[ 417.046461] Bluetooth: hci1: command 0x0401 tx timeout [ 419.126738] Bluetooth: hci1: command 0x0401 tx timeout Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts. [ 421.206276] Bluetooth: hci1: command 0x0401 tx timeout [ 421.617811] IPVS: ftp: loaded support on port[0] = 21 *** stack smashing detected ***: terminated [ 423.286165] Bluetooth: hci1: command 0x0401 tx timeout [ 423.686318] Bluetooth: hci6: command 0x0409 tx timeout [ 425.366151] Bluetooth: hci1: command 0x0401 tx timeout [ 425.766240] Bluetooth: hci6: command 0x041b tx timeout [ 427.446098] Bluetooth: hci1: command 0x0401 tx timeout [ 427.846127] Bluetooth: hci6: command 0x040f tx timeout [ 429.366435] INFO: task syz-executor.0:16050 blocked for more than 140 seconds. [ 429.374257] Not tainted 4.19.206-syzkaller #0 [ 429.380585] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.389142] syz-executor.0 D28232 16050 5931 0x00000004 [ 429.395075] Call Trace: [ 429.398400] __schedule+0x80c/0x1f70 [ 429.402131] ? __sched_text_start+0x8/0x8 [ 429.407216] ? kasan_check_read+0x11/0x20 [ 429.412324] schedule+0x7f/0x1b0 [ 429.418255] schedule_preempt_disabled+0x13/0x20 [ 429.425510] __mutex_lock+0x4ba/0x1190 [ 429.430528] ? hci_req_sync+0x32/0xa0 [ 429.434607] ? mutex_trylock+0x1b0/0x1b0 [ 429.440082] ? hci_inquiry+0x572/0x750 [ 429.444132] ? lock_downgrade+0x860/0x860 [ 429.449456] ? lock_downgrade+0x860/0x860 [ 429.453640] ? hci_unregister_cb+0x160/0x160 [ 429.459988] mutex_lock_nested+0x16/0x20 [ 429.464223] ? mutex_lock_nested+0x16/0x20 [ 429.468550] hci_req_sync+0x32/0xa0 [ 429.472184] hci_inquiry+0x593/0x750 [ 429.476689] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 429.481372] ? __local_bh_enable_ip+0x160/0x250 [ 429.486778] ? release_sock+0x11f/0x180 [ 429.490806] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 429.497516] ? do_group_exit+0x72/0x2c0 [ 429.501607] ? _raw_spin_unlock_bh+0x30/0x40 [ 429.506647] hci_sock_ioctl+0x19e/0x680 [ 429.510823] ? hci_sock_sendmsg+0x24a0/0x24a0 [ 429.515396] ? mark_held_locks+0x130/0x130 [ 429.520021] ? __lock_acquire+0x764/0x47c0 [ 429.524604] ? drop_futex_key_refs.isra.1+0x90/0x90 [ 429.529999] Bluetooth: hci1: command 0x0401 tx timeout [ 429.530545] sock_do_ioctl+0xd9/0x240 [ 429.540066] ? compat_ifr_data_ioctl+0x120/0x120 [ 429.544815] ? mark_held_locks+0x130/0x130 [ 429.549264] ? __lock_acquire+0x764/0x47c0 [ 429.553579] ? do_futex+0x5aa/0x1530 [ 429.557478] ? debug_object_activate+0x327/0x4e0 [ 429.562702] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 429.568068] ? debug_object_activate+0x327/0x4e0 [ 429.573667] sock_ioctl+0x281/0x500 [ 429.577846] ? dlci_ioctl_set+0x30/0x30 [ 429.582008] ? debug_object_active_state+0x226/0x3b0 [ 429.587636] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 429.592868] ? mark_held_locks+0x130/0x130 [ 429.597890] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 429.603534] do_vfs_ioctl+0x196/0x10c0 [ 429.607730] ? lock_downgrade+0x860/0x860 [ 429.612677] ? ioctl_preallocate+0x1c0/0x1c0 [ 429.618213] ? __fget+0x2a2/0x400 [ 429.621963] ? do_dup2+0x3f0/0x3f0 [ 429.625764] ? do_futex+0x1530/0x1530 [ 429.629677] ? trace_hardirqs_on+0x28/0x190 [ 429.634279] ? __fget_light+0x174/0x1e0 [ 429.639708] ksys_ioctl+0x62/0x90 [ 429.643354] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 429.648622] __x64_sys_ioctl+0x6e/0xb0 [ 429.652832] do_syscall_64+0xd0/0x4e0 [ 429.657204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 429.662660] RIP: 0033:0x465109 [ 429.666406] Code: Bad RIP value. [ 429.669789] RSP: 002b:00007fb75c9b5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 429.677971] RAX: ffffffffffffffda RBX: 000000000055cf00 RCX: 0000000000465109 [ 429.686839] RDX: 0000000020000200 RSI: 00000000800448f0 RDI: 0000000000000004 [ 429.694780] RBP: 00000000004af711 R08: 0000000000000000 R09: 0000000000000000 [ 429.702488] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055cf00 [ 429.710573] R13: 00007ffdda99102f R14: 00007fb75c9b5300 R15: 0000000000022000 [ 429.718098] INFO: task syz-executor.1:16057 blocked for more than 140 seconds. [ 429.727934] Not tainted 4.19.206-syzkaller #0 [ 429.734461] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.743615] syz-executor.1 D28232 16057 14372 0x00000004 [ 429.750125] Call Trace: [ 429.753063] __schedule+0x80c/0x1f70 [ 429.756969] ? __sched_text_start+0x8/0x8 [ 429.761378] ? kasan_check_read+0x11/0x20 [ 429.765695] schedule+0x7f/0x1b0 [ 429.769207] schedule_preempt_disabled+0x13/0x20 [ 429.775606] __mutex_lock+0x4ba/0x1190 [ 429.779774] ? hci_req_sync+0x32/0xa0 [ 429.783754] ? mutex_trylock+0x1b0/0x1b0 [ 429.787906] ? hci_inquiry+0x572/0x750 [ 429.791794] ? lock_downgrade+0x860/0x860 [ 429.796001] ? lock_downgrade+0x860/0x860 [ 429.800355] ? hci_unregister_cb+0x160/0x160 [ 429.804751] mutex_lock_nested+0x16/0x20 [ 429.808978] ? mutex_lock_nested+0x16/0x20 [ 429.813215] hci_req_sync+0x32/0xa0 [ 429.816919] hci_inquiry+0x593/0x750 [ 429.820623] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 429.825517] ? __local_bh_enable_ip+0x160/0x250 [ 429.831047] ? release_sock+0x11f/0x180 [ 429.835393] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 429.843872] ? do_group_exit+0x72/0x2c0 [ 429.848431] ? _raw_spin_unlock_bh+0x30/0x40 [ 429.853593] hci_sock_ioctl+0x19e/0x680 [ 429.857875] ? hci_sock_sendmsg+0x24a0/0x24a0 [ 429.862529] ? mark_held_locks+0x130/0x130 [ 429.866887] ? __lock_acquire+0x764/0x47c0 [ 429.871223] sock_do_ioctl+0xd9/0x240 [ 429.875445] ? compat_ifr_data_ioctl+0x120/0x120 [ 429.881161] ? mark_held_locks+0x130/0x130 [ 429.885396] ? __lock_acquire+0x764/0x47c0 [ 429.890145] ? do_futex+0x5c9/0x1530 [ 429.893860] ? debug_object_activate+0x327/0x4e0 [ 429.898673] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 429.903853] ? debug_object_activate+0x327/0x4e0 [ 429.908710] sock_ioctl+0x281/0x500 [ 429.912363] ? dlci_ioctl_set+0x30/0x30 [ 429.916410] ? debug_object_active_state+0x226/0x3b0 [ 429.921512] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 429.926281] ? mark_held_locks+0x130/0x130 [ 429.930853] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 429.936014] do_vfs_ioctl+0x196/0x10c0 [ 429.936089] Bluetooth: hci6: command 0x0419 tx timeout [ 429.940532] ? lock_downgrade+0x860/0x860 [ 429.950314] ? ioctl_preallocate+0x1c0/0x1c0 [ 429.954727] ? __fget+0x2a2/0x400 [ 429.958390] ? do_dup2+0x3f0/0x3f0 [ 429.961927] ? do_futex+0x1530/0x1530 [ 429.965742] ? trace_hardirqs_on+0x28/0x190 [ 429.970301] ? __fget_light+0x174/0x1e0 [ 429.974295] ksys_ioctl+0x62/0x90 [ 429.977905] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 429.982564] __x64_sys_ioctl+0x6e/0xb0 [ 429.986644] do_syscall_64+0xd0/0x4e0 [ 429.990438] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 429.995621] RIP: 0033:0x465109 [ 429.999137] Code: Bad RIP value. [ 430.002499] RSP: 002b:00007fd8325c0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 430.012295] RAX: ffffffffffffffda RBX: 000000000055cf00 RCX: 0000000000465109 [ 430.020073] RDX: 0000000020000200 RSI: 00000000800448f0 RDI: 0000000000000004 [ 430.027422] RBP: 00000000004af711 R08: 0000000000000000 R09: 0000000000000000 [ 430.034833] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055cf00 [ 430.042407] R13: 00007ffe2ce57baf R14: 00007fd8325c0300 R15: 0000000000022000 [ 430.049914] INFO: task syz-executor.1:16198 blocked for more than 140 seconds. [ 430.057598] Not tainted 4.19.206-syzkaller #0 [ 430.062599] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 430.070641] syz-executor.1 D28328 16198 14372 0x00000004 [ 430.076759] Call Trace: [ 430.079339] __schedule+0x80c/0x1f70 [ 430.083035] ? __sched_text_start+0x8/0x8 [ 430.087445] ? kasan_check_read+0x11/0x20 [ 430.091592] schedule+0x7f/0x1b0 [ 430.094937] schedule_preempt_disabled+0x13/0x20 [ 430.099752] __mutex_lock+0x4ba/0x1190 [ 430.103685] ? hci_req_sync+0x32/0xa0 [ 430.107722] ? mutex_trylock+0x1b0/0x1b0 [ 430.111778] ? hci_inquiry+0x572/0x750 [ 430.115639] ? lock_downgrade+0x860/0x860 [ 430.119947] ? lock_downgrade+0x860/0x860 [ 430.124088] ? hci_unregister_cb+0x160/0x160 [ 430.128832] mutex_lock_nested+0x16/0x20 [ 430.132885] ? mutex_lock_nested+0x16/0x20 [ 430.137321] hci_req_sync+0x32/0xa0 [ 430.140939] hci_inquiry+0x593/0x750 [ 430.144905] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 430.149779] ? __local_bh_enable_ip+0x160/0x250 [ 430.154452] ? release_sock+0x11f/0x180 [ 430.158635] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 430.164475] ? do_group_exit+0x72/0x2c0 [ 430.168707] ? _raw_spin_unlock_bh+0x30/0x40 [ 430.173118] hci_sock_ioctl+0x19e/0x680 [ 430.177289] ? hci_sock_sendmsg+0x24a0/0x24a0 [ 430.181784] sock_do_ioctl+0xd9/0x240 [ 430.185658] ? compat_ifr_data_ioctl+0x120/0x120 [ 430.190668] ? __lock_acquire+0x764/0x47c0 [ 430.195121] sock_ioctl+0x281/0x500 [ 430.198901] ? dlci_ioctl_set+0x30/0x30 [ 430.202877] ? __lock_acquire+0x764/0x47c0 [ 430.207200] do_vfs_ioctl+0x196/0x10c0 [ 430.211179] ? lock_downgrade+0x860/0x860 [ 430.215591] ? ioctl_preallocate+0x1c0/0x1c0 [ 430.220066] ? __fget+0x2a2/0x400 [ 430.223514] ? do_dup2+0x3f0/0x3f0 [ 430.227227] ? __fget_light+0x174/0x1e0 [ 430.231191] ksys_ioctl+0x62/0x90 [ 430.234621] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 430.239373] __x64_sys_ioctl+0x6e/0xb0 [ 430.243272] do_syscall_64+0xd0/0x4e0 [ 430.247462] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 430.253442] RIP: 0033:0x465109 [ 430.257435] Code: Bad RIP value. [ 430.261247] RSP: 002b:00007fd83257e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 430.269616] RAX: ffffffffffffffda RBX: 000000000055d040 RCX: 0000000000465109 [ 430.277246] RDX: 0000000020000200 RSI: 00000000800448f0 RDI: 0000000000000004 [ 430.284603] RBP: 00000000004af711 R08: 0000000000000000 R09: 0000000000000000 [ 430.292028] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055d040 [ 430.299441] R13: 00007ffe2ce57baf R14: 00007fd83257e300 R15: 0000000000022000 [ 430.307200] INFO: task syz-executor.3:16293 blocked for more than 140 seconds. [ 430.314653] Not tainted 4.19.206-syzkaller #0 [ 430.319753] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 430.327988] syz-executor.3 D28232 16293 15980 0x00000004 [ 430.333711] Call Trace: [ 430.336582] __schedule+0x80c/0x1f70 [ 430.340481] ? __sched_text_start+0x8/0x8 [ 430.344639] ? kasan_check_read+0x11/0x20 [ 430.348854] schedule+0x7f/0x1b0 [ 430.352210] schedule_preempt_disabled+0x13/0x20 [ 430.356999] __mutex_lock+0x4ba/0x1190 [ 430.360887] ? hci_req_sync+0x32/0xa0 [ 430.364683] ? mutex_trylock+0x1b0/0x1b0 [ 430.368843] ? hci_inquiry+0x572/0x750 [ 430.372932] ? lock_downgrade+0x860/0x860 [ 430.377371] ? lock_downgrade+0x860/0x860 [ 430.381522] ? hci_unregister_cb+0x160/0x160 [ 430.386541] mutex_lock_nested+0x16/0x20 [ 430.390682] ? mutex_lock_nested+0x16/0x20 [ 430.395148] hci_req_sync+0x32/0xa0 [ 430.398838] hci_inquiry+0x593/0x750 [ 430.402602] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 430.407723] ? __local_bh_enable_ip+0x160/0x250 [ 430.412660] ? release_sock+0x11f/0x180 [ 430.416818] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 430.422610] ? do_group_exit+0x72/0x2c0 [ 430.426645] ? _raw_spin_unlock_bh+0x30/0x40 [ 430.431752] hci_sock_ioctl+0x19e/0x680 [ 430.436265] ? hci_sock_sendmsg+0x24a0/0x24a0 [ 430.440759] ? mark_held_locks+0x130/0x130 [ 430.445102] ? __lock_acquire+0x764/0x47c0 [ 430.449512] sock_do_ioctl+0xd9/0x240 [ 430.453509] ? compat_ifr_data_ioctl+0x120/0x120 [ 430.458350] ? mark_held_locks+0x130/0x130 [ 430.462605] ? __lock_acquire+0x764/0x47c0 [ 430.467642] ? do_futex+0x5c9/0x1530 [ 430.472659] ? debug_object_activate+0x327/0x4e0 [ 430.477481] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 430.482590] ? debug_object_activate+0x327/0x4e0 [ 430.487576] sock_ioctl+0x281/0x500 [ 430.491397] ? dlci_ioctl_set+0x30/0x30 [ 430.495508] ? debug_object_active_state+0x226/0x3b0 [ 430.500894] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 430.505655] ? mark_held_locks+0x130/0x130 [ 430.510155] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 430.515376] do_vfs_ioctl+0x196/0x10c0 [ 430.519329] ? lock_downgrade+0x860/0x860 [ 430.523752] ? ioctl_preallocate+0x1c0/0x1c0 [ 430.528242] ? __fget+0x2a2/0x400 [ 430.531704] ? do_dup2+0x3f0/0x3f0 [ 430.535326] ? do_futex+0x1530/0x1530 [ 430.539256] ? trace_hardirqs_on+0x28/0x190 [ 430.543672] ? __fget_light+0x174/0x1e0 [ 430.547881] ksys_ioctl+0x62/0x90 [ 430.551561] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 430.556230] __x64_sys_ioctl+0x6e/0xb0 [ 430.560111] do_syscall_64+0xd0/0x4e0 [ 430.563898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 430.569279] RIP: 0033:0x465109 [ 430.572462] Code: Bad RIP value. [ 430.575904] RSP: 002b:00007f5023cc0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 430.583754] RAX: ffffffffffffffda RBX: 000000000055cf00 RCX: 0000000000465109 [ 430.591219] RDX: 0000000020000200 RSI: 00000000800448f0 RDI: 0000000000000004 [ 430.598708] RBP: 00000000004af711 R08: 0000000000000000 R09: 0000000000000000 [ 430.606057] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055cf00 [ 430.613314] R13: 00007ffca95d5aef R14: 00007f5023cc0300 R15: 0000000000022000 [ 430.621054] INFO: task syz-executor.3:16299 blocked for more than 140 seconds. [ 430.628881] Not tainted 4.19.206-syzkaller #0 [ 430.633982] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 430.642170] syz-executor.3 D29064 16299 15980 0x00000004 [ 430.647926] Call Trace: [ 430.650514] __schedule+0x80c/0x1f70 [ 430.654292] ? __sched_text_start+0x8/0x8 [ 430.658699] ? kasan_check_read+0x11/0x20 [ 430.662884] schedule+0x7f/0x1b0 [ 430.666327] schedule_preempt_disabled+0x13/0x20 [ 430.671083] __mutex_lock+0x4ba/0x1190 [ 430.675151] ? hci_req_sync+0x32/0xa0 [ 430.679039] ? mutex_trylock+0x1b0/0x1b0 [ 430.683107] ? hci_inquiry+0x572/0x750 [ 430.687182] ? lock_downgrade+0x860/0x860 [ 430.691333] ? lock_downgrade+0x860/0x860 [ 430.695467] ? hci_unregister_cb+0x160/0x160 [ 430.699935] mutex_lock_nested+0x16/0x20 [ 430.704096] ? mutex_lock_nested+0x16/0x20 [ 430.708402] hci_req_sync+0x32/0xa0 [ 430.712027] hci_inquiry+0x593/0x750 [ 430.715735] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 430.720388] ? __local_bh_enable_ip+0x160/0x250 [ 430.725056] ? release_sock+0x11f/0x180 [ 430.729293] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 430.735067] ? do_group_exit+0x72/0x2c0 [ 430.739125] ? _raw_spin_unlock_bh+0x30/0x40 [ 430.743537] hci_sock_ioctl+0x19e/0x680 [ 430.747774] ? hci_sock_sendmsg+0x24a0/0x24a0 [ 430.753176] sock_do_ioctl+0xd9/0x240 [ 430.757793] ? compat_ifr_data_ioctl+0x120/0x120 [ 430.762685] ? __lock_acquire+0x764/0x47c0 [ 430.767011] sock_ioctl+0x281/0x500 [ 430.770643] ? dlci_ioctl_set+0x30/0x30 [ 430.774865] ? __lock_acquire+0x764/0x47c0 [ 430.779169] do_vfs_ioctl+0x196/0x10c0 [ 430.783211] ? lock_downgrade+0x860/0x860 [ 430.787440] ? ioctl_preallocate+0x1c0/0x1c0 [ 430.791851] ? __fget+0x2a2/0x400 [ 430.795404] ? do_dup2+0x3f0/0x3f0 [ 430.798998] ? __fget_light+0x174/0x1e0 [ 430.803062] ksys_ioctl+0x62/0x90 [ 430.806833] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 430.811499] __x64_sys_ioctl+0x6e/0xb0 [ 430.815382] do_syscall_64+0xd0/0x4e0 [ 430.819591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 430.824874] RIP: 0033:0x465109 [ 430.828139] Code: Bad RIP value. [ 430.831991] RSP: 002b:00007f5023c7e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 430.840817] RAX: ffffffffffffffda RBX: 000000000055d040 RCX: 0000000000465109 [ 430.848615] RDX: 0000000020000200 RSI: 00000000800448f0 RDI: 0000000000000004 [ 430.855986] RBP: 00000000004af711 R08: 0000000000000000 R09: 0000000000000000 [ 430.863365] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055d040 [ 430.871689] R13: 00007ffca95d5aef R14: 00007f5023c7e300 R15: 0000000000022000 [ 430.879507] [ 430.879507] Showing all locks held in the system: [ 430.886305] 2 locks held by ksoftirqd/0/9: [ 430.890718] #0: 000000000cc516ec (&rq->lock){-.-.}, at: __schedule+0x1f6/0x1f70 [ 430.898711] #1: 00000000d83de138 (rcu_read_lock){....}, at: update_curr+0x2cf/0x870 [ 430.907892] 1 lock held by khungtaskd/1095: [ 430.912220] #0: 00000000d83de138 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a [ 430.922690] 1 lock held by syz-executor.0/16050: [ 430.928938] #0: 00000000bf866d71 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x32/0xa0 [ 430.937898] 1 lock held by syz-executor.4/16038: [ 430.942901] #0: 00000000bf866d71 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x32/0xa0 [ 430.951124] 1 lock held by syz-executor.1/16057: [ 430.955942] #0: 00000000bf866d71 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x32/0xa0 [ 430.964439] 1 lock held by syz-executor.1/16198: [ 430.969260] #0: 00000000bf866d71 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x32/0xa0 [ 430.977420] 1 lock held by syz-executor.3/16293: [ 430.982765] #0: 00000000bf866d71 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x32/0xa0 [ 430.991286] 1 lock held by syz-executor.3/16299: [ 430.996307] #0: 00000000bf866d71 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x32/0xa0 [ 431.004420] 1 lock held by syz-executor951/16338: [ 431.009341] #0: 00000000bf866d71 (&hdev->req_lock){+.+.}, at: hci_req_sync+0x32/0xa0 [ 431.017793] [ 431.019413] ============================================= [ 431.019413] [ 431.026744] NMI backtrace for cpu 1 [ 431.030364] CPU: 1 PID: 1095 Comm: khungtaskd Not tainted 4.19.206-syzkaller #0 [ 431.037882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.047214] Call Trace: [ 431.049791] dump_stack+0x17c/0x226 [ 431.053479] nmi_cpu_backtrace.cold.0+0x3c/0x78 [ 431.058272] ? lapic_can_unplug_cpu+0x80/0x80 [ 431.062861] nmi_trigger_cpumask_backtrace+0xf5/0x120 [ 431.068055] arch_trigger_cpumask_backtrace+0x14/0x20 [ 431.073225] watchdog+0x5c3/0xb40 [ 431.076658] kthread+0x347/0x410 [ 431.080107] ? reset_hung_task_detector+0x30/0x30 [ 431.085037] ? __kthread_cancel_work+0x170/0x170 [ 431.089868] ret_from_fork+0x24/0x30 [ 431.093750] Sending NMI from CPU 1 to CPUs 0: [ 431.098448] NMI backtrace for cpu 0 [ 431.098451] CPU: 0 PID: 2779 Comm: kworker/u4:4 Not tainted 4.19.206-syzkaller #0 [ 431.098453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.098454] Workqueue: bat_events batadv_purge_orig [ 431.098457] RIP: 0010:lock_release+0x54/0x840 [ 431.098460] Code: 89 95 70 ff ff ff 65 4c 8b 2c 25 80 ee 01 00 48 8d 14 03 48 c7 45 80 2f 4d 1b 88 49 8d bd 84 08 00 00 48 c7 45 88 c0 af 4a 81 <48> c7 85 78 ff ff ff b3 8a b5 41 c7 02 f1 f1 f1 f1 c7 42 04 04 f2 [ 431.098462] RSP: 0018:ffff8881e75f7b78 EFLAGS: 00000296 [ 431.098464] RAX: dffffc0000000000 RBX: 1ffff1103cebef72 RCX: ffffffff814b4870 [ 431.098466] RDX: ffffed103cebef72 RSI: 0000000000000001 RDI: ffff8881e75eca84 [ 431.098468] RBP: ffff8881e75f7c18 R08: ffffed1039550a4e R09: ffffed1039550a4d [ 431.098469] R10: ffffed1039550a4d R11: ffff8881caa8526b R12: ffff8881caa85280 [ 431.098471] R13: ffff8881e75ec200 R14: ffff8881e53b6c00 R15: ffff8881cd4aa6b0 [ 431.098473] FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 [ 431.098474] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 431.098476] CR2: 00007f53bb1a8000 CR3: 000000000846d003 CR4: 00000000001606f0 [ 431.098478] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 431.098480] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 431.098481] Call Trace: [ 431.098482] ? batadv_purge_orig_ref+0x61a/0xf80 [ 431.098484] ? lock_downgrade+0x860/0x860 [ 431.098485] ? kasan_check_write+0x14/0x20 [ 431.098487] ? do_raw_spin_lock+0xd0/0x240 [ 431.098488] _raw_spin_unlock_bh+0x1a/0x40 [ 431.098489] batadv_purge_orig_ref+0x61a/0xf80 [ 431.098491] ? batadv_orig_node_new+0x860/0x860 [ 431.098492] batadv_purge_orig+0x14/0x60 [ 431.098494] process_one_work+0x7b9/0x15a0 [ 431.098495] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 431.098496] ? lock_acquire+0x180/0x3a0 [ 431.098498] ? kasan_check_write+0x14/0x20 [ 431.098499] ? do_raw_spin_lock+0xd0/0x240 [ 431.098500] worker_thread+0x85/0xb60 [ 431.098502] ? __kthread_parkme+0x37/0x1c0 [ 431.098503] kthread+0x347/0x410 [ 431.098504] ? process_one_work+0x15a0/0x15a0 [ 431.098506] ? __kthread_cancel_work+0x170/0x170 [ 431.098507] ret_from_fork+0x24/0x30 [ 431.099311] Kernel panic - not syncing: hung_task: blocked tasks [ 431.320039] CPU: 1 PID: 1095 Comm: khungtaskd Not tainted 4.19.206-syzkaller #0 [ 431.327586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.337027] Call Trace: [ 431.339607] dump_stack+0x17c/0x226 [ 431.343583] panic+0x1cd/0x375 [ 431.347021] ? __warn_printk+0xd6/0xd6 [ 431.351196] watchdog+0x5d4/0xb40 [ 431.354790] kthread+0x347/0x410 [ 431.358147] ? reset_hung_task_detector+0x30/0x30 [ 431.363353] ? __kthread_cancel_work+0x170/0x170 [ 431.368202] ret_from_fork+0x24/0x30 [ 431.373196] Kernel Offset: disabled [ 431.376941] Rebooting in 86400 seconds..