last executing test programs: 292.712316ms ago: executing program 4 (id=123): pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) 292.507556ms ago: executing program 4 (id=126): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0) 280.445797ms ago: executing program 4 (id=132): getrandom(&(0x7f0000000000), 0x0, 0x0) 257.267269ms ago: executing program 4 (id=139): faccessat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 257.149259ms ago: executing program 4 (id=141): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom', 0x800, 0x0) 210.032673ms ago: executing program 4 (id=155): pause() 110.112991ms ago: executing program 3 (id=190): fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) 109.157271ms ago: executing program 3 (id=195): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37', 0x2, 0x0) 77.780744ms ago: executing program 0 (id=197): pkey_free(0xffffffffffffffff) 77.039564ms ago: executing program 3 (id=199): writev(0xffffffffffffffff, &(0x7f0000000000), 0x0) 76.891084ms ago: executing program 0 (id=200): getegid() 76.727354ms ago: executing program 1 (id=201): setitimer(0x0, &(0x7f0000000000), 0x0) 76.633024ms ago: executing program 3 (id=202): getdents(0xffffffffffffffff, &(0x7f0000000000), 0x0) 76.446754ms ago: executing program 3 (id=203): fsmount(0xffffffffffffffff, 0x0, 0x0) 57.098785ms ago: executing program 1 (id=204): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec', 0x2, 0x0) 56.866286ms ago: executing program 0 (id=206): socket$caif_stream(0x25, 0x1, 0x0) 56.619985ms ago: executing program 2 (id=207): semget(0xffffffffffffffff, 0x0, 0x0) 56.500525ms ago: executing program 1 (id=208): syz_init_net_socket$netrom(0x6, 0x5, 0x0) 56.425245ms ago: executing program 2 (id=209): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l/by-path/platform-soc@0:qcom_cam-req-mgr-video-index0', 0x2, 0x0) 56.389895ms ago: executing program 3 (id=210): sync() 56.345475ms ago: executing program 0 (id=211): shmat(0x0, 0x0, 0x0) 8.910929ms ago: executing program 2 (id=212): finit_module(0xffffffffffffffff, &(0x7f0000000000), 0x0) 8.661229ms ago: executing program 2 (id=213): syz_open_dev$floppy(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$floppy(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$floppy(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$floppy(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$floppy(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$floppy(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$floppy(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$floppy(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$floppy(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$floppy(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$floppy(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$floppy(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$floppy(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$floppy(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$floppy(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$floppy(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$floppy(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$floppy(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$floppy(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$floppy(&(0x7f0000000500), 0x4, 0x800) 8.590199ms ago: executing program 0 (id=214): fchdir(0xffffffffffffffff) 8.455659ms ago: executing program 1 (id=215): init_module(&(0x7f0000000000), 0x0, &(0x7f0000000000)) 8.313299ms ago: executing program 2 (id=216): sched_setscheduler(0x0, 0x0, &(0x7f0000000000)) 6.858169ms ago: executing program 1 (id=217): shmget(0xffffffffffffffff, 0x0, 0x0, 0x0) 2.49213ms ago: executing program 0 (id=218): name_to_handle_at(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 2.36491ms ago: executing program 2 (id=219): ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 0s ago: executing program 1 (id=220): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vmci', 0x2, 0x0) kernel console output (not intermixed with test programs): =process permissive=1 [ 20.024101][ T29] audit: type=1400 audit(1754717918.492:61): avc: denied { siginh } for pid=3235 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts. [ 27.539906][ T29] audit: type=1400 audit(1754717926.022:62): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 27.540809][ T3291] cgroup: Unknown subsys name 'net' [ 27.563276][ T29] audit: type=1400 audit(1754717926.022:63): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.590669][ T29] audit: type=1400 audit(1754717926.052:64): avc: denied { unmount } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.727391][ T3291] cgroup: Unknown subsys name 'cpuset' [ 27.733646][ T3291] cgroup: Unknown subsys name 'rlimit' [ 27.826211][ T29] audit: type=1400 audit(1754717926.302:65): avc: denied { setattr } for pid=3291 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.849463][ T29] audit: type=1400 audit(1754717926.312:66): avc: denied { create } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.870064][ T29] audit: type=1400 audit(1754717926.312:67): avc: denied { write } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.881237][ T3293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.890531][ T29] audit: type=1400 audit(1754717926.312:68): avc: denied { read } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.919773][ T29] audit: type=1400 audit(1754717926.322:69): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.921104][ T3291] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.945112][ T29] audit: type=1400 audit(1754717926.322:70): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.945701][ T29] audit: type=1400 audit(1754717926.382:71): avc: denied { relabelto } for pid=3293 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.934202][ T3380] mmap: syz.1.71 (3380) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 29.112246][ T3463] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.373274][ T3523] ================================================================== [ 29.381472][ T3523] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 29.388872][ T3523] [ 29.391201][ T3523] read-write to 0xffff888106962908 of 8 bytes by task 416 on cpu 0: [ 29.399358][ T3523] __xa_clear_mark+0xf5/0x1e0 [ 29.404228][ T3523] __folio_end_writeback+0x177/0x470 [ 29.409525][ T3523] folio_end_writeback+0x71/0x3d0 [ 29.414575][ T3523] ext4_finish_bio+0x459/0x8c0 [ 29.419373][ T3523] ext4_release_io_end+0x9f/0x1f0 [ 29.424426][ T3523] ext4_end_io_end+0x18d/0x240 [ 29.429217][ T3523] ext4_end_io_rsv_work+0x151/0x1e0 [ 29.434551][ T3523] process_scheduled_works+0x4ce/0x9d0 [ 29.440021][ T3523] worker_thread+0x582/0x770 [ 29.444626][ T3523] kthread+0x486/0x510 [ 29.448708][ T3523] ret_from_fork+0xda/0x150 [ 29.453296][ T3523] ret_from_fork_asm+0x1a/0x30 [ 29.458066][ T3523] [ 29.460392][ T3523] read to 0xffff888106962908 of 8 bytes by task 3523 on cpu 1: [ 29.468120][ T3523] xas_find_marked+0x218/0x620 [ 29.472978][ T3523] find_get_entry+0x5d/0x380 [ 29.477598][ T3523] filemap_get_folios_tag+0x13b/0x210 [ 29.483071][ T3523] filemap_fdatawait_keep_errors+0x6c/0x180 [ 29.488968][ T3523] sync_inodes_sb+0x39c/0x440 [ 29.493745][ T3523] sync_inodes_one_sb+0x3d/0x50 [ 29.498589][ T3523] __iterate_supers+0x110/0x220 [ 29.503556][ T3523] iterate_supers+0x1f/0x30 [ 29.508061][ T3523] ksys_sync+0x5c/0xe0 [ 29.512234][ T3523] __ia32_sys_sync+0xe/0x20 [ 29.516729][ T3523] x64_sys_call+0x2d10/0x2ff0 [ 29.521488][ T3523] do_syscall_64+0xd2/0x200 [ 29.525985][ T3523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 29.531908][ T3523] [ 29.534227][ T3523] value changed: 0xffffffe000000000 -> 0xffff800000000000 [ 29.541333][ T3523] [ 29.543644][ T3523] Reported by Kernel Concurrency Sanitizer on: [ 29.549794][ T3523] CPU: 1 UID: 0 PID: 3523 Comm: syz.3.210 Not tainted 6.16.0-syzkaller-12187-g0227b49b5027 #0 PREEMPT(voluntary) [ 29.561872][ T3523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 29.571938][ T3523] ==================================================================