Bluetooth: hci2 command 0x0409 tx timeout
Bluetooth: hci2 command 0x041b tx timeout
Bluetooth: hci2 command 0x040f tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 262s!
INFO: task kworker/u4:1:29299 blocked for more than 140 seconds.
Showing busy workqueues and worker pools:
workqueue events: flags=0x0
Not tainted 4.14.293-syzkaller #0
pwq 0:
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:1 D26992 29299 2 0x80000000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
cpus=0 node=0 flags=0x0 nice=0 active=14/256 refcnt=15
in-flight: 14598:rtc_timer_do_work
pending: defense_work_handler, defense_work_handler, vmstat_shepherd, cache_reap, defense_work_handler, nfc_urelease_event_work, rtc_timer_do_work, smc_close_sock_put_work, free_obj_work
, macvlan_process_broadcast
, vhci_open_timeout
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
, macvlan_process_broadcast, proc_cleanup_work
workqueue events_long: flags=0x0
schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=4/256 refcnt=5
pending: gc_worker, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup
workqueue events_unbound: flags=0x2
pwq 4: cpus=0-1 flags=0x4 nice=0 active=4/512 refcnt=7
in-flight: 29299:fsnotify_mark_destroy_workfn fsnotify_mark_destroy_workfn, 26741:fsnotify_connector_destroy_workfn fsnotify_connector_destroy_workfn
workqueue events_power_efficient: flags=0x80
pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
in-flight: 17493:sync_cmos_clock
pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
pending: process_srcu, do_cache_clean, neigh_periodic_work
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x272/0x430 kernel/sched/completion.c:123
workqueue netns: flags=0xe000a
pwq 4:
cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4
in-flight: 16509:cleanup_net
workqueue ipv6_addrconf: flags=0x40008
pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=2
pending: addrconf_verify_work
workqueue bat_events: flags=0xe000a
pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=13
in-flight: 27031:batadv_nc_worker
delayed: batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_purge_orig, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet
pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=262s workers=3 idle: 573
__synchronize_srcu+0x10a/0x1d0 kernel/rcu/srcutree.c:898
14587
pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=0s workers=4 idle: 27077 23400 14814
pool 4: cpus=0-1 flags=0x4 nice=0 hung=0s workers=7 idle: 27031 5 26996 13543
fsnotify_mark_destroy_workfn+0xed/0x2e0 fs/notify/mark.c:757
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
INFO: task kworker/u4:3:26741 blocked for more than 140 seconds.
Not tainted 4.14.293-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:3 D26992 26741 2 0x80000000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x272/0x430 kernel/sched/completion.c:123
__synchronize_srcu+0x10a/0x1d0 kernel/rcu/srcutree.c:898
fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:156
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
INFO: task kworker/u4:2:16509 blocked for more than 140 seconds.
Not tainted 4.14.293-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:2 D28888 16509 2 0x80000000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x272/0x430 kernel/sched/completion.c:123
flush_workqueue+0x3ce/0x1310 kernel/workqueue.c:2677
flush_scheduled_work include/linux/workqueue.h:578 [inline]
tipc_exit_net+0x38/0x60 net/tipc/core.c:96
ops_exit_list+0xad/0x160 net/core/net_namespace.c:142
cleanup_net+0x3b3/0x840 net/core/net_namespace.c:487
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Showing all locks held in the system:
1 lock held by khungtaskd/1533:
#0: (tasklist_lock){.+.+}, at: [<ffffffff87024bb9>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
3 locks held by kworker/1:1/17493:
#0: ("events_power_efficient"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((sync_cmos_work).work){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&rtc->ops_lock){+.+.}, at: [<ffffffff84b0b1a5>] rtc_set_time drivers/rtc/interface.c:68 [inline]
#2: (&rtc->ops_lock){+.+.}, at: [<ffffffff84b0b1a5>] rtc_set_time+0x55/0x380 drivers/rtc/interface.c:60
2 locks held by kworker/u4:1/29299:
#0: ("events_unbound"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((reaper_work).work){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
2 locks held by kworker/u4:3/26741:
#0: ("events_unbound"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: (connector_reaper_work){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
3 locks held by kworker/u4:2/16509:
#0: ("%s""netns"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: (net_cleanup_work){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (net_mutex){+.+.}, at: [<ffffffff85c1cdb0>] cleanup_net+0x110/0x840 net/core/net_namespace.c:453
1 lock held by syz-executor.4/26934:
#0: (&rtc->ops_lock){+.+.}, at: [<ffffffff84b0eafe>] rtc_dev_ioctl+0xce/0x760 drivers/rtc/rtc-dev.c:219
1 lock held by syz-executor.4/27067:
#0: (net_mutex){+.+.}, at: [<ffffffff85c1d636>] copy_net_ns+0x156/0x440 net/core/net_namespace.c:413
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 1533 Comm: khungtaskd Not tainted 4.14.293-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5b9/0xb40 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 14598 Comm: kworker/0:2 Not tainted 4.14.293-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Workqueue: events rtc_timer_do_work
task: ffff88807fa9c4c0 task.stack: ffff88808f298000
RIP: 0010:rtc_handle_legacy_irq+0x35/0x180 drivers/rtc/interface.c:514
RSP: 0018:ffff88808f29fba8 EFLAGS: 00000096
RAX: 0000000000000286 RBX: ffff888237965740 RCX: 00000000000078fd
RDX: ffff888237965cc0 RSI: 0000000000000286 RDI: ffff888237965cc0
RBP: 0000000000000001 R08: ffffffff8b9de2e8 R09: 00000000000c0686
R10: ffff88807fa9cdc0 R11: ffff88807fa9c4c0 R12: 0000000000000010
R13: ffff888237965cc8 R14: ffff888237965e20 R15: ffffffff84b0db70
FS: 0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd2caa57000 CR3: 00000000a1bc9000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
rtc_timer_do_work+0x1f7/0x5a0 drivers/rtc/interface.c:881
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 89 f5 53 48 89 fb 4c 8d ab 88 05 00 00 48 83 ec 08 e8 d0 6d a4 fc 4c 89 ef e8 68 84 73 02 48 8d bb 80 05 00 00 48 89 fa 48 89 c6 <48> b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 f6
----------------
Code disassembly (best guess):
0: 89 f5 mov %esi,%ebp
2: 53 push %rbx
3: 48 89 fb mov %rdi,%rbx
6: 4c 8d ab 88 05 00 00 lea 0x588(%rbx),%r13
d: 48 83 ec 08 sub $0x8,%rsp
11: e8 d0 6d a4 fc callq 0xfca46de6
16: 4c 89 ef mov %r13,%rdi
19: e8 68 84 73 02 callq 0x2738486
1e: 48 8d bb 80 05 00 00 lea 0x580(%rbx),%rdi
25: 48 89 fa mov %rdi,%rdx
28: 48 89 c6 mov %rax,%rsi
* 2b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax <-- trapping instruction
32: fc ff df
35: 48 c1 ea 03 shr $0x3,%rdx
39: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
3d: 0f .byte 0xf
3e: 85 f6 test %esi,%esi