Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 483.303196][ T35] Bluetooth: hci0: command 0x0409 tx timeout [ 485.382224][ T35] Bluetooth: hci0: command 0x041b tx timeout [ 487.461999][ T35] Bluetooth: hci0: command 0x040f tx timeout [ 489.541652][ T35] Bluetooth: hci0: command 0x0419 tx timeout [ 491.621337][ T35] Bluetooth: hci0: command 0x0405 tx timeout [ 605.528805][ T35] Bluetooth: hci0: command 0x0406 tx timeout [ 721.200143][ T1636] INFO: task krfcommd:4784 blocked for more than 143 seconds. [ 721.207707][ T1636] Not tainted 5.14.0-rc7-syzkaller #0 [ 721.214832][ T1636] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 721.223605][ T1636] task:krfcommd state:D stack:29136 pid: 4784 ppid: 2 flags:0x00004000 [ 721.232899][ T1636] Call Trace: [ 721.236182][ T1636] __schedule+0x93a/0x26f0 [ 721.240780][ T1636] ? io_schedule_timeout+0x140/0x140 [ 721.246083][ T1636] schedule+0xd3/0x270 [ 721.250206][ T1636] schedule_preempt_disabled+0xf/0x20 [ 721.255588][ T1636] __mutex_lock+0x7b6/0x10a0 [ 721.260264][ T1636] ? rfcomm_run+0x2ed/0x4a20 [ 721.264954][ T1636] ? mutex_lock_io_nested+0xf00/0xf00 [ 721.270372][ T1636] ? __mutex_unlock_slowpath+0xe2/0x610 [ 721.275942][ T1636] rfcomm_run+0x2ed/0x4a20 [ 721.280434][ T1636] ? find_held_lock+0x2d/0x110 [ 721.285292][ T1636] ? rfcomm_check_accept+0x240/0x240 [ 721.290644][ T1636] ? lock_downgrade+0x6e0/0x6e0 [ 721.295505][ T1636] ? __init_waitqueue_head+0xd0/0xd0 [ 721.300911][ T1636] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 721.306720][ T1636] ? lockdep_hardirqs_on+0x79/0x100 [ 721.312015][ T1636] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 721.318303][ T1636] ? __kthread_parkme+0x15f/0x220 [ 721.323657][ T1636] ? rfcomm_check_accept+0x240/0x240 [ 721.328969][ T1636] kthread+0x3e5/0x4d0 [ 721.333116][ T1636] ? set_kthread_struct+0x130/0x130 [ 721.338325][ T1636] ret_from_fork+0x1f/0x30 [ 721.342903][ T1636] INFO: task syz-executor828:8495 blocked for more than 143 seconds. [ 721.351174][ T1636] Not tainted 5.14.0-rc7-syzkaller #0 [ 721.357047][ T1636] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 721.365763][ T1636] task:syz-executor828 state:D stack:27528 pid: 8495 ppid: 8463 flags:0x00004006 [ 721.375037][ T1636] Call Trace: [ 721.378320][ T1636] __schedule+0x93a/0x26f0 [ 721.382809][ T1636] ? io_schedule_timeout+0x140/0x140 [ 721.388104][ T1636] ? mark_held_locks+0x9f/0xe0 [ 721.395567][ T1636] schedule+0xd3/0x270 [ 721.400686][ T1636] __lock_sock+0x13d/0x260 [ 721.405262][ T1636] ? sock_omalloc+0x180/0x180 [ 721.409993][ T1636] ? finish_wait+0x270/0x270 [ 721.415120][ T1636] ? rwlock_bug.part.0+0x90/0x90 [ 721.420308][ T1636] lock_sock_nested+0xf6/0x120 [ 721.425216][ T1636] rfcomm_sk_state_change+0xb4/0x390 [ 721.430819][ T1636] __rfcomm_dlc_close+0x1b6/0x8a0 [ 721.435855][ T1636] rfcomm_dlc_close+0x1ea/0x240 [ 721.440943][ T1636] __rfcomm_sock_close+0xac/0x260 [ 721.445993][ T1636] rfcomm_sock_shutdown+0xe9/0x210 [ 721.451170][ T1636] rfcomm_sock_release+0x5f/0x140 [ 721.456208][ T1636] __sock_release+0xcd/0x280 [ 721.460910][ T1636] sock_close+0x18/0x20 [ 721.465071][ T1636] __fput+0x288/0x920 [ 721.469094][ T1636] ? __sock_release+0x280/0x280 [ 721.474002][ T1636] task_work_run+0xdd/0x1a0 [ 721.478517][ T1636] do_exit+0xbd4/0x2a60 [ 721.482794][ T1636] ? mm_update_next_owner+0x7a0/0x7a0 [ 721.488171][ T1636] ? lock_downgrade+0x6e0/0x6e0 [ 721.493077][ T1636] do_group_exit+0x125/0x310 [ 721.497676][ T1636] get_signal+0x47f/0x2160 [ 721.502201][ T1636] ? lock_downgrade+0x6e0/0x6e0 [ 721.507331][ T1636] arch_do_signal_or_restart+0x2a9/0x1c40 [ 721.513193][ T1636] ? rfcomm_sock_connect+0x15f/0x460 [ 721.518501][ T1636] ? rfcomm_sock_getname+0x300/0x300 [ 721.523938][ T1636] ? __sys_connect_file+0x4e/0x1a0 [ 721.529062][ T1636] ? get_sigframe_size+0x10/0x10 [ 721.534055][ T1636] ? __sys_connect_file+0x1a0/0x1a0 [ 721.539276][ T1636] exit_to_user_mode_prepare+0x17d/0x290 [ 721.545023][ T1636] syscall_exit_to_user_mode+0x19/0x60 [ 721.550551][ T1636] do_syscall_64+0x42/0xb0 [ 721.554980][ T1636] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 721.560948][ T1636] RIP: 0033:0x445fe9 [ 721.564848][ T1636] RSP: 002b:00007fff787fd7a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 721.573345][ T1636] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000445fe9 [ 721.581426][ T1636] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004 [ 721.589505][ T1636] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001 [ 721.597660][ T1636] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000013b82b8 [ 721.605753][ T1636] R13: 0000000000000072 R14: 00007fff787fd800 R15: 0000000000000003 [ 721.613839][ T1636] [ 721.613839][ T1636] Showing all locks held in the system: [ 721.621640][ T1636] 1 lock held by khungtaskd/1636: [ 721.626662][ T1636] #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 721.636626][ T1636] 1 lock held by krfcommd/4784: [ 721.641566][ T1636] #0: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20 [ 721.650698][ T1636] 1 lock held by in:imklog/8166: [ 721.655632][ T1636] #0: ffff888033222370 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 721.664925][ T1636] 4 locks held by syz-executor828/8495: [ 721.670531][ T1636] #0: ffff888031c21710 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 721.681146][ T1636] #1: ffff88801e8fc120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210 [ 721.693015][ T1636] #2: ffffffff8d306528 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240 [ 721.706444][ T1636] #3: ffff888029ebc128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0 [ 721.715888][ T1636] [ 721.718218][ T1636] ============================================= [ 721.718218][ T1636] [ 721.726708][ T1636] NMI backtrace for cpu 0 [ 721.731094][ T1636] CPU: 0 PID: 1636 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0 [ 721.739423][ T1636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.749459][ T1636] Call Trace: [ 721.752724][ T1636] dump_stack_lvl+0xcd/0x134 [ 721.757365][ T1636] nmi_cpu_backtrace.cold+0x44/0xd7 [ 721.762676][ T1636] ? lapic_can_unplug_cpu+0x80/0x80 [ 721.767930][ T1636] nmi_trigger_cpumask_backtrace+0x1b3/0x230 [ 721.773955][ T1636] watchdog+0xd0a/0xfc0 [ 721.778111][ T1636] ? reset_hung_task_detector+0x30/0x30 [ 721.783652][ T1636] kthread+0x3e5/0x4d0 [ 721.787712][ T1636] ? set_kthread_struct+0x130/0x130 [ 721.792902][ T1636] ret_from_fork+0x1f/0x30 [ 721.797414][ T1636] Sending NMI from CPU 0 to CPUs 1: [ 721.803507][ C1] NMI backtrace for cpu 1 [ 721.803518][ C1] CPU: 1 PID: 4874 Comm: systemd-journal Not tainted 5.14.0-rc7-syzkaller #0 [ 721.803530][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.803542][ C1] RIP: 0010:__lock_acquire+0x7d/0x54a0 [ 721.803555][ C1] Code: 24 20 48 8d 84 24 88 00 00 00 48 c1 e8 03 48 89 44 24 30 48 89 c6 48 b8 00 00 00 00 00 fc ff df 48 8d 14 06 c7 02 f1 f1 f1 f1 42 04 00 f3 f3 f3 48 c7 c2 6c 0d 6d 8d 65 48 8b 34 25 28 00 00 [ 721.803576][ C1] RSP: 0018:ffffc9000156f848 EFLAGS: 00000802 [ 721.803590][ C1] RAX: dffffc0000000000 RBX: ffff8880b9d51a58 RCX: 0000000000000000 [ 721.803601][ C1] RDX: fffff520002adf1a RSI: 1ffff920002adf1a RDI: ffff8880b9d51a58 [ 721.803611][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 721.803622][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 721.803632][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001 [ 721.803643][ C1] FS: 00007fb3aba878c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 721.803655][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 721.803663][ C1] CR2: 00007fb3a8e5c000 CR3: 000000001caa7000 CR4: 00000000001506e0 [ 721.803672][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 721.803680][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 721.803687][ C1] Call Trace: [ 721.803691][ C1] ? mark_lock+0xef/0x17b0 [ 721.803696][ C1] ? memcpy+0x39/0x60 [ 721.803707][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 721.803713][ C1] ? mark_lock+0xef/0x17b0 [ 721.803718][ C1] lock_acquire+0x1ab/0x510 [ 721.803723][ C1] ? __schedule+0x233/0x26f0 [ 721.803729][ C1] ? lock_release+0x720/0x720 [ 721.803733][ C1] ? rcu_qs+0x22/0xd0 [ 721.803738][ C1] _raw_spin_lock_nested+0x30/0x40 [ 721.803744][ C1] ? __schedule+0x233/0x26f0 [ 721.803749][ C1] __schedule+0x233/0x26f0 [ 721.803754][ C1] ? find_held_lock+0x2d/0x110 [ 721.803759][ C1] ? io_schedule_timeout+0x140/0x140 [ 721.803765][ C1] schedule+0xd3/0x270 [ 721.803770][ C1] schedule_hrtimeout_range_clock+0x343/0x390 [ 721.803776][ C1] ? hrtimer_nanosleep_restart+0x170/0x170 [ 721.803782][ C1] ? do_epoll_wait+0x126a/0x1950 [ 721.803788][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 721.803793][ C1] ? do_raw_write_lock+0x11a/0x280 [ 721.803799][ C1] ? do_raw_read_unlock+0x70/0x70 [ 721.803804][ C1] ? _raw_write_unlock_irq+0x1f/0x40 [ 721.803810][ C1] do_epoll_wait+0x1283/0x1950 [ 721.803815][ C1] ? do_epoll_create+0x1c0/0x1c0 [ 721.803821][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 721.803827][ C1] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 721.803834][ C1] ? __seccomp_filter+0x5b6/0x15e0 [ 721.803839][ C1] ? seccomp_notify_ioctl+0xdc0/0xdc0 [ 721.803845][ C1] ? finish_wait+0x270/0x270 [ 721.803851][ C1] ? __context_tracking_exit+0xb8/0xe0 [ 721.803857][ C1] __x64_sys_epoll_wait+0x158/0x270 [ 721.803862][ C1] ? __ia32_sys_epoll_ctl+0x1c0/0x1c0 [ 721.803868][ C1] ? __secure_computing+0x104/0x360 [ 721.803874][ C1] do_syscall_64+0x35/0xb0 [ 721.803879][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 721.803885][ C1] RIP: 0033:0x7fb3aad502e3 [ 721.803894][ C1] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 29 54 2b 00 00 75 13 49 89 ca b8 e8 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 0b c2 00 00 48 89 04 24 [ 721.803911][ C1] RSP: 002b:00007ffdcb6261f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 [ 721.803925][ C1] RAX: ffffffffffffffda RBX: 000055b66fd171e0 RCX: 00007fb3aad502e3 [ 721.803933][ C1] RDX: 0000000000000013 RSI: 00007ffdcb626200 RDI: 0000000000000008 [ 721.803942][ C1] RBP: 00007ffdcb6263f0 R08: 00000000612fb27e R09: 00007ffdcb63c080 [ 721.803950][ C1] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdcb626200 [ 721.803959][ C1] R13: 0000000000000001 R14: ffffffffffffffff R15: 0005caf20d54546d [ 721.803980][ T1636] Kernel panic - not syncing: hung_task: blocked tasks [ 721.803992][ T1636] CPU: 0 PID: 1636 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0 [ 722.197296][ T1636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.207544][ T1636] Call Trace: [ 722.210818][ T1636] dump_stack_lvl+0xcd/0x134 [ 722.215418][ T1636] panic+0x306/0x73d [ 722.219354][ T1636] ? __warn_printk+0xf3/0xf3 [ 722.223953][ T1636] ? lapic_can_unplug_cpu+0x80/0x80 [ 722.229157][ T1636] ? preempt_schedule_thunk+0x16/0x18 [ 722.234534][ T1636] ? nmi_trigger_cpumask_backtrace+0x196/0x230 [ 722.240692][ T1636] ? watchdog.cold+0x5/0x158 [ 722.245314][ T1636] watchdog.cold+0x16/0x158 [ 722.249822][ T1636] ? reset_hung_task_detector+0x30/0x30 [ 722.255374][ T1636] kthread+0x3e5/0x4d0 [ 722.259449][ T1636] ? set_kthread_struct+0x130/0x130 [ 722.264650][ T1636] ret_from_fork+0x1f/0x30 [ 722.270349][ T1636] Kernel Offset: disabled [ 722.274674][ T1636] Rebooting in 86400 seconds..