INFO: task kworker/0:0:5 blocked for more than 143 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:0 state:D stack:26880 pid: 5 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:1:11 blocked for more than 143 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:1 state:D stack:27232 pid: 11 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:0:19 blocked for more than 143 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:0 state:D stack:26064 pid: 19 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:2:49 blocked for more than 143 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:2 state:D stack:27456 pid: 49 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:3:2454 blocked for more than 144 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:3 state:D stack:27048 pid: 2454 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:3:6053 blocked for more than 144 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:3 state:D stack:27040 pid: 6053 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/1:4:6131 blocked for more than 144 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:4 state:D stack:27632 pid: 6131 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_timeout+0x1db/0x250 kernel/time/timer.c:1868 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x168/0x270 kernel/sched/completion.c:138 __flush_work+0x527/0xab0 kernel/workqueue.c:3052 __cancel_work_timer+0x5dd/0x6e0 kernel/workqueue.c:3139 l2cap_clear_timer include/net/bluetooth/l2cap.h:888 [inline] l2cap_chan_del+0x43/0x1300 net/bluetooth/l2cap_core.c:613 l2cap_chan_close+0x118/0xb10 net/bluetooth/l2cap_core.c:823 l2cap_chan_timeout+0x173/0x450 net/bluetooth/l2cap_core.c:436 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:4:7404 blocked for more than 144 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:4 state:D stack:27552 pid: 7404 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:5:7421 blocked for more than 144 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:5 state:D stack:28080 pid: 7421 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/0:6:7425 blocked for more than 144 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:6 state:D stack:27576 pid: 7425 ppid: 2 flags:0x00004000 Workqueue: events l2cap_chan_timeout Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0xfc3/0x21d0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Showing all locks held in the system: 3 locks held by kworker/0:0/5: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000006fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:1/11: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900000cfda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:0/19: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000015fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:1/47: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900001c7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:2/49: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90000217da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 1 lock held by khungtaskd/1193: #0: ffffffff8a2cc1a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6327 3 locks held by kworker/0:2/2451: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900074dfda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:3/2454: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90007507da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 1 lock held by in:imklog/5922: 3 locks held by kworker/1:3/6053: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90000917da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 4 locks held by kworker/1:4/6131: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900009f7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 #3: ffff888119b2a520 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_chan_lock include/net/bluetooth/l2cap.h:853 [inline] #3: ffff888119b2a520 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_chan_timeout+0xa3/0x450 net/bluetooth/l2cap_core.c:426 3 locks held by kworker/1:5/6132: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90000a17da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:6/6134: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90000a27da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:4/7404: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90004677da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:5/7421: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90004537da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:6/7425: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90004737da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:7/7438: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90004777da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:8/7439: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90004727da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:9/7441: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90004797da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:7/7442: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900047a7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:8/7455: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900047e7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 1 lock held by syz-executor.2/8568: #0: ffff88811ff34078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.4/8575: #0: ffff88811ff34078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.0/8581: #0: ffff88811ff34078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 2 locks held by syz-executor.5/8585: #0: ffff88811ff34078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 #1: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_connect+0xac1/0x20c0 net/bluetooth/l2cap_core.c:7941 1 lock held by syz-executor.5/8586: #0: ffff88811ff34078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.1/8589: #0: ffff88811ff34078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.1/8590: #0: ffff88811ff34078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.3/8592: #0: ffff88811ff34078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 1 lock held by syz-executor.3/8594: #0: ffff88811ff34078 (&hdev->lock){+.+.}-{3:3}, at: l2cap_chan_connect+0x96/0x20c0 net/bluetooth/l2cap_core.c:7818 3 locks held by kworker/0:9/8600: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001087da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:10/8601: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90000d07da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:11/8602: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc9000110fda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:12/8603: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001417da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:10/8604: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001427da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:13/8605: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900010bfda8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:11/8606: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001437da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:14/8607: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001447da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:12/8608: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001467da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:13/8609: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001477da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:15/8610: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001487da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/0:16/8611: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001497da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:14/8612: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900014a7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 3 locks held by kworker/1:15/8613: #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888100063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900014b7da8 ((work_completion)(&(&chan->chan_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffff888112ec32d8 (&conn->chan_lock){+.+.}-{3:3}, at: l2cap_chan_timeout+0x57/0x450 net/bluetooth/l2cap_core.c:422 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1193 Comm: khungtaskd Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x185/0x1e4 lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0xd48/0xfb0 kernel/hung_task.c:294 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 365 Comm: kworker/u4:4 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker RIP: 0010:__lock_acquire+0x8d1/0x50c0 kernel/locking/lockdep.c:4870 Code: fc ff df 48 c1 ea 03 0f b6 14 02 48 c7 c0 60 7a 24 8d 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 d3 0c 00 00 8b 0d bf 9f c8 0b <85> c9 0f 84 b5 06 00 00 49 8d 84 24 88 09 00 00 48 89 c2 48 89 44 RSP: 0018:ffffc90001457a60 EFLAGS: 00000097 RAX: 0000000000000003 RBX: 00000000000007d6 RCX: 0000000000000000 RDX: 0000000000000004 RSI: 0000000000000008 RDI: ffffffff8cebcf90 RBP: ffff888101bbcc68 R08: 0000000000000000 R09: ffffffff8cebaba7 R10: fffffbfff19d7574 R11: 0000000000000000 R12: ffff888101bbc280 R13: 0000000000000004 R14: ffff888101bbcc18 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8881f6200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe55e79e000 CR3: 000000011dfa7000 CR4: 0000000000350ef0 Call Trace: lock_acquire kernel/locking/lockdep.c:5510 [inline] lock_acquire+0x212/0x850 kernel/locking/lockdep.c:5475 rcu_lock_acquire include/linux/rcupdate.h:267 [inline] rcu_read_lock include/linux/rcupdate.h:656 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:404 [inline] batadv_nc_worker+0x12d/0xe50 net/batman-adv/network-coding.c:715 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294