DUID 00:04:d9:3a:76:1c:b4:63:be:bc:0b:c2:08:9c:83:36:98:31
forked to background, child pid 3173
[   20.243672][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0
[   20.254666][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
syzkaller login: [   71.186985][   T22] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.228' (ECDSA) to the list of known hosts.
executing program
[  493.668472][ T3627] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  493.675671][ T3627] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  493.682866][ T3627] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  493.690318][ T3627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  493.697827][ T3627] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  493.704952][ T3627] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  495.746040][  T917] Bluetooth: hci0: command 0x0409 tx timeout
[  497.826028][  T917] Bluetooth: hci0: command 0x041b tx timeout
[  499.906019][  T917] Bluetooth: hci0: command 0x040f tx timeout
[  501.986047][  T917] Bluetooth: hci0: command 0x0419 tx timeout
[  504.065981][  T917] Bluetooth: hci0: command 0x0405 tx timeout
[  615.985983][  T917] Bluetooth: hci0: command 0x0406 tx timeout
[  716.306122][   T28] INFO: task krfcommd:2705 blocked for more than 143 seconds.
[  716.313594][   T28]       Tainted: G        W         5.17.0-syzkaller-09727-g34af78c4e616 #0
[  716.322324][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  716.331062][   T28] task:krfcommd        state:D stack:28984 pid: 2705 ppid:     2 flags:0x00004000
[  716.340319][   T28] Call Trace:
[  716.343597][   T28]  <TASK>
[  716.346556][   T28]  __schedule+0x937/0x1090
[  716.351091][   T28]  ? __sched_text_start+0x8/0x8
[  716.355956][   T28]  ? __mutex_trylock_common+0xb3/0x300
[  716.361446][   T28]  ? __might_sleep+0xe0/0xe0
[  716.366105][   T28]  ? do_raw_spin_unlock+0x134/0x8a0
[  716.371302][   T28]  schedule+0xeb/0x1b0
[  716.375440][   T28]  schedule_preempt_disabled+0xf/0x20
[  716.380856][   T28]  __mutex_lock_common+0xd1f/0x2590
[  716.386073][   T28]  ? rfcomm_process_sessions+0x21/0x3f0
[  716.391649][   T28]  ? mutex_lock_io_nested+0x60/0x60
[  716.396856][   T28]  ? __mutex_unlock_slowpath+0x244/0x7d0
[  716.402502][   T28]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  716.408552][   T28]  mutex_lock_nested+0x1a/0x20
[  716.413321][   T28]  rfcomm_process_sessions+0x21/0x3f0
[  716.418717][   T28]  rfcomm_run+0x195/0x2c0
[  716.423043][   T28]  ? rfcomm_security_cfm+0x630/0x630
[  716.428350][   T28]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  716.434238][   T28]  ? wait_woken+0x1b0/0x1b0
[  716.438814][   T28]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  716.444714][   T28]  ? _raw_spin_lock_irq+0xdb/0x110
[  716.449863][   T28]  ? __kthread_parkme+0x166/0x1c0
[  716.454943][   T28]  kthread+0x2a3/0x2d0
[  716.459028][   T28]  ? rfcomm_security_cfm+0x630/0x630
[  716.464308][   T28]  ? kthread_blkcg+0xd0/0xd0
[  716.468939][   T28]  ret_from_fork+0x1f/0x30
[  716.473379][   T28]  </TASK>
[  716.476426][   T28] INFO: task syz-executor721:3630 blocked for more than 143 seconds.
[  716.484477][   T28]       Tainted: G        W         5.17.0-syzkaller-09727-g34af78c4e616 #0
[  716.493176][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  716.501845][   T28] task:syz-executor721 state:D stack:26552 pid: 3630 ppid:  3624 flags:0x00004006
[  716.511062][   T28] Call Trace:
[  716.514333][   T28]  <TASK>
[  716.517279][   T28]  __schedule+0x937/0x1090
[  716.521691][   T28]  ? __sched_text_start+0x8/0x8
[  716.526566][   T28]  ? __local_bh_enable_ip+0x163/0x1f0
[  716.531992][   T28]  ? trace_lock_acquire+0x59/0x190
[  716.537109][   T28]  ? __lock_sock+0x1ca/0x330
[  716.541744][   T28]  ? _local_bh_enable+0xa0/0xa0
[  716.546675][   T28]  schedule+0xeb/0x1b0
[  716.550738][   T28]  __lock_sock+0x1cf/0x330
[  716.555140][   T28]  ? sk_page_frag_refill+0x2f0/0x2f0
[  716.560468][   T28]  ? wake_bit_function+0x230/0x230
[  716.565599][   T28]  ? __rwlock_init+0x140/0x140
[  716.570403][   T28]  ? mutex_lock_io_nested+0x60/0x60
[  716.575599][   T28]  lock_sock_nested+0x9f/0x100
[  716.580387][   T28]  rfcomm_sk_state_change+0x63/0x300
[  716.585669][   T28]  __rfcomm_dlc_close+0x2cc/0x480
[  716.590722][   T28]  rfcomm_dlc_close+0x10d/0x1c0
[  716.595566][   T28]  __rfcomm_sock_close+0x101/0x220
[  716.600686][   T28]  rfcomm_sock_shutdown+0xa5/0x220
[  716.605793][   T28]  rfcomm_sock_release+0x55/0x120
[  716.610841][   T28]  sock_close+0xd8/0x260
[  716.615079][   T28]  ? sock_mmap+0x90/0x90
[  716.619329][   T28]  __fput+0x3fc/0x870
[  716.623398][   T28]  task_work_run+0x146/0x1c0
[  716.628011][   T28]  do_exit+0x5e3/0x20f0
[  716.632162][   T28]  ? get_signal+0x16f8/0x2330
[  716.636984][   T28]  ? mm_update_next_owner+0x6d0/0x6d0
[  716.642349][   T28]  ? __lock_acquire+0x2b00/0x2b00
[  716.647401][   T28]  ? rcu_read_lock_sched_held+0x5f/0x130
[  716.653088][   T28]  ? print_irqtrace_events+0x220/0x220
[  716.658555][   T28]  ? _raw_spin_lock_irq+0xdb/0x110
[  716.663661][   T28]  do_group_exit+0x2af/0x2b0
[  716.668272][   T28]  get_signal+0x1831/0x2330
[  716.672772][   T28]  ? ptrace_notify+0x340/0x340
[  716.677552][   T28]  ? do_raw_spin_unlock+0x134/0x8a0
[  716.682754][   T28]  arch_do_signal_or_restart+0x9c/0x730
[  716.688375][   T28]  ? __sys_connect_file+0x170/0x170
[  716.693565][   T28]  ? get_sigframe_size+0x10/0x10
[  716.698516][   T28]  ? exit_to_user_mode_prepare+0x102/0x200
[  716.704368][   T28]  exit_to_user_mode_prepare+0x165/0x200
[  716.710074][   T28]  ? trace_irq_disable_rcuidle+0x11/0x170
[  716.715836][   T28]  syscall_exit_to_user_mode+0x2e/0x70
[  716.721320][   T28]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  716.727228][   T28] RIP: 0033:0x7fe0cd486c39
[  716.731626][   T28] RSP: 002b:00007fff183b73a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  716.740046][   T28] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 00007fe0cd486c39
[  716.748293][   T28] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004
[  716.756272][   T28] RBP: 0000000000000003 R08: 00007fff183b73d8 R09: 00007fff183b73d8
[  716.764233][   T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00005555568a52b8
[  716.772239][   T28] R13: 0000000000000072 R14: 00007fff183b73c0 R15: 00007fe0cd50de48
[  716.780222][   T28]  </TASK>
[  716.783240][   T28] INFO: lockdep is turned off.
[  716.788016][   T28] NMI backtrace for cpu 0
[  716.792331][   T28] CPU: 0 PID: 28 Comm: khungtaskd Tainted: G        W         5.17.0-syzkaller-09727-g34af78c4e616 #0
[  716.803235][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  716.813274][   T28] Call Trace:
[  716.816543][   T28]  <TASK>
[  716.819459][   T28]  dump_stack_lvl+0x1dc/0x2d8
[  716.824196][   T28]  ? show_regs_print_info+0x12/0x12
[  716.829406][   T28]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[  716.835139][   T28]  ? trace_lock_acquire+0x59/0x190
[  716.840233][   T28]  nmi_cpu_backtrace+0x45f/0x490
[  716.845158][   T28]  ? nmi_trigger_cpumask_backtrace+0x280/0x280
[  716.851294][   T28]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[  716.856993][   T28]  ? _raw_spin_unlock_irqrestore+0x8b/0x130
[  716.862868][   T28]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  716.868930][   T28]  nmi_trigger_cpumask_backtrace+0x16a/0x280
[  716.874910][   T28]  watchdog+0xc82/0xcd0
[  716.879085][   T28]  kthread+0x2a3/0x2d0
[  716.883132][   T28]  ? hungtask_pm_notify+0x50/0x50
[  716.888136][   T28]  ? kthread_blkcg+0xd0/0xd0
[  716.892708][   T28]  ret_from_fork+0x1f/0x30
[  716.897109][   T28]  </TASK>
[  716.900189][   T28] Sending NMI from CPU 0 to CPUs 1:
[  716.905387][    C1] NMI backtrace for cpu 1
[  716.905397][    C1] CPU: 1 PID: 3631 Comm: kworker/u4:1 Tainted: G        W         5.17.0-syzkaller-09727-g34af78c4e616 #0
[  716.905413][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  716.905422][    C1] Workqueue: events_unbound toggle_allocation_gate
[  716.905489][    C1] RIP: 0010:insn_get_prefixes+0x286/0x1930
[  716.905516][    C1] Code: 05 00 00 00 48 8b 44 24 38 42 80 3c 30 00 48 8b 5c 24 18 74 08 48 89 df e8 97 07 7b fd 48 8b 44 24 20 48 89 03 e9 d6 01 00 00 <e8> 75 47 29 fd eb 10 e8 6e 47 29 fd eb 05 e8 67 47 29 fd 4c 8b 2c
[  716.905528][    C1] RSP: 0018:ffffc90003a8f638 EFLAGS: 00000292
[  716.905539][    C1] RAX: 0000000000000000 RBX: ffffc90003a8f9e9 RCX: 1ffff92000751f3c
[  716.905550][    C1] RDX: ffff88801ae69d00 RSI: 00000000000000e9 RDI: 000000000000000f
[  716.905559][    C1] RBP: 1ffffffff03ae465 R08: ffffffff845d2145 R09: ffffc90003a8f980
[  716.905569][    C1] R10: fffff52000751f3b R11: 0000000000000000 R12: ffffffff81d72330
[  716.905578][    C1] R13: ffffc90003a8f980 R14: ffffffff81d7232e R15: ffffffff81d7233d
[  716.905588][    C1] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[  716.905600][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  716.905610][    C1] CR2: 000055af30d726d8 CR3: 000000000ca8e000 CR4: 00000000003506e0
[  716.905622][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  716.905630][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  716.905639][    C1] Call Trace:
[  716.905643][    C1]  <TASK>
[  716.905648][    C1]  ? __text_poke+0x874/0x9f0
[  716.905685][    C1]  ? kmem_cache_alloc+0xdf/0x310
[  716.905719][    C1]  ? trace_lock_release+0x4f/0x150
[  716.905734][    C1]  ? print_irqtrace_events+0x220/0x220
[  716.905748][    C1]  insn_get_opcode+0x1c5/0xa90
[  716.905763][    C1]  ? __lock_acquire+0x2b00/0x2b00
[  716.905776][    C1]  ? _flat_send_IPI_mask+0xf2/0x190
[  716.905792][    C1]  ? trace_lock_acquire+0x59/0x190
[  716.905806][    C1]  insn_get_modrm+0x205/0x760
[  716.905824][    C1]  insn_get_displacement+0x12a/0xa90
[  716.905841][    C1]  insn_get_immediate+0x404/0x1fe0
[  716.905855][    C1]  ? __mutex_trylock_common+0x1a8/0x300
[  716.905868][    C1]  ? kmem_cache_alloc+0xde/0x310
[  716.905884][    C1]  insn_decode+0x350/0x4c0
[  716.905899][    C1]  ? kmem_cache_alloc+0xde/0x310
[  716.905915][    C1]  __jump_label_patch+0xe0/0x2b0
[  716.905928][    C1]  ? kmem_cache_alloc+0xde/0x310
[  716.905943][    C1]  ? arch_jump_label_transform_queue+0xd0/0xd0
[  716.905956][    C1]  ? __mutex_lock_common+0x1914/0x2590
[  716.905973][    C1]  ? kmem_cache_alloc+0xde/0x310
[  716.905988][    C1]  ? kmem_cache_alloc+0xed/0x310
[  716.906002][    C1]  ? kmem_cache_alloc+0xde/0x310
[  716.906023][    C1]  ? static_key_disable_cpuslocked+0x99/0x1b0
[  716.906054][    C1]  ? read_lock_is_recursive+0x10/0x10
[  716.906068][    C1]  ? mutex_lock_io_nested+0x60/0x60
[  716.906083][    C1]  arch_jump_label_transform_queue+0x49/0xd0
[  716.906098][    C1]  __jump_label_update+0x15d/0x350
[  716.906113][    C1]  static_key_disable_cpuslocked+0xcc/0x1b0
[  716.906128][    C1]  static_key_disable+0x16/0x20
[  716.906141][    C1]  toggle_allocation_gate+0x3c8/0x460
[  716.906155][    C1]  ? show_object+0xa0/0xa0
[  716.906165][    C1]  ? do_raw_spin_unlock+0x134/0x8a0
[  716.906180][    C1]  ? __lock_acquire+0x2b00/0x2b00
[  716.906193][    C1]  ? rcu_read_lock_sched_held+0x5f/0x130
[  716.906209][    C1]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[  716.906223][    C1]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  716.906240][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  716.906255][    C1]  process_one_work+0x83c/0x11a0
[  716.906291][    C1]  ? worker_detach_from_pool+0x260/0x260
[  716.906307][    C1]  ? _raw_spin_lock_irqsave+0x120/0x120
[  716.906322][    C1]  ? kthread_data+0x4d/0xc0
[  716.906335][    C1]  ? wq_worker_running+0x95/0x190
[  716.906349][    C1]  worker_thread+0xa6c/0x1290
[  716.906365][    C1]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  716.906381][    C1]  ? _raw_spin_unlock+0x40/0x40
[  716.906399][    C1]  kthread+0x2a3/0x2d0
[  716.906411][    C1]  ? rcu_lock_release+0x20/0x20
[  716.906425][    C1]  ? kthread_blkcg+0xd0/0xd0
[  716.906438][    C1]  ret_from_fork+0x1f/0x30
[  716.906459][    C1]  </TASK>
[  716.906465][    C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.077 msecs
[  716.907432][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[  716.907441][   T28] CPU: 0 PID: 28 Comm: khungtaskd Tainted: G        W         5.17.0-syzkaller-09727-g34af78c4e616 #0
[  716.907457][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  716.907465][   T28] Call Trace:
[  716.907470][   T28]  <TASK>
[  716.907475][   T28]  dump_stack_lvl+0x1dc/0x2d8
[  716.907496][   T28]  ? show_regs_print_info+0x12/0x12
[  716.907516][   T28]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[  716.907541][   T28]  panic+0x313/0x890
[  716.907582][   T28]  ? schedule_preempt_disabled+0x20/0x20
[  716.907603][   T28]  ? nmi_trigger_cpumask_backtrace+0x206/0x280
[  716.907618][   T28]  ? nmi_panic+0x90/0x90
[  716.907633][   T28]  ? preempt_schedule_thunk+0x16/0x18
[  716.907649][   T28]  ? nmi_trigger_cpumask_backtrace+0x206/0x280
[  716.907663][   T28]  ? nmi_trigger_cpumask_backtrace+0x266/0x280
[  716.907680][   T28]  watchdog+0xcc2/0xcd0
[  716.907701][   T28]  kthread+0x2a3/0x2d0
[  716.907714][   T28]  ? hungtask_pm_notify+0x50/0x50
[  716.907728][   T28]  ? kthread_blkcg+0xd0/0xd0
[  716.907743][   T28]  ret_from_fork+0x1f/0x30
[  716.907762][   T28]  </TASK>
[  716.910962][   T28] Kernel Offset: disabled
[  717.434422][   T28] Rebooting in 86400 seconds..