last executing test programs: 434.799641ms ago: executing program 3 (id=213): pwritev(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 434.458531ms ago: executing program 3 (id=215): mlock(0x0, 0x0) 434.262201ms ago: executing program 0 (id=217): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio', 0x800, 0x0) 419.116262ms ago: executing program 3 (id=220): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 418.819612ms ago: executing program 0 (id=222): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0) 418.743432ms ago: executing program 3 (id=223): futex_waitv(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), 0x0) 418.657802ms ago: executing program 3 (id=224): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0', 0x800, 0x0) 405.489402ms ago: executing program 0 (id=226): epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 404.934152ms ago: executing program 0 (id=229): socket$inet(0x2, 0x1, 0x0) 404.751612ms ago: executing program 3 (id=232): pause() 392.823342ms ago: executing program 0 (id=234): mq_timedsend(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 363.647654ms ago: executing program 0 (id=242): rt_sigreturn() 191.144631ms ago: executing program 2 (id=304): mincore(0x0, 0x0, &(0x7f0000000000)) 167.778312ms ago: executing program 2 (id=306): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dma_heap/system', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dma_heap/system', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dma_heap/system', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dma_heap/system', 0x800, 0x0) 167.307042ms ago: executing program 2 (id=309): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/attrs', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/attrs', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/attrs', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/attrs', 0x800, 0x0) 120.294275ms ago: executing program 2 (id=314): sched_yield() 119.970445ms ago: executing program 2 (id=316): prlimit64(0x0, 0x0, 0x0, 0x0) 116.414335ms ago: executing program 2 (id=319): sync() 65.413157ms ago: executing program 1 (id=323): inotify_rm_watch(0xffffffffffffffff, 0x0) 64.926737ms ago: executing program 1 (id=325): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf', 0x2, 0x0) 64.601377ms ago: executing program 1 (id=327): syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndctrl(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$sndctrl(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$sndctrl(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$sndctrl(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$sndctrl(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$sndctrl(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$sndctrl(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$sndctrl(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$sndctrl(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$sndctrl(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$sndctrl(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$sndctrl(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$sndctrl(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$sndctrl(&(0x7f0000000500), 0x4, 0x800) 48.713517ms ago: executing program 1 (id=329): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/keychord', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/keychord', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/keychord', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/keychord', 0x800, 0x0) 48.479767ms ago: executing program 1 (id=331): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max', 0x2, 0x0) 48.040217ms ago: executing program 4 (id=333): process_vm_readv(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0) 1.16562ms ago: executing program 4 (id=334): syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsa(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsa(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsa(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsa(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsa(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsa(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsa(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsa(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsa(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsa(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsa(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsa(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsa(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsa(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsa(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsa(&(0x7f0000000500), 0x4, 0x800) 730.1µs ago: executing program 4 (id=335): sched_getattr(0x0, &(0x7f0000000000), 0x0, 0x0) 614.58µs ago: executing program 4 (id=336): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mISDNtimer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mISDNtimer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mISDNtimer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mISDNtimer', 0x800, 0x0) 390.88µs ago: executing program 1 (id=337): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/sw_sync', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/sw_sync', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/sw_sync', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/sw_sync', 0x800, 0x0) 197.16µs ago: executing program 4 (id=338): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m', 0x2, 0x0) 0s ago: executing program 4 (id=339): remap_file_pages(0x0, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. [ 22.112991][ T29] audit: type=1400 audit(1764383531.089:62): avc: denied { mounton } for pid=3297 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.136062][ T29] audit: type=1400 audit(1764383531.109:63): avc: denied { mount } for pid=3297 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.136674][ T3297] cgroup: Unknown subsys name 'net' [ 22.163904][ T29] audit: type=1400 audit(1764383531.139:64): avc: denied { unmount } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.261666][ T3297] cgroup: Unknown subsys name 'cpuset' [ 22.268265][ T3297] cgroup: Unknown subsys name 'rlimit' [ 22.358935][ T29] audit: type=1400 audit(1764383531.329:65): avc: denied { setattr } for pid=3297 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.382302][ T29] audit: type=1400 audit(1764383531.329:66): avc: denied { create } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.402819][ T29] audit: type=1400 audit(1764383531.329:67): avc: denied { write } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 22.411202][ T3302] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.423199][ T29] audit: type=1400 audit(1764383531.329:68): avc: denied { read } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.452365][ T29] audit: type=1400 audit(1764383531.339:69): avc: denied { mounton } for pid=3297 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.466457][ T3297] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.477476][ T29] audit: type=1400 audit(1764383531.339:70): avc: denied { mount } for pid=3297 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.509674][ T29] audit: type=1400 audit(1764383531.409:71): avc: denied { relabelto } for pid=3302 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.662687][ T3478] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 24.221996][ T3644] ================================================================== [ 24.223415][ T3666] mmap: syz.4.339 (3666) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 24.230121][ T3644] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 24.249285][ T3644] [ 24.251642][ T3644] read-write to 0xffff88810759d228 of 8 bytes by task 12 on cpu 0: [ 24.259550][ T3644] __xa_clear_mark+0xf5/0x1e0 [ 24.264256][ T3644] __folio_end_writeback+0xf7/0x3b0 [ 24.269654][ T3644] folio_end_writeback_no_dropbehind+0x6d/0x1b0 [ 24.275933][ T3644] folio_end_writeback+0x1c/0x70 [ 24.280906][ T3644] ext4_finish_bio+0x459/0x8c0 [ 24.285710][ T3644] ext4_release_io_end+0x9f/0x1f0 [ 24.290787][ T3644] ext4_end_io_end+0x18d/0x240 [ 24.295585][ T3644] ext4_end_io_rsv_work+0x151/0x1e0 [ 24.300820][ T3644] process_scheduled_works+0x4ce/0x9d0 [ 24.306322][ T3644] worker_thread+0x582/0x770 [ 24.311056][ T3644] kthread+0x489/0x510 [ 24.315154][ T3644] ret_from_fork+0x122/0x1b0 [ 24.319755][ T3644] ret_from_fork_asm+0x1a/0x30 [ 24.324555][ T3644] [ 24.326909][ T3644] read to 0xffff88810759d228 of 8 bytes by task 3644 on cpu 1: [ 24.334463][ T3644] xas_find_marked+0x218/0x620 [ 24.339342][ T3644] find_get_entry+0x5d/0x380 [ 24.344058][ T3644] filemap_get_folios_tag+0x13b/0x210 [ 24.349560][ T3644] filemap_fdatawait_keep_errors+0x6c/0x180 [ 24.355497][ T3644] sync_inodes_sb+0x39c/0x440 [ 24.360216][ T3644] sync_inodes_one_sb+0x3d/0x50 [ 24.365096][ T3644] __iterate_supers+0x110/0x220 [ 24.369972][ T3644] iterate_supers+0x1f/0x30 [ 24.374490][ T3644] ksys_sync+0x5c/0xe0 [ 24.378763][ T3644] __ia32_sys_sync+0xe/0x20 [ 24.383442][ T3644] x64_sys_call+0x2d1f/0x3000 [ 24.388142][ T3644] do_syscall_64+0xd2/0x200 [ 24.392656][ T3644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 24.398557][ T3644] [ 24.400977][ T3644] value changed: 0xfffffffffff80000 -> 0xffffffffff800000 [ 24.408086][ T3644] [ 24.410407][ T3644] Reported by Kernel Concurrency Sanitizer on: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 24.416769][ T3644] CPU: 1 UID: 0 PID: 3644 Comm: syz.2.319 Not tainted syzkaller #0 PREEMPT(voluntary) [ 24.426668][ T3644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 24.436817][ T3644] ==================================================================