[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 503.359908][ T20] Bluetooth: hci0: command 0x0409 tx timeout [ 505.439005][ T20] Bluetooth: hci0: command 0x041b tx timeout [ 507.518787][ T6564] Bluetooth: hci0: command 0x040f tx timeout [ 509.598561][ T6564] Bluetooth: hci0: command 0x0419 tx timeout [ 511.678393][ T6564] Bluetooth: hci0: command 0x0405 tx timeout [ 625.989362][ T6564] Bluetooth: hci0: command 0x0406 tx timeout [ 716.064298][ T27] INFO: task krfcommd:2877 blocked for more than 143 seconds. [ 716.071867][ T27] Not tainted 5.14.0-rc7-next-20210827-syzkaller #0 [ 716.080164][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 716.089360][ T27] task:krfcommd state:D stack:29296 pid: 2877 ppid: 2 flags:0x00004000 [ 716.099192][ T27] Call Trace: [ 716.102482][ T27] __schedule+0x940/0x26f0 [ 716.107396][ T27] ? io_schedule_timeout+0x140/0x140 [ 716.112702][ T27] schedule+0xd3/0x270 [ 716.117147][ T27] schedule_preempt_disabled+0xf/0x20 [ 716.122532][ T27] __mutex_lock+0xa34/0x12f0 [ 716.127652][ T27] ? rfcomm_run+0x2ed/0x4a20 [ 716.132286][ T27] ? mutex_lock_io_nested+0x1150/0x1150 [ 716.138177][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 716.143101][ T27] rfcomm_run+0x2ed/0x4a20 [ 716.147925][ T27] ? find_held_lock+0x2d/0x110 [ 716.152706][ T27] ? rfcomm_check_accept+0x240/0x240 [ 716.158352][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 716.163302][ T27] ? __init_waitqueue_head+0xd0/0xd0 [ 716.168984][ T27] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 716.174904][ T27] ? lockdep_hardirqs_on+0x79/0x100 [ 716.180161][ T27] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 716.186787][ T27] ? __kthread_parkme+0x15f/0x220 [ 716.191866][ T27] ? rfcomm_check_accept+0x240/0x240 [ 716.197816][ T27] kthread+0x3e5/0x4d0 [ 716.201901][ T27] ? set_kthread_struct+0x130/0x130 [ 716.207485][ T27] ret_from_fork+0x1f/0x30 [ 716.211983][ T27] INFO: task syz-executor376:6562 blocked for more than 143 seconds. [ 716.220390][ T27] Not tainted 5.14.0-rc7-next-20210827-syzkaller #0 [ 716.227586][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 716.236378][ T27] task:syz-executor376 state:D stack:27528 pid: 6562 ppid: 6530 flags:0x00004006 [ 716.245682][ T27] Call Trace: [ 716.248967][ T27] __schedule+0x940/0x26f0 [ 716.253422][ T27] ? io_schedule_timeout+0x140/0x140 [ 716.259080][ T27] ? mark_held_locks+0x9f/0xe0 [ 716.263864][ T27] schedule+0xd3/0x270 [ 716.268265][ T27] __lock_sock+0x13d/0x260 [ 716.272765][ T27] ? sock_omalloc+0x180/0x180 [ 716.277791][ T27] ? __rfcomm_dlc_close+0x162/0x8a0 [ 716.283009][ T27] ? finish_wait+0x270/0x270 [ 716.287942][ T27] ? rwlock_bug.part.0+0x90/0x90 [ 716.292899][ T27] lock_sock_nested+0xf6/0x120 [ 716.298179][ T27] rfcomm_sk_state_change+0xb4/0x390 [ 716.303494][ T27] __rfcomm_dlc_close+0x1b6/0x8a0 [ 716.309295][ T27] rfcomm_dlc_close+0x1ea/0x240 [ 716.314586][ T27] __rfcomm_sock_close+0xac/0x260 [ 716.319640][ T27] rfcomm_sock_shutdown+0xe9/0x210 [ 716.325174][ T27] rfcomm_sock_release+0x5f/0x140 [ 716.330216][ T27] __sock_release+0xcd/0x280 [ 716.335198][ T27] sock_close+0x18/0x20 [ 716.339368][ T27] __fput+0x288/0x9f0 [ 716.343395][ T27] ? __sock_release+0x280/0x280 [ 716.348701][ T27] task_work_run+0xdd/0x1a0 [ 716.353228][ T27] do_exit+0xbae/0x2a30 [ 716.357850][ T27] ? mm_update_next_owner+0x7a0/0x7a0 [ 716.363237][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 716.368460][ T27] do_group_exit+0x125/0x310 [ 716.373074][ T27] get_signal+0x47f/0x2160 [ 716.377877][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 716.382748][ T27] arch_do_signal_or_restart+0x2a9/0x1c40 [ 716.388960][ T27] ? rfcomm_sock_connect+0x15f/0x460 [ 716.394568][ T27] ? rfcomm_sock_getname+0x300/0x300 [ 716.399984][ T27] ? __sys_connect_file+0x4e/0x1a0 [ 716.405424][ T27] ? get_sigframe_size+0x10/0x10 [ 716.410375][ T27] ? __sys_connect_file+0x1a0/0x1a0 [ 716.416121][ T27] exit_to_user_mode_prepare+0x17d/0x290 [ 716.421829][ T27] syscall_exit_to_user_mode+0x19/0x60 [ 716.427626][ T27] do_syscall_64+0x42/0xb0 [ 716.432054][ T27] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 716.438276][ T27] RIP: 0033:0x445fe9 [ 716.442176][ T27] RSP: 002b:00007ffdbc811128 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 716.450937][ T27] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000445fe9 [ 716.459013][ T27] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004 [ 716.467243][ T27] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001 [ 716.475279][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000010a22b8 [ 716.483251][ T27] R13: 0000000000000072 R14: 00007ffdbc811180 R15: 0000000000000003 [ 716.491431][ T27] [ 716.491431][ T27] Showing all locks held in the system: [ 716.499620][ T27] 1 lock held by khungtaskd/27: [ 716.505351][ T27] #0: ffffffff8b97fbe0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 716.515355][ T27] 1 lock held by krfcommd/2877: [ 716.520213][ T27] #0: ffffffff8d31e608 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20 [ 716.529346][ T27] 1 lock held by in:imklog/6234: [ 716.534370][ T27] #0: ffff8880731c54f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 716.543608][ T27] 4 locks held by syz-executor376/6562: [ 716.549228][ T27] #0: ffff888075992010 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 716.559868][ T27] #1: ffff888147e3f120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210 [ 716.571715][ T27] #2: ffffffff8d31e608 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240 [ 716.581192][ T27] #3: ffff88801dcab528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0 [ 716.590623][ T27] [ 716.592948][ T27] ============================================= [ 716.592948][ T27] [ 716.601570][ T27] NMI backtrace for cpu 0 [ 716.605890][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.14.0-rc7-next-20210827-syzkaller #0 [ 716.615236][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.625269][ T27] Call Trace: [ 716.628529][ T27] dump_stack_lvl+0xcd/0x134 [ 716.633152][ T27] nmi_cpu_backtrace.cold+0x47/0x144 [ 716.638423][ T27] ? lapic_can_unplug_cpu+0x80/0x80 [ 716.643641][ T27] nmi_trigger_cpumask_backtrace+0x1ae/0x220 [ 716.649639][ T27] watchdog+0xcb7/0xed0 [ 716.653784][ T27] ? trace_sched_process_hang+0x280/0x280 [ 716.659491][ T27] kthread+0x3e5/0x4d0 [ 716.663551][ T27] ? set_kthread_struct+0x130/0x130 [ 716.668737][ T27] ret_from_fork+0x1f/0x30 [ 716.673282][ T27] Sending NMI from CPU 0 to CPUs 1: [ 716.678546][ C1] NMI backtrace for cpu 1 [ 716.678555][ C1] CPU: 1 PID: 2950 Comm: systemd-journal Not tainted 5.14.0-rc7-next-20210827-syzkaller #0 [ 716.678577][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.678588][ C1] RIP: 0010:qlist_free_all+0x98/0xc0 [ 716.678652][ C1] Code: 89 34 24 e8 ca 55 78 ff 48 8b 34 24 48 c1 e8 0c 48 c1 e0 06 4c 01 f0 48 8b 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 48 8b 78 18 9b 49 c7 45 08 00 00 00 00 49 c7 45 00 00 00 00 00 49 c7 45 10 [ 716.678671][ C1] RSP: 0018:ffffc9000cc8fdf8 EFLAGS: 00000202 [ 716.678687][ C1] RAX: ffffea0001edf180 RBX: ffff888078778000 RCX: ffffea0001edf180 [ 716.678702][ C1] RDX: 0000000000000001 RSI: ffff88807b7c7b80 RDI: ffff888010dc6780 [ 716.678715][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e [ 716.678727][ C1] R10: ffffffff81348eca R11: 000000000000003f R12: dffffc0000000000 [ 716.678740][ C1] R13: ffffc9000cc8fe30 R14: ffffea0000000000 R15: ffff88807b7c7b80 [ 716.678754][ C1] FS: 00007fad6d1838c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 716.678773][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 716.678787][ C1] CR2: 00007fad6a55b018 CR3: 000000007c568000 CR4: 00000000001506e0 [ 716.678806][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 716.678818][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 716.678830][ C1] Call Trace: [ 716.678837][ C1] kasan_quarantine_reduce+0x180/0x200 [ 716.678862][ C1] __kasan_slab_alloc+0x95/0xb0 [ 716.678884][ C1] kmem_cache_alloc+0x209/0x390 [ 716.678904][ C1] getname_flags.part.0+0x50/0x4f0 [ 716.678951][ C1] __x64_sys_mkdir+0xda/0x140 [ 716.678970][ C1] do_syscall_64+0x35/0xb0 [ 716.678990][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 716.679015][ C1] RIP: 0033:0x7fad6c43e687 [ 716.679030][ C1] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 716.679049][ C1] RSP: 002b:00007fffe1998f38 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 716.679067][ C1] RAX: ffffffffffffffda RBX: 00007fffe199be50 RCX: 00007fad6c43e687 [ 716.679080][ C1] RDX: 00007fad6ceafa00 RSI: 00000000000001ed RDI: 000055bb9afdd8a0 [ 716.679093][ C1] RBP: 00007fffe1998f70 R08: 0000000000000000 R09: 0000000000000000 [ 716.679105][ C1] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 [ 716.679117][ C1] R13: 0000000000000000 R14: 00007fffe199be50 R15: 00007fffe1999460 [ 716.679541][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 716.931035][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.14.0-rc7-next-20210827-syzkaller #0 [ 716.940391][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.950444][ T27] Call Trace: [ 716.953725][ T27] dump_stack_lvl+0xcd/0x134 [ 716.958317][ T27] panic+0x2b0/0x6dd [ 716.962241][ T27] ? __warn_printk+0xf3/0xf3 [ 716.966838][ T27] ? lapic_can_unplug_cpu+0x80/0x80 [ 716.972032][ T27] ? _flat_send_IPI_mask+0x53/0x60 [ 716.977139][ T27] ? watchdog.cold+0x1b9/0x1de [ 716.981915][ T27] watchdog.cold+0x1ca/0x1de [ 716.986502][ T27] ? trace_sched_process_hang+0x280/0x280 [ 716.992219][ T27] kthread+0x3e5/0x4d0 [ 716.996280][ T27] ? set_kthread_struct+0x130/0x130 [ 717.001472][ T27] ret_from_fork+0x1f/0x30 [ 717.006066][ T27] Kernel Offset: disabled [ 717.010381][ T27] Rebooting in 86400 seconds..