[ 268.816263] Bluetooth: hci0: command 0x0401 tx timeout [ 270.896158] Bluetooth: hci0: command 0x0401 tx timeout [ 330.569282] NOHZ: local_softirq_pending 08 [ 332.646222] Bluetooth: hci4: command 0x0406 tx timeout [ 332.652096] Bluetooth: hci3: command 0x0406 tx timeout [ 383.845778] Bluetooth: hci0: command 0x0406 tx timeout [ 383.851094] Bluetooth: hci1: command 0x0406 tx timeout [ 383.855773] Bluetooth: hci2: command 0x0406 tx timeout [ 383.861824] Bluetooth: hci5: command 0x0406 tx timeout [ 392.020124] NOHZ: local_softirq_pending 08 Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. [ 403.951631] IPVS: ftp: loaded support on port[0] = 21 [ 406.005535] Bluetooth: hci6: command 0x0409 tx timeout [ 408.085459] Bluetooth: hci6: command 0x041b tx timeout [ 410.165473] Bluetooth: hci6: command 0x040f tx timeout [ 412.245407] Bluetooth: hci6: command 0x0419 tx timeout [ 412.487117] NOHZ: local_softirq_pending 08 [ 427.855392] INFO: task syz-executor.4:14015 blocked for more than 140 seconds. [ 427.862848] Not tainted 4.18.0-syzkaller #0 [ 427.867745] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 427.876127] syz-executor.4 D28248 14015 13002 0x00080004 [ 427.881740] Call Trace: [ 427.884305] __schedule+0x80c/0x1fc0 [ 427.888083] ? __sched_text_start+0x8/0x8 [ 427.892214] schedule+0x7f/0x1b0 [ 427.895631] schedule_preempt_disabled+0x13/0x20 [ 427.900368] __mutex_lock+0x58a/0x1300 [ 427.904225] ? hci_req_sync+0x5b/0xb0 [ 427.908576] ? __ww_mutex_wakeup_for_backoff+0x250/0x250 [ 427.914012] ? hci_inquiry+0x5e5/0x820 [ 427.917937] ? lock_downgrade+0x7f0/0x7f0 [ 427.922069] ? lock_downgrade+0x7f0/0x7f0 [ 427.926496] ? hci_unregister_cb+0x1b0/0x1b0 [ 427.930886] mutex_lock_nested+0x16/0x20 [ 427.934928] ? mutex_lock_nested+0x16/0x20 [ 427.939290] hci_req_sync+0x5b/0xb0 [ 427.942895] hci_inquiry+0x606/0x820 [ 427.946655] ? __local_bh_enable_ip+0x160/0x240 [ 427.951307] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 427.957237] ? trace_hardirqs_on+0xd/0x10 [ 427.961362] ? task_rcu_dereference+0x20/0x140 [ 427.965997] ? _raw_spin_unlock_bh+0x30/0x40 [ 427.970415] hci_sock_ioctl+0x1a3/0x620 [ 427.974365] ? hci_sock_sendmsg+0x2450/0x2450 [ 427.978974] ? futex_wake+0x12e/0x590 [ 427.982755] ? futex_wait_restart+0x240/0x240 [ 427.987304] sock_do_ioctl+0xd9/0x230 [ 427.991147] ? compat_ifr_data_ioctl+0x100/0x100 [ 427.995937] ? lock_downgrade+0x7f0/0x7f0 [ 428.000066] ? do_futex+0x59a/0x1810 [ 428.003774] ? __enqueue_entity+0x10d/0x1f0 [ 428.008329] ? __lock_acquire+0x769/0x4770 [ 428.012558] sock_ioctl+0x281/0x500 [ 428.016228] ? dlci_ioctl_set+0x30/0x30 [ 428.020186] ? trace_hardirqs_on+0x10/0x10 [ 428.024565] ? lock_downgrade+0x7f0/0x7f0 [ 428.028780] ? lock_downgrade+0x7f0/0x7f0 [ 428.032913] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 428.038818] do_vfs_ioctl+0x196/0x1050 [ 428.042694] ? ioctl_preallocate+0x1c0/0x1c0 [ 428.047146] ? __fget+0x1bf/0x300 [ 428.050762] ? lock_downgrade+0x7f0/0x7f0 [ 428.054880] ? kasan_check_read+0x11/0x20 [ 428.059068] ? __fget+0x1dc/0x300 [ 428.062503] ? __fget_light+0x174/0x1e0 [ 428.066526] ksys_ioctl+0x62/0x90 [ 428.069963] __x64_sys_ioctl+0x6e/0xb0 [ 428.073826] do_syscall_64+0xda/0x540 [ 428.077667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 428.082836] RIP: 0033:0x4665e9 [ 428.086178] Code: 00 84 c9 0f 85 f1 fd ff ff 83 3d 81 00 3a 01 00 0f 85 c2 00 00 00 48 8d 0d 8c 2e 43 00 48 89 88 a8 00 00 00 0f 57 c0 0f 11 84 <24> 90 00 00 00 48 8b 0d 13 db 36 01 48 89 8c 24 90 00 00 00 48 8d [ 428.105685] RSP: 002b:00007fe893d67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 428.113695] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 428.121020] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000004 [ 428.128367] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 428.135681] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 428.143580] R13: 00007ffd0056a94f R14: 00007fe893d67300 R15: 0000000000022000 [ 428.150945] INFO: task syz-executor.4:14016 blocked for more than 140 seconds. [ 428.158341] Not tainted 4.18.0-syzkaller #0 [ 428.163159] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.171689] syz-executor.4 D28248 14016 14015 0x00080004 [ 428.177375] Call Trace: [ 428.179944] __schedule+0x80c/0x1fc0 [ 428.183637] ? __sched_text_start+0x8/0x8 [ 428.187850] schedule+0x7f/0x1b0 [ 428.191197] schedule_preempt_disabled+0x13/0x20 [ 428.195978] __mutex_lock+0x58a/0x1300 [ 428.199842] ? hci_req_sync+0x5b/0xb0 [ 428.203612] ? __ww_mutex_wakeup_for_backoff+0x250/0x250 [ 428.209215] ? hci_inquiry+0x5e5/0x820 [ 428.213084] ? lock_downgrade+0x7f0/0x7f0 [ 428.217275] ? lock_downgrade+0x7f0/0x7f0 [ 428.221403] ? hci_unregister_cb+0x1b0/0x1b0 [ 428.225874] mutex_lock_nested+0x16/0x20 [ 428.229913] ? mutex_lock_nested+0x16/0x20 [ 428.234888] hci_req_sync+0x5b/0xb0 [ 428.239161] hci_inquiry+0x606/0x820 [ 428.242863] ? __local_bh_enable_ip+0x160/0x240 [ 428.247600] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 428.253293] ? trace_hardirqs_on+0xd/0x10 [ 428.257472] ? task_rcu_dereference+0x20/0x140 [ 428.262034] ? _raw_spin_unlock_bh+0x30/0x40 [ 428.266506] hci_sock_ioctl+0x1a3/0x620 [ 428.270463] ? hci_sock_sendmsg+0x2450/0x2450 [ 428.274927] ? futex_wake+0x12e/0x590 [ 428.278758] sock_do_ioctl+0xd9/0x230 [ 428.282538] ? compat_ifr_data_ioctl+0x100/0x100 [ 428.287348] ? do_futex+0x5be/0x1810 [ 428.291042] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 428.296614] ? trace_hardirqs_on_caller+0x3bb/0x5b0 [ 428.301617] sock_ioctl+0x281/0x500 [ 428.305288] ? dlci_ioctl_set+0x30/0x30 [ 428.309243] ? __lock_acquire+0x769/0x4770 [ 428.313447] ? __lock_acquire+0x769/0x4770 [ 428.317713] do_vfs_ioctl+0x196/0x1050 [ 428.321582] ? lock_downgrade+0x7f0/0x7f0 [ 428.325998] ? ioctl_preallocate+0x1c0/0x1c0 [ 428.330393] ? __context_tracking_exit.part.2+0x81/0x240 [ 428.335874] ? lock_downgrade+0x7f0/0x7f0 [ 428.340001] ? kasan_check_read+0x11/0x20 [ 428.344492] ? __fget_light+0x52/0x1e0 [ 428.348448] ksys_ioctl+0x62/0x90 [ 428.352156] __x64_sys_ioctl+0x6e/0xb0 [ 428.356163] do_syscall_64+0xda/0x540 [ 428.359944] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 428.365101] RIP: 0033:0x4665e9 [ 428.368348] Code: 00 84 c9 0f 85 f1 fd ff ff 83 3d 81 00 3a 01 00 0f 85 c2 00 00 00 48 8d 0d 8c 2e 43 00 48 89 88 a8 00 00 00 0f 57 c0 0f 11 84 <24> 90 00 00 00 48 8b 0d 13 db 36 01 48 89 8c 24 90 00 00 00 48 8d [ 428.388409] RSP: 002b:00007fe893d67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 428.396151] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 428.403841] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000005 [ 428.411367] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 428.418671] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 428.426569] R13: 00007ffd0056a94f R14: 00007fe893d67300 R15: 0000000000022000 [ 428.434000] INFO: task syz-executor.2:14048 blocked for more than 140 seconds. [ 428.441393] Not tainted 4.18.0-syzkaller #0 [ 428.446641] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.454595] syz-executor.2 D28248 14048 13004 0x00080004 [ 428.460250] Call Trace: [ 428.462820] __schedule+0x80c/0x1fc0 [ 428.466556] ? __sched_text_start+0x8/0x8 [ 428.470684] schedule+0x7f/0x1b0 [ 428.474017] schedule_preempt_disabled+0x13/0x20 [ 428.478962] __mutex_lock+0x58a/0x1300 [ 428.482828] ? hci_req_sync+0x5b/0xb0 [ 428.486679] ? __ww_mutex_wakeup_for_backoff+0x250/0x250 [ 428.492108] ? hci_inquiry+0x5e5/0x820 [ 428.496018] ? lock_downgrade+0x7f0/0x7f0 [ 428.500148] ? lock_downgrade+0x7f0/0x7f0 [ 428.504265] ? hci_unregister_cb+0x1b0/0x1b0 [ 428.508700] mutex_lock_nested+0x16/0x20 [ 428.512826] ? mutex_lock_nested+0x16/0x20 [ 428.517087] hci_req_sync+0x5b/0xb0 [ 428.520691] hci_inquiry+0x606/0x820 [ 428.524375] ? __local_bh_enable_ip+0x160/0x240 [ 428.529336] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 428.535027] ? trace_hardirqs_on+0xd/0x10 [ 428.539208] ? task_rcu_dereference+0x20/0x140 [ 428.543775] ? _raw_spin_unlock_bh+0x30/0x40 [ 428.548859] hci_sock_ioctl+0x1a3/0x620 [ 428.552821] ? hci_sock_sendmsg+0x2450/0x2450 [ 428.557909] ? futex_wake+0x12e/0x590 [ 428.561702] ? futex_wait_restart+0x240/0x240 [ 428.566410] sock_do_ioctl+0xd9/0x230 [ 428.570194] ? compat_ifr_data_ioctl+0x100/0x100 [ 428.575184] ? lock_downgrade+0x7f0/0x7f0 [ 428.579318] ? do_futex+0x59a/0x1810 [ 428.583089] ? __enqueue_entity+0x10d/0x1f0 [ 428.587664] ? __lock_acquire+0x769/0x4770 [ 428.591884] sock_ioctl+0x281/0x500 [ 428.595544] ? dlci_ioctl_set+0x30/0x30 [ 428.599501] ? trace_hardirqs_on+0x10/0x10 [ 428.603792] ? lock_downgrade+0x7f0/0x7f0 [ 428.607981] ? lock_downgrade+0x7f0/0x7f0 [ 428.612111] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 428.617515] do_vfs_ioctl+0x196/0x1050 [ 428.621386] ? ioctl_preallocate+0x1c0/0x1c0 [ 428.626447] ? __fget+0x1bf/0x300 [ 428.629881] ? lock_downgrade+0x7f0/0x7f0 [ 428.634193] ? kasan_check_read+0x11/0x20 [ 428.638375] ? __fget+0x1dc/0x300 [ 428.641811] ? __fget_light+0x174/0x1e0 [ 428.646098] ksys_ioctl+0x62/0x90 [ 428.649909] __x64_sys_ioctl+0x6e/0xb0 [ 428.653785] do_syscall_64+0xda/0x540 [ 428.657636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 428.662807] RIP: 0033:0x4665e9 [ 428.666254] Code: 00 84 c9 0f 85 f1 fd ff ff 83 3d 81 00 3a 01 00 0f 85 c2 00 00 00 48 8d 0d 8c 2e 43 00 48 89 88 a8 00 00 00 0f 57 c0 0f 11 84 <24> 90 00 00 00 48 8b 0d 13 db 36 01 48 89 8c 24 90 00 00 00 48 8d [ 428.685799] RSP: 002b:00007fb8d46ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 428.693488] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 428.700991] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000004 [ 428.708379] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 428.715689] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 428.722952] R13: 00007fff69d7238f R14: 00007fb8d46ae300 R15: 0000000000022000 [ 428.730466] INFO: task syz-executor.2:14049 blocked for more than 140 seconds. [ 428.738058] Not tainted 4.18.0-syzkaller #0 [ 428.742880] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.751390] syz-executor.2 D28248 14049 14048 0x00080004 [ 428.757066] Call Trace: [ 428.759636] __schedule+0x80c/0x1fc0 [ 428.763320] ? __sched_text_start+0x8/0x8 [ 428.767496] schedule+0x7f/0x1b0 [ 428.770846] schedule_preempt_disabled+0x13/0x20 [ 428.775716] __mutex_lock+0x58a/0x1300 [ 428.779590] ? hci_req_sync+0x5b/0xb0 [ 428.783373] ? __ww_mutex_wakeup_for_backoff+0x250/0x250 [ 428.788861] ? hci_inquiry+0x5e5/0x820 [ 428.793009] ? lock_downgrade+0x7f0/0x7f0 [ 428.797191] ? lock_downgrade+0x7f0/0x7f0 [ 428.801323] ? hci_unregister_cb+0x1b0/0x1b0 [ 428.805852] mutex_lock_nested+0x16/0x20 [ 428.810186] ? mutex_lock_nested+0x16/0x20 [ 428.814396] hci_req_sync+0x5b/0xb0 [ 428.818455] hci_inquiry+0x606/0x820 [ 428.822161] ? __local_bh_enable_ip+0x160/0x240 [ 428.826868] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 428.832563] ? trace_hardirqs_on+0xd/0x10 [ 428.836754] ? task_rcu_dereference+0x20/0x140 [ 428.841318] ? _raw_spin_unlock_bh+0x30/0x40 [ 428.845890] hci_sock_ioctl+0x1a3/0x620 [ 428.849848] ? hci_sock_sendmsg+0x2450/0x2450 [ 428.854702] ? futex_wake+0x12e/0x590 [ 428.858550] sock_do_ioctl+0xd9/0x230 [ 428.862334] ? compat_ifr_data_ioctl+0x100/0x100 [ 428.867131] ? do_futex+0x5be/0x1810 [ 428.870825] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 428.875957] ? trace_hardirqs_on_caller+0x3bb/0x5b0 [ 428.880962] sock_ioctl+0x281/0x500 [ 428.884559] ? dlci_ioctl_set+0x30/0x30 [ 428.888615] ? __lock_acquire+0x769/0x4770 [ 428.892833] ? __lock_acquire+0x769/0x4770 [ 428.897116] do_vfs_ioctl+0x196/0x1050 [ 428.900985] ? lock_downgrade+0x7f0/0x7f0 [ 428.905334] ? ioctl_preallocate+0x1c0/0x1c0 [ 428.909728] ? __context_tracking_exit.part.2+0x81/0x240 [ 428.915206] ? lock_downgrade+0x7f0/0x7f0 [ 428.919425] ? kasan_check_read+0x11/0x20 [ 428.923541] ? __fget_light+0x52/0x1e0 [ 428.927466] ksys_ioctl+0x62/0x90 [ 428.930898] __x64_sys_ioctl+0x6e/0xb0 [ 428.934756] do_syscall_64+0xda/0x540 [ 428.938581] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 428.943761] RIP: 0033:0x4665e9 [ 428.947421] Code: 00 84 c9 0f 85 f1 fd ff ff 83 3d 81 00 3a 01 00 0f 85 c2 00 00 00 48 8d 0d 8c 2e 43 00 48 89 88 a8 00 00 00 0f 57 c0 0f 11 84 <24> 90 00 00 00 48 8b 0d 13 db 36 01 48 89 8c 24 90 00 00 00 48 8d [ 428.967771] RSP: 002b:00007fb8d46ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 428.975527] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 428.983302] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000005 [ 428.990614] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 428.997920] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 429.005229] R13: 00007fff69d7238f R14: 00007fb8d46ae300 R15: 0000000000022000 [ 429.012506] INFO: task syz-executor.1:14064 blocked for more than 140 seconds. [ 429.019903] Not tainted 4.18.0-syzkaller #0 [ 429.024724] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.032728] syz-executor.1 D28248 14064 13006 0x00080004 [ 429.038409] Call Trace: [ 429.040975] __schedule+0x80c/0x1fc0 [ 429.044659] ? __sched_text_start+0x8/0x8 [ 429.048884] schedule+0x7f/0x1b0 [ 429.052234] schedule_preempt_disabled+0x13/0x20 [ 429.057015] __mutex_lock+0x58a/0x1300 [ 429.061254] ? hci_req_sync+0x5b/0xb0 [ 429.065040] ? __ww_mutex_wakeup_for_backoff+0x250/0x250 [ 429.070526] ? hci_inquiry+0x5e5/0x820 [ 429.074396] ? lock_downgrade+0x7f0/0x7f0 [ 429.078964] ? lock_downgrade+0x7f0/0x7f0 [ 429.083090] ? hci_unregister_cb+0x1b0/0x1b0 [ 429.087536] mutex_lock_nested+0x16/0x20 [ 429.091576] ? mutex_lock_nested+0x16/0x20 [ 429.095840] hci_req_sync+0x5b/0xb0 [ 429.099447] hci_inquiry+0x606/0x820 [ 429.103135] ? __local_bh_enable_ip+0x160/0x240 [ 429.107841] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 429.113536] ? trace_hardirqs_on+0xd/0x10 [ 429.117709] ? task_rcu_dereference+0x20/0x140 [ 429.122268] ? _raw_spin_unlock_bh+0x30/0x40 [ 429.126721] hci_sock_ioctl+0x1a3/0x620 [ 429.130881] ? hci_sock_sendmsg+0x2450/0x2450 [ 429.135408] ? futex_wake+0x12e/0x590 [ 429.139190] sock_do_ioctl+0xd9/0x230 [ 429.142960] ? compat_ifr_data_ioctl+0x100/0x100 [ 429.147747] ? lock_downgrade+0x7f0/0x7f0 [ 429.151965] ? do_futex+0x5be/0x1810 [ 429.155808] ? __enqueue_entity+0x10d/0x1f0 [ 429.160571] ? __lock_acquire+0x769/0x4770 [ 429.165259] sock_ioctl+0x281/0x500 [ 429.168997] ? dlci_ioctl_set+0x30/0x30 [ 429.172944] ? trace_hardirqs_on+0x10/0x10 [ 429.177207] ? lock_downgrade+0x7f0/0x7f0 [ 429.181334] ? lock_downgrade+0x7f0/0x7f0 [ 429.185739] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 429.191233] do_vfs_ioctl+0x196/0x1050 [ 429.195435] ? ioctl_preallocate+0x1c0/0x1c0 [ 429.199912] ? __fget+0x1bf/0x300 [ 429.203509] ? lock_downgrade+0x7f0/0x7f0 [ 429.208178] ? kasan_check_read+0x11/0x20 [ 429.212313] ? __fget+0x1dc/0x300 [ 429.215794] ? __fget_light+0x174/0x1e0 [ 429.219746] ksys_ioctl+0x62/0x90 [ 429.223166] __x64_sys_ioctl+0x6e/0xb0 [ 429.227369] do_syscall_64+0xda/0x540 [ 429.231240] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 429.236538] RIP: 0033:0x4665e9 [ 429.239705] Code: 00 84 c9 0f 85 f1 fd ff ff 83 3d 81 00 3a 01 00 0f 85 c2 00 00 00 48 8d 0d 8c 2e 43 00 48 89 88 a8 00 00 00 0f 57 c0 0f 11 84 <24> 90 00 00 00 48 8b 0d 13 db 36 01 48 89 8c 24 90 00 00 00 48 8d [ 429.258858] RSP: 002b:00007f57df218188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 429.267337] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9 [ 429.274608] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000004 [ 429.281948] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 429.289279] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 429.296621] R13: 00007ffc43be26cf R14: 00007f57df218300 R15: 0000000000022000 [ 429.303922] [ 429.303922] Showing all locks held in the system: [ 429.311358] 1 lock held by khungtaskd/1509: [ 429.315754] #0: 00000000f3ea9ccb (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a [ 429.324381] 1 lock held by in:imklog/7890: [ 429.328675] 1 lock held by syz-executor.3/13975: [ 429.333417] #0: 00000000edae5dc5 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x5b/0xb0 [ 429.341997] 1 lock held by syz-executor.4/14015: [ 429.346810] #0: 00000000edae5dc5 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x5b/0xb0 [ 429.354795] 1 lock held by syz-executor.4/14016: [ 429.359618] #0: 00000000edae5dc5 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x5b/0xb0 [ 429.368178] 1 lock held by syz-executor.2/14048: [ 429.372928] #0: 00000000edae5dc5 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x5b/0xb0 [ 429.380959] 1 lock held by syz-executor.2/14049: [ 429.385902] #0: 00000000edae5dc5 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x5b/0xb0 [ 429.393868] 1 lock held by syz-executor.1/14064: [ 429.398641] #0: 00000000edae5dc5 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x5b/0xb0 [ 429.406657] 1 lock held by syz-executor648/14109: [ 429.411659] #0: 00000000edae5dc5 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x5b/0xb0 [ 429.420011] [ 429.421616] ============================================= [ 429.421616] [ 429.428659] NMI backtrace for cpu 0 [ 429.432265] CPU: 0 PID: 1509 Comm: khungtaskd Not tainted 4.18.0-syzkaller #0 [ 429.439508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 429.448920] Call Trace: [ 429.451480] dump_stack+0x15a/0x20d [ 429.455076] nmi_cpu_backtrace.cold.0+0x13/0xb6 [ 429.459719] ? lapic_can_unplug_cpu.cold.5+0x38/0x38 [ 429.464791] nmi_trigger_cpumask_backtrace+0xf6/0x11a [ 429.469951] arch_trigger_cpumask_backtrace+0x14/0x20 [ 429.475291] watchdog+0x512/0x940 [ 429.479089] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 429.484166] kthread+0x316/0x3d0 [ 429.487508] ? reset_hung_task_detector+0x30/0x30 [ 429.492320] ? kthread_flush_work_fn+0x10/0x10 [ 429.496876] ret_from_fork+0x24/0x30 [ 429.500947] Sending NMI from CPU 0 to CPUs 1: [ 429.505878] NMI backtrace for cpu 1 [ 429.505882] CPU: 1 PID: 10047 Comm: kworker/u4:6 Not tainted 4.18.0-syzkaller #0 [ 429.505884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 429.505890] Workqueue: phy36 ieee80211_iface_work [ 429.505895] RIP: 0010:__call_rcu.constprop.47+0x28f/0x850 [ 429.505895] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 d7 04 00 00 48 83 3d a5 e4 e4 07 00 0f 84 1d 03 00 00 48 8b 7d d0 57 9d <0f> 1f 44 00 00 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 80 3d [ 429.505927] RSP: 0018:ffff8800a163f3f8 EFLAGS: 00000286 [ 429.505929] RAX: dffffc0000000000 RBX: ffff8800ab03ce88 RCX: 1ffff100143ef444 [ 429.505931] RDX: 1ffffffff12612c5 RSI: ffff8800a1f7a200 RDI: 0000000000000286 [ 429.505932] RBP: ffff8800a163f448 R08: ffff8800a1f7a220 R09: 0000000000000000 [ 429.505933] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800ba748500 [ 429.505935] R13: ffff8800ba748590 R14: ffffffff893760c0 R15: ffff8800ba748580 [ 429.505938] FS: 0000000000000000(0000) GS:ffff8800ba700000(0000) knlGS:0000000000000000 [ 429.505940] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 429.505941] CR2: 00007f9f7fc9c000 CR3: 00000000ac7bd000 CR4: 0000000000340ee0 [ 429.505944] Call Trace: [ 429.505948] kfree_call_rcu+0x15/0x20 [ 429.505951] cfg80211_bss_update+0x8f4/0x2a40 [ 429.505954] ? kasan_unpoison_shadow+0x35/0x50 [ 429.505957] ? kasan_kmalloc+0xaf/0xc0 [ 429.505961] cfg80211_inform_bss_frame_data+0x663/0xd20 [ 429.505964] ? cfg80211_inform_bss_data+0x8d0/0x8d0 [ 429.505969] ? kasan_check_read+0x11/0x20 [ 429.505972] ieee80211_bss_info_update+0x343/0x15a0 [ 429.505975] ? ieee80211_rx_bss_put+0x50/0x50 [ 429.505977] ? ieee80211_rx_mgmt_probe_beacon+0x6ae/0x1460 [ 429.505980] ? kasan_check_read+0x11/0x20 [ 429.505982] ieee80211_rx_mgmt_probe_beacon+0x708/0x1460 [ 429.505986] ? ieee80211_ibss_process_chanswitch.constprop.4+0x980/0x980 [ 429.505990] ? ieee80211_ibss_rx_queued_mgmt+0xe0/0x1860 [ 429.505993] ? lock_acquire+0x17e/0x3e0 [ 429.505995] ? ieee80211_ibss_rx_queued_mgmt+0xe0/0x1860 [ 429.506002] ? static_obj+0x50/0x50 [ 429.506005] ieee80211_ibss_rx_queued_mgmt+0x1d6/0x1860 [ 429.506007] ? __lock_acquire+0x769/0x4770 [ 429.506009] ? kasan_check_write+0x14/0x20 [ 429.506012] ? __mutex_unlock_slowpath+0xe8/0x6a0 [ 429.506014] ? ieee80211_ibss_rx_no_sta+0x6a0/0x6a0 [ 429.506017] ? trace_hardirqs_on+0x10/0x10 [ 429.506020] ? mark_held_locks+0xc7/0x130 [ 429.506022] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 429.506024] ? trace_hardirqs_on_caller+0x3bb/0x5b0 [ 429.506027] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 429.506029] ieee80211_iface_work+0x47e/0x690 [ 429.506033] process_one_work+0x7b9/0x1580 [ 429.506037] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 429.506038] ? lock_acquire+0x17e/0x3e0 [ 429.506041] ? kasan_check_write+0x14/0x20 [ 429.506043] ? do_raw_spin_lock+0xc1/0x200 [ 429.506046] worker_thread+0x85/0xb60 [ 429.506050] kthread+0x316/0x3d0 [ 429.506052] ? process_one_work+0x1580/0x1580 [ 429.506054] ? kthread_flush_work_fn+0x10/0x10 [ 429.506056] ret_from_fork+0x24/0x30 [ 429.507145] Kernel panic - not syncing: hung_task: blocked tasks [ 429.804757] CPU: 0 PID: 1509 Comm: khungtaskd Not tainted 4.18.0-syzkaller #0 [ 429.812001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 429.821499] Call Trace: [ 429.824150] dump_stack+0x15a/0x20d [ 429.827752] panic+0x1c6/0x36b [ 429.830916] ? __warn_printk+0xd6/0xd6 [ 429.834775] watchdog+0x523/0x940 [ 429.838285] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 429.843361] kthread+0x316/0x3d0 [ 429.846704] ? reset_hung_task_detector+0x30/0x30 [ 429.851519] ? kthread_flush_work_fn+0x10/0x10 [ 429.856070] ret_from_fork+0x24/0x30 [ 429.865855] Kernel Offset: disabled [ 429.869547] Rebooting in 86400 seconds..