last executing test programs: 626.42778ms ago: executing program 4 (id=412): inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000), 0x0) 609.696391ms ago: executing program 4 (id=416): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/mac80211_hwsim/', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/mac80211_hwsim/', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/mac80211_hwsim/', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/class/mac80211_hwsim/', 0x800, 0x0) 609.299631ms ago: executing program 4 (id=421): rt_sigpending(&(0x7f0000000000), 0x0) 590.298532ms ago: executing program 4 (id=427): socket$nl_generic(0x10, 0x3, 0x10) 572.273704ms ago: executing program 4 (id=434): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom', 0x800, 0x0) 571.914204ms ago: executing program 4 (id=438): rt_sigreturn() 398.359898ms ago: executing program 2 (id=490): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 379.297ms ago: executing program 2 (id=493): setns(0xffffffffffffffff, 0x0) 378.90941ms ago: executing program 2 (id=496): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) 365.314171ms ago: executing program 2 (id=500): chroot(&(0x7f0000000000)) 364.705571ms ago: executing program 2 (id=504): sched_getparam(0x0, &(0x7f0000000000)) 339.057473ms ago: executing program 2 (id=507): pause() 84.086844ms ago: executing program 3 (id=580): socket$rds(0x15, 0x5, 0x0) 83.983034ms ago: executing program 0 (id=581): pwritev(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 83.676384ms ago: executing program 1 (id=582): gettid() 83.590534ms ago: executing program 3 (id=583): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom', 0x800, 0x0) 83.568634ms ago: executing program 1 (id=584): socket$nl_rdma(0x10, 0x3, 0x14) 83.477554ms ago: executing program 0 (id=585): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0) 83.291874ms ago: executing program 3 (id=586): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/create', 0x2, 0x0) 83.187034ms ago: executing program 1 (id=587): socket$kcm(0x29, 0x2, 0x0) 81.855654ms ago: executing program 0 (id=588): getpid() 55.989786ms ago: executing program 3 (id=589): munlockall() 55.903106ms ago: executing program 0 (id=590): rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000000)) 55.856726ms ago: executing program 1 (id=591): get_robust_list(0x0, &(0x7f0000000000), &(0x7f0000000000)) 55.809596ms ago: executing program 0 (id=592): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) 55.759676ms ago: executing program 3 (id=593): tkill(0x0, 0x0) 55.687866ms ago: executing program 1 (id=594): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 55.644046ms ago: executing program 3 (id=595): mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000), 0x0) 145.96µs ago: executing program 0 (id=597): pidfd_open(0x0, 0x0) 0s ago: executing program 1 (id=596): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): syzkaller login: [ 19.333992][ T29] kauditd_printk_skb: 64 callbacks suppressed [ 19.334006][ T29] audit: type=1400 audit(1724047953.638:76): avc: denied { transition } for pid=3168 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.339807][ T29] audit: type=1400 audit(1724047953.638:77): avc: denied { noatsecure } for pid=3168 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.345441][ T29] audit: type=1400 audit(1724047953.638:78): avc: denied { write } for pid=3168 comm="sh" path="pipe:[309]" dev="pipefs" ino=309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 19.350302][ T29] audit: type=1400 audit(1724047953.638:79): avc: denied { rlimitinh } for pid=3168 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.354567][ T29] audit: type=1400 audit(1724047953.638:80): avc: denied { siginh } for pid=3168 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.743527][ T29] audit: type=1400 audit(1724047954.048:81): avc: denied { read } for pid=2943 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 19.881876][ T3199] sftp-server (3199) used greatest stack depth: 11624 bytes left [ 19.894805][ T3169] sshd (3169) used greatest stack depth: 11368 bytes left Warning: Permanently added '10.128.0.123' (ED25519) to the list of known hosts. [ 26.741185][ T29] audit: type=1400 audit(1724047961.048:82): avc: denied { mounton } for pid=3250 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.742167][ T3250] cgroup: Unknown subsys name 'net' [ 26.764317][ T29] audit: type=1400 audit(1724047961.048:83): avc: denied { mount } for pid=3250 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.793057][ T29] audit: type=1400 audit(1724047961.078:84): avc: denied { unmount } for pid=3250 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.018807][ T3250] cgroup: Unknown subsys name 'rlimit' [ 27.114253][ T29] audit: type=1400 audit(1724047961.418:85): avc: denied { setattr } for pid=3250 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.138809][ T29] audit: type=1400 audit(1724047961.418:86): avc: denied { create } for pid=3250 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.160401][ T29] audit: type=1400 audit(1724047961.418:87): avc: denied { write } for pid=3250 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.171153][ T3252] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.181088][ T29] audit: type=1400 audit(1724047961.428:88): avc: denied { read } for pid=3250 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.210759][ T29] audit: type=1400 audit(1724047961.428:89): avc: denied { mounton } for pid=3250 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.236064][ T29] audit: type=1400 audit(1724047961.428:90): avc: denied { mount } for pid=3250 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.259858][ T29] audit: type=1400 audit(1724047961.498:91): avc: denied { relabelto } for pid=3252 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.289619][ T3250] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 28.220046][ T3317] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 28.828699][ T3602] mmap: syz.1.333 (3602) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 29.364550][ T3811] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.597438][ T3260] syz-executor (3260) used greatest stack depth: 11200 bytes left [ 29.687905][ T3649] ================================================================== [ 29.696019][ T3649] BUG: KCSAN: data-race in __percpu_counter_limited_add / __percpu_counter_limited_add [ 29.705675][ T3649] [ 29.708089][ T3649] write to 0xffff8881085e5910 of 8 bytes by task 3713 on cpu 1: [ 29.715897][ T3649] __percpu_counter_limited_add+0x3df/0x450 [ 29.721980][ T3649] shmem_inode_acct_blocks+0xf5/0x230 [ 29.727375][ T3649] shmem_get_folio_gfp+0x5e2/0xd80 [ 29.732674][ T3649] shmem_write_begin+0xa0/0x1c0 [ 29.737533][ T3649] generic_perform_write+0x1b4/0x580 [ 29.742930][ T3649] shmem_file_write_iter+0xc8/0xf0 [ 29.748264][ T3649] __kernel_write_iter+0x24f/0x4e0 [ 29.753391][ T3649] dump_user_range+0x3a7/0x550 [ 29.758445][ T3649] elf_core_dump+0x1aeb/0x1c30 [ 29.763394][ T3649] do_coredump+0xfa7/0x1810 [ 29.768061][ T3649] get_signal+0xdc1/0x1080 [ 29.772496][ T3649] arch_do_signal_or_restart+0x95/0x4b0 [ 29.778056][ T3649] irqentry_exit_to_user_mode+0x9a/0x130 [ 29.783706][ T3649] irqentry_exit+0x12/0x50 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 29.788316][ T3649] exc_general_protection+0x33d/0x4d0 [ 29.793689][ T3649] asm_exc_general_protection+0x26/0x30 [ 29.799243][ T3649] [ 29.801575][ T3649] read to 0xffff8881085e5910 of 8 bytes by task 3649 on cpu 0: [ 29.809209][ T3649] __percpu_counter_limited_add+0xfa/0x450 [ 29.815023][ T3649] shmem_inode_acct_blocks+0xf5/0x230 [ 29.820433][ T3649] shmem_get_folio_gfp+0x5e2/0xd80 [ 29.825549][ T3649] shmem_write_begin+0xa0/0x1c0 [ 29.830407][ T3649] generic_perform_write+0x1b4/0x580 [ 29.835717][ T3649] shmem_file_write_iter+0xc8/0xf0 [ 29.841284][ T3649] __kernel_write_iter+0x24f/0x4e0 [ 29.846674][ T3649] dump_user_range+0x3a7/0x550 [ 29.851627][ T3649] elf_core_dump+0x1aeb/0x1c30 [ 29.856576][ T3649] do_coredump+0xfa7/0x1810 [ 29.861171][ T3649] get_signal+0xdc1/0x1080 [ 29.865766][ T3649] arch_do_signal_or_restart+0x95/0x4b0 [ 29.871324][ T3649] irqentry_exit_to_user_mode+0x9a/0x130 [ 29.876964][ T3649] irqentry_exit+0x12/0x50 [ 29.881607][ T3649] asm_exc_page_fault+0x26/0x30 [ 29.886727][ T3649] [ 29.889053][ T3649] value changed: 0x00000000000034da -> 0x00000000000034fb [ 29.896507][ T3649] [ 29.898821][ T3649] Reported by Kernel Concurrency Sanitizer on: [ 29.905068][ T3649] CPU: 0 UID: 0 PID: 3649 Comm: syz.4.378 Not tainted 6.11.0-rc4-syzkaller #0 [ 29.914175][ T3649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 29.924667][ T3649] ================================================================== [ 30.165053][ T3649] syz.4.378 (3649) used greatest stack depth: 10520 bytes left