last executing test programs: 496.671005ms ago: executing program 2 (id=167): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/relabel-self', 0x2, 0x0) 496.487265ms ago: executing program 2 (id=169): sigaltstack(&(0x7f0000000000), 0x0) 482.192256ms ago: executing program 2 (id=174): timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 482.037646ms ago: executing program 2 (id=176): socket$tipc(0x1e, 0x2, 0x0) 481.921956ms ago: executing program 2 (id=177): syz_open_dev$admmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$admmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$admmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$admmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$admmidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$admmidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$admmidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$admmidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$admmidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$admmidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$admmidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$admmidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$admmidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$admmidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$admmidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$admmidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$admmidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$admmidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$admmidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$admmidi(&(0x7f0000000500), 0x4, 0x800) 481.597196ms ago: executing program 2 (id=179): pause() 175.547741ms ago: executing program 4 (id=306): getresuid(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 175.143531ms ago: executing program 4 (id=309): getrlimit(0x0, &(0x7f0000000000)) 174.437501ms ago: executing program 4 (id=313): msgrcv(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0) 152.310562ms ago: executing program 4 (id=320): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun', 0x800, 0x0) 151.858102ms ago: executing program 4 (id=324): syz_open_dev$vcsu(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsu(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsu(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsu(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsu(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsu(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsu(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsu(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsu(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsu(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsu(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsu(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsu(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsu(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsu(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsu(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsu(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsu(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsu(&(0x7f0000000500), 0x4, 0x800) 128.851384ms ago: executing program 4 (id=329): sync() 80.891286ms ago: executing program 1 (id=338): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy', 0x0, 0x0) 59.407727ms ago: executing program 0 (id=339): socket$phonet_pipe(0x23, 0x5, 0x2) 58.970147ms ago: executing program 0 (id=342): migrate_pages(0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000)) 58.636867ms ago: executing program 0 (id=344): epoll_pwait2(0xffffffffffffffff, &(0x7f0000000000), 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 58.597737ms ago: executing program 3 (id=345): setpgid(0x0, 0x0) 31.827788ms ago: executing program 3 (id=346): rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000000)) 31.663718ms ago: executing program 0 (id=347): syz_open_dev$usbfs(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x28, 0x800) 31.583188ms ago: executing program 3 (id=348): sysfs$1(0x1, &(0x7f0000000000)) 31.496218ms ago: executing program 0 (id=349): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1', 0x800, 0x0) 31.462718ms ago: executing program 3 (id=350): getgroups(0x0, &(0x7f0000000000)) 31.297508ms ago: executing program 0 (id=351): rt_sigreturn() 1.12436ms ago: executing program 3 (id=352): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey', 0x800, 0x0) 730.99µs ago: executing program 1 (id=353): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0', 0x2, 0x0) 584.8µs ago: executing program 1 (id=354): fstat(0xffffffffffffffff, &(0x7f0000000000)) 315.15µs ago: executing program 1 (id=355): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nmem0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nmem0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nmem0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nmem0', 0x800, 0x0) 170.12µs ago: executing program 1 (id=356): process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 69.76µs ago: executing program 3 (id=357): init_module(&(0x7f0000000000), 0x0, &(0x7f0000000000)) 0s ago: executing program 1 (id=358): setfsgid(0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts. [ 25.923857][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 25.923870][ T28] audit: type=1400 audit(1774371126.943:70): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.953069][ T28] audit: type=1400 audit(1774371126.973:71): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.953852][ T3301] cgroup: Unknown subsys name 'net' [ 25.980698][ T28] audit: type=1400 audit(1774371127.003:72): avc: denied { unmount } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.096572][ T3301] cgroup: Unknown subsys name 'cpuset' [ 26.102697][ T3301] cgroup: Unknown subsys name 'rlimit' [ 26.223899][ T28] audit: type=1400 audit(1774371127.243:73): avc: denied { setattr } for pid=3301 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.247329][ T28] audit: type=1400 audit(1774371127.243:74): avc: denied { create } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.268122][ T28] audit: type=1400 audit(1774371127.243:75): avc: denied { write } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.293383][ T3303] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.295768][ T28] audit: type=1400 audit(1774371127.243:76): avc: denied { read } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.322322][ T28] audit: type=1400 audit(1774371127.273:77): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.347632][ T28] audit: type=1400 audit(1774371127.273:78): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 26.365039][ T3301] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.370912][ T28] audit: type=1400 audit(1774371127.273:79): avc: denied { read } for pid=3040 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 27.265071][ T3348] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 27.581558][ T3522] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 27.874777][ T3650] mmap: syz.0.322 (3650) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 28.030456][ T3657] ================================================================== [ 28.038559][ T3657] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 28.045937][ T3657] [ 28.048306][ T3657] read-write to 0xffff8881081fb6b8 of 8 bytes by task 12 on cpu 0: [ 28.056198][ T3657] __xa_clear_mark+0xf5/0x1e0 [ 28.060874][ T3657] __folio_end_writeback+0xf4/0x360 [ 28.066081][ T3657] folio_end_writeback_no_dropbehind+0x6d/0x1d0 [ 28.072320][ T3657] folio_end_writeback+0x1c/0x70 [ 28.077258][ T3657] ext4_finish_bio+0x459/0x8b0 [ 28.082031][ T3657] ext4_release_io_end+0x9f/0x1f0 [ 28.087072][ T3657] ext4_end_io_end+0x18d/0x240 [ 28.091847][ T3657] ext4_end_io_rsv_work+0x15b/0x1f0 [ 28.097049][ T3657] process_scheduled_works+0x513/0xa10 [ 28.102514][ T3657] worker_thread+0x58a/0x780 [ 28.107098][ T3657] kthread+0x22a/0x280 [ 28.111171][ T3657] ret_from_fork+0x150/0x360 [ 28.115767][ T3657] ret_from_fork_asm+0x1a/0x30 [ 28.120534][ T3657] [ 28.122862][ T3657] read to 0xffff8881081fb6b8 of 8 bytes by task 3657 on cpu 1: [ 28.130389][ T3657] xas_find_marked+0x213/0x620 [ 28.135157][ T3657] filemap_get_folios_tag+0xfa/0x510 [ 28.140440][ T3657] filemap_fdatawait_keep_errors+0x6c/0x190 [ 28.146363][ T3657] sync_inodes_sb+0x40e/0x4c0 [ 28.151137][ T3657] sync_inodes_one_sb+0x3d/0x50 [ 28.155994][ T3657] __iterate_supers+0x110/0x220 [ 28.160856][ T3657] iterate_supers+0x1f/0x30 [ 28.165373][ T3657] __ia32_sys_sync+0x5c/0xb0 [ 28.169966][ T3657] x64_sys_call+0x2f3a/0x3020 [ 28.174648][ T3657] do_syscall_64+0x12c/0x370 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 28.179249][ T3657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 28.185145][ T3657] [ 28.187457][ T3657] value changed: 0xffffffff00000000 -> 0xffffff8000000000 [ 28.194558][ T3657] [ 28.196882][ T3657] Reported by Kernel Concurrency Sanitizer on: [ 28.203216][ T3657] CPU: 1 UID: 0 PID: 3657 Comm: syz.4.329 Not tainted syzkaller #0 PREEMPT(full) [ 28.212508][ T3657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 28.222564][ T3657] ==================================================================