INFO: task syz-executor:7746 blocked for more than 143 seconds. Not tainted syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor state:D stack:27672 pid:7746 tgid:7746 ppid:1 task_flags:0x40054c flags:0x00004002 Call Trace: context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1190/0x5de0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:7058 schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75 do_wait_for_common kernel/sched/completion.c:100 [inline] __wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121 __synchronize_srcu+0x1b3/0x290 kernel/rcu/srcutree.c:1444 hci_unregister_dev+0x179/0x640 net/bluetooth/hci_core.c:2702 vhci_release+0x17d/0x230 drivers/bluetooth/hci_vhci.c:690 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:227 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x86f/0x2bf0 kernel/exit.c:961 do_group_exit+0xd3/0x2a0 kernel/exit.c:1102 get_signal+0x2673/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x790 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:40 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x41c/0x4c0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc9de58eacb RSP: 002b:00007ffc4e8b6330 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffff92 RBX: 0000000000000003 RCX: 00007fc9de58eacb RDX: 0000000000000003 RSI: 00000000400448c9 RDI: 0000000000000003 RBP: 00007ffc4e8b639c R08: 0000000000000000 R09: 00007ffc4e8b62a7 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000003 R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 Showing all locks held in the system: 1 lock held by pool_workqueue_/3: #0: ffffffff8e478848 (wq_pool_mutex){+.+.}-{4:4}, at: pwq_release_workfn+0x57a/0xa70 kernel/workqueue.c:5091 4 locks held by kworker/R-kvfre/6: 6 locks held by kworker/R-netns/8: #0: ffff88801c6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211 #1: ffffc900000d7ca8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212 #2: ffffffff90372a50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 net/core/net_namespace.c:658 #3: ffffffff90388d48 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1b/0x230 drivers/net/wireguard/device.c:417 #4: ffff88802ea894e8 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_netns_pre_exit+0xdd/0x230 drivers/net/wireguard/device.c:422 #5: ffffffff8e5ccab8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0 kernel/rcu/tree_exp.h:311 1 lock held by khungtaskd/32: #0: ffffffff8e5c1520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff8e5c1520 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #0: ffffffff8e5c1520 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775 6 locks held by kworker/R-write/34: 3 locks held by kworker/R-ipv6_/3205: #0: ffff88814cdb0148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211 #1: ffffc9000b7e7ca8 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212 #2: ffffffff90388d48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline] #2: ffffffff90388d48 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x120/0x14e0 net/ipv6/addrconf.c:4194 4 locks held by kworker/R-bat_e/3429: 1 lock held by dhcpcd/5532: #0: ffffffff90388d48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline] #0: ffffffff90388d48 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978 4 locks held by syz-executor/5855: #0: ffff888022fbf6c8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x11b/0x530 mm/mmap_lock.c:147 #1: ffff8880353c2520 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380 mm/memory.c:3361 #2: ffff888076d24870 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:935 [inline] #2: ffff888076d24870 (mapping.invalidate_lock#2){++++}-{4:4}, at: ext4_page_mkwrite+0x353/0x1880 fs/ext4/inode.c:6706 #3: ffff888076d24560 (&ei->i_data_sem){++++}-{4:4}, at: ext4_da_map_blocks fs/ext4/inode.c:1956 [inline] #3: ffff888076d24560 (&ei->i_data_sem){++++}-{4:4}, at: ext4_da_get_block_prep+0x69e/0x11e0 fs/ext4/inode.c:2020 2 locks held by kworker/0:4/5921: 2 locks held by kworker/0:5/5952: 2 locks held by getty/7055: #0: ffff88814cfd70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243 #1: ffffc900032602f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222 3 locks held by kworker/u10:0/7642: 3 locks held by kworker/u10:1/7645: 3 locks held by kworker/u10:2/7646: 3 locks held by kworker/u10:3/7647: 3 locks held by kworker/u10:4/7657: 3 locks held by kworker/u10:5/7668: 2 locks held by syz.0.359/7720: #0: ffffffff90372a50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:566 #1: ffffffff90388d48 (rtnl_mutex){+.+.}-{4:4}, at: netdev_wait_allrefs_any net/core/dev.c:11374 [inline] #1: ffffffff90388d48 (rtnl_mutex){+.+.}-{4:4}, at: netdev_run_todo+0xe33/0x1320 net/core/dev.c:11494 1 lock held by kworker/u10:6/7754: 2 locks held by syz-executor/7807: #0: ffff88806bcc7118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device drivers/bluetooth/hci_vhci.c:478 [inline] #0: ffff88806bcc7118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_get_user drivers/bluetooth/hci_vhci.c:536 [inline] #0: ffff88806bcc7118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_write+0x2b4/0x480 drivers/bluetooth/hci_vhci.c:616 #1: ffffffff8e478848 (wq_pool_mutex){+.+.}-{4:4}, at: apply_wqattrs_lock kernel/workqueue.c:5179 [inline] #1: ffffffff8e478848 (wq_pool_mutex){+.+.}-{4:4}, at: __alloc_workqueue+0x7da/0x1810 kernel/workqueue.c:5734 2 locks held by syz-executor/7811: