INFO: task syz.5.739:8291 blocked for more than 143 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.5.739 state:D stack:0 pid:8291 tgid:8291 ppid:5096 task_flags:0x40004c flags:0x00800010 Call trace: __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T) context_switch kernel/sched/core.c:5388 [inline] __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189 __schedule_loop kernel/sched/core.c:7268 [inline] schedule+0x140/0x218 kernel/sched/core.c:7283 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340 rwsem_down_read_slowpath+0x538/0x7c4 kernel/locking/rwsem.c:1114 __down_read_common kernel/locking/rwsem.c:1291 [inline] __down_read kernel/locking/rwsem.c:1304 [inline] down_read+0xa0/0x2bc kernel/locking/rwsem.c:1570 mmap_read_lock include/linux/mmap_lock.h:592 [inline] exit_mm+0x68/0x26c kernel/exit.c:557 do_exit+0x518/0x1a6c kernel/exit.c:964 do_group_exit+0x194/0x22c kernel/exit.c:1119 __do_sys_exit_group kernel/exit.c:1130 [inline] __se_sys_exit_group kernel/exit.c:1128 [inline] pid_child_should_wake+0x0/0x110 kernel/exit.c:1128 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 Showing all locks held in the system: 3 locks held by kworker/u8:0/12: 3 locks held by kworker/u8:1/15: 1 lock held by khungtaskd/31: #0: ffff800088ad72a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #0: ffff800088ad72a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline] #0: ffff800088ad72a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x4c/0x188 kernel/locking/lockdep.c:6775 2 locks held by kworker/u8:2/39: 3 locks held by kworker/u8:3/40: 3 locks held by kworker/u8:4/1153: 3 locks held by kworker/u8:6/1419: 3 locks held by kworker/R-ipv6_/2785: #0: ffff0000cec5f940 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #0: ffff0000cec5f940 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 kernel/workqueue.c:3397 #1: ffff800098337c00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #1: ffff800098337c00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 kernel/workqueue.c:3397 #2: ffff800089b97600 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80 3 locks held by kworker/u8:7/3400: 3 locks held by kworker/u8:8/3624: 1 lock held by klogd/4291: 2 locks held by udevd/4302: 2 locks held by getty/4450: #0: ffff0000cf74e0a0 ( &tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff80009229b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x354/0xf84 drivers/tty/n_tty.c:2211 4 locks held by kworker/u9:3/4675: #0: ffff0000f42b1140 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #0: ffff0000f42b1140 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 kernel/workqueue.c:3397 #1: ffff800099287c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #1: ffff800099287c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 kernel/workqueue.c:3397 #2: ffff0000d034cea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x17c/0x37c net/bluetooth/hci_sync.c:331 #3: ffff0000d034c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1d4/0x938 net/bluetooth/hci_sync.c:5744 5 locks held by kworker/u9:5/4682: #0: ffff0000d6837940 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #0: ffff0000d6837940 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 kernel/workqueue.c:3397 #1: ffff800099257c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #1: ffff800099257c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 kernel/workqueue.c:3397 #2: ffff0000c776cea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x17c/0x37c net/bluetooth/hci_sync.c:331 #3: ffff0000c776c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1d4/0x938 net/bluetooth/hci_sync.c:5744 #4: ffff800089cf73e0 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline] #4: ffff800089cf73e0 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x13c/0x334 net/bluetooth/hci_conn.c:1409 2 locks held by kworker/1:3/4762: 8 locks held by kworker/u8:9/5073: 1 lock held by syz-executor/6017: 1 lock held by syz-executor/6108: 3 locks held by kworker/u8:10/6205: 3 locks held by kworker/u8:11/6725: 3 locks held by kworker/u8:12/6814: 3 locks held by kworker/u8:13/6818: 3 locks held by kworker/u8:14/6826: 2 locks held by kworker/u8:15/6828: #0: ffff0000c004c940 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #0: ffff0000c004c940 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 kernel/workqueue.c:3397 #1: ffff8000947b7c40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #1: ffff8000947b7c40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 kernel/workqueue.c:3397 4 locks held by kworker/u8:16/7901: #0: ffff0000c004b940 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #0: ffff0000c004b940 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 kernel/workqueue.c:3397 #1: ffff800093137c40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline] #1: ffff800093137c40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 kernel/workqueue.c:3397 #2: ffff800089b97600 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80 #3: ffff0000f2470780 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6645 [inline] #3: ffff0000f2470780 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2454 [inline] #3: ffff0000f2470780 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x14c/0x112c net/wireless/reg.c:2469 3 locks held by kworker/u8:17/7902: 5 locks held by kworker/u8:18/7903: 3 locks held by kworker/u8:19/7904: 3 locks held by kworker/u8:20/7905: 4 locks held by kworker/u8:21/7908: 3 locks held by kworker/u8:22/7909: 3 locks held by kworker/u8:23/7911: 4 locks held by syz-executor/7999: #0: ffff0000fde7cea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x2c/0xb8 net/bluetooth/hci_core.c:500 #1: ffff0000fde7c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x424/0xd88 net/bluetooth/hci_sync.c:5356 #2: ffff800089cf73e0 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2151 [inline] #2: ffff800089cf73e0 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xb0/0x238 net/bluetooth/hci_conn.c:2734 #3: ffff0000db4adaf8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x88/0x440 net/bluetooth/l2cap_core.c:1777 1 lock held by syz.5.739/8291: #0: ffff0000d9c7f678 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:592 [inline] #0: ffff0000d9c7f678 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x68/0x26c kernel/exit.c:557 2 locks held by syz.5.739/8292: 4 locks held by kworker/1:7/8345: 2 locks held by modprobe/8346: 3 locks held by kworker/1:8/8347: 3 locks held by kworker/u8:24/8348: 1 lock held by syz-executor/8350: =============================================