./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4029982730 <...> Warning: Permanently added '10.128.1.76' (ECDSA) to the list of known hosts. execve("./syz-executor4029982730", ["./syz-executor4029982730"], 0x7ffc53256fa0 /* 10 vars */) = 0 brk(NULL) = 0x555556583000 brk(0x555556583d40) = 0x555556583d40 arch_prctl(ARCH_SET_FS, 0x555556583400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555565836d0) = 5082 set_robust_list(0x5555565836e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f72ec503420, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f72ec502970}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f72ec5034c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f72ec502970}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4029982730", 4096) = 28 brk(0x5555565a4d40) = 0x5555565a4d40 brk(0x5555565a5000) = 0x5555565a5000 mprotect(0x7f72ec5c5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5082 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "5082", 4) = 4 close(3) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f72ec4fcb80, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f72ec502970}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f72ec4fcb80, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f72ec502970}, NULL, 8) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565836d0) = 5083 ./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x5555565836e0, 24) = 0 [pid 5083] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5083] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 5083] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5083] dup2(4, 202) = 202 [pid 5083] close(4) = 0 [pid 5083] write(202, "\xff\x00", 2) = 2 [pid 5083] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5083] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72ebcf1000 [pid 5083] mprotect(0x7f72ebcf2000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f72ec4f12f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7f72ec4f1700, child_tidptr=0x7f72ec4f19d0) = 2 [pid 5083] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7f72ec4f19e0, 24) = 0 [pid 5085] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5085] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5085] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5085] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5085] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 5085] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5085] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5085] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5085] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 syzkaller login: [ 82.683950][ T5084] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.692603][ T5084] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.701687][ T5084] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.712542][ T5084] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.722370][ T5084] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [pid 5085] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5085] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5085] read(202, [pid 5083] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5083] ioctl(3, HCISETSCAN [pid 5085] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5085] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 5083] <... ioctl resumed>, 0x7ffe54e68260) = 0 [pid 5085] madvise(0x7f72ebcf1000, 8372224, MADV_DONTNEED) = 0 [pid 5085] exit(0 [pid 5083] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 5085] <... exit resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5083] <... writev resumed>) = 13 [pid 5083] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 5083] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 5083] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 5083] close(3) = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setsid() = 1 [pid 5083] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5083] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5083] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5083] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5083] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5083] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5083] unshare(CLONE_NEWNS) = 0 [pid 5083] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5083] unshare(CLONE_NEWIPC) = 0 [pid 5083] unshare(CLONE_NEWCGROUP) = 0 [pid 5083] unshare(CLONE_NEWUTS) = 0 [pid 5083] unshare(CLONE_SYSVSEM) = 0 [pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "16777216", 8) = 8 [pid 5083] close(3) = 0 [pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "536870912", 9) = 9 [pid 5083] close(3) = 0 [pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1024", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "8192", 4) = 4 [ 82.731349][ T5084] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [pid 5083] close(3) = 0 [pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1024", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1024", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5083] close(3) = 0 [pid 5083] getpid() = 1 [pid 5083] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5083] futex(0x7f72ec5cb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] mount("/dev/sg0", NULL, NULL, 0, NULL [pid 5083] futex(0x7f72ec5cb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5088] futex(0x7f72ec5cb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f72ec5cb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f72ec5cb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5088] futex(0x7f72ec5cb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f72ec5cb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f72ec5cb6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f72ebcaf000 [pid 5083] mprotect(0x7f72ebcb0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f72ebccf2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5089 attached [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5083] <... clone resumed>, parent_tid=[4], tls=0x7f72ebccf700, child_tidptr=0x7f72ebccf9d0) = 4 [pid 5089] set_robust_list(0x7f72ebccf9e0, 24 [pid 5083] futex(0x7f72ec5cb6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f72ec5cb6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] <... set_robust_list resumed>) = 0 [pid 5089] memfd_create("syzkaller", 0) = 4 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f72e38af000 [pid 5089] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5089] munmap(0x7f72e38af000, 131072) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5089] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5089] close(4) = 0 [pid 5089] mkdir("./file0", 0777) = 0 [pid 5089] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_RELATIME|MS_STRICTATIME, "") = 0 [pid 5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5089] chdir("./file0") = 0 [pid 5089] ioctl(5, LOOP_CLR_FD) = 0 [pid 5089] close(5) = 0 [pid 5089] futex(0x7f72ec5cb6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f72ec5cb6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f72ec5cb6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 1 [pid 5089] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5088] <... write resumed>) = 1728512 [pid 5088] futex(0x7f72ec5cb6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f72ec5cb6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... mmap resumed>) = 0x20000000 [pid 5089] futex(0x7f72ec5cb6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5083] futex(0x7f72ec5cb6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7f72ec5cb6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5083] futex(0x7f72ec5cb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000192} --- [ 82.857708][ T5089] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5089 'syz-executor402' [ 82.887521][ T5089] loop0: detected capacity change from 0 to 256 [pid 5088] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5088] futex(0x7f72ec5cb6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f72ec5cb6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f72ec5cb6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5088] write(5, "\x65\x78\x66\x61\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48 [pid 5083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 82.944836][ T5088] sg_write: data in/out 80/6 bytes for SCSI command 0x0-- guessing data in; [ 82.944836][ T5088] program syz-executor402 not setting count and/or reply_len properly [ 82.962896][ T5088] ------------[ cut here ]------------ [ 82.968536][ T5088] WARNING: CPU: 1 PID: 5088 at lib/iov_iter.c:364 _copy_from_iter+0x2ad/0x1060 [ 82.977647][ T5088] Modules linked in: [ 82.981592][ T5088] CPU: 1 PID: 5088 Comm: syz-executor402 Not tainted 6.2.0-rc8-next-20230217-syzkaller #0 [ 82.991622][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 83.001773][ T5088] RIP: 0010:_copy_from_iter+0x2ad/0x1060 [ 83.007534][ T5088] Code: 5d 41 5c 41 5d 41 5e 41 5f c3 e8 ae 05 6a fd be 70 01 00 00 48 c7 c7 c0 d2 a6 8a e8 0d 94 a6 fd e9 56 fe ff ff e8 93 05 6a fd <0f> 0b 45 31 ff eb 8b e8 87 05 6a fd 31 ff 89 ee e8 8e 01 6a fd 40 [ 83.027288][ T5088] RSP: 0018:ffffc90003dff5e0 EFLAGS: 00010293 [ 83.033474][ T5088] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 83.041491][ T5088] RDX: ffff8880212257c0 RSI: ffffffff841a8dcd RDI: 0000000000000001 [ 83.049587][ T5088] RBP: 0000000000000050 R08: 0000000000000001 R09: 0000000000000000 [ 83.057645][ T5088] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 83.065737][ T5088] R13: ffffea0000868600 R14: ffffc90003dff818 R15: 0000000000000050 [ 83.073810][ T5088] FS: 00007f72ebcf0700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 83.082782][ T5088] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 5083] close(3) = 0 [pid 5083] close(4) = 0 [pid 5083] close(5) = 0 [pid 5083] close(6) = -1 EBADF (Bad file descriptor) [pid 5083] close(7) = -1 EBADF (Bad file descriptor) [ 83.089517][ T5088] CR2: 000000002000002c CR3: 000000007af5c000 CR4: 00000000003506e0 [ 83.097600][ T5088] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.105716][ T5088] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.113779][ T5088] Call Trace: [ 83.117095][ T5088] [ 83.120064][ T5088] ? __lock_acquire+0x1916/0x5df0 [ 83.125244][ T5088] ? hash_and_copy_to_iter+0x210/0x210 [ 83.130782][ T5088] ? bio_add_pc_page+0xbc/0x100 [ 83.135753][ T5088] copy_page_from_iter+0x233/0x3f0 [pid 5083] close(8) = -1 EBADF (Bad file descriptor) [pid 5083] close(9) = -1 EBADF (Bad file descriptor) [pid 5083] close(10) = -1 EBADF (Bad file descriptor) [pid 5083] close(11) = -1 EBADF (Bad file descriptor) [pid 5083] close(12) = -1 EBADF (Bad file descriptor) [pid 5083] close(13) = -1 EBADF (Bad file descriptor) [pid 5083] close(14) = -1 EBADF (Bad file descriptor) [pid 5083] close(15) = -1 EBADF (Bad file descriptor) [pid 5083] close(16) = -1 EBADF (Bad file descriptor) [pid 5083] close(17) = -1 EBADF (Bad file descriptor) [pid 5083] close(18) = -1 EBADF (Bad file descriptor) [pid 5083] close(19) = -1 EBADF (Bad file descriptor) [pid 5083] close(20) = -1 EBADF (Bad file descriptor) [pid 5083] close(21) = -1 EBADF (Bad file descriptor) [pid 5083] close(22) = -1 EBADF (Bad file descriptor) [pid 5083] close(23) = -1 EBADF (Bad file descriptor) [pid 5083] close(24) = -1 EBADF (Bad file descriptor) [pid 5083] close(25) = -1 EBADF (Bad file descriptor) [pid 5083] close(26) = -1 EBADF (Bad file descriptor) [pid 5083] close(27) = -1 EBADF (Bad file descriptor) [pid 5083] close(28) = -1 EBADF (Bad file descriptor) [pid 5083] close(29) = -1 EBADF (Bad file descriptor) [pid 5083] exit_group(1) = ? [pid 5089] <... futex resumed>) = ? [pid 5089] +++ exited with 1 +++ [ 83.140957][ T5088] blk_rq_map_user_iov+0xb5d/0x16e0 [ 83.146359][ T5088] ? find_held_lock+0x2d/0x110 [ 83.151197][ T5088] ? bio_map_user_iov+0xf50/0xf50 [ 83.156401][ T5088] ? sg_common_write.constprop.0+0xc89/0x1e00 [ 83.162724][ T5088] ? trace_contention_end+0x173/0x1e0 [ 83.168306][ T5088] ? __mutex_lock+0x231/0x1350 [ 83.173149][ T5088] blk_rq_map_user_io+0x1cd/0x200 [ 83.178305][ T5088] ? blk_rq_map_user_io.part.0+0x270/0x270 [ 83.184663][ T5088] ? wait_for_completion_io_timeout+0x20/0x20 [ 83.190779][ T5088] sg_common_write.constprop.0+0xdcd/0x1e00 [ 83.196800][ T5088] ? sg_read+0x1520/0x1520 [ 83.201295][ T5088] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 83.207253][ T5088] sg_write.part.0+0x75d/0xd90 [ 83.212074][ T5088] ? sg_new_write.isra.0+0xa90/0xa90 [ 83.217490][ T5088] ? __lock_acquire+0xbe1/0x5df0 [ 83.222495][ T5088] ? aa_path_link+0x2f0/0x2f0 [ 83.227334][ T5088] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.233476][ T5088] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.239517][ T5088] ? apparmor_file_permission+0x272/0x4e0 [ 83.245357][ T5088] sg_write+0x8d/0xe0 [ 83.249402][ T5088] vfs_write+0x2db/0xe10 [ 83.253743][ T5088] ? sg_write.part.0+0xd90/0xd90 [ 83.258755][ T5088] ? kernel_write+0x670/0x670 [ 83.263555][ T5088] ? receive_fd+0x110/0x110 [ 83.268107][ T5088] ? __fget_files+0x26a/0x480 [ 83.272824][ T5088] ? __fget_light+0xe5/0x270 [ 83.277520][ T5088] ksys_write+0x12b/0x250 [ 83.281897][ T5088] ? __ia32_sys_read+0xb0/0xb0 [ 83.286774][ T5088] ? lockdep_hardirqs_on+0x7d/0x100 [ 83.292034][ T5088] ? _raw_spin_unlock_irq+0x2e/0x50 [ 83.297391][ T5088] ? ptrace_notify+0xfe/0x140 [ 83.302131][ T5088] do_syscall_64+0x39/0xb0 [ 83.306717][ T5088] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.312688][ T5088] RIP: 0033:0x7f72ec54d699 [ 83.317182][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 83.337067][ T5088] RSP: 002b:00007f72ebcf0208 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 83.345560][ T5088] RAX: ffffffffffffffda RBX: 00007f72ec5cb6c8 RCX: 00007f72ec54d699 [ 83.353681][ T5088] RDX: 0000000000000030 RSI: 0000000020000000 RDI: 0000000000000005 [ 83.361670][ T5088] RBP: 00007f72ec5cb6c0 R08: 00007f72ec5cb6c0 R09: 0000000000000000 [ 83.369801][ T5088] R10: 00007f72ebcf0210 R11: 0000000000000246 R12: 00007f72ec5cb6cc [ 83.377919][ T5088] R13: 00007ffe54e6818f R14: 00007f72ebcf0300 R15: 0000000000022000 [ 83.386003][ T5088] [ 83.389074][ T5088] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 83.396365][ T5088] CPU: 1 PID: 5088 Comm: syz-executor402 Not tainted 6.2.0-rc8-next-20230217-syzkaller #0 [ 83.406270][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 83.416352][ T5088] Call Trace: [ 83.420002][ T5088] [ 83.422941][ T5088] dump_stack_lvl+0xd9/0x150 [ 83.427561][ T5088] panic+0x61b/0x6c0 [ 83.431486][ T5088] ? panic_smp_self_stop+0x90/0x90 [ 83.436618][ T5088] ? show_trace_log_lvl+0x285/0x390 [ 83.441856][ T5088] ? _copy_from_iter+0x2ad/0x1060 [ 83.446907][ T5088] check_panic_on_warn+0xb1/0xc0 [ 83.451868][ T5088] __warn+0xf2/0x4f0 [ 83.455786][ T5088] ? _copy_from_iter+0x2ad/0x1060 [ 83.460859][ T5088] report_bug+0x2da/0x500 [ 83.465231][ T5088] handle_bug+0x3c/0x70 [ 83.469410][ T5088] exc_invalid_op+0x18/0x50 [ 83.473945][ T5088] asm_exc_invalid_op+0x1a/0x20 [ 83.478823][ T5088] RIP: 0010:_copy_from_iter+0x2ad/0x1060 [ 83.484481][ T5088] Code: 5d 41 5c 41 5d 41 5e 41 5f c3 e8 ae 05 6a fd be 70 01 00 00 48 c7 c7 c0 d2 a6 8a e8 0d 94 a6 fd e9 56 fe ff ff e8 93 05 6a fd <0f> 0b 45 31 ff eb 8b e8 87 05 6a fd 31 ff 89 ee e8 8e 01 6a fd 40 [ 83.504195][ T5088] RSP: 0018:ffffc90003dff5e0 EFLAGS: 00010293 [ 83.510290][ T5088] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 83.518279][ T5088] RDX: ffff8880212257c0 RSI: ffffffff841a8dcd RDI: 0000000000000001 [ 83.526268][ T5088] RBP: 0000000000000050 R08: 0000000000000001 R09: 0000000000000000 [ 83.534269][ T5088] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 83.542259][ T5088] R13: ffffea0000868600 R14: ffffc90003dff818 R15: 0000000000000050 [ 83.550259][ T5088] ? _copy_from_iter+0x2ad/0x1060 [ 83.555342][ T5088] ? __lock_acquire+0x1916/0x5df0 [ 83.560416][ T5088] ? hash_and_copy_to_iter+0x210/0x210 [ 83.565930][ T5088] ? bio_add_pc_page+0xbc/0x100 [ 83.570821][ T5088] copy_page_from_iter+0x233/0x3f0 [ 83.575974][ T5088] blk_rq_map_user_iov+0xb5d/0x16e0 [ 83.581221][ T5088] ? find_held_lock+0x2d/0x110 [ 83.586015][ T5088] ? bio_map_user_iov+0xf50/0xf50 [ 83.591090][ T5088] ? sg_common_write.constprop.0+0xc89/0x1e00 [ 83.597202][ T5088] ? trace_contention_end+0x173/0x1e0 [ 83.602615][ T5088] ? __mutex_lock+0x231/0x1350 [ 83.607424][ T5088] blk_rq_map_user_io+0x1cd/0x200 [ 83.612485][ T5088] ? blk_rq_map_user_io.part.0+0x270/0x270 [ 83.618325][ T5088] ? wait_for_completion_io_timeout+0x20/0x20 [ 83.624455][ T5088] sg_common_write.constprop.0+0xdcd/0x1e00 [ 83.630401][ T5088] ? sg_read+0x1520/0x1520 [ 83.634856][ T5088] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 83.640707][ T5088] sg_write.part.0+0x75d/0xd90 [ 83.645522][ T5088] ? sg_new_write.isra.0+0xa90/0xa90 [ 83.650854][ T5088] ? __lock_acquire+0xbe1/0x5df0 [ 83.655838][ T5088] ? aa_path_link+0x2f0/0x2f0 [ 83.660550][ T5088] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.666580][ T5088] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.672617][ T5088] ? apparmor_file_permission+0x272/0x4e0 [ 83.678382][ T5088] sg_write+0x8d/0xe0 [ 83.682409][ T5088] vfs_write+0x2db/0xe10 [ 83.686690][ T5088] ? sg_write.part.0+0xd90/0xd90 [ 83.691669][ T5088] ? kernel_write+0x670/0x670 [ 83.696381][ T5088] ? receive_fd+0x110/0x110 [ 83.700925][ T5088] ? __fget_files+0x26a/0x480 [ 83.705636][ T5088] ? __fget_light+0xe5/0x270 [ 83.710259][ T5088] ksys_write+0x12b/0x250 [ 83.714701][ T5088] ? __ia32_sys_read+0xb0/0xb0 [ 83.719490][ T5088] ? lockdep_hardirqs_on+0x7d/0x100 [ 83.724728][ T5088] ? _raw_spin_unlock_irq+0x2e/0x50 [ 83.729965][ T5088] ? ptrace_notify+0xfe/0x140 [ 83.734685][ T5088] do_syscall_64+0x39/0xb0 [ 83.739132][ T5088] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.745164][ T5088] RIP: 0033:0x7f72ec54d699 [ 83.749598][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 83.769234][ T5088] RSP: 002b:00007f72ebcf0208 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 83.777675][ T5088] RAX: ffffffffffffffda RBX: 00007f72ec5cb6c8 RCX: 00007f72ec54d699 [ 83.785683][ T5088] RDX: 0000000000000030 RSI: 0000000020000000 RDI: 0000000000000005 [ 83.793676][ T5088] RBP: 00007f72ec5cb6c0 R08: 00007f72ec5cb6c0 R09: 0000000000000000 [ 83.801756][ T5088] R10: 00007f72ebcf0210 R11: 0000000000000246 R12: 00007f72ec5cb6cc [ 83.809760][ T5088] R13: 00007ffe54e6818f R14: 00007f72ebcf0300 R15: 0000000000022000 [ 83.817774][ T5088] [ 83.821025][ T5088] Kernel Offset: disabled [ 83.825459][ T5088] Rebooting in 86400 seconds..