_skb+0x208/0x470
 netlink_unicast+0x82f/0x9e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 __sys_sendto+0x3bd/0x520
 __x64_sys_sendto+0xde/0x100
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1290d90a3c
RSP: 002b:00007fff7ad84320 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f1291b04620 RCX: 00007f1290d90a3c
RDX: 0000000000000028 RSI: 00007f1291b04670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff7ad84374 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f1291b04670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:11119 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:26864 pid:11119 tgid:11119 ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 inet_rtm_newaddr+0x3b0/0x18b0
 rtnetlink_rcv_msg+0x7cf/0xb70
 netlink_rcv_skb+0x208/0x470
 netlink_unicast+0x82f/0x9e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 __sys_sendto+0x3bd/0x520
 __x64_sys_sendto+0xde/0x100
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe40e390a3c
RSP: 002b:00007ffc306b30a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fe40f104620 RCX: 00007fe40e390a3c
RDX: 0000000000000028 RSI: 00007fe40f104670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffc306b30f4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fe40f104670 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:11123 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:26864 pid:11123 tgid:11123 ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1350
 inet_rtm_newaddr+0x3b0/0x18b0
 rtnetlink_rcv_msg+0x7cf/0xb70
 netlink_rcv_skb+0x208/0x470
 netlink_unicast+0x82f/0x9e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 __sys_sendto+0x3bd/0x520
 __x64_sys_sendto+0xde/0x100
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8983790a3c
RSP: 002b:00007fff6aab81d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f8984504620 RCX: 00007f8983790a3c
RDX: 0000000000000028 RSI: 00007f8984504670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff6aab8224 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f8984504670 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings

Showing all locks held in the system:
2 locks held by kworker/0:1/10:
 #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900000d7bc0 (xfrm_state_gc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
3 locks held by kworker/u8:0/12:
 #0: ffff888107abc948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900000f7bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
1 lock held by khungtaskd/34:
 #0: ffffffff8e13a120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
4 locks held by kworker/u11:0/54:
 #0: ffff88803adfd148 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900007cfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88802b34c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
2 locks held by kworker/0:2/790:
3 locks held by kworker/u10:3/2173:
 #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000a947bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
4 locks held by kworker/u11:1/5238:
 #0: ffff888039a02948 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90020c87bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888023f340b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
2 locks held by getty/5677:
 #0: ffff888107bff0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
4 locks held by kworker/u11:2/5853:
 #0: ffff88802b52d148 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900034afbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88810db700b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
4 locks held by kworker/u11:3/5855:
 #0: ffff888110787148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900034cfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888107fe40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
6 locks held by kworker/u11:4/5856:
 #0: ffff8881071cb948 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900034dfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88802a5fcdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff88802a5fc0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
 #4: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
 #5: ffff888039cbdb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
4 locks held by kworker/u11:5/5859:
 #0: ffff88811aafb948 ((wq_completion)hci5#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000350fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8880398a00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
4 locks held by kworker/u11:6/5860:
 #0: ffff8881064a3148 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000351fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888110c700b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
3 locks held by kworker/0:6/5915:
 #0: ffff88801a482148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90004387bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30
3 locks held by syz.5.1500/11095:
 #0: ffff88802afc9a08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
 #1: ffff88803a578258 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_unhash+0x2a/0x2f0
 #2: ffffffff8e13fbb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
6 locks held by syz.5.1500/11096:
1 lock held by syz.4.1501/11102:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
1 lock held by syz.4.1503/11107:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x37a/0x1df0
1 lock held by syz.4.1503/11108:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x83c/0x1150
1 lock held by syz.4.1503/11110:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: dev_ethtool+0x1d0/0x19b0
1 lock held by syz-executor/11113:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/11119:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/11123:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/11126:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/11132:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/11134:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
4 locks held by kworker/u11:7/11138:
 #0: ffff88811153d948 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90007687bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8881097680b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
2 locks held by dhcpcd/11139:
 #0: ffff888110c1c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
 #1: ffffffff8e13fbb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
1 lock held by dhcpcd/11140:
 #0: ffff8881251d2258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by dhcpcd/11141:
 #0: ffff88812ed4e258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by dhcpcd/11142:
 #0: ffff888126a92258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by dhcpcd/11143:
 #0: ffff88811c2d2258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by dhcpcd/11144:
 #0: ffff88812748c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by syz-executor/11146:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/11152:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
4 locks held by kworker/u11:9/11155:
 #0: ffff888110786948 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90007437bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888107fe00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
1 lock held by syz-executor/11156:
 #0: ffffffff8f53a248 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
5 locks held by kworker/u11:10/11158:
 #0: ffff888039194148 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90007417bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888024df0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff888024df00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
 #4: ffffffff8f69f048 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250
 nmi_cpu_backtrace+0x39e/0x3d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 watchdog+0xf93/0xfe0
 kthread+0x711/0x8a0
 ret_from_fork+0x439/0x7d0
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 11096 Comm: syz.5.1500 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x8/0x90
Code: 48 89 44 11 20 e9 58 76 bd 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 d0 a0 92 65 8b 15 38 0a e1 10 81 e2 00 01 ff 00
RSP: 0018:ffffc90000005f88 EFLAGS: 00000046
RAX: ffffffff81ef6a67 RBX: 0000000000010107 RCX: ffff888106269cc0
RDX: 0000000000010100 RSI: 0000000000010000 RDI: 0000000000000000
RBP: ffffc90000006000 R08: ffffc900000060d7 R09: 0000000000000000
R10: ffffc900000060c0 R11: fffff52000000c1b R12: 1ffff92000000c01
R13: dffffc0000000000 R14: ffff888106269cc0 R15: dffffc0000000000
FS:  00007fdac22556c0(0000) GS:ffff8880b8613000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa6a5c53866 CR3: 00000001255d0000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000082
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 perf_swevent_get_recursion_context+0x57/0x100
 perf_trace_buf_alloc+0x59/0x2a0
 perf_trace_lock+0x18d/0x3b0
 lock_release+0x3b2/0x3e0
 perf_event_output_forward+0x37f/0x430
 __perf_event_overflow+0x830/0xe40
 perf_swevent_event+0x2f4/0x5e0
 perf_tp_event+0x4f6/0x1380
 perf_trace_run_bpf_submit+0xee/0x170
 perf_trace_lock+0x2f8/0x3b0
 lock_release+0x3b2/0x3e0
 _raw_spin_unlock_irqrestore+0x70/0x110
 debug_object_activate+0x2e2/0x420
 enqueue_hrtimer+0x30/0x3a0
 __hrtimer_run_queues+0x656/0xc60
 hrtimer_interrupt+0x45b/0xaa0
 __sysvec_apic_timer_interrupt+0x10b/0x410
 sysvec_apic_timer_interrupt+0x52/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:native_apic_msr_write+0x39/0x50
Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 cc cc cc cc cc f3 0f 1e fa 89 f6 31 d2 e9 d2 fa 8e 03 66
RSP: 0018:ffffc90000006da8 EFLAGS: 00000246
RAX: 00000000000000f6 RBX: 0000000000000200 RCX: 000000000000083f
RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f
RBP: ffffc90000006e80 R08: ffffc90000006e07 R09: 1ffff92000000dc0
R10: dffffc0000000000 R11: fffff52000000dc1 R12: ffff888127482901
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88804b0314b0
 arch_irq_work_raise+0x6d/0x80
 __irq_work_queue_local+0x1d7/0x550
 irq_work_queue+0x99/0x140
 __perf_event_overflow+0x8db/0xe40
 perf_swevent_event+0x2f4/0x5e0
 perf_tp_event+0x4f6/0x1380
 perf_trace_run_bpf_submit+0xee/0x170
 perf_trace_lock+0x2f8/0x3b0
 lock_release+0x3b2/0x3e0
 is_bpf_text_address+0x28d/0x2b0
 kernel_text_address+0xa5/0xe0
 __kernel_text_address+0xd/0x40
 unwind_get_return_address+0x4d/0x90
 arch_stack_walk+0xfc/0x150
 stack_trace_save+0x9c/0xe0
 kasan_save_track+0x3e/0x80
 __kasan_slab_alloc+0x6c/0x80
 kmem_cache_alloc_node_noprof+0x1bb/0x3c0
 kmalloc_reserve+0xbd/0x290
 __alloc_skb+0x142/0x2d0
 new_skb+0x2f/0x2b0
 aoecmd_cfg+0x28b/0x7c0
 call_timer_fn+0x17e/0x5f0
 __run_timer_base+0x61a/0x860
 run_timer_softirq+0xb7/0x180
 handle_softirqs+0x286/0x870
 __irq_exit_rcu+0xca/0x1f0
 irq_exit_rcu+0x9/0x30
 sysvec_irq_work+0xa3/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_irq_work+0x1a/0x20
RIP: 0010:finish_task_switch+0x26b/0x950
Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 df c4 eb 09 e8 8a 41 36 00 fb 4c 8b 65 c0 <49> 8d bc 24 18 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
RSP: 0018:ffffc900078b7718 EFLAGS: 00000286
RAX: 217295b4ad2f8b00 RBX: 0000000000000000 RCX: 217295b4ad2f8b00
RDX: 0000000000000006 RSI: ffffffff8d9ba16b RDI: ffffffff8be33e80
RBP: ffffc900078b7770 R08: ffffffff8fa3a837 R09: 1ffffffff1f47506
R10: dffffc0000000000 R11: fffffbfff1f47507 R12: ffff888106269cc0
R13: dffffc0000000000 R14: ffff8880201fd640 R15: ffff88804b03ab58
 __schedule+0x17a0/0x4cc0
 preempt_schedule_common+0x83/0xd0
 preempt_schedule+0xae/0xc0
 preempt_schedule_thunk+0x16/0x30
 smp_call_function_single+0x470/0x590
 perf_install_in_context+0x593/0x8f0
 __se_sys_perf_event_open+0x193a/0x1d70
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdac138eba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdac2255038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007fdac15d5fa0 RCX: 00007fdac138eba9
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 00002000000003c0
RBP: 00007fdac1411e19 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007fdac15d6038 R14: 00007fdac15d5fa0 R15: 00007ffd7b590438
 </TASK>
