Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  485.205499][ T3171] Bluetooth: hci0: command 0x0409 tx timeout
[  487.284440][ T8151] Bluetooth: hci0: command 0x041b tx timeout
[  489.364318][ T8498] Bluetooth: hci0: command 0x040f tx timeout
[  491.443962][ T8498] Bluetooth: hci0: command 0x0419 tx timeout
[  493.523662][ T8498] Bluetooth: hci0: command 0x0405 tx timeout
[  605.671553][ T8498] Bluetooth: hci0: command 0x0406 tx timeout
[  721.342484][ T1614] INFO: task krfcommd:4781 blocked for more than 143 seconds.
[  721.350209][ T1614]       Not tainted 5.14.0-rc6-syzkaller #0
[  721.357291][ T1614] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.366141][ T1614] task:krfcommd        state:D stack:29296 pid: 4781 ppid:     2 flags:0x00004000
[  721.375558][ T1614] Call Trace:
[  721.378867][ T1614]  __schedule+0x93a/0x26f0
[  721.383545][ T1614]  ? io_schedule_timeout+0x140/0x140
[  721.388870][ T1614]  schedule+0xd3/0x270
[  721.393045][ T1614]  schedule_preempt_disabled+0xf/0x20
[  721.398437][ T1614]  __mutex_lock+0x7b6/0x10a0
[  721.403164][ T1614]  ? rfcomm_run+0x2ed/0x4a20
[  721.407880][ T1614]  ? mutex_lock_io_nested+0xf00/0xf00
[  721.413356][ T1614]  ? __mutex_unlock_slowpath+0xe2/0x610
[  721.418944][ T1614]  rfcomm_run+0x2ed/0x4a20
[  721.423506][ T1614]  ? find_held_lock+0x2d/0x110
[  721.428370][ T1614]  ? rfcomm_check_accept+0x240/0x240
[  721.433845][ T1614]  ? lock_downgrade+0x6e0/0x6e0
[  721.438749][ T1614]  ? __init_waitqueue_head+0xd0/0xd0
[  721.444277][ T1614]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  721.450165][ T1614]  ? lockdep_hardirqs_on+0x79/0x100
[  721.455504][ T1614]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.461825][ T1614]  ? __kthread_parkme+0x15f/0x220
[  721.467055][ T1614]  ? rfcomm_check_accept+0x240/0x240
[  721.472463][ T1614]  kthread+0x3e5/0x4d0
[  721.476562][ T1614]  ? set_kthread_struct+0x130/0x130
[  721.481814][ T1614]  ret_from_fork+0x1f/0x30
[  721.486505][ T1614] INFO: task syz-executor582:8496 blocked for more than 143 seconds.
[  721.494748][ T1614]       Not tainted 5.14.0-rc6-syzkaller #0
[  721.500647][ T1614] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  721.509483][ T1614] task:syz-executor582 state:D stack:27528 pid: 8496 ppid:  8464 flags:0x00004006
[  721.518838][ T1614] Call Trace:
[  721.522128][ T1614]  __schedule+0x93a/0x26f0
[  721.526633][ T1614]  ? io_schedule_timeout+0x140/0x140
[  721.531937][ T1614]  ? mark_held_locks+0x9f/0xe0
[  721.536816][ T1614]  schedule+0xd3/0x270
[  721.540910][ T1614]  __lock_sock+0x13d/0x260
[  721.545471][ T1614]  ? sock_omalloc+0x180/0x180
[  721.550181][ T1614]  ? finish_wait+0x270/0x270
[  721.554877][ T1614]  ? rwlock_bug.part.0+0x90/0x90
[  721.559834][ T1614]  lock_sock_nested+0xf6/0x120
[  721.564685][ T1614]  rfcomm_sk_state_change+0xb4/0x390
[  721.569994][ T1614]  __rfcomm_dlc_close+0x1b6/0x8a0
[  721.575139][ T1614]  rfcomm_dlc_close+0x1ea/0x240
[  721.580009][ T1614]  __rfcomm_sock_close+0xac/0x260
[  721.586111][ T1614]  rfcomm_sock_shutdown+0xe9/0x210
[  721.591259][ T1614]  rfcomm_sock_release+0x5f/0x140
[  721.596769][ T1614]  __sock_release+0xcd/0x280
[  721.601477][ T1614]  sock_close+0x18/0x20
[  721.605747][ T1614]  __fput+0x288/0x920
[  721.609833][ T1614]  ? __sock_release+0x280/0x280
[  721.614806][ T1614]  task_work_run+0xdd/0x1a0
[  721.619334][ T1614]  do_exit+0xbd4/0x2a60
[  721.623628][ T1614]  ? mm_update_next_owner+0x7a0/0x7a0
[  721.629014][ T1614]  ? lock_downgrade+0x6e0/0x6e0
[  721.633982][ T1614]  do_group_exit+0x125/0x310
[  721.638606][ T1614]  get_signal+0x47f/0x2160
[  721.643159][ T1614]  ? lock_downgrade+0x6e0/0x6e0
[  721.648037][ T1614]  arch_do_signal_or_restart+0x2a9/0x1c40
[  721.654101][ T1614]  ? rfcomm_sock_connect+0x15f/0x460
[  721.659424][ T1614]  ? rfcomm_sock_getname+0x300/0x300
[  721.664788][ T1614]  ? __sys_connect_file+0x4e/0x1a0
[  721.669930][ T1614]  ? get_sigframe_size+0x10/0x10
[  721.674958][ T1614]  ? __sys_connect_file+0x1a0/0x1a0
[  721.680363][ T1614]  exit_to_user_mode_prepare+0x17d/0x290
[  721.686139][ T1614]  syscall_exit_to_user_mode+0x19/0x60
[  721.691620][ T1614]  do_syscall_64+0x42/0xb0
[  721.696141][ T1614]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  721.702047][ T1614] RIP: 0033:0x445fe9
[  721.706007][ T1614] RSP: 002b:00007fff6620c648 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  721.714518][ T1614] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 0000000000445fe9
[  721.722591][ T1614] RDX: 0000000000000080 RSI: 0000000020000000 RDI: 0000000000000004
[  721.731014][ T1614] RBP: 0000000000000003 R08: 000000ff00000001 R09: 000000ff00000001
[  721.739112][ T1614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001ae12b8
[  721.747258][ T1614] R13: 0000000000000072 R14: 00007fff6620c6a0 R15: 0000000000000003
[  721.755387][ T1614] 
[  721.755387][ T1614] Showing all locks held in the system:
[  721.763178][ T1614] 1 lock held by khungtaskd/1614:
[  721.768236][ T1614]  #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  721.778234][ T1614] 1 lock held by krfcommd/4781:
[  721.783160][ T1614]  #0: ffffffff8d3046e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_run+0x2ed/0x4a20
[  721.792326][ T1614] 2 locks held by in:imklog/8164:
[  721.797356][ T1614]  #0: ffff8880233400f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  721.806800][ T1614]  #1: ffffffff8ba9c0e0 (fs_reclaim){+.+.}-{0:0}, at: is_bpf_text_address+0x0/0x170
[  721.816467][ T1614] 4 locks held by syz-executor582/8496:
[  721.822017][ T1614]  #0: ffff88801e7d1710 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  721.832652][ T1614]  #1: ffff888019271120 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_shutdown+0x54/0x210
[  721.844503][ T1614]  #2: ffffffff8d3046e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x34/0x240
[  721.854035][ T1614]  #3: ffff88802c085928 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x162/0x8a0
[  721.863484][ T1614] 
[  721.865822][ T1614] =============================================
[  721.865822][ T1614] 
[  721.874340][ T1614] NMI backtrace for cpu 0
[  721.878670][ T1614] CPU: 0 PID: 1614 Comm: khungtaskd Not tainted 5.14.0-rc6-syzkaller #0
[  721.887016][ T1614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.897094][ T1614] Call Trace:
[  721.900391][ T1614]  dump_stack_lvl+0xcd/0x134
[  721.905061][ T1614]  nmi_cpu_backtrace.cold+0x44/0xd7
[  721.910267][ T1614]  ? lapic_can_unplug_cpu+0x80/0x80
[  721.915545][ T1614]  nmi_trigger_cpumask_backtrace+0x1b3/0x230
[  721.921578][ T1614]  watchdog+0xd0a/0xfc0
[  721.925733][ T1614]  ? reset_hung_task_detector+0x30/0x30
[  721.931274][ T1614]  kthread+0x3e5/0x4d0
[  721.935348][ T1614]  ? set_kthread_struct+0x130/0x130
[  721.940557][ T1614]  ret_from_fork+0x1f/0x30
[  721.945132][ T1614] Sending NMI from CPU 0 to CPUs 1:
[  721.951434][    C1] NMI backtrace for cpu 1
[  721.951444][    C1] CPU: 1 PID: 4862 Comm: systemd-journal Not tainted 5.14.0-rc6-syzkaller #0
[  721.951455][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  721.951464][    C1] RIP: 0010:unwind_next_frame+0x1494/0x1ce0
[  721.951476][    C1] Code: 0f bf 00 48 01 44 24 60 e9 ea f1 ff ff 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 08 48 c1 ea 03 80 3c 02 00 0f 85 59 02 00 00 <49> 8d 7e 08 49 8b 6e 38 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48
[  721.951492][    C1] RSP: 0018:ffffc900010cf6b8 EFLAGS: 00000246
[  721.951504][    C1] RAX: dffffc0000000000 RBX: 1ffff92000219edf RCX: 1ffff92000219efa
[  721.951513][    C1] RDX: 1ffff92000219ef9 RSI: ffffc900010cfbb0 RDI: ffffc900010cfbb0
[  721.951522][    C1] RBP: 0000000000000001 R08: ffffffff8df22460 R09: 0000000000000001
[  721.951531][    C1] R10: fffff52000219efd R11: 0000000000086088 R12: ffffc900010cfbe0
[  721.951540][    C1] R13: ffffc900010cf7c5 R14: ffffc900010cf790 R15: ffffc900010cf7c4
[  721.951550][    C1] FS:  00007f2e3f2648c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[  721.951559][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  721.951567][    C1] CR2: 00007f2e3c63b000 CR3: 00000000174ce000 CR4: 00000000001506e0
[  721.951576][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  721.951585][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  721.951592][    C1] Call Trace:
[  721.951597][    C1]  ? kmem_cache_free+0x8a/0x5b0
[  721.951603][    C1]  ? deref_stack_reg+0x150/0x150
[  721.951609][    C1]  ? __unwind_start+0x51b/0x800
[  721.951615][    C1]  ? create_prof_cpu_mask+0x20/0x20
[  721.951621][    C1]  arch_stack_walk+0x7d/0xe0
[  721.951627][    C1]  ? putname+0xe1/0x120
[  721.951632][    C1]  ? kmem_cache_free+0x8a/0x5b0
[  721.951638][    C1]  stack_trace_save+0x8c/0xc0
[  721.951645][    C1]  ? stack_trace_consume_entry+0x160/0x160
[  721.951656][    C1]  kasan_save_stack+0x1b/0x40
[  721.951662][    C1]  ? kasan_save_stack+0x1b/0x40
[  721.951668][    C1]  ? kasan_set_track+0x1c/0x30
[  721.951673][    C1]  ? kasan_set_free_info+0x20/0x30
[  721.951679][    C1]  ? __kasan_slab_free+0xfb/0x130
[  721.951686][    C1]  ? slab_free_freelist_hook+0xdf/0x240
[  721.951692][    C1]  ? kmem_cache_free+0x8a/0x5b0
[  721.951698][    C1]  ? find_held_lock+0x2d/0x110
[  721.951704][    C1]  ? debug_check_no_obj_freed+0x20c/0x420
[  721.951711][    C1]  ? lock_downgrade+0x6e0/0x6e0
[  721.951717][    C1]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  721.951724][    C1]  ? lockdep_hardirqs_on+0x79/0x100
[  721.951730][    C1]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[  721.951737][    C1]  ? debug_check_no_obj_freed+0x20c/0x420
[  721.951744][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.951751][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  721.951757][    C1]  kasan_set_track+0x1c/0x30
[  721.951763][    C1]  kasan_set_free_info+0x20/0x30
[  721.951769][    C1]  __kasan_slab_free+0xfb/0x130
[  721.951775][    C1]  slab_free_freelist_hook+0xdf/0x240
[  721.951781][    C1]  kmem_cache_free+0x8a/0x5b0
[  721.951787][    C1]  ? putname+0xe1/0x120
[  721.951792][    C1]  ? terminate_walk+0x2f5/0x5c0
[  721.951798][    C1]  putname+0xe1/0x120
[  721.951803][    C1]  filename_parentat+0x4f1/0x5a0
[  721.951809][    C1]  ? getname+0xd0/0xd0
[  721.951814][    C1]  ? __might_fault+0xd3/0x180
[  721.951820][    C1]  ? lock_downgrade+0x6e0/0x6e0
[  721.951826][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.951834][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[  721.951841][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  721.951847][    C1]  ? __phys_addr+0xc4/0x140
[  721.951853][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[  721.951860][    C1]  ? __phys_addr_symbol+0x2c/0x70
[  721.951867][    C1]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[  721.951873][    C1]  ? __check_object_size+0x16e/0x3f0
[  721.951879][    C1]  filename_create+0x9e/0x490
[  721.951885][    C1]  ? filename_parentat+0x5a0/0x5a0
[  721.951892][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  721.951899][    C1]  ? getname_flags.part.0+0x1dd/0x4f0
[  721.951905][    C1]  do_mkdirat+0xa0/0x310
[  721.951911][    C1]  ? user_path_create+0xf0/0xf0
[  721.951917][    C1]  ? __secure_computing+0x104/0x360
[  721.951923][    C1]  do_syscall_64+0x35/0xb0
[  721.951929][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  721.951936][    C1] RIP: 0033:0x7f2e3e51f687
[  721.951947][    C1] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48
[  721.951962][    C1] RSP: 002b:00007ffc5bd3ece8 EFLAGS: 00000293 ORIG_RAX: 0000000000000053
[  721.951977][    C1] RAX: ffffffffffffffda RBX: 00007ffc5bd41d50 RCX: 00007f2e3e51f687
[  721.951985][    C1] RDX: 0000000000000000 RSI: 00000000000001ed RDI: 000055c95dfb08a0
[  721.951994][    C1] RBP: 00007ffc5bd3ed20 R08: 000055c95c19a3e5 R09: 0000000000000018
[  721.952003][    C1] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000
[  721.952012][    C1] R13: 0000000000000001 R14: 000055c95dfb08a0 R15: 00007ffc5bd3f360
[  721.952022][    C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.031 msecs
[  721.952414][ T1614] Kernel panic - not syncing: hung_task: blocked tasks
[  722.454455][ T1614] CPU: 0 PID: 1614 Comm: khungtaskd Not tainted 5.14.0-rc6-syzkaller #0
[  722.462801][ T1614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  722.472848][ T1614] Call Trace:
[  722.476137][ T1614]  dump_stack_lvl+0xcd/0x134
[  722.480741][ T1614]  panic+0x306/0x73d
[  722.484674][ T1614]  ? __warn_printk+0xf3/0xf3
[  722.489264][ T1614]  ? lapic_can_unplug_cpu+0x80/0x80
[  722.494470][ T1614]  ? preempt_schedule_thunk+0x16/0x18
[  722.499936][ T1614]  ? nmi_trigger_cpumask_backtrace+0x196/0x230
[  722.506089][ T1614]  ? watchdog.cold+0x5/0x158
[  722.510712][ T1614]  watchdog.cold+0x16/0x158
[  722.515211][ T1614]  ? reset_hung_task_detector+0x30/0x30
[  722.520755][ T1614]  kthread+0x3e5/0x4d0
[  722.524851][ T1614]  ? set_kthread_struct+0x130/0x130
[  722.530042][ T1614]  ret_from_fork+0x1f/0x30
[  722.535837][ T1614] Kernel Offset: disabled
[  722.540175][ T1614] Rebooting in 86400 seconds..