[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 506.267425][ T4835] Bluetooth: hci0: command 0x0409 tx timeout [ 508.346359][ T4835] Bluetooth: hci0: command 0x041b tx timeout [ 510.426132][ T4835] Bluetooth: hci0: command 0x040f tx timeout [ 512.505858][ T4835] Bluetooth: hci0: command 0x0419 tx timeout [ 514.585600][ T4835] Bluetooth: hci0: command 0x0405 tx timeout [ 631.213243][ T4835] Bluetooth: hci0: command 0x0406 tx timeout [ 721.286421][ T1655] INFO: task krfcommd:4780 blocked for more than 143 seconds. [ 721.294023][ T1655] Not tainted 5.14.0-rc7-syzkaller #0 [ 721.301340][ T1655] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 721.310122][ T1655] task:krfcommd state:D stack:29136 pid: 4780 ppid: 2 flags:0x00004000 [ 721.319459][ T1655] Call Trace: [ 721.322743][ T1655] __schedule+0x93a/0x26f0 [ 721.327361][ T1655] ? io_schedule_timeout+0x140/0x140 [ 721.332664][ T1655] schedule+0xd3/0x270 [ 721.336784][ T1655] schedule_preempt_disabled+0xf/0x20 [ 721.342167][ T1655] __mutex_lock+0x7b6/0x10a0 [ 721.346833][ T1655] ? rfcomm_run+0x2ed/0x4a20 [ 721.351532][ T1655] ? mutex_lock_io_nested+0xf00/0xf00 [ 721.356960][ T1655] ? __mutex_unlock_slowpath+0xe2/0x610 [ 721.362705][ T1655] rfcomm_run+0x2ed/0x4a20 [ 721.367445][ T1655] ? find_held_lock+0x2d/0x110 [ 721.372444][ T1655] ? rfcomm_check_accept+0x240/0x240 [ 721.377811][ T1655] ? lock_downgrade+0x6e0/0x6e0 [ 721.382673][ T1655] ? __init_waitqueue_head+0xd0/0xd0 [ 721.388100][ T1655] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 721.394003][ T1655] ? lockdep_hardirqs_on+0x79/0x100 [ 721.399332][ T1655] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 721.405646][ T1655] ? __kthread_parkme+0x15f/0x220 [ 721.411021][ T1655] ? rfcomm_check_accept+0x240/0x240 [ 721.416411][ T1655] kthread+0x3e5/0x4d0 [ 721.420502][ T1655] ? set_kthread_struct+0x130/0x130 [ 721.425721][ T1655] ret_from_fork+0x1f/0x30 [ 721.430315][ T1655] INFO: task syz-executor632:8496 blocked for more than 143 seconds. [ 721.438452][ T1655] Not tainted 5.14.0-rc7-syzkaller #0 [ 721.444339][ T1655] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 721.453066][ T1655] task:syz-executor632 state:D stack:27528 pid: 8496 ppid: 8464 flags:0x00004006 [ 721.462340][ T1655] Call Trace: [ 721.465712][ T1655] __schedule+0x93a/0x26f0 [ 721.470221][ T1655] ? io_schedule_timeout+0x140/0x140 [ 721.475522][ T1655] ? mark_held_locks+0x9f/0xe0 [ 721.480468][ T1655] schedule+0xd3/0x270 [ 721.484548][ T1655] __lock_sock+0x13d/0x260 [ 721.489091][ T1655] ? sock_omalloc+0x180/0x180 [ 721.493792][ T1655] ? finish_wait+0x270/0x270 [ 721.498448][ T1655] ? rwlock_bug.part.0+0x90/0x90 [ 721.503402][ T1655] lock_sock_nested+0xf6/0x120 [ 721.508255][ T1655] rfcomm_sk_state_change+0xb4/0x390 [ 721.513559][ T1655] __rfcomm_dlc_close+0x1b6/0x8a0 [ 721.518648][ T1655] rfcomm_dlc_close+0x1ea/0x240 [ 721.523527][ T1655] __rfcomm_sock_close+0xac/0x260 [ 721.528648][ T1655] rfcomm_sock_shutdown+0xe9/0x210 [ 721.533826][ T1655] rfcomm_sock_release+0x5f/0x140 [ 721.539015][ T1655] __sock_release+0xcd/0x280 [ 721.543703][ T1655] sock_close+0x18/0x20 [ 721.547961][ T1655] __fput+0x288/0x920 [ 721.552065][ T1655] ? __sock_release+0x280/0x280 [ 721.556978][ T1655] task_work_run+0xdd/0x1a0 [ 721.561509][ T1655] do_exit+0xbd4/0x2a60 [ 721.565720][ T1655] ? mm_update_next_owner+0x7a0/0x7a0 [ 721.571177][ T1655] ? lock_downgrade+0x6e0/0x6e0 [ 721.576069][ T1655] do_group_exit+0x125/0x310 [ 721.580712][ T1655] get_signal+0x47f/0x2160 [ 721.585205][ T1655] ? lock_downgrade+0x6e0/0x6e0 [ 721.590141][ T1655] arch_do_signal_or_restart+0x2a9/0x1c40 [ 721.595950][ T1655] ? rfcomm_sock_connect+0x15f/0x460 [ 721.601290][ T1655] ? rfcomm_sock_getname+0x300/0x300 [ 721.606669][ T1655] ? __sys_connect_file+0x4e/0x1a0 [ 721.611812][ T1655] ? get_sigframe_size+0x10/0x10 [ 721.616819][ T1655] ? __sys_connect_file+0x1a0/0x1a0 [ 721.622071][ T1655] exit_to_user_mode_prepare+0x17d/0x290 [ 721.627842][ T1655] syscall_exit_to_user_mode+0x19/0x60 [ 721.633334][ T1655] do_syscall_64+0x42/0xb0 [ 721.637806][ T1655] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 721.643708][ T1655] RIP: 0033:0x445fe9 [ 721.647683][ T1655] RSP: 002b:00007ffe14ff85e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 721.656107][ T1655] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000445fe9 [ 721.664163][ T1655] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004 [ 721.672229][ T1655] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001 [ 721.680260][ T1655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000d642b8 [ 721.688316][ T1655] R13: 0000000000000072 R14: 00007ffe14ff8640 R15: 0000000000000003 [ 721.696374][ T1655] [ 721.696374][ T1655] Showing all locks held in the system: [ 721.704099][ T1655] 1 lock held by khungtaskd/1655: [ 721.709186][ T1655] #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 721.719162][ T1655] 1 lock held by krfcommd/4780: [ 721.724007][ T1655] #0: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20 [ 721.733134][ T1655] 1 lock held by in:imklog/8219: [ 721.738135][ T1655] #0: ffff88802cee9c70 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 721.747408][ T1655] 4 locks held by syz-executor632/8496: [ 721.752952][ T1655] #0: ffff88803a2ef150 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 721.763622][ T1655] #1: ffff888147a42120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210 [ 721.775497][ T1655] #2: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240 [ 721.784978][ T1655] #3: ffff8880196fb128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0 [ 721.794431][ T1655] [ 721.796910][ T1655] ============================================= [ 721.796910][ T1655] [ 721.805319][ T1655] NMI backtrace for cpu 1 [ 721.809728][ T1655] CPU: 1 PID: 1655 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0 [ 721.818057][ T1655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.828099][ T1655] Call Trace: [ 721.831544][ T1655] dump_stack_lvl+0xcd/0x134 [ 721.836189][ T1655] nmi_cpu_backtrace.cold+0x44/0xd7 [ 721.841399][ T1655] ? lapic_can_unplug_cpu+0x80/0x80 [ 721.846627][ T1655] nmi_trigger_cpumask_backtrace+0x1b3/0x230 [ 721.852742][ T1655] watchdog+0xd0a/0xfc0 [ 721.856890][ T1655] ? reset_hung_task_detector+0x30/0x30 [ 721.862422][ T1655] kthread+0x3e5/0x4d0 [ 721.866478][ T1655] ? set_kthread_struct+0x130/0x130 [ 721.871763][ T1655] ret_from_fork+0x1f/0x30 [ 721.876272][ T1655] Sending NMI from CPU 1 to CPUs 0: [ 721.881555][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_idle_do_entry+0x1c6/0x250 [ 721.882499][ T1655] Kernel panic - not syncing: hung_task: blocked tasks [ 721.897255][ T1655] CPU: 1 PID: 1655 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0 [ 721.905578][ T1655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.915636][ T1655] Call Trace: [ 721.918907][ T1655] dump_stack_lvl+0xcd/0x134 [ 721.923513][ T1655] panic+0x306/0x73d [ 721.927535][ T1655] ? __warn_printk+0xf3/0xf3 [ 721.932134][ T1655] ? lapic_can_unplug_cpu+0x80/0x80 [ 721.938640][ T1655] ? preempt_schedule_thunk+0x16/0x18 [ 721.944033][ T1655] ? nmi_trigger_cpumask_backtrace+0x196/0x230 [ 721.950292][ T1655] ? watchdog.cold+0x5/0x158 [ 721.954919][ T1655] watchdog.cold+0x16/0x158 [ 721.959429][ T1655] ? reset_hung_task_detector+0x30/0x30 [ 721.964992][ T1655] kthread+0x3e5/0x4d0 [ 721.969080][ T1655] ? set_kthread_struct+0x130/0x130 [ 721.974544][ T1655] ret_from_fork+0x1f/0x30 [ 721.980469][ T1655] Kernel Offset: disabled [ 721.984794][ T1655] Rebooting in 86400 seconds..