last executing test programs: 1.556410153s ago: executing program 0 (id=159): fchmod(0xffffffffffffffff, 0x0) 1.553853793s ago: executing program 0 (id=165): chmod(&(0x7f0000000000), 0x0) 1.537099093s ago: executing program 0 (id=168): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse', 0x800, 0x0) 1.536661693s ago: executing program 0 (id=171): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/mk_contexts', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/mk_contexts', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/mk_contexts', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/mk_contexts', 0x800, 0x0) 1.520182083s ago: executing program 0 (id=177): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf', 0x2, 0x0) 1.474593324s ago: executing program 0 (id=183): pause() 391.470449ms ago: executing program 3 (id=509): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vtpmx', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vtpmx', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vtpmx', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vtpmx', 0x800, 0x0) 375.348889ms ago: executing program 3 (id=516): timer_delete(0x0) 375.107259ms ago: executing program 3 (id=518): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0) 358.255929ms ago: executing program 3 (id=524): userfaultfd(0x0) 357.868389ms ago: executing program 3 (id=527): socket$rds(0x15, 0x5, 0x0) 316.583059ms ago: executing program 3 (id=532): sync() 243.612389ms ago: executing program 2 (id=554): writev(0xffffffffffffffff, &(0x7f0000000000), 0x0) 243.33109ms ago: executing program 2 (id=556): inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000), 0x0) 243.25182ms ago: executing program 2 (id=558): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/capi20', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/capi20', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20', 0x800, 0x0) 220.30458ms ago: executing program 2 (id=561): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot', 0x800, 0x0) 219.998439ms ago: executing program 4 (id=563): acct(0x0) 219.87728ms ago: executing program 4 (id=564): sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0) 192.124469ms ago: executing program 1 (id=567): timerfd_gettime(0xffffffffffffffff, &(0x7f0000000000)) 191.97835ms ago: executing program 4 (id=568): sigaltstack(&(0x7f0000000000), 0x0) 191.93203ms ago: executing program 1 (id=569): capset(&(0x7f0000000000), &(0x7f0000000000)) 191.88438ms ago: executing program 1 (id=570): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/onlycap', 0x2, 0x0) 191.75567ms ago: executing program 4 (id=571): fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 191.65949ms ago: executing program 1 (id=572): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 191.57642ms ago: executing program 4 (id=573): syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$I2C(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$I2C(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$I2C(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$I2C(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$I2C(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$I2C(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$I2C(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$I2C(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$I2C(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$I2C(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$I2C(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$I2C(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$I2C(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$I2C(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$I2C(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$I2C(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$I2C(&(0x7f0000000500), 0x4, 0x800) 191.50928ms ago: executing program 2 (id=574): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats', 0x0, 0x0) 144.07046ms ago: executing program 1 (id=575): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl', 0x800, 0x0) 143.84351ms ago: executing program 4 (id=576): mq_timedsend(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 143.74166ms ago: executing program 2 (id=577): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio', 0x800, 0x0) 0s ago: executing program 1 (id=578): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): [ 21.852679][ T29] audit: type=1400 audit(1732618126.086:81): avc: denied { read } for pid=3005 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.10.9' (ED25519) to the list of known hosts. [ 28.488507][ T29] audit: type=1400 audit(1732618132.716:82): avc: denied { mounton } for pid=3311 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 28.489794][ T3311] cgroup: Unknown subsys name 'net' [ 28.511335][ T29] audit: type=1400 audit(1732618132.716:83): avc: denied { mount } for pid=3311 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.538761][ T29] audit: type=1400 audit(1732618132.746:84): avc: denied { unmount } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.711688][ T3311] cgroup: Unknown subsys name 'cpuset' [ 28.717948][ T3311] cgroup: Unknown subsys name 'rlimit' [ 28.828650][ T29] audit: type=1400 audit(1732618133.056:85): avc: denied { setattr } for pid=3311 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.854298][ T29] audit: type=1400 audit(1732618133.056:86): avc: denied { create } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.875412][ T29] audit: type=1400 audit(1732618133.056:87): avc: denied { write } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.891196][ T3313] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 28.895917][ T29] audit: type=1400 audit(1732618133.056:88): avc: denied { read } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.924970][ T29] audit: type=1400 audit(1732618133.066:89): avc: denied { mounton } for pid=3311 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 28.950518][ T29] audit: type=1400 audit(1732618133.066:90): avc: denied { mount } for pid=3311 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 28.973758][ T29] audit: type=1400 audit(1732618133.106:91): avc: denied { append } for pid=3005 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 29.008294][ T3311] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 30.033135][ T3375] mmap: syz.1.45 (3375) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 31.263934][ T3768] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 32.008625][ T3926] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 32.230739][ T3934] ================================================================== [ 32.238874][ T3934] BUG: KCSAN: data-race in fill_mg_cmtime / shmem_unlink [ 32.245970][ T3934] [ 32.248353][ T3934] write to 0xffff888104d4cc94 of 4 bytes by task 3933 on cpu 0: [ 32.256107][ T3934] shmem_unlink+0x13b/0x170 [ 32.260637][ T3934] vfs_unlink+0x275/0x430 [ 32.265001][ T3934] do_unlinkat+0x237/0x4d0 [ 32.269442][ T3934] __x64_sys_unlink+0x2e/0x40 [ 32.274158][ T3934] x64_sys_call+0x2329/0x2dc0 [ 32.278967][ T3934] do_syscall_64+0xc9/0x1c0 [ 32.283594][ T3934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 32.289551][ T3934] [ 32.291896][ T3934] read to 0xffff888104d4cc94 of 4 bytes by task 3934 on cpu 1: [ 32.299463][ T3934] fill_mg_cmtime+0x58/0x280 [ 32.304080][ T3934] generic_fillattr+0x241/0x330 [ 32.308963][ T3934] shmem_getattr+0x17b/0x200 [ 32.313609][ T3934] vfs_statx_path+0x171/0x2d0 [ 32.318345][ T3934] vfs_statx+0xe1/0x170 [ 32.322526][ T3934] __se_sys_newfstatat+0xdc/0x300 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 32.327603][ T3934] __x64_sys_newfstatat+0x55/0x70 [ 32.332757][ T3934] x64_sys_call+0x236d/0x2dc0 [ 32.337489][ T3934] do_syscall_64+0xc9/0x1c0 [ 32.342133][ T3934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 32.348070][ T3934] [ 32.350502][ T3934] value changed: 0x1be6e1bb -> 0x1bf9ab0c [ 32.356331][ T3934] [ 32.358665][ T3934] Reported by Kernel Concurrency Sanitizer on: [ 32.364843][ T3934] CPU: 1 UID: 0 PID: 3934 Comm: udevd Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 32.374770][ T3934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 32.384937][ T3934] ==================================================================