INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 PID: 3076 Comm: kworker/u5:2 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Workqueue: hci6 hci_cmd_work
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 assign_lock_key+0x134/0x140 kernel/locking/lockdep.c:979
 register_lock_class+0xc4/0x2f8 kernel/locking/lockdep.c:1292
 __lock_acquire+0xa8/0x30a4 kernel/locking/lockdep.c:4932
 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
 percpu_down_read+0x74/0x1e0 include/linux/percpu-rwsem.h:53
 hci_uart_send_frame+0x34/0xc8 drivers/bluetooth/hci_ldisc.c:279
 hci_send_frame+0xd4/0x174 net/bluetooth/hci_core.c:2961
 hci_cmd_work+0xec/0x204 net/bluetooth/hci_core.c:4055
 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
 worker_thread+0x340/0x610 kernel/workqueue.c:2436
 kthread+0x12c/0x158 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Unable to handle kernel paging request at virtual address ffff8001f1d7d000
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005
  CM = 0, WnR = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001c566b000
[ffff8001f1d7d000] pgd=100000023ffff003, p4d=100000023ffff003, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3076 Comm: kworker/u5:2 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Workqueue: hci6 hci_cmd_work

pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __percpu_add_case_32 arch/arm64/include/asm/percpu.h:127 [inline]
pc : percpu_down_read+0xd0/0x1e0 include/linux/percpu-rwsem.h:63
lr : percpu_down_read+0xa8/0x1e0 include/linux/percpu-rwsem.h:62
sp : ffff800013263cc0
x29: ffff800013263cc0
 x28: ffff80000d28b000
 x27: ffff000119f4e205

x26: ffff0000c92f2210
 x25: 0000000000000005
 x24: ffff000119f4e205

x23: ffff00012cf58c70 x22: ffff0000c0f33000
 x21: ffff80000ac1aa98

x20: ffff00011679b500 x19: ffff00011aa012c0 x18: 00000000000000c0
x17: 6e69676e45206574 x16: 0000000000000001 x15: 0000000000000000
x14: 0000000000000000 x13: 205d363730335420 x12: 5b5d383734303837
x11: ff8080000ac1a4a4 x10: 0000000000000000 x9 : 0000000000000001
x8 : ffff8001f1d7d000 x7 : 205b5d3837343038 x6 : ffff80000819545c
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 percpu_down_read+0xd0/0x1e0
 hci_uart_send_frame+0x34/0xc8 drivers/bluetooth/hci_ldisc.c:279
 hci_send_frame+0xd4/0x174 net/bluetooth/hci_core.c:2961
 hci_cmd_work+0xec/0x204 net/bluetooth/hci_core.c:4055
 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
 worker_thread+0x340/0x610 kernel/workqueue.c:2436
 kthread+0x12c/0x158 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Code: f9403668 d538d089 8b080128 52800029 (b829011f) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	f9403668 	ldr	x8, [x19, #104]
   4:	d538d089 	mrs	x9, tpidr_el1
   8:	8b080128 	add	x8, x9, x8
   c:	52800029 	mov	w9, #0x1                   	// #1
* 10:	b829011f 	stadd	w9, [x8] <-- trapping instruction