syzbot

INFO: task kworker/u5:1:4393 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u5:1    state:D stack:0     pid:4393  ppid:2      flags:0x00000008
Workqueue: hci16 hci_rx_work
Call trace:
 __switch_to+0x2f4/0x568 arch/arm64/kernel/process.c:555
 context_switch kernel/sched/core.c:5244 [inline]
 __schedule+0xddc/0x1b18 kernel/sched/core.c:6561
 schedule+0xc4/0x170 kernel/sched/core.c:6637
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6696
 __mutex_lock_common+0xad4/0x1f38 kernel/locking/mutex.c:679
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
 hci_connect_cfm include/net/bluetooth/hci_core.h:1811 [inline]
 hci_remote_features_evt+0x3f8/0x838 net/bluetooth/hci_event.c:3796
 hci_event_func net/bluetooth/hci_event.c:7415 [inline]
 hci_event_packet+0x6f4/0xf08 net/bluetooth/hci_event.c:7467
 hci_rx_work+0x324/0xaa0 net/bluetooth/hci_core.c:4083
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850

Showing all locks held in the system:
3 locks held by kworker/u4:1/11:
 #0: ffff0000c0845138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff80001c817c20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff8000176af090 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x12c/0xa74 net/core/net_namespace.c:594
1 lock held by rcu_tasks_kthre/12:
 #0: ffff800015227d70 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x40/0xbb4 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffff800015228590 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x40/0xbb4 kernel/rcu/tasks.h:517
1 lock held by khungtaskd/28:
 #0: ffff800015227400 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:349
3 locks held by kworker/u4:2/39:
 #0: ffff0000c0029138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff80001cd17c20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff8000176bb748 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:74
4 locks held by kworker/u5:0/47:
 #0: ffff0000c94d8938 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff80001cd97c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000d15ac078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x838 net/bluetooth/hci_event.c:3763
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1811 [inline]
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x3f8/0x838 net/bluetooth/hci_event.c:3796
2 locks held by getty/4079:
 #0: ffff0000d69d2098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80001ce332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x2ec/0xf9c drivers/tty/n_tty.c:2198
4 locks held by kworker/u5:1/4393:
 #0: ffff0000dcc7b938 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff800020de7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000cbc04078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x838 net/bluetooth/hci_event.c:3763
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1811 [inline]
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x3f8/0x838 net/bluetooth/hci_event.c:3796
3 locks held by kworker/0:14/4461:
 #0: ffff0000c0020938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff8000210c7c20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000f5163240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x1c8/0x263c drivers/net/netdevsim/fib.c:1491
2 locks held by kworker/u4:5/4477:
4 locks held by kworker/u5:3/4486:
 #0: ffff0000f5255138 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff800020ee7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000d2160078 (&hdev->lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xb0/0x1220 net/bluetooth/hci_event.c:5723
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm+0x3c/0x130 include/net/bluetooth/hci_core.h:1811
3 locks held by syz-executor/4488:
 #0: ffff0000da96d0b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close net/bluetooth/hci_core.c:508 [inline]
 #0: ffff0000da96d0b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x1f0/0x4b4 net/bluetooth/hci_core.c:2705
 #1: ffff0000da96c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x398/0xf18 net/bluetooth/hci_sync.c:5233
 #2: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:1826 [inline]
 #2: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb0/0x270 net/bluetooth/hci_conn.c:2504
4 locks held by kworker/u5:4/4490:
 #0: ffff0000f532d138 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff8000209c7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000db66c078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x838 net/bluetooth/hci_event.c:3763
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1811 [inline]
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x3f8/0x838 net/bluetooth/hci_event.c:3796
4 locks held by kworker/u5:5/4492:
 #0: ffff0000d9edb938 ((wq_completion)hci20#2){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff8000209e7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000f4ed8078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x838 net/bluetooth/hci_event.c:3763
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1811 [inline]
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x3f8/0x838 net/bluetooth/hci_event.c:3796
4 locks held by kworker/u5:6/4495:
 #0: ffff0000c42a8938 ((wq_completion)hci19#2){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8 kernel/workqueue.c:2265
 #1: ffff800020f07c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8 kernel/workqueue.c:2267
 #2: ffff0000cd714078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x9c/0x838 net/bluetooth/hci_event.c:3763
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1811 [inline]
 #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x3f8/0x838 net/bluetooth/hci_event.c:3796
2 locks held by kworker/1:11/4551: