./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4098272667 <...> Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts. execve("./syz-executor4098272667", ["./syz-executor4098272667"], 0x7ffe1ffa5960 /* 10 vars */) = 0 brk(NULL) = 0x5555560f8000 brk(0x5555560f8d00) = 0x5555560f8d00 arch_prctl(ARCH_SET_FS, 0x5555560f8380) = 0 set_tid_address(0x5555560f8650) = 5059 set_robust_list(0x5555560f8660, 24) = 0 rseq(0x5555560f8ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4098272667", 4096) = 28 getrandom("\x76\xa6\x94\xec\x89\x39\x67\x5a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555560f8d00 brk(0x555556119d00) = 0x555556119d00 brk(0x55555611a000) = 0x55555611a000 mprotect(0x7f8890633000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.DU6r0E", 0700) = 0 chmod("./syzkaller.DU6r0E", 0777) = 0 chdir("./syzkaller.DU6r0E") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached , child_tidptr=0x5555560f8650) = 5060 [pid 5060] set_robust_list(0x5555560f8660, 24) = 0 [pid 5060] chdir("./0") = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8888180000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5060] munmap(0x7f8888180000, 138412032) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file0", 0777) = 0 syzkaller login: [ 59.929727][ T5060] loop0: detected capacity change from 0 to 2048 [ 59.944999][ T5060] ======================================================= [ 59.944999][ T5060] WARNING: The mand mount option has been deprecated and [ 59.944999][ T5060] and is ignored by this kernel. Remove the mand [ 59.944999][ T5060] option from the mount to silence this warning. [pid 5060] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_MANDLOCK|MS_NOATIME|MS_REC|MS_POSIXACL, "iocharset=iso8859-1,longad,gid=forget,uid=00000000000000000000,gid=00000000000000000000,umask=000000"...) = 0 [pid 5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file0") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [ 59.944999][ T5060] ======================================================= [ 59.984626][ T5060] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 59.997269][ T5060] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5060] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5060] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5060] write(5, "\x69\x64\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x32\x2c\x75\x6e\x64\x65\x6c\x65\x74\x65\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5060] creat("./bus", 000) = 6 [pid 5060] lseek(6, 512, SEEK_SET) = 512 [pid 5060] open("./bus", O_RDONLY) = 7 [pid 5060] sendfile(6, 7, NULL, 122112) = 122112 [pid 5060] exit_group(0) = ? [pid 5060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f96f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556101730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556101730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555560f96f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560f8650) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x5555560f8660, 24) = 0 [pid 5062] chdir("./1") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] memfd_create("syzkaller", 0) = 3 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8888180000 [pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5062] munmap(0x7f8888180000, 138412032) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5062] close(3) = 0 [pid 5062] mkdir("./file0", 0777) = 0 [pid 5062] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_MANDLOCK|MS_NOATIME|MS_REC|MS_POSIXACL, "iocharset=iso8859-1,longad,gid=forget,uid=00000000000000000000,gid=00000000000000000000,umask=000000"...) = 0 [pid 5062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] chdir("./file0") = 0 [pid 5062] ioctl(4, LOOP_CLR_FD) = 0 [pid 5062] close(4) = 0 [ 60.560364][ T5062] loop0: detected capacity change from 0 to 2048 [ 60.578243][ T5062] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 60.590772][ T5062] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5062] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 5062] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5062] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5062] write(5, "\x69\x64\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x32\x2c\x75\x6e\x64\x65\x6c\x65\x74\x65\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5062] creat("./bus", 000) = 6 [pid 5062] lseek(6, 512, SEEK_SET) = 512 [pid 5062] open("./bus", O_RDONLY) = 7 [pid 5062] sendfile(6, 7, NULL, 122112) = 122112 [pid 5062] exit_group(0) = ? [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f96f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556101730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556101730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555560f96f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached , child_tidptr=0x5555560f8650) = 5063 [pid 5063] set_robust_list(0x5555560f8660, 24) = 0 [pid 5063] chdir("./2") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8888180000 [pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5063] munmap(0x7f8888180000, 138412032) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./file0", 0777) = 0 [pid 5063] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_MANDLOCK|MS_NOATIME|MS_REC|MS_POSIXACL, "iocharset=iso8859-1,longad,gid=forget,uid=00000000000000000000,gid=00000000000000000000,umask=000000"...) = 0 [pid 5063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] chdir("./file0") = 0 [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5063] close(4) = 0 [pid 5063] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 5063] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [ 61.031710][ T5063] loop0: detected capacity change from 0 to 2048 [ 61.059746][ T5063] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 61.072195][ T5063] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5063] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5063] write(5, "\x69\x64\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x32\x2c\x75\x6e\x64\x65\x6c\x65\x74\x65\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5063] creat("./bus", 000) = 6 [pid 5063] lseek(6, 512, SEEK_SET) = 512 [pid 5063] open("./bus", O_RDONLY) = 7 [pid 5063] sendfile(6, 7, NULL, 122112) = 122112 [pid 5063] exit_group(0) = ? [pid 5063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f96f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556101730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556101730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555560f96f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x5555560f8660, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555560f8650) = 5064 [pid 5064] <... set_robust_list resumed>) = 0 [pid 5064] chdir("./3") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8888180000 [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5064] munmap(0x7f8888180000, 138412032) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] close(3) = 0 [pid 5064] mkdir("./file0", 0777) = 0 [pid 5064] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_MANDLOCK|MS_NOATIME|MS_REC|MS_POSIXACL, "iocharset=iso8859-1,longad,gid=forget,uid=00000000000000000000,gid=00000000000000000000,umask=000000"...) = 0 [pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./file0") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(4) = 0 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 5064] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [ 61.551170][ T5064] loop0: detected capacity change from 0 to 2048 [ 61.562818][ T5064] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 61.574844][ T5064] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5064] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5064] write(5, "\x69\x64\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x32\x2c\x75\x6e\x64\x65\x6c\x65\x74\x65\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5064] creat("./bus", 000) = 6 [pid 5064] lseek(6, 512, SEEK_SET) = 512 [pid 5064] open("./bus", O_RDONLY) = 7 [pid 5064] sendfile(6, 7, NULL, 122112) = 122112 [pid 5064] exit_group(0) = ? [pid 5064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f96f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556101730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556101730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555560f96f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x5555560f8660, 24) = 0 [pid 5065] chdir("./4") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555560f8650) = 5065 [pid 5065] <... prctl resumed>) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8888180000 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5065] munmap(0x7f8888180000, 138412032) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file0", 0777) = 0 [pid 5065] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_MANDLOCK|MS_NOATIME|MS_REC|MS_POSIXACL, "iocharset=iso8859-1,longad,gid=forget,uid=00000000000000000000,gid=00000000000000000000,umask=000000"...) = 0 [pid 5065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file0") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [ 62.069240][ T5065] loop0: detected capacity change from 0 to 2048 [ 62.096128][ T5065] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 62.108268][ T5065] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5065] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5065] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5065] write(5, "\x69\x64\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x32\x2c\x75\x6e\x64\x65\x6c\x65\x74\x65\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 1048576 [pid 5065] creat("./bus", 000) = 6 [pid 5065] lseek(6, 512, SEEK_SET) = 512 [pid 5065] open("./bus", O_RDONLY) = 7 [pid 5065] sendfile(6, 7, NULL, 122112) = 122112 [pid 5065] exit_group(0) = ? [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560f96f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 62.319385][ T5059] ================================================================== [ 62.327591][ T5059] BUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2a0 [ 62.334561][ T5059] Read of size 1 at addr ffff888073268000 by task syz-executor409/5059 [ 62.342981][ T5059] [ 62.345352][ T5059] CPU: 0 PID: 5059 Comm: syz-executor409 Not tainted 6.6.0-syzkaller-16176-g1b907d050735 #0 [ 62.355781][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 62.366029][ T5059] Call Trace: [ 62.369311][ T5059] [ 62.372238][ T5059] dump_stack_lvl+0x1e7/0x2d0 [ 62.376936][ T5059] ? nf_tcp_handle_invalid+0x650/0x650 [ 62.382382][ T5059] ? panic+0x850/0x850 [ 62.386697][ T5059] ? _printk+0xd5/0x120 [ 62.390836][ T5059] print_report+0x163/0x540 [ 62.395400][ T5059] ? ktime_get_real_ts64+0x460/0x460 [ 62.401361][ T5059] ? __mutex_lock+0x2ee/0xd60 [ 62.406235][ T5059] ? time64_to_tm+0x331/0x4d0 [ 62.410932][ T5059] ? __virt_addr_valid+0x22f/0x2e0 [ 62.416233][ T5059] ? __phys_addr+0xba/0x170 [ 62.420943][ T5059] ? crc_itu_t+0x1d5/0x2a0 [ 62.425896][ T5059] kasan_report+0x142/0x170 [ 62.430508][ T5059] ? crc_itu_t+0x1d5/0x2a0 [ 62.434931][ T5059] crc_itu_t+0x1d5/0x2a0 [ 62.439175][ T5059] udf_sync_fs+0x1d2/0x380 [ 62.443673][ T5059] ? udf_put_super+0x160/0x160 [ 62.448578][ T5059] ? get_nr_dirty_inodes+0x1c7/0x210 [ 62.453889][ T5059] sync_filesystem+0xec/0x220 [ 62.458563][ T5059] generic_shutdown_super+0x72/0x2c0 [ 62.463957][ T5059] kill_block_super+0x44/0x90 [ 62.468620][ T5059] deactivate_locked_super+0xc1/0x130 [ 62.474073][ T5059] cleanup_mnt+0x426/0x4c0 [ 62.478567][ T5059] ? _raw_spin_unlock_irq+0x23/0x50 [ 62.483762][ T5059] task_work_run+0x24a/0x300 [ 62.488354][ T5059] ? task_work_cancel+0x2b0/0x2b0 [ 62.493456][ T5059] ? lockdep_hardirqs_on+0x98/0x140 [ 62.498734][ T5059] ? __x64_sys_umount+0x126/0x170 [ 62.503755][ T5059] ptrace_notify+0x2cd/0x380 [ 62.508340][ T5059] ? user_path_at_empty+0x4c/0x60 [ 62.513820][ T5059] ? do_notify_parent+0x10c0/0x10c0 [ 62.519057][ T5059] ? __x64_sys_umount+0x126/0x170 [ 62.524184][ T5059] ? path_umount+0xf40/0xf40 [ 62.528875][ T5059] ? syscall_enter_from_user_mode+0x32/0x230 [ 62.535048][ T5059] syscall_exit_to_user_mode+0x15c/0x280 [ 62.540830][ T5059] do_syscall_64+0x50/0x110 [ 62.545431][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 62.551412][ T5059] RIP: 0033:0x7f88905c0607 [ 62.555991][ T5059] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 62.575792][ T5059] RSP: 002b:00007fffd6ffd1d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 62.584371][ T5059] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f88905c0607 [ 62.592778][ T5059] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007fffd6ffd290 [ 62.600849][ T5059] RBP: 00007fffd6ffd290 R08: 0000000000000000 R09: 0000000000000000 [ 62.608811][ T5059] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fffd6ffe300 [ 62.616771][ T5059] R13: 00005555560f96c0 R14: 431bde82d7b634db R15: 00007fffd6ffe320 [ 62.624753][ T5059] [ 62.627759][ T5059] [ 62.630068][ T5059] The buggy address belongs to the physical page: [ 62.636463][ T5059] page:ffffea0001cc9a00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x73268 [ 62.646947][ T5059] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 62.654214][ T5059] page_type: 0xffffff7f(buddy) [ 62.658970][ T5059] raw: 00fff00000000000 ffffea0001d0c608 ffffea0001d0de08 0000000000000000 [ 62.667578][ T5059] raw: 0000000000000001 0000000000000003 00000000ffffff7f 0000000000000000 [ 62.676322][ T5059] page dumped because: kasan: bad access detected [ 62.682741][ T5059] page_owner tracks the page as freed [ 62.688121][ T5059] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 4988, tgid 4988 (sshd), ts 53236059378, free_ts 53287752885 [ 62.706186][ T5059] post_alloc_hook+0x1e6/0x210 [ 62.710955][ T5059] get_page_from_freelist+0x339a/0x3530 [ 62.716577][ T5059] __alloc_pages+0x255/0x670 [ 62.721164][ T5059] alloc_pages_mpol+0x3de/0x640 [ 62.726009][ T5059] vma_alloc_folio+0xf3/0x3f0 [ 62.730715][ T5059] handle_mm_fault+0x2379/0x6650 [ 62.735642][ T5059] exc_page_fault+0x455/0x860 [ 62.740313][ T5059] asm_exc_page_fault+0x26/0x30 [ 62.745167][ T5059] page last free stack trace: [ 62.750196][ T5059] free_unref_page_prepare+0x92a/0xa50 [ 62.755729][ T5059] free_unref_page_list+0x596/0x830 [ 62.761184][ T5059] release_pages+0x2113/0x23f0 [ 62.766045][ T5059] tlb_flush_mmu+0x34c/0x4e0 [ 62.770715][ T5059] tlb_finish_mmu+0xd4/0x1f0 [ 62.775294][ T5059] unmap_region+0x300/0x350 [ 62.779874][ T5059] do_vmi_align_munmap+0x121e/0x1850 [ 62.785151][ T5059] do_vmi_munmap+0x24d/0x2d0 [ 62.790019][ T5059] __vm_munmap+0x230/0x450 [ 62.794622][ T5059] __x64_sys_munmap+0x69/0x80 [ 62.799327][ T5059] do_syscall_64+0x44/0x110 [ 62.803973][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 62.810068][ T5059] [ 62.812392][ T5059] Memory state around the buggy address: [ 62.818169][ T5059] ffff888073267f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.826222][ T5059] ffff888073267f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.835063][ T5059] >ffff888073268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.843281][ T5059] ^ [ 62.847336][ T5059] ffff888073268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.855477][ T5059] ffff888073268100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.863528][ T5059] ================================================================== [ 62.871895][ T5059] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 62.879187][ T5059] CPU: 1 PID: 5059 Comm: syz-executor409 Not tainted 6.6.0-syzkaller-16176-g1b907d050735 #0 [ 62.889448][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 62.899498][ T5059] Call Trace: [ 62.902791][ T5059] [ 62.905710][ T5059] dump_stack_lvl+0x1e7/0x2d0 [ 62.910677][ T5059] ? nf_tcp_handle_invalid+0x650/0x650 [ 62.916126][ T5059] ? panic+0x850/0x850 [ 62.920204][ T5059] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 62.926174][ T5059] ? vscnprintf+0x5d/0x80 [ 62.930508][ T5059] panic+0x349/0x850 [ 62.934413][ T5059] ? check_panic_on_warn+0x21/0xa0 [ 62.939611][ T5059] ? __memcpy_flushcache+0x2b0/0x2b0 [ 62.944918][ T5059] ? _raw_spin_unlock_irqrestore+0x12c/0x140 [ 62.950892][ T5059] ? _raw_spin_unlock+0x40/0x40 [ 62.955731][ T5059] check_panic_on_warn+0x82/0xa0 [ 62.960661][ T5059] ? crc_itu_t+0x1d5/0x2a0 [ 62.965063][ T5059] end_report+0x6e/0x130 [ 62.969306][ T5059] kasan_report+0x153/0x170 [ 62.973797][ T5059] ? crc_itu_t+0x1d5/0x2a0 [ 62.978298][ T5059] crc_itu_t+0x1d5/0x2a0 [ 62.982634][ T5059] udf_sync_fs+0x1d2/0x380 [ 62.987052][ T5059] ? udf_put_super+0x160/0x160 [ 62.991827][ T5059] ? get_nr_dirty_inodes+0x1c7/0x210 [ 62.997265][ T5059] sync_filesystem+0xec/0x220 [ 63.002218][ T5059] generic_shutdown_super+0x72/0x2c0 [ 63.007620][ T5059] kill_block_super+0x44/0x90 [ 63.012311][ T5059] deactivate_locked_super+0xc1/0x130 [ 63.017814][ T5059] cleanup_mnt+0x426/0x4c0 [ 63.022321][ T5059] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.027510][ T5059] task_work_run+0x24a/0x300 [ 63.032146][ T5059] ? task_work_cancel+0x2b0/0x2b0 [ 63.040918][ T5059] ? lockdep_hardirqs_on+0x98/0x140 [ 63.046185][ T5059] ? __x64_sys_umount+0x126/0x170 [ 63.051292][ T5059] ptrace_notify+0x2cd/0x380 [ 63.055889][ T5059] ? user_path_at_empty+0x4c/0x60 [ 63.060997][ T5059] ? do_notify_parent+0x10c0/0x10c0 [ 63.066188][ T5059] ? __x64_sys_umount+0x126/0x170 [ 63.071290][ T5059] ? path_umount+0xf40/0xf40 [ 63.075908][ T5059] ? syscall_enter_from_user_mode+0x32/0x230 [ 63.081901][ T5059] syscall_exit_to_user_mode+0x15c/0x280 [ 63.087529][ T5059] do_syscall_64+0x50/0x110 [ 63.092020][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 63.097991][ T5059] RIP: 0033:0x7f88905c0607 [ 63.102394][ T5059] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 63.122255][ T5059] RSP: 002b:00007fffd6ffd1d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 63.130663][ T5059] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f88905c0607 [ 63.138672][ T5059] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007fffd6ffd290 [ 63.147015][ T5059] RBP: 00007fffd6ffd290 R08: 0000000000000000 R09: 0000000000000000 [ 63.155024][ T5059] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fffd6ffe300 [ 63.162985][ T5059] R13: 00005555560f96c0 R14: 431bde82d7b634db R15: 00007fffd6ffe320 [ 63.171138][ T5059] [ 63.174425][ T5059] Kernel Offset: disabled [ 63.178819][ T5059] Rebooting in 86400 seconds..