last executing test programs:

626.42778ms ago: executing program 4 (id=412):
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000), 0x0)

609.696391ms ago: executing program 4 (id=416):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/mac80211_hwsim/', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/mac80211_hwsim/', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/class/mac80211_hwsim/', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/class/mac80211_hwsim/', 0x800, 0x0)

609.299631ms ago: executing program 4 (id=421):
rt_sigpending(&(0x7f0000000000), 0x0)

590.298532ms ago: executing program 4 (id=427):
socket$nl_generic(0x10, 0x3, 0x10)

572.273704ms ago: executing program 4 (id=434):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom', 0x800, 0x0)

571.914204ms ago: executing program 4 (id=438):
rt_sigreturn()

398.359898ms ago: executing program 2 (id=490):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0)

379.297ms ago: executing program 2 (id=493):
setns(0xffffffffffffffff, 0x0)

378.90941ms ago: executing program 2 (id=496):
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)

365.314171ms ago: executing program 2 (id=500):
chroot(&(0x7f0000000000))

364.705571ms ago: executing program 2 (id=504):
sched_getparam(0x0, &(0x7f0000000000))

339.057473ms ago: executing program 2 (id=507):
pause()

84.086844ms ago: executing program 3 (id=580):
socket$rds(0x15, 0x5, 0x0)

83.983034ms ago: executing program 0 (id=581):
pwritev(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0)

83.676384ms ago: executing program 1 (id=582):
gettid()

83.590534ms ago: executing program 3 (id=583):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom', 0x800, 0x0)

83.568634ms ago: executing program 1 (id=584):
socket$nl_rdma(0x10, 0x3, 0x14)

83.477554ms ago: executing program 0 (id=585):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp', 0x800, 0x0)

83.291874ms ago: executing program 3 (id=586):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/create', 0x2, 0x0)

83.187034ms ago: executing program 1 (id=587):
socket$kcm(0x29, 0x2, 0x0)

81.855654ms ago: executing program 0 (id=588):
getpid()

55.989786ms ago: executing program 3 (id=589):
munlockall()

55.903106ms ago: executing program 0 (id=590):
rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000000))

55.856726ms ago: executing program 1 (id=591):
get_robust_list(0x0, &(0x7f0000000000), &(0x7f0000000000))

55.809596ms ago: executing program 0 (id=592):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)

55.759676ms ago: executing program 3 (id=593):
tkill(0x0, 0x0)

55.687866ms ago: executing program 1 (id=594):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

55.644046ms ago: executing program 3 (id=595):
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000), 0x0)

145.96µs ago: executing program 0 (id=597):
pidfd_open(0x0, 0x0)

0s ago: executing program 1 (id=596):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):


syzkaller login: [   19.333992][   T29] kauditd_printk_skb: 64 callbacks suppressed
[   19.334006][   T29] audit: type=1400 audit(1724047953.638:76): avc:  denied  { transition } for  pid=3168 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   19.339807][   T29] audit: type=1400 audit(1724047953.638:77): avc:  denied  { noatsecure } for  pid=3168 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   19.345441][   T29] audit: type=1400 audit(1724047953.638:78): avc:  denied  { write } for  pid=3168 comm="sh" path="pipe:[309]" dev="pipefs" ino=309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   19.350302][   T29] audit: type=1400 audit(1724047953.638:79): avc:  denied  { rlimitinh } for  pid=3168 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   19.354567][   T29] audit: type=1400 audit(1724047953.638:80): avc:  denied  { siginh } for  pid=3168 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   19.743527][   T29] audit: type=1400 audit(1724047954.048:81): avc:  denied  { read } for  pid=2943 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   19.881876][ T3199] sftp-server (3199) used greatest stack depth: 11624 bytes left
[   19.894805][ T3169] sshd (3169) used greatest stack depth: 11368 bytes left
Warning: Permanently added '10.128.0.123' (ED25519) to the list of known hosts.
[   26.741185][   T29] audit: type=1400 audit(1724047961.048:82): avc:  denied  { mounton } for  pid=3250 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   26.742167][ T3250] cgroup: Unknown subsys name 'net'
[   26.764317][   T29] audit: type=1400 audit(1724047961.048:83): avc:  denied  { mount } for  pid=3250 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.793057][   T29] audit: type=1400 audit(1724047961.078:84): avc:  denied  { unmount } for  pid=3250 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   27.018807][ T3250] cgroup: Unknown subsys name 'rlimit'
[   27.114253][   T29] audit: type=1400 audit(1724047961.418:85): avc:  denied  { setattr } for  pid=3250 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.138809][   T29] audit: type=1400 audit(1724047961.418:86): avc:  denied  { create } for  pid=3250 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.160401][   T29] audit: type=1400 audit(1724047961.418:87): avc:  denied  { write } for  pid=3250 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.171153][ T3252] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   27.181088][   T29] audit: type=1400 audit(1724047961.428:88): avc:  denied  { read } for  pid=3250 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.210759][   T29] audit: type=1400 audit(1724047961.428:89): avc:  denied  { mounton } for  pid=3250 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   27.236064][   T29] audit: type=1400 audit(1724047961.428:90): avc:  denied  { mount } for  pid=3250 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   27.259858][   T29] audit: type=1400 audit(1724047961.498:91): avc:  denied  { relabelto } for  pid=3252 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   27.289619][ T3250] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   28.220046][ T3317] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   28.828699][ T3602] mmap: syz.1.333 (3602) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   29.364550][ T3811] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   29.597438][ T3260] syz-executor (3260) used greatest stack depth: 11200 bytes left
[   29.687905][ T3649] ==================================================================
[   29.696019][ T3649] BUG: KCSAN: data-race in __percpu_counter_limited_add / __percpu_counter_limited_add
[   29.705675][ T3649] 
[   29.708089][ T3649] write to 0xffff8881085e5910 of 8 bytes by task 3713 on cpu 1:
[   29.715897][ T3649]  __percpu_counter_limited_add+0x3df/0x450
[   29.721980][ T3649]  shmem_inode_acct_blocks+0xf5/0x230
[   29.727375][ T3649]  shmem_get_folio_gfp+0x5e2/0xd80
[   29.732674][ T3649]  shmem_write_begin+0xa0/0x1c0
[   29.737533][ T3649]  generic_perform_write+0x1b4/0x580
[   29.742930][ T3649]  shmem_file_write_iter+0xc8/0xf0
[   29.748264][ T3649]  __kernel_write_iter+0x24f/0x4e0
[   29.753391][ T3649]  dump_user_range+0x3a7/0x550
[   29.758445][ T3649]  elf_core_dump+0x1aeb/0x1c30
[   29.763394][ T3649]  do_coredump+0xfa7/0x1810
[   29.768061][ T3649]  get_signal+0xdc1/0x1080
[   29.772496][ T3649]  arch_do_signal_or_restart+0x95/0x4b0
[   29.778056][ T3649]  irqentry_exit_to_user_mode+0x9a/0x130
[   29.783706][ T3649]  irqentry_exit+0x12/0x50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   29.788316][ T3649]  exc_general_protection+0x33d/0x4d0
[   29.793689][ T3649]  asm_exc_general_protection+0x26/0x30
[   29.799243][ T3649] 
[   29.801575][ T3649] read to 0xffff8881085e5910 of 8 bytes by task 3649 on cpu 0:
[   29.809209][ T3649]  __percpu_counter_limited_add+0xfa/0x450
[   29.815023][ T3649]  shmem_inode_acct_blocks+0xf5/0x230
[   29.820433][ T3649]  shmem_get_folio_gfp+0x5e2/0xd80
[   29.825549][ T3649]  shmem_write_begin+0xa0/0x1c0
[   29.830407][ T3649]  generic_perform_write+0x1b4/0x580
[   29.835717][ T3649]  shmem_file_write_iter+0xc8/0xf0
[   29.841284][ T3649]  __kernel_write_iter+0x24f/0x4e0
[   29.846674][ T3649]  dump_user_range+0x3a7/0x550
[   29.851627][ T3649]  elf_core_dump+0x1aeb/0x1c30
[   29.856576][ T3649]  do_coredump+0xfa7/0x1810
[   29.861171][ T3649]  get_signal+0xdc1/0x1080
[   29.865766][ T3649]  arch_do_signal_or_restart+0x95/0x4b0
[   29.871324][ T3649]  irqentry_exit_to_user_mode+0x9a/0x130
[   29.876964][ T3649]  irqentry_exit+0x12/0x50
[   29.881607][ T3649]  asm_exc_page_fault+0x26/0x30
[   29.886727][ T3649] 
[   29.889053][ T3649] value changed: 0x00000000000034da -> 0x00000000000034fb
[   29.896507][ T3649] 
[   29.898821][ T3649] Reported by Kernel Concurrency Sanitizer on:
[   29.905068][ T3649] CPU: 0 UID: 0 PID: 3649 Comm: syz.4.378 Not tainted 6.11.0-rc4-syzkaller #0
[   29.914175][ T3649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   29.924667][ T3649] ==================================================================
[   30.165053][ T3649] syz.4.378 (3649) used greatest stack depth: 10520 bytes left