Bluetooth: hci2 command 0x0409 tx timeout
Bluetooth: hci2 command 0x041b tx timeout
Bluetooth: hci2 command 0x040f tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 262s!
INFO: task kworker/u4:1:29299 blocked for more than 140 seconds.
Showing busy workqueues and worker pools:
workqueue events: flags=0x0
      Not tainted 4.14.293-syzkaller #0
  pwq 0:
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:1    D26992 29299      2 0x80000000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 cpus=0 node=0 flags=0x0 nice=0 active=14/256 refcnt=15
    in-flight: 14598:rtc_timer_do_work
    pending: defense_work_handler, defense_work_handler, vmstat_shepherd, cache_reap, defense_work_handler, nfc_urelease_event_work, rtc_timer_do_work, smc_close_sock_put_work, free_obj_work
, macvlan_process_broadcast
, vhci_open_timeout
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
, macvlan_process_broadcast, proc_cleanup_work
workqueue events_long: flags=0x0
 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=4/256 refcnt=5
    pending: gc_worker, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup
workqueue events_unbound: flags=0x2
  pwq 4: cpus=0-1 flags=0x4 nice=0 active=4/512 refcnt=7
    in-flight: 29299:fsnotify_mark_destroy_workfn fsnotify_mark_destroy_workfn, 26741:fsnotify_connector_destroy_workfn fsnotify_connector_destroy_workfn
workqueue events_power_efficient: flags=0x80
  pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
    in-flight: 17493:sync_cmos_clock
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
    pending: process_srcu, do_cache_clean, neigh_periodic_work
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x272/0x430 kernel/sched/completion.c:123
workqueue netns: flags=0xe000a
  pwq 4:
 cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4
    in-flight: 16509:cleanup_net
workqueue ipv6_addrconf: flags=0x40008
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=2
    pending: addrconf_verify_work
workqueue bat_events: flags=0xe000a
  pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=13
    in-flight: 27031:batadv_nc_worker
    delayed: batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_purge_orig, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet
pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=262s workers=3 idle: 573
 __synchronize_srcu+0x10a/0x1d0 kernel/rcu/srcutree.c:898
 14587
pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=0s workers=4 idle: 27077 23400 14814
pool 4: cpus=0-1 flags=0x4 nice=0 hung=0s workers=7 idle: 27031 5 26996 13543
 fsnotify_mark_destroy_workfn+0xed/0x2e0 fs/notify/mark.c:757
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
INFO: task kworker/u4:3:26741 blocked for more than 140 seconds.
      Not tainted 4.14.293-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:3    D26992 26741      2 0x80000000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x272/0x430 kernel/sched/completion.c:123
 __synchronize_srcu+0x10a/0x1d0 kernel/rcu/srcutree.c:898
 fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:156
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
INFO: task kworker/u4:2:16509 blocked for more than 140 seconds.
      Not tainted 4.14.293-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:2    D28888 16509      2 0x80000000
Workqueue: netns cleanup_net
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x272/0x430 kernel/sched/completion.c:123
 flush_workqueue+0x3ce/0x1310 kernel/workqueue.c:2677
 flush_scheduled_work include/linux/workqueue.h:578 [inline]
 tipc_exit_net+0x38/0x60 net/tipc/core.c:96
 ops_exit_list+0xad/0x160 net/core/net_namespace.c:142
 cleanup_net+0x3b3/0x840 net/core/net_namespace.c:487
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

Showing all locks held in the system:
1 lock held by khungtaskd/1533:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff87024bb9>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
3 locks held by kworker/1:1/17493:
 #0:  ("events_power_efficient"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((sync_cmos_work).work){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
 #2:  (&rtc->ops_lock){+.+.}, at: [<ffffffff84b0b1a5>] rtc_set_time drivers/rtc/interface.c:68 [inline]
 #2:  (&rtc->ops_lock){+.+.}, at: [<ffffffff84b0b1a5>] rtc_set_time+0x55/0x380 drivers/rtc/interface.c:60
2 locks held by kworker/u4:1/29299:
 #0:  ("events_unbound"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((reaper_work).work){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
2 locks held by kworker/u4:3/26741:
 #0:  ("events_unbound"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  (connector_reaper_work){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
3 locks held by kworker/u4:2/16509:
 #0:  ("%s""netns"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  (net_cleanup_work){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
 #2:  (net_mutex){+.+.}, at: [<ffffffff85c1cdb0>] cleanup_net+0x110/0x840 net/core/net_namespace.c:453
1 lock held by syz-executor.4/26934:
 #0:  (&rtc->ops_lock){+.+.}, at: [<ffffffff84b0eafe>] rtc_dev_ioctl+0xce/0x760 drivers/rtc/rtc-dev.c:219
1 lock held by syz-executor.4/27067:
 #0:  (net_mutex){+.+.}, at: [<ffffffff85c1d636>] copy_net_ns+0x156/0x440 net/core/net_namespace.c:413

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1533 Comm: khungtaskd Not tainted 4.14.293-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
 watchdog+0x5b9/0xb40 kernel/hung_task.c:274
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 14598 Comm: kworker/0:2 Not tainted 4.14.293-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Workqueue: events rtc_timer_do_work
task: ffff88807fa9c4c0 task.stack: ffff88808f298000
RIP: 0010:rtc_handle_legacy_irq+0x35/0x180 drivers/rtc/interface.c:514
RSP: 0018:ffff88808f29fba8 EFLAGS: 00000096
RAX: 0000000000000286 RBX: ffff888237965740 RCX: 00000000000078fd
RDX: ffff888237965cc0 RSI: 0000000000000286 RDI: ffff888237965cc0
RBP: 0000000000000001 R08: ffffffff8b9de2e8 R09: 00000000000c0686
R10: ffff88807fa9cdc0 R11: ffff88807fa9c4c0 R12: 0000000000000010
R13: ffff888237965cc8 R14: ffff888237965e20 R15: ffffffff84b0db70
FS:  0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd2caa57000 CR3: 00000000a1bc9000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rtc_timer_do_work+0x1f7/0x5a0 drivers/rtc/interface.c:881
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 89 f5 53 48 89 fb 4c 8d ab 88 05 00 00 48 83 ec 08 e8 d0 6d a4 fc 4c 89 ef e8 68 84 73 02 48 8d bb 80 05 00 00 48 89 fa 48 89 c6 <48> b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 f6 
----------------
Code disassembly (best guess):
   0:	89 f5                	mov    %esi,%ebp
   2:	53                   	push   %rbx
   3:	48 89 fb             	mov    %rdi,%rbx
   6:	4c 8d ab 88 05 00 00 	lea    0x588(%rbx),%r13
   d:	48 83 ec 08          	sub    $0x8,%rsp
  11:	e8 d0 6d a4 fc       	callq  0xfca46de6
  16:	4c 89 ef             	mov    %r13,%rdi
  19:	e8 68 84 73 02       	callq  0x2738486
  1e:	48 8d bb 80 05 00 00 	lea    0x580(%rbx),%rdi
  25:	48 89 fa             	mov    %rdi,%rdx
  28:	48 89 c6             	mov    %rax,%rsi
* 2b:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  32:	fc ff df
  35:	48 c1 ea 03          	shr    $0x3,%rdx
  39:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
  3d:	0f                   	.byte 0xf
  3e:	85 f6                	test   %esi,%esi