INFO: task syz-executor.5:3974 can't die for more than 143 seconds.
task:syz-executor.5  state:R  running task     stack:27048 pid: 3974 ppid:  6992 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4984 [inline]
 __schedule+0xa9a/0x4940 kernel/sched/core.c:6265
 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6431
 __cond_resched+0x13/0x20 kernel/sched/core.c:8144
 _cond_resched include/linux/sched.h:2025 [inline]
 inet_twsk_purge+0xed/0x7d0 net/ipv4/inet_timewait_sock.c:267
 tcp_sk_exit_batch+0x1d/0xa0 net/ipv4/tcp_ipv4.c:3230
 ops_exit_list+0x10d/0x160 net/core/net_namespace.c:171
 setup_net+0x639/0xa30 net/core/net_namespace.c:349
 copy_net_ns+0x318/0x760 net/core/net_namespace.c:470
 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226
 ksys_unshare+0x445/0x920 kernel/fork.c:3126
 __do_sys_unshare kernel/fork.c:3197 [inline]
 __se_sys_unshare kernel/fork.c:3195 [inline]
 __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3195
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f1509c57ae9
RSP: 002b:00007f15071cd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f1509d6af60 RCX: 00007f1509c57ae9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00007f1509cb1f45 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe47e86d3f R14: 00007f15071cd300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.2:3985 can't die for more than 147 seconds.
task:syz-executor.2  state:R  running task     stack:26936 pid: 3985 ppid:  6552 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4984 [inline]
 __schedule+0xa9a/0x4940 kernel/sched/core.c:6265
 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6431
 __cond_resched+0x13/0x20 kernel/sched/core.c:8144
 _cond_resched include/linux/sched.h:2025 [inline]
 inet_twsk_purge+0xed/0x7d0 net/ipv4/inet_timewait_sock.c:267
 tcp_sk_exit_batch+0x1d/0xa0 net/ipv4/tcp_ipv4.c:3230
 ops_exit_list+0x10d/0x160 net/core/net_namespace.c:171
 setup_net+0x639/0xa30 net/core/net_namespace.c:349
 copy_net_ns+0x318/0x760 net/core/net_namespace.c:470
 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226
 ksys_unshare+0x445/0x920 kernel/fork.c:3126
 __do_sys_unshare kernel/fork.c:3197 [inline]
 __se_sys_unshare kernel/fork.c:3195 [inline]
 __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3195
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fac6a029ae9
RSP: 002b:00007fac6759f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007fac6a13cf60 RCX: 00007fac6a029ae9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00007fac6a083f45 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcb6592aaf R14: 00007fac6759f300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/26:
 #0: ffffffff8bb83a60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458
1 lock held by in:imklog/6235:
 #0: ffff888071b6dc70 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990
2 locks held by agetty/6487:
 #0: ffff88801c4a4098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:252
 #1: ffffc900028502e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xcf0/0x1230 drivers/tty/n_tty.c:2113
2 locks held by kworker/1:20/30932:
 #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
 #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
 #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
 #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269
 #1: ffffc90017967db0 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
2 locks held by kworker/0:1/31287:
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
 #0: ffff888010c66538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269
 #1: ffffc90004917db0 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
1 lock held by syz-executor.0/3972:
4 locks held by syz-executor.4/3990:
 #0: ffff8880141bd0d8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x2a/0x70 net/bluetooth/hci_core.c:551
 #1: ffff8880141bc078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x26d/0x10b0 net/bluetooth/hci_sync.c:4014
 #2: ffffffff8d51ef28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1544 [inline]
 #2: ffffffff8d51ef28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xda/0x260 net/bluetooth/hci_conn.c:1732
 #3: ffffffff8bb8cde8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline]
 #3: ffffffff8bb8cde8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2d5/0x620 kernel/rcu/tree_exp.h:836

=============================================