[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  485.387255][ T3172] Bluetooth: hci0: command 0x0409 tx timeout
[  487.466403][ T3172] Bluetooth: hci0: command 0x041b tx timeout
[  489.546265][ T3172] Bluetooth: hci0: command 0x040f tx timeout
[  491.625995][ T3172] Bluetooth: hci0: command 0x0419 tx timeout
[  493.705768][ T3172] Bluetooth: hci0: command 0x0405 tx timeout
[  605.616676][ T8513] Bluetooth: hci0: command 0x0406 tx timeout
[  721.290243][ T1656] INFO: task krfcommd:4782 blocked for more than 143 seconds.
[  721.297920][ T1656]       Not tainted 5.14.0-rc7-syzkaller #0
[  721.304760][ T1656] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.313573][ T1656] task:krfcommd        state:D stack:29296 pid: 4782 ppid:     2 flags:0x00004000
[  721.323377][ T1656] Call Trace:
[  721.326680][ T1656]  __schedule+0x93a/0x26f0
[  721.331815][ T1656]  ? io_schedule_timeout+0x140/0x140
[  721.337129][ T1656]  schedule+0xd3/0x270
[  721.341654][ T1656]  schedule_preempt_disabled+0xf/0x20
[  721.347048][ T1656]  __mutex_lock+0x7b6/0x10a0
[  721.352308][ T1656]  ? rfcomm_run+0x2ed/0x4a20
[  721.357519][ T1656]  ? mutex_lock_io_nested+0xf00/0xf00
[  721.363603][ T1656]  ? __mutex_unlock_slowpath+0xe2/0x610
[  721.369316][ T1656]  rfcomm_run+0x2ed/0x4a20
[  721.374368][ T1656]  ? find_held_lock+0x2d/0x110
[  721.379360][ T1656]  ? rfcomm_check_accept+0x240/0x240
[  721.385128][ T1656]  ? lock_downgrade+0x6e0/0x6e0
[  721.390297][ T1656]  ? __init_waitqueue_head+0xd0/0xd0
[  721.395722][ T1656]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  721.402559][ T1656]  ? lockdep_hardirqs_on+0x79/0x100
[  721.407970][ T1656]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.415746][ T1656]  ? __kthread_parkme+0x15f/0x220
[  721.421250][ T1656]  ? rfcomm_check_accept+0x240/0x240
[  721.426587][ T1656]  kthread+0x3e5/0x4d0
[  721.431086][ T1656]  ? set_kthread_struct+0x130/0x130
[  721.436314][ T1656]  ret_from_fork+0x1f/0x30
[  721.441373][ T1656] INFO: task syz-executor580:8511 blocked for more than 143 seconds.
[  721.449470][ T1656]       Not tainted 5.14.0-rc7-syzkaller #0
[  721.455820][ T1656] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.464620][ T1656] task:syz-executor580 state:D stack:27528 pid: 8511 ppid:  8479 flags:0x00004006
[  721.474531][ T1656] Call Trace:
[  721.477819][ T1656]  __schedule+0x93a/0x26f0
[  721.482423][ T1656]  ? io_schedule_timeout+0x140/0x140
[  721.487833][ T1656]  ? mark_held_locks+0x9f/0xe0
[  721.492787][ T1656]  schedule+0xd3/0x270
[  721.496878][ T1656]  __lock_sock+0x13d/0x260
[  721.501507][ T1656]  ? sock_omalloc+0x180/0x180
[  721.506314][ T1656]  ? finish_wait+0x270/0x270
[  721.510974][ T1656]  ? rwlock_bug.part.0+0x90/0x90
[  721.516562][ T1656]  lock_sock_nested+0xf6/0x120
[  721.521566][ T1656]  rfcomm_sk_state_change+0xb4/0x390
[  721.528014][ T1656]  __rfcomm_dlc_close+0x1b6/0x8a0
[  721.533459][ T1656]  rfcomm_dlc_close+0x1ea/0x240
[  721.538368][ T1656]  __rfcomm_sock_close+0xac/0x260
[  721.543483][ T1656]  rfcomm_sock_shutdown+0xe9/0x210
[  721.548665][ T1656]  rfcomm_sock_release+0x5f/0x140
[  721.553791][ T1656]  __sock_release+0xcd/0x280
[  721.558469][ T1656]  sock_close+0x18/0x20
[  721.563249][ T1656]  __fput+0x288/0x920
[  721.567419][ T1656]  ? __sock_release+0x280/0x280
[  721.572434][ T1656]  task_work_run+0xdd/0x1a0
[  721.576956][ T1656]  do_exit+0xbd4/0x2a60
[  721.581846][ T1656]  ? mm_update_next_owner+0x7a0/0x7a0
[  721.588045][ T1656]  ? lock_downgrade+0x6e0/0x6e0
[  721.593122][ T1656]  do_group_exit+0x125/0x310
[  721.597740][ T1656]  get_signal+0x47f/0x2160
[  721.602271][ T1656]  ? lock_downgrade+0x6e0/0x6e0
[  721.607147][ T1656]  arch_do_signal_or_restart+0x2a9/0x1c40
[  721.613183][ T1656]  ? rfcomm_sock_connect+0x15f/0x460
[  721.618510][ T1656]  ? rfcomm_sock_getname+0x300/0x300
[  721.623880][ T1656]  ? __sys_connect_file+0x4e/0x1a0
[  721.629020][ T1656]  ? get_sigframe_size+0x10/0x10
[  721.634292][ T1656]  ? __sys_connect_file+0x1a0/0x1a0
[  721.639533][ T1656]  exit_to_user_mode_prepare+0x17d/0x290
[  721.645296][ T1656]  syscall_exit_to_user_mode+0x19/0x60
[  721.650864][ T1656]  do_syscall_64+0x42/0xb0
[  721.655295][ T1656]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  721.661364][ T1656] RIP: 0033:0x445fe9
[  721.665271][ T1656] RSP: 002b:00007fff9fc63fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  721.673772][ T1656] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000445fe9
[  721.681840][ T1656] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004
[  721.690203][ T1656] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001
[  721.698214][ T1656] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000013dc2b8
[  721.706249][ T1656] R13: 0000000000000072 R14: 00007fff9fc64040 R15: 0000000000000003
[  721.714344][ T1656] 
[  721.714344][ T1656] Showing all locks held in the system:
[  721.722566][ T1656] 1 lock held by khungtaskd/1656:
[  721.727597][ T1656]  #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  721.737587][ T1656] 1 lock held by krfcommd/4782:
[  721.742520][ T1656]  #0: ffffffff8d3051e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20
[  721.751777][ T1656] 1 lock held by in:imklog/8298:
[  721.756718][ T1656]  #0: ffff88802a63eaf0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  721.766006][ T1656] 4 locks held by syz-executor580/8511:
[  721.771771][ T1656]  #0: ffff888038afcc90 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  721.782401][ T1656]  #1: ffff888145aad120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210
[  721.794264][ T1656]  #2: ffffffff8d3051e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240
[  721.803772][ T1656]  #3: ffff888012048528 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0
[  721.813223][ T1656] 
[  721.815556][ T1656] =============================================
[  721.815556][ T1656] 
[  721.824024][ T1656] NMI backtrace for cpu 1
[  721.828456][ T1656] CPU: 1 PID: 1656 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0
[  721.836799][ T1656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.846949][ T1656] Call Trace:
[  721.850215][ T1656]  dump_stack_lvl+0xcd/0x134
[  721.854852][ T1656]  nmi_cpu_backtrace.cold+0x44/0xd7
[  721.860110][ T1656]  ? lapic_can_unplug_cpu+0x80/0x80
[  721.865336][ T1656]  nmi_trigger_cpumask_backtrace+0x1b3/0x230
[  721.871351][ T1656]  watchdog+0xd0a/0xfc0
[  721.875504][ T1656]  ? reset_hung_task_detector+0x30/0x30
[  721.881048][ T1656]  kthread+0x3e5/0x4d0
[  721.885143][ T1656]  ? set_kthread_struct+0x130/0x130
[  721.890354][ T1656]  ret_from_fork+0x1f/0x30
[  721.894959][ T1656] Sending NMI from CPU 1 to CPUs 0:
[  721.901352][    C0] NMI backtrace for cpu 0
[  721.901363][    C0] CPU: 0 PID: 8299 Comm: rs:main Q:Reg Not tainted 5.14.0-rc7-syzkaller #0
[  721.901375][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.901387][    C0] RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x15/0x80
[  721.901401][    C0] Code: 00 48 89 4c 38 f0 4e 89 54 c8 20 48 89 10 c3 66 0f 1f 44 00 00 53 41 89 fb 41 89 f1 bf 03 00 00 00 65 48 8b 0c 25 40 f0 01 00 <48> 89 ce 4c 8b 54 24 08 e8 4e f1 ff ff 84 c0 74 51 48 8b 81 18 15
[  721.901421][    C0] RSP: 0018:ffffc9000caa7528 EFLAGS: 00000246
[  721.901436][    C0] RAX: 0000000000000000 RBX: ffffc9000caa75f0 RCX: ffff88801e8354c0
[  721.901447][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  721.901457][    C0] RBP: 0000000000000034 R08: 0000000000001000 R09: 0000000000000000
[  721.901468][    C0] R10: ffffffff83f4bed0 R11: 000000000000003f R12: ffff88801f62e3c0
[  721.901478][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  721.901489][    C0] FS:  00007fc28c8ed700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[  721.901500][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  721.901510][    C0] CR2: 00007fc111180000 CR3: 0000000033dd6000 CR4: 00000000001506f0
[  721.901520][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  721.901531][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  721.901539][    C0] Call Trace:
[  721.901544][    C0]  xas_descend+0x71/0x3b0
[  721.901550][    C0]  xas_load+0xe5/0x140
[  721.901556][    C0]  xa_get_order+0xf7/0x390
[  721.901562][    C0]  ? xa_load+0x280/0x280
[  721.901568][    C0]  ? lockdep_hardirqs_on+0x79/0x100
[  721.901576][    C0]  ? __mem_cgroup_charge+0x155/0x320
[  721.901588][    C0]  __add_to_page_cache_locked+0x4e7/0x1040
[  721.901596][    C0]  ? file_write_and_wait_range+0x120/0x120
[  721.901603][    C0]  ? __page_objcg+0x250/0x250
[  721.901610][    C0]  ? find_held_lock+0x2d/0x110
[  721.901617][    C0]  add_to_page_cache_lru+0x173/0x5c0
[  721.901624][    C0]  ? add_to_page_cache_locked+0x40/0x40
[  721.901631][    C0]  ? __page_cache_alloc+0x10d/0x3a0
[  721.901638][    C0]  ? xas_load+0x66/0x140
[  721.901644][    C0]  pagecache_get_page+0x46d/0x18d0
[  721.901652][    C0]  ? add_to_page_cache_lru+0x5c0/0x5c0
[  721.901659][    C0]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.901667][    C0]  grab_cache_page_write_begin+0x64/0x90
[  721.901675][    C0]  ext4_da_write_begin+0x354/0x11c0
[  721.901682][    C0]  ? generic_write_end+0x22e/0x500
[  721.901689][    C0]  ? ext4_write_begin+0x14c0/0x14c0
[  721.901696][    C0]  ? iov_iter_fault_in_readable+0x21b/0x2d0
[  721.901704][    C0]  ? dup_iter+0x280/0x280
[  721.901710][    C0]  generic_perform_write+0x202/0x500
[  721.901717][    C0]  ? generic_file_readonly_mmap+0x1b0/0x1b0
[  721.901726][    C0]  ? down_write_killable_nested+0x180/0x180
[  721.901733][    C0]  ext4_buffered_write_iter+0x244/0x4d0
[  721.901741][    C0]  ext4_file_write_iter+0x423/0x14e0
[  721.901748][    C0]  ? ext4_buffered_write_iter+0x4d0/0x4d0
[  721.901756][    C0]  ? aa_path_link+0x2f0/0x2f0
[  721.901763][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  721.901771][    C0]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  721.901779][    C0]  new_sync_write+0x426/0x650
[  721.901785][    C0]  ? new_sync_read+0x6e0/0x6e0
[  721.901792][    C0]  ? lock_release+0x720/0x720
[  721.901799][    C0]  ? apparmor_file_permission+0x264/0x4e0
[  721.901806][    C0]  vfs_write+0x75a/0xa40
[  721.901812][    C0]  ksys_write+0x12d/0x250
[  721.901818][    C0]  ? __ia32_sys_read+0xb0/0xb0
[  721.901825][    C0]  ? syscall_enter_from_user_mode+0x21/0x70
[  721.901832][    C0]  do_syscall_64+0x35/0xb0
[  721.901839][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  721.901847][    C0] RIP: 0033:0x7fc28f3311cd
[  721.901858][    C0] Code: c2 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae fc ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 f7 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  721.901878][    C0] RSP: 002b:00007fc28c8ec590 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  721.901895][    C0] RAX: ffffffffffffffda RBX: 00007fc284022ef0 RCX: 00007fc28f3311cd
[  721.901905][    C0] RDX: 00000000000004c9 RSI: 00007fc284022ef0 RDI: 0000000000000006
[  721.901915][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  721.901926][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fc284022c70
[  721.901937][    C0] R13: 00007fc28c8ec5b0 R14: 0000559bb129e360 R15: 00000000000004c9
[  721.901948][    C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.097 msecs
[  721.902227][ T1656] Kernel panic - not syncing: hung_task: blocked tasks
[  722.345306][ T1656] CPU: 1 PID: 1656 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0
[  722.353626][ T1656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  722.363665][ T1656] Call Trace:
[  722.367103][ T1656]  dump_stack_lvl+0xcd/0x134
[  722.371687][ T1656]  panic+0x306/0x73d
[  722.375637][ T1656]  ? __warn_printk+0xf3/0xf3
[  722.380215][ T1656]  ? lapic_can_unplug_cpu+0x80/0x80
[  722.385415][ T1656]  ? preempt_schedule_thunk+0x16/0x18
[  722.390779][ T1656]  ? nmi_trigger_cpumask_backtrace+0x196/0x230
[  722.396931][ T1656]  ? watchdog.cold+0x5/0x158
[  722.401528][ T1656]  watchdog.cold+0x16/0x158
[  722.406035][ T1656]  ? reset_hung_task_detector+0x30/0x30
[  722.411566][ T1656]  kthread+0x3e5/0x4d0
[  722.415619][ T1656]  ? set_kthread_struct+0x130/0x130
[  722.420802][ T1656]  ret_from_fork+0x1f/0x30
[  722.426700][ T1656] Kernel Offset: disabled
[  722.431033][ T1656] Rebooting in 86400 seconds..