INFO: task kworker/1:0:23 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0     state:D
 stack:21488 pid:23    tgid:23    ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: events request_firmware_work_func
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5387 [inline]
 __schedule+0xf89/0x4840 kernel/sched/core.c:7188
 __schedule_loop kernel/sched/core.c:7267 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7282
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7339
 __mutex_lock_common kernel/locking/mutex.c:712 [inline]
 __mutex_lock+0xced/0x1b10 kernel/locking/mutex.c:806
 device_lock include/linux/device.h:1040 [inline]
 ath9k_hif_usb_firmware_fail drivers/net/wireless/ath/ath9k/hif_usb.c:1161 [inline]
 ath9k_hif_usb_firmware_cb+0x3b5/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1294
 request_firmware_work_func+0x13c/0x250 drivers/base/firmware_loader/main.c:1152
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302
 process_scheduled_works kernel/workqueue.c:3385 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x69a/0xc80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:1/10:
 #0: ffff88810006b140 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
 #1: ffffc900000afd18 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
 #2: ffffffff896e94b8 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 kernel/rcu/tree.c:3828
3 locks held by kworker/1:0/23:
 #0: ffff88810006b140 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
 #1: ffffc9000018fd18 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
 #2: ffff88810cb921d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #2: ffff88810cb921d8 (&dev->mutex){....}-{4:4}, at: ath9k_hif_usb_firmware_fail drivers/net/wireless/ath/ath9k/hif_usb.c:1161 [inline]
 #2: ffff88810cb921d8 (&dev->mutex){....}-{4:4}, at: ath9k_hif_usb_firmware_cb+0x3b5/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1294
1 lock held by khungtaskd/30:
 #0: ffffffff896ddaa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff896ddaa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff896ddaa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
4 locks held by kworker/1:2/901:
2 locks held by getty/2924:
 #0: ffff8881086c60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc900000452e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 drivers/tty/n_tty.c:2211
2 locks held by kworker/0:5/5231:
 #0: ffff88810006b140 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
 #1: ffffc9000375fd18 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
3 locks held by kworker/u8:1/7908:
 #0: ffff888100e98940 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
 #1: ffffc90015ce7d18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
 #2: ffffffff8aaf0688 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x9e0 net/core/net_namespace.c:673
1 lock held by syz-executor/9523:
2 locks held by syz-executor/9524:
 #0: ffffffff8aaf0688 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x41e/0x780 net/core/net_namespace.c:575
 #1: ffffffff8ab08ca0 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0x90/0xc60 net/core/dev.c:13105
2 locks held by syz-executor/9525:
 #0: ffffffff8aaf0688 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x41e/0x780 net/core/net_namespace.c:575
 #1: ffffffff896e95e8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
1 lock held by syz-executor/9526:
1 lock held by syz-executor/9527:
1 lock held by syz-executor/9586:
1 lock held by syz-executor/10020:
 #0: ffffffff896e95e8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x141/0x190 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
 watchdog+0xcb1/0x1030 kernel/hung_task.c:561
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x69a/0xc80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 10014 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:1108 [inline]
RIP: 0010:debug_check_no_obj_freed+0x210/0x630 lib/debugobjects.c:1146
Code: 00 00 48 89 c2 31 f6 49 89 df 4c 89 74 24 28 48 c1 ea 03 89 f3 42 80 3c 22 00 0f 85 dd 00 00 00 48 8d 78 18 83 c3 01 4c 8b 30 <48> 89 fa 48 c1 ea 03 42 80 3c 22 00 0f 85 27 03 00 00 48 8b 50 18
RSP: 0018:ffffc9000366f830 EFLAGS: 00000002
RAX: ffff88811ba75d20 RBX: 0000000000000001 RCX: ffffffff818fc278
RDX: 1ffff1102374eba4 RSI: 0000000000000000 RDI: ffff88811ba75d38
RBP: ffffc9000366f960 R08: 0000000000000001 R09: fffff520006cdef4
R10: 0000000000000003 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88815c24f000 R14: ffff8881343f15e8 R15: ffff88815c250000
FS:  0000000000000000(0000) GS:ffff88826878b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9b3df7ee9c CR3: 00000001053a2000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 __free_pages_prepare mm/page_alloc.c:1409 [inline]
 __free_frozen_pages+0x3b4/0xf10 mm/page_alloc.c:2943
 vfree mm/vmalloc.c:3472 [inline]
 vfree+0x15f/0x8d0 mm/vmalloc.c:3436
 kcov_put kernel/kcov.c:442 [inline]
 kcov_put kernel/kcov.c:438 [inline]
 kcov_close+0x34/0x60 kernel/kcov.c:543
 __fput+0x3ff/0xb50 fs/file_table.c:510
 task_work_run+0x150/0x240 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x8d2/0x2a60 kernel/exit.c:975
 do_group_exit+0xd5/0x2a0 kernel/exit.c:1117
 get_signal+0x1ec7/0x21e0 kernel/signal.c:3037
 arch_do_signal_or_restart+0x91/0x7a0 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop+0x7e/0x430 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:328 [inline]
 do_syscall_64+0x682/0x7f0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe91644c4ab
Code: Unable to access opcode bytes at 0x7fe91644c481.
RSP: 002b:00007ffdad7f9f70 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffed RBX: 0000000000000005 RCX: 00007fe91644c4ab
RDX: 00007ffdad7f9fd0 RSI: 0000000000008933 RDI: 0000000000000005
RBP: 00007ffdad7fa290 R08: 00007ffdad7fa260 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 00007fe9171f4620 R14: 0000000000000000 R15: 0000000000000000
 </TASK>