Bluetooth: hci1 command 0x0406 tx timeout
Bluetooth: hci2 command 0x0406 tx timeout
Bluetooth: hci4 command 0x0406 tx timeout
Bluetooth: hci0 command 0x0406 tx timeout
Bluetooth: hci5 command 0x0406 tx timeout
BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 186s!
INFO: task kworker/u4:0:5 blocked for more than 140 seconds.
Showing busy workqueues and worker pools:
workqueue events: flags=0x0
      Not tainted 4.14.275-syzkaller #0
  pwq 0:
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:0    D27304     5      2 0x80000000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 cpus=0 node=0 flags=0x0 nice=0 active=13/256 refcnt=14
    in-flight: 3:rtc_timer_do_work
    pending: defense_work_handler, defense_work_handler, macvlan_process_broadcast, defense_work_handler, defense_work_handler, defense_work_handler
, defense_work_handler
, vmstat_shepherd
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
, cache_reap, macvlan_process_broadcast, macvlan_process_broadcast, macvlan_process_broadcast
workqueue events_unbound: flags=0x2
 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
  pwq 4: cpus=0-1 flags=0x4 nice=0 active=4/512 refcnt=7
    in-flight: 10583:fsnotify_mark_destroy_workfn fsnotify_mark_destroy_workfn, 5:fsnotify_connector_destroy_workfn fsnotify_connector_destroy_workfn
workqueue events_power_efficient: flags=0x80
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=5/256 refcnt=6
    pending: fb_flashcursor, process_srcu, process_srcu, neigh_periodic_work, do_cache_clean
workqueue mm_percpu_wq: flags=0x8
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=2/256 refcnt=4
    pending: lru_add_drain_per_cpu BAR(12614), vmstat_update
workqueue cgroup_pidlist_destroy: flags=0x0
  pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=2
    pending: cgroup_pidlist_destroy_work_fn
workqueue bat_events: flags=0xe000a
  pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=9
    pending: batadv_nc_worker
    delayed: batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker
pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=186s workers=5 idle: 4645 3625 9129 24
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x272/0x430 kernel/sched/completion.c:123
pool 4: cpus=0-1 flags=0x4 nice=0 hung=0s workers=8 idle: 126 22 9440 2904 34
 __synchronize_srcu+0x10a/0x1d0 kernel/rcu/srcutree.c:898
 fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:156
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
INFO: task kworker/u4:7:10583 blocked for more than 140 seconds.
      Not tainted 4.14.275-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:7    D29056 10583      2 0x80000000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x272/0x430 kernel/sched/completion.c:123
 __synchronize_srcu+0x10a/0x1d0 kernel/rcu/srcutree.c:898
 fsnotify_mark_destroy_workfn+0xed/0x2e0 fs/notify/mark.c:757
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
INFO: task systemd-udevd:12590 blocked for more than 140 seconds.
      Not tainted 4.14.275-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd   D28640 12590   4631 0x00000304
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 btrfs_scan_one_device+0x77/0x330 fs/btrfs/volumes.c:1147
 btrfs_control_ioctl+0x150/0x200 fs/btrfs/super.c:2211
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fe215e47017
RSP: 002b:00007fffbeed78c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe215e47017
RDX: 00007fffbeed78e0 RSI: 0000000090009427 RDI: 000000000000000f
RBP: 00007fffbeed78e0 R08: 0000000000000000 R09: 0000000000000138
R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000000f
R13: 0000000000000000 R14: 000055afee4123e0 R15: 000055afee40eca0
INFO: task syz-executor.4:12614 blocked for more than 140 seconds.
      Not tainted 4.14.275-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4  D28896 12614   7994 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x272/0x430 kernel/sched/completion.c:123
 flush_work+0x3fe/0x770 kernel/workqueue.c:2894
 lru_add_drain_all_cpuslocked+0x2e6/0x450 mm/swap.c:722
 lru_add_drain_all+0xf/0x20 mm/swap.c:730
 invalidate_bdev+0x8a/0xc0 fs/block_dev.c:109
 loop_clr_fd+0x4c8/0xc20 drivers/block/loop.c:1062
 lo_ioctl+0x895/0x1cd0 drivers/block/loop.c:1424
 __blkdev_driver_ioctl block/ioctl.c:297 [inline]
 blkdev_ioctl+0x540/0x1830 block/ioctl.c:594
 block_ioctl+0xd9/0x120 fs/block_dev.c:1893
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f9086801e07
RSP: 002b:00007f9085176f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000200010c0 RCX: 00007f9086801e07
RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000004
RBP: 00007f90851776b8 R08: 00007f9085177020 R09: 0000000020000040
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000016 R14: 00007f9085176fe0 R15: 0000000020001280
INFO: task syz-executor.3:12636 blocked for more than 140 seconds.
      Not tainted 4.14.275-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D27208 12636   7993 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 lru_add_drain_all_cpuslocked+0x6c/0x450 mm/swap.c:704
 lru_add_drain_all+0xf/0x20 mm/swap.c:730
 invalidate_bdev+0x8a/0xc0 fs/block_dev.c:109
 btrfs_get_bdev_and_sb+0xb0/0x2c0 fs/btrfs/volumes.c:311
 __btrfs_open_devices+0x172/0xa30 fs/btrfs/volumes.c:994
 btrfs_open_devices+0x98/0xb0 fs/btrfs/volumes.c:1066
 btrfs_mount+0xb24/0x1fe0 fs/btrfs/super.c:1606
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
 vfs_kern_mount+0x3c/0x60 fs/namespace.c:1036
 mount_subvol fs/btrfs/super.c:1398 [inline]
 btrfs_mount+0x42a/0x1fe0 fs/btrfs/super.c:1569
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2572 [inline]
 do_mount+0xe65/0x2a10 fs/namespace.c:2902
 SYSC_mount fs/namespace.c:3118 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3095
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fd9d736657a
RSP: 002b:00007fd9d5cb8f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007fd9d736657a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fd9d5cb8fe0
RBP: 00007fd9d5cb9020 R08: 00007fd9d5cb9020 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
R13: 0000000020000100 R14: 00007fd9d5cb8fe0 R15: 0000000020000a40
INFO: task syz-executor.0:12629 blocked for more than 140 seconds.
      Not tainted 4.14.275-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0  D28864 12629   7990 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common+0x272/0x430 kernel/sched/completion.c:123
 __synchronize_srcu+0x10a/0x1d0 kernel/rcu/srcutree.c:898
 install_new_memslots+0xed/0x260 arch/x86/kvm/../../../virt/kvm/kvm_main.c:919
 __kvm_set_memory_region+0x1283/0x1ab0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1096
 __x86_set_memory_region+0x21b/0x490 arch/x86/kvm/x86.c:8505
 alloc_identity_pagetable arch/x86/kvm/vmx.c:5161 [inline]
 init_rmode_identity_map arch/x86/kvm/vmx.c:5081 [inline]
 vmx_create_vcpu+0xec7/0x29d0 arch/x86/kvm/vmx.c:10099
 kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2573 [inline]
 kvm_vm_ioctl+0x4ca/0x13e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3081
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f009f935049
RSP: 002b:00007f009e2aa168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f009fa47f60 RCX: 00007f009f935049
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
RBP: 00007f009f98f08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffed8bc2a9f R14: 00007f009e2aa300 R15: 0000000000022000
INFO: task syz-executor.0:12639 blocked for more than 140 seconds.
      Not tainted 4.14.275-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0  D29760 12639   7990 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 kvm_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1118 [inline]
 kvm_vm_ioctl_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1131 [inline]
 kvm_vm_ioctl+0x3d8/0x13e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3091
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f009f934e07
RSP: 002b:00007f009e2875d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000020fe8000 RCX: 00007f009f934e07
RDX: 00007f009e287d10 RSI: 000000004020ae46 RDI: 0000000000000004
RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000006
R10: 0000000000000004 R11: 0000000000000246 R12: 00000000fec00000
R13: 00007f009e287d10 R14: 0000000000000001 R15: 0000000020fe8000
INFO: task syz-executor.0:12644 blocked for more than 140 seconds.
      Not tainted 4.14.275-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0  D30216 12644   7990 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 kvm_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1118 [inline]
 kvm_vm_ioctl_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1131 [inline]
 kvm_vm_ioctl+0x3d8/0x13e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3091
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f009f935049
RSP: 002b:00007f009e268168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f009fa48100 RCX: 00007f009f935049
RDX: 0000000020000180 RSI: 000000004020ae46 RDI: 0000000000000004
RBP: 00007f009f98f08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffed8bc2a9f R14: 00007f009e268300 R15: 0000000000022000
INFO: task syz-executor.0:12650 blocked for more than 140 seconds.
      Not tainted 4.14.275-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0  D29344 12650   7990 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 init_rmode_identity_map arch/x86/kvm/vmx.c:5074 [inline]
 vmx_create_vcpu+0xe56/0x29d0 arch/x86/kvm/vmx.c:10099
 kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2573 [inline]
 kvm_vm_ioctl+0x4ca/0x13e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3081
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f009f935049
RSP: 002b:00007f009e247168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f009fa481d0 RCX: 00007f009f935049
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000013
RBP: 00007f009f98f08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffed8bc2a9f R14: 00007f009e247300 R15: 0000000000022000
INFO: task syz-executor.0:12653 blocked for more than 140 seconds.
      Not tainted 4.14.275-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0  D30216 12653   7990 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2811 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3387
 schedule+0x8d/0x1b0 kernel/sched/core.c:3431
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 kvm_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1118 [inline]
 kvm_vm_ioctl_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1131 [inline]
 kvm_vm_ioctl+0x3d8/0x13e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3091
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f009f935049
RSP: 002b:00007f009e226168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f009fa482a0 RCX: 00007f009f935049
RDX: 00000000200000c0 RSI: 000000004020ae46 RDI: 0000000000000013
RBP: 00007f009f98f08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffed8bc2a9f R14: 00007f009e226300 R15: 0000000000022000

Showing all locks held in the system:
2 locks held by kworker/u4:0/5:
 #0:  ("events_unbound"){+.+.}, at: [<ffffffff81364ee0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  (connector_reaper_work){+.+.}, at: [<ffffffff81364f16>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
1 lock held by khungtaskd/1533:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff87022f4c>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
2 locks held by kworker/u4:7/10583:
 #0:  ("events_unbound"){+.+.}, at: [<ffffffff81364ee0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((reaper_work).work){+.+.}, at: [<ffffffff81364f16>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
1 lock held by systemd-udevd/12590:
 #0:  (uuid_mutex){+.+.}, at: [<ffffffff82a74507>] btrfs_scan_one_device+0x77/0x330 fs/btrfs/volumes.c:1147
3 locks held by syz-executor.4/12614:
 #0:  (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff838de417>] lo_ioctl+0x87/0x1cd0 drivers/block/loop.c:1414
 #1:  (cpu_hotplug_lock.rw_sem){++++}, at: [<ffffffff816ca93a>] get_online_cpus include/linux/cpu.h:145 [inline]
 #1:  (cpu_hotplug_lock.rw_sem){++++}, at: [<ffffffff816ca93a>] lru_add_drain_all+0xa/0x20 mm/swap.c:729
 #2:  (lock#6){+.+.}, at: [<ffffffff816ca54c>] lru_add_drain_all_cpuslocked+0x6c/0x450 mm/swap.c:704
3 locks held by syz-executor.3/12636:
 #0:  (uuid_mutex){+.+.}, at: [<ffffffff82a5e4a2>] btrfs_open_devices+0x22/0xb0 fs/btrfs/volumes.c:1061
 #1:  (cpu_hotplug_lock.rw_sem){++++}, at: [<ffffffff816ca93a>] get_online_cpus include/linux/cpu.h:145 [inline]
 #1:  (cpu_hotplug_lock.rw_sem){++++}, at: [<ffffffff816ca93a>] lru_add_drain_all+0xa/0x20 mm/swap.c:729
 #2:  (lock#6){+.+.}, at: [<ffffffff816ca54c>] lru_add_drain_all_cpuslocked+0x6c/0x450 mm/swap.c:704
1 lock held by syz-executor.0/12629:
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff811599d6>] init_rmode_identity_map arch/x86/kvm/vmx.c:5074 [inline]
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff811599d6>] vmx_create_vcpu+0xe56/0x29d0 arch/x86/kvm/vmx.c:10099
1 lock held by syz-executor.0/12639:
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff81061418>] kvm_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1118 [inline]
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff81061418>] kvm_vm_ioctl_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1131 [inline]
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff81061418>] kvm_vm_ioctl+0x3d8/0x13e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3091
1 lock held by syz-executor.0/12644:
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff81061418>] kvm_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1118 [inline]
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff81061418>] kvm_vm_ioctl_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1131 [inline]
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff81061418>] kvm_vm_ioctl+0x3d8/0x13e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3091
1 lock held by syz-executor.0/12650:
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff811599d6>] init_rmode_identity_map arch/x86/kvm/vmx.c:5074 [inline]
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff811599d6>] vmx_create_vcpu+0xe56/0x29d0 arch/x86/kvm/vmx.c:10099
1 lock held by syz-executor.0/12653:
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff81061418>] kvm_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1118 [inline]
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff81061418>] kvm_vm_ioctl_set_memory_region arch/x86/kvm/../../../virt/kvm/kvm_main.c:1131 [inline]
 #0:  (&kvm->slots_lock){+.+.}, at: [<ffffffff81061418>] kvm_vm_ioctl+0x3d8/0x13e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3091

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1533 Comm: khungtaskd Not tainted 4.14.275-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
 watchdog+0x5b9/0xb40 kernel/hung_task.c:274
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3540 Comm: kworker/u4:5 Not tainted 4.14.275-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
task: ffff8880a93a6340 task.stack: ffff8880a8cb8000
RIP: 0010:__sanitizer_cov_trace_pc+0x9/0x50 kernel/kcov.c:65
RSP: 0018:ffff8880a8cbfcd0 EFLAGS: 00000246
RAX: ffff8880a93a6340 RBX: ffff88808f461e80 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff8880a93a6bc4
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000020012
R10: ffff8880a93a6c18 R11: ffff8880a93a6340 R12: dffffc0000000000
R13: ffff8880a9355b00 R14: ffff88813fe468c0 R15: ffff8880a5e4d400
FS:  0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fda9acaa000 CR3: 00000000a1cc9000 CR4: 00000000003426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rcu_read_unlock include/linux/rcupdate.h:681 [inline]
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:422 [inline]
 batadv_nc_worker+0x838/0xc50 net/batman-adv/network-coding.c:728
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 00 e9 9f fe ff ff 4c 89 e7 e8 04 b1 29 00 e9 2c fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 c0 7f 02 00 <48> 85 c0 74 1a 65 8b 15 fb 3c ad 7e 81 e2 00 01 1f 00 75 0b 8b 
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	e9 9f fe ff ff       	jmpq   0xfffffea4
   5:	4c 89 e7             	mov    %r12,%rdi
   8:	e8 04 b1 29 00       	callq  0x29b111
   d:	e9 2c fe ff ff       	jmpq   0xfffffe3e
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	65 48 8b 04 25 c0 7f 	mov    %gs:0x27fc0,%rax
  28:	02 00
* 2a:	48 85 c0             	test   %rax,%rax <-- trapping instruction
  2d:	74 1a                	je     0x49
  2f:	65 8b 15 fb 3c ad 7e 	mov    %gs:0x7ead3cfb(%rip),%edx        # 0x7ead3d31
  36:	81 e2 00 01 1f 00    	and    $0x1f0100,%edx
  3c:	75 0b                	jne    0x49
  3e:	8b                   	.byte 0x8b