[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.207' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  484.822260][   T20] Bluetooth: hci0: command 0x0409 tx timeout
[  486.901265][   T20] Bluetooth: hci0: command 0x041b tx timeout
[  488.980984][   T20] Bluetooth: hci0: command 0x040f tx timeout
[  491.060650][   T20] Bluetooth: hci0: command 0x0419 tx timeout
[  493.140275][   T20] Bluetooth: hci0: command 0x0405 tx timeout
[  605.606093][   T20] Bluetooth: hci0: command 0x0406 tx timeout
[  721.276086][ T1656] INFO: task krfcommd:4781 blocked for more than 143 seconds.
[  721.284312][ T1656]       Not tainted 5.14.0-rc6-syzkaller #0
[  721.291316][ T1656] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.300632][ T1656] task:krfcommd        state:D stack:29136 pid: 4781 ppid:     2 flags:0x00004000
[  721.310611][ T1656] Call Trace:
[  721.314083][ T1656]  __schedule+0x93a/0x26f0
[  721.319406][ T1656]  ? io_schedule_timeout+0x140/0x140
[  721.324725][ T1656]  schedule+0xd3/0x270
[  721.329284][ T1656]  schedule_preempt_disabled+0xf/0x20
[  721.334685][ T1656]  __mutex_lock+0x7b6/0x10a0
[  721.339787][ T1656]  ? rfcomm_run+0x2ed/0x4a20
[  721.344525][ T1656]  ? mutex_lock_io_nested+0xf00/0xf00
[  721.350802][ T1656]  ? __mutex_unlock_slowpath+0xe2/0x610
[  721.356700][ T1656]  rfcomm_run+0x2ed/0x4a20
[  721.361207][ T1656]  ? find_held_lock+0x2d/0x110
[  721.366214][ T1656]  ? rfcomm_check_accept+0x240/0x240
[  721.371522][ T1656]  ? lock_downgrade+0x6e0/0x6e0
[  721.376531][ T1656]  ? __init_waitqueue_head+0xd0/0xd0
[  721.381980][ T1656]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  721.387904][ T1656]  ? lockdep_hardirqs_on+0x79/0x100
[  721.393190][ T1656]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.399622][ T1656]  ? __kthread_parkme+0x15f/0x220
[  721.404770][ T1656]  ? rfcomm_check_accept+0x240/0x240
[  721.410138][ T1656]  kthread+0x3e5/0x4d0
[  721.414340][ T1656]  ? set_kthread_struct+0x130/0x130
[  721.419789][ T1656]  ret_from_fork+0x1f/0x30
[  721.424353][ T1656] INFO: task syz-executor775:8486 blocked for more than 143 seconds.
[  721.432554][ T1656]       Not tainted 5.14.0-rc6-syzkaller #0
[  721.438682][ T1656] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.447428][ T1656] task:syz-executor775 state:D stack:27528 pid: 8486 ppid:  8454 flags:0x00004006
[  721.456745][ T1656] Call Trace:
[  721.460033][ T1656]  __schedule+0x93a/0x26f0
[  721.464458][ T1656]  ? io_schedule_timeout+0x140/0x140
[  721.469811][ T1656]  ? mark_held_locks+0x9f/0xe0
[  721.474591][ T1656]  schedule+0xd3/0x270
[  721.478819][ T1656]  __lock_sock+0x13d/0x260
[  721.483334][ T1656]  ? sock_omalloc+0x180/0x180
[  721.488091][ T1656]  ? finish_wait+0x270/0x270
[  721.492699][ T1656]  ? rwlock_bug.part.0+0x90/0x90
[  721.497740][ T1656]  lock_sock_nested+0xf6/0x120
[  721.502910][ T1656]  rfcomm_sk_state_change+0xb4/0x390
[  721.508295][ T1656]  __rfcomm_dlc_close+0x1b6/0x8a0
[  721.513378][ T1656]  rfcomm_dlc_close+0x1ea/0x240
[  721.518552][ T1656]  __rfcomm_sock_close+0xac/0x260
[  721.523611][ T1656]  rfcomm_sock_shutdown+0xe9/0x210
[  721.528821][ T1656]  rfcomm_sock_release+0x5f/0x140
[  721.533899][ T1656]  __sock_release+0xcd/0x280
[  721.538741][ T1656]  sock_close+0x18/0x20
[  721.542936][ T1656]  __fput+0x288/0x920
[  721.547087][ T1656]  ? __sock_release+0x280/0x280
[  721.551997][ T1656]  task_work_run+0xdd/0x1a0
[  721.556623][ T1656]  do_exit+0xbd4/0x2a60
[  721.560907][ T1656]  ? mm_update_next_owner+0x7a0/0x7a0
[  721.566709][ T1656]  ? lock_downgrade+0x6e0/0x6e0
[  721.571583][ T1656]  do_group_exit+0x125/0x310
[  721.576240][ T1656]  get_signal+0x47f/0x2160
[  721.580753][ T1656]  ? lock_downgrade+0x6e0/0x6e0
[  721.585600][ T1656]  arch_do_signal_or_restart+0x2a9/0x1c40
[  721.591466][ T1656]  ? rfcomm_sock_connect+0x15f/0x460
[  721.596834][ T1656]  ? rfcomm_sock_getname+0x300/0x300
[  721.602131][ T1656]  ? __sys_connect_file+0x4e/0x1a0
[  721.607294][ T1656]  ? get_sigframe_size+0x10/0x10
[  721.612248][ T1656]  ? __sys_connect_file+0x1a0/0x1a0
[  721.617574][ T1656]  exit_to_user_mode_prepare+0x17d/0x290
[  721.623301][ T1656]  syscall_exit_to_user_mode+0x19/0x60
[  721.628888][ T1656]  do_syscall_64+0x42/0xb0
[  721.633320][ T1656]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  721.639549][ T1656] RIP: 0033:0x445fe9
[  721.643520][ T1656] RSP: 002b:00007ffd5b9aeaa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  721.652111][ T1656] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000445fe9
[  721.660171][ T1656] RDX: 0000000000000080 RSI: 00000000200001c0 RDI: 0000000000000004
[  721.668231][ T1656] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001
[  721.676275][ T1656] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000087e2b8
[  721.684263][ T1656] R13: 0000000000000072 R14: 00007ffd5b9aeb00 R15: 0000000000000003
[  721.692369][ T1656] 
[  721.692369][ T1656] Showing all locks held in the system:
[  721.700190][ T1656] 1 lock held by khungtaskd/1656:
[  721.705222][ T1656]  #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  721.715214][ T1656] 1 lock held by krfcommd/4781:
[  721.720133][ T1656]  #0: ffffffff8d3046e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20
[  721.729430][ T1656] 1 lock held by in:imklog/8162:
[  721.734480][ T1656]  #0: ffff888026c31770 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  721.743923][ T1656] 4 locks held by syz-executor775/8486:
[  721.749569][ T1656]  #0: ffff88803a5f3690 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  721.760341][ T1656]  #1: ffff88801941e120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210
[  721.772221][ T1656]  #2: ffffffff8d3046e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240
[  721.781896][ T1656]  #3: ffff888016268928 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0
[  721.791361][ T1656] 
[  721.793690][ T1656] =============================================
[  721.793690][ T1656] 
[  721.802401][ T1656] NMI backtrace for cpu 0
[  721.806922][ T1656] CPU: 0 PID: 1656 Comm: khungtaskd Not tainted 5.14.0-rc6-syzkaller #0
[  721.815346][ T1656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.825497][ T1656] Call Trace:
[  721.828777][ T1656]  dump_stack_lvl+0xcd/0x134
[  721.833406][ T1656]  nmi_cpu_backtrace.cold+0x44/0xd7
[  721.838665][ T1656]  ? lapic_can_unplug_cpu+0x80/0x80
[  721.843921][ T1656]  nmi_trigger_cpumask_backtrace+0x1b3/0x230
[  721.849952][ T1656]  watchdog+0xd0a/0xfc0
[  721.854105][ T1656]  ? reset_hung_task_detector+0x30/0x30
[  721.859920][ T1656]  kthread+0x3e5/0x4d0
[  721.863990][ T1656]  ? set_kthread_struct+0x130/0x130
[  721.869185][ T1656]  ret_from_fork+0x1f/0x30
[  721.873763][ T1656] Sending NMI from CPU 0 to CPUs 1:
[  721.879805][    C1] NMI backtrace for cpu 1
[  721.879816][    C1] CPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 5.14.0-rc6-syzkaller #0
[  721.879826][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.879836][    C1] Workqueue: events_unbound toggle_allocation_gate
[  721.879849][    C1] RIP: 0010:rcu_lockdep_current_cpu_online+0x7f/0x150
[  721.879862][    C1] Code: c1 ea 03 80 3c 02 00 0f 85 ad 00 00 00 48 03 1c ed 80 08 32 8b 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 90 00 00 00 48 8d 7b 20 48 8b 6b 18 48 b8 00 00
[  721.879877][    C1] RSP: 0018:ffffc90000f4f8a8 EFLAGS: 00000a06
[  721.879888][    C1] RAX: dffffc0000000000 RBX: ffff8880b9d528c0 RCX: ffffffff815b2b48
[  721.879897][    C1] RDX: 1ffff110173aa51b RSI: 0000000000000003 RDI: ffff8880b9d528d8
[  721.879906][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff8d6cbc17
[  721.879915][    C1] R10: fffffbfff1ad9782 R11: 000000000000003f R12: 0000000000000001
[  721.879924][    C1] R13: 0000000000000000 R14: ffff888010dae138 R15: 0000000000000000
[  721.879933][    C1] FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[  721.879942][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  721.879951][    C1] CR2: 00007f6fa9c44000 CR3: 000000000b68e000 CR4: 00000000001506e0
[  721.879959][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  721.879968][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  721.879976][    C1] Call Trace:
[  721.879981][    C1]  rcu_read_lock_sched_held+0x25/0x70
[  721.879987][    C1]  lock_acquire+0x442/0x510
[  721.879992][    C1]  ? lock_release+0x720/0x720
[  721.879998][    C1]  ? __text_poke+0x5d1/0x8c0
[  721.880003][    C1]  ? lock_downgrade+0x6e0/0x6e0
[  721.880009][    C1]  _raw_spin_lock+0x2a/0x40
[  721.880015][    C1]  ? __get_locked_pte+0x2b6/0x4d0
[  721.880021][    C1]  __get_locked_pte+0x2b6/0x4d0
[  721.880026][    C1]  ? __kmalloc_node+0xc3/0x380
[  721.880031][    C1]  __text_poke+0x1ab/0x8c0
[  721.880035][    C1]  ? text_poke_loc_init+0x340/0x340
[  721.880041][    C1]  ? __kmalloc_node+0xc3/0x380
[  721.880046][    C1]  text_poke_bp_batch+0x3d7/0x560
[  721.880051][    C1]  ? alternatives_enable_smp+0xf0/0xf0
[  721.880057][    C1]  ? mutex_lock_io_nested+0xf00/0xf00
[  721.880062][    C1]  ? __jump_label_patch+0xdf/0x1b0
[  721.880068][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.880074][    C1]  ? __jump_label_update+0x351/0x400
[  721.880079][    C1]  text_poke_finish+0x16/0x30
[  721.880084][    C1]  arch_jump_label_transform_apply+0x13/0x20
[  721.880090][    C1]  jump_label_update+0x1d5/0x430
[  721.880095][    C1]  static_key_disable_cpuslocked+0x152/0x1b0
[  721.880101][    C1]  static_key_disable+0x16/0x20
[  721.880106][    C1]  toggle_allocation_gate+0x185/0x390
[  721.880111][    C1]  ? lock_release+0x720/0x720
[  721.880116][    C1]  ? wake_up_kfence_timer+0x20/0x20
[  721.880122][    C1]  process_one_work+0x98d/0x1630
[  721.880127][    C1]  ? pwq_dec_nr_in_flight+0x320/0x320
[  721.880132][    C1]  ? rwlock_bug.part.0+0x90/0x90
[  721.880138][    C1]  ? _raw_spin_lock_irq+0x41/0x50
[  721.880143][    C1]  worker_thread+0x658/0x11f0
[  721.880148][    C1]  ? process_one_work+0x1630/0x1630
[  721.880153][    C1]  kthread+0x3e5/0x4d0
[  721.880157][    C1]  ? set_kthread_struct+0x130/0x130
[  721.880162][    C1]  ret_from_fork+0x1f/0x30
[  721.895831][ T1656] Kernel panic - not syncing: hung_task: blocked tasks
[  722.206606][ T1656] CPU: 0 PID: 1656 Comm: khungtaskd Not tainted 5.14.0-rc6-syzkaller #0
[  722.214929][ T1656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  722.225083][ T1656] Call Trace:
[  722.228357][ T1656]  dump_stack_lvl+0xcd/0x134
[  722.232952][ T1656]  panic+0x306/0x73d
[  722.236898][ T1656]  ? __warn_printk+0xf3/0xf3
[  722.241485][ T1656]  ? lapic_can_unplug_cpu+0x80/0x80
[  722.246695][ T1656]  ? preempt_schedule_thunk+0x16/0x18
[  722.252153][ T1656]  ? nmi_trigger_cpumask_backtrace+0x196/0x230
[  722.258315][ T1656]  ? watchdog.cold+0x5/0x158
[  722.262927][ T1656]  watchdog.cold+0x16/0x158
[  722.267433][ T1656]  ? reset_hung_task_detector+0x30/0x30
[  722.272975][ T1656]  kthread+0x3e5/0x4d0
[  722.277039][ T1656]  ? set_kthread_struct+0x130/0x130
[  722.282255][ T1656]  ret_from_fork+0x1f/0x30
[  722.288449][ T1656] Kernel Offset: disabled
[  722.292777][ T1656] Rebooting in 86400 seconds..