Bluetooth: hci0 command 0x0406 tx timeout
Bluetooth: hci2 command 0x0406 tx timeout
Bluetooth: hci3 command 0x0406 tx timeout
INFO: task syz-executor.3:21836 blocked for more than 140 seconds.
      Not tainted 4.14.217-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D28200 21836   7991 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline]
 rwsem_down_read_failed+0x1e6/0x350 kernel/locking/rwsem-xadd.c:309
 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:66 [inline]
 down_read+0x44/0x80 kernel/locking/rwsem.c:26
 __get_super.part.0+0x271/0x390 fs/super.c:678
 __get_super include/linux/spinlock.h:317 [inline]
 get_super+0x2b/0x50 fs/super.c:707
 fsync_bdev+0x14/0xc0 fs/block_dev.c:495
 invalidate_partition+0x74/0xb0 block/genhd.c:1509
 drop_partitions.isra.0+0x83/0x150 block/partition-generic.c:442
 rescan_partitions+0xa9/0x800 block/partition-generic.c:515
 __blkdev_reread_part+0x140/0x1d0 block/ioctl.c:173
 blkdev_reread_part+0x23/0x40 block/ioctl.c:193
 loop_reread_partitions drivers/block/loop.c:624 [inline]
 loop_set_status+0xeeb/0x12b0 drivers/block/loop.c:1193
 loop_set_status64+0x92/0xe0 drivers/block/loop.c:1311
 lo_ioctl+0x587/0x1cd0 drivers/block/loop.c:1441
 __blkdev_driver_ioctl block/ioctl.c:297 [inline]
 blkdev_ioctl+0x540/0x1830 block/ioctl.c:594
 block_ioctl+0xd9/0x120 fs/block_dev.c:1893
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45e087
RSP: 002b:00007fece7ee19e8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045e087
RDX: 00007fece7ee1ab0 RSI: 0000000000004c04 RDI: 0000000000000005
RBP: 000000000119bfc0 R08: 00007fece7ee1a18 R09: 0000000000000000
R10: 00007fece7ee1a1c R11: 0000000000000202 R12: 000000000119bf8c
R13: 00007ffdd02df8ef R14: 00007fece7ee29c0 R15: 000000000119bf8c
INFO: task syz-executor.3:21882 blocked for more than 140 seconds.
      Not tainted 4.14.217-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D29880 21882   7991 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 __blkdev_get+0x191/0x1090 fs/block_dev.c:1455
 blkdev_get+0x441/0x890 fs/block_dev.c:1611
 blkdev_get_by_path+0x38/0xa0 fs/block_dev.c:1692
 mount_bdev+0x4c/0x360 fs/super.c:1092
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0xe53/0x2a00 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3072
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45e219
RSP: 002b:00007fece7e7ec68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e219
RDX: 0000000020000400 RSI: 00000000200001c0 RDI: 0000000020000240
RBP: 000000000119c1c8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c184
R13: 00007ffdd02df8ef R14: 00007fece7e7f9c0 R15: 000000000119c184
INFO: task syz-executor.3:21883 blocked for more than 140 seconds.
      Not tainted 4.14.217-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D29480 21883   7991 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 __blkdev_get+0x191/0x1090 fs/block_dev.c:1455
 blkdev_get+0x88/0x890 fs/block_dev.c:1611
 blkdev_open+0x1cc/0x250 fs/block_dev.c:1772
 do_dentry_open+0x44b/0xec0 fs/open.c:777
 vfs_open+0x105/0x220 fs/open.c:888
 do_last fs/namei.c:3428 [inline]
 path_openat+0x628/0x2970 fs/namei.c:3569
 do_filp_open+0x179/0x3c0 fs/namei.c:3603
 do_sys_open+0x296/0x410 fs/open.c:1081
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x417d11
RSP: 002b:00007fece7e5d980 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000417d11
RDX: 00007fece7e5dba0 RSI: 0000000000000002 RDI: 00007fece7e5dba0
RBP: 0000000000000000 R08: 00007fece7e5da18 R09: 0000000000000000
R10: 00007fece7e5da1c R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000004 R14: 0000000000000004 R15: 0000000000000010

Showing all locks held in the system:
1 lock held by khungtaskd/1528:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff86feead7>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
3 locks held by syz-executor.3/21836:
 #0:  (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff838c1237>] lo_ioctl+0x87/0x1cd0 drivers/block/loop.c:1414
 #1:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff830a0d0b>] blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
 #2:  (&type->s_umount_key#102){.+.+}, at: [<ffffffff818724e1>] __get_super.part.0+0x271/0x390 fs/super.c:678
1 lock held by syz-executor.3/21882:
 #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff8193a1c1>] __blkdev_get+0x191/0x1090 fs/block_dev.c:1455
1 lock held by syz-executor.3/21883:
 #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff8193a1c1>] __blkdev_get+0x191/0x1090 fs/block_dev.c:1455

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1528 Comm: khungtaskd Not tainted 4.14.217-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
 watchdog+0x5b9/0xb40 kernel/hung_task.c:274
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 21845 Comm: syz-executor.3 Not tainted 4.14.217-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888054cf03c0 task.stack: ffff888049c10000
RIP: 0010:__sanitizer_cov_trace_pc+0x41/0x50 kernel/kcov.c:88
RSP: 0018:ffff888049c17700 EFLAGS: 00000016
RAX: 0000000000040000 RBX: 0000000000000008 RCX: ffffc90009b1d000
RDX: 0000000000040000 RSI: ffffffff831835f5 RDI: ffffffff87ccd780
RBP: ffffffff87ccd780 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: ffff888054cf03c0 R12: ffff88805346d150
R13: ffffffff87937f80 R14: 0000000000000200 R15: ffff88805346d150
FS:  00007fece7ec1700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c02009a710 CR3: 00000000a020f000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 check_preemption_disabled+0x15/0x240 lib/smp_processor_id.c:14
 lookup_bh_lru fs/buffer.c:1324 [inline]
 __find_get_block+0xd5/0xc40 fs/buffer.c:1353
 __getblk_slow+0x127/0x7a0 fs/buffer.c:1100
 __getblk_gfp fs/buffer.c:1383 [inline]
 __bread_gfp+0x206/0x2e0 fs/buffer.c:1428
 sb_bread include/linux/buffer_head.h:309 [inline]
 udf_tread+0xe1/0x130 fs/udf/misc.c:44
 udf_read_tagged+0x40/0x4c0 fs/udf/misc.c:210
 udf_check_anchor_block+0x18a/0x590 fs/udf/super.c:1816
 udf_scan_anchors+0x3b9/0x530 fs/udf/super.c:1895
 udf_find_anchor fs/udf/super.c:1913 [inline]
 udf_load_vrs+0x5a1/0xa90 fs/udf/super.c:1978
 udf_fill_super+0x715/0x1680 fs/udf/super.c:2170
 mount_bdev+0x2b3/0x360 fs/super.c:1134
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0xe53/0x2a00 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3072
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45e219
RSP: 002b:00007fece7ec0c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e219
RDX: 0000000020000400 RSI: 00000000200001c0 RDI: 0000000020000240
RBP: 000000000119c078 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c034
R13: 00007ffdd02df8ef R14: 00007fece7ec19c0 R15: 000000000119c034
Code: e2 00 01 1f 00 75 0b 8b 90 58 13 00 00 83 fa 01 74 01 c3 48 8b 34 24 48 8b 88 60 13 00 00 8b 80 5c 13 00 00 48 8b 11 48 83 c2 01 <48> 39 d0 76 e2 48 89 34 d1 48 89 11 c3 66 90 41 54 49 89 fc 48