[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.127' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  484.427770][   T30] Bluetooth: hci0: command 0x0409 tx timeout
[  486.506804][   T30] Bluetooth: hci0: command 0x041b tx timeout
[  488.586692][ T8482] Bluetooth: hci0: command 0x040f tx timeout
[  490.666413][ T8482] Bluetooth: hci0: command 0x0419 tx timeout
[  492.746197][ T8482] Bluetooth: hci0: command 0x0405 tx timeout
[  605.617013][ T8482] Bluetooth: hci0: command 0x0406 tx timeout
[  721.290586][ T1631] INFO: task krfcommd:4780 blocked for more than 143 seconds.
[  721.298432][ T1631]       Not tainted 5.14.0-rc7-syzkaller #0
[  721.305574][ T1631] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.314703][ T1631] task:krfcommd        state:D stack:29152 pid: 4780 ppid:     2 flags:0x00004000
[  721.324030][ T1631] Call Trace:
[  721.327316][ T1631]  __schedule+0x93a/0x26f0
[  721.331966][ T1631]  ? io_schedule_timeout+0x140/0x140
[  721.337359][ T1631]  schedule+0xd3/0x270
[  721.341490][ T1631]  schedule_preempt_disabled+0xf/0x20
[  721.346890][ T1631]  __mutex_lock+0x7b6/0x10a0
[  721.351605][ T1631]  ? rfcomm_run+0x2ed/0x4a20
[  721.356271][ T1631]  ? mutex_lock_io_nested+0xf00/0xf00
[  721.361704][ T1631]  ? __mutex_unlock_slowpath+0xe2/0x610
[  721.367287][ T1631]  rfcomm_run+0x2ed/0x4a20
[  721.371815][ T1631]  ? find_held_lock+0x2d/0x110
[  721.376724][ T1631]  ? rfcomm_check_accept+0x240/0x240
[  721.382062][ T1631]  ? lock_downgrade+0x6e0/0x6e0
[  721.386952][ T1631]  ? __init_waitqueue_head+0xd0/0xd0
[  721.392351][ T1631]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  721.398198][ T1631]  ? lockdep_hardirqs_on+0x79/0x100
[  721.403510][ T1631]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.409810][ T1631]  ? __kthread_parkme+0x15f/0x220
[  721.414981][ T1631]  ? rfcomm_check_accept+0x240/0x240
[  721.420351][ T1631]  kthread+0x3e5/0x4d0
[  721.424435][ T1631]  ? set_kthread_struct+0x130/0x130
[  721.429652][ T1631]  ret_from_fork+0x1f/0x30
[  721.434348][ T1631] INFO: task syz-executor264:8480 blocked for more than 143 seconds.
[  721.442553][ T1631]       Not tainted 5.14.0-rc7-syzkaller #0
[  721.448452][ T1631] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.457313][ T1631] task:syz-executor264 state:D stack:27528 pid: 8480 ppid:  8448 flags:0x00004006
[  721.466617][ T1631] Call Trace:
[  721.469955][ T1631]  __schedule+0x93a/0x26f0
[  721.474426][ T1631]  ? io_schedule_timeout+0x140/0x140
[  721.479726][ T1631]  ? mark_held_locks+0x9f/0xe0
[  721.484544][ T1631]  schedule+0xd3/0x270
[  721.488626][ T1631]  __lock_sock+0x13d/0x260
[  721.493212][ T1631]  ? sock_omalloc+0x180/0x180
[  721.497901][ T1631]  ? finish_wait+0x270/0x270
[  721.502599][ T1631]  ? rwlock_bug.part.0+0x90/0x90
[  721.507556][ T1631]  lock_sock_nested+0xf6/0x120
[  721.512407][ T1631]  rfcomm_sk_state_change+0xb4/0x390
[  721.517758][ T1631]  __rfcomm_dlc_close+0x1b6/0x8a0
[  721.522848][ T1631]  rfcomm_dlc_close+0x1ea/0x240
[  721.527717][ T1631]  __rfcomm_sock_close+0xac/0x260
[  721.532796][ T1631]  rfcomm_sock_shutdown+0xe9/0x210
[  721.537929][ T1631]  rfcomm_sock_release+0x5f/0x140
[  721.543037][ T1631]  __sock_release+0xcd/0x280
[  721.547699][ T1631]  sock_close+0x18/0x20
[  721.551902][ T1631]  __fput+0x288/0x920
[  721.555953][ T1631]  ? __sock_release+0x280/0x280
[  721.560898][ T1631]  task_work_run+0xdd/0x1a0
[  721.565420][ T1631]  do_exit+0xbd4/0x2a60
[  721.569659][ T1631]  ? mm_update_next_owner+0x7a0/0x7a0
[  721.575113][ T1631]  ? lock_downgrade+0x6e0/0x6e0
[  721.579989][ T1631]  do_group_exit+0x125/0x310
[  721.584660][ T1631]  get_signal+0x47f/0x2160
[  721.589155][ T1631]  ? lock_downgrade+0x6e0/0x6e0
[  721.594080][ T1631]  arch_do_signal_or_restart+0x2a9/0x1c40
[  721.599885][ T1631]  ? rfcomm_sock_connect+0x15f/0x460
[  721.605404][ T1631]  ? rfcomm_sock_getname+0x300/0x300
[  721.610869][ T1631]  ? __sys_connect_file+0x4e/0x1a0
[  721.616095][ T1631]  ? get_sigframe_size+0x10/0x10
[  721.621198][ T1631]  ? __sys_connect_file+0x1a0/0x1a0
[  721.626521][ T1631]  exit_to_user_mode_prepare+0x17d/0x290
[  721.632420][ T1631]  syscall_exit_to_user_mode+0x19/0x60
[  721.637998][ T1631]  do_syscall_64+0x42/0xb0
[  721.642858][ T1631]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  721.648784][ T1631] RIP: 0033:0x445fe9
[  721.653008][ T1631] RSP: 002b:00007fffe2c7d108 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  721.661603][ T1631] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000445fe9
[  721.669946][ T1631] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004
[  721.678171][ T1631] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001
[  721.686548][ T1631] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000021df2b8
[  721.694610][ T1631] R13: 0000000000000072 R14: 00007fffe2c7d160 R15: 0000000000000003
[  721.702743][ T1631] 
[  721.702743][ T1631] Showing all locks held in the system:
[  721.710697][ T1631] 5 locks held by kworker/u4:1/10:
[  721.715917][ T1631]  #0: ffff8880b9c51a58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x1e/0x30
[  721.725963][ T1631]  #1: ffff8880b9c1f9c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x16a/0x480
[  721.737480][ T1631]  #2: ffff8880b9c40298 (&base->lock){..-.}-{2:2}, at: lock_timer_base+0x5a/0x1f0
[  721.746771][ T1631]  #3: ffffffff90491b88 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x12e/0x3e0
[  721.757275][ T1631]  #4: ffffffff8b847e48 (text_mutex){+.+.}-{3:3}, at: arch_jump_label_transform_apply+0xe/0x20
[  721.767788][ T1631] 1 lock held by khungtaskd/1631:
[  721.773223][ T1631]  #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  721.783190][ T1631] 1 lock held by krfcommd/4780:
[  721.788034][ T1631]  #0: ffffffff8d305168 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20
[  721.797149][ T1631] 1 lock held by in:imklog/8150:
[  721.802196][ T1631]  #0: ffff8880202565f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  721.811463][ T1631] 4 locks held by syz-executor264/8480:
[  721.817002][ T1631]  #0: ffff88802f076c10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  721.827601][ T1631]  #1: ffff888020bb8120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210
[  721.839521][ T1631]  #2: ffffffff8d305168 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240
[  721.849022][ T1631]  #3: ffff888028097128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0
[  721.858548][ T1631] 
[  721.861041][ T1631] =============================================
[  721.861041][ T1631] 
[  721.869443][ T1631] NMI backtrace for cpu 1
[  721.873813][ T1631] CPU: 1 PID: 1631 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0
[  721.882153][ T1631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.892292][ T1631] Call Trace:
[  721.895558][ T1631]  dump_stack_lvl+0xcd/0x134
[  721.900170][ T1631]  nmi_cpu_backtrace.cold+0x44/0xd7
[  721.905397][ T1631]  ? lapic_can_unplug_cpu+0x80/0x80
[  721.910618][ T1631]  nmi_trigger_cpumask_backtrace+0x1b3/0x230
[  721.916617][ T1631]  watchdog+0xd0a/0xfc0
[  721.920759][ T1631]  ? reset_hung_task_detector+0x30/0x30
[  721.926285][ T1631]  kthread+0x3e5/0x4d0
[  721.930336][ T1631]  ? set_kthread_struct+0x130/0x130
[  721.935605][ T1631]  ret_from_fork+0x1f/0x30
[  721.940106][ T1631] Sending NMI from CPU 1 to CPUs 0:
[  721.945395][    C0] NMI backtrace for cpu 0 skipped: idling at acpi_idle_do_entry+0x1c6/0x250
[  721.946337][ T1631] Kernel panic - not syncing: hung_task: blocked tasks
[  721.961018][ T1631] CPU: 1 PID: 1631 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0
[  721.969332][ T1631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.979383][ T1631] Call Trace:
[  721.982744][ T1631]  dump_stack_lvl+0xcd/0x134
[  721.987323][ T1631]  panic+0x306/0x73d
[  721.991225][ T1631]  ? __warn_printk+0xf3/0xf3
[  721.995800][ T1631]  ? lockdep_hardirqs_on+0x79/0x100
[  722.000980][ T1631]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  722.007203][ T1631]  ? cpumask_next+0xa4/0xf0
[  722.011699][ T1631]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[  722.017492][ T1631]  ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[  722.023192][ T1631]  ? printk_safe_flush+0xea/0x160
[  722.028246][ T1631]  ? watchdog.cold+0x5/0x158
[  722.032840][ T1631]  watchdog.cold+0x16/0x158
[  722.037330][ T1631]  ? reset_hung_task_detector+0x30/0x30
[  722.042869][ T1631]  kthread+0x3e5/0x4d0
[  722.046923][ T1631]  ? set_kthread_struct+0x130/0x130
[  722.052112][ T1631]  ret_from_fork+0x1f/0x30
[  722.058242][ T1631] Kernel Offset: disabled
[  722.062907][ T1631] Rebooting in 86400 seconds..