last executing test programs: 1.213524781s ago: executing program 0 (id=290): fchownat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 1.213313551s ago: executing program 0 (id=292): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio', 0x800, 0x0) 1.198095931s ago: executing program 0 (id=299): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/userio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio', 0x800, 0x0) 1.181303841s ago: executing program 0 (id=303): syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x800) 1.180147132s ago: executing program 0 (id=308): rt_sigsuspend(&(0x7f0000000000), 0x0) 1.162572822s ago: executing program 0 (id=312): pause() 739.696908ms ago: executing program 3 (id=448): sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 731.256129ms ago: executing program 3 (id=451): socket$inet_dccp(0x2, 0x6, 0x0) 719.009859ms ago: executing program 3 (id=452): socket$vsock_dgram(0x28, 0x2, 0x0) 702.049289ms ago: executing program 3 (id=456): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/rm_contexts', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/rm_contexts', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/rm_contexts', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/rm_contexts', 0x800, 0x0) 701.14213ms ago: executing program 3 (id=460): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 685.228ms ago: executing program 3 (id=466): rt_sigreturn() 458.029683ms ago: executing program 2 (id=524): syz_open_dev$ircomm(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$ircomm(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$ircomm(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$ircomm(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$ircomm(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$ircomm(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$ircomm(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$ircomm(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$ircomm(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$ircomm(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$ircomm(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$ircomm(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$ircomm(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$ircomm(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$ircomm(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$ircomm(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$ircomm(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$ircomm(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$ircomm(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$ircomm(&(0x7f0000000500), 0x4, 0x800) 441.518023ms ago: executing program 2 (id=525): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhci', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci', 0x800, 0x0) 441.237243ms ago: executing program 1 (id=526): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0', 0x800, 0x0) 441.150423ms ago: executing program 2 (id=527): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x2, 0x0) 440.893423ms ago: executing program 4 (id=529): socket(0x1e, 0x2, 0x0) 440.781673ms ago: executing program 1 (id=530): setfsuid(0x0) 440.726913ms ago: executing program 4 (id=531): munlockall() 400.710304ms ago: executing program 1 (id=532): timerfd_create(0x0, 0x0) 400.565024ms ago: executing program 1 (id=533): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock', 0x800, 0x0) 400.414814ms ago: executing program 2 (id=534): setfsgid(0x0) 400.289154ms ago: executing program 4 (id=535): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/attach', 0x1, 0x0) 400.188364ms ago: executing program 4 (id=536): vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 399.983114ms ago: executing program 4 (id=537): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1', 0x800, 0x0) 399.732974ms ago: executing program 1 (id=538): syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$loop(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$loop(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$loop(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$loop(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$loop(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$loop(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$loop(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$loop(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$loop(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$loop(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$loop(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$loop(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$loop(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$loop(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$loop(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$loop(&(0x7f0000000500), 0x4, 0x800) 399.658704ms ago: executing program 2 (id=539): personality(0x0) 398.287764ms ago: executing program 1 (id=540): fdatasync(0xffffffffffffffff) 398.120764ms ago: executing program 4 (id=541): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-monitor', 0x800, 0x0) 0s ago: executing program 2 (id=542): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 19.119256][ T29] kauditd_printk_skb: 64 callbacks suppressed [ 19.119274][ T29] audit: type=1400 audit(1744654257.517:76): avc: denied { transition } for pid=3183 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.124081][ T29] audit: type=1400 audit(1744654257.517:77): avc: denied { noatsecure } for pid=3183 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.127175][ T29] audit: type=1400 audit(1744654257.527:78): avc: denied { write } for pid=3183 comm="sh" path="pipe:[2158]" dev="pipefs" ino=2158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 19.130654][ T29] audit: type=1400 audit(1744654257.527:79): avc: denied { rlimitinh } for pid=3183 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.133578][ T29] audit: type=1400 audit(1744654257.527:80): avc: denied { siginh } for pid=3183 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.997280][ T29] audit: type=1400 audit(1744654261.397:81): avc: denied { read } for pid=2987 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.1.144' (ED25519) to the list of known hosts. [ 27.174137][ T29] audit: type=1400 audit(1744654265.577:82): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 27.175159][ T3293] cgroup: Unknown subsys name 'net' [ 27.197050][ T29] audit: type=1400 audit(1744654265.577:83): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.224445][ T29] audit: type=1400 audit(1744654265.607:84): avc: denied { unmount } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.420654][ T3293] cgroup: Unknown subsys name 'cpuset' [ 27.426850][ T3293] cgroup: Unknown subsys name 'rlimit' [ 27.538564][ T29] audit: type=1400 audit(1744654265.937:85): avc: denied { setattr } for pid=3293 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.562167][ T29] audit: type=1400 audit(1744654265.947:86): avc: denied { create } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.582892][ T29] audit: type=1400 audit(1744654265.947:87): avc: denied { write } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.592306][ T3296] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.603311][ T29] audit: type=1400 audit(1744654265.947:88): avc: denied { read } for pid=3293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.632253][ T29] audit: type=1400 audit(1744654265.947:89): avc: denied { mounton } for pid=3293 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.656990][ T3293] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.657154][ T29] audit: type=1400 audit(1744654265.947:90): avc: denied { mount } for pid=3293 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.689356][ T29] audit: type=1400 audit(1744654266.017:91): avc: denied { relabelto } for pid=3296 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 29.549279][ T3761] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.872848][ T3841] mmap: syz.4.517 (3841) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 30.324445][ T3875] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 30.374223][ T3684] ================================================================== [ 30.382661][ T3684] BUG: KCSAN: data-race in __percpu_counter_limited_add / __percpu_counter_limited_add [ 30.392391][ T3684] [ 30.394725][ T3684] write to 0xffff888108baca90 of 8 bytes by task 3790 on cpu 1: [ 30.402361][ T3684] __percpu_counter_limited_add+0x3e4/0x460 [ 30.408270][ T3684] shmem_inode_acct_blocks+0xf5/0x230 [ 30.413661][ T3684] shmem_get_folio_gfp+0x5a2/0xd30 [ 30.418786][ T3684] shmem_write_begin+0xa7/0x190 [ 30.423682][ T3684] generic_perform_write+0x189/0x4b0 [ 30.429062][ T3684] shmem_file_write_iter+0xc2/0xe0 [ 30.434181][ T3684] __kernel_write_iter+0x243/0x4c0 [ 30.439307][ T3684] dump_user_range+0x5ed/0x8b0 [ 30.444090][ T3684] elf_core_dump+0x1d61/0x1ef0 [ 30.448860][ T3684] do_coredump+0x1814/0x1f50 [ 30.453599][ T3684] get_signal+0xdb7/0x1080 [ 30.458034][ T3684] arch_do_signal_or_restart+0x9a/0x4b0 [ 30.463599][ T3684] irqentry_exit_to_user_mode+0xa7/0x120 [ 30.469244][ T3684] irqentry_exit+0x12/0x50 [ 30.473671][ T3684] asm_exc_alignment_check+0x26/0x30 [ 30.478967][ T3684] [ 30.481294][ T3684] read to 0xffff888108baca90 of 8 bytes by task 3684 on cpu 0: [ 30.488860][ T3684] __percpu_counter_limited_add+0xfc/0x460 [ 30.494680][ T3684] shmem_inode_acct_blocks+0xf5/0x230 [ 30.500113][ T3684] shmem_get_folio_gfp+0x5a2/0xd30 [ 30.505238][ T3684] shmem_write_begin+0xa7/0x190 [ 30.510107][ T3684] generic_perform_write+0x189/0x4b0 [ 30.515425][ T3684] shmem_file_write_iter+0xc2/0xe0 [ 30.520549][ T3684] __kernel_write_iter+0x243/0x4c0 [ 30.525681][ T3684] dump_user_range+0x5ed/0x8b0 [ 30.530464][ T3684] elf_core_dump+0x1d61/0x1ef0 [ 30.535345][ T3684] do_coredump+0x1814/0x1f50 [ 30.539951][ T3684] get_signal+0xdb7/0x1080 [ 30.544479][ T3684] arch_do_signal_or_restart+0x9a/0x4b0 [ 30.550138][ T3684] irqentry_exit_to_user_mode+0xa7/0x120 [ 30.555782][ T3684] irqentry_exit+0x12/0x50 [ 30.560209][ T3684] asm_exc_page_fault+0x26/0x30 [ 30.565065][ T3684] [ 30.567389][ T3684] value changed: 0x00000000000043ef -> 0x0000000000004410 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 30.574494][ T3684] [ 30.576818][ T3684] Reported by Kernel Concurrency Sanitizer on: [ 30.582994][ T3684] CPU: 0 UID: 0 PID: 3684 Comm: syz.3.364 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(voluntary) [ 30.595323][ T3684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 30.605404][ T3684] ================================================================== [ 31.039716][ T3684] syz.3.364 (3684) used greatest stack depth: 10440 bytes left