./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1098732408

<...>
forked to background, child pid [   21.974873][ T4665] dhcpcd (4665) used greatest stack depth: 22288 bytes left
4667
[   21.992887][ T4668] 8021q: adding VLAN 0 to HW filter on device bond0
[   22.007205][ T4668] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.96' (ECDSA) to the list of known hosts.
execve("./syz-executor1098732408", ["./syz-executor1098732408"], 0x7ffd7af3b860 /* 10 vars */) = 0
brk(NULL)                               = 0x555555927000
brk(0x555555927c40)                     = 0x555555927c40
arch_prctl(ARCH_SET_FS, 0x555555927300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1098732408", 4096) = 28
brk(0x555555948c40)                     = 0x555555948c40
brk(0x555555949000)                     = 0x555555949000
mprotect(0x7fc145db7000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 4998
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "4998", 4)                     = 4
close(3)                                = 0
mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24
close(3)                                = 0
chmod("/dev/raw-gadget", 0666)          = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559275d0) = 4999
./strace-static-x86_64: Process 4999 attached
[pid  4999] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  4999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4999] setsid()                    = 1
[pid  4999] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  4999] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  4999] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  4999] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  4999] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  4999] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  4999] unshare(CLONE_NEWNS)        = 0
[pid  4999] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  4999] unshare(CLONE_NEWIPC)       = 0
[pid  4999] unshare(CLONE_NEWCGROUP)    = 0
[pid  4999] unshare(CLONE_NEWUTS)       = 0
[pid  4999] unshare(CLONE_SYSVSEM)      = 0
[pid  4999] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  4999] write(3, "16777216", 8)     = 8
[pid  4999] close(3)                    = 0
[pid  4999] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  4999] write(3, "536870912", 9)    = 9
[pid  4999] close(3)                    = 0
[pid  4999] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  4999] write(3, "1024", 4)         = 4
[pid  4999] close(3)                    = 0
[pid  4999] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  4999] write(3, "8192", 4)         = 4
[pid  4999] close(3)                    = 0
[pid  4999] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  4999] write(3, "1024", 4)         = 4
[pid  4999] close(3)                    = 0
[pid  4999] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  4999] write(3, "1024", 4)         = 4
[pid  4999] close(3)                    = 0
[pid  4999] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  4999] write(3, "1024 1048576 500 1024", 21) = 21
[pid  4999] close(3)                    = 0
[pid  4999] getpid()                    = 1
[pid  4999] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  4999] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  4999] unshare(CLONE_NEWNET)       = 0
[pid  4999] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  4999] write(3, "0 65535", 7)      = 7
[pid  4999] close(3)                    = 0
[pid  4999] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  4999] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  4999] close(3)                    = 0
[pid  4999] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  4999] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  4999] recvfrom(3, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid  4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4999] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  4999] recvfrom(3, [{nlmsg_len=2496, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid  4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4999] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  4999] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  4999] access("/proc/net", R_OK)   = 0
[pid  4999] access("/proc/net/unix", R_OK) = 0
[pid  4999] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4999] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  4999] close(4)                    = 0
[pid  4999] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4999] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  4999] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  4999] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  4999] close(4)                    = 0
[pid  4999] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4999] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  4999] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  4999] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4999] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  4999] close(4)                    = 0
[pid  4999] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4999] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  4999] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  4999] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  4999] close(4)                    = 0
syzkaller login: [   45.804566][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   45.812611][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   45.821939][  T896] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  4999] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  4999] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4999] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4999] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  4999] close(4)                    = 0
[pid  4999] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  4999] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  4999] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  4999] close(4)                    = 0
[pid  4999] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4999] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  4999] close(4)                    = 0
[pid  4999] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  4999] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  4999] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  4999] close(4)                    = 0
[pid  4999] close(3)                    = 0
[pid  4999] mkdir("/dev/binderfs", 0777) = 0
[pid  4999] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  4999] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4999] memfd_create("syzkaller", 0) = 3
[pid  4999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc13d8d9000
[   45.848210][   T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   45.856178][   T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   45.864329][ T3847] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   45.880276][ T4999] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4999 'syz-executor109'
[pid  4999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid  4999] munmap(0x7fc13d8d9000, 1048576) = 0
[pid  4999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4999] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4999] close(3)                    = 0
[pid  4999] mkdir("./file0", 0777)      = 0
[pid  4999] mount("/dev/loop0", "./file0", "udf", MS_NODEV, "novrs,") = 0
[pid  4999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4999] chdir("./file0")            = 0
[pid  4999] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4999] close(4)                    = 0
[pid  4999] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4
[pid  4999] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid  4999] memfd_create("syzkaller", 0) = 5
[pid  4999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
[pid  4999] close(5)                    = 0
[pid  4999] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5
[   45.900907][ T4999] loop0: detected capacity change from 0 to 2048
[   45.911373][ T4999] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[   45.922610][ T4999] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found
[   45.930346][ T4999] UDF-fs: Scanning with blocksize 512 failed
[   45.938651][ T4999] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[pid  4999] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576
[pid  4999] exit_group(1)               = ?
[   46.036865][ T4999] ==================================================================
[   46.044923][ T4999] BUG: KASAN: use-after-free in crc_itu_t+0xd2/0xe0
[   46.051511][ T4999] Read of size 1 at addr ffff888073040000 by task syz-executor109/4999
[   46.059730][ T4999] 
[   46.062034][ T4999] CPU: 0 PID: 4999 Comm: syz-executor109 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[   46.072426][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   46.082462][ T4999] Call Trace:
[   46.085723][ T4999]  <TASK>
[   46.088638][ T4999]  dump_stack_lvl+0xd9/0x150
[   46.093223][ T4999]  print_address_description.constprop.0+0x2c/0x3c0
[   46.099805][ T4999]  ? crc_itu_t+0xd2/0xe0
[   46.104041][ T4999]  kasan_report+0x11c/0x130
[   46.108538][ T4999]  ? crc_itu_t+0xd2/0xe0
[   46.112774][ T4999]  crc_itu_t+0xd2/0xe0
[   46.116829][ T4999]  udf_finalize_lvid+0xe0/0x1d0
[   46.121669][ T4999]  ? udf_mount+0x40/0x40
[   46.125898][ T4999]  udf_sync_fs+0xea/0x150
[   46.130210][ T4999]  ? udf_finalize_lvid+0x1d0/0x1d0
[   46.135303][ T4999]  sync_filesystem.part.0+0x75/0x1d0
[   46.140570][ T4999]  sync_filesystem+0x8f/0xc0
[   46.145146][ T4999]  generic_shutdown_super+0x74/0x480
[   46.150417][ T4999]  kill_block_super+0xa1/0x100
[   46.155165][ T4999]  deactivate_locked_super+0x98/0x160
[   46.160524][ T4999]  deactivate_super+0xb1/0xd0
[   46.165186][ T4999]  cleanup_mnt+0x2ae/0x3d0
[   46.169587][ T4999]  task_work_run+0x16f/0x270
[   46.174171][ T4999]  ? task_work_cancel+0x30/0x30
[   46.179006][ T4999]  do_exit+0xaa3/0x29b0
[   46.183150][ T4999]  ? lock_downgrade+0x690/0x690
[   46.187987][ T4999]  ? do_raw_spin_lock+0x124/0x2b0
[   46.193000][ T4999]  ? mm_update_next_owner+0x7b0/0x7b0
[   46.198353][ T4999]  ? spin_bug+0x1c0/0x1c0
[   46.202669][ T4999]  ? _raw_spin_unlock_irq+0x23/0x50
[   46.207857][ T4999]  do_group_exit+0xd4/0x2a0
[   46.212348][ T4999]  __x64_sys_exit_group+0x3e/0x50
[   46.217356][ T4999]  do_syscall_64+0x39/0xb0
[   46.221767][ T4999]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.227654][ T4999] RIP: 0033:0x7fc145d2d4f9
[   46.232050][ T4999] Code: Unable to access opcode bytes at 0x7fc145d2d4cf.
[   46.239045][ T4999] RSP: 002b:00007ffe93264168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   46.247439][ T4999] RAX: ffffffffffffffda RBX: 00007fc145dbd3f0 RCX: 00007fc145d2d4f9
[   46.255397][ T4999] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   46.263357][ T4999] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 000000000000000c
[   46.271308][ T4999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc145dbd3f0
[   46.279260][ T4999] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   46.287217][ T4999]  </TASK>
[   46.290215][ T4999] 
[   46.292516][ T4999] The buggy address belongs to the physical page:
[   46.298905][ T4999] page:ffffea0001cc1000 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x73040
[   46.309034][ T4999] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   46.316121][ T4999] page_type: 0xffffffff()
[   46.320432][ T4999] raw: 00fff00000000000 ffffea0001cef888 ffffea0001cf6f88 0000000000000000
[   46.329008][ T4999] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   46.337600][ T4999] page dumped because: kasan: bad access detected
[   46.343987][ T4999] page_owner tracks the page as freed
[   46.349333][ T4999] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4984, tgid 4984 (sshd), ts 38671612077, free_ts 38696003148
[   46.367287][ T4999]  post_alloc_hook+0x2db/0x350
[   46.372043][ T4999]  get_page_from_freelist+0xf41/0x2c00
[   46.377492][ T4999]  __alloc_pages+0x1cb/0x4a0
[   46.382072][ T4999]  __folio_alloc+0x16/0x40
[   46.386479][ T4999]  vma_alloc_folio+0x155/0x890
[   46.391232][ T4999]  __handle_mm_fault+0x224c/0x41c0
[   46.396326][ T4999]  handle_mm_fault+0x2af/0x9f0
[   46.401070][ T4999]  do_user_addr_fault+0x2ca/0x1210
[   46.406166][ T4999]  exc_page_fault+0x98/0x170
[   46.410743][ T4999]  asm_exc_page_fault+0x26/0x30
[   46.415582][ T4999] page last free stack trace:
[   46.420232][ T4999]  free_unref_page_prepare+0x62e/0xcb0
[   46.425681][ T4999]  free_unref_page_list+0xe3/0xa70
[   46.430783][ T4999]  release_pages+0xcd8/0x1380
[   46.435451][ T4999]  tlb_batch_pages_flush+0xa8/0x1a0
[   46.440639][ T4999]  tlb_finish_mmu+0x14b/0x7e0
[   46.445303][ T4999]  unmap_region+0x23d/0x2d0
[   46.449788][ T4999]  do_vmi_align_munmap+0xe26/0x1580
[   46.454971][ T4999]  do_vmi_munmap+0x26e/0x2c0
[   46.459550][ T4999]  __vm_munmap+0x133/0x3b0
[   46.463949][ T4999]  __x64_sys_munmap+0x62/0x80
[   46.468613][ T4999]  do_syscall_64+0x39/0xb0
[   46.473017][ T4999]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.478899][ T4999] 
[   46.481204][ T4999] Memory state around the buggy address:
[   46.486813][ T4999]  ffff88807303ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.494878][ T4999]  ffff88807303ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.502934][ T4999] >ffff888073040000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.510976][ T4999]                    ^
[   46.515020][ T4999]  ffff888073040080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.523058][ T4999]  ffff888073040100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   46.531101][ T4999] ==================================================================
[   46.541458][ T4999] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   46.548646][ T4999] CPU: 0 PID: 4999 Comm: syz-executor109 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[   46.559041][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   46.569079][ T4999] Call Trace:
[   46.572339][ T4999]  <TASK>
[   46.575253][ T4999]  dump_stack_lvl+0xd9/0x150
[   46.579831][ T4999]  panic+0x686/0x730
[   46.583715][ T4999]  ? panic_smp_self_stop+0xa0/0xa0
[   46.588819][ T4999]  ? preempt_schedule_thunk+0x1a/0x20
[   46.594183][ T4999]  ? preempt_schedule_common+0x45/0xb0
[   46.599630][ T4999]  check_panic_on_warn+0xb1/0xc0
[   46.604564][ T4999]  end_report+0xe9/0x120
[   46.608797][ T4999]  ? crc_itu_t+0xd2/0xe0
[   46.613032][ T4999]  kasan_report+0xf9/0x130
[   46.617442][ T4999]  ? crc_itu_t+0xd2/0xe0
[   46.621672][ T4999]  crc_itu_t+0xd2/0xe0
[   46.625730][ T4999]  udf_finalize_lvid+0xe0/0x1d0
[   46.630566][ T4999]  ? udf_mount+0x40/0x40
[   46.634789][ T4999]  udf_sync_fs+0xea/0x150
[   46.639101][ T4999]  ? udf_finalize_lvid+0x1d0/0x1d0
[   46.644198][ T4999]  sync_filesystem.part.0+0x75/0x1d0
[   46.649468][ T4999]  sync_filesystem+0x8f/0xc0
[   46.654039][ T4999]  generic_shutdown_super+0x74/0x480
[   46.659311][ T4999]  kill_block_super+0xa1/0x100
[   46.664062][ T4999]  deactivate_locked_super+0x98/0x160
[   46.669423][ T4999]  deactivate_super+0xb1/0xd0
[   46.674083][ T4999]  cleanup_mnt+0x2ae/0x3d0
[   46.678482][ T4999]  task_work_run+0x16f/0x270
[   46.683055][ T4999]  ? task_work_cancel+0x30/0x30
[   46.687892][ T4999]  do_exit+0xaa3/0x29b0
[   46.692032][ T4999]  ? lock_downgrade+0x690/0x690
[   46.696869][ T4999]  ? do_raw_spin_lock+0x124/0x2b0
[   46.701882][ T4999]  ? mm_update_next_owner+0x7b0/0x7b0
[   46.707238][ T4999]  ? spin_bug+0x1c0/0x1c0
[   46.711559][ T4999]  ? _raw_spin_unlock_irq+0x23/0x50
[   46.716750][ T4999]  do_group_exit+0xd4/0x2a0
[   46.721235][ T4999]  __x64_sys_exit_group+0x3e/0x50
[   46.726243][ T4999]  do_syscall_64+0x39/0xb0
[   46.730667][ T4999]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.736552][ T4999] RIP: 0033:0x7fc145d2d4f9
[   46.740945][ T4999] Code: Unable to access opcode bytes at 0x7fc145d2d4cf.
[   46.747942][ T4999] RSP: 002b:00007ffe93264168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   46.756338][ T4999] RAX: ffffffffffffffda RBX: 00007fc145dbd3f0 RCX: 00007fc145d2d4f9
[   46.764290][ T4999] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   46.772240][ T4999] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 000000000000000c
[   46.780192][ T4999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc145dbd3f0
[   46.788149][ T4999] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   46.796108][ T4999]  </TASK>
[   46.800052][ T4999] Kernel Offset: disabled
[   46.804361][ T4999] Rebooting in 86400 seconds..