[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  483.486150][ T3440] Bluetooth: hci0: command 0x0409 tx timeout
[  485.565201][ T3440] Bluetooth: hci0: command 0x041b tx timeout
[  487.645005][ T3440] Bluetooth: hci0: command 0x040f tx timeout
[  489.724771][ T3440] Bluetooth: hci0: command 0x0419 tx timeout
[  491.804527][ T3440] Bluetooth: hci0: command 0x0405 tx timeout
[  605.635151][ T3440] Bluetooth: hci0: command 0x0406 tx timeout
[  721.308561][ T1605] INFO: task krfcommd:4781 blocked for more than 143 seconds.
[  721.316382][ T1605]       Not tainted 5.14.0-rc6-syzkaller #0
[  721.323065][ T1605] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.332273][ T1605] task:krfcommd        state:D stack:29640 pid: 4781 ppid:     2 flags:0x00004000
[  721.341664][ T1605] Call Trace:
[  721.344970][ T1605]  __schedule+0x93a/0x26f0
[  721.349952][ T1605]  ? io_schedule_timeout+0x140/0x140
[  721.355264][ T1605]  schedule+0xd3/0x270
[  721.359789][ T1605]  schedule_preempt_disabled+0xf/0x20
[  721.365180][ T1605]  __mutex_lock+0x7b6/0x10a0
[  721.370195][ T1605]  ? rfcomm_run+0x2ed/0x4a20
[  721.374967][ T1605]  ? mutex_lock_io_nested+0xf00/0xf00
[  721.380775][ T1605]  ? __mutex_unlock_slowpath+0xe2/0x610
[  721.386350][ T1605]  rfcomm_run+0x2ed/0x4a20
[  721.391324][ T1605]  ? find_held_lock+0x2d/0x110
[  721.396196][ T1605]  ? rfcomm_check_accept+0x240/0x240
[  721.401999][ T1605]  ? lock_downgrade+0x6e0/0x6e0
[  721.406878][ T1605]  ? __init_waitqueue_head+0xd0/0xd0
[  721.412797][ T1605]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  721.419036][ T1605]  ? lockdep_hardirqs_on+0x79/0x100
[  721.424306][ T1605]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.431369][ T1605]  ? __kthread_parkme+0x15f/0x220
[  721.436493][ T1605]  ? rfcomm_check_accept+0x240/0x240
[  721.442222][ T1605]  kthread+0x3e5/0x4d0
[  721.446319][ T1605]  ? set_kthread_struct+0x130/0x130
[  721.451950][ T1605]  ret_from_fork+0x1f/0x30
[  721.456476][ T1605] INFO: task syz-executor501:8480 blocked for more than 143 seconds.
[  721.465075][ T1605]       Not tainted 5.14.0-rc6-syzkaller #0
[  721.471316][ T1605] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.480109][ T1605] task:syz-executor501 state:D stack:27528 pid: 8480 ppid:  8448 flags:0x00004006
[  721.489497][ T1605] Call Trace:
[  721.492837][ T1605]  __schedule+0x93a/0x26f0
[  721.497253][ T1605]  ? io_schedule_timeout+0x140/0x140
[  721.502603][ T1605]  ? mark_held_locks+0x9f/0xe0
[  721.507386][ T1605]  schedule+0xd3/0x270
[  721.511629][ T1605]  __lock_sock+0x13d/0x260
[  721.516137][ T1605]  ? sock_omalloc+0x180/0x180
[  721.520887][ T1605]  ? finish_wait+0x270/0x270
[  721.525490][ T1605]  ? rwlock_bug.part.0+0x90/0x90
[  721.530572][ T1605]  lock_sock_nested+0xf6/0x120
[  721.535349][ T1605]  rfcomm_sk_state_change+0xb4/0x390
[  721.540731][ T1605]  __rfcomm_dlc_close+0x1b6/0x8a0
[  721.545794][ T1605]  rfcomm_dlc_close+0x1ea/0x240
[  721.550922][ T1605]  __rfcomm_sock_close+0xac/0x260
[  721.555996][ T1605]  rfcomm_sock_shutdown+0xe9/0x210
[  721.561190][ T1605]  rfcomm_sock_release+0x5f/0x140
[  721.566225][ T1605]  __sock_release+0xcd/0x280
[  721.570984][ T1605]  sock_close+0x18/0x20
[  721.575151][ T1605]  __fput+0x288/0x920
[  721.579252][ T1605]  ? __sock_release+0x280/0x280
[  721.584123][ T1605]  task_work_run+0xdd/0x1a0
[  721.588772][ T1605]  do_exit+0xbd4/0x2a60
[  721.593003][ T1605]  ? mm_update_next_owner+0x7a0/0x7a0
[  721.598445][ T1605]  ? lock_downgrade+0x6e0/0x6e0
[  721.603314][ T1605]  do_group_exit+0x125/0x310
[  721.607903][ T1605]  get_signal+0x47f/0x2160
[  721.612514][ T1605]  ? lock_downgrade+0x6e0/0x6e0
[  721.617383][ T1605]  arch_do_signal_or_restart+0x2a9/0x1c40
[  721.623246][ T1605]  ? rfcomm_sock_connect+0x15f/0x460
[  721.628693][ T1605]  ? rfcomm_sock_getname+0x300/0x300
[  721.633983][ T1605]  ? __sys_connect_file+0x4e/0x1a0
[  721.639158][ T1605]  ? get_sigframe_size+0x10/0x10
[  721.644112][ T1605]  ? __sys_connect_file+0x1a0/0x1a0
[  721.649469][ T1605]  exit_to_user_mode_prepare+0x17d/0x290
[  721.655180][ T1605]  syscall_exit_to_user_mode+0x19/0x60
[  721.660708][ T1605]  do_syscall_64+0x42/0xb0
[  721.665136][ T1605]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  721.671235][ T1605] RIP: 0033:0x445fe9
[  721.675160][ T1605] RSP: 002b:00007ffff756b018 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  721.683655][ T1605] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000445fe9
[  721.691820][ T1605] RDX: 000000000000005a RSI: 0000000020000000 RDI: 0000000000000004
[  721.699885][ T1605] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001
[  721.707887][ T1605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000f9f2b8
[  721.716099][ T1605] R13: 0000000000000072 R14: 00007ffff756b070 R15: 0000000000000003
[  721.724254][ T1605] 
[  721.724254][ T1605] Showing all locks held in the system:
[  721.732346][ T1605] 1 lock held by khungtaskd/1605:
[  721.737374][ T1605]  #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  721.747435][ T1605] 1 lock held by krfcommd/4781:
[  721.752401][ T1605]  #0: ffffffff8d304008 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20
[  721.761533][ T1605] 1 lock held by in:imklog/8161:
[  721.766470][ T1605]  #0: ffff888027cae870 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  721.775782][ T1605] 4 locks held by syz-executor501/8480:
[  721.781418][ T1605]  #0: ffff88802e852c10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  721.792122][ T1605]  #1: ffff88801e259120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210
[  721.803970][ T1605]  #2: ffffffff8d304008 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240
[  721.813521][ T1605]  #3: ffff88801f8c1128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0
[  721.823003][ T1605] 
[  721.825335][ T1605] =============================================
[  721.825335][ T1605] 
[  721.833858][ T1605] NMI backtrace for cpu 0
[  721.838181][ T1605] CPU: 0 PID: 1605 Comm: khungtaskd Not tainted 5.14.0-rc6-syzkaller #0
[  721.846509][ T1605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.856560][ T1605] Call Trace:
[  721.859828][ T1605]  dump_stack_lvl+0xcd/0x134
[  721.864452][ T1605]  nmi_cpu_backtrace.cold+0x44/0xd7
[  721.869640][ T1605]  ? lapic_can_unplug_cpu+0x80/0x80
[  721.874893][ T1605]  nmi_trigger_cpumask_backtrace+0x1b3/0x230
[  721.880922][ T1605]  watchdog+0xd0a/0xfc0
[  721.885069][ T1605]  ? reset_hung_task_detector+0x30/0x30
[  721.890618][ T1605]  kthread+0x3e5/0x4d0
[  721.894674][ T1605]  ? set_kthread_struct+0x130/0x130
[  721.899866][ T1605]  ret_from_fork+0x1f/0x30
[  721.904398][ T1605] Sending NMI from CPU 0 to CPUs 1:
[  721.910287][    C1] NMI backtrace for cpu 1
[  721.910297][    C1] CPU: 1 PID: 4871 Comm: systemd-journal Not tainted 5.14.0-rc6-syzkaller #0
[  721.910308][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.910318][    C1] RIP: 0010:rcu_is_watching+0x5b/0xc0
[  721.910330][    C1] Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 5b 48 03 1c ed 80 e8 31 8b 48 b8 00 00 00 00 00 fc ff df 48 8d bb 48 01 00 00 48 89 fa <48> c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84
[  721.910345][    C1] RSP: 0018:ffffc9000164fc28 EFLAGS: 00000286
[  721.910358][    C1] RAX: dffffc0000000000 RBX: ffff8880b9d528c0 RCX: ffffffff815b2411
[  721.910368][    C1] RDX: ffff8880b9d52a08 RSI: 0000000000000002 RDI: ffff8880b9d52a08
[  721.910377][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff8d6c9b57
[  721.910386][    C1] R10: fffffbfff1ad936a R11: 0000000000000000 R12: 0000000000000001
[  721.910395][    C1] R13: ffffffff81cba9b0 R14: 0000000000000cc0 R15: 0000000000000cc0
[  721.910404][    C1] FS:  00007f87704148c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[  721.910413][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  721.910422][    C1] CR2: 00007f876d760000 CR3: 0000000020441000 CR4: 00000000001506e0
[  721.910431][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  721.910440][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  721.910447][    C1] Call Trace:
[  721.910452][    C1]  rcu_read_lock_sched_held+0x1c/0x70
[  721.910458][    C1]  lock_release+0x522/0x720
[  721.910463][    C1]  ? fs_reclaim_acquire+0xb2/0x160
[  721.910469][    C1]  ? lock_downgrade+0x6e0/0x6e0
[  721.910475][    C1]  ? __lock_acquire+0x162f/0x54a0
[  721.910482][    C1]  ? getname_flags.part.0+0x50/0x4f0
[  721.910488][    C1]  ? getname_flags.part.0+0x50/0x4f0
[  721.910494][    C1]  kmem_cache_alloc+0x3e/0x4a0
[  721.910500][    C1]  getname_flags.part.0+0x50/0x4f0
[  721.910505][    C1]  getname+0x8e/0xd0
[  721.910511][    C1]  do_sys_openat2+0xf5/0x420
[  721.910517][    C1]  ? build_open_flags+0x6f0/0x6f0
[  721.910523][    C1]  ? __context_tracking_exit+0xb8/0xe0
[  721.910529][    C1]  __x64_sys_open+0x119/0x1c0
[  721.910535][    C1]  ? do_sys_open+0x140/0x140
[  721.910541][    C1]  ? __secure_computing+0x104/0x360
[  721.910547][    C1]  do_syscall_64+0x35/0xb0
[  721.910553][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  721.910560][    C1] RIP: 0033:0x7f876f9a3840
[  721.910571][    C1] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
[  721.910586][    C1] RSP: 002b:00007ffddd98eb48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  721.910601][    C1] RAX: ffffffffffffffda RBX: 00007ffddd98ee50 RCX: 00007f876f9a3840
[  721.910610][    C1] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 00005566cd4b1d40
[  721.910618][    C1] RBP: 000000000000000d R08: 00000000000001c0 R09: 00000000ffffffff
[  721.910627][    C1] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff
[  721.910636][    C1] R13: 00005566cd4a6040 R14: 00007ffddd98ee10 R15: 00005566cd4b1e30
[  721.910666][ T1605] Kernel panic - not syncing: hung_task: blocked tasks
[  721.910678][ T1605] CPU: 0 PID: 1605 Comm: khungtaskd Not tainted 5.14.0-rc6-syzkaller #0
[  722.223298][ T1605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  722.233352][ T1605] Call Trace:
[  722.236619][ T1605]  dump_stack_lvl+0xcd/0x134
[  722.241208][ T1605]  panic+0x306/0x73d
[  722.245129][ T1605]  ? __warn_printk+0xf3/0xf3
[  722.249707][ T1605]  ? lockdep_hardirqs_on+0x79/0x100
[  722.254893][ T1605]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  722.261126][ T1605]  ? cpumask_next+0xa4/0xf0
[  722.265616][ T1605]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[  722.271412][ T1605]  ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[  722.277132][ T1605]  ? printk_safe_flush+0xea/0x160
[  722.282147][ T1605]  ? watchdog.cold+0x5/0x158
[  722.286765][ T1605]  watchdog.cold+0x16/0x158
[  722.291258][ T1605]  ? reset_hung_task_detector+0x30/0x30
[  722.296900][ T1605]  kthread+0x3e5/0x4d0
[  722.300964][ T1605]  ? set_kthread_struct+0x130/0x130
[  722.306168][ T1605]  ret_from_fork+0x1f/0x30
[  722.312110][ T1605] Kernel Offset: disabled
[  722.316519][ T1605] Rebooting in 86400 seconds..