INFO: task syz.1.152:6314 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc6-syzkaller-00434-gcd7c97f4584a-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.152       state:D stack:25096 pid:6314  tgid:6314  ppid:5832   task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x16f5/0x4d00
 schedule+0x165/0x360
 schedule_timeout+0x9a/0x270
 __wait_for_common+0x3da/0x710
 wait_for_completion_state+0x1c/0x40
 __wait_rcu_gp+0x24c/0x280
 synchronize_rcu_tasks_generic+0x132/0x220
 perf_event_detach_bpf_prog+0x298/0x320
 _free_event+0x87b/0xa00
 perf_event_release_kernel+0x45b/0x510
 perf_release+0x38/0x50
 __fput+0x44c/0xa70
 task_work_run+0x1d4/0x260
 exit_to_user_mode_loop+0xec/0x110
 do_syscall_64+0x2bd/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f097cf8eb69
RSP: 002b:00007fff7a207e78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f097d1b7ba0 RCX: 00007f097cf8eb69
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f097d1b7ba0 R08: 00000000000130c0 R09: 000000177a20816f
R10: 00007f097d1b7ac0 R11: 0000000000000246 R12: 00000000000108a7
R13: 00007fff7a207f70 R14: ffffffffffffffff R15: 00007fff7a207f90
 </TASK>
INFO: task syz.0.153:6319 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc6-syzkaller-00434-gcd7c97f4584a-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.153       state:D stack:25096 pid:6319  tgid:6319  ppid:5827   task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x16f5/0x4d00
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x724/0xe80
 perf_trace_destroy+0x2e/0x150
 __free_event+0x316/0x7b0
 perf_event_release_kernel+0x45b/0x510
 perf_release+0x38/0x50
 __fput+0x44c/0xa70
 task_work_run+0x1d4/0x260
 exit_to_user_mode_loop+0xec/0x110
 do_syscall_64+0x2bd/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe94998eb69
RSP: 002b:00007ffcbe8fd468 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fe949bb7ba0 RCX: 00007fe94998eb69
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fe949bb7ba0 R08: 000000000000f77c R09: 0000001cbe8fd75f
R10: 00007fe949bb7ac0 R11: 0000000000000246 R12: 00000000000108bb
R13: 00007fe949bb6160 R14: ffffffffffffffff R15: 00007ffcbe8fd580
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:0/9:
 #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900000c7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf00
3 locks held by kworker/u8:1/13:
 #0: ffff888020ed8148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90000107bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
1 lock held by rcu_tasks_trace/32:
 #0: ffffffff8e13fdd0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{4:4}, at: rcu_tasks_one_gp+0xaf9/0xdf0
1 lock held by khungtaskd/34:
 #0: ffffffff8e13f0a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
5 locks held by kworker/u11:0/54:
 #0: ffff88811095e948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900007cfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88810e3a0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff88810e3a00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
 #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
3 locks held by kworker/u9:6/1091:
 #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90006cf7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
5 locks held by kworker/u11:1/5222:
 #0: ffff888026aef948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900086c7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888108d5cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff888108d5c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
 #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
2 locks held by getty/5657:
 #0: ffff88810f9280a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
5 locks held by kworker/u11:2/5831:
 #0: ffff888024352948 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900039ffbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888023ed4dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff888023ed40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
 #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
3 locks held by kworker/0:5/5877:
 #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90003c7fbc0 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: crda_timeout_work+0x15/0x50
1 lock held by syz.0.153/6319:
 #0: ffffffff8e1a2c68 (event_mutex){+.+.}-{4:4}, at: perf_trace_destroy+0x2e/0x150
2 locks held by syz.0.153/6320:
2 locks held by syz.2.156/6327:
 #0: ffffffff8e1a2c68 (event_mutex){+.+.}-{4:4}, at: perf_trace_destroy+0x2e/0x150
 #1: ffffffff8e144bb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
2 locks held by syz-executor/6333:
 #0: ffffffff8eca43a0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
 #1: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
2 locks held by syz-executor/6336:
 #0: ffffffff8fa22288 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
 #1: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
1 lock held by syz-executor/6345:
 #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by dhcpcd/6347:
 #0: ffff88802adbe808 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
1 lock held by dhcpcd/6348:
 #0: ffff88802adbca08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
1 lock held by dhcpcd/6349:
 #0: ffff88802adbb208 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
1 lock held by dhcpcd/6350:
 #0: ffff88801dcde808 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
1 lock held by dhcpcd/6351:
 #0: ffff88802ac38e08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
1 lock held by dhcpcd/6352:
 #0: ffff88802ac3ca08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
1 lock held by syz-executor/6355:
 #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/6357:
 #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/6363:
 #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
7 locks held by kworker/u11:3/6365:
 #0: ffff88811095f148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900068bfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888028450dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff8880284500b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
 #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
 #5: ffff88810b125338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
 #6: ffffffff8e144bb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
4 locks held by kworker/u11:4/6366:
 #0: ffff888125d38948 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90006927bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888030b380b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
1 lock held by syz-executor/6369:
 #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
4 locks held by kworker/u11:5/6370:
 #0: ffff888106bf7148 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90006ba7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8880311b00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
1 lock held by syz-executor/6374:
 #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
5 locks held by kworker/u11:6/6375:
 #0: ffff888027060948 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90006c27bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88803223cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff88803223c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
 #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
5 locks held by kworker/u11:7/6377:
 #0: ffff888030f3a948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90006c37bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888108e04dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff888108e040b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
 #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
4 locks held by kworker/u11:9/6379:
 #0: ffff888112a88148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90006c87bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88802f3500b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
1 lock held by syz-executor/6381:
 #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00434-gcd7c97f4584a-dirty #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250
 nmi_cpu_backtrace+0x39e/0x3d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 watchdog+0xfee/0x1030
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6320 Comm: syz.0.153 Not tainted 6.16.0-rc6-syzkaller-00434-gcd7c97f4584a-dirty #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:__rcu_read_unlock+0x58/0xe0
Code: 43 0f b6 04 3c 84 c0 75 4f ff 0b 75 1d 4c 8d b7 48 04 00 00 4c 89 f0 48 c1 e8 03 42 0f b6 04 38 84 c0 75 66 41 83 3e 00 75 27 <43> 0f b6 04 3c 84 c0 75 41 8b 03 3d 00 00 00 40 73 0f 5b 41 5c 41
RSP: 0018:ffffc900001e06c8 EFLAGS: 00000246
RAX: 996939770d1c3900 RBX: ffff888021630444 RCX: 996939770d1c3900
RDX: 0000000000000000 RSI: ffffffff8d998701 RDI: ffffffff8be29f80
RBP: dffffc0000000000 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: 1ffff110042c6088
R13: ffffc900001d9000 R14: ffff888021630448 R15: dffffc0000000000
FS:  00007fe94a8816c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0b2e49c4a6 CR3: 000000010fba6000 CR4: 00000000000006f0
Call Trace:
 <IRQ>
 unwind_next_frame+0x19ae/0x2390
 arch_stack_walk+0x11c/0x150
 stack_trace_save+0x9c/0xe0
 save_stack+0xf5/0x1f0
 __reset_page_owner+0x71/0x1f0
 __free_frozen_pages+0xc71/0xe70
 __tlb_remove_table+0x2d2/0x3b0
 tlb_remove_table_rcu+0x85/0x100
 rcu_core+0xca8/0x1710
 handle_softirqs+0x286/0x870
 __irq_exit_rcu+0xca/0x1f0
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0xa6/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:finish_task_switch+0x2b3/0x950
Code: a4 24 1b 16 00 00 bf 49 8d 9c 24 78 16 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 28 84 c0 4c 8b 7d b8 0f 85 04 03 00 00 83 3b 00 <0f> 85 c0 00 00 00 0f 1f 44 00 00 4d 85 ff 74 72 49 81 c4 58 05 00
RSP: 0018:ffffc900065977b8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff888021631678 RCX: 996939770d1c3900
RDX: 0000000000000000 RSI: ffffffff8d998701 RDI: ffff888021631618
RBP: ffffc90006597810 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: ffff888021630000
R13: dffffc0000000000 R14: ffff88801ba8d640 R15: ffff888021d1d000
 __schedule+0x16fd/0x4d00
 preempt_schedule_irq+0xb5/0x150
 irqentry_exit+0x6f/0x90
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__phys_addr+0x4d/0x180
Code: ff ff 48 89 de e8 83 b4 4b 00 49 89 de 49 81 ee 00 00 00 80 0f 83 a4 00 00 00 48 c7 c0 28 64 bb 8d 48 c1 e8 03 42 80 3c 38 00 <74> 0c 48 c7 c7 28 64 bb 8d e8 15 d3 ae 00 48 2b 1d d6 f5 46 0c 48
RSP: 0018:ffffc90006597ba8 EFLAGS: 00000246
RAX: 1ffffffff1b76c85 RBX: ffff88802ad748d0 RCX: ffff888021630000
RDX: 0000000000000002 RSI: ffff88802ad748d0 RDI: ffffffff7fffffff
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff822be719
R10: 0000000000000406 R11: 0000000000000002 R12: dffffc0000000000
R13: 0000000000000000 R14: ffff8880aad748d0 R15: dffffc0000000000
 __memcg_slab_post_alloc_hook+0x260/0x7f0
 kmem_cache_alloc_lru_noprof+0x2c7/0x3d0
 __d_alloc+0x31/0x6f0
 d_alloc_pseudo+0x1f/0xb0
 alloc_file_pseudo+0xcc/0x210
 sock_alloc_file+0xb8/0x2e0
 __sys_socket+0x13d/0x1b0
 __x64_sys_socket+0x7a/0x90
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe94998eb69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe94a881038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007fe949bb5fa0 RCX: 00007fe94998eb69
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002b
RBP: 00007fe949a11df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fe949bb5fa0 R15: 00007ffcbe8fd308
 </TASK>
