[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  480.654802][   T26] Bluetooth: hci0: command 0x0409 tx timeout
[  482.733947][ T2961] Bluetooth: hci0: command 0x041b tx timeout
[  484.813914][ T2961] Bluetooth: hci0: command 0x040f tx timeout
[  486.893813][ T2961] Bluetooth: hci0: command 0x0419 tx timeout
[  488.973675][ T2961] Bluetooth: hci0: command 0x0405 tx timeout
[  600.724834][ T2961] Bluetooth: hci0: command 0x0406 tx timeout
[  721.516812][ T1636] INFO: task krfcommd:4782 blocked for more than 143 seconds.
[  721.524532][ T1636]       Not tainted 5.14.0-rc6-syzkaller #0
[  721.531457][ T1636] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.540688][ T1636] task:krfcommd        state:D stack:29440 pid: 4782 ppid:     2 flags:0x00004000
[  721.550050][ T1636] Call Trace:
[  721.553337][ T1636]  __schedule+0x93a/0x26f0
[  721.557948][ T1636]  ? io_schedule_timeout+0x140/0x140
[  721.563357][ T1636]  schedule+0xd3/0x270
[  721.567648][ T1636]  schedule_preempt_disabled+0xf/0x20
[  721.573037][ T1636]  __mutex_lock+0x7b6/0x10a0
[  721.577696][ T1636]  ? rfcomm_run+0x2ed/0x4a20
[  721.582404][ T1636]  ? mutex_lock_io_nested+0xf00/0xf00
[  721.587937][ T1636]  ? __mutex_unlock_slowpath+0xe2/0x610
[  721.593537][ T1636]  rfcomm_run+0x2ed/0x4a20
[  721.598041][ T1636]  ? find_held_lock+0x2d/0x110
[  721.602897][ T1636]  ? rfcomm_check_accept+0x240/0x240
[  721.608333][ T1636]  ? lock_downgrade+0x6e0/0x6e0
[  721.613243][ T1636]  ? __init_waitqueue_head+0xd0/0xd0
[  721.618678][ T1636]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  721.624562][ T1636]  ? lockdep_hardirqs_on+0x79/0x100
[  721.630031][ T1636]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.636345][ T1636]  ? __kthread_parkme+0x15f/0x220
[  721.641519][ T1636]  ? rfcomm_check_accept+0x240/0x240
[  721.646969][ T1636]  kthread+0x3e5/0x4d0
[  721.651064][ T1636]  ? set_kthread_struct+0x130/0x130
[  721.656260][ T1636]  ret_from_fork+0x1f/0x30
[  721.660861][ T1636] INFO: task syz-executor703:8502 blocked for more than 143 seconds.
[  721.669093][ T1636]       Not tainted 5.14.0-rc6-syzkaller #0
[  721.674989][ T1636] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.683843][ T1636] task:syz-executor703 state:D stack:27528 pid: 8502 ppid:  8470 flags:0x00004006
[  721.693259][ T1636] Call Trace:
[  721.696621][ T1636]  __schedule+0x93a/0x26f0
[  721.701067][ T1636]  ? io_schedule_timeout+0x140/0x140
[  721.706354][ T1636]  ? mark_held_locks+0x9f/0xe0
[  721.711187][ T1636]  schedule+0xd3/0x270
[  721.715275][ T1636]  __lock_sock+0x13d/0x260
[  721.719824][ T1636]  ? sock_omalloc+0x180/0x180
[  721.724541][ T1636]  ? finish_wait+0x270/0x270
[  721.729208][ T1636]  ? rwlock_bug.part.0+0x90/0x90
[  721.734195][ T1636]  lock_sock_nested+0xf6/0x120
[  721.739041][ T1636]  rfcomm_sk_state_change+0xb4/0x390
[  721.744371][ T1636]  __rfcomm_dlc_close+0x1b6/0x8a0
[  721.749496][ T1636]  rfcomm_dlc_close+0x1ea/0x240
[  721.754380][ T1636]  __rfcomm_sock_close+0xac/0x260
[  721.759509][ T1636]  rfcomm_sock_shutdown+0xe9/0x210
[  721.764630][ T1636]  rfcomm_sock_release+0x5f/0x140
[  721.769815][ T1636]  __sock_release+0xcd/0x280
[  721.774594][ T1636]  sock_close+0x18/0x20
[  721.778833][ T1636]  __fput+0x288/0x920
[  721.782900][ T1636]  ? __sock_release+0x280/0x280
[  721.787855][ T1636]  task_work_run+0xdd/0x1a0
[  721.792381][ T1636]  do_exit+0xbd4/0x2a60
[  721.796717][ T1636]  ? mm_update_next_owner+0x7a0/0x7a0
[  721.802185][ T1636]  ? lock_downgrade+0x6e0/0x6e0
[  721.807129][ T1636]  do_group_exit+0x125/0x310
[  721.811735][ T1636]  get_signal+0x47f/0x2160
[  721.816207][ T1636]  ? lock_downgrade+0x6e0/0x6e0
[  721.821136][ T1636]  arch_do_signal_or_restart+0x2a9/0x1c40
[  721.827361][ T1636]  ? rfcomm_sock_connect+0x15f/0x460
[  721.832690][ T1636]  ? rfcomm_sock_getname+0x300/0x300
[  721.838073][ T1636]  ? __sys_connect_file+0x4e/0x1a0
[  721.843210][ T1636]  ? get_sigframe_size+0x10/0x10
[  721.848229][ T1636]  ? __sys_connect_file+0x1a0/0x1a0
[  721.853468][ T1636]  exit_to_user_mode_prepare+0x17d/0x290
[  721.859456][ T1636]  syscall_exit_to_user_mode+0x19/0x60
[  721.864944][ T1636]  do_syscall_64+0x42/0xb0
[  721.869442][ T1636]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  721.875353][ T1636] RIP: 0033:0x445fe9
[  721.879317][ T1636] RSP: 002b:00007fff39df2c98 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  721.887830][ T1636] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000445fe9
[  721.895825][ T1636] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004
[  721.903892][ T1636] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001
[  721.912003][ T1636] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000015332b8
[  721.920087][ T1636] R13: 0000000000000072 R14: 00007fff39df2cf0 R15: 0000000000000003
[  721.928174][ T1636] 
[  721.928174][ T1636] Showing all locks held in the system:
[  721.936007][ T1636] 6 locks held by kworker/u4:6/797:
[  721.941312][ T1636] 1 lock held by khungtaskd/1636:
[  721.946448][ T1636]  #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  721.956664][ T1636] 1 lock held by krfcommd/4782:
[  721.961761][ T1636]  #0: ffffffff8d3046e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20
[  721.970979][ T1636] 2 locks held by in:imklog/8160:
[  721.976361][ T1636]  #0: ffff8880137b3270 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  721.985724][ T1636]  #1: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x233/0x26f0
[  721.994791][ T1636] 4 locks held by syz-executor703/8502:
[  722.000584][ T1636]  #0: ffff88803a582c10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  722.011205][ T1636]  #1: ffff888147a69120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210
[  722.023088][ T1636]  #2: ffffffff8d3046e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240
[  722.032605][ T1636]  #3: ffff88801d30ad28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0
[  722.042412][ T1636] 
[  722.044742][ T1636] =============================================
[  722.044742][ T1636] 
[  722.053252][ T1636] NMI backtrace for cpu 1
[  722.057680][ T1636] CPU: 1 PID: 1636 Comm: khungtaskd Not tainted 5.14.0-rc6-syzkaller #0
[  722.066104][ T1636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  722.076167][ T1636] Call Trace:
[  722.079527][ T1636]  dump_stack_lvl+0xcd/0x134
[  722.084178][ T1636]  nmi_cpu_backtrace.cold+0x44/0xd7
[  722.089465][ T1636]  ? lapic_can_unplug_cpu+0x80/0x80
[  722.094813][ T1636]  nmi_trigger_cpumask_backtrace+0x1b3/0x230
[  722.100840][ T1636]  watchdog+0xd0a/0xfc0
[  722.105000][ T1636]  ? reset_hung_task_detector+0x30/0x30
[  722.110548][ T1636]  kthread+0x3e5/0x4d0
[  722.114711][ T1636]  ? set_kthread_struct+0x130/0x130
[  722.119926][ T1636]  ret_from_fork+0x1f/0x30
[  722.124495][ T1636] Sending NMI from CPU 1 to CPUs 0:
[  722.130396][    C0] NMI backtrace for cpu 0
[  722.130406][    C0] CPU: 0 PID: 797 Comm: kworker/u4:6 Not tainted 5.14.0-rc6-syzkaller #0
[  722.130417][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  722.130426][    C0] Workqueue: events_unbound toggle_allocation_gate
[  722.130439][    C0] RIP: 0010:perf_event_text_poke+0x96/0x170
[  722.130451][    C0] Code: 00 00 00 48 89 84 24 a0 00 00 00 31 c0 e8 02 a0 de ff be 04 00 00 00 48 c7 c7 58 c4 6c 8d e8 71 40 25 00 44 8b 2d 52 b9 d5 0b <31> ff 44 89 ee e8 20 a7 de ff 45 85 ed 75 4e e8 d6 9f de ff e8 d1
[  722.130466][    C0] RSP: 0018:ffffc9000389fa00 EFLAGS: 00000246
[  722.130478][    C0] RAX: 0000000000000001 RBX: 1ffff92000713f41 RCX: ffffffff81970aff
[  722.130486][    C0] RDX: fffffbfff1ad988c RSI: 0000000000000004 RDI: ffffffff8d6cc458
[  722.130495][    C0] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffff8d6cc45b
[  722.130504][    C0] R10: fffffbfff1ad988b R11: 000000000000003f R12: 0000000000000005
[  722.130513][    C0] R13: 0000000000000000 R14: ffffffff8eed2289 R15: ffffc9000389fb68
[  722.130523][    C0] FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[  722.130532][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  722.130540][    C0] CR2: 00007fec34f2f000 CR3: 000000000b68e000 CR4: 00000000001506f0
[  722.130549][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  722.130558][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  722.130565][    C0] Call Trace:
[  722.130570][    C0]  ? kmem_cache_alloc_bulk+0x156/0x490
[  722.130577][    C0]  ? perf_event_bpf_event+0x4e0/0x4e0
[  722.130583][    C0]  ? __text_poke+0x8c0/0x8c0
[  722.130589][    C0]  ? text_poke_loc_init+0x340/0x340
[  722.130595][    C0]  ? kmem_cache_alloc_bulk+0x157/0x490
[  722.130601][    C0]  text_poke_bp_batch+0x32b/0x560
[  722.130608][    C0]  ? alternatives_enable_smp+0xf0/0xf0
[  722.130614][    C0]  ? mutex_lock_io_nested+0xf00/0xf00
[  722.130620][    C0]  ? __jump_label_patch+0xdf/0x1b0
[  722.130627][    C0]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  722.130634][    C0]  ? __jump_label_update+0x351/0x400
[  722.130640][    C0]  text_poke_finish+0x16/0x30
[  722.130646][    C0]  arch_jump_label_transform_apply+0x13/0x20
[  722.130653][    C0]  jump_label_update+0x1d5/0x430
[  722.130660][    C0]  static_key_disable_cpuslocked+0x152/0x1b0
[  722.130666][    C0]  static_key_disable+0x16/0x20
[  722.130672][    C0]  toggle_allocation_gate+0x185/0x390
[  722.130678][    C0]  ? lock_release+0x720/0x720
[  722.130684][    C0]  ? wake_up_kfence_timer+0x20/0x20
[  722.130690][    C0]  process_one_work+0x98d/0x1630
[  722.130696][    C0]  ? pwq_dec_nr_in_flight+0x320/0x320
[  722.130703][    C0]  ? rwlock_bug.part.0+0x90/0x90
[  722.130709][    C0]  ? _raw_spin_lock_irq+0x41/0x50
[  722.130715][    C0]  worker_thread+0x658/0x11f0
[  722.130721][    C0]  ? process_one_work+0x1630/0x1630
[  722.130727][    C0]  kthread+0x3e5/0x4d0
[  722.130732][    C0]  ? set_kthread_struct+0x130/0x130
[  722.130738][    C0]  ret_from_fork+0x1f/0x30
[  722.146573][ T1636] Kernel panic - not syncing: hung_task: blocked tasks
[  722.426880][ T1636] CPU: 1 PID: 1636 Comm: khungtaskd Not tainted 5.14.0-rc6-syzkaller #0
[  722.435201][ T1636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  722.445360][ T1636] Call Trace:
[  722.448635][ T1636]  dump_stack_lvl+0xcd/0x134
[  722.453320][ T1636]  panic+0x306/0x73d
[  722.457253][ T1636]  ? __warn_printk+0xf3/0xf3
[  722.461844][ T1636]  ? lapic_can_unplug_cpu+0x80/0x80
[  722.467342][ T1636]  ? preempt_schedule_thunk+0x16/0x18
[  722.472717][ T1636]  ? nmi_trigger_cpumask_backtrace+0x196/0x230
[  722.478868][ T1636]  ? watchdog.cold+0x5/0x158
[  722.483673][ T1636]  watchdog.cold+0x16/0x158
[  722.488175][ T1636]  ? reset_hung_task_detector+0x30/0x30
[  722.493933][ T1636]  kthread+0x3e5/0x4d0
[  722.498001][ T1636]  ? set_kthread_struct+0x130/0x130
[  722.503202][ T1636]  ret_from_fork+0x1f/0x30
[  722.509112][ T1636] Kernel Offset: disabled
[  722.513441][ T1636] Rebooting in 86400 seconds..