INFO: task syz-executor.4:20769 can't die for more than 143 seconds.
task:syz-executor.4  state:R  running task     stack:24448 pid:20769 ppid:  3633 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4986 [inline]
 __schedule+0xab2/0x4d90 kernel/sched/core.c:6296
 schedule+0xd2/0x260 kernel/sched/core.c:6369
 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
 rcu_barrier+0x423/0x730 kernel/rcu/tree.c:4143
 setup_net+0x871/0xbb0 net/core/net_namespace.c:357
 copy_net_ns+0x318/0x760 net/core/net_namespace.c:472
 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
 copy_namespaces+0x391/0x450 kernel/nsproxy.c:178
 copy_process+0x2eaf/0x7490 kernel/fork.c:2185
 kernel_clone+0xe7/0xab0 kernel/fork.c:2626
 __do_sys_clone+0xc1/0x100 kernel/fork.c:2743
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f8358e6ae99
RSP: 002b:00007f83577e0168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007f8358f7df60 RCX: 00007f8358e6ae99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040808000
RBP: 00007f8358ec4ff1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe0c267d8f R14: 00007f83577e0300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.3:20781 can't die for more than 144 seconds.
task:syz-executor.3  state:D stack:24424 pid:20781 ppid:  3635 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4986 [inline]
 __schedule+0xab2/0x4d90 kernel/sched/core.c:6296
 schedule+0xd2/0x260 kernel/sched/core.c:6369
 blk_mq_freeze_queue_wait+0x112/0x160 block/blk-mq.c:178
 lo_release+0x160/0x400 drivers/block/loop.c:1764
 blkdev_put_whole block/bdev.c:694 [inline]
 blkdev_put+0x2de/0x980 block/bdev.c:949
 blkdev_close+0x6a/0x80 block/fops.c:515
 __fput+0x286/0x9f0 fs/file_table.c:311
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 get_signal+0x1b01/0x28b0 kernel/signal.c:2628
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fa396be7e99
RSP: 002b:00007fa39555d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: fffffffffffffffc RBX: 00007fa396cfaf60 RCX: 00007fa396be7e99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040808000
RBP: 00007fa396c41ff1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd81a2369f R14: 00007fa39555d300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8bb825e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460
2 locks held by getty/3291:
 #0: ffff8880231e0098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
 #1: ffffc90002b962e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xcf0/0x1230 drivers/tty/n_tty.c:2077
2 locks held by kworker/1:6/3679:
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x890/0x1680 kernel/workqueue.c:2278
 #1: ffffc90002b6fdb8 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x8c4/0x1680 kernel/workqueue.c:2282
3 locks held by kworker/u4:11/17901:
2 locks held by kworker/u4:17/17916:
 #0: ffff8880b9d39c18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2b/0x120 kernel/sched/core.c:489
 #1: ffff8880b9d27948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x3e7/0x4e0 kernel/sched/psi.c:891
1 lock held by syz-executor.4/20769:
3 locks held by syz-executor.3/20781:
 #0: ffff8880135c5000 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x2a/0x70 net/bluetooth/hci_core.c:551
 #1: ffff8880135c4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x26d/0x1120 net/bluetooth/hci_sync.c:4070
 #2: ffffffff8d53b608 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1547 [inline]
 #2: ffffffff8d53b608 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xda/0x260 net/bluetooth/hci_conn.c:1732
4 locks held by syz-executor.2/20787:
 #0: ffff88807b051000 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x2a/0x70 net/bluetooth/hci_core.c:551
 #1: ffff88807b050078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x26d/0x1120 net/bluetooth/hci_sync.c:4070
 #2: ffffffff8d53b608 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1547 [inline]
 #2: ffffffff8d53b608 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xda/0x260 net/bluetooth/hci_conn.c:1732
 #3: ffffffff8bb8c2a0 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline]
 #3: ffffffff8bb8c2a0 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4fa/0x620 kernel/rcu/tree_exp.h:841
2 locks held by udevd/20825:
 #0: ffff88801a446118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0x99/0x980 block/bdev.c:907
 #1: ffff88801a441b60 (&lo->lo_mutex){+.+.}-{3:3}, at: lo_release+0x4d/0x400 drivers/block/loop.c:1744
2 locks held by udevd/20826:
 #0: ffff88801a4c3118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0x99/0x980 block/bdev.c:907
 #1: ffff88801a446b60 (&lo->lo_mutex){+.+.}-{3:3}, at: lo_release+0x4d/0x400 drivers/block/loop.c:1744

=============================================