./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3568183482 <...> Warning: Permanently added '10.128.1.101' (ED25519) to the list of known hosts. execve("./syz-executor3568183482", ["./syz-executor3568183482"], 0x7ffcb2789920 /* 10 vars */) = 0 brk(NULL) = 0x555583f32000 brk(0x555583f32d00) = 0x555583f32d00 arch_prctl(ARCH_SET_FS, 0x555583f32380) = 0 set_tid_address(0x555583f32650) = 297 set_robust_list(0x555583f32660, 24) = 0 rseq(0x555583f32ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3568183482", 4096) = 28 getrandom("\xcd\xf9\x24\x10\x05\x9f\xae\x4e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555583f32d00 brk(0x555583f53d00) = 0x555583f53d00 brk(0x555583f54000) = 0x555583f54000 mprotect(0x7fc03f0ae000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 298 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x555583f32660, 24) = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] write(1, "executing program\n", 18executing program ) = 18 [pid 298] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [ 28.940269][ T36] audit: type=1400 audit(1754120260.700:64): avc: denied { execmem } for pid=297 comm="syz-executor356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 28.948192][ T298] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [pid 298] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 298] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 298] exit_group(0) = ? [ 28.960119][ T36] audit: type=1400 audit(1754120260.700:65): avc: denied { append } for pid=298 comm="syz-executor356" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 29.000426][ T36] audit: type=1400 audit(1754120260.700:66): avc: denied { open } for pid=298 comm="syz-executor356" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 29.023706][ T36] audit: type=1400 audit(1754120260.710:67): avc: denied { ioctl } for pid=298 comm="syz-executor356" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [pid 298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 300 attached , child_tidptr=0x555583f32650) = 300 [pid 300] set_robust_list(0x555583f32660, 24) = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 executing program [pid 300] write(1, "executing program\n", 18) = 18 [pid 300] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 300] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 300] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555583f32660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555583f32650) = 301 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 executing program [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 301] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 301] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 301] exit_group(0) = ? [pid 301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 302 attached , child_tidptr=0x555583f32650) = 302 [pid 302] set_robust_list(0x555583f32660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] write(1, "executing program\n", 18) = 18 executing program [pid 302] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 302] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 302] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 302] exit_group(0) = ? [pid 302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 303 attached , child_tidptr=0x555583f32650) = 303 [pid 303] set_robust_list(0x555583f32660, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 303] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 303] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 303] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 303] exit_group(0) = ? [pid 303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555583f32660, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 executing program [pid 304] write(1, "executing program\n", 18) = 18 [pid 304] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 304] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 304] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 304] exit_group(0) = ? [pid 304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555583f32660, 24) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 executing program [pid 305] write(1, "executing program\n", 18) = 18 [pid 305] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 305] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 305] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 305] exit_group(0) = ? [ 29.488471][ T305] ------------[ cut here ]------------ [ 29.494002][ T305] WARNING: CPU: 1 PID: 305 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 29.503822][ T305] Modules linked in: [ 29.507806][ T305] CPU: 1 UID: 0 PID: 305 Comm: syz-executor356 Not tainted 6.12.38-syzkaller-gbf0fb8bb181b #0 d02c7cfa86e34ad1734bbfdc1f5f1c3ce9be47fc [ 29.521686][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 29.531836][ T305] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 29.537814][ T305] Code: 00 48 8b 5d a0 74 08 48 89 df e8 42 45 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 29.557573][ T305] RSP: 0018:ffffc900011afaa8 EFLAGS: 00010202 [ 29.563809][ T305] RAX: 1ffffd1ffff80df2 RBX: ffffc900012018e8 RCX: ffffffff816daf99 [ 29.571845][ T305] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc06f90 [ 29.579873][ T305] RBP: ffffc900011afb10 R08: ffffe8ffffc06f97 R09: 1ffffd1ffff80df2 [ 29.587924][ T305] R10: dffffc0000000000 R11: fffff91ffff80df3 R12: dffffc0000000000 [ 29.595929][ T305] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc06f90 [ 29.603998][ T305] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 29.613059][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.619725][ T305] CR2: 0000555583f32650 CR3: 0000000131c82000 CR4: 00000000003526b0 [ 29.627784][ T305] Call Trace: [ 29.631096][ T305] [ 29.634047][ T305] kvm_put_kvm+0x1100/0x12b0 [ 29.638722][ T305] ? __cfi_kvm_vm_release+0x10/0x10 [ 29.644055][ T305] kvm_vm_release+0x47/0x70 [ 29.648644][ T305] __fput+0x1fb/0xa00 [ 29.652658][ T305] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 29.658267][ T305] ____fput+0x20/0x30 [ 29.662286][ T305] task_work_run+0x1e0/0x250 [ 29.666888][ T305] ? __cfi_task_work_run+0x10/0x10 [ 29.672059][ T305] ? __kasan_check_write+0x18/0x20 [ 29.677212][ T305] do_exit+0x9bc/0x2630 [ 29.681464][ T305] ? __cfi_do_exit+0x10/0x10 [ 29.686087][ T305] ? __kasan_check_write+0x18/0x20 [ 29.691245][ T305] ? _raw_spin_lock_irq+0x8d/0x120 [ 29.696388][ T305] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 29.702088][ T305] ? zap_other_threads+0x334/0x370 [ 29.707240][ T305] do_group_exit+0x22a/0x300 [ 29.711885][ T305] __x64_sys_exit_group+0x43/0x50 [ 29.716957][ T305] x64_sys_call+0x2ed2/0x2ee0 [ 29.721799][ T305] do_syscall_64+0x58/0xf0 [ 29.726253][ T305] ? clear_bhb_loop+0x50/0xa0 [ 29.731012][ T305] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 29.736955][ T305] RIP: 0033:0x7fc03f039b89 [ 29.741427][ T305] Code: Unable to access opcode bytes at 0x7fc03f039b5f. [ 29.748515][ T305] RSP: 002b:00007ffc45d1a948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 29.756949][ T305] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc03f039b89 [ 29.765162][ T305] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 29.773329][ T305] RBP: 00007fc03f0b42b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 29.781390][ T305] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fc03f0b42b0 [pid 305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555583f32660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555583f32650) = 306 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 executing program [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 306] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 306] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 306] exit_group(0) = ? [ 29.789418][ T305] R13: 0000000000000000 R14: 00007fc03f0b4d00 R15: 00007fc03f00ade0 [ 29.797420][ T305] [ 29.800495][ T305] ---[ end trace 0000000000000000 ]--- [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 307 ./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x555583f32660, 24) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 executing program [pid 307] write(1, "executing program\n", 18) = 18 [pid 307] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 307] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 307] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 307] exit_group(0) = ? [pid 307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 308 attached , child_tidptr=0x555583f32650) = 308 [pid 308] set_robust_list(0x555583f32660, 24) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 executing program [pid 308] write(1, "executing program\n", 18) = 18 [pid 308] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 308] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 308] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 308] exit_group(0) = ? [pid 308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555583f32660, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 [pid 309] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 309] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 309] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 309] exit_group(0) = ? [pid 309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 310 attached , child_tidptr=0x555583f32650) = 310 [pid 310] set_robust_list(0x555583f32660, 24) = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] write(1, "executing program\n", 18executing program ) = 18 [pid 310] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 310] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 310] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 310] exit_group(0) = ? [ 30.108041][ T310] ------------[ cut here ]------------ [ 30.113543][ T310] WARNING: CPU: 0 PID: 310 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 30.123558][ T310] Modules linked in: [ 30.127485][ T310] CPU: 0 UID: 0 PID: 310 Comm: syz-executor356 Tainted: G W 6.12.38-syzkaller-gbf0fb8bb181b #0 d02c7cfa86e34ad1734bbfdc1f5f1c3ce9be47fc [ 30.143247][ T310] Tainted: [W]=WARN [ 30.147079][ T310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 30.157289][ T310] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 30.163351][ T310] Code: 00 48 8b 5d a0 74 08 48 89 df e8 42 45 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 30.183133][ T310] RSP: 0018:ffffc9000113faa8 EFLAGS: 00010202 [ 30.189263][ T310] RAX: 1ffffd1ffff80e22 RBX: ffffc900012388e8 RCX: ffffffff816daf99 [ 30.197268][ T310] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07110 [ 30.205397][ T310] RBP: ffffc9000113fb10 R08: ffffe8ffffc07117 R09: 1ffffd1ffff80e22 [ 30.213430][ T310] R10: dffffc0000000000 R11: fffff91ffff80e23 R12: dffffc0000000000 [ 30.221516][ T310] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07110 [ 30.229641][ T310] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 30.238652][ T310] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.245264][ T310] CR2: 00007fc03f0b5110 CR3: 0000000131c82000 CR4: 00000000003526b0 [ 30.253299][ T310] Call Trace: [ 30.256600][ T310] [ 30.259579][ T310] kvm_put_kvm+0x1100/0x12b0 [ 30.264215][ T310] ? __cfi_kvm_vm_release+0x10/0x10 [ 30.269492][ T310] kvm_vm_release+0x47/0x70 [ 30.274046][ T310] __fput+0x1fb/0xa00 [ 30.278081][ T310] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 30.283659][ T310] ____fput+0x20/0x30 [ 30.287654][ T310] task_work_run+0x1e0/0x250 [ 30.292296][ T310] ? __cfi_task_work_run+0x10/0x10 [ 30.297435][ T310] ? __kasan_check_write+0x18/0x20 [ 30.302620][ T310] do_exit+0x9bc/0x2630 [ 30.306814][ T310] ? __cfi_do_exit+0x10/0x10 [ 30.311455][ T310] ? __kasan_check_write+0x18/0x20 [ 30.316609][ T310] ? _raw_spin_lock_irq+0x8d/0x120 [ 30.321796][ T310] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 30.327387][ T310] ? zap_other_threads+0x334/0x370 [ 30.332572][ T310] do_group_exit+0x22a/0x300 [ 30.337189][ T310] __x64_sys_exit_group+0x43/0x50 [ 30.342275][ T310] x64_sys_call+0x2ed2/0x2ee0 [ 30.347064][ T310] do_syscall_64+0x58/0xf0 [ 30.351537][ T310] ? clear_bhb_loop+0x50/0xa0 [ 30.356279][ T310] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 30.362259][ T310] RIP: 0033:0x7fc03f039b89 [ 30.366697][ T310] Code: Unable to access opcode bytes at 0x7fc03f039b5f. [ 30.373754][ T310] RSP: 002b:00007ffc45d1a948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.382256][ T310] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc03f039b89 [ 30.390293][ T310] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 30.398349][ T310] RBP: 00007fc03f0b42b0 R08: ffffffffffffffb8 R09: 0000000000000006 [pid 310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 311 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x555583f32660, 24) = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] write(1, "executing program\n", 18executing program ) = 18 [pid 311] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 311] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 311] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 311] exit_group(0) = ? [ 30.406342][ T310] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fc03f0b42b0 [ 30.414363][ T310] R13: 0000000000000000 R14: 00007fc03f0b4d00 R15: 00007fc03f00ade0 [ 30.422407][ T310] [ 30.425445][ T310] ---[ end trace 0000000000000000 ]--- [pid 311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 312 ./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x555583f32660, 24) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 executing program [pid 312] write(1, "executing program\n", 18) = 18 [pid 312] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 312] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 312] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 312] exit_group(0) = ? [pid 312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 313 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x555583f32660, 24) = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 executing program [pid 313] write(1, "executing program\n", 18) = 18 [pid 313] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 313] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 313] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 313] exit_group(0) = ? [pid 313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 314 attached , child_tidptr=0x555583f32650) = 314 [pid 314] set_robust_list(0x555583f32660, 24) = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4executing program ) = 4 [pid 314] close(3) = 0 [pid 314] write(1, "executing program\n", 18) = 18 [pid 314] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 314] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 314] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 314] exit_group(0) = ? [pid 314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555583f32660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555583f32650) = 315 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 executing program [pid 315] write(1, "executing program\n", 18) = 18 [pid 315] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 315] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 315] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 315] exit_group(0) = ? [pid 315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 316 attached , child_tidptr=0x555583f32650) = 316 [pid 316] set_robust_list(0x555583f32660, 24) = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] setpgid(0, 0) = 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 executing program [pid 316] write(1, "executing program\n", 18) = 18 [pid 316] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 316] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 316] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 316] exit_group(0) = ? [pid 316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x555583f32660, 24) = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... clone resumed>, child_tidptr=0x555583f32650) = 317 [pid 317] <... prctl resumed>) = 0 [pid 317] setpgid(0, 0) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 317] close(3) = 0 executing program [pid 317] write(1, "executing program\n", 18) = 18 [pid 317] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 317] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 317] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 317] exit_group(0) = ? [pid 317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 318 ./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x555583f32660, 24) = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] write(1, "executing program\n", 18) = 18 [pid 318] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 318] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 318] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 318] exit_group(0) = ? [pid 318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 319 attached , child_tidptr=0x555583f32650) = 319 [pid 319] set_robust_list(0x555583f32660, 24) = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 executing program [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 319] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 319] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 319] exit_group(0) = ? [pid 319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555583f32660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555583f32650) = 320 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] write(1, "executing program\n", 18executing program ) = 18 [pid 320] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 320] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 320] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 320] exit_group(0) = ? [pid 320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 321 attached , child_tidptr=0x555583f32650) = 321 [pid 321] set_robust_list(0x555583f32660, 24) = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 321] setpgid(0, 0) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4) = 4 [pid 321] close(3) = 0 executing program [pid 321] write(1, "executing program\n", 18) = 18 [pid 321] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 321] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 321] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 321] exit_group(0) = ? [ 31.098521][ T321] ------------[ cut here ]------------ [ 31.104035][ T321] WARNING: CPU: 1 PID: 321 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 31.113843][ T321] Modules linked in: [ 31.117799][ T321] CPU: 1 UID: 0 PID: 321 Comm: syz-executor356 Tainted: G W 6.12.38-syzkaller-gbf0fb8bb181b #0 d02c7cfa86e34ad1734bbfdc1f5f1c3ce9be47fc [ 31.133148][ T321] Tainted: [W]=WARN [ 31.136966][ T321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 31.147080][ T321] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 31.153056][ T321] Code: 00 48 8b 5d a0 74 08 48 89 df e8 42 45 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 31.172793][ T321] RSP: 0018:ffffc9000128faa8 EFLAGS: 00010202 [ 31.178935][ T321] RAX: 1ffffd1ffff80e52 RBX: ffffc900012bb8e8 RCX: ffffffff816daf99 [ 31.186925][ T321] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07290 [ 31.195153][ T321] RBP: ffffc9000128fb10 R08: ffffe8ffffc07297 R09: 1ffffd1ffff80e52 [ 31.204909][ T321] R10: dffffc0000000000 R11: fffff91ffff80e53 R12: dffffc0000000000 [ 31.213150][ T321] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07290 [ 31.221179][ T321] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 31.230177][ T321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.236788][ T321] CR2: 00007fc03f0b5110 CR3: 0000000131c82000 CR4: 00000000003526b0 [ 31.244915][ T321] Call Trace: [ 31.248252][ T321] [ 31.251210][ T321] kvm_put_kvm+0x1100/0x12b0 [ 31.255819][ T321] ? __cfi_kvm_vm_release+0x10/0x10 [ 31.261087][ T321] kvm_vm_release+0x47/0x70 [ 31.265622][ T321] __fput+0x1fb/0xa00 [ 31.269653][ T321] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 31.275263][ T321] ____fput+0x20/0x30 [ 31.279294][ T321] task_work_run+0x1e0/0x250 [ 31.284000][ T321] ? __cfi_task_work_run+0x10/0x10 [ 31.289192][ T321] ? __kasan_check_write+0x18/0x20 [ 31.294349][ T321] do_exit+0x9bc/0x2630 [ 31.298546][ T321] ? __cfi_do_exit+0x10/0x10 [ 31.303161][ T321] ? __kasan_check_write+0x18/0x20 [ 31.308316][ T321] ? _raw_spin_lock_irq+0x8d/0x120 [ 31.313461][ T321] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 31.319084][ T321] ? zap_other_threads+0x334/0x370 [ 31.324305][ T321] do_group_exit+0x22a/0x300 [ 31.328934][ T321] __x64_sys_exit_group+0x43/0x50 [ 31.333996][ T321] x64_sys_call+0x2ed2/0x2ee0 [ 31.338719][ T321] do_syscall_64+0x58/0xf0 [ 31.343218][ T321] ? clear_bhb_loop+0x50/0xa0 [ 31.347971][ T321] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.354005][ T321] RIP: 0033:0x7fc03f039b89 [ 31.358484][ T321] Code: Unable to access opcode bytes at 0x7fc03f039b5f. [ 31.365515][ T321] RSP: 002b:00007ffc45d1a948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.374018][ T321] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc03f039b89 [ 31.382144][ T321] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 31.390218][ T321] RBP: 00007fc03f0b42b0 R08: ffffffffffffffb8 R09: 0000000000000006 [pid 321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555583f32660, 24) = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] write(1, "executing program\n", 18executing program ) = 18 [pid 322] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 322] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 322] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 322] exit_group(0) = ? [ 31.398370][ T321] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fc03f0b42b0 [ 31.406461][ T321] R13: 0000000000000000 R14: 00007fc03f0b4d00 R15: 00007fc03f00ade0 [ 31.414495][ T321] [ 31.417532][ T321] ---[ end trace 0000000000000000 ]--- [ 31.458452][ T322] ------------[ cut here ]------------ [ 31.463943][ T322] WARNING: CPU: 1 PID: 322 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 31.473772][ T322] Modules linked in: [ 31.477712][ T322] CPU: 1 UID: 0 PID: 322 Comm: syz-executor356 Tainted: G W 6.12.38-syzkaller-gbf0fb8bb181b #0 d02c7cfa86e34ad1734bbfdc1f5f1c3ce9be47fc [ 31.493306][ T322] Tainted: [W]=WARN [ 31.497156][ T322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 31.507267][ T322] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 31.513230][ T322] Code: 00 48 8b 5d a0 74 08 48 89 df e8 42 45 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 31.532901][ T322] RSP: 0018:ffffc9000113faa8 EFLAGS: 00010202 [ 31.539052][ T322] RAX: 1ffffd1ffff80e82 RBX: ffffc900012c68e8 RCX: ffffffff816daf99 [ 31.547039][ T322] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07410 [ 31.555107][ T322] RBP: ffffc9000113fb10 R08: ffffe8ffffc07417 R09: 1ffffd1ffff80e82 [ 31.563154][ T322] R10: dffffc0000000000 R11: fffff91ffff80e83 R12: dffffc0000000000 [ 31.571197][ T322] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07410 [ 31.579236][ T322] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 31.588231][ T322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.594860][ T322] CR2: 00007fc03f0b20d0 CR3: 000000011ffc0000 CR4: 00000000003526b0 [ 31.602929][ T322] Call Trace: [ 31.606254][ T322] [ 31.609237][ T322] kvm_put_kvm+0x1100/0x12b0 [ 31.613874][ T322] ? __cfi_kvm_vm_release+0x10/0x10 [ 31.619163][ T322] kvm_vm_release+0x47/0x70 [ 31.623709][ T322] __fput+0x1fb/0xa00 [ 31.627722][ T322] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 31.633407][ T322] ____fput+0x20/0x30 [ 31.637410][ T322] task_work_run+0x1e0/0x250 [ 31.642447][ T322] ? __cfi_task_work_run+0x10/0x10 [ 31.647594][ T322] ? __kasan_check_write+0x18/0x20 [ 31.652760][ T322] do_exit+0x9bc/0x2630 [ 31.656975][ T322] ? __cfi_do_exit+0x10/0x10 [ 31.662594][ T322] ? __kasan_check_write+0x18/0x20 [ 31.668062][ T322] ? _raw_spin_lock_irq+0x8d/0x120 [ 31.673400][ T322] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 31.679589][ T322] ? zap_other_threads+0x334/0x370 [ 31.685933][ T322] do_group_exit+0x22a/0x300 [ 31.690736][ T322] __x64_sys_exit_group+0x43/0x50 [ 31.695807][ T322] x64_sys_call+0x2ed2/0x2ee0 [ 31.700571][ T322] do_syscall_64+0x58/0xf0 [ 31.705029][ T322] ? clear_bhb_loop+0x50/0xa0 [ 31.709803][ T322] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.715727][ T322] RIP: 0033:0x7fc03f039b89 [ 31.720230][ T322] Code: Unable to access opcode bytes at 0x7fc03f039b5f. [ 31.727278][ T322] RSP: 002b:00007ffc45d1a948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.735738][ T322] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc03f039b89 [ 31.743761][ T322] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 31.751787][ T322] RBP: 00007fc03f0b42b0 R08: ffffffffffffffb8 R09: 0000000000000006 [pid 322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 323 ./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x555583f32660, 24) = 0 [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 323] setpgid(0, 0) = 0 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 323] write(3, "1000", 4) = 4 [pid 323] close(3) = 0 executing program [pid 323] write(1, "executing program\n", 18) = 18 [pid 323] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 323] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 323] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 323] exit_group(0) = ? [ 31.759899][ T322] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fc03f0b42b0 [ 31.767913][ T322] R13: 0000000000000000 R14: 00007fc03f0b4d00 R15: 00007fc03f00ade0 [ 31.775920][ T322] [ 31.779634][ T322] ---[ end trace 0000000000000000 ]--- [pid 323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 324 attached , child_tidptr=0x555583f32650) = 324 [pid 324] set_robust_list(0x555583f32660, 24) = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 executing program [pid 324] close(3) = 0 [pid 324] write(1, "executing program\n", 18) = 18 [pid 324] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 324] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 324] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 324] exit_group(0) = ? [pid 324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555583f32660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555583f32650) = 325 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] write(1, "executing program\n", 18executing program ) = 18 [pid 325] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 325] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 325] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 325] exit_group(0) = ? [pid 325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 326 attached , child_tidptr=0x555583f32650) = 326 [pid 326] set_robust_list(0x555583f32660, 24) = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 executing program [pid 326] write(1, "executing program\n", 18) = 18 [pid 326] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 326] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 326] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 326] exit_group(0) = ? [pid 326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x555583f32660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555583f32650) = 327 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] write(1, "executing program\n", 18executing program ) = 18 [pid 327] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 327] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 327] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 327] exit_group(0) = ? [pid 327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 328 ./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x555583f32660, 24) = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 executing program [pid 328] write(1, "executing program\n", 18) = 18 [pid 328] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 328] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 328] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 328] exit_group(0) = ? [ 32.138575][ T328] ------------[ cut here ]------------ [ 32.144096][ T328] WARNING: CPU: 1 PID: 328 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 32.153909][ T328] Modules linked in: [ 32.158063][ T328] CPU: 1 UID: 0 PID: 328 Comm: syz-executor356 Tainted: G W 6.12.38-syzkaller-gbf0fb8bb181b #0 d02c7cfa86e34ad1734bbfdc1f5f1c3ce9be47fc [ 32.173800][ T328] Tainted: [W]=WARN [ 32.177665][ T328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 32.187828][ T328] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 32.194114][ T328] Code: 00 48 8b 5d a0 74 08 48 89 df e8 42 45 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 32.214005][ T328] RSP: 0018:ffffc9000117faa8 EFLAGS: 00010202 [ 32.220152][ T328] RAX: 1ffffd1ffff80eb2 RBX: ffffc900013088e8 RCX: ffffffff816daf99 [ 32.228182][ T328] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07590 [ 32.236178][ T328] RBP: ffffc9000117fb10 R08: ffffe8ffffc07597 R09: 1ffffd1ffff80eb2 [ 32.244205][ T328] R10: dffffc0000000000 R11: fffff91ffff80eb3 R12: dffffc0000000000 [ 32.252232][ T328] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07590 [ 32.260416][ T328] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 32.269392][ T328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.275984][ T328] CR2: 0000555583f32650 CR3: 000000011ffc0000 CR4: 00000000003526b0 [ 32.284041][ T328] Call Trace: [ 32.287344][ T328] [ 32.290307][ T328] kvm_put_kvm+0x1100/0x12b0 [ 32.294929][ T328] ? __cfi_kvm_vm_release+0x10/0x10 [ 32.300198][ T328] kvm_vm_release+0x47/0x70 [ 32.304738][ T328] __fput+0x1fb/0xa00 [ 32.308787][ T328] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 32.314405][ T328] ____fput+0x20/0x30 [ 32.318462][ T328] task_work_run+0x1e0/0x250 [ 32.323083][ T328] ? __cfi_task_work_run+0x10/0x10 [ 32.328301][ T328] ? __kasan_check_write+0x18/0x20 [ 32.333460][ T328] do_exit+0x9bc/0x2630 [ 32.337636][ T328] ? __cfi_do_exit+0x10/0x10 [ 32.342344][ T328] ? __kasan_check_write+0x18/0x20 [ 32.347606][ T328] ? _raw_spin_lock_irq+0x8d/0x120 [ 32.352772][ T328] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 32.358398][ T328] ? zap_other_threads+0x334/0x370 [ 32.363528][ T328] do_group_exit+0x22a/0x300 [ 32.368185][ T328] __x64_sys_exit_group+0x43/0x50 [ 32.373241][ T328] x64_sys_call+0x2ed2/0x2ee0 [ 32.378006][ T328] do_syscall_64+0x58/0xf0 [ 32.382481][ T328] ? clear_bhb_loop+0x50/0xa0 [ 32.387169][ T328] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 32.393108][ T328] RIP: 0033:0x7fc03f039b89 [ 32.397553][ T328] Code: Unable to access opcode bytes at 0x7fc03f039b5f. [ 32.404610][ T328] RSP: 002b:00007ffc45d1a948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.413105][ T328] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc03f039b89 [ 32.421168][ T328] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 32.429240][ T328] RBP: 00007fc03f0b42b0 R08: ffffffffffffffb8 R09: 0000000000000006 [pid 328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x555583f32660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555583f32650) = 329 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 executing program [pid 329] write(1, "executing program\n", 18) = 18 [pid 329] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 329] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 329] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 329] exit_group(0) = ? [ 32.437681][ T328] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fc03f0b42b0 [ 32.445734][ T328] R13: 0000000000000000 R14: 00007fc03f0b4d00 R15: 00007fc03f00ade0 [ 32.453794][ T328] [ 32.456993][ T328] ---[ end trace 0000000000000000 ]--- [pid 329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 330 attached , child_tidptr=0x555583f32650) = 330 [pid 330] set_robust_list(0x555583f32660, 24) = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] write(1, "executing program\n", 18executing program ) = 18 [pid 330] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 330] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 330] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 330] exit_group(0) = ? [pid 330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x555583f32660, 24) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... clone resumed>, child_tidptr=0x555583f32650) = 331 [pid 331] <... prctl resumed>) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] write(1, "executing program\n", 18executing program ) = 18 [pid 331] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 331] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 331] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 331] exit_group(0) = ? [pid 331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 332 attached , child_tidptr=0x555583f32650) = 332 [pid 332] set_robust_list(0x555583f32660, 24) = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 executing program [pid 332] write(1, "executing program\n", 18) = 18 [pid 332] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 332] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 332] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 332] exit_group(0) = ? [pid 332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x555583f32660, 24) = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 executing program [pid 333] write(1, "executing program\n", 18) = 18 [pid 333] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 333] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 333] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 333] exit_group(0) = ? [pid 333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 334 attached , child_tidptr=0x555583f32650) = 334 [pid 334] set_robust_list(0x555583f32660, 24) = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 executing program [pid 334] write(1, "executing program\n", 18) = 18 [pid 334] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 334] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 334] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 334] exit_group(0) = ? [pid 334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x555583f32660, 24) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3executing program ) = 0 [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 335] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 335] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 335] exit_group(0) = ? [pid 335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 336 attached , child_tidptr=0x555583f32650) = 336 [pid 336] set_robust_list(0x555583f32660, 24) = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 336] setpgid(0, 0) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] write(1, "executing program\n", 18executing program ) = 18 [pid 336] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 336] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 336] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 336] exit_group(0) = ? [pid 336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 337 ./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x555583f32660, 24) = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 executing program [pid 337] write(1, "executing program\n", 18) = 18 [pid 337] openat(AT_FDCWD, "/dev/kvm", O_WRONLY|O_APPEND|O_NOFOLLOW|FASYNC) = 3 [pid 337] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 337] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 337] exit_group(0) = ? [ 32.908522][ T337] ------------[ cut here ]------------ [ 32.914018][ T337] WARNING: CPU: 1 PID: 337 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 32.923849][ T337] Modules linked in: [ 32.927812][ T337] CPU: 1 UID: 0 PID: 337 Comm: syz-executor356 Tainted: G W 6.12.38-syzkaller-gbf0fb8bb181b #0 d02c7cfa86e34ad1734bbfdc1f5f1c3ce9be47fc [ 32.943166][ T337] Tainted: [W]=WARN [ 32.946998][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 32.957105][ T337] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 32.963089][ T337] Code: 00 48 8b 5d a0 74 08 48 89 df e8 42 45 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 32.982791][ T337] RSP: 0018:ffffc90001347aa8 EFLAGS: 00010202 [ 32.988935][ T337] RAX: 1ffffd1ffff80ee2 RBX: ffffc9000137e8e8 RCX: ffffffff816daf99 [ 32.997211][ T337] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07710 [ 33.005249][ T337] RBP: ffffc90001347b10 R08: ffffe8ffffc07717 R09: 1ffffd1ffff80ee2 [ 33.013292][ T337] R10: dffffc0000000000 R11: fffff91ffff80ee3 R12: dffffc0000000000 [ 33.021333][ T337] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07710 [ 33.029454][ T337] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 33.038462][ T337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.045082][ T337] CR2: 00007fc03f0b5110 CR3: 000000011ffc0000 CR4: 00000000003526b0 [ 33.053137][ T337] Call Trace: [ 33.056461][ T337] [ 33.059429][ T337] kvm_put_kvm+0x1100/0x12b0 [ 33.064063][ T337] ? __cfi_kvm_vm_release+0x10/0x10 [ 33.069303][ T337] kvm_vm_release+0x47/0x70 [ 33.073936][ T337] __fput+0x1fb/0xa00 [ 33.078041][ T337] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 33.083734][ T337] ____fput+0x20/0x30 [ 33.087896][ T337] task_work_run+0x1e0/0x250 [ 33.092522][ T337] ? __cfi_task_work_run+0x10/0x10 [ 33.097728][ T337] ? __kasan_check_write+0x18/0x20 [ 33.103016][ T337] do_exit+0x9bc/0x2630 [ 33.107292][ T337] ? __cfi_do_exit+0x10/0x10 [ 33.111969][ T337] ? __kasan_check_write+0x18/0x20 [ 33.117318][ T337] ? _raw_spin_lock_irq+0x8d/0x120 [ 33.122494][ T337] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 33.128156][ T337] ? zap_other_threads+0x334/0x370 [ 33.133322][ T337] do_group_exit+0x22a/0x300 [ 33.137999][ T337] __x64_sys_exit_group+0x43/0x50 [ 33.143792][ T337] x64_sys_call+0x2ed2/0x2ee0 [ 33.148571][ T337] do_syscall_64+0x58/0xf0 [ 33.153116][ T337] ? clear_bhb_loop+0x50/0xa0 [ 33.157883][ T337] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 33.164279][ T337] RIP: 0033:0x7fc03f039b89 [ 33.170513][ T337] Code: Unable to access opcode bytes at 0x7fc03f039b5f. [ 33.177804][ T337] RSP: 002b:00007ffc45d1a948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 33.186435][ T337] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc03f039b89 [ 33.194474][ T337] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [pid 337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583f32650) = 338 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x555583f32660, 24) = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [ 33.202530][ T337] RBP: 00007fc03f0b42b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 33.210582][ T337] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fc03f0b42b0 [ 33.218654][ T337] R13: 0000000000000000 R14: 00007fc03f0b4d00 R15: 00007fc03f00ade0 [ 33.226665][ T337] [ 33.229750][ T337] ---[ end trace 0000000000000000 ]--- [ 33.247860][ T10] ================================================================== [ 33.256011][ T10] BUG: KASAN: vmalloc-out-of-bounds in srcu_invoke_callbacks+0x123/0x410 [ 33.264450][ T10] Read of size 8 at addr ffffc9000137e8f0 by task kworker/0:1/10 [ 33.272290][ T10] [ 33.274642][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G W 6.12.38-syzkaller-gbf0fb8bb181b #0 d02c7cfa86e34ad1734bbfdc1f5f1c3ce9be47fc [ 33.274668][ T10] Tainted: [W]=WARN [ 33.274674][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 33.274686][ T10] Workqueue: rcu_gp srcu_invoke_callbacks [ 33.274711][ T10] Call Trace: [ 33.274717][ T10] [ 33.274725][ T10] __dump_stack+0x21/0x30 [ 33.274746][ T10] dump_stack_lvl+0x10c/0x190 [ 33.274765][ T10] ? __cfi_dump_stack_lvl+0x10/0x10 [ 33.274785][ T10] ? __cfi__printk+0x10/0x10 [ 33.274810][ T10] print_address_description+0x71/0x220 [ 33.274827][ T10] print_report+0x4a/0x70 [ 33.274841][ T10] kasan_report+0x163/0x1a0 [ 33.274857][ T10] ? srcu_invoke_callbacks+0x123/0x410 [ 33.274879][ T10] ? srcu_invoke_callbacks+0x123/0x410 [ 33.274900][ T10] __asan_report_load8_noabort+0x18/0x20 [ 33.274921][ T10] srcu_invoke_callbacks+0x123/0x410 [ 33.274942][ T10] ? __schedule+0x132a/0x1df0 [ 33.274956][ T10] ? __cfi_srcu_invoke_callbacks+0x10/0x10 [ 33.274978][ T10] ? kick_pool+0xb9/0x550 [ 33.274994][ T10] process_scheduled_works+0x7d2/0x1020 [ 33.275021][ T10] worker_thread+0xc58/0x1250 [ 33.275050][ T10] ? schedule+0xc6/0x240 [ 33.275064][ T10] kthread+0x2ca/0x370 [ 33.275078][ T10] ? __cfi_worker_thread+0x10/0x10 [ 33.275100][ T10] ? __cfi_kthread+0x10/0x10 [ 33.275114][ T10] ret_from_fork+0x67/0xa0 [ 33.275134][ T10] ? __cfi_kthread+0x10/0x10 [ 33.275148][ T10] ret_from_fork_asm+0x1a/0x30 [ 33.275171][ T10] [ 33.275177][ T10] [ 33.434804][ T10] Memory state around the buggy address: [ 33.440462][ T10] ffffc9000137e780: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 33.448542][ T10] ffffc9000137e800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 33.456618][ T10] >ffffc9000137e880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 33.464706][ T10] ^ [ 33.472434][ T10] ffffc9000137e900: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 33.480635][ T10] ffffc9000137e980: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 33.488714][ T10] ================================================================== [ 33.496840][ T10] Disabling lock debugging due to kernel taint [ 33.503040][ T10] BUG: unable to handle page fault for address: ffffc9000137e8f0 [ 33.510775][ T10] #PF: supervisor read access in kernel mode [ 33.516786][ T10] #PF: error_code(0x0000) - not-present page [ 33.522804][ T10] PGD 100000067 P4D 100000067 PUD 101656067 PMD 103f49067 PTE 0 [ 33.530477][ T10] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 33.536573][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G B W 6.12.38-syzkaller-gbf0fb8bb181b #0 d02c7cfa86e34ad1734bbfdc1f5f1c3ce9be47fc [ 33.551441][ T10] Tainted: [B]=BAD_PAGE, [W]=WARN [ 33.556464][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 33.566523][ T10] Workqueue: rcu_gp srcu_invoke_callbacks [ 33.572267][ T10] RIP: 0010:srcu_invoke_callbacks+0x130/0x410 [ 33.578366][ T10] Code: 83 c5 10 4c 89 e8 48 c1 e8 03 80 3c 18 00 4c 8b 74 24 08 74 08 4c 89 ef e8 4d ed 6d 00 4d 8d be 48 ff ff ff 41 be 88 00 00 00 <4d> 03 75 00 4c 89 f0 48 c1 e8 03 80 3c 18 00 74 08 4c 89 f7 e8 27 [ 33.598422][ T10] RSP: 0018:ffffc900000a7ba0 EFLAGS: 00010082 [ 33.604507][ T10] RAX: ffff888102654c01 RBX: dffffc0000000000 RCX: ffff888102654c00 [ 33.612479][ T10] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 33.620460][ T10] RBP: ffffc900000a7c98 R08: ffffffff8895d947 R09: 1ffffffff112bb28 [ 33.628463][ T10] R10: dffffc0000000000 R11: fffffbfff112bb29 R12: 1ffff92000014f7c [ 33.636439][ T10] R13: ffffc9000137e8f0 R14: 0000000000000088 R15: ffffe8ffffc076c8 [ 33.644420][ T10] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 33.653372][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.660042][ T10] CR2: ffffc9000137e8f0 CR3: 0000000104782000 CR4: 00000000003526b0 [ 33.668057][ T10] Call Trace: [ 33.671348][ T10] [ 33.674306][ T10] ? __schedule+0x132a/0x1df0 [ 33.678991][ T10] ? __cfi_srcu_invoke_callbacks+0x10/0x10 [ 33.684811][ T10] ? kick_pool+0xb9/0x550 [ 33.689144][ T10] process_scheduled_works+0x7d2/0x1020 [ 33.694716][ T10] worker_thread+0xc58/0x1250 [ 33.699427][ T10] ? schedule+0xc6/0x240 [ 33.703676][ T10] kthread+0x2ca/0x370 [ 33.707765][ T10] ? __cfi_worker_thread+0x10/0x10 [ 33.712886][ T10] ? __cfi_kthread+0x10/0x10 [ 33.717476][ T10] ret_from_fork+0x67/0xa0 [ 33.721990][ T10] ? __cfi_kthread+0x10/0x10 [ 33.726637][ T10] ret_from_fork_asm+0x1a/0x30 [ 33.731440][ T10] [ 33.734469][ T10] Modules linked in: [ 33.738382][ T10] CR2: ffffc9000137e8f0 [ 33.742561][ T10] ---[ end trace 0000000000000000 ]--- [ 33.748136][ T10] RIP: 0010:srcu_invoke_callbacks+0x130/0x410 [ 33.754276][ T10] Code: 83 c5 10 4c 89 e8 48 c1 e8 03 80 3c 18 00 4c 8b 74 24 08 74 08 4c 89 ef e8 4d ed 6d 00 4d 8d be 48 ff ff ff 41 be 88 00 00 00 <4d> 03 75 00 4c 89 f0 48 c1 e8 03 80 3c 18 00 74 08 4c 89 f7 e8 27 [ 33.773901][ T10] RSP: 0018:ffffc900000a7ba0 EFLAGS: 00010082 [ 33.780076][ T10] RAX: ffff888102654c01 RBX: dffffc0000000000 RCX: ffff888102654c00 [ 33.788257][ T10] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 33.796242][ T10] RBP: ffffc900000a7c98 R08: ffffffff8895d947 R09: 1ffffffff112bb28 [ 33.804240][ T10] R10: dffffc0000000000 R11: fffffbfff112bb29 R12: 1ffff92000014f7c [ 33.812746][ T10] R13: ffffc9000137e8f0 R14: 0000000000000088 R15: ffffe8ffffc076c8 [ 33.820851][ T10] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 33.829791][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.836381][ T10] CR2: ffffc9000137e8f0 CR3: 0000000104782000 CR4: 00000000003526b0 [ 33.844371][ T10] Kernel panic - not syncing: Fatal exception [ 33.850900][ T10] Kernel Offset: disabled [ 33.855253][ T10] Rebooting in 86400 seconds..