./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1176503239 <...> Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts. execve("./syz-executor1176503239", ["./syz-executor1176503239"], 0x7ffcf735e870 /* 10 vars */) = 0 brk(NULL) = 0x555567e1b000 brk(0x555567e1bd00) = 0x555567e1bd00 arch_prctl(ARCH_SET_FS, 0x555567e1b380) = 0 set_tid_address(0x555567e1b650) = 297 set_robust_list(0x555567e1b660, 24) = 0 rseq(0x555567e1bca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1176503239", 4096) = 28 getrandom("\xf1\x6b\x23\xd2\xa7\x7c\x66\x10", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555567e1bd00 brk(0x555567e3cd00) = 0x555567e3cd00 brk(0x555567e3d000) = 0x555567e3d000 mprotect(0x7f05094f1000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555567e1b650) = 298 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x555567e1b660, 24) = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] write(1, "executing program\n", 18executing program ) = 18 [pid 298] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [ 27.901610][ T36] audit: type=1400 audit(1753926288.860:64): avc: denied { execmem } for pid=297 comm="syz-executor117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 27.910222][ T298] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [pid 298] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 298] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 298] exit_group(0) = ? [ 27.922228][ T36] audit: type=1400 audit(1753926288.870:65): avc: denied { read } for pid=298 comm="syz-executor117" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 27.973238][ T36] audit: type=1400 audit(1753926288.870:66): avc: denied { open } for pid=298 comm="syz-executor117" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [pid 298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 300 attached , child_tidptr=0x555567e1b650) = 300 [pid 300] set_robust_list(0x555567e1b660, 24) = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 300] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 300] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 300] exit_group(0) = ? [ 27.998414][ T36] audit: type=1400 audit(1753926288.870:67): avc: denied { ioctl } for pid=298 comm="syz-executor117" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555567e1b660, 24) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555567e1b650) = 301 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 executing program [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 301] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 301] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 301] exit_group(0) = ? [pid 301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x555567e1b660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555567e1b650) = 302 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 executing program [pid 302] write(1, "executing program\n", 18) = 18 [pid 302] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 302] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 302] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 302] exit_group(0) = ? [pid 302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555567e1b660, 24) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... clone resumed>, child_tidptr=0x555567e1b650) = 303 [pid 303] <... prctl resumed>) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 303] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 303] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 303] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 303] exit_group(0) = ? [ 28.238127][ T303] ------------[ cut here ]------------ [ 28.243696][ T303] WARNING: CPU: 1 PID: 303 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 28.253935][ T303] Modules linked in: [ 28.258042][ T303] CPU: 1 UID: 0 PID: 303 Comm: syz-executor117 Not tainted 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 28.272097][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 28.282383][ T303] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 28.288745][ T303] Code: 00 48 8b 5d a0 74 08 48 89 df e8 e2 24 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 28.309402][ T303] RSP: 0018:ffffc900012afaa8 EFLAGS: 00010202 [ 28.316451][ T303] RAX: 1ffffd1ffff80df2 RBX: ffffc9000130b8e8 RCX: ffffffff816daf99 [ 28.324680][ T303] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc06f90 [ 28.332746][ T303] RBP: ffffc900012afb10 R08: ffffe8ffffc06f97 R09: 1ffffd1ffff80df2 [ 28.340836][ T303] R10: dffffc0000000000 R11: fffff91ffff80df3 R12: dffffc0000000000 [ 28.349033][ T303] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc06f90 [ 28.357185][ T303] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 28.366485][ T303] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.373258][ T303] CR2: 00007ffcbe072c88 CR3: 0000000103f20000 CR4: 00000000003526b0 [ 28.381349][ T303] Call Trace: [ 28.384780][ T303] [ 28.387796][ T303] kvm_put_kvm+0x1100/0x12b0 [ 28.392515][ T303] ? __cfi_kvm_vm_release+0x10/0x10 [ 28.398399][ T303] kvm_vm_release+0x47/0x70 [ 28.402981][ T303] __fput+0x1fe/0xa00 [ 28.407089][ T303] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 28.413456][ T303] ____fput+0x20/0x30 [ 28.417662][ T303] task_work_run+0x1e0/0x250 [ 28.423291][ T303] ? __cfi_task_work_run+0x10/0x10 [ 28.428926][ T303] ? __kasan_check_write+0x18/0x20 [ 28.435148][ T303] do_exit+0x9bc/0x2630 [ 28.439491][ T303] ? __cfi_do_exit+0x10/0x10 [ 28.444245][ T303] ? __kasan_check_write+0x18/0x20 [ 28.449542][ T303] ? _raw_spin_lock_irq+0x8d/0x120 [ 28.454700][ T303] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 28.460448][ T303] ? zap_other_threads+0x334/0x370 [ 28.465721][ T303] do_group_exit+0x22a/0x300 [ 28.470864][ T303] __x64_sys_exit_group+0x43/0x50 [ 28.476662][ T303] x64_sys_call+0x2ed2/0x2ee0 [ 28.482014][ T303] do_syscall_64+0x58/0xf0 [ 28.487820][ T303] ? clear_bhb_loop+0x50/0xa0 [ 28.492837][ T303] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 28.499701][ T303] RIP: 0033:0x7f050947cb89 [ 28.504302][ T303] Code: Unable to access opcode bytes at 0x7f050947cb5f. [ 28.511946][ T303] RSP: 002b:00007ffcbe072d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.520971][ T303] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f050947cb89 [ 28.529114][ T303] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [pid 303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 304 attached , child_tidptr=0x555567e1b650) = 304 [pid 304] set_robust_list(0x555567e1b660, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 executing program [pid 304] write(1, "executing program\n", 18) = 18 [pid 304] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 304] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 304] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 304] exit_group(0) = ? [ 28.537210][ T303] RBP: 00007f05094f72b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 28.545436][ T303] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f05094f72b0 [ 28.553959][ T303] R13: 0000000000000000 R14: 00007f05094f7d00 R15: 00007f050944dde0 [ 28.562670][ T303] [ 28.565756][ T303] ---[ end trace 0000000000000000 ]--- [ 28.598174][ T304] ------------[ cut here ]------------ [ 28.604002][ T304] WARNING: CPU: 0 PID: 304 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 28.614027][ T304] Modules linked in: [ 28.618103][ T304] CPU: 0 UID: 0 PID: 304 Comm: syz-executor117 Tainted: G W 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 28.633832][ T304] Tainted: [W]=WARN [ 28.637786][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 28.648010][ T304] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 28.653960][ T304] Code: 00 48 8b 5d a0 74 08 48 89 df e8 e2 24 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 28.674946][ T304] RSP: 0018:ffffc900012afaa8 EFLAGS: 00010202 [ 28.681677][ T304] RAX: 1ffffd1ffff80e22 RBX: ffffc900013168e8 RCX: ffffffff816daf99 [ 28.689763][ T304] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07110 [ 28.697803][ T304] RBP: ffffc900012afb10 R08: ffffe8ffffc07117 R09: 1ffffd1ffff80e22 [ 28.705792][ T304] R10: dffffc0000000000 R11: fffff91ffff80e23 R12: dffffc0000000000 [ 28.714266][ T304] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07110 [ 28.722605][ T304] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 28.731900][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.738647][ T304] CR2: 0000560581573128 CR3: 0000000103f20000 CR4: 00000000003526b0 [ 28.746751][ T304] Call Trace: [ 28.750313][ T304] [ 28.753285][ T304] kvm_put_kvm+0x1100/0x12b0 [ 28.758349][ T304] ? __cfi_kvm_vm_release+0x10/0x10 [ 28.763681][ T304] kvm_vm_release+0x47/0x70 [ 28.768368][ T304] __fput+0x1fe/0xa00 [ 28.772395][ T304] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 28.778013][ T304] ____fput+0x20/0x30 [ 28.782039][ T304] task_work_run+0x1e0/0x250 [ 28.786645][ T304] ? __cfi_task_work_run+0x10/0x10 [ 28.791808][ T304] ? __kasan_check_write+0x18/0x20 [ 28.797067][ T304] do_exit+0x9bc/0x2630 [ 28.801409][ T304] ? __cfi_do_exit+0x10/0x10 [ 28.806143][ T304] ? __kasan_check_write+0x18/0x20 [ 28.811323][ T304] ? _raw_spin_lock_irq+0x8d/0x120 [ 28.816646][ T304] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 28.822288][ T304] ? zap_other_threads+0x334/0x370 [ 28.827596][ T304] do_group_exit+0x22a/0x300 [ 28.832735][ T304] __x64_sys_exit_group+0x43/0x50 [ 28.837843][ T304] x64_sys_call+0x2ed2/0x2ee0 [ 28.842604][ T304] do_syscall_64+0x58/0xf0 [ 28.847045][ T304] ? clear_bhb_loop+0x50/0xa0 [ 28.852058][ T304] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 28.858124][ T304] RIP: 0033:0x7f050947cb89 [ 28.862566][ T304] Code: Unable to access opcode bytes at 0x7f050947cb5f. [ 28.869641][ T304] RSP: 002b:00007ffcbe072d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.878140][ T304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f050947cb89 [ 28.886175][ T304] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [pid 304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555567e1b660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555567e1b650) = 305 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] write(1, "executing program\n", 18executing program ) = 18 [pid 305] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 305] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 305] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 305] exit_group(0) = ? [ 28.894285][ T304] RBP: 00007f05094f72b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 28.902322][ T304] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f05094f72b0 [ 28.910369][ T304] R13: 0000000000000000 R14: 00007f05094f7d00 R15: 00007f050944dde0 [ 28.918414][ T304] [ 28.921447][ T304] ---[ end trace 0000000000000000 ]--- [ 28.958191][ T305] ------------[ cut here ]------------ [ 28.963801][ T305] WARNING: CPU: 0 PID: 305 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 28.973727][ T305] Modules linked in: [ 28.977808][ T305] CPU: 0 UID: 0 PID: 305 Comm: syz-executor117 Tainted: G W 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 28.993214][ T305] Tainted: [W]=WARN [ 28.997039][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 29.007403][ T305] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 29.013341][ T305] Code: 00 48 8b 5d a0 74 08 48 89 df e8 e2 24 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 29.033348][ T305] RSP: 0018:ffffc9000127faa8 EFLAGS: 00010202 [ 29.039585][ T305] RAX: 1ffffd1ffff80e52 RBX: ffffc900013218e8 RCX: ffffffff816daf99 [ 29.047829][ T305] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07290 [ 29.056017][ T305] RBP: ffffc9000127fb10 R08: ffffe8ffffc07297 R09: 1ffffd1ffff80e52 [ 29.064179][ T305] R10: dffffc0000000000 R11: fffff91ffff80e53 R12: dffffc0000000000 [ 29.072647][ T305] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07290 [ 29.080705][ T305] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 29.089894][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.096567][ T305] CR2: 00007f05094f8110 CR3: 000000012611c000 CR4: 00000000003526b0 [ 29.104614][ T305] Call Trace: [ 29.107983][ T305] [ 29.111473][ T305] kvm_put_kvm+0x1100/0x12b0 [ 29.116183][ T305] ? __cfi_kvm_vm_release+0x10/0x10 [ 29.121581][ T305] kvm_vm_release+0x47/0x70 [ 29.126129][ T305] __fput+0x1fe/0xa00 [ 29.130196][ T305] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 29.135806][ T305] ____fput+0x20/0x30 [ 29.140005][ T305] task_work_run+0x1e0/0x250 [ 29.144720][ T305] ? __cfi_task_work_run+0x10/0x10 [ 29.149915][ T305] ? __kasan_check_write+0x18/0x20 [ 29.155066][ T305] do_exit+0x9bc/0x2630 [ 29.159288][ T305] ? __cfi_do_exit+0x10/0x10 [ 29.163992][ T305] ? __kasan_check_write+0x18/0x20 [ 29.169301][ T305] ? _raw_spin_lock_irq+0x8d/0x120 [ 29.174542][ T305] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 29.180269][ T305] ? zap_other_threads+0x334/0x370 [ 29.185429][ T305] do_group_exit+0x22a/0x300 [ 29.190078][ T305] __x64_sys_exit_group+0x43/0x50 [ 29.195149][ T305] x64_sys_call+0x2ed2/0x2ee0 [ 29.199918][ T305] do_syscall_64+0x58/0xf0 [ 29.204853][ T305] ? clear_bhb_loop+0x50/0xa0 [ 29.209917][ T305] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 29.215993][ T305] RIP: 0033:0x7f050947cb89 [ 29.220676][ T305] Code: Unable to access opcode bytes at 0x7f050947cb5f. [ 29.227767][ T305] RSP: 002b:00007ffcbe072d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 29.236727][ T305] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f050947cb89 [ 29.244876][ T305] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [pid 305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 306 attached , child_tidptr=0x555567e1b650) = 306 [pid 306] set_robust_list(0x555567e1b660, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 executing program [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 306] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 306] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 306] exit_group(0) = ? [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 29.252974][ T305] RBP: 00007f05094f72b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 29.261470][ T305] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f05094f72b0 [ 29.269722][ T305] R13: 0000000000000000 R14: 00007f05094f7d00 R15: 00007f050944dde0 [ 29.278640][ T305] [ 29.281704][ T305] ---[ end trace 0000000000000000 ]--- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x555567e1b660, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555567e1b650) = 307 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 executing program [pid 307] write(1, "executing program\n", 18) = 18 [pid 307] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 307] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 307] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 307] exit_group(0) = ? [ 29.368132][ T307] ------------[ cut here ]------------ [ 29.373796][ T307] WARNING: CPU: 1 PID: 307 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 29.383854][ T307] Modules linked in: [ 29.387923][ T307] CPU: 1 UID: 0 PID: 307 Comm: syz-executor117 Tainted: G W 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 29.403383][ T307] Tainted: [W]=WARN [ 29.407227][ T307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 29.417352][ T307] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 29.423939][ T307] Code: 00 48 8b 5d a0 74 08 48 89 df e8 e2 24 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 29.443842][ T307] RSP: 0018:ffffc900012afaa8 EFLAGS: 00010202 [ 29.450069][ T307] RAX: 1ffffd1ffff80e82 RBX: ffffc900013378e8 RCX: ffffffff816daf99 [ 29.458613][ T307] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07410 [ 29.466725][ T307] RBP: ffffc900012afb10 R08: ffffe8ffffc07417 R09: 1ffffd1ffff80e82 [ 29.474915][ T307] R10: dffffc0000000000 R11: fffff91ffff80e83 R12: dffffc0000000000 [ 29.482998][ T307] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07410 [ 29.491103][ T307] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 29.500103][ T307] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.506702][ T307] CR2: 0000560581333c40 CR3: 0000000103f20000 CR4: 00000000003526b0 [ 29.514725][ T307] Call Trace: [ 29.518150][ T307] [ 29.521087][ T307] kvm_put_kvm+0x1100/0x12b0 [ 29.525795][ T307] ? __cfi_kvm_vm_release+0x10/0x10 [ 29.531142][ T307] kvm_vm_release+0x47/0x70 [ 29.535700][ T307] __fput+0x1fe/0xa00 [ 29.539755][ T307] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 29.545413][ T307] ____fput+0x20/0x30 [ 29.549448][ T307] task_work_run+0x1e0/0x250 [ 29.554064][ T307] ? __cfi_task_work_run+0x10/0x10 [ 29.559225][ T307] ? __kasan_check_write+0x18/0x20 [ 29.564371][ T307] do_exit+0x9bc/0x2630 [ 29.568682][ T307] ? __cfi_do_exit+0x10/0x10 [ 29.573379][ T307] ? __kasan_check_write+0x18/0x20 [ 29.578550][ T307] ? _raw_spin_lock_irq+0x8d/0x120 [ 29.583842][ T307] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 29.589458][ T307] ? zap_other_threads+0x334/0x370 [ 29.594775][ T307] do_group_exit+0x22a/0x300 [ 29.599476][ T307] __x64_sys_exit_group+0x43/0x50 [ 29.604564][ T307] x64_sys_call+0x2ed2/0x2ee0 [ 29.609689][ T307] do_syscall_64+0x58/0xf0 [ 29.614265][ T307] ? clear_bhb_loop+0x50/0xa0 [ 29.619089][ T307] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 29.625733][ T307] RIP: 0033:0x7f050947cb89 [ 29.630583][ T307] Code: Unable to access opcode bytes at 0x7f050947cb5f. [ 29.638494][ T307] RSP: 002b:00007ffcbe072d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 29.647810][ T307] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f050947cb89 [ 29.656179][ T307] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [pid 307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 308 attached , child_tidptr=0x555567e1b650) = 308 [pid 308] set_robust_list(0x555567e1b660, 24) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 executing program [pid 308] write(1, "executing program\n", 18) = 18 [pid 308] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 308] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 308] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 308] exit_group(0) = ? [ 29.665651][ T307] RBP: 00007f05094f72b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 29.674492][ T307] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f05094f72b0 [ 29.684322][ T307] R13: 0000000000000000 R14: 00007f05094f7d00 R15: 00007f050944dde0 [ 29.692800][ T307] [ 29.695925][ T307] ---[ end trace 0000000000000000 ]--- [pid 308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 309 attached , child_tidptr=0x555567e1b650) = 309 [pid 309] set_robust_list(0x555567e1b660, 24) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 [pid 309] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 309] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 309] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 309] exit_group(0) = ? [ 29.798257][ T309] ------------[ cut here ]------------ [ 29.803757][ T309] WARNING: CPU: 1 PID: 309 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 29.813688][ T309] Modules linked in: [ 29.817641][ T309] CPU: 1 UID: 0 PID: 309 Comm: syz-executor117 Tainted: G W 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 29.833005][ T309] Tainted: [W]=WARN [ 29.836833][ T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 29.846939][ T309] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 29.852909][ T309] Code: 00 48 8b 5d a0 74 08 48 89 df e8 e2 24 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 29.872836][ T309] RSP: 0018:ffffc9000122faa8 EFLAGS: 00010202 [ 29.878968][ T309] RAX: 1ffffd1ffff80eb2 RBX: ffffc9000134d8e8 RCX: ffffffff816daf99 [ 29.886952][ T309] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07590 [ 29.895015][ T309] RBP: ffffc9000122fb10 R08: ffffe8ffffc07597 R09: 1ffffd1ffff80eb2 [ 29.903077][ T309] R10: dffffc0000000000 R11: fffff91ffff80eb3 R12: dffffc0000000000 [ 29.911138][ T309] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07590 [ 29.919191][ T309] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 29.928176][ T309] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.934806][ T309] CR2: 00007f05094f8110 CR3: 0000000103f20000 CR4: 00000000003526b0 [ 29.942841][ T309] Call Trace: [ 29.946154][ T309] [ 29.949224][ T309] kvm_put_kvm+0x1100/0x12b0 [ 29.953884][ T309] ? __cfi_kvm_vm_release+0x10/0x10 [ 29.959178][ T309] kvm_vm_release+0x47/0x70 [ 29.963728][ T309] __fput+0x1fe/0xa00 [ 29.967874][ T309] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 29.973457][ T309] ____fput+0x20/0x30 [ 29.977520][ T309] task_work_run+0x1e0/0x250 [ 29.982143][ T309] ? __cfi_task_work_run+0x10/0x10 [ 29.987287][ T309] ? __kasan_check_write+0x18/0x20 [ 29.992552][ T309] do_exit+0x9bc/0x2630 [ 29.996763][ T309] ? __cfi_do_exit+0x10/0x10 [ 30.001395][ T309] ? __kasan_check_write+0x18/0x20 [ 30.006624][ T309] ? _raw_spin_lock_irq+0x8d/0x120 [ 30.011773][ T309] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 30.017346][ T309] ? zap_other_threads+0x334/0x370 [ 30.022531][ T309] do_group_exit+0x22a/0x300 [ 30.027135][ T309] __x64_sys_exit_group+0x43/0x50 [ 30.032323][ T309] x64_sys_call+0x2ed2/0x2ee0 [ 30.037047][ T309] do_syscall_64+0x58/0xf0 [ 30.041550][ T309] ? clear_bhb_loop+0x50/0xa0 [ 30.046264][ T309] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 30.052229][ T309] RIP: 0033:0x7f050947cb89 [ 30.056662][ T309] Code: Unable to access opcode bytes at 0x7f050947cb5f. [ 30.063723][ T309] RSP: 002b:00007ffcbe072d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.072320][ T309] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f050947cb89 [ 30.080360][ T309] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 30.088386][ T309] RBP: 00007f05094f72b0 R08: ffffffffffffffb8 R09: 0000000000000006 [pid 309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 310 attached , child_tidptr=0x555567e1b650) = 310 [pid 310] set_robust_list(0x555567e1b660, 24) = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 executing program [pid 310] write(1, "executing program\n", 18) = 18 [pid 310] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 310] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 310] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 310] exit_group(0) = ? [ 30.096373][ T309] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f05094f72b0 [ 30.104565][ T309] R13: 0000000000000000 R14: 00007f05094f7d00 R15: 00007f050944dde0 [ 30.112611][ T309] [ 30.116004][ T309] ---[ end trace 0000000000000000 ]--- [ 30.148192][ T310] ------------[ cut here ]------------ [ 30.153698][ T310] WARNING: CPU: 0 PID: 310 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 30.163516][ T310] Modules linked in: [ 30.167481][ T310] CPU: 0 UID: 0 PID: 310 Comm: syz-executor117 Tainted: G W 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 30.183038][ T310] Tainted: [W]=WARN [ 30.186931][ T310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 30.198931][ T310] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 30.205402][ T310] Code: 00 48 8b 5d a0 74 08 48 89 df e8 e2 24 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 30.225160][ T310] RSP: 0018:ffffc90001357aa8 EFLAGS: 00010202 [ 30.231274][ T310] RAX: 1ffffd1ffff80ee2 RBX: ffffc900013628e8 RCX: ffffffff816daf99 [ 30.239350][ T310] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07710 [ 30.247413][ T310] RBP: ffffc90001357b10 R08: ffffe8ffffc07717 R09: 1ffffd1ffff80ee2 [ 30.255478][ T310] R10: dffffc0000000000 R11: fffff91ffff80ee3 R12: dffffc0000000000 [ 30.263636][ T310] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07710 [ 30.271860][ T310] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 30.280886][ T310] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.287660][ T310] CR2: 00007f05094f8110 CR3: 0000000103f20000 CR4: 00000000003526b0 [ 30.295812][ T310] Call Trace: [ 30.299369][ T310] [ 30.302448][ T310] kvm_put_kvm+0x1100/0x12b0 [ 30.307105][ T310] ? __cfi_kvm_vm_release+0x10/0x10 [ 30.312395][ T310] kvm_vm_release+0x47/0x70 [ 30.317135][ T310] __fput+0x1fe/0xa00 [ 30.321214][ T310] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 30.326913][ T310] ____fput+0x20/0x30 [ 30.331066][ T310] task_work_run+0x1e0/0x250 [ 30.335700][ T310] ? __cfi_task_work_run+0x10/0x10 [ 30.340944][ T310] ? __kasan_check_write+0x18/0x20 [ 30.346102][ T310] do_exit+0x9bc/0x2630 [ 30.350357][ T310] ? __cfi_do_exit+0x10/0x10 [ 30.355030][ T310] ? __kasan_check_write+0x18/0x20 [ 30.360239][ T310] ? _raw_spin_lock_irq+0x8d/0x120 [ 30.366822][ T310] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 30.372721][ T310] ? zap_other_threads+0x334/0x370 [ 30.377908][ T310] do_group_exit+0x22a/0x300 [ 30.382561][ T310] __x64_sys_exit_group+0x43/0x50 [ 30.387794][ T310] x64_sys_call+0x2ed2/0x2ee0 [ 30.392604][ T310] do_syscall_64+0x58/0xf0 [ 30.397214][ T310] ? clear_bhb_loop+0x50/0xa0 [ 30.402080][ T310] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 30.408050][ T310] RIP: 0033:0x7f050947cb89 [ 30.412604][ T310] Code: Unable to access opcode bytes at 0x7f050947cb5f. [ 30.419779][ T310] RSP: 002b:00007ffcbe072d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.428355][ T310] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f050947cb89 [ 30.436604][ T310] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [pid 310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 311 attached , child_tidptr=0x555567e1b650) = 311 [pid 311] set_robust_list(0x555567e1b660, 24) = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 executing program [pid 311] write(1, "executing program\n", 18) = 18 [pid 311] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 311] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 311] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 311] exit_group(0) = ? [ 30.444819][ T310] RBP: 00007f05094f72b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 30.452960][ T310] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f05094f72b0 [ 30.461019][ T310] R13: 0000000000000000 R14: 00007f05094f7d00 R15: 00007f050944dde0 [ 30.469219][ T310] [ 30.472347][ T310] ---[ end trace 0000000000000000 ]--- [ 30.508243][ T311] ------------[ cut here ]------------ [ 30.514498][ T311] WARNING: CPU: 1 PID: 311 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 30.524338][ T311] Modules linked in: [ 30.528338][ T311] CPU: 1 UID: 0 PID: 311 Comm: syz-executor117 Tainted: G W 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 30.543799][ T311] Tainted: [W]=WARN [ 30.547675][ T311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 30.557894][ T311] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 30.564007][ T311] Code: 00 48 8b 5d a0 74 08 48 89 df e8 e2 24 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 30.583668][ T311] RSP: 0018:ffffc900012afaa8 EFLAGS: 00010202 [ 30.589830][ T311] RAX: 1ffffd1ffff80f12 RBX: ffffc9000136d8e8 RCX: ffffffff816daf99 [ 30.597965][ T311] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07890 [ 30.606066][ T311] RBP: ffffc900012afb10 R08: ffffe8ffffc07897 R09: 1ffffd1ffff80f12 [ 30.614185][ T311] R10: dffffc0000000000 R11: fffff91ffff80f13 R12: dffffc0000000000 [ 30.622223][ T311] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07890 [ 30.630428][ T311] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 30.639521][ T311] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.646128][ T311] CR2: 00007f050944d65e CR3: 000000012611c000 CR4: 00000000003526b0 [ 30.654279][ T311] Call Trace: [ 30.657614][ T311] [ 30.660556][ T311] kvm_put_kvm+0x1100/0x12b0 [ 30.665168][ T311] ? __cfi_kvm_vm_release+0x10/0x10 [ 30.670455][ T311] kvm_vm_release+0x47/0x70 [ 30.675003][ T311] __fput+0x1fe/0xa00 [ 30.679141][ T311] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 30.684729][ T311] ____fput+0x20/0x30 [ 30.688768][ T311] task_work_run+0x1e0/0x250 [ 30.693498][ T311] ? __cfi_task_work_run+0x10/0x10 [ 30.698673][ T311] ? __kasan_check_write+0x18/0x20 [ 30.703953][ T311] do_exit+0x9bc/0x2630 [ 30.708154][ T311] ? __cfi_do_exit+0x10/0x10 [ 30.713389][ T311] ? __kasan_check_write+0x18/0x20 [ 30.718571][ T311] ? _raw_spin_lock_irq+0x8d/0x120 [ 30.723720][ T311] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 30.729315][ T311] ? zap_other_threads+0x334/0x370 [ 30.734491][ T311] do_group_exit+0x22a/0x300 [ 30.739308][ T311] __x64_sys_exit_group+0x43/0x50 [ 30.744466][ T311] x64_sys_call+0x2ed2/0x2ee0 [ 30.749284][ T311] do_syscall_64+0x58/0xf0 [ 30.753765][ T311] ? clear_bhb_loop+0x50/0xa0 [ 30.758508][ T311] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 30.764551][ T311] RIP: 0033:0x7f050947cb89 [ 30.769241][ T311] Code: Unable to access opcode bytes at 0x7f050947cb5f. [ 30.777336][ T311] RSP: 002b:00007ffcbe072d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.785939][ T311] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f050947cb89 [ 30.795577][ T311] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [pid 311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 312 attached , child_tidptr=0x555567e1b650) = 312 [pid 312] set_robust_list(0x555567e1b660, 24) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] write(1, "executing program\n", 18executing program ) = 18 [pid 312] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 312] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 312] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [pid 312] exit_group(0) = ? [ 30.805667][ T311] RBP: 00007f05094f72b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 30.814100][ T311] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f05094f72b0 [ 30.822999][ T311] R13: 0000000000000000 R14: 00007f05094f7d00 R15: 00007f050944dde0 [ 30.831110][ T311] [ 30.834166][ T311] ---[ end trace 0000000000000000 ]--- [ 30.868108][ T312] ------------[ cut here ]------------ [ 30.874220][ T312] WARNING: CPU: 1 PID: 312 at kernel/rcu/srcutree.c:664 cleanup_srcu_struct+0x3e9/0x4c0 [ 30.884028][ T312] Modules linked in: [ 30.888018][ T312] CPU: 1 UID: 0 PID: 312 Comm: syz-executor117 Tainted: G W 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 30.903461][ T312] Tainted: [W]=WARN [ 30.907294][ T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 30.917895][ T312] RIP: 0010:cleanup_srcu_struct+0x3e9/0x4c0 [ 30.923949][ T312] Code: 00 48 8b 5d a0 74 08 48 89 df e8 e2 24 6e 00 48 c7 03 00 00 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc <0f> 0b eb e8 0f 0b eb e4 0f 0b eb e0 0f 0b eb 0e 0f 0b 4c 8b 75 d0 [ 30.943891][ T312] RSP: 0018:ffffc9000122faa8 EFLAGS: 00010202 [ 30.950041][ T312] RAX: 1ffffd1ffff80f42 RBX: ffffc900013788e8 RCX: ffffffff816daf99 [ 30.958104][ T312] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffe8ffffc07a10 [ 30.966208][ T312] RBP: ffffc9000122fb10 R08: ffffe8ffffc07a17 R09: 1ffffd1ffff80f42 [ 30.974250][ T312] R10: dffffc0000000000 R11: fffff91ffff80f43 R12: dffffc0000000000 [ 30.982298][ T312] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffe8ffffc07a10 [ 30.990341][ T312] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 30.999347][ T312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.005956][ T312] CR2: 00007f050944d65e CR3: 0000000103f20000 CR4: 00000000003526b0 [ 31.013977][ T312] Call Trace: [ 31.017271][ T312] [ 31.020258][ T312] kvm_put_kvm+0x1100/0x12b0 [ 31.024886][ T312] ? __cfi_kvm_vm_release+0x10/0x10 [ 31.030218][ T312] kvm_vm_release+0x47/0x70 [ 31.034771][ T312] __fput+0x1fe/0xa00 [ 31.038863][ T312] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 31.044624][ T312] ____fput+0x20/0x30 [ 31.048782][ T312] task_work_run+0x1e0/0x250 [ 31.053518][ T312] ? __cfi_task_work_run+0x10/0x10 [ 31.059250][ T312] ? __kasan_check_write+0x18/0x20 [ 31.064538][ T312] do_exit+0x9bc/0x2630 [ 31.068835][ T312] ? __cfi_do_exit+0x10/0x10 [ 31.074748][ T312] ? __kasan_check_write+0x18/0x20 [ 31.080400][ T312] ? _raw_spin_lock_irq+0x8d/0x120 [ 31.085776][ T312] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 31.091515][ T312] ? zap_other_threads+0x334/0x370 [ 31.096686][ T312] do_group_exit+0x22a/0x300 [ 31.101383][ T312] __x64_sys_exit_group+0x43/0x50 [ 31.106539][ T312] x64_sys_call+0x2ed2/0x2ee0 [ 31.111379][ T312] do_syscall_64+0x58/0xf0 [ 31.115826][ T312] ? clear_bhb_loop+0x50/0xa0 [ 31.120565][ T312] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.126496][ T312] RIP: 0033:0x7f050947cb89 [ 31.130983][ T312] Code: Unable to access opcode bytes at 0x7f050947cb5f. [ 31.138082][ T312] RSP: 002b:00007ffcbe072d28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.146543][ T312] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f050947cb89 [ 31.154594][ T312] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [pid 312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 313 attached , child_tidptr=0x555567e1b650) = 313 [pid 313] set_robust_list(0x555567e1b660, 24) = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 executing program [pid 313] write(1, "executing program\n", 18) = 18 [pid 313] openat(AT_FDCWD, "/dev/kvm", O_RDONLY) = 3 [pid 313] ioctl(3, KVM_CREATE_VM, 0) = 4 [pid 313] ioctl(4, KVM_CREATE_IRQCHIP, 0) = 0 [ 31.162643][ T312] RBP: 00007f05094f72b0 R08: ffffffffffffffb8 R09: 0000000000000006 [ 31.170770][ T312] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f05094f72b0 [ 31.179007][ T312] R13: 0000000000000000 R14: 00007f05094f7d00 R15: 00007f050944dde0 [ 31.187021][ T312] [ 31.190095][ T312] ---[ end trace 0000000000000000 ]--- [ 31.207433][ T10] ================================================================== [ 31.215642][ T10] BUG: KASAN: vmalloc-out-of-bounds in srcu_invoke_callbacks+0x123/0x410 [ 31.224320][ T10] Read of size 8 at addr ffffc900013788f0 by task kworker/0:1/10 [ 31.232202][ T10] [ 31.235498][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G W 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 31.235526][ T10] Tainted: [W]=WARN [ 31.235532][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 31.235543][ T10] Workqueue: rcu_gp srcu_invoke_callbacks [ 31.235568][ T10] Call Trace: [ 31.235574][ T10] [ 31.235583][ T10] __dump_stack+0x21/0x30 [ 31.235604][ T10] dump_stack_lvl+0x10c/0x190 [ 31.235623][ T10] ? __cfi_dump_stack_lvl+0x10/0x10 [ 31.235642][ T10] ? __cfi__printk+0x10/0x10 [ 31.235667][ T10] print_address_description+0x71/0x220 [ 31.235683][ T10] print_report+0x4a/0x70 [ 31.235698][ T10] kasan_report+0x163/0x1a0 [ 31.235713][ T10] ? srcu_invoke_callbacks+0x123/0x410 [ 31.235734][ T10] ? srcu_invoke_callbacks+0x123/0x410 [ 31.235755][ T10] __asan_report_load8_noabort+0x18/0x20 [ 31.235775][ T10] srcu_invoke_callbacks+0x123/0x410 [ 31.235796][ T10] ? __schedule+0x132a/0x1df0 [ 31.235817][ T10] ? __cfi_srcu_invoke_callbacks+0x10/0x10 [ 31.235840][ T10] ? kick_pool+0xb9/0x550 [ 31.235856][ T10] process_scheduled_works+0x7d2/0x1020 [ 31.235882][ T10] worker_thread+0xc58/0x1250 [ 31.235906][ T10] ? schedule+0xc6/0x240 [ 31.235926][ T10] kthread+0x2ca/0x370 [ 31.235940][ T10] ? __cfi_worker_thread+0x10/0x10 [ 31.235962][ T10] ? __cfi_kthread+0x10/0x10 [ 31.235982][ T10] ret_from_fork+0x67/0xa0 [ 31.236002][ T10] ? __cfi_kthread+0x10/0x10 [ 31.236016][ T10] ret_from_fork_asm+0x1a/0x30 [ 31.236039][ T10] [ 31.236045][ T10] [ 31.397686][ T10] Memory state around the buggy address: [ 31.403425][ T10] ffffc90001378780: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 31.411683][ T10] ffffc90001378800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 31.419845][ T10] >ffffc90001378880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 31.427920][ T10] ^ [ 31.435730][ T10] ffffc90001378900: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 31.443871][ T10] ffffc90001378980: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 31.451941][ T10] ================================================================== [ 31.459996][ T10] Disabling lock debugging due to kernel taint [ 31.466174][ T10] BUG: unable to handle page fault for address: ffffc900013788f0 [ 31.473880][ T10] #PF: supervisor read access in kernel mode [ 31.479854][ T10] #PF: error_code(0x0000) - not-present page [ 31.485848][ T10] PGD 100000067 P4D 100000067 PUD 101656067 PMD 1213e3067 PTE 0 [ 31.493496][ T10] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 31.499564][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G B W 6.12.38-syzkaller-gcab1c944469e #0 734e319b388da58a33232d9455bc96d2bb27a3d9 [ 31.514416][ T10] Tainted: [B]=BAD_PAGE, [W]=WARN [ 31.519434][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 31.529491][ T10] Workqueue: rcu_gp srcu_invoke_callbacks [ 31.535235][ T10] RIP: 0010:srcu_invoke_callbacks+0x130/0x410 [ 31.541965][ T10] Code: 83 c5 10 4c 89 e8 48 c1 e8 03 80 3c 18 00 4c 8b 74 24 08 74 08 4c 89 ef e8 ed cc 6d 00 4d 8d be 48 ff ff ff 41 be 88 00 00 00 <4d> 03 75 00 4c 89 f0 48 c1 e8 03 80 3c 18 00 74 08 4c 89 f7 e8 c7 [ 31.562803][ T10] RSP: 0018:ffffc900000a7ba0 EFLAGS: 00010082 [ 31.568913][ T10] RAX: ffff888102655f01 RBX: dffffc0000000000 RCX: ffff888102655f00 [ 31.577079][ T10] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 31.585193][ T10] RBP: ffffc900000a7c98 R08: ffffffff8895a947 R09: 1ffffffff112b528 [ 31.593286][ T10] R10: dffffc0000000000 R11: fffffbfff112b529 R12: 1ffff92000014f7c [ 31.601449][ T10] R13: ffffc900013788f0 R14: 0000000000000088 R15: ffffe8ffffc079c8 [ 31.609524][ T10] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 31.618591][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.625315][ T10] CR2: ffffc900013788f0 CR3: 000000010431a000 CR4: 00000000003526b0 [ 31.633326][ T10] Call Trace: [ 31.636612][ T10] [ 31.639560][ T10] ? __schedule+0x132a/0x1df0 [ 31.644287][ T10] ? __cfi_srcu_invoke_callbacks+0x10/0x10 [ 31.650140][ T10] ? kick_pool+0xb9/0x550 [ 31.654484][ T10] process_scheduled_works+0x7d2/0x1020 [ 31.660127][ T10] worker_thread+0xc58/0x1250 [ 31.664836][ T10] ? schedule+0xc6/0x240 [ 31.669085][ T10] kthread+0x2ca/0x370 [ 31.673197][ T10] ? __cfi_worker_thread+0x10/0x10 [ 31.678330][ T10] ? __cfi_kthread+0x10/0x10 [ 31.682933][ T10] ret_from_fork+0x67/0xa0 [ 31.687374][ T10] ? __cfi_kthread+0x10/0x10 [ 31.691962][ T10] ret_from_fork_asm+0x1a/0x30 [ 31.696733][ T10] [ 31.699750][ T10] Modules linked in: [ 31.703668][ T10] CR2: ffffc900013788f0 [ 31.707824][ T10] ---[ end trace 0000000000000000 ]--- [ 31.713277][ T10] RIP: 0010:srcu_invoke_callbacks+0x130/0x410 [ 31.719352][ T10] Code: 83 c5 10 4c 89 e8 48 c1 e8 03 80 3c 18 00 4c 8b 74 24 08 74 08 4c 89 ef e8 ed cc 6d 00 4d 8d be 48 ff ff ff 41 be 88 00 00 00 <4d> 03 75 00 4c 89 f0 48 c1 e8 03 80 3c 18 00 74 08 4c 89 f7 e8 c7 [ 31.738982][ T10] RSP: 0018:ffffc900000a7ba0 EFLAGS: 00010082 [ 31.745490][ T10] RAX: ffff888102655f01 RBX: dffffc0000000000 RCX: ffff888102655f00 [ 31.753918][ T10] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 31.764744][ T10] RBP: ffffc900000a7c98 R08: ffffffff8895a947 R09: 1ffffffff112b528 [ 31.773951][ T10] R10: dffffc0000000000 R11: fffffbfff112b529 R12: 1ffff92000014f7c [ 31.782568][ T10] R13: ffffc900013788f0 R14: 0000000000000088 R15: ffffe8ffffc079c8 [ 31.792053][ T10] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 31.802097][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.809331][ T10] CR2: ffffc900013788f0 CR3: 000000010431a000 CR4: 00000000003526b0 [ 31.817327][ T10] Kernel panic - not syncing: Fatal exception [ 31.823686][ T10] Kernel Offset: disabled [ 31.828012][ T10] Rebooting in 86400 seconds..