last executing test programs: 882.348956ms ago: executing program 1 (id=228): syz_open_dev$media(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$media(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$media(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$media(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$media(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$media(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$media(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$media(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$media(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$media(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$media(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$media(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$media(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$media(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$media(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$media(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$media(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$media(&(0x7f0000000500), 0x4, 0x800) 866.242296ms ago: executing program 1 (id=232): timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 852.182377ms ago: executing program 1 (id=236): socket$inet6_udp(0xa, 0x2, 0x0) 851.729087ms ago: executing program 1 (id=239): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem', 0x1, 0x0) 833.052357ms ago: executing program 1 (id=246): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control', 0x800, 0x0) 832.528747ms ago: executing program 1 (id=249): pause() 234.146116ms ago: executing program 3 (id=501): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log', 0x0, 0x0) 218.418257ms ago: executing program 3 (id=503): pselect6(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 217.715357ms ago: executing program 3 (id=507): set_tid_address(&(0x7f0000000000)) 187.846177ms ago: executing program 3 (id=512): map_shadow_stack(0x0, 0x0, 0x0) 187.793727ms ago: executing program 3 (id=513): socket$inet6_udplite(0xa, 0x2, 0x88) 139.546668ms ago: executing program 3 (id=525): sync() 90.222669ms ago: executing program 0 (id=530): socket$alg(0x26, 0x5, 0x0) 89.229559ms ago: executing program 0 (id=535): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qrtr-tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qrtr-tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qrtr-tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qrtr-tun', 0x800, 0x0) 89.117239ms ago: executing program 4 (id=536): syz_init_net_socket$netrom(0x6, 0x5, 0x0) 63.536829ms ago: executing program 2 (id=537): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsu', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsu', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsu', 0x800, 0x0) 63.364749ms ago: executing program 0 (id=538): ioperm(0x0, 0x0, 0x0) 63.106109ms ago: executing program 0 (id=539): lgetxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 62.962569ms ago: executing program 2 (id=540): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/xen/evtchn', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/xen/evtchn', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/xen/evtchn', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/xen/evtchn', 0x800, 0x0) 62.866239ms ago: executing program 4 (id=541): epoll_pwait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), 0x0) 62.786769ms ago: executing program 2 (id=542): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty', 0x800, 0x0) 62.668669ms ago: executing program 0 (id=543): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2', 0x800, 0x0) 15.07341ms ago: executing program 2 (id=544): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf', 0x2, 0x0) 14.72215ms ago: executing program 4 (id=545): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/lightnvm/control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/lightnvm/control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/lightnvm/control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/lightnvm/control', 0x800, 0x0) 14.64744ms ago: executing program 4 (id=546): syz_open_dev$radio(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$radio(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$radio(&(0x7f0000000100), 0x0, 0x800) 14.56579ms ago: executing program 2 (id=547): socket$rxrpc(0x21, 0x2, 0x0) 14.40743ms ago: executing program 0 (id=548): userfaultfd(0x0) 14.30287ms ago: executing program 4 (id=549): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) 322.05µs ago: executing program 2 (id=550): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb1', 0x800, 0x0) 0s ago: executing program 4 (id=551): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts. [ 25.392547][ T29] audit: type=1400 audit(1751109740.308:62): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.393767][ T3296] cgroup: Unknown subsys name 'net' [ 25.415474][ T29] audit: type=1400 audit(1751109740.308:63): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.443037][ T29] audit: type=1400 audit(1751109740.338:64): avc: denied { unmount } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.624473][ T3296] cgroup: Unknown subsys name 'cpuset' [ 25.630658][ T3296] cgroup: Unknown subsys name 'rlimit' [ 25.819748][ T29] audit: type=1400 audit(1751109740.738:65): avc: denied { setattr } for pid=3296 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.843302][ T29] audit: type=1400 audit(1751109740.738:66): avc: denied { create } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.863935][ T29] audit: type=1400 audit(1751109740.738:67): avc: denied { write } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.884647][ T29] audit: type=1400 audit(1751109740.738:68): avc: denied { read } for pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.905436][ T29] audit: type=1400 audit(1751109740.748:69): avc: denied { mounton } for pid=3296 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.930279][ T29] audit: type=1400 audit(1751109740.748:70): avc: denied { mount } for pid=3296 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 25.958018][ T3300] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 25.967173][ T29] audit: type=1400 audit(1751109740.888:71): avc: denied { relabelto } for pid=3300 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.009423][ T3296] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.086241][ T3442] mmap: syz.1.124 (3442) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 27.211109][ T3502] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 27.982032][ T3839] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 28.138884][ T3853] ================================================================== [ 28.147091][ T3853] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 28.154478][ T3853] [ 28.156811][ T3853] read-write to 0xffff888106a31b48 of 8 bytes by task 51 on cpu 1: [ 28.164730][ T3853] __xa_clear_mark+0xf5/0x1e0 [ 28.169517][ T3853] __folio_end_writeback+0x177/0x470 [ 28.174819][ T3853] folio_end_writeback+0x71/0x3d0 [ 28.179918][ T3853] ext4_finish_bio+0x459/0x8c0 [ 28.184873][ T3853] ext4_release_io_end+0x9f/0x1f0 [ 28.189931][ T3853] ext4_end_io_end+0x18d/0x240 [ 28.194691][ T3853] ext4_end_io_rsv_work+0x151/0x1e0 [ 28.199889][ T3853] process_scheduled_works+0x4ce/0x9d0 [ 28.205456][ T3853] worker_thread+0x582/0x770 [ 28.210044][ T3853] kthread+0x486/0x510 [ 28.214130][ T3853] ret_from_fork+0xda/0x150 [ 28.218711][ T3853] ret_from_fork_asm+0x1a/0x30 [ 28.223558][ T3853] [ 28.225873][ T3853] read to 0xffff888106a31b48 of 8 bytes by task 3853 on cpu 0: [ 28.233410][ T3853] xas_find_marked+0x218/0x620 [ 28.238249][ T3853] find_get_entry+0x5d/0x380 [ 28.242831][ T3853] filemap_get_folios_tag+0x13b/0x210 [ 28.248201][ T3853] filemap_fdatawait_keep_errors+0x6c/0x180 [ 28.254088][ T3853] sync_inodes_sb+0x39c/0x440 [ 28.258751][ T3853] sync_inodes_one_sb+0x3d/0x50 [ 28.263596][ T3853] __iterate_supers+0x110/0x1f0 [ 28.268485][ T3853] iterate_supers+0x1f/0x30 [ 28.272979][ T3853] ksys_sync+0x5c/0xe0 [ 28.277044][ T3853] __ia32_sys_sync+0xe/0x20 [ 28.281552][ T3853] x64_sys_call+0x2e53/0x2fb0 [ 28.286217][ T3853] do_syscall_64+0xd2/0x200 [ 28.290719][ T3853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 28.296702][ T3853] [ 28.299016][ T3853] value changed: 0xffffffffffffffff -> 0xffffffffffffffe0 [ 28.306113][ T3853] [ 28.308548][ T3853] Reported by Kernel Concurrency Sanitizer on: [ 28.314700][ T3853] CPU: 0 UID: 0 PID: 3853 Comm: syz.3.525 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(voluntary) [ 28.327019][ T3853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 28.337060][ T3853] ==================================================================