./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3370117804

<...>
Warning: Permanently added '10.128.1.47' (ED25519) to the list of known hosts.
execve("./syz-executor3370117804", ["./syz-executor3370117804"], 0x7ffc970fd320 /* 10 vars */) = 0
brk(NULL)                               = 0x5555563f3000
brk(0x5555563f3d40)                     = 0x5555563f3d40
arch_prctl(ARCH_SET_FS, 0x5555563f33c0) = 0
set_tid_address(0x5555563f3690)         = 5030
set_robust_list(0x5555563f36a0, 24)     = 0
rseq(0x5555563f3ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3370117804", 4096) = 28
getrandom("\x6a\x4e\x10\x62\x3b\xe2\x22\x2d", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555563f3d40
brk(0x555556414d40)                     = 0x555556414d40
brk(0x555556415000)                     = 0x555556415000
mprotect(0x7f97194e9000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563f3690) = 5031
./strace-static-x86_64: Process 5031 attached
[pid  5031] set_robust_list(0x5555563f36a0, 24) = 0
[pid  5031] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5031] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  5031] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  5031] dup2(4, 202)                = 202
[pid  5031] close(4)                    = 0
[pid  5031] write(202, "\xff\x00", 2)   = 2
[pid  5031] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  5031] rt_sigaction(SIGRT_1, {sa_handler=0x7f971948dc40, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f971947f2c0}, NULL, 8) = 0
[pid  5031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5031] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9718c25000
[pid  5031] mprotect(0x7f9718c26000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  5031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9719425990, parent_tid=0x7f9719425990, exit_signal=0, stack=0x7f9718c25000, stack_size=0x800300, tls=0x7f97194256c0} => {parent_tid=[2]}, 88) = 2
[pid  5031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5031] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 5034 attached
 <unfinished ...>
[pid  5034] rseq(0x7f9719425fe0, 0x20, 0, 0x53053053) = 0
[pid  5034] set_robust_list(0x7f97194259a0, 24) = 0
[pid  5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5034] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5034] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5034] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5034] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  5034] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  5034] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5034] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5034] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5034] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[   62.031758][ T5032] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.041540][ T5032] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.050198][ T5032] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.060794][ T5032] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.068968][ T5032] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  5034] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5034] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5034] read(202,  <unfinished ...>
[pid  5031] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  5031] ioctl(3, HCISETSCAN <unfinished ...>
[pid  5034] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  5034] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  5031] <... ioctl resumed>, 0x7fff0e110574) = 0
[pid  5034] rt_sigprocmask(SIG_BLOCK, ~[RT_1], NULL, 8) = 0
[pid  5034] madvise(0x7f9718c25000, 8372224, MADV_DONTNEED <unfinished ...>
[pid  5031] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  5034] <... madvise resumed>)      = 0
[pid  5034] exit(0)                     = ?
[pid  5034] +++ exited with 0 +++
[pid  5031] <... writev resumed>)       = 13
[pid  5031] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14
[pid  5031] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  5031] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  5031] close(3)                    = 0
[pid  5031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5031] setsid()                    = 1
[pid  5031] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5031] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5031] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5031] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5031] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5031] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5031] unshare(CLONE_NEWNS)        = 0
[pid  5031] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5031] unshare(CLONE_NEWIPC)       = 0
[pid  5031] unshare(CLONE_NEWCGROUP)    = 0
[pid  5031] unshare(CLONE_NEWUTS)       = 0
[pid  5031] unshare(CLONE_SYSVSEM)      = 0
[pid  5031] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5031] write(3, "16777216", 8)     = 8
[pid  5031] close(3)                    = 0
[pid  5031] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5031] write(3, "536870912", 9)    = 9
[pid  5031] close(3)                    = 0
[pid  5031] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5031] write(3, "1024", 4)         = 4
[pid  5031] close(3)                    = 0
[pid  5031] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5031] write(3, "8192", 4)         = 4
[pid  5031] close(3)                    = 0
[pid  5031] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5031] write(3, "1024", 4)         = 4
[pid  5031] close(3)                    = 0
[pid  5031] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5031] write(3, "1024", 4)         = 4
[pid  5031] close(3)                    = 0
[pid  5031] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5031] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5031] close(3)                    = 0
[pid  5031] getpid()                    = 1
[pid  5031] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5031] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[   62.077386][ T5032] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  5031] unshare(CLONE_NEWNET)       = 0
[pid  5031] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5031] write(3, "0 65535", 7)      = 7
[pid  5031] close(3)                    = 0
[pid  5031] mkdir("/dev/binderfs", 0777) = 0
[pid  5031] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5031] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5031] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5037 attached
, child_tidptr=0x5555563f3690) = 3
[pid  5037] set_robust_list(0x5555563f36a0, 24) = 0
[pid  5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5037] setpgid(0, 0)               = 0
[pid  5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5037] write(3, "1000", 4)         = 4
[pid  5037] close(3)                    = 0
[pid  5037] openat(AT_FDCWD, "/dev/bus/usb/009/001", O_WRONLY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW) = 3
[pid  5037] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0
[pid  5037] openat(AT_FDCWD, "/sys/devices/platform/vhci_hcd.0/attach", O_WRONLY|O_CLOEXEC) = 6
[pid  5037] write(6, "0 4 0 1", 7)      = 7
[pid  5037] close(6)                    = 0
[   62.168750][ T5037] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[   62.175396][ T5037] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   62.184380][ T5037] vhci_hcd vhci_hcd.0: Device attached
[   62.570099][  T775] usb 9-1: new low-speed USB device number 2 using vhci_hcd
[   64.170746][ T5032] Bluetooth: hci0: command 0x0409 tx timeout
[   66.249810][ T5032] Bluetooth: hci0: command 0x041b tx timeout
[pid  5037] close(3 <unfinished ...>
[pid  5031] kill(-3, SIGKILL)           = 0
[pid  5031] kill(3, SIGKILL)            = 0
[pid  5031] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5031] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5031] getdents64(3, 0x5555563f4850 /* 2 entries */, 32768) = 48
[pid  5031] getdents64(3, 0x5555563f4850 /* 0 entries */, 32768) = 0
[pid  5031] close(3)                    = 0
[   68.319885][ T5032] Bluetooth: hci0: command 0x040f tx timeout
[   70.400330][ T5032] Bluetooth: hci0: command 0x0419 tx timeout
[   82.322675][   T26] cfg80211: failed to load regulatory.db
[  186.799911][ T4432] Bluetooth: hci0: command 0x0406 tx timeout
[  287.120008][   T28] INFO: task kworker/1:2:775 blocked for more than 143 seconds.
[  287.128316][   T28]       Not tainted 6.5.0-rc7-syzkaller-00164-g382d4cd18475 #0
[  287.137176][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  287.146200][   T28] task:kworker/1:2     state:D stack:27392 pid:775   ppid:2      flags:0x00004000
[  287.156237][   T28] Workqueue: usb_hub_wq hub_event
[  287.161618][   T28] Call Trace:
[  287.165392][   T28]  <TASK>
[  287.169033][   T28]  __schedule+0xee1/0x59f0
[  287.174087][   T28]  ? vhci_urb_dequeue+0x342/0x760
[  287.179366][   T28]  ? find_held_lock+0x2d/0x110
[  287.184496][   T28]  ? io_schedule_timeout+0x150/0x150
[  287.190072][   T28]  ? reacquire_held_locks+0x4b0/0x4b0
[  287.195537][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  287.201088][   T28]  ? lockdep_hardirqs_on+0x7d/0x100
[  287.206860][   T28]  schedule+0xe7/0x1b0
[  287.211171][   T28]  usb_kill_urb.part.0+0x1c6/0x250
[  287.216452][   T28]  ? usb_anchor_suspend_wakeups+0x40/0x40
[  287.222486][   T28]  ? prepare_to_swait_exclusive+0x240/0x240
[  287.228511][   T28]  ? preempt_count_sub+0x150/0x150
[  287.233765][   T28]  usb_kill_urb+0x83/0xa0
[  287.238132][   T28]  usb_start_wait_urb+0x251/0x4c0
[  287.243468][   T28]  ? usb_api_blocking_completion+0xa0/0xa0
[  287.249340][   T28]  ? rcu_is_watching+0x12/0xb0
[  287.254518][   T28]  usb_control_msg+0x327/0x4a0
[  287.259345][   T28]  ? usb_start_wait_urb+0x4c0/0x4c0
[  287.264699][   T28]  hub_port_init+0x131c/0x3850
[  287.269835][   T28]  hub_event+0x2e34/0x5230
[  287.274531][   T28]  ? hub_port_debounce+0x3d0/0x3d0
[  287.280048][   T28]  ? reacquire_held_locks+0x4b0/0x4b0
[  287.285481][   T28]  ? spin_bug+0x1d0/0x1d0
[  287.289929][   T28]  process_one_work+0xaa2/0x16f0
[  287.294913][   T28]  ? lock_sync+0x190/0x190
[  287.299418][   T28]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  287.304851][   T28]  ? spin_bug+0x1d0/0x1d0
[  287.309222][   T28]  worker_thread+0x687/0x1110
[  287.316157][   T28]  ? __kthread_parkme+0x152/0x220
[  287.321229][   T28]  ? process_one_work+0x16f0/0x16f0
[  287.326605][   T28]  kthread+0x33a/0x430
[  287.330985][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  287.337190][   T28]  ret_from_fork+0x2c/0x70
[  287.341770][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  287.347440][   T28]  ret_from_fork_asm+0x11/0x20
[  287.352398][   T28]  </TASK>
[  287.355563][   T28] INFO: task syz-executor337:5037 blocked for more than 143 seconds.
[  287.363951][   T28]       Not tainted 6.5.0-rc7-syzkaller-00164-g382d4cd18475 #0
[  287.372078][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  287.380785][   T28] task:syz-executor337 state:D stack:26464 pid:5037  ppid:5031   flags:0x00004006
[  287.390377][   T28] Call Trace:
[  287.393705][   T28]  <TASK>
[  287.396664][   T28]  __schedule+0xee1/0x59f0
[  287.404454][   T28]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  287.410499][   T28]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  287.416529][   T28]  ? print_usage_bug.part.0+0x670/0x670
[  287.422154][   T28]  ? io_schedule_timeout+0x150/0x150
[  287.427586][   T28]  ? __mutex_lock+0x962/0x1340
[  287.432468][   T28]  schedule+0xe7/0x1b0
[  287.436573][   T28]  schedule_preempt_disabled+0x13/0x20
[  287.442165][   T28]  __mutex_lock+0x967/0x1340
[  287.446788][   T28]  ? usbdev_release+0x87/0x4b0
[  287.451630][   T28]  ? mutex_lock_io_nested+0x11a0/0x11a0
[  287.457376][   T28]  ? __fsnotify_parent+0x4fc/0xa10
[  287.462567][   T28]  ? __fsnotify_update_child_dentry_flags+0x360/0x360
[  287.469444][   T28]  ? locks_remove_file+0x399/0x5a0
[  287.474862][   T28]  ? free_async+0x520/0x520
[  287.479407][   T28]  ? usbdev_release+0x87/0x4b0
[  287.484222][   T28]  ? task_work_run+0x127/0x240
[  287.489030][   T28]  usbdev_release+0x87/0x4b0
[  287.493806][   T28]  ? free_async+0x520/0x520
[  287.498452][   T28]  __fput+0x3f7/0xac0
[  287.502534][   T28]  task_work_run+0x14d/0x240
[  287.507170][   T28]  ? task_work_cancel+0x30/0x30
[  287.512277][   T28]  ptrace_notify+0x10c/0x130
[  287.517335][   T28]  syscall_exit_to_user_mode_prepare+0x120/0x220
[  287.524288][   T28]  syscall_exit_to_user_mode+0xd/0x60
[  287.529828][   T28]  do_syscall_64+0x44/0xb0
[  287.534354][   T28]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  287.540376][   T28] RIP: 0033:0x7f9719466dba
[  287.544906][   T28] RSP: 002b:00007fff0e110520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  287.553368][   T28] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f9719466dba
[  287.561417][   T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  287.569571][   T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  287.577598][   T28] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000f4240
[  287.585888][   T28] R13: 00007fff0e110590 R14: 00007fff0e1105a0 R15: 0000000000000001
[  287.594030][   T28]  </TASK>
[  287.597115][   T28] 
[  287.597115][   T28] Showing all locks held in the system:
[  287.606056][   T28] 1 lock held by rcu_tasks_kthre/13:
[  287.612339][   T28]  #0: ffffffff8c9a67f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[  287.622930][   T28] 1 lock held by rcu_tasks_trace/14:
[  287.628219][   T28]  #0: ffffffff8c9a64f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[  287.639325][   T28] 1 lock held by khungtaskd/28:
[  287.644313][   T28]  #0: ffffffff8c9a7400 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340
[  287.654221][   T28] 5 locks held by kworker/1:2/775:
[  287.659358][   T28]  #0: ffff88814727e938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0
[  287.670144][   T28]  #1: ffffc9000436fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0
[  287.681498][   T28]  #2: ffff8880222d3190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c8/0x5230
[  287.690667][   T28]  #3: ffff8880222d7508 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x2a54/0x5230
[  287.700692][   T28]  #4: ffff888143382d68 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x2a7d/0x5230
[  287.710502][   T28] 2 locks held by getty/4781:
[  287.715315][   T28]  #0: ffff88814b5cb098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  287.725244][   T28]  #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfcb/0x1480
[  287.735674][   T28] 1 lock held by syz-executor337/5037:
[  287.741176][   T28]  #0: ffff8880222d3190 (&dev->mutex){....}-{3:3}, at: usbdev_release+0x87/0x4b0
[  287.750468][   T28] 
[  287.752805][   T28] =============================================
[  287.752805][   T28] 
[  287.761293][   T28] NMI backtrace for cpu 1
[  287.765679][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc7-syzkaller-00164-g382d4cd18475 #0
[  287.775711][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  287.786026][   T28] Call Trace:
[  287.789297][   T28]  <TASK>
[  287.792225][   T28]  dump_stack_lvl+0xd9/0x1b0
[  287.797333][   T28]  nmi_cpu_backtrace+0x277/0x380
[  287.802354][   T28]  ? lapic_can_unplug_cpu+0xa0/0xa0
[  287.807648][   T28]  nmi_trigger_cpumask_backtrace+0x2ac/0x310
[  287.813797][   T28]  watchdog+0xf29/0x11b0
[  287.818039][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  287.824037][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  287.830227][   T28]  kthread+0x33a/0x430
[  287.834311][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  287.840043][   T28]  ret_from_fork+0x2c/0x70
[  287.844472][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  287.850203][   T28]  ret_from_fork_asm+0x11/0x20
[  287.855118][   T28]  </TASK>
[  287.858504][   T28] Sending NMI from CPU 1 to CPUs 0:
[  287.863877][    C0] NMI backtrace for cpu 0
[  287.863888][    C0] CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted 6.5.0-rc7-syzkaller-00164-g382d4cd18475 #0
[  287.863910][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  287.863923][    C0] Workqueue: events_unbound toggle_allocation_gate
[  287.863953][    C0] RIP: 0010:kasan_check_range+0x57/0x190
[  287.863985][    C0] Code: f8 0f 83 b3 00 00 00 4c 8d 54 37 ff 48 89 fd 48 b8 00 00 00 00 00 fc ff df 4d 89 d1 48 c1 ed 03 49 c1 e9 03 48 01 c5 49 01 c1 <48> 89 e8 49 8d 59 01 48 89 da 48 29 ea 48 83 fa 10 0f 8e 89 00 00
[  287.864004][    C0] RSP: 0018:ffffc90000b277d0 EFLAGS: 00000082
[  287.864019][    C0] RAX: dffffc0000000000 RBX: ffff888017a528d8 RCX: ffffffff81668a45
[  287.864032][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff9184fe80
[  287.864050][    C0] RBP: fffffbfff2309fd0 R08: 0000000000000000 R09: fffffbfff2309fd0
[  287.864063][    C0] R10: ffffffff9184fe87 R11: 0000000000000000 R12: 0000000000000080
[  287.864075][    C0] R13: 0000000000000007 R14: 1ffff92000164f06 R15: ffff888017a528f8
[  287.864087][    C0] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[  287.864107][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  287.864120][    C0] CR2: 0000560b0e405680 CR3: 000000000c776000 CR4: 00000000003506f0
[  287.864133][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  287.864144][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  287.864156][    C0] Call Trace:
[  287.864161][    C0]  <NMI>
[  287.864167][    C0]  ? nmi_cpu_backtrace+0x1d4/0x380
[  287.864189][    C0]  ? kasan_check_range+0x57/0x190
[  287.864221][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x10
[  287.864249][    C0]  ? nmi_handle+0x145/0x400
[  287.864274][    C0]  ? irqentry_nmi_enter+0x7f/0x90
[  287.864300][    C0]  ? kasan_check_range+0x57/0x190
[  287.864327][    C0]  ? default_do_nmi+0x69/0x160
[  287.864349][    C0]  ? exc_nmi+0x171/0x1e0
[  287.864369][    C0]  ? end_repeat_nmi+0x16/0x31
[  287.864395][    C0]  ? mark_lock+0x105/0x1950
[  287.864420][    C0]  ? kasan_check_range+0x57/0x190
[  287.864447][    C0]  ? kasan_check_range+0x57/0x190
[  287.864475][    C0]  ? kasan_check_range+0x57/0x190
[  287.864502][    C0]  </NMI>
[  287.864507][    C0]  <TASK>
[  287.864513][    C0]  mark_lock+0x105/0x1950
[  287.864537][    C0]  ? lock_sync+0x190/0x190
[  287.864562][    C0]  ? print_usage_bug.part.0+0x670/0x670
[  287.864587][    C0]  ? spin_bug+0x1d0/0x1d0
[  287.864612][    C0]  ? __page_table_check_pte_clear+0xb1/0x2a0
[  287.864639][    C0]  ? __page_table_check_pmd_set+0x3c0/0x3c0
[  287.864665][    C0]  ? __pte_offset_map_lock+0x156/0x250
[  287.864693][    C0]  ? rcu_is_watching+0x12/0xb0
[  287.864726][    C0]  mark_held_locks+0x9f/0xe0
[  287.864751][    C0]  lockdep_hardirqs_on_prepare+0x28f/0x410
[  287.864776][    C0]  ? __kmem_cache_alloc_node+0xca/0x350
[  287.864800][    C0]  trace_hardirqs_on+0x36/0x40
[  287.864820][    C0]  __text_poke+0x5d5/0x8a0
[  287.864838][    C0]  ? setup_data_read+0x200/0x200
[  287.864858][    C0]  ? apply_relocation+0x680/0x680
[  287.864880][    C0]  text_poke_bp_batch+0x40e/0x780
[  287.864899][    C0]  ? __kmem_cache_alloc_node+0xca/0x350
[  287.864924][    C0]  ? do_sync_core+0x30/0x30
[  287.864941][    C0]  ? __jump_label_patch+0x16c/0x340
[  287.864973][    C0]  ? arch_jump_label_transform_queue+0xa3/0x100
[  287.865003][    C0]  text_poke_finish+0x1a/0x30
[  287.865021][    C0]  arch_jump_label_transform_apply+0x17/0x30
[  287.865048][    C0]  jump_label_update+0x32e/0x410
[  287.865074][    C0]  static_key_disable_cpuslocked+0x154/0x1b0
[  287.865100][    C0]  static_key_disable+0x1a/0x20
[  287.865122][    C0]  toggle_allocation_gate+0x13f/0x250
[  287.865142][    C0]  ? wake_up_kfence_timer+0x30/0x30
[  287.865161][    C0]  ? spin_bug+0x1d0/0x1d0
[  287.865189][    C0]  process_one_work+0xaa2/0x16f0
[  287.865216][    C0]  ? lock_sync+0x190/0x190
[  287.865239][    C0]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  287.865264][    C0]  ? spin_bug+0x1d0/0x1d0
[  287.865296][    C0]  worker_thread+0x687/0x1110
[  287.865325][    C0]  ? process_one_work+0x16f0/0x16f0
[  287.865347][    C0]  kthread+0x33a/0x430
[  287.865367][    C0]  ? kthread_complete_and_exit+0x40/0x40
[  287.865388][    C0]  ret_from_fork+0x2c/0x70
[  287.865409][    C0]  ? kthread_complete_and_exit+0x40/0x40
[  287.865430][    C0]  ret_from_fork_asm+0x11/0x20
[  287.865469][    C0]  </TASK>
[  287.865475][    C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.599 msecs
[  287.865907][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[  288.304856][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc7-syzkaller-00164-g382d4cd18475 #0
[  288.314772][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  288.324916][   T28] Call Trace:
[  288.328283][   T28]  <TASK>
[  288.331214][   T28]  dump_stack_lvl+0xd9/0x1b0
[  288.335822][   T28]  panic+0x6a4/0x750
[  288.339736][   T28]  ? panic_smp_self_stop+0xa0/0xa0
[  288.344956][   T28]  ? lapic_can_unplug_cpu+0xa0/0xa0
[  288.350181][   T28]  ? preempt_schedule_thunk+0x1a/0x30
[  288.355590][   T28]  ? watchdog+0xce1/0x11b0
[  288.360032][   T28]  watchdog+0xcf2/0x11b0
[  288.364302][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  288.370318][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  288.376582][   T28]  kthread+0x33a/0x430
[  288.380666][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  288.386312][   T28]  ret_from_fork+0x2c/0x70
[  288.390833][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  288.396744][   T28]  ret_from_fork_asm+0x11/0x20
[  288.401720][   T28]  </TASK>
[  288.405212][   T28] Kernel Offset: disabled
[  288.409525][   T28] Rebooting in 86400 seconds..