INFO: task rcu_tasks_trace:32 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:rcu_tasks_trace state:D stack:25928 pid:32    tgid:32    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 synchronize_rcu_expedited+0x5f5/0x730
 synchronize_rcu+0x11a/0x310
 rcu_tasks_wait_gp+0x490/0xac0
 rcu_tasks_one_gp+0xc19/0xdf0
 rcu_tasks_kthread+0x195/0x1c0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/u8:0:23071 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:0    state:D stack:22688 pid:23071 tgid:23071 ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1360
 addrconf_verify_work+0x19/0x30
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task kworker/u10:23:23623 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u10:23  state:D stack:23976 pid:23623 tgid:23623 ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events_unbound linkwatch_event
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1360
 linkwatch_event+0xe/0x60
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
INFO: task syz.7.6575:27658 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.6575      state:D stack:25096 pid:27658 tgid:27658 ppid:27468  task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_timeout+0x9a/0x270
 __wait_for_common+0x3da/0x710
 wait_for_completion_state+0x1c/0x40
 __wait_rcu_gp+0x24c/0x280
 synchronize_rcu_tasks_generic+0x132/0x220
 perf_trace_event_unreg+0xbe/0x1b0
 perf_trace_destroy+0xa4/0x150
 __free_event+0x346/0x7e0
 perf_event_release_kernel+0x45b/0x510
 perf_release+0x38/0x50
 __fput+0x44c/0xa70
 task_work_run+0x1d4/0x260
 exit_to_user_mode_loop+0xec/0x110
 do_syscall_64+0x2bd/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa354b8ebe9
RSP: 002b:00007fffba5ec268 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fa354db7da0 RCX: 00007fa354b8ebe9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fa354db7da0 R08: 00000000000001c4 R09: 00000019ba5ec55f
R10: 00007fa354db7cb0 R11: 0000000000000246 R12: 00000000000ecb9e
R13: 00007fa354db6180 R14: ffffffffffffffff R15: 00007fffba5ec380
 </TASK>
INFO: task syz.7.6575:27659 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.6575      state:D stack:25896 pid:27659 tgid:27658 ppid:27468  task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1360
 tcx_prog_attach+0xf0/0x710
 bpf_prog_attach+0x532/0x6e0
 __sys_bpf+0x36e/0x870
 __x64_sys_bpf+0x7c/0x90
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa354b8ebe9
RSP: 002b:00007fa355918038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fa354db5fa0 RCX: 00007fa354b8ebe9
RDX: 0000000000000020 RSI: 0000200000000040 RDI: 0000000000000008
RBP: 00007fa354c11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa354db6038 R14: 00007fa354db5fa0 R15: 00007fffba5ec108
 </TASK>
INFO: task syz.8.6576:27660 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.6576      state:D stack:25096 pid:27660 tgid:27660 ppid:27478  task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 synchronize_rcu_expedited+0x5f5/0x730
 packet_release+0xa05/0xce0
 sock_close+0xc3/0x240
 __fput+0x44c/0xa70
 task_work_run+0x1d4/0x260
 exit_to_user_mode_loop+0xec/0x110
 do_syscall_64+0x2bd/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fafa1d8ebe9
RSP: 002b:00007ffc51d8bb78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fafa1fb7da0 RCX: 00007fafa1d8ebe9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fafa1fb7da0 R08: 0000000000000224 R09: 0000001e51d8be6f
R10: 00007fafa1fb7cb0 R11: 0000000000000246 R12: 00000000000ecbb7
R13: 00007fafa1fb6270 R14: ffffffffffffffff R15: 00007ffc51d8bc90
 </TASK>
INFO: task syz.8.6576:27663 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.6576      state:D stack:27384 pid:27663 tgid:27660 ppid:27478  task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1360
 rtnetlink_rcv_msg+0x71c/0xb70
 netlink_rcv_skb+0x208/0x470
 netlink_unicast+0x82f/0x9e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 ____sys_sendmsg+0x505/0x830
 ___sys_sendmsg+0x21f/0x2a0
 __x64_sys_sendmsg+0x19b/0x260
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fafa1d8ebe9
RSP: 002b:00007faf9ffd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fafa1fb6090 RCX: 00007fafa1d8ebe9
RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000008
RBP: 00007fafa1e11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fafa1fb6128 R14: 00007fafa1fb6090 R15: 00007ffc51d8ba18
 </TASK>
INFO: task syz.8.6576:27664 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.6576      state:D stack:27384 pid:27664 tgid:27660 ppid:27478  task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1360
 rtnetlink_rcv_msg+0x71c/0xb70
 netlink_rcv_skb+0x208/0x470
 netlink_unicast+0x82f/0x9e0
 netlink_sendmsg+0x805/0xb30
 __sock_sendmsg+0x21c/0x270
 ____sys_sendmsg+0x505/0x830
 ___sys_sendmsg+0x21f/0x2a0
 __x64_sys_sendmsg+0x19b/0x260
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fafa1d8ebe9
RSP: 002b:00007faf9ffb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fafa1fb6180 RCX: 00007fafa1d8ebe9
RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000009
RBP: 00007fafa1e11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fafa1fb6218 R14: 00007fafa1fb6180 R15: 00007ffc51d8ba18
 </TASK>
INFO: task syz.9.6577:27665 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.6577      state:D stack:25096 pid:27665 tgid:27665 ppid:27479  task_flags:0x400040 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1360
 perf_trace_destroy+0x2e/0x150
 __free_event+0x346/0x7e0
 perf_event_release_kernel+0x45b/0x510
 perf_release+0x38/0x50
 __fput+0x44c/0xa70
 task_work_run+0x1d4/0x260
 exit_to_user_mode_loop+0xec/0x110
 do_syscall_64+0x2bd/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f301d38ebe9
RSP: 002b:00007fffe9682708 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f301d5b7da0 RCX: 00007f301d38ebe9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f301d5b7da0 R08: 0000000000000000 R09: 00000025e96829ff
R10: 00007f301d5b7cb0 R11: 0000000000000246 R12: 00000000000ecd7a
R13: 00007f301d5b6180 R14: ffffffffffffffff R15: 00007fffe9682820
 </TASK>
INFO: task syz.9.6577:27667 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.6577      state:D stack:22328 pid:27667 tgid:27665 ppid:27479  task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 schedule_preempt_disabled+0x13/0x30
 __mutex_lock+0x7e6/0x1360
 dev_ethtool+0x1d0/0x19b0
 dev_ioctl+0x392/0x1150
 sock_do_ioctl+0x22c/0x300
 sock_ioctl+0x576/0x790
 __se_sys_ioctl+0xfc/0x170
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f301d38ebe9
RSP: 002b:00007f301e177038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f301d5b5fa0 RCX: 00007f301d38ebe9
RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000013
RBP: 00007f301d411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f301d5b6038 R14: 00007f301d5b5fa0 R15: 00007fffe96825a8
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz.9.6577:27669 blocked for more than 145 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.6577      state:D stack:27288 pid:27669 tgid:27669 ppid:27665  task_flags:0x40004c flags:0x00004000
Call Trace:
 <TASK>
 __schedule+0x1798/0x4cc0
 schedule+0x165/0x360
 synchronize_rcu_expedited+0x5f5/0x730
 namespace_unlock+0x533/0x760
 free_nsproxy+0x3e/0x350
 do_exit+0x6b0/0x2300
 __x64_sys_exit+0x40/0x40
 x64_sys_call+0x21da/0x2200
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f301d38ebe9
RSP: 002b:00007f301e155fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 00007f301d5b6090 RCX: 00007f301d38ebe9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f301d411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f301d5b6128 R14: 00007f301d5b6090 R15: 00007fffe96825a8
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings

Showing all locks held in the system:
1 lock held by rcu_tasks_trace/32:
 #0: ffffffff8e13abd0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{4:4}, at: rcu_tasks_one_gp+0xaf9/0xdf0
1 lock held by khungtaskd/34:
 #0: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
2 locks held by getty/5680:
 #0: ffff88802204a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
 #1: ffffc900027782f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
4 locks held by kworker/u11:2/5852:
 #0: ffff888028245948 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900037afbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8881331a40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
3 locks held by kworker/0:7/13746:
 #0: ffff88801a482148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90003bafbc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30
4 locks held by kworker/u8:2/14097:
 #0: ffff88801b2f7148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900037cfbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f52af70 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
 #3: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x890
4 locks held by kworker/u11:1/17318:
 #0: ffff88802f440148 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90009ba7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88813319c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
3 locks held by kworker/u8:0/23071:
 #0: ffff888021b68148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900038efbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
3 locks held by kworker/u10:23/23623:
 #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000432fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
6 locks held by kworker/u11:0/26271:
 #0: ffff888125f3e148 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90007707bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88813227cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff88813227c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
 #4: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
 #5: ffff88802f616338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
1 lock held by syz.7.6575/27658:
 #0: ffffffff8e19d448 (event_mutex){+.+.}-{4:4}, at: perf_trace_destroy+0x2e/0x150
1 lock held by syz.7.6575/27659:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: tcx_prog_attach+0xf0/0x710
2 locks held by syz.7.6575/27662:
 #0: ffff8881088650d8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nf_tables_valid_genid+0x3b/0x100
 #1: ffffffff8e13f938 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
1 lock held by syz.8.6576/27660:
 #0: ffff88802a02fa08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
3 locks held by syz.8.6576/27661:
1 lock held by syz.8.6576/27663:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70
1 lock held by syz.8.6576/27664:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70
1 lock held by syz.9.6577/27665:
 #0: ffffffff8e19d448 (event_mutex){+.+.}-{4:4}, at: perf_trace_destroy+0x2e/0x150
1 lock held by syz.9.6577/27667:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: dev_ethtool+0x1d0/0x19b0
1 lock held by syz-executor/27675:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/27677:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/27679:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by dhcpcd/27681:
 #0: ffff8881265b0258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by dhcpcd/27682:
 #0: ffff88802244c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by dhcpcd/27683:
 #0: ffff8880123f2258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by dhcpcd/27684:
 #0: ffff888122f66258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by dhcpcd/27685:
 #0: ffff8881327a0258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by dhcpcd/27686:
 #0: ffff888128026258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
1 lock held by syz-executor/27690:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
5 locks held by kworker/u11:3/27692:
 #0: ffff888124cca948 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000289fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888128514dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff8881285140b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
 #4: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
1 lock held by syz-executor/27693:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
4 locks held by kworker/u11:4/27694:
 #0: ffff888048138148 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900028dfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88810871c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
1 lock held by syz-executor/27696:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
5 locks held by kworker/u11:5/27697:
 #0: ffff8881253bc948 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90000107bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff888128010dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff8881280100b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
 #4: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
5 locks held by kworker/u11:6/27699:
 #0: ffff8881228cf948 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900000d7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8881251c8dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff8881251c80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
 #4: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
5 locks held by kworker/u11:7/27700:
 #0: ffff888129b5a148 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc900000c7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88802f44cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff88802f44c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
 #4: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
5 locks held by kworker/u11:8/27701:
 #0: ffff888128734948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90002c0fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8881112a0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
 #3: ffff8881112a00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
 #4: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
4 locks held by kworker/u11:9/27702:
 #0: ffff8881325e6148 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90002f6fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8881088e00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
1 lock held by syz-executor/27707:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
4 locks held by kworker/u11:11/27709:
 #0: ffff88812662b948 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000303fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8881211680b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
1 lock held by syz-executor/27710:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
1 lock held by syz-executor/27713:
 #0: ffffffff8f537dc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
4 locks held by kworker/u11:13/27714:
 #0: ffff888134415948 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90002f2fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8881069f40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
 #3: ffffffff8f69cb08 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250
 nmi_cpu_backtrace+0x39e/0x3d0
 nmi_trigger_cpumask_backtrace+0x17a/0x300
 watchdog+0xf93/0xfe0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 27661 Comm: syz.8.6576 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:native_apic_msr_write+0x39/0x50
Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 cc cc cc cc cc f3 0f 1e fa 89 f6 31 d2 e9 92 64 8e 03 66
RSP: 0018:ffffc90000007548 EFLAGS: 00000046
RAX: 000000000000007f RBX: ffff88804b023900 RCX: 0000000000000838
RDX: 0000000000000000 RSI: 000000000000007f RDI: 0000000000000838
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff81ae033e
R10: 0000000000000003 R11: ffffffff81703490 R12: 0000000010004676
R13: dffffc0000000000 R14: 000000000000007f R15: 0000000000000020
FS:  00007faf9fff66c0(0000) GS:ffff8880b861c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcca1291a10 CR3: 000000010db8c000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 lapic_next_event+0x11/0x20
 clockevents_program_event+0x1cf/0x360
 hrtimer_interrupt+0x620/0xaa0
 __sysvec_apic_timer_interrupt+0x10b/0x410
 sysvec_apic_timer_interrupt+0x52/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:ieee80211_rx_handlers+0x0/0xb760
Code: 1d ff ff ff e8 31 dc cb f6 e8 0c f7 3f f6 e9 b3 fd ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48
RSP: 0018:ffffc900000077b8 EFLAGS: 00000202
RAX: 1ffff92000000f1e RBX: ffffc900000078f0 RCX: ffff888107ac8000
RDX: 0000000000000100 RSI: ffffc900000078f0 RDI: ffffc90000007ac0
RBP: ffffc900000079f0 R08: ffffc90000007947 R09: 0000000000000000
R10: ffffc90000007900 R11: fffff52000000f29 R12: dffffc0000000000
R13: ffffc900000078f0 R14: ffff888045929500 R15: ffffc90000007ac0
 ieee80211_prepare_and_rx_handle+0x266f/0x63f0
 ieee80211_rx_list+0x21b8/0x2a90
 ieee80211_rx_napi+0x1a8/0x3d0
 ieee80211_handle_queued_frames+0xe8/0x1f0
 tasklet_action_common+0x36c/0x580
 handle_softirqs+0x286/0x870
 __irq_exit_rcu+0xca/0x1f0
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0xa6/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
Code: 74 05 e8 4b 87 4b f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 93 2e 14 f6 65 8b 05 6c 71 24 07 85 c0 74 40 48 c7 04 24 0e 36
RSP: 0018:ffffc900024ff4e0 EFLAGS: 00000206
RAX: c6ca565558280e00 RBX: 0000000000000a02 RCX: c6ca565558280e00
RDX: 0000000000000000 RSI: ffffffff8d9b6a28 RDI: 0000000000000001
RBP: ffffc900024ff570 R08: ffffffff8fa38037 R09: 1ffffffff1f47006
R10: dffffc0000000000 R11: fffffbfff1f47007 R12: dffffc0000000000
R13: ffffffff8e13f1c0 R14: ffffffff8e13fa00 R15: 1ffff9200049fe9c
 rcu_preempt_deferred_qs_irqrestore+0x8bd/0xce0
 rcu_read_unlock_special+0x475/0x5e0
 __rcu_read_unlock+0x84/0xe0
 unwind_next_frame+0x19ae/0x2390
 arch_stack_walk+0x11c/0x150
 stack_trace_save+0x9c/0xe0
 kasan_save_track+0x3e/0x80
 __kasan_slab_alloc+0x6c/0x80
 kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
 __d_alloc+0x36/0x7a0
 d_alloc_pseudo+0x21/0xc0
 alloc_file_pseudo+0xcc/0x210
 sock_alloc_file+0xb8/0x2e0
 __sys_socket+0x13d/0x1b0
 __x64_sys_socket+0x7a/0x90
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fafa1d8ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faf9fff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007fafa1fb5fa0 RCX: 00007fafa1d8ebe9
RDX: 000000000000000c RSI: 0000000000000003 RDI: 0000000000000010
RBP: 00007fafa1e11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fafa1fb6038 R14: 00007fafa1fb5fa0 R15: 00007ffc51d8ba18
 </TASK>
