Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  485.173564][   T25] Bluetooth: hci0: command 0x0409 tx timeout
[  487.252468][   T25] Bluetooth: hci0: command 0x041b tx timeout
[  489.332211][   T25] Bluetooth: hci0: command 0x040f tx timeout
[  491.411876][   T25] Bluetooth: hci0: command 0x0419 tx timeout
[  493.491540][   T25] Bluetooth: hci0: command 0x0405 tx timeout
[  605.637532][   T25] Bluetooth: hci0: command 0x0406 tx timeout
[  716.188095][   T27] INFO: task krfcommd:2876 blocked for more than 143 seconds.
[  716.195781][   T27]       Not tainted 5.14.0-rc7-next-20210825-syzkaller #0
[  716.203985][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  716.212855][   T27] task:krfcommd        state:D stack:29640 pid: 2876 ppid:     2 flags:0x00004000
[  716.222671][   T27] Call Trace:
[  716.225973][   T27]  __schedule+0x940/0x26f0
[  716.231074][   T27]  ? io_schedule_timeout+0x140/0x140
[  716.236769][   T27]  schedule+0xd3/0x270
[  716.241303][   T27]  schedule_preempt_disabled+0xf/0x20
[  716.246724][   T27]  __mutex_lock+0xa34/0x12f0
[  716.251771][   T27]  ? rfcomm_run+0x2ed/0x4a20
[  716.256583][   T27]  ? mutex_lock_io_nested+0x1150/0x1150
[  716.262690][   T27]  ? lock_downgrade+0x6e0/0x6e0
[  716.267715][   T27]  rfcomm_run+0x2ed/0x4a20
[  716.272590][   T27]  ? find_held_lock+0x2d/0x110
[  716.277374][   T27]  ? rfcomm_check_accept+0x240/0x240
[  716.283205][   T27]  ? lock_downgrade+0x6e0/0x6e0
[  716.288591][   T27]  ? __init_waitqueue_head+0xd0/0xd0
[  716.293973][   T27]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  716.300195][   T27]  ? lockdep_hardirqs_on+0x79/0x100
[  716.305561][   T27]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  716.312521][   T27]  ? __kthread_parkme+0x15f/0x220
[  716.317650][   T27]  ? rfcomm_check_accept+0x240/0x240
[  716.323414][   T27]  kthread+0x3e5/0x4d0
[  716.327525][   T27]  ? set_kthread_struct+0x130/0x130
[  716.333204][   T27]  ret_from_fork+0x1f/0x30
[  716.337736][   T27] INFO: task syz-executor289:6597 blocked for more than 143 seconds.
[  716.346244][   T27]       Not tainted 5.14.0-rc7-next-20210825-syzkaller #0
[  716.353742][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  716.362608][   T27] task:syz-executor289 state:D stack:27528 pid: 6597 ppid:  6565 flags:0x00004006
[  716.372164][   T27] Call Trace:
[  716.375975][   T27]  __schedule+0x940/0x26f0
[  716.380867][   T27]  ? io_schedule_timeout+0x140/0x140
[  716.386188][   T27]  ? mark_held_locks+0x9f/0xe0
[  716.391395][   T27]  schedule+0xd3/0x270
[  716.395594][   T27]  __lock_sock+0x13d/0x260
[  716.400531][   T27]  ? sock_omalloc+0x180/0x180
[  716.405245][   T27]  ? __rfcomm_dlc_close+0x162/0x8a0
[  716.410921][   T27]  ? finish_wait+0x270/0x270
[  716.415540][   T27]  ? rwlock_bug.part.0+0x90/0x90
[  716.420938][   T27]  lock_sock_nested+0xf6/0x120
[  716.425740][   T27]  rfcomm_sk_state_change+0xb4/0x390
[  716.431568][   T27]  __rfcomm_dlc_close+0x1b6/0x8a0
[  716.436635][   T27]  rfcomm_dlc_close+0x1ea/0x240
[  716.442103][   T27]  __rfcomm_sock_close+0xac/0x260
[  716.447161][   T27]  rfcomm_sock_shutdown+0xe9/0x210
[  716.452832][   T27]  rfcomm_sock_release+0x5f/0x140
[  716.457960][   T27]  __sock_release+0xcd/0x280
[  716.462643][   T27]  sock_close+0x18/0x20
[  716.466805][   T27]  __fput+0x288/0x9f0
[  716.470924][   T27]  ? __sock_release+0x280/0x280
[  716.475794][   T27]  task_work_run+0xdd/0x1a0
[  716.480389][   T27]  do_exit+0xbae/0x2a30
[  716.484669][   T27]  ? mm_update_next_owner+0x7a0/0x7a0
[  716.490103][   T27]  ? lock_downgrade+0x6e0/0x6e0
[  716.494966][   T27]  do_group_exit+0x125/0x310
[  716.499769][   T27]  get_signal+0x47f/0x2160
[  716.504271][   T27]  ? lock_downgrade+0x6e0/0x6e0
[  716.509226][   T27]  arch_do_signal_or_restart+0x2a9/0x1c40
[  716.515042][   T27]  ? rfcomm_sock_connect+0x15f/0x460
[  716.520685][   T27]  ? rfcomm_sock_getname+0x300/0x300
[  716.526171][   T27]  ? __sys_connect_file+0x4e/0x1a0
[  716.531375][   T27]  ? get_sigframe_size+0x10/0x10
[  716.536354][   T27]  ? __sys_connect_file+0x1a0/0x1a0
[  716.541653][   T27]  exit_to_user_mode_prepare+0x17d/0x290
[  716.547364][   T27]  syscall_exit_to_user_mode+0x19/0x60
[  716.552969][   T27]  do_syscall_64+0x42/0xb0
[  716.557469][   T27]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  716.563469][   T27] RIP: 0033:0x446009
[  716.567462][   T27] RSP: 002b:00007ffc35c45818 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  716.575973][   T27] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000446009
[  716.584026][   T27] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004
[  716.592264][   T27] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001
[  716.600355][   T27] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000005a32b8
[  716.608396][   T27] R13: 0000000000000009 R14: 00007ffc35c45870 R15: 0000000000000003
[  716.616535][   T27] 
[  716.616535][   T27] Showing all locks held in the system:
[  716.624470][   T27] 1 lock held by khungtaskd/27:
[  716.629920][   T27]  #0: ffffffff8b97f800 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  716.640027][   T27] 1 lock held by krfcommd/2876:
[  716.644924][   T27]  #0: ffffffff8d31c588 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20
[  716.654076][   T27] 1 lock held by in:imklog/6256:
[  716.659090][   T27]  #0: ffff8880735a8370 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  716.668398][   T27] 5 locks held by kworker/u4:5/6523:
[  716.674424][   T27] 4 locks held by syz-executor289/6597:
[  716.680088][   T27]  #0: ffff88807bf2a010 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  716.690779][   T27]  #1: ffff88801ca2b120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210
[  716.702741][   T27]  #2: ffffffff8d31c588 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240
[  716.712257][   T27]  #3: ffff888017c65528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0
[  716.721691][   T27] 
[  716.724879][   T27] =============================================
[  716.724879][   T27] 
[  716.733524][   T27] NMI backtrace for cpu 1
[  716.737923][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.14.0-rc7-next-20210825-syzkaller #0
[  716.747515][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  716.757572][   T27] Call Trace:
[  716.760970][   T27]  dump_stack_lvl+0xcd/0x134
[  716.765736][   T27]  nmi_cpu_backtrace.cold+0x47/0x144
[  716.771035][   T27]  ? lapic_can_unplug_cpu+0x80/0x80
[  716.776311][   T27]  nmi_trigger_cpumask_backtrace+0x1ae/0x220
[  716.782367][   T27]  watchdog+0xcb7/0xed0
[  716.786581][   T27]  ? trace_sched_process_hang+0x280/0x280
[  716.792496][   T27]  kthread+0x3e5/0x4d0
[  716.796639][   T27]  ? set_kthread_struct+0x130/0x130
[  716.801880][   T27]  ret_from_fork+0x1f/0x30
[  716.806472][   T27] Sending NMI from CPU 1 to CPUs 0:
[  716.811735][    C0] NMI backtrace for cpu 0
[  716.811747][    C0] CPU: 0 PID: 2965 Comm: systemd-journal Not tainted 5.14.0-rc7-next-20210825-syzkaller #0
[  716.811769][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  716.811780][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x60
[  716.811811][    C0] Code: 81 e1 00 01 00 00 65 48 8b 14 25 40 f0 01 00 a9 00 01 ff 00 74 0e 85 c9 74 35 8b 82 3c 15 00 00 85 c0 74 2b 8b 82 18 15 00 00 <83> f8 02 75 20 48 8b 8a 20 15 00 00 8b 92 1c 15 00 00 48 8b 01 48
[  716.811829][    C0] RSP: 0018:ffffc90002b4fbf0 EFLAGS: 00000246
[  716.811846][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  716.811858][    C0] RDX: ffff88807ad99c80 RSI: ffffffff81348ed4 RDI: 0000000000000003
[  716.811871][    C0] RBP: ffff8880f2add900 R08: 0000000000000000 R09: 000000000000002e
[  716.811883][    C0] R10: ffffffff81348eca R11: 000000000000003f R12: 0000000072add900
[  716.811896][    C0] R13: 000000000000002e R14: ffffea0000000000 R15: ffff888072adc500
[  716.811909][    C0] FS:  00007f5ce141b8c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[  716.811927][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  716.811942][    C0] CR2: 00007f5cde76b000 CR3: 000000001a42c000 CR4: 00000000001506f0
[  716.811954][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  716.811965][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  716.811978][    C0] Call Trace:
[  716.811983][    C0]  __phys_addr+0xc4/0x140
[  716.812059][    C0]  ___cache_free+0x20/0x350
[  716.812096][    C0]  ? qlist_free_all+0x35/0xc0
[  716.812133][    C0]  ? lockdep_hardirqs_on+0x79/0x100
[  716.812155][    C0]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  716.812180][    C0]  qlist_free_all+0x5a/0xc0
[  716.812202][    C0]  kasan_quarantine_reduce+0x180/0x200
[  716.812226][    C0]  __kasan_slab_alloc+0x95/0xb0
[  716.812246][    C0]  kmem_cache_alloc+0x209/0x390
[  716.812291][    C0]  getname_flags.part.0+0x50/0x4f0
[  716.812332][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  716.812357][    C0]  getname+0x8e/0xd0
[  716.812380][    C0]  do_sys_openat2+0xf5/0x4d0
[  716.812400][    C0]  ? seccomp_notify_ioctl+0xdc0/0xdc0
[  716.812425][    C0]  ? build_open_flags+0x6f0/0x6f0
[  716.812465][    C0]  ? __context_tracking_exit+0xb8/0xe0
[  716.812490][    C0]  __x64_sys_open+0x119/0x1c0
[  716.812509][    C0]  ? do_sys_open+0x140/0x140
[  716.812529][    C0]  ? __secure_computing+0x104/0x360
[  716.812560][    C0]  do_syscall_64+0x35/0xb0
[  716.812585][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  716.812609][    C0] RIP: 0033:0x7f5ce09aa840
[  716.812631][    C0] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
[  716.812650][    C0] RSP: 002b:00007ffec45005f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  716.812669][    C0] RAX: ffffffffffffffda RBX: 00007ffec4500900 RCX: 00007f5ce09aa840
[  716.812683][    C0] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055624cc38d20
[  716.812695][    C0] RBP: 000000000000000d R08: 000000000000ffc0 R09: 00000000ffffffff
[  716.812707][    C0] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff
[  716.812718][    C0] R13: 000055624cc2c040 R14: 00007ffec45008c0 R15: 000055624cc387a0
[  716.812740][    C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.005 msecs
[  716.813743][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[  717.147785][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.14.0-rc7-next-20210825-syzkaller #0
[  717.157148][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  717.167196][   T27] Call Trace:
[  717.170476][   T27]  dump_stack_lvl+0xcd/0x134
[  717.175173][   T27]  panic+0x2b0/0x6dd
[  717.179097][   T27]  ? __warn_printk+0xf3/0xf3
[  717.183708][   T27]  ? lapic_can_unplug_cpu+0x80/0x80
[  717.188923][   T27]  ? preempt_schedule_thunk+0x16/0x18
[  717.194383][   T27]  ? nmi_trigger_cpumask_backtrace+0x191/0x220
[  717.200567][   T27]  ? watchdog.cold+0x1b9/0x1de
[  717.205363][   T27]  watchdog.cold+0x1ca/0x1de
[  717.209963][   T27]  ? trace_sched_process_hang+0x280/0x280
[  717.215760][   T27]  kthread+0x3e5/0x4d0
[  717.219848][   T27]  ? set_kthread_struct+0x130/0x130
[  717.225049][   T27]  ret_from_fork+0x1f/0x30
[  717.231065][   T27] Kernel Offset: disabled
[  717.235409][   T27] Rebooting in 86400 seconds..