last executing test programs: 212.360063ms ago: executing program 2 (id=519): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg', 0x800, 0x0) 212.097542ms ago: executing program 2 (id=521): munlockall() 210.424043ms ago: executing program 2 (id=524): socket$nl_sock_diag(0x10, 0x3, 0x4) 195.424514ms ago: executing program 2 (id=526): sysinfo(&(0x7f0000000000)) 195.195934ms ago: executing program 2 (id=528): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/syslog', 0x2, 0x0) 174.301246ms ago: executing program 2 (id=537): pause() 92.200643ms ago: executing program 1 (id=577): syz_open_dev$amidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$amidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$amidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$amidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$amidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$amidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$amidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$amidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$amidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$amidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$amidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$amidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$amidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$amidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$amidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$amidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$amidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$amidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$amidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$amidi(&(0x7f0000000500), 0x4, 0x800) 85.645883ms ago: executing program 4 (id=579): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qrtr-tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qrtr-tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qrtr-tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qrtr-tun', 0x800, 0x0) 85.496173ms ago: executing program 1 (id=580): inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000), 0x0) 85.371423ms ago: executing program 4 (id=581): poll(&(0x7f0000000000), 0x0, 0x0) 85.130923ms ago: executing program 3 (id=583): fgetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 68.066285ms ago: executing program 1 (id=584): getresuid(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 67.629044ms ago: executing program 1 (id=586): mlockall(0x0) 67.524005ms ago: executing program 3 (id=587): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36', 0x2, 0x0) 67.421415ms ago: executing program 4 (id=588): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/renderD128', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/renderD128', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/renderD128', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128', 0x800, 0x0) 67.364695ms ago: executing program 3 (id=589): getpgid(0x0) 67.338825ms ago: executing program 1 (id=590): getitimer(0x0, &(0x7f0000000000)) 67.227354ms ago: executing program 0 (id=591): writev(0xffffffffffffffff, &(0x7f0000000000), 0x0) 31.279208ms ago: executing program 1 (id=592): sync() 31.144918ms ago: executing program 3 (id=593): syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x800) 31.101958ms ago: executing program 4 (id=594): set_tid_address(&(0x7f0000000000)) 31.069118ms ago: executing program 0 (id=595): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng', 0x800, 0x0) 31.028198ms ago: executing program 0 (id=596): syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) 30.954498ms ago: executing program 4 (id=597): sigaltstack(&(0x7f0000000000), 0x0) 30.903598ms ago: executing program 3 (id=598): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/load', 0x2, 0x0) 396.63µs ago: executing program 4 (id=599): sched_getparam(0x0, &(0x7f0000000000)) 241.45µs ago: executing program 0 (id=600): syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsa(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsa(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsa(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsa(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsa(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsa(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsa(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsa(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsa(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsa(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsa(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsa(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsa(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsa(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsa(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsa(&(0x7f0000000500), 0x4, 0x800) 158.98µs ago: executing program 3 (id=601): timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 60.1µs ago: executing program 0 (id=603): setfsgid(0x0) 0s ago: executing program 0 (id=604): rt_sigpending(&(0x7f0000000000), 0x0) kernel console output (not intermixed with test programs): [ 19.810176][ T29] audit: type=1400 audit(1721508815.039:77): avc: denied { noatsecure } for pid=3063 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.813243][ T29] audit: type=1400 audit(1721508815.039:78): avc: denied { write } for pid=3063 comm="sh" path="pipe:[576]" dev="pipefs" ino=576 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 19.813611][ T3063] sh (3063) used greatest stack depth: 11872 bytes left [ 19.816541][ T29] audit: type=1400 audit(1721508815.039:79): avc: denied { rlimitinh } for pid=3063 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.820650][ T29] audit: type=1400 audit(1721508815.039:80): avc: denied { siginh } for pid=3063 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.105637][ C0] eth0: bad gso: type: 1, size: 1408 [ 20.111487][ C0] eth0: bad gso: type: 1, size: 1408 [ 20.117178][ C0] eth0: bad gso: type: 1, size: 1408 [ 20.123253][ C0] eth0: bad gso: type: 1, size: 1408 [ 20.251551][ T3069] sftp-server (3069) used greatest stack depth: 11368 bytes left Warning: Permanently added '10.128.0.24' (ED25519) to the list of known hosts. [ 26.895298][ T29] audit: type=1400 audit(1721508822.129:81): avc: denied { mounton } for pid=3074 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.896330][ T3074] cgroup: Unknown subsys name 'net' [ 26.918188][ T29] audit: type=1400 audit(1721508822.129:82): avc: denied { mount } for pid=3074 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.945828][ T29] audit: type=1400 audit(1721508822.159:83): avc: denied { unmount } for pid=3074 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.965668][ T29] audit: type=1400 audit(1721508822.159:84): avc: denied { read } for pid=2767 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 27.090045][ T3074] cgroup: Unknown subsys name 'rlimit' [ 27.212929][ T29] audit: type=1400 audit(1721508822.449:85): avc: denied { create } for pid=3074 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.233514][ T29] audit: type=1400 audit(1721508822.449:86): avc: denied { write } for pid=3074 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.253878][ T29] audit: type=1400 audit(1721508822.449:87): avc: denied { read } for pid=3074 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.274878][ T29] audit: type=1400 audit(1721508822.459:88): avc: denied { mounton } for pid=3074 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.282306][ T3078] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 27.299849][ T29] audit: type=1400 audit(1721508822.459:89): avc: denied { mount } for pid=3074 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.331858][ T29] audit: type=1400 audit(1721508822.549:90): avc: denied { relabelto } for pid=3078 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.366352][ T3074] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 28.835892][ T3420] mmap: syz.1.322 (3420) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 29.229660][ T3620] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.285073][ T3637] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.460054][ T3698] ================================================================== [ 29.468278][ T3698] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 29.475682][ T3698] [ 29.478000][ T3698] read-write to 0xffff888106466230 of 8 bytes by task 308 on cpu 0: [ 29.486150][ T3698] __xa_clear_mark+0xf8/0x1f0 [ 29.490958][ T3698] __folio_end_writeback+0x18f/0x4a0 [ 29.496339][ T3698] folio_end_writeback+0x74/0x1f0 [ 29.501379][ T3698] ext4_finish_bio+0x476/0x8e0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 29.506155][ T3698] ext4_release_io_end+0x8c/0x1f0 [ 29.511210][ T3698] ext4_end_io_rsv_work+0x2d3/0x370 [ 29.516509][ T3698] process_scheduled_works+0x483/0x9a0 [ 29.521998][ T3698] worker_thread+0x526/0x700 [ 29.526605][ T3698] kthread+0x1d1/0x210 [ 29.530687][ T3698] ret_from_fork+0x4b/0x60 [ 29.535107][ T3698] ret_from_fork_asm+0x1a/0x30 [ 29.539879][ T3698] [ 29.542204][ T3698] read to 0xffff888106466230 of 8 bytes by task 3698 on cpu 1: [ 29.549747][ T3698] xas_find_marked+0x216/0x660 [ 29.554536][ T3698] find_get_entry+0x54/0x390 [ 29.559136][ T3698] filemap_get_folios_tag+0x136/0x210 [ 29.564527][ T3698] filemap_fdatawait_keep_errors+0x6a/0x180 [ 29.570428][ T3698] sync_inodes_sb+0x3bb/0x460 [ 29.575120][ T3698] sync_inodes_one_sb+0x3d/0x50 [ 29.579982][ T3698] iterate_supers+0xa3/0x140 [ 29.584907][ T3698] ksys_sync+0x5d/0xe0 [ 29.588972][ T3698] __do_sys_sync+0xe/0x20 [ 29.593305][ T3698] x64_sys_call+0x2bda/0x2e00 [ 29.598074][ T3698] do_syscall_64+0xc9/0x1c0 [ 29.602574][ T3698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 29.608555][ T3698] [ 29.610865][ T3698] value changed: 0xffffffffe0000000 -> 0xfe00000000000000 [ 29.617964][ T3698] [ 29.620275][ T3698] Reported by Kernel Concurrency Sanitizer on: [ 29.626507][ T3698] CPU: 1 PID: 3698 Comm: syz.1.592 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e #0 [ 29.636240][ T3698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 29.646298][ T3698] ================================================================== [ 29.818962][ T3714] ================================================================== [ 29.827210][ T3714] BUG: KCSAN: data-race in generic_fillattr / inode_set_ctime_current [ 29.835816][ T3714] [ 29.838149][ T3714] write to 0xffff8881043fd838 of 4 bytes by task 3621 on cpu 0: [ 29.845799][ T3714] inode_set_ctime_current+0x35/0x50 [ 29.851175][ T3714] shmem_symlink+0x32d/0x3a0 [ 29.855746][ T3714] vfs_symlink+0xca/0x1d0 [ 29.860064][ T3714] do_symlinkat+0xe3/0x350 [ 29.864559][ T3714] __x64_sys_symlink+0x50/0x60 [ 29.869389][ T3714] x64_sys_call+0x2a72/0x2e00 [ 29.874044][ T3714] do_syscall_64+0xc9/0x1c0 [ 29.879336][ T3714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 29.885394][ T3714] [ 29.887702][ T3714] read to 0xffff8881043fd838 of 4 bytes by task 3714 on cpu 1: [ 29.895220][ T3714] generic_fillattr+0x1dd/0x2f0 [ 29.900054][ T3714] shmem_getattr+0x17b/0x200 [ 29.904626][ T3714] vfs_getattr+0x19b/0x1e0 [ 29.909017][ T3714] vfs_statx+0x134/0x2f0 [ 29.913328][ T3714] vfs_fstatat+0xec/0x110 [ 29.917637][ T3714] __se_sys_newfstatat+0x58/0x260 [ 29.922659][ T3714] __x64_sys_newfstatat+0x55/0x70 [ 29.927665][ T3714] x64_sys_call+0x2d6a/0x2e00 [ 29.932416][ T3714] do_syscall_64+0xc9/0x1c0 [ 29.936901][ T3714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 29.942792][ T3714] [ 29.945104][ T3714] value changed: 0x02e65804 -> 0x037eee84 [ 29.950879][ T3714] [ 29.953187][ T3714] Reported by Kernel Concurrency Sanitizer on: [ 29.959310][ T3714] CPU: 1 PID: 3714 Comm: udevd Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e #0 [ 29.968569][ T3714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 29.978599][ T3714] ==================================================================