INFO: task kworker/0:1:11 blocked for more than 143 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:1 state:D stack:26928 pid: 11 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:1:41 blocked for more than 143 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:1 state:D stack:26544 pid: 41 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:2:166 blocked for more than 143 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:2 state:D stack:27552 pid: 166 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:3:2620 blocked for more than 143 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:3 state:D stack:27528 pid: 2620 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:2:3008 blocked for more than 144 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:2 state:D stack:27392 pid: 3008 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:3:3042 blocked for more than 144 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:3 state:D stack:27656 pid: 3042 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:4:7366 blocked for more than 144 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:4 state:D stack:27632 pid: 7366 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:4:7371 blocked for more than 144 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:4 state:D stack:26464 pid: 7371 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:5:7374 blocked for more than 144 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:5 state:D stack:26688 pid: 7374 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:5:7384 blocked for more than 144 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:5 state:D stack:27168 pid: 7384 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1023 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1093 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Showing all locks held in the system: 3 locks held by kworker/0:0/5: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000006fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:1/11: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900000cfda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:0/19: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000015fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:1/41: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90000297da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:2/166: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900009c7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/u4:6/419: 1 lock held by khungtaskd/1195: #0: ffffffff8a2cc160 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6327 3 locks held by kworker/0:3/2620: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90007e77da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:2/3008: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900085dfda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:3/3042: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900086afda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:4/7366: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900045d7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:4/7371: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900045c7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:5/7374: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90004607da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:5/7384: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90004687da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:6/7394: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900045e7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:6/7401: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900046d7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:7/7404: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900045f7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 4 locks held by kworker/1:7/7405: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900046e7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 #3: ffff888103575520 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_chan_lock include/net/bluetooth/l2cap.h:853 [inline] #3: ffff888103575520 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_chan_timeout+0xa3/0x450 net/bluetooth/l2cap_core.c:426 3 locks held by kworker/1:8/7406: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900046b7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 1 lock held by syz-executor.4/8600: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.3/8607: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 2 locks held by syz-executor.0/8615: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 #1: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_connect+0xac1/0x20c0 net/bluetooth/l2cap_core.c:7941 1 lock held by syz-executor.0/8616: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.5/8618: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.5/8619: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.2/8622: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.2/8624: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.1/8625: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.1/8626: #0: ffff888110094078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 3 locks held by kworker/1:9/8632: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90000c27da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:8/8633: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000144fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:9/8634: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000145fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:10/8635: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90000837da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:10/8636: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000143fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:11/8637: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000146fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:11/8638: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000147fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:12/8639: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000148fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:13/8640: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000149fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:14/8641: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900014afda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:15/8642: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900014bfda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:12/8644: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900014dfda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:13/8645: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900014efda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:14/8646: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900014ffda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:15/8647: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000150fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:17/8648: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000151fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:18/8649: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000152fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:17/8651: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000154fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:18/8652: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000155fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:19/8654: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000157fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff88811597c2d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1195 Comm: khungtaskd Not tainted 5.12.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x185/0x1e4 lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0xd48/0xfb0 kernel/hung_task.c:294 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 8657 Comm: kworker/0:21 Not tainted 5.12.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events nsim_dev_trap_report_work RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:25 [inline] RIP: 0010:static_key_false include/linux/jump_label.h:200 [inline] RIP: 0010:trace_irq_disable_rcuidle include/trace/events/preemptirq.h:36 [inline] RIP: 0010:trace_hardirqs_off kernel/trace/trace_preemptirq.c:82 [inline] RIP: 0010:trace_hardirqs_off+0x64/0x1b0 kernel/trace/trace_preemptirq.c:74 Code: 02 20 86 7e 81 e3 00 00 f0 00 31 ff 89 de e8 33 26 fa ff 85 db 74 09 5b 5d 41 5c e9 b6 21 fa ff e8 b1 21 fa ff 48 8b 6c 24 18 <0f> 1f 44 00 00 e8 a2 21 fa ff eb e1 e8 9b 21 fa ff 65 8b 1d ac b6 RSP: 0018:ffffc900015afae8 EFLAGS: 00000093 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff88812543a1c0 RSI: ffffffff817bde9f RDI: 0000000000000003 RBP: ffffffff882976e9 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff817bde8d R11: 0000000000000000 R12: 0000000000000282 R13: ffffc900015afba8 R14: ffffc900015afba8 R15: ffff88810e8f4748 FS: 0000000000000000(0000) GS:ffff8881f6200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2134335000 CR3: 000000010d207000 CR4: 0000000000350ef0 Call Trace: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] _raw_spin_lock_irqsave+0xa9/0xd0 kernel/locking/spinlock.c:159 _extract_crng+0xd2/0x250 drivers/char/random.c:1007 extract_crng drivers/char/random.c:1026 [inline] _get_random_bytes+0x229/0x670 drivers/char/random.c:1549 eth_random_addr include/linux/etherdevice.h:225 [inline] nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:520 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:570 [inline] nsim_dev_trap_report_work+0x358/0xbe0 drivers/net/netdevsim/dev.c:611 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294