./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1973983520
<...>
Warning: Permanently added '10.128.0.179' (ED25519) to the list of known hosts.
execve("./syz-executor1973983520", ["./syz-executor1973983520"], 0x7fff6b7b9f30 /* 10 vars */) = 0
brk(NULL) = 0x555555e7c000
brk(0x555555e7cd40) = 0x555555e7cd40
arch_prctl(ARCH_SET_FS, 0x555555e7c3c0) = 0
set_tid_address(0x555555e7c690) = 288
set_robust_list(0x555555e7c6a0, 24) = 0
rseq(0x555555e7cce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1973983520", 4096) = 28
getrandom("\x0f\x18\xae\x4a\x72\xa9\xd9\x6a", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555e7cd40
brk(0x555555e9dd40) = 0x555555e9dd40
brk(0x555555e9e000) = 0x555555e9e000
mprotect(0x7fe638c36000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e7c690) = 289
./strace-static-x86_64: Process 289 attached
[pid 289] set_robust_list(0x555555e7c6a0, 24) = 0
[pid 289] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 289] setsid() = 1
[pid 289] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 289] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 289] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 289] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 289] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 289] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 289] unshare(CLONE_NEWNS) = 0
[pid 289] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 289] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument)
[pid 289] unshare(CLONE_NEWCGROUP) = 0
[pid 289] unshare(CLONE_NEWUTS) = 0
[pid 289] unshare(CLONE_SYSVSEM) = 0
[pid 289] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 289] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 289] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 289] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 289] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 289] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 289] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 289] getpid() = 1
[pid 289] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 289] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 289] unshare(CLONE_NEWNET) = 0
[pid 289] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 289] write(3, "0 65535", 7) = 7
[pid 289] close(3) = 0
[pid 289] mkdir("/dev/binderfs", 0777) = 0
[pid 289] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 289] symlink("/dev/binderfs", "./binderfs") = 0
[pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e7c690) = 2
./strace-static-x86_64: Process 290 attached
[pid 290] set_robust_list(0x555555e7c6a0, 24) = 0
[pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 290] setpgid(0, 0) = 0
[pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 290] write(3, "1000", 4) = 4
[pid 290] close(3) = 0
[pid 290] futex(0x7fe638c3c32c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 290] rt_sigaction(SIGRT_1, {sa_handler=0x7fe638bd8850, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe638bc9ed0}, NULL, 8) = 0
[pid 290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid 290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe638b53000
[pid 290] mprotect(0x7fe638b54000, 131072, PROT_READ|PROT_WRITE) = 0
[pid 290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[ 21.663051][ T24] audit: type=1400 audit(1692204704.000:66): avc: denied { execmem } for pid=288 comm="syz-executor197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 21.666970][ T24] audit: type=1400 audit(1692204704.010:67): avc: denied { mounton } for pid=289 comm="syz-executor197" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 21.670460][ T24] audit: type=1400 audit(1692204704.010:68): avc: denied { mount } for pid=289 comm="syz-executor197" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 21.673494][ T24] audit: type=1400 audit(1692204704.010:69): avc: denied { mounton } for pid=289 comm="syz-executor197" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 21.685565][ T24] audit: type=1400 audit(1692204704.020:70): avc: denied { mounton } for pid=289 comm="syz-executor197" path="/dev/binderfs" dev="devtmpfs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[pid 290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe638b73990, parent_tid=0x7fe638b73990, exit_signal=0, stack=0x7fe638b53000, stack_size=0x20300, tls=0x7fe638b736c0} => {parent_tid=[3]}, 88) = 3
[pid 290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 290] futex(0x7fe638c3c328, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 290] futex(0x7fe638c3c32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 291 attached
<unfinished ...>
[pid 291] set_robust_list(0x7fe638b739a0, 24) = 0
[pid 291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 291] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid 291] futex(0x7fe638c3c32c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 290] <... futex resumed>) = 0
[pid 290] futex(0x7fe638c3c328, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 290] futex(0x7fe638c3c32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 291] <... futex resumed>) = 1
[pid 291] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 4
[pid 291] futex(0x7fe638c3c32c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 290] <... futex resumed>) = 0
[pid 290] futex(0x7fe638c3c328, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 290] futex(0x7fe638c3c32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 291] <... futex resumed>) = 1
[pid 291] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address)
[pid 291] futex(0x7fe638c3c32c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 290] <... futex resumed>) = 0
[pid 290] futex(0x7fe638c3c328, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 290] futex(0x7fe638c3c32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 291] <... futex resumed>) = 1
[pid 291] getsockname(4, {sa_family=AF_NETLINK, nl_pid=2, nl_groups=00000000}, [110 => 12]) = 0
[pid 291] futex(0x7fe638c3c32c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid 290] <... futex resumed>) = 0
[pid 290] futex(0x7fe638c3c328, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid 290] futex(0x7fe638c3c32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid 291] <... futex resumed>) = 1
[pid 291] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x54\x00\x00\x00\x24\x00\x0b\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x0a\x00\x01\x00\x6e\x65\x74\x65\x6d\x00\x00\x00\x24\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x02\x00\x05\xf9\x00\x00", iov_len=84}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 <unfinished ...>
[pid 290] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out)
[pid 290] futex(0x7fe638c3c32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[ 21.708318][ T24] audit: type=1400 audit(1692204704.020:71): avc: denied { mount } for pid=289 comm="syz-executor197" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[pid 290] close(3) = 0
[pid 290] close(4) = 0
[pid 290] close(5) = -1 EBADF (Bad file descriptor)
[pid 290] close(6) = -1 EBADF (Bad file descriptor)
[pid 290] close(7) = -1 EBADF (Bad file descriptor)
[pid 290] close(8) = -1 EBADF (Bad file descriptor)
[pid 290] close(9) = -1 EBADF (Bad file descriptor)
[pid 290] close(10) = -1 EBADF (Bad file descriptor)
[pid 290] close(11) = -1 EBADF (Bad file descriptor)
[pid 290] close(12) = -1 EBADF (Bad file descriptor)
[ 121.706432][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[ 121.712875][ C0] rcu: 0-....: (9999 ticks this GP) idle=78e/1/0x4000000000000000 softirq=1156/1158 fqs=4843 last_accelerate: 92fa/ba0d dyntick_enabled: 1
[ 121.726994][ C0] (t=10002 jiffies g=33 q=2187)
[ 121.731763][ C0] NMI backtrace for cpu 0
[ 121.735929][ C0] CPU: 0 PID: 291 Comm: syz-executor197 Not tainted 5.10.187-syzkaller-00057-g8a427269c016 #0
[ 121.746050][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 121.755893][ C0] Call Trace:
[ 121.759012][ C0] <IRQ>
[ 121.761725][ C0] dump_stack_lvl+0x1e2/0x24b
[ 121.766223][ C0] ? panic+0x80b/0x80b
[ 121.770125][ C0] ? bfq_pos_tree_add_move+0x43b/0x43b
[ 121.775422][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 121.780714][ C0] ? vprintk_func+0x19d/0x1e0
[ 121.785225][ C0] ? _raw_spin_lock+0x1b0/0x1b0
[ 121.789914][ C0] ? printk+0xd1/0x111
[ 121.793822][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 121.799721][ C0] dump_stack+0x15/0x17
[ 121.803715][ C0] nmi_trigger_cpumask_backtrace+0x2b5/0x300
[ 121.809529][ C0] ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 121.815431][ C0] arch_trigger_cpumask_backtrace+0x10/0x20
[ 121.821162][ C0] rcu_dump_cpu_stacks+0x199/0x2b0
[ 121.826104][ C0] rcu_sched_clock_irq+0xf8a/0x1890
[ 121.831138][ C0] ? rcutree_dead_cpu+0x340/0x340
[ 121.836001][ C0] ? hrtimer_run_queues+0x15f/0x440
[ 121.841034][ C0] update_process_times+0x198/0x200
[ 121.846071][ C0] tick_sched_timer+0x188/0x240
[ 121.850754][ C0] ? tick_setup_sched_timer+0x480/0x480
[ 121.856133][ C0] __hrtimer_run_queues+0x3d7/0xa50
[ 121.861170][ C0] ? hrtimer_interrupt+0x8b0/0x8b0
[ 121.866133][ C0] ? clockevents_program_event+0x214/0x2c0
[ 121.871757][ C0] ? ktime_get_update_offsets_now+0x266/0x280
[ 121.877658][ C0] hrtimer_interrupt+0x39a/0x8b0
[ 121.882437][ C0] __sysvec_apic_timer_interrupt+0xfd/0x3c0
[ 121.888162][ C0] asm_call_irq_on_stack+0xf/0x20
[ 121.893020][ C0] </IRQ>
[ 121.895801][ C0] sysvec_apic_timer_interrupt+0x85/0xe0
[ 121.901267][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 121.907081][ C0] RIP: 0010:kvm_wait+0xfc/0x150
[ 121.911771][ C0] Code: 38 f0 75 26 41 f7 c7 00 02 00 00 75 0f 0f 1f 44 00 00 0f 00 2d e5 46 d5 03 f4 eb 0e 0f 1f 44 00 00 0f 00 2d d6 46 d5 03 fb f4 <4c> 89 7c 24 18 ff 74 24 18 9d 48 c7 44 24 20 0e 36 e0 45 49 c7 04
[ 121.931211][ C0] RSP: 0018:ffffc90000b16b00 EFLAGS: 00000246
[ 121.937114][ C0] RAX: 0000000000000003 RBX: 1ffff92000162d64 RCX: ffffffff8150a984
[ 121.944926][ C0] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffc90000b16b40
[ 121.952730][ C0] RBP: ffffc90000b16bb0 R08: dffffc0000000000 R09: fffffbfff0d9e02e
[ 121.960543][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 121.968353][ C0] R13: ffffffff86cf016c R14: 0000000000000003 R15: 0000000000000246
[ 121.976176][ C0] ? __pv_queued_spin_lock_slowpath+0x6d4/0xc70
[ 121.982247][ C0] ? asm_sysvec_call_function_single+0x12/0x20
[ 121.988232][ C0] ? kvm_arch_para_hints+0x30/0x30
[ 121.993180][ C0] ? __pv_queued_spin_lock_slowpath+0x6d4/0xc70
[ 121.999254][ C0] __pv_queued_spin_lock_slowpath+0x72f/0xc70
[ 122.005174][ C0] ? __pv_queued_spin_unlock_slowpath+0x280/0x280
[ 122.011422][ C0] _raw_spin_lock_bh+0x139/0x1b0
[ 122.016177][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 122.021214][ C0] ? kvmalloc_node+0x82/0x130
[ 122.025735][ C0] ? __kasan_check_read+0x11/0x20
[ 122.030607][ C0] get_dist_table+0x207/0x2e0
[ 122.035098][ C0] netem_change+0x974/0x1fb0
[ 122.039524][ C0] ? __x64_sys_sendmsg+0x7b/0x90
[ 122.044298][ C0] ? do_syscall_64+0x34/0x70
[ 122.048723][ C0] ? sched_clock+0x3a/0x40
[ 122.052974][ C0] ? sched_clock_cpu+0x1b/0x3b0
[ 122.057664][ C0] ? sched_clock+0x3a/0x40
[ 122.061920][ C0] ? netem_destroy+0xc0/0xc0
[ 122.066345][ C0] ? handle_fasteoi_nmi+0x390/0x390
[ 122.071377][ C0] ? __irq_exit_rcu+0x40/0x150
[ 122.075977][ C0] ? handle_fasteoi_nmi+0x390/0x390
[ 122.081012][ C0] ? irq_exit_rcu+0x9/0x10
[ 122.085265][ C0] ? hrtimer_init+0x33/0x160
[ 122.089691][ C0] netem_init+0x5b/0xb0
[ 122.093682][ C0] ? qdisc_peek_dequeued+0x230/0x230
[ 122.098807][ C0] qdisc_create+0x879/0x12d0
[ 122.103230][ C0] ? qdisc_notify+0x370/0x370
[ 122.107744][ C0] ? __nla_parse+0x43/0x60
[ 122.112004][ C0] tc_modify_qdisc+0x8a4/0x13f0
[ 122.116718][ C0] ? qdisc_offload_graft_helper+0x280/0x280
[ 122.122412][ C0] ? mutex_trylock+0xa0/0xa0
[ 122.126835][ C0] ? ns_capable+0x89/0xe0
[ 122.131004][ C0] ? netlink_net_capable+0x125/0x160
[ 122.136124][ C0] ? qdisc_offload_graft_helper+0x280/0x280
[ 122.141851][ C0] rtnetlink_rcv_msg+0x955/0xc50
[ 122.146624][ C0] ? __kasan_check_write+0x14/0x20
[ 122.151570][ C0] ? _raw_spin_lock+0x1b0/0x1b0
[ 122.156258][ C0] ? rtnetlink_bind+0x80/0x80
[ 122.160775][ C0] ? __kasan_check_write+0x14/0x20
[ 122.165725][ C0] ? avc_node_replace+0x1e0/0x310
[ 122.170585][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 122.176258][ C0] ? avc_update_node+0x2f8/0x710
[ 122.181009][ C0] ? avc_denied+0x13f/0x1b0
[ 122.185332][ C0] ? avc_has_perm+0x275/0x400
[ 122.189848][ C0] ? __kasan_slab_alloc+0xb1/0xe0
[ 122.194721][ C0] ? slab_post_alloc_hook+0x61/0x2f0
[ 122.199844][ C0] ? kmem_cache_alloc+0x168/0x2e0
[ 122.204694][ C0] ? avc_has_perm_noaudit+0x240/0x240
[ 122.209899][ C0] ? iov_iter_advance+0x258/0xb20
[ 122.214755][ C0] netlink_rcv_skb+0x1cf/0x410
[ 122.219375][ C0] ? rtnetlink_bind+0x80/0x80
[ 122.223889][ C0] ? netlink_ack+0xb30/0xb30
[ 122.228304][ C0] ? __netlink_lookup+0x37b/0x3a0
[ 122.233157][ C0] rtnetlink_rcv+0x1c/0x20
[ 122.237411][ C0] netlink_unicast+0x8df/0xac0
[ 122.242009][ C0] ? netlink_detachskb+0x90/0x90
[ 122.246781][ C0] ? security_netlink_send+0x7b/0xa0
[ 122.251901][ C0] netlink_sendmsg+0xa46/0xd00
[ 122.256502][ C0] ? netlink_getsockopt+0x5c0/0x5c0
[ 122.261538][ C0] ? security_socket_sendmsg+0x82/0xb0
[ 122.266828][ C0] ? netlink_getsockopt+0x5c0/0x5c0
[ 122.271864][ C0] ____sys_sendmsg+0x59e/0x8f0
[ 122.276464][ C0] ? __sys_sendmsg_sock+0x40/0x40
[ 122.281322][ C0] ? import_iovec+0xe5/0x120
[ 122.285763][ C0] ___sys_sendmsg+0x252/0x2e0
[ 122.290266][ C0] ? __sys_sendmsg+0x280/0x280
[ 122.294861][ C0] ? finish_task_switch+0x130/0x5a0
[ 122.299897][ C0] ? __schedule+0xbee/0x1330
[ 122.304322][ C0] ? __kasan_check_write+0x14/0x20
[ 122.309270][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0
[ 122.314217][ C0] ? __fdget+0x1bc/0x240
[ 122.318296][ C0] __se_sys_sendmsg+0x1b1/0x280
[ 122.322980][ C0] ? _raw_spin_unlock_irq+0x4e/0x70
[ 122.328018][ C0] ? __x64_sys_sendmsg+0x90/0x90
[ 122.332800][ C0] ? fpu__clear_all+0x20/0x20
[ 122.337303][ C0] __x64_sys_sendmsg+0x7b/0x90
[ 122.341907][ C0] do_syscall_64+0x34/0x70
[ 122.346153][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 122.351882][ C0] RIP: 0033:0x7fe638bb28b9
[ 122.356151][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 122.375608][ C0] RSP: 002b:00007fe638b73238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 122.383821][ C0] RAX: ffffffffffffffda RBX: 00007fe638c3c328 RCX: 00007fe638bb28b9
[ 122.391631][ C0] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[ 122.399443][ C0] RBP: 00007fe638c3c320 R08: 00000000ffffffff R09: 00007fe638b736c0
[ 122.407253][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe638c0918c
[ 122.415066][ C0] R13: 0000000000000002 R14: 00007fff3cc1f480 R15: 00007fff3cc1f568
[ 264.912885][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor197:291]
[ 264.921295][ C0] Modules linked in:
[ 264.925020][ C0] CPU: 0 PID: 291 Comm: syz-executor197 Not tainted 5.10.187-syzkaller-00057-g8a427269c016 #0
[ 264.935087][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 264.945054][ C0] RIP: 0010:kvm_wait+0xfc/0x150
[ 264.949668][ C0] Code: 38 f0 75 26 41 f7 c7 00 02 00 00 75 0f 0f 1f 44 00 00 0f 00 2d e5 46 d5 03 f4 eb 0e 0f 1f 44 00 00 0f 00 2d d6 46 d5 03 fb f4 <4c> 89 7c 24 18 ff 74 24 18 9d 48 c7 44 24 20 0e 36 e0 45 49 c7 04
[ 264.969721][ C0] RSP: 0018:ffffc90000b16b00 EFLAGS: 00000246
[ 264.975627][ C0] RAX: 0000000000000003 RBX: 1ffff92000162d64 RCX: ffffffff8150a984
[ 264.983429][ C0] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffc90000b16b40
[ 264.991239][ C0] RBP: ffffc90000b16bb0 R08: dffffc0000000000 R09: fffffbfff0d9e02e
[ 264.999051][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 265.006860][ C0] R13: ffffffff86cf016c R14: 0000000000000003 R15: 0000000000000246
[ 265.014694][ C0] FS: 00007fe638b736c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 265.023443][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 265.029861][ C0] CR2: 0000000000000000 CR3: 000000011eaf9000 CR4: 00000000003506b0
[ 265.037700][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 265.045485][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 265.053292][ C0] Call Trace:
[ 265.056424][ C0] <IRQ>
[ 265.059169][ C0] ? show_regs+0x58/0x60
[ 265.063202][ C0] ? watchdog_timer_fn+0x471/0x590
[ 265.068196][ C0] ? proc_watchdog_cpumask+0xd0/0xd0
[ 265.073298][ C0] ? __hrtimer_run_queues+0x3d7/0xa50
[ 265.078554][ C0] ? hrtimer_interrupt+0x8b0/0x8b0
[ 265.083526][ C0] ? clockevents_program_event+0x214/0x2c0
[ 265.089141][ C0] ? ktime_get_update_offsets_now+0x266/0x280
[ 265.095049][ C0] ? hrtimer_interrupt+0x39a/0x8b0
[ 265.100005][ C0] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0
[ 265.105933][ C0] ? asm_call_irq_on_stack+0xf/0x20
[ 265.110922][ C0] </IRQ>
[ 265.113747][ C0] ? sysvec_apic_timer_interrupt+0x85/0xe0
[ 265.119348][ C0] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 265.125378][ C0] ? __pv_queued_spin_lock_slowpath+0x6d4/0xc70
[ 265.131411][ C0] ? kvm_wait+0xfc/0x150
[ 265.135486][ C0] ? asm_sysvec_call_function_single+0x12/0x20
[ 265.141479][ C0] ? kvm_arch_para_hints+0x30/0x30
[ 265.146426][ C0] ? __pv_queued_spin_lock_slowpath+0x6d4/0xc70
[ 265.152505][ C0] __pv_queued_spin_lock_slowpath+0x72f/0xc70
[ 265.158418][ C0] ? __pv_queued_spin_unlock_slowpath+0x280/0x280
[ 265.164657][ C0] _raw_spin_lock_bh+0x139/0x1b0
[ 265.169428][ C0] ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 265.174534][ C0] ? kvmalloc_node+0x82/0x130
[ 265.179002][ C0] ? __kasan_check_read+0x11/0x20
[ 265.183854][ C0] get_dist_table+0x207/0x2e0
[ 265.188346][ C0] netem_change+0x974/0x1fb0
[ 265.192801][ C0] ? __x64_sys_sendmsg+0x7b/0x90
[ 265.197548][ C0] ? do_syscall_64+0x34/0x70
[ 265.201999][ C0] ? sched_clock+0x3a/0x40
[ 265.206243][ C0] ? sched_clock_cpu+0x1b/0x3b0
[ 265.210995][ C0] ? sched_clock+0x3a/0x40
[ 265.215256][ C0] ? netem_destroy+0xc0/0xc0
[ 265.219739][ C0] ? handle_fasteoi_nmi+0x390/0x390
[ 265.224747][ C0] ? __irq_exit_rcu+0x40/0x150
[ 265.229318][ C0] ? handle_fasteoi_nmi+0x390/0x390
[ 265.234344][ C0] ? irq_exit_rcu+0x9/0x10
[ 265.238621][ C0] ? hrtimer_init+0x33/0x160
[ 265.243022][ C0] netem_init+0x5b/0xb0
[ 265.247014][ C0] ? qdisc_peek_dequeued+0x230/0x230
[ 265.252170][ C0] qdisc_create+0x879/0x12d0
[ 265.256561][ C0] ? qdisc_notify+0x370/0x370
[ 265.261107][ C0] ? __nla_parse+0x43/0x60
[ 265.265326][ C0] tc_modify_qdisc+0x8a4/0x13f0
[ 265.270012][ C0] ? qdisc_offload_graft_helper+0x280/0x280
[ 265.275772][ C0] ? mutex_trylock+0xa0/0xa0
[ 265.280192][ C0] ? ns_capable+0x89/0xe0
[ 265.284355][ C0] ? netlink_net_capable+0x125/0x160
[ 265.289457][ C0] ? qdisc_offload_graft_helper+0x280/0x280
[ 265.295202][ C0] rtnetlink_rcv_msg+0x955/0xc50
[ 265.299961][ C0] ? __kasan_check_write+0x14/0x20
[ 265.304901][ C0] ? _raw_spin_lock+0x1b0/0x1b0
[ 265.309595][ C0] ? rtnetlink_bind+0x80/0x80
[ 265.314103][ C0] ? __kasan_check_write+0x14/0x20
[ 265.319205][ C0] ? avc_node_replace+0x1e0/0x310
[ 265.323997][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 265.329637][ C0] ? avc_update_node+0x2f8/0x710
[ 265.334410][ C0] ? avc_denied+0x13f/0x1b0
[ 265.338751][ C0] ? avc_has_perm+0x275/0x400
[ 265.343261][ C0] ? __kasan_slab_alloc+0xb1/0xe0
[ 265.348124][ C0] ? slab_post_alloc_hook+0x61/0x2f0
[ 265.353242][ C0] ? kmem_cache_alloc+0x168/0x2e0
[ 265.358108][ C0] ? avc_has_perm_noaudit+0x240/0x240
[ 265.363345][ C0] ? iov_iter_advance+0x258/0xb20
[ 265.368175][ C0] netlink_rcv_skb+0x1cf/0x410
[ 265.372774][ C0] ? rtnetlink_bind+0x80/0x80
[ 265.377286][ C0] ? netlink_ack+0xb30/0xb30
[ 265.381715][ C0] ? __netlink_lookup+0x37b/0x3a0
[ 265.386572][ C0] rtnetlink_rcv+0x1c/0x20
[ 265.390823][ C0] netlink_unicast+0x8df/0xac0
[ 265.395423][ C0] ? netlink_detachskb+0x90/0x90
[ 265.400236][ C0] ? security_netlink_send+0x7b/0xa0
[ 265.405320][ C0] netlink_sendmsg+0xa46/0xd00
[ 265.409920][ C0] ? netlink_getsockopt+0x5c0/0x5c0
[ 265.414957][ C0] ? security_socket_sendmsg+0x82/0xb0
[ 265.420251][ C0] ? netlink_getsockopt+0x5c0/0x5c0
[ 265.425283][ C0] ____sys_sendmsg+0x59e/0x8f0
[ 265.429883][ C0] ? __sys_sendmsg_sock+0x40/0x40
[ 265.434746][ C0] ? import_iovec+0xe5/0x120
[ 265.439171][ C0] ___sys_sendmsg+0x252/0x2e0
[ 265.443680][ C0] ? __sys_sendmsg+0x280/0x280
[ 265.448328][ C0] ? finish_task_switch+0x130/0x5a0
[ 265.453319][ C0] ? __schedule+0xbee/0x1330
[ 265.457744][ C0] ? __kasan_check_write+0x14/0x20
[ 265.462688][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0
[ 265.467677][ C0] ? __fdget+0x1bc/0x240
[ 265.471720][ C0] __se_sys_sendmsg+0x1b1/0x280
[ 265.476403][ C0] ? _raw_spin_unlock_irq+0x4e/0x70
[ 265.481443][ C0] ? __x64_sys_sendmsg+0x90/0x90
[ 265.486209][ C0] ? fpu__clear_all+0x20/0x20
[ 265.490724][ C0] __x64_sys_sendmsg+0x7b/0x90
[ 265.495321][ C0] do_syscall_64+0x34/0x70
[ 265.499577][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xc6
[ 265.505300][ C0] RIP: 0033:0x7fe638bb28b9
[ 265.509555][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 265.528996][ C0] RSP: 002b:00007fe638b73238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 265.537243][ C0] RAX: ffffffffffffffda RBX: 00007fe638c3c328 RCX: 00007fe638bb28b9
[ 265.545224][ C0] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[ 265.553034][ C0] RBP: 00007fe638c3c320 R08: 00000000ffffffff R09: 00007fe638b736c0
[ 265.560845][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe638c0918c
[ 265.568657][ C0] R13: 0000000000000002 R14: 00007fff3cc1f480 R15: 00007fff3cc1f568