Bluetooth: hci1: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
Bluetooth: hci4: command 0x0406 tx timeout
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
INFO: task kworker/u4:2:164 blocked for more than 140 seconds.
      Not tainted 4.18.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:2    D27392   164      2 0x80080000
Workqueue: events_unbound flush_to_ldisc
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x80c/0x1fc0 kernel/sched/core.c:3501
 schedule+0x7f/0x1b0 kernel/sched/core.c:3545
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3603
 __mutex_lock_common kernel/locking/mutex.c:834 [inline]
 __mutex_lock+0x58a/0x1300 kernel/locking/mutex.c:894
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:909
 flush_to_ldisc+0x3f/0x370 drivers/tty/tty_buffer.c:496
 process_one_work+0x7b9/0x1580 kernel/workqueue.c:2153
 worker_thread+0x85/0xb60 kernel/workqueue.c:2296
 kthread+0x316/0x3d0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:412
INFO: task syz-executor.5:10044 blocked for more than 140 seconds.
      Not tainted 4.18.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D27944 10044  10043 0x00080004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x80c/0x1fc0 kernel/sched/core.c:3501
 schedule+0x7f/0x1b0 kernel/sched/core.c:3545
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3603
 __mutex_lock_common kernel/locking/mutex.c:834 [inline]
 __mutex_lock+0x58a/0x1300 kernel/locking/mutex.c:894
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:909
 tty_buffer_lock_exclusive+0x2b/0x30 drivers/tty/tty_buffer.c:61
 paste_selection+0x113/0x3e0 drivers/tty/vt/selection.c:338
 tioclinux+0x10b/0x390 drivers/tty/vt/vt.c:2693
 vt_ioctl+0x187a/0x2120 drivers/tty/vt/vt_ioctl.c:362
 tty_ioctl+0x456/0x1280 drivers/tty/tty_io.c:2655
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x196/0x1050 fs/ioctl.c:684
 ksys_ioctl+0x62/0x90 fs/ioctl.c:701
 __do_sys_ioctl fs/ioctl.c:708 [inline]
 __se_sys_ioctl fs/ioctl.c:706 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:706
 do_syscall_64+0xda/0x540 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 
RSP: 002b:00007f03c3cf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000006
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffe033f57cf R14: 00007f03c3cf5300 R15: 0000000000022000
INFO: task syz-executor.2:10120 blocked for more than 140 seconds.
      Not tainted 4.18.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D27944 10120   8576 0x00080004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x80c/0x1fc0 kernel/sched/core.c:3501
 schedule+0x7f/0x1b0 kernel/sched/core.c:3545
 schedule_timeout+0x70e/0xd20 kernel/time/timer.c:1777
 down_read_failed drivers/tty/tty_ldsem.c:240 [inline]
 __ldsem_down_read_nested+0x2c3/0x5e0 drivers/tty/tty_ldsem.c:330
 ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365
 tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:263
 paste_selection+0xf1/0x3e0 drivers/tty/vt/selection.c:335
 tioclinux+0x10b/0x390 drivers/tty/vt/vt.c:2693
 vt_ioctl+0x187a/0x2120 drivers/tty/vt/vt_ioctl.c:362
 tty_ioctl+0x456/0x1280 drivers/tty/tty_io.c:2655
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x196/0x1050 fs/ioctl.c:684
 ksys_ioctl+0x62/0x90 fs/ioctl.c:701
 __do_sys_ioctl fs/ioctl.c:708 [inline]
 __se_sys_ioctl fs/ioctl.c:706 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:706
 do_syscall_64+0xda/0x540 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 
RSP: 002b:00007febcabbd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffe90ef36cf R14: 00007febcabbd300 R15: 0000000000022000
INFO: task syz-executor.3:10136 blocked for more than 140 seconds.
      Not tainted 4.18.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D27944 10136  10135 0x00080004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x80c/0x1fc0 kernel/sched/core.c:3501
 schedule+0x7f/0x1b0 kernel/sched/core.c:3545
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3603
 __mutex_lock_common kernel/locking/mutex.c:834 [inline]
 __mutex_lock+0x58a/0x1300 kernel/locking/mutex.c:894
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:909
 tty_buffer_lock_exclusive+0x2b/0x30 drivers/tty/tty_buffer.c:61
 paste_selection+0x113/0x3e0 drivers/tty/vt/selection.c:338
 tioclinux+0x10b/0x390 drivers/tty/vt/vt.c:2693
 vt_ioctl+0x187a/0x2120 drivers/tty/vt/vt_ioctl.c:362
 tty_ioctl+0x456/0x1280 drivers/tty/tty_io.c:2655
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x196/0x1050 fs/ioctl.c:684
 ksys_ioctl+0x62/0x90 fs/ioctl.c:701
 __do_sys_ioctl fs/ioctl.c:708 [inline]
 __se_sys_ioctl fs/ioctl.c:706 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:706
 do_syscall_64+0xda/0x540 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 
RSP: 002b:00007f6c51295188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000006
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffcfdbcf26f R14: 00007f6c51295300 R15: 0000000000022000
INFO: task syz-executor.0:10176 blocked for more than 140 seconds.
      Not tainted 4.18.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0  D27944 10176   8577 0x00080004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x80c/0x1fc0 kernel/sched/core.c:3501
 schedule+0x7f/0x1b0 kernel/sched/core.c:3545
 schedule_timeout+0x70e/0xd20 kernel/time/timer.c:1777
 down_read_failed drivers/tty/tty_ldsem.c:240 [inline]
 __ldsem_down_read_nested+0x2c3/0x5e0 drivers/tty/tty_ldsem.c:330
 ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365
 tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:263
 paste_selection+0xf1/0x3e0 drivers/tty/vt/selection.c:335
 tioclinux+0x10b/0x390 drivers/tty/vt/vt.c:2693
 vt_ioctl+0x187a/0x2120 drivers/tty/vt/vt_ioctl.c:362
 tty_ioctl+0x456/0x1280 drivers/tty/tty_io.c:2655
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x196/0x1050 fs/ioctl.c:684
 ksys_ioctl+0x62/0x90 fs/ioctl.c:701
 __do_sys_ioctl fs/ioctl.c:708 [inline]
 __se_sys_ioctl fs/ioctl.c:706 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:706
 do_syscall_64+0xda/0x540 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 
RSP: 002b:00007fa0f75ba188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038
R13: 00007ffc08389f2f R14: 00007fa0f75ba300 R15: 0000000000022000

Showing all locks held in the system:
1 lock held by ksoftirqd/1/19:
 #0: 00000000c247707a (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1812 [inline]
 #0: 00000000c247707a (&rq->lock){-.-.}, at: __schedule+0x1f6/0x1fc0 kernel/sched/core.c:3439
3 locks held by kworker/u4:2/164:
 #0: 00000000fb9f528a ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x6e8/0x1580 kernel/workqueue.c:2124
 #1: 00000000e6c13756 ((work_completion)(&buf->work)){+.+.}, at: process_one_work+0x71b/0x1580 kernel/workqueue.c:2128
 #2: 000000001abfddb2 (&buf->lock){+.+.}, at: flush_to_ldisc+0x3f/0x370 drivers/tty/tty_buffer.c:496
1 lock held by khungtaskd/1510:
 #0: 00000000ad838357 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4461
1 lock held by in:imklog/7879:
 #0: 000000001a5b597c (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa7/0xd0 fs/file.c:766
2 locks held by syz-executor.5/10043:
2 locks held by syz-executor.5/10044:
 #0: 00000000e22c83d3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365
 #1: 000000002ffb6f14 (&buf->lock){+.+.}, at: tty_buffer_lock_exclusive+0x2b/0x30 drivers/tty/tty_buffer.c:61
1 lock held by syz-executor.2/10120:
 #0: 00000000af485150 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365
2 locks held by syz-executor.1/10123:
2 locks held by syz-executor.2/10125:
2 locks held by syz-executor.3/10135:
2 locks held by syz-executor.3/10136:
 #0: 0000000080536540 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365
 #1: 000000001abfddb2 (&buf->lock){+.+.}, at: tty_buffer_lock_exclusive+0x2b/0x30 drivers/tty/tty_buffer.c:61
2 locks held by syz-executor.0/10157:
1 lock held by syz-executor.0/10176:
 #0: 00000000ae85faa8 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365
2 locks held by syz-executor.4/10165:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1510 Comm: khungtaskd Not tainted 4.18.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x15a/0x20d lib/dump_stack.c:113
 nmi_cpu_backtrace.cold.0+0x13/0xb6 lib/nmi_backtrace.c:103
 nmi_trigger_cpumask_backtrace+0xf6/0x11a lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
 watchdog+0x512/0x940 kernel/hung_task.c:252
 kthread+0x316/0x3d0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:412
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 10123 Comm: syz-executor.1 Not tainted 4.18.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:paste_selection+0x186/0x3e0 drivers/tty/vt/selection.c:342
Code: 00 44 3b 3d 2c ef 60 08 0f 8d fa 00 00 00 65 48 8b 04 25 80 df 01 00 48 8d b8 50 13 00 00 48 89 fa 48 c1 ea 03 42 80 3c 2a 00 <0f> 85 de 01 00 00 48 c7 80 50 13 00 00 5a f2 83 83 49 c7 86 60 ff 
RSP: 0018:ffff8800a0baf830 EFLAGS: 00000246
RAX: ffff8800893ab180 RBX: ffff880088a08880 RCX: 0000000000000001
RDX: 1ffff1001127589a RSI: ffff8800a7473bb8 RDI: ffff8800893ac4d0
RBP: ffff8800a0baf950 R08: 1ffff100111411a1 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffed001114119b
R13: dffffc0000000000 R14: ffff8800a0baf928 R15: 0000000000000000
FS:  00007f1cda651700(0000) GS:ffff8800ba600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8df1ec1000 CR3: 00000000a17e9000 CR4: 0000000000340ef0
Call Trace:
 tioclinux+0x10b/0x390 drivers/tty/vt/vt.c:2693
 vt_ioctl+0x187a/0x2120 drivers/tty/vt/vt_ioctl.c:362
 tty_ioctl+0x456/0x1280 drivers/tty/tty_io.c:2655
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x196/0x1050 fs/ioctl.c:684
 ksys_ioctl+0x62/0x90 fs/ioctl.c:701
 __do_sys_ioctl fs/ioctl.c:708 [inline]
 __se_sys_ioctl fs/ioctl.c:706 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:706
 do_syscall_64+0xda/0x540 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 
RSP: 002b:00007f1cda651188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffe81e8598f R14: 00007f1cda651300 R15: 0000000000022000