Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
INFO: task kworker/u5:5:317 blocked for more than 143 seconds.
      Not tainted 5.18.0-next-20220603 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u5:5    state:D stack:27488 pid:  317 ppid:     2 flags:0x00004000
Workqueue: hci5 hci_power_on
Call Trace:
 <TASK>
 __schedule+0x893/0x2470
 schedule+0xd2/0x1f0
 schedule_timeout+0x1c5/0x280
 __wait_for_common+0x36f/0x4b0
 __flush_work+0x53f/0xae0
 __cancel_work_timer+0x398/0x4d0
 hci_dev_close_sync+0x82/0xf20
 hci_power_on+0x1d2/0x630
 process_one_work+0xa1c/0x16a0
 worker_thread+0x637/0x1250
 kthread+0x2f2/0x3b0
 ret_from_fork+0x22/0x30
 </TASK>
INFO: task syz-executor.6:5200 blocked for more than 143 seconds.
      Not tainted 5.18.0-next-20220603 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.6  state:D stack:28040 pid: 5200 ppid:     1 flags:0x00000000
Call Trace:
 <TASK>
 __schedule+0x893/0x2470
 schedule+0xd2/0x1f0
 schedule_timeout+0x1c5/0x280
 __wait_for_common+0x36f/0x4b0
 __flush_workqueue+0x360/0x1110
 hci_dev_open+0x180/0x360
 hci_sock_ioctl+0x2f1/0x910
 sock_do_ioctl+0xd2/0x230
 sock_ioctl+0x41c/0x670
 __x64_sys_ioctl+0x196/0x210
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7fcfd9fd88d7
RSP: 002b:00007ffef2e48e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffef2e49548 RCX: 00007fcfd9fd88d7
RDX: 0000000000000005 RSI: 00000000400448c9 RDI: 0000000000000003
RBP: 0000000000000003 R08: 00007fcfd7d4f700 R09: 00007fcfd7d4f700
R10: 00007fcfd7d4f9d0 R11: 0000000000000246 R12: 00007fcfda0ecbf0
R13: 00007ffef2e48fe0 R14: 0000000000000000 R15: 00000000000000f8
 </TASK>

Showing all locks held in the system:
2 locks held by pr/ttyS0/14:
1 lock held by khungtaskd/26:
 #0: ffffffff85204680 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
1 lock held by in:imklog/206:
3 locks held by kworker/u5:5/317:
 #0: ffff888016c12138 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work+0x915/0x16a0
 #1: ffff88801b4dfdb0 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_one_work+0x949/0x16a0
 #2: ffff8880437e9048 (&hdev->req_lock){+.+.}-{3:3}, at: hci_power_on+0x1ca/0x630

=============================================