INFO: task kworker/1:1:23 blocked for more than 140 seconds.
      Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:1     D26384    23      2 0x80000000
Workqueue: events_power_efficient reg_check_chans_work
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 reg_check_chans_work+0x77/0xd00 net/wireless/reg.c:1655
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

Showing all locks held in the system:
3 locks held by kworker/1:1/23:
 #0:  ("events_power_efficient"){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((reg_check_chans).work){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
 #2:  (rtnl_mutex){+.+.}, at: [<ffffffff869e6a97>] reg_check_chans_work+0x77/0xd00 net/wireless/reg.c:1655
1 lock held by khungtaskd/1531:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff8702740c>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
3 locks held by kworker/1:2/3303:
 #0:  ("events"){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  (deferred_process_work){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
 #2:  (rtnl_mutex){+.+.}, at: [<ffffffff86fc256a>] switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150
3 locks held by kworker/0:2/3403:
 #0:  ("%s"("ipv6_addrconf")){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((&(&ifa->dad_work)->work)){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
 #2:  (rtnl_mutex){+.+.}, at: [<ffffffff863741b9>] addrconf_dad_work+0x89/0xef0 net/ipv6/addrconf.c:3921
1 lock held by in:imklog/7686:
 #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffff818d6c6b>] __fdget_pos+0x1fb/0x2b0 fs/file.c:819
1 lock held by syz-fuzzer/7957:
 #0:  (&mm->mmap_sem){++++}, at: [<ffffffff812418a8>] __do_page_fault+0x7b8/0xad0 arch/x86/mm/fault.c:1378
1 lock held by syz-fuzzer/7964:
 #0:  (&mm->mmap_sem){++++}, at: [<ffffffff812418a8>] __do_page_fault+0x7b8/0xad0 arch/x86/mm/fault.c:1378
1 lock held by syz-executor.5/7974:
 #0:  (uevent_sock_mutex){+.+.}, at: [<ffffffff86fe7925>] kobject_uevent_env+0x755/0xf30 lib/kobject_uevent.c:460
1 lock held by syz-executor.4/7978:
 #0:  (uevent_sock_mutex){+.+.}, at: [<ffffffff86fe7925>] kobject_uevent_env+0x755/0xf30 lib/kobject_uevent.c:460
3 locks held by kworker/1:3/8011:
 #0:  ("%s"("ipv6_addrconf")){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((addr_chk_work).work){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
 #2:  (rtnl_mutex){+.+.}, at: [<ffffffff86371cfa>] addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4416
2 locks held by syz-executor.4/11536:
 #0:  (&sb->s_type->i_mutex_key#13){+.+.}, at: [<ffffffff85bcb2c6>] inode_lock include/linux/fs.h:719 [inline]
 #0:  (&sb->s_type->i_mutex_key#13){+.+.}, at: [<ffffffff85bcb2c6>] __sock_release+0x86/0x2b0 net/socket.c:601
 #1:  (rtnl_mutex){+.+.}, at: [<ffffffff8642a96a>] ip6mr_sk_done+0x3a/0x230 net/ipv6/ip6mr.c:1625
2 locks held by syz-executor.0/11547:
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317
 #1:  (uevent_sock_mutex){+.+.}, at: [<ffffffff86fe7925>] kobject_uevent_env+0x755/0xf30 lib/kobject_uevent.c:460

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.277-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
 watchdog+0x5b9/0xb40 kernel/hung_task.c:274
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9313 Comm: kworker/u4:6 Not tainted 4.14.277-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_purge_orig
task: ffff8880a9112180 task.stack: ffff8880ab3d0000
RIP: 0010:unwind_next_frame+0xfb0/0x17d0 arch/x86/kernel/unwind_orc.c:474
RSP: 0018:ffff8880ba507a08 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 1ffff110174a0f48 RCX: ffffffff8a6b14a6
RDX: ffff8880ba507b08 RSI: 0000000000000000 RDI: ffffffff8a6b14a8
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: ffff8880ab3d7ca0 R11: 0000000000000001 R12: ffff8880ba507afd
R13: ffff8880ba507b00 R14: ffff8880ba507b18 R15: ffff8880ba507ac8
FS:  0000000000000000(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb84f365f5a CR3: 00000000af938000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44
 save_stack mm/kasan/kasan.c:447 [inline]
 set_track mm/kasan/kasan.c:459 [inline]
 kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551
 slab_post_alloc_hook mm/slab.h:442 [inline]
 slab_alloc_node mm/slab.c:3333 [inline]
 kmem_cache_alloc_node+0x133/0x410 mm/slab.c:3640
 __alloc_skb+0x5c/0x510 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:980 [inline]
 bcm_can_tx+0x1c1/0x680 net/can/bcm.c:300
 bcm_tx_timeout_tsklet+0x179/0x320 net/can/bcm.c:427
 tasklet_action+0x195/0x340 kernel/softirq.c:513
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1016
 </IRQ>
 do_softirq.part.0+0x154/0x1b0 kernel/softirq.c:332
 do_softirq kernel/softirq.c:324 [inline]
 __local_bh_enable_ip+0x12b/0x170 kernel/softirq.c:185
 spin_unlock_bh include/linux/spinlock.h:362 [inline]
 _batadv_purge_orig+0x400/0xef0 net/batman-adv/originator.c:1325
 batadv_purge_orig+0x17/0x60 net/batman-adv/originator.c:1338
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 49 89 f9 41 83 e1 07 45 38 c8 41 0f 9e c1 45 84 c0 41 0f 95 c0 45 84 c1 0f 85 2e 04 00 00 83 e0 07 40 38 c6 41 0f 9e c0 40 84 f6 <0f> 95 c0 41 84 c0 0f 85 15 04 00 00 48 0f bf 71 02 4c 89 ff 4c 
----------------
Code disassembly (best guess):
   0:	49 89 f9             	mov    %rdi,%r9
   3:	41 83 e1 07          	and    $0x7,%r9d
   7:	45 38 c8             	cmp    %r9b,%r8b
   a:	41 0f 9e c1          	setle  %r9b
   e:	45 84 c0             	test   %r8b,%r8b
  11:	41 0f 95 c0          	setne  %r8b
  15:	45 84 c1             	test   %r8b,%r9b
  18:	0f 85 2e 04 00 00    	jne    0x44c
  1e:	83 e0 07             	and    $0x7,%eax
  21:	40 38 c6             	cmp    %al,%sil
  24:	41 0f 9e c0          	setle  %r8b
  28:	40 84 f6             	test   %sil,%sil
* 2b:	0f 95 c0             	setne  %al <-- trapping instruction
  2e:	41 84 c0             	test   %al,%r8b
  31:	0f 85 15 04 00 00    	jne    0x44c
  37:	48 0f bf 71 02       	movswq 0x2(%rcx),%rsi
  3c:	4c 89 ff             	mov    %r15,%rdi
  3f:	4c                   	rex.WR