INFO: task kworker/u9:1:4492 blocked for more than 169 seconds.
      Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:1    state:D stack:25008 pid:4492  tgid:4492  ppid:2      flags:0x00004000
Workqueue: hci10 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1967 [inline]
 hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
 hci_event_func net/bluetooth/hci_event.c:7444 [inline]
 hci_event_packet+0xac0/0x1540 net/bluetooth/hci_event.c:7496
 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4042
 process_one_work kernel/workqueue.c:3248 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329
 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task kworker/u9:3:5100 blocked for more than 169 seconds.
      Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:3    state:D stack:25104 pid:5100  tgid:5100  ppid:2      flags:0x00004000
Workqueue: hci11 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1967 [inline]
 hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
 hci_event_func net/bluetooth/hci_event.c:7444 [inline]
 hci_event_packet+0xac0/0x1540 net/bluetooth/hci_event.c:7496
 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4042
 process_one_work kernel/workqueue.c:3248 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329
 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task kworker/u9:4:5101 blocked for more than 170 seconds.
      Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:4    state:D stack:25544 pid:5101  tgid:5101  ppid:2      flags:0x00004000
Workqueue: hci12 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1967 [inline]
 hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
 hci_event_func net/bluetooth/hci_event.c:7444 [inline]
 hci_event_packet+0xac0/0x1540 net/bluetooth/hci_event.c:7496
 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4042
 process_one_work kernel/workqueue.c:3248 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329
 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task kworker/u9:5:5103 blocked for more than 170 seconds.
      Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:5    state:D stack:26296 pid:5103  tgid:5103  ppid:2      flags:0x00004000
Workqueue: hci13 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1967 [inline]
 hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
 hci_event_func net/bluetooth/hci_event.c:7444 [inline]
 hci_event_packet+0xac0/0x1540 net/bluetooth/hci_event.c:7496
 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4042
 process_one_work kernel/workqueue.c:3248 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329
 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task kworker/u9:8:5108 blocked for more than 141 seconds.
      Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:8    state:D stack:25496 pid:5108  tgid:5108  ppid:2      flags:0x00004000
Workqueue: hci9 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 hci_connect_cfm+0x24/0x150 include/net/bluetooth/hci_core.h:1967
 le_conn_complete_evt+0xd3e/0x12e0 net/bluetooth/hci_event.c:5761
 hci_le_conn_complete_evt+0x18c/0x420 net/bluetooth/hci_event.c:5787
 hci_event_func net/bluetooth/hci_event.c:7441 [inline]
 hci_event_packet+0xa53/0x1540 net/bluetooth/hci_event.c:7496
 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4042
 process_one_work kernel/workqueue.c:3248 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329
 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task syz-executor:8263 blocked for more than 170 seconds.
      Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20288 pid:8263  tgid:8263  ppid:1      flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
 hci_dev_close_sync+0x911/0xf60 net/bluetooth/hci_sync.c:5075
 hci_dev_do_close net/bluetooth/hci_core.c:512 [inline]
 hci_unregister_dev+0x20b/0x510 net/bluetooth/hci_core.c:2728
 vhci_release+0x83/0xd0 drivers/bluetooth/hci_vhci.c:666
 __fput+0x406/0x8b0 fs/file_table.c:422
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa27/0x27e0 kernel/exit.c:874
 do_group_exit+0x207/0x2c0 kernel/exit.c:1023
 get_signal+0x16a1/0x1740 kernel/signal.c:2909
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5c753746bc
RSP: 002b:00007fff01f41b60 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007f5c753746bc
RDX: 0000000000000028 RSI: 00007fff01f41c60 RDI: 00000000000000f9
RBP: 00007fff01f41bec R08: 0000000000000000 R09: 0079746972756365
R10: 00007f5c754d17e0 R11: 0000000000000246 R12: 0000000000000014
R13: 0000000000031e8d R14: 000000000003132c R15: 0000000000000025
 </TASK>
INFO: task syz.4.983:8673 blocked for more than 171 seconds.
      Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.983       state:D stack:24672 pid:8673  tgid:8673  ppid:8214   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
 hci_dev_close_sync+0x911/0xf60 net/bluetooth/hci_sync.c:5075
 hci_dev_do_close net/bluetooth/hci_core.c:512 [inline]
 hci_unregister_dev+0x20b/0x510 net/bluetooth/hci_core.c:2728
 vhci_release+0x83/0xd0 drivers/bluetooth/hci_vhci.c:666
 __fput+0x406/0x8b0 fs/file_table.c:422
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa27/0x27e0 kernel/exit.c:874
 do_group_exit+0x207/0x2c0 kernel/exit.c:1023
 get_signal+0x16a1/0x1740 kernel/signal.c:2909
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe879f75bd9
RSP: 002b:00007ffc7db9c4a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 0000000000031367 RCX: 00007fe879f75bd9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: ffffffffffffffff R08: 0000000000000001 R09: 000000197db9c7df
R10: 00007fe879e00000 R11: 0000000000000246 R12: 00007fe87a103f6c
R13: 0000000000000032 R14: 00007fe87a105a60 R15: 00007fe87a103f60
 </TASK>
INFO: task syz-executor:8733 blocked for more than 142 seconds.
      Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20736 pid:8733  tgid:8733  ppid:1      flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
 hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
 hci_dev_close_sync+0x911/0xf60 net/bluetooth/hci_sync.c:5075
 hci_dev_do_close net/bluetooth/hci_core.c:512 [inline]
 hci_unregister_dev+0x20b/0x510 net/bluetooth/hci_core.c:2728
 vhci_release+0x83/0xd0 drivers/bluetooth/hci_vhci.c:666
 __fput+0x406/0x8b0 fs/file_table.c:422
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa27/0x27e0 kernel/exit.c:874
 do_group_exit+0x207/0x2c0 kernel/exit.c:1023
 get_signal+0x16a1/0x1740 kernel/signal.c:2909
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fec8737796c
RSP: 002b:00007ffd2745e6c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: 000000000000002c RBX: 00007fec88034620 RCX: 00007fec8737796c
RDX: 000000000000002c RSI: 00007fec88034670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffd2745e714 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fec88034670 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
4 locks held by kworker/u8:0/11:
 #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffffffff8f5da8d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 net/core/net_namespace.c:594
 #3: ffffffff8f5e7108 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 drivers/net/wireguard/device.c:414
1 lock held by khungtaskd/30:
 #0: ffffffff8e333f60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #0: ffffffff8e333f60 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #0: ffffffff8e333f60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6614
3 locks held by kworker/u8:2/35:
 #0: ffff88802aa43148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff88802aa43148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90000ab7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90000ab7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffffffff8f5e7108 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4193
5 locks held by kworker/u8:4/80:
2 locks held by kworker/1:2/785:
 #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc900039a7d00 (free_ipc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc900039a7d00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
4 locks held by kworker/u9:1/4492:
 #0: ffff888077da6148 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff888077da6148 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc9000dba7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc9000dba7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffff88807bea0078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 net/bluetooth/hci_event.c:3687
 #3: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1967 [inline]
 #3: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
2 locks held by getty/4844:
 #0: ffff888028fe00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 drivers/tty/n_tty.c:2211
4 locks held by kworker/u9:3/5100:
 #0: ffff88806950c148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff88806950c148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90003737d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90003737d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffff88807bd58078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 net/bluetooth/hci_event.c:3687
 #3: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1967 [inline]
 #3: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
4 locks held by kworker/u9:4/5101:
 #0: ffff88806950d948 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff88806950d948 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90003747d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90003747d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffff8880665c4078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 net/bluetooth/hci_event.c:3687
 #3: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1967 [inline]
 #3: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
4 locks held by kworker/u9:5/5103:
 #0: ffff8880547d2148 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff8880547d2148 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90003767d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90003767d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffff8880665c0078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 net/bluetooth/hci_event.c:3687
 #3: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1967 [inline]
 #3: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 net/bluetooth/hci_event.c:3721
4 locks held by kworker/u9:8/5108:
 #0: ffff88806eb15148 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff88806eb15148 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc900037a7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc900037a7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffff888015fc8078 (&hdev->lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xb3/0x12e0 net/bluetooth/hci_event.c:5620
 #3: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm+0x24/0x150 include/net/bluetooth/hci_core.h:1967
3 locks held by kworker/0:4/5143:
 #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3223 [inline]
 #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3329
 #1: ffffc90004187d00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3224 [inline]
 #1: ffffc90004187d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3329
 #2: ffffffff8f5e7108 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
3 locks held by kworker/1:4/5144:
3 locks held by syz-executor/7941:
 #0: ffff88802227cd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:510 [inline]
 #0: ffff88802227cd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2728
 #1: ffff88802227c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 net/bluetooth/hci_sync.c:5063
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
2 locks held by syz-executor/8255:
 #0: ffff888069d48d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:510 [inline]
 #0: ffff888069d48d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2728
 #1: ffff888069d48078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 net/bluetooth/hci_sync.c:5063
3 locks held by syz-executor/8263:
 #0: ffff888073844d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:510 [inline]
 #0: ffff888073844d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2728
 #1: ffff888073844078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 net/bluetooth/hci_sync.c:5063
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
3 locks held by syz.4.983/8673:
 #0: ffff88807974cd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:510 [inline]
 #0: ffff88807974cd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2728
 #1: ffff88807974c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 net/bluetooth/hci_sync.c:5063
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
4 locks held by syz.1.988/8709:
 #0: ffff888073840d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:510 [inline]
 #0: ffff888073840d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2728
 #1: ffff888073840078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 net/bluetooth/hci_sync.c:5063
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
 #3: ffffffff8e339338 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:323 [inline]
 #3: ffffffff8e339338 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:939
3 locks held by syz-executor/8731:
 #0: ffff888062678d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:510 [inline]
 #0: ffff888062678d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2728
 #1: ffff888062678078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 net/bluetooth/hci_sync.c:5063
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
3 locks held by syz-executor/8733:
 #0: ffff88802a9f0d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:510 [inline]
 #0: ffff88802a9f0d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2728
 #1: ffff88802a9f0078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 net/bluetooth/hci_sync.c:5063
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
3 locks held by syz-executor/8735:
 #0: ffff88802af78d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:510 [inline]
 #0: ffff88802af78d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2728
 #1: ffff88802af78078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 net/bluetooth/hci_sync.c:5063
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
3 locks held by syz-executor/8736:
 #0: ffff88802af7cd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:510 [inline]
 #0: ffff88802af7cd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 net/bluetooth/hci_core.c:2728
 #1: ffff88802af7c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 net/bluetooth/hci_sync.c:5063
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1982 [inline]
 #2: ffffffff8f751808 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 net/bluetooth/hci_conn.c:2593
2 locks held by syz-executor/8749:
2 locks held by syz-executor/8777:
 #0: ffffffff8f5da8d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 net/core/net_namespace.c:504
 #1: ffffffff8e339338 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:323 [inline]
 #1: ffffffff8e339338 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:939
1 lock held by syz-executor/8785:
1 lock held by syz-executor/8816:
 #0: ffff8880177d4d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_open net/bluetooth/hci_core.c:439 [inline]
 #0: ffff8880177d4d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_open+0x1f4/0x300 net/bluetooth/hci_core.c:497

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
 watchdog+0xfde/0x1020 kernel/hung_task.c:379
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8749 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-00213-ge367197166a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:advance_sched+0x56b/0xca0 net/sched/sch_taprio.c:961
Code: ed 48 c1 ed 03 42 80 7c 25 00 00 48 8b 5c 24 38 74 08 4c 89 ef e8 d5 8b 6c f8 4f 8b 34 fe 48 89 d8 48 c1 e8 03 42 80 3c 20 00 <74> 08 48 89 df e8 bb 8b 6c f8 4c 8b 23 4c 89 f7 4c 89 e6 e8 9d d8
RSP: 0018:ffffc90000007c90 EFLAGS: 00000046
RAX: 1ffff11004dda2a6 RBX: ffff888026ed1530 RCX: ffff888020d19e00
RDX: ffff888020d19e00 RSI: 0000000000000000 RDI: 0000000000000010
RBP: 1ffff11004dda380 R08: ffffffff898f50d9 R09: fffff52000000f80
R10: dffffc0000000000 R11: fffff52000000f80 R12: dffffc0000000000
R13: ffff888026ed1c00 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555a3a15680 CR3: 000000000e132000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 __run_hrtimer kernel/time/hrtimer.c:1687 [inline]
 __hrtimer_run_queues+0x59b/0xd50 kernel/time/hrtimer.c:1751
 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1813
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x3f0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758
Code: 2b 00 74 08 4c 89 f7 e8 ba 73 89 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc900036776c0 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff920006ceee4 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: ffffffff8bcaccc0 RDI: ffffffff8c1feb40
RBP: ffffc90003677808 R08: ffffffff92fa8587 R09: 1ffffffff25f50b0
R10: dffffc0000000000 R11: fffffbfff25f50b1 R12: 1ffff920006ceee0
R13: dffffc0000000000 R14: ffffc90003677720 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 rcu_read_lock include/linux/rcupdate.h:781 [inline]
 mod_memcg_page_state+0xb7/0x770 include/linux/memcontrol.h:1016
 vfree+0x17c/0x2e0 mm/vmalloc.c:3350
 kcov_put kernel/kcov.c:429 [inline]
 kcov_close+0x2b/0x50 kernel/kcov.c:525
 __fput+0x406/0x8b0 fs/file_table.c:422
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa27/0x27e0 kernel/exit.c:874
 do_group_exit+0x207/0x2c0 kernel/exit.c:1023
 get_signal+0x16a1/0x1740 kernel/signal.c:2909
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa2b597796c
Code: Unable to access opcode bytes at 0x7fa2b5977942.
RSP: 002b:00007ffde6449650 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: 0000000000000028 RBX: 00007fa2b6634620 RCX: 00007fa2b597796c
RDX: 0000000000000028 RSI: 00007fa2b6634670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffde64496a4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fa2b6634670 R15: 0000000000000000
 </TASK>