last executing test programs: 1.036973853s ago: executing program 3 (id=130): tkill(0x0, 0x0) 1.036526293s ago: executing program 3 (id=133): pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) 1.025501485s ago: executing program 3 (id=137): setreuid(0x0, 0x0) 1.025176025s ago: executing program 3 (id=141): clone3(&(0x7f0000000000), 0x0) exit(0x0) 1.009586597s ago: executing program 3 (id=146): getcwd(&(0x7f0000000000), 0x0) 1.009561877s ago: executing program 3 (id=147): pause() 715.17908ms ago: executing program 2 (id=281): socket$inet6_icmp(0xa, 0x2, 0x3a) 715.14548ms ago: executing program 2 (id=282): io_submit(0x0, 0x0, &(0x7f0000000000)) 697.099022ms ago: executing program 2 (id=286): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/xen/evtchn', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/xen/evtchn', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/xen/evtchn', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/xen/evtchn', 0x800, 0x0) 696.847022ms ago: executing program 2 (id=288): sched_rr_get_interval(0x0, &(0x7f0000000000)) 674.290034ms ago: executing program 2 (id=295): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/i915', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/i915', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/i915', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/i915', 0x800, 0x0) 674.097104ms ago: executing program 2 (id=297): rt_sigreturn() 79.496651ms ago: executing program 0 (id=484): gettid() 79.330051ms ago: executing program 0 (id=486): stat(&(0x7f0000000000), &(0x7f0000000000)) 60.019934ms ago: executing program 0 (id=489): socket$nl_rdma(0x10, 0x3, 0x14) 59.645454ms ago: executing program 0 (id=493): get_robust_list(0x0, &(0x7f0000000000), &(0x7f0000000000)) 59.616874ms ago: executing program 4 (id=494): lsm_get_self_attr(0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 38.487156ms ago: executing program 4 (id=497): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/relabel', 0x2, 0x0) 38.355056ms ago: executing program 0 (id=498): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/seq', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/seq', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/seq', 0x800, 0x0) 38.256556ms ago: executing program 4 (id=499): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/timer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/timer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/timer', 0x800, 0x0) 38.141376ms ago: executing program 4 (id=500): getresuid(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 37.552486ms ago: executing program 1 (id=503): getuid() 637.03µs ago: executing program 0 (id=504): readlink(&(0x7f0000000000), &(0x7f0000000000), 0x0) 486.52µs ago: executing program 1 (id=505): socket$pppl2tp(0x18, 0x1, 0x1) 398.41µs ago: executing program 4 (id=506): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/load', 0x2, 0x0) 339.55µs ago: executing program 1 (id=507): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/yama/ptrace_scope', 0x2, 0x0) 259.341µs ago: executing program 4 (id=508): signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 194.63µs ago: executing program 1 (id=509): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/user', 0x2, 0x0) 63.4µs ago: executing program 1 (id=510): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self', 0x800, 0x0) 0s ago: executing program 1 (id=511): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/target_ids', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/target_ids', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/target_ids', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/target_ids', 0x800, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts. [ 27.948586][ T29] audit: type=1400 audit(1729570057.130:81): avc: denied { mounton } for pid=3256 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 27.949526][ T3256] cgroup: Unknown subsys name 'net' [ 27.971291][ T29] audit: type=1400 audit(1729570057.130:82): avc: denied { mount } for pid=3256 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.998628][ T29] audit: type=1400 audit(1729570057.160:83): avc: denied { unmount } for pid=3256 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.018464][ T29] audit: type=1400 audit(1729570057.160:84): avc: denied { read } for pid=2949 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 28.135543][ T3256] cgroup: Unknown subsys name 'cpuset' [ 28.141541][ T3256] cgroup: Unknown subsys name 'rlimit' [ 28.308638][ T29] audit: type=1400 audit(1729570057.490:85): avc: denied { setattr } for pid=3256 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.331959][ T29] audit: type=1400 audit(1729570057.490:86): avc: denied { create } for pid=3256 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.352410][ T29] audit: type=1400 audit(1729570057.490:87): avc: denied { write } for pid=3256 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.359571][ T3259] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 28.372928][ T29] audit: type=1400 audit(1729570057.490:88): avc: denied { read } for pid=3256 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 28.403158][ T29] audit: type=1400 audit(1729570057.500:89): avc: denied { mounton } for pid=3256 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 28.427974][ T29] audit: type=1400 audit(1729570057.500:90): avc: denied { mount } for pid=3256 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 28.454946][ T3256] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 29.885788][ T3547] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.992834][ T3591] mmap: syz.0.312 (3591) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 30.233077][ T3666] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 30.611561][ T3529] ================================================================== [ 30.619690][ T3529] BUG: KCSAN: data-race in __percpu_counter_limited_add / __percpu_counter_limited_add [ 30.629346][ T3529] [ 30.631684][ T3529] write to 0xffff888104536490 of 8 bytes by task 3576 on cpu 0: [ 30.639311][ T3529] __percpu_counter_limited_add+0x3df/0x450 [ 30.645220][ T3529] shmem_inode_acct_blocks+0xf5/0x230 [ 30.650608][ T3529] shmem_get_folio_gfp+0x5be/0xd90 [ 30.655737][ T3529] shmem_write_begin+0xa2/0x180 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 30.660604][ T3529] generic_perform_write+0x1a8/0x4a0 [ 30.665898][ T3529] shmem_file_write_iter+0xc2/0xe0 [ 30.671009][ T3529] __kernel_write_iter+0x24b/0x4e0 [ 30.676127][ T3529] dump_user_range+0x3a7/0x550 [ 30.680899][ T3529] elf_core_dump+0x1b66/0x1c60 [ 30.685672][ T3529] do_coredump+0x1736/0x1ce0 [ 30.690269][ T3529] get_signal+0xdc0/0x1070 [ 30.694692][ T3529] arch_do_signal_or_restart+0x95/0x4b0 [ 30.700241][ T3529] irqentry_exit_to_user_mode+0x9a/0x130 [ 30.705891][ T3529] irqentry_exit+0x12/0x50 [ 30.710318][ T3529] exc_general_protection+0x33d/0x4d0 [ 30.715696][ T3529] asm_exc_general_protection+0x26/0x30 [ 30.721254][ T3529] [ 30.723572][ T3529] read to 0xffff888104536490 of 8 bytes by task 3529 on cpu 1: [ 30.731110][ T3529] __percpu_counter_limited_add+0xfa/0x450 [ 30.736928][ T3529] shmem_inode_acct_blocks+0xf5/0x230 [ 30.742309][ T3529] shmem_get_folio_gfp+0x5be/0xd90 [ 30.747434][ T3529] shmem_write_begin+0xa2/0x180 [ 30.752296][ T3529] generic_perform_write+0x1a8/0x4a0 [ 30.757584][ T3529] shmem_file_write_iter+0xc2/0xe0 [ 30.762701][ T3529] __kernel_write_iter+0x24b/0x4e0 [ 30.767826][ T3529] dump_user_range+0x3a7/0x550 [ 30.772608][ T3529] elf_core_dump+0x1b66/0x1c60 [ 30.777386][ T3529] do_coredump+0x1736/0x1ce0 [ 30.781997][ T3529] get_signal+0xdc0/0x1070 [ 30.786425][ T3529] arch_do_signal_or_restart+0x95/0x4b0 [ 30.791984][ T3529] irqentry_exit_to_user_mode+0x9a/0x130 [ 30.797638][ T3529] irqentry_exit+0x12/0x50 [ 30.802076][ T3529] asm_exc_page_fault+0x26/0x30 [ 30.806941][ T3529] [ 30.809265][ T3529] value changed: 0x0000000000003c54 -> 0x0000000000003c75 [ 30.816370][ T3529] [ 30.818702][ T3529] Reported by Kernel Concurrency Sanitizer on: [ 30.824858][ T3529] CPU: 1 UID: 0 PID: 3529 Comm: syz.2.248 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0 [ 30.835486][ T3529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 30.845549][ T3529] ================================================================== [ 31.121055][ T3529] syz.2.248 (3529) used greatest stack depth: 10488 bytes left