last executing test programs: 1.456648131s ago: executing program 3 (id=55): socket$vsock_dgram(0x28, 0x2, 0x0) 1.453992311s ago: executing program 3 (id=60): syz_init_net_socket$netrom(0x6, 0x5, 0x0) 1.429337594s ago: executing program 3 (id=73): mkdir(&(0x7f0000000000), 0x0) 1.415621394s ago: executing program 3 (id=76): socket(0x10, 0x3, 0x10) 1.415075744s ago: executing program 3 (id=83): setpgid(0x0, 0x0) 1.400958546s ago: executing program 3 (id=86): pause() 353.125851ms ago: executing program 1 (id=584): chroot(&(0x7f0000000000)) 352.995631ms ago: executing program 0 (id=586): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x2, 0x0) 338.052922ms ago: executing program 0 (id=588): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci', 0x800, 0x0) 337.970152ms ago: executing program 1 (id=589): socket$bt_cmtp(0x1f, 0x3, 0x5) 337.619522ms ago: executing program 0 (id=591): syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$usbmon(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$usbmon(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$usbmon(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$usbmon(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$usbmon(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$usbmon(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$usbmon(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$usbmon(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$usbmon(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$usbmon(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$usbmon(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$usbmon(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$usbmon(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$usbmon(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$usbmon(&(0x7f0000000500), 0x4, 0x800) 337.569172ms ago: executing program 2 (id=592): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram', 0x800, 0x0) 337.540172ms ago: executing program 1 (id=593): inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000), 0x0) 337.506182ms ago: executing program 4 (id=594): fchmod(0xffffffffffffffff, 0x0) 321.426884ms ago: executing program 4 (id=595): getrusage(0x0, &(0x7f0000000000)) 321.311424ms ago: executing program 1 (id=596): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 321.080764ms ago: executing program 2 (id=597): munlock(0x0, 0x0) 320.953643ms ago: executing program 4 (id=598): timerfd_create(0x0, 0x0) 320.819983ms ago: executing program 0 (id=599): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) 320.702884ms ago: executing program 1 (id=600): statx(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 320.626424ms ago: executing program 2 (id=601): get_thread_area(&(0x7f0000000000)) 320.387993ms ago: executing program 4 (id=602): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/relabel-self', 0x2, 0x0) 294.952126ms ago: executing program 0 (id=603): setresuid(0x0, 0x0, 0x0) 294.787776ms ago: executing program 0 (id=605): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock', 0x800, 0x0) 294.665996ms ago: executing program 2 (id=606): syz_open_dev$vcsu(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsu(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsu(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsu(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsu(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsu(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsu(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsu(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsu(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsu(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsu(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsu(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsu(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsu(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsu(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsu(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsu(&(0x7f0000000500), 0x4, 0x800) 294.605286ms ago: executing program 4 (id=607): unshare(0x0) 294.494876ms ago: executing program 2 (id=608): syncfs(0xffffffffffffffff) 72.631174ms ago: executing program 4 (id=609): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 51.656346ms ago: executing program 2 (id=611): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=612): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): [ 18.234947][ T29] audit: type=1400 audit(1720823049.740:81): avc: denied { read } for pid=2763 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.1.213' (ED25519) to the list of known hosts. [ 24.265321][ T29] audit: type=1400 audit(1720823055.760:82): avc: denied { mounton } for pid=3069 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 24.266328][ T3069] cgroup: Unknown subsys name 'net' [ 24.288414][ T29] audit: type=1400 audit(1720823055.760:83): avc: denied { mount } for pid=3069 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.315777][ T29] audit: type=1400 audit(1720823055.790:84): avc: denied { unmount } for pid=3069 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.457382][ T3069] cgroup: Unknown subsys name 'rlimit' [ 24.610676][ T29] audit: type=1400 audit(1720823056.110:85): avc: denied { create } for pid=3069 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 24.631299][ T29] audit: type=1400 audit(1720823056.110:86): avc: denied { write } for pid=3069 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 24.651785][ T29] audit: type=1400 audit(1720823056.110:87): avc: denied { read } for pid=3069 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 24.672410][ T29] audit: type=1400 audit(1720823056.110:88): avc: denied { mounton } for pid=3069 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 24.697420][ T29] audit: type=1400 audit(1720823056.110:89): avc: denied { mount } for pid=3069 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 24.704779][ T3072] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 24.730104][ T29] audit: type=1400 audit(1720823056.230:90): avc: denied { relabelto } for pid=3072 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 24.756260][ T29] audit: type=1400 audit(1720823056.230:91): avc: denied { write } for pid=3072 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.796959][ T3069] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 25.764017][ T3191] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 26.045824][ T3307] mmap: syz.2.213 (3307) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 26.080073][ T3324] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 26.834690][ T3080] syz-executor (3080) used greatest stack depth: 11616 bytes left [ 27.256186][ T3070] ================================================================== [ 27.264397][ T3070] BUG: KCSAN: data-race in generic_fillattr / shmem_unlink [ 27.271697][ T3070] [ 27.274066][ T3070] write to 0xffff8881044b09d0 of 8 bytes by task 3071 on cpu 1: [ 27.281789][ T3070] shmem_unlink+0x133/0x190 [ 27.286403][ T3070] vfs_unlink+0x275/0x430 [ 27.290746][ T3070] do_unlinkat+0x236/0x4c0 [ 27.295190][ T3070] __x64_sys_unlink+0x30/0x40 [ 27.300073][ T3070] x64_sys_call+0x28a3/0x2d70 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 27.304779][ T3070] do_syscall_64+0xc9/0x1c0 [ 27.309400][ T3070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 27.315309][ T3070] [ 27.317639][ T3070] read to 0xffff8881044b09d0 of 8 bytes by task 3070 on cpu 0: [ 27.325190][ T3070] generic_fillattr+0x1e0/0x2f0 [ 27.330135][ T3070] shmem_getattr+0x17b/0x200 [ 27.334916][ T3070] vfs_getattr+0x19b/0x1e0 [ 27.339533][ T3070] vfs_statx+0x140/0x320 [ 27.344042][ T3070] vfs_fstatat+0xcd/0x100 [ 27.348386][ T3070] __se_sys_newfstatat+0x58/0x260 [ 27.353677][ T3070] __x64_sys_newfstatat+0x55/0x70 [ 27.358806][ T3070] x64_sys_call+0x1451/0x2d70 [ 27.363588][ T3070] do_syscall_64+0xc9/0x1c0 [ 27.368252][ T3070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 27.374163][ T3070] [ 27.376491][ T3070] value changed: 0x000000002cce3d2e -> 0x000000002d66d3ad [ 27.383700][ T3070] [ 27.386036][ T3070] Reported by Kernel Concurrency Sanitizer on: [ 27.392211][ T3070] CPU: 0 PID: 3070 Comm: udevd Not tainted 6.10.0-rc7-syzkaller-00244-g975f3b6da180 #0 [ 27.401939][ T3070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 27.412101][ T3070] ================================================================== [ 27.511348][ T3711] chnl_net:caif_netlink_parms(): no params data found [ 27.528202][ T3711] syz-executor (3711) used greatest stack depth: 11592 bytes left [ 27.886954][ T11] bond0 (unregistering): Released all slaves