./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3418051157

<...>
forked to background, child pid 3186
[   27.239578][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.251204][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: [   27.415256][ T3271] ssh-keygen (3271) used greatest stack depth: 22384 bytes left
OK

syzkaller
Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
execve("./syz-executor3418051157", ["./syz-executor3418051157"], 0x7ffc2aedcca0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556905000
brk(0x555556905c40)                     = 0x555556905c40
arch_prctl(ARCH_SET_FS, 0x555556905300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3418051157", 4096) = 28
brk(0x555556926c40)                     = 0x555556926c40
brk(0x555556927000)                     = 0x555556927000
mprotect(0x7f120fe48000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 3615
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "3615", 4)                     = 4
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3616 attached
, child_tidptr=0x5555569055d0) = 3616
[pid  3616] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3616] setsid()                    = 1
[pid  3616] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3616] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3616] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3616] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3616] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3616] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3616] unshare(CLONE_NEWNS)        = 0
[pid  3616] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3616] unshare(CLONE_NEWIPC)       = 0
[pid  3616] unshare(CLONE_NEWCGROUP)    = 0
[pid  3616] unshare(CLONE_NEWUTS)       = 0
[pid  3616] unshare(CLONE_SYSVSEM)      = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "16777216", 8)     = 8
[pid  3616] close(3)                    = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "536870912", 9)    = 9
[pid  3616] close(3)                    = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "1024", 4)         = 4
[pid  3616] close(3)                    = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "8192", 4)         = 4
[pid  3616] close(3)                    = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "1024", 4)         = 4
[pid  3616] close(3)                    = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "1024", 4)         = 4
[pid  3616] close(3)                    = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3616] close(3)                    = 0
[pid  3616] getpid()                    = 1
[pid  3616] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3616] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3616] unshare(CLONE_NEWNET)       = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "0 65535", 7)      = 7
[pid  3616] close(3)                    = 0
[pid  3616] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  3616] dup2(3, 200)                = 200
[pid  3616] close(3)                    = 0
[pid  3616] ioctl(200, TUNSETIFF, 0x7ffd39f61070) = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "0", 1)            = 1
[pid  3616] close(3)                    = 0
[pid  3616] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  3616] write(3, "0", 1)            = 1
[pid  3616] close(3)                    = 0
[pid  3616] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  3616] access("/proc/net", R_OK)   = 0
[pid  3616] access("/proc/net/unix", R_OK) = 0
[pid  3616] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3616] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3616] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3616] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3616] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3616] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] close(3)                    = 0
[pid  3616] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  3616] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  3616] close(3)                    = 0
[pid  3616] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  3616] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  3616] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x28\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x19\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3616] recvfrom(3, [{nlmsg_len=2476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x40\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3616] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3616] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3616] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=12}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3616] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3616] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3616] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3616] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3616] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=13}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0d\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3616] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3616] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3616] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0d\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3616] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
syzkaller login: [   45.139011][    T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   45.147417][    T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   45.167927][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  3616] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3616] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=12}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3616] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3616] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3616] close(4)                    = 0
[pid  3616] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3616] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=13}) = 0
[pid  3616] close(4)                    = 0
[pid  3616] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3616] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3616] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0d\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3616] close(4)                    = 0
[pid  3616] close(3)                    = 0
[pid  3616] mkdir("/dev/binderfs", 0777) = 0
[pid  3616] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3616] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3616] openat(AT_FDCWD, "/dev/udmabuf", O_RDWR) = 3
[pid  3616] memfd_create("\x79\x10\x35\x25\xfa\x2c\x1f\x99\xa2\xc9\x8e\xcd\xfc\xfa\xf6\x12\x95\x5e\xdf\x54\xe2\x3d\x0e\x7e\x46\xcd\x73", MFD_ALLOW_SEALING) = 4
[pid  3616] ftruncate(4, 65535)         = 0
[pid  3616] fcntl(4, F_ADD_SEALS, F_SEAL_SEAL|F_SEAL_SHRINK|F_SEAL_GROW) = 0
[pid  3616] dup(3)                      = 5
[pid  3616] ioctl(5, UDMABUF_CREATE, 0x20000080) = 6
[pid  3616] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7
[pid  3616] write(7, "4", 1)            = 1
[pid  3616] ioctl(6, DMA_BUF_IOCTL_SYNC, 0x20000280) = -1 ENOMEM (Cannot allocate memory)
[pid  3616] exit_group(1)               = ?
[   45.185846][    T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   45.194654][    T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   45.204328][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   45.268333][ T3616] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   45.280157][ T3616] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   45.288561][ T3616] CPU: 1 PID: 3616 Comm: syz-executor341 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
[   45.298814][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   45.308875][ T3616] RIP: 0010:release_udmabuf+0xcb/0x4f0
[   45.314359][ T3616] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 04 00 00 48 8d 7d 0c 4c 8b 63 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e2
[   45.333975][ T3616] RSP: 0018:ffffc9000373fc58 EFLAGS: 00010246
[   45.340128][ T3616] RAX: dffffc0000000000 RBX: ffffffff8cb67800 RCX: 0000000000000000
[   45.348097][ T3616] RDX: 0000000000000000 RSI: ffffffff84ad27e0 RDI: 0000000000000000
[   45.356069][ T3616] RBP: fffffffffffffff4 R08: 0000000000000005 R09: 0000000000000000
[   45.364038][ T3616] R10: 0000000000000000 R11: 000000000008c07c R12: ffff8881472aa000
[   45.372007][ T3616] R13: ffff8880740d3230 R14: ffff88807cb7d700 R15: 0000000000000000
[   45.379996][ T3616] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[   45.388926][ T3616] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.395509][ T3616] CR2: 00007f120fe4f000 CR3: 0000000070f16000 CR4: 00000000003506e0
[   45.403479][ T3616] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   45.411446][ T3616] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   45.419499][ T3616] Call Trace:
[   45.422774][ T3616]  <TASK>
[   45.425707][ T3616]  dma_buf_release+0x157/0x2d0
[   45.430478][ T3616]  ? dmabuffs_dname+0x240/0x240
[   45.435337][ T3616]  __dentry_kill+0x42b/0x640
[   45.439943][ T3616]  ? dput+0x35/0xdb0
[   45.443850][ T3616]  ? dput+0x35/0xdb0
[   45.447753][ T3616]  dput+0x806/0xdb0
[   45.451574][ T3616]  __fput+0x39c/0x9d0
[   45.455570][ T3616]  task_work_run+0xdd/0x1a0
[   45.460098][ T3616]  do_exit+0xad5/0x29b0
[   45.464275][ T3616]  ? mm_update_next_owner+0x7a0/0x7a0
[   45.469690][ T3616]  ? _raw_spin_unlock_irq+0x1f/0x40
[   45.474914][ T3616]  ? _raw_spin_unlock_irq+0x1f/0x40
[   45.480254][ T3616]  do_group_exit+0xd2/0x2f0
[   45.484780][ T3616]  __x64_sys_exit_group+0x3a/0x50
[   45.489822][ T3616]  do_syscall_64+0x35/0xb0
[   45.494260][ T3616]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   45.500178][ T3616] RIP: 0033:0x7f120fdda5f9
[   45.504598][ T3616] Code: Unable to access opcode bytes at RIP 0x7f120fdda5cf.
[   45.511956][ T3616] RSP: 002b:00007ffd39f60f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   45.520368][ T3616] RAX: ffffffffffffffda RBX: 00007f120fe4e410 RCX: 00007f120fdda5f9
[   45.528339][ T3616] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   45.536307][ T3616] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000003
[   45.544275][ T3616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f120fe4e410
[   45.552264][ T3616] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   45.560240][ T3616]  </TASK>
[   45.563274][ T3616] Modules linked in:
[   45.567721][ T3616] ---[ end trace 0000000000000000 ]---
[   45.573220][ T3616] RIP: 0010:release_udmabuf+0xcb/0x4f0
[   45.579276][ T3616] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 04 00 00 48 8d 7d 0c 4c 8b 63 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e2
[   45.599384][ T3616] RSP: 0018:ffffc9000373fc58 EFLAGS: 00010246
[   45.605491][ T3616] RAX: dffffc0000000000 RBX: ffffffff8cb67800 RCX: 0000000000000000
[   45.614903][ T3616] RDX: 0000000000000000 RSI: ffffffff84ad27e0 RDI: 0000000000000000
[   45.623392][ T3616] RBP: fffffffffffffff4 R08: 0000000000000005 R09: 0000000000000000
[   45.631481][ T3616] R10: 0000000000000000 R11: 000000000008c07c R12: ffff8881472aa000
[   45.639507][ T3616] R13: ffff8880740d3230 R14: ffff88807cb7d700 R15: 0000000000000000
[   45.647507][ T3616] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[   45.656472][ T3616] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.663075][ T3616] CR2: 00007f120fe4f000 CR3: 000000000bc8e000 CR4: 00000000003506e0
[   45.671100][ T3616] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   45.679368][ T3616] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   45.687530][ T3616] Kernel panic - not syncing: Fatal exception
[   45.693658][ T3616] Kernel Offset: disabled
[   45.697978][ T3616] Rebooting in 86400 seconds..