last executing test programs: kernel console output (not intermixed with test programs): [ 73.954209][ T40] audit: type=1400 audit(1777187396.674:59): avc: denied { write } for pid=5632 comm="sh" path="pipe:[3721]" dev="pipefs" ino=3721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 73.964192][ T40] audit: type=1400 audit(1777187396.674:60): avc: denied { rlimitinh } for pid=5632 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 73.976222][ T40] audit: type=1400 audit(1777187396.674:61): avc: denied { siginh } for pid=5632 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:34261' (ED25519) to the list of known hosts. [ 76.046678][ T40] audit: type=1400 audit(1777187398.794:62): avc: denied { name_bind } for pid=5643 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 76.079050][ T40] audit: type=1400 audit(1777187398.824:63): avc: denied { execute } for pid=5644 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 76.088362][ T40] audit: type=1400 audit(1777187398.824:64): avc: denied { execute_no_trans } for pid=5644 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 78.329671][ T40] audit: type=1400 audit(1777187401.074:65): avc: denied { mounton } for pid=5644 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 78.338474][ T40] audit: type=1400 audit(1777187401.074:66): avc: denied { getattr } for pid=5674 comm="rm" path="/run/dhcpcd/hook-state/resolv.conf.lapb4.ipv4ll" dev="tmpfs" ino=1884 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 78.341964][ T5644] cgroup: Unknown subsys name 'net' [ 78.471334][ T5644] cgroup: Unknown subsys name 'cpuset' [ 78.477568][ T5644] cgroup: Unknown subsys name 'rlimit' [ 78.638473][ T5684] [ 78.639319][ T5684] ===================================== [ 78.641084][ T5684] WARNING: bad unlock balance detected! [ 78.642941][ T5684] syzkaller #0 Not tainted [ 78.644366][ T5684] ------------------------------------- [ 78.646203][ T5684] dhcpcd-run-hook/5684 is trying to release lock (rcu_read_lock) at: [ 78.649092][ T5684] [] rcu_read_unlock+0x17/0x60 [ 78.651069][ T5684] but there are no more locks to release! [ 78.652898][ T5684] [ 78.652898][ T5684] other info that might help us debug this: [ 78.655372][ T5684] 2 locks held by dhcpcd-run-hook/5684: [ 78.657169][ T5684] #0: ffff888036590338 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x124/0xa10 [ 78.659991][ T5684] #1: ffff88803e19f558 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x10f/0x320 [ 78.663350][ T5684] [ 78.663350][ T5684] stack backtrace: [ 78.665244][ T5684] CPU: 2 UID: 0 PID: 5684 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) [ 78.665258][ T5684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 78.665264][ T5684] Call Trace: [ 78.665269][ T5684] [ 78.665274][ T5684] dump_stack_lvl+0x100/0x190 [ 78.665288][ T5684] ? rcu_read_unlock+0x17/0x60 [ 78.665300][ T5684] print_unlock_imbalance_bug.part.0+0xfb/0x106 [ 78.665317][ T5684] ? rcu_read_unlock+0x17/0x60 [ 78.665328][ T5684] lock_release+0x28d/0x310 [ 78.665341][ T5684] rcu_read_unlock+0x1c/0x60 [ 78.665353][ T5684] folio_remove_rmap_ptes+0x79a/0xdd0 [ 78.665367][ T5684] __zap_vma_range+0x1f72/0x4bf0 [ 78.665383][ T5684] ? __pfx___zap_vma_range+0x10/0x10 [ 78.665394][ T5684] ? find_held_lock+0x2b/0x80 [ 78.665405][ T5684] unmap_vmas+0x299/0x5f0 [ 78.665416][ T5684] ? __pfx_unmap_vmas+0x10/0x10 [ 78.665427][ T5684] ? mas_next_slot+0x10a3/0x1960 [ 78.665442][ T5684] exit_mmap+0x1ef/0xa10 [ 78.665455][ T5684] ? __pfx_exit_mmap+0x10/0x10 [ 78.665466][ T5684] ? trace_contention_end+0x122/0x170 [ 78.665480][ T5684] ? uprobe_clear_state+0x5f/0x260 [ 78.665496][ T5684] ? uprobe_clear_state+0x5f/0x260 [ 78.665513][ T5684] ? __lock_acquire+0x4a5/0x2630 [ 78.665527][ T5684] ? arch_uprobe_clear_state+0x107/0x150 [ 78.665541][ T5684] __mmput+0x12a/0x410 [ 78.665556][ T5684] mmput+0x67/0x80 [ 78.665570][ T5684] do_exit+0x833/0x2a60 [ 78.665581][ T5684] ? do_raw_spin_lock+0x128/0x260 [ 78.665596][ T5684] ? __pfx_do_exit+0x10/0x10 [ 78.665605][ T5684] ? do_group_exit+0x1bd/0x2a0 [ 78.665616][ T5684] ? rcu_is_watching+0x12/0xc0 [ 78.665632][ T5684] do_group_exit+0xd5/0x2a0 [ 78.665643][ T5684] __x64_sys_exit_group+0x3e/0x50 [ 78.665654][ T5684] x64_sys_call+0x102c/0x1530 [ 78.665674][ T5684] do_syscall_64+0x10b/0xf80 [ 78.665685][ T5684] ? clear_bhb_loop+0x40/0x90 [ 78.665696][ T5684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.665707][ T5684] RIP: 0033:0x7f86edb946c5 [ 78.665715][ T5684] Code: Unable to access opcode bytes at 0x7f86edb9469b. [ 78.665719][ T5684] RSP: 002b:00007ffe0360d588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 78.665729][ T5684] RAX: ffffffffffffffda RBX: 0000556aa8bde2c0 RCX: 00007f86edb946c5 [ 78.665736][ T5684] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000 [ 78.665741][ T5684] RBP: 00007ffe0360d8b8 R08: 0000000000000000 R09: 0000000000000000 [ 78.665747][ T5684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe0360d8b0 [ 78.665753][ T5684] R13: 00007ffe0360d8c0 R14: 00007f86edda4000 R15: 0000556a73d27d98 [ 78.665762][ T5684] [ 78.744563][ T5684] ------------[ cut here ]------------ [ 78.751122][ T5684] rrln < 0 || rrln > RCU_NEST_PMAX [ 78.751130][ T5684] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x235/0x5e0, CPU#2: dhcpcd-run-hook/5684 [ 78.756977][ T5684] Modules linked in: [ 78.758273][ T5684] CPU: 2 UID: 0 PID: 5684 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) [ 78.761301][ T5684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 78.764414][ T5684] RIP: 0010:__rcu_read_unlock+0x235/0x5e0 [ 78.766480][ T5684] Code: 74 11 c7 45 58 01 00 00 00 bf 09 00 00 00 e8 c2 6f da ff e8 9d ff 22 00 9c 58 f6 c4 02 0f 85 dd 02 00 00 fb e9 57 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 54 76 88 [ 78.772380][ T5684] RSP: 0018:ffffc90003bdf718 EFLAGS: 00010286 [ 78.774306][ T5684] RAX: 00000000ffffffff RBX: ffff8880285b2500 RCX: ffffffff81e7b7ae [ 78.777286][ T5684] RDX: 0000000000000000 RSI: ffffffff8def8e2a RDI: ffff8880285b29c4 [ 78.780582][ T5684] RBP: ffffea0000f25740 R08: 0000000000000005 R09: 0000000000000000 [ 78.783857][ T5684] R10: 0000000080000001 R11: 0000000000000001 R12: 0000000000000001 [ 78.787369][ T5684] R13: ffff88803e85cc80 R14: 0000000000000000 R15: ffffea0000f25770 [ 78.790702][ T5684] FS: 0000000000000000(0000) GS:ffff8880d6579000(0000) knlGS:0000000000000000 [ 78.804056][ T5684] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.805939][ T5690] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 78.806425][ T5684] CR2: 0000556aa8be3b11 CR3: 000000002c8aa000 CR4: 0000000000352ef0 [ 78.812129][ T5684] Call Trace: [ 78.870619][ T5684] [ 78.872166][ T5684] folio_remove_rmap_ptes+0x79a/0xdd0 [ 78.875038][ T5684] __zap_vma_range+0x1f72/0x4bf0 [ 78.881166][ T5684] ? __pfx___zap_vma_range+0x10/0x10 [ 78.884101][ T5684] ? find_held_lock+0x2b/0x80 [ 78.887227][ T5684] unmap_vmas+0x299/0x5f0 [ 78.889863][ T5684] ? __pfx_unmap_vmas+0x10/0x10 [ 78.892009][ T5684] ? mas_next_slot+0x10a3/0x1960 [ 78.896553][ T5684] exit_mmap+0x1ef/0xa10 [ 78.898724][ T5684] ? __pfx_exit_mmap+0x10/0x10 [ 78.900478][ T5684] ? trace_contention_end+0x122/0x170 [ 78.903148][ T5684] ? uprobe_clear_state+0x5f/0x260 [ 78.904924][ T5684] ? uprobe_clear_state+0x5f/0x260 [ 78.908172][ T5684] ? __lock_acquire+0x4a5/0x2630 [ 78.911877][ T5684] ? arch_uprobe_clear_state+0x107/0x150 [ 78.914764][ T5684] __mmput+0x12a/0x410 [ 78.916934][ T5684] mmput+0x67/0x80 [ 78.918470][ T5684] do_exit+0x833/0x2a60 [ 78.920567][ T5684] ? do_raw_spin_lock+0x128/0x260 [ 78.922456][ T5684] ? __pfx_do_exit+0x10/0x10 [ 78.924033][ T5684] ? do_group_exit+0x1bd/0x2a0 [ 78.926077][ T5684] ? rcu_is_watching+0x12/0xc0 [ 78.928863][ T5684] do_group_exit+0xd5/0x2a0 [ 78.931062][ T5684] __x64_sys_exit_group+0x3e/0x50 [ 78.932954][ T5684] x64_sys_call+0x102c/0x1530 [ 78.934585][ T5684] do_syscall_64+0x10b/0xf80 [ 78.936480][ T5684] ? clear_bhb_loop+0x40/0x90 [ 78.938938][ T5684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.940931][ T5684] RIP: 0033:0x7f86edb946c5 [ 78.942407][ T5684] Code: Unable to access opcode bytes at 0x7f86edb9469b. [ 78.944612][ T5684] RSP: 002b:00007ffe0360d588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 78.947373][ T5684] RAX: ffffffffffffffda RBX: 0000556aa8bde2c0 RCX: 00007f86edb946c5 [ 78.949963][ T5684] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000 [ 78.952350][ T5684] RBP: 00007ffe0360d8b8 R08: 0000000000000000 R09: 0000000000000000 [ 78.954698][ T5684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe0360d8b0 [ 78.957293][ T5684] R13: 00007ffe0360d8c0 R14: 00007f86edda4000 R15: 0000556a73d27d98 [ 78.962049][ T5684] [ 78.963043][ T5684] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 78.965423][ T5684] CPU: 2 UID: 0 PID: 5684 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) [ 78.968491][ T5684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 78.971612][ T5684] Call Trace: [ 78.972784][ T5684] [ 78.973848][ T5684] dump_stack_lvl+0x100/0x190 [ 78.976111][ T5684] vpanic+0x552/0x970 [ 78.977768][ T5684] ? __pfx_vpanic+0x10/0x10 [ 78.981007][ T5684] panic+0xd1/0xe0 [ 78.982595][ T5684] ? __pfx_panic+0x10/0x10 [ 78.985893][ T5684] ? check_panic_on_warn+0x1f/0x90 [ 78.988198][ T5684] check_panic_on_warn.cold+0x19/0x34 [ 78.990268][ T5684] ? __rcu_read_unlock+0x235/0x5e0 [ 78.992009][ T5684] __warn.cold+0x191/0x328 [ 78.994353][ T5684] __report_bug+0x296/0x3d0 [ 78.996004][ T5684] ? __rcu_read_unlock+0x235/0x5e0 [ 78.998307][ T5684] ? __pfx___report_bug+0x10/0x10 [ 79.000244][ T5684] ? is_bpf_text_address+0x8a/0x1a0 [ 79.001993][ T5684] ? lock_release+0x245/0x310 [ 79.003593][ T5684] ? bpf_ksym_find+0x128/0x1c0 [ 79.006146][ T5684] ? is_bpf_text_address+0x6f/0x1a0 [ 79.008911][ T5684] ? __rcu_read_unlock+0x235/0x5e0 [ 79.010976][ T5684] report_bug+0xb2/0x220 [ 79.012722][ T5684] ? __rcu_read_unlock+0x235/0x5e0 [ 79.014684][ T5684] handle_bug+0x16a/0x2a0 [ 79.016656][ T5684] exc_invalid_op+0x17/0x50 [ 79.018543][ T5684] asm_exc_invalid_op+0x1a/0x20 [ 79.020364][ T5684] RIP: 0010:__rcu_read_unlock+0x235/0x5e0 [ 79.022387][ T5684] Code: 74 11 c7 45 58 01 00 00 00 bf 09 00 00 00 e8 c2 6f da ff e8 9d ff 22 00 9c 58 f6 c4 02 0f 85 dd 02 00 00 fb e9 57 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 54 76 88 [ 79.028413][ T5684] RSP: 0018:ffffc90003bdf718 EFLAGS: 00010286 [ 79.030310][ T5684] RAX: 00000000ffffffff RBX: ffff8880285b2500 RCX: ffffffff81e7b7ae [ 79.032829][ T5684] RDX: 0000000000000000 RSI: ffffffff8def8e2a RDI: ffff8880285b29c4 [ 79.035376][ T5684] RBP: ffffea0000f25740 R08: 0000000000000005 R09: 0000000000000000 [ 79.038112][ T5684] R10: 0000000080000001 R11: 0000000000000001 R12: 0000000000000001 [ 79.040647][ T5684] R13: ffff88803e85cc80 R14: 0000000000000000 R15: ffffea0000f25770 [ 79.044372][ T5684] ? nbcon_cpu_emergency_exit+0x11e/0x1e0 [ 79.048215][ T5684] folio_remove_rmap_ptes+0x79a/0xdd0 [ 79.051376][ T5684] __zap_vma_range+0x1f72/0x4bf0 [ 79.057610][ T5684] ? __pfx___zap_vma_range+0x10/0x10 [ 79.061005][ T5684] ? find_held_lock+0x2b/0x80 [ 79.064477][ T5684] unmap_vmas+0x299/0x5f0 [ 79.067343][ T5684] ? __pfx_unmap_vmas+0x10/0x10 [ 79.069678][ T5684] ? mas_next_slot+0x10a3/0x1960 [ 79.074477][ T5684] exit_mmap+0x1ef/0xa10 [ 79.076858][ T5684] ? __pfx_exit_mmap+0x10/0x10 [ 79.078711][ T5684] ? trace_contention_end+0x122/0x170 [ 79.081564][ T5684] ? uprobe_clear_state+0x5f/0x260 [ 79.083412][ T5684] ? uprobe_clear_state+0x5f/0x260 [ 79.086790][ T5684] ? __lock_acquire+0x4a5/0x2630 [ 79.091070][ T5684] ? arch_uprobe_clear_state+0x107/0x150 [ 79.094261][ T5684] __mmput+0x12a/0x410 [ 79.096345][ T5684] mmput+0x67/0x80 [ 79.097922][ T5684] do_exit+0x833/0x2a60 [ 79.100171][ T5684] ? do_raw_spin_lock+0x128/0x260 [ 79.102126][ T5684] ? __pfx_do_exit+0x10/0x10 [ 79.103729][ T5684] ? do_group_exit+0x1bd/0x2a0 [ 79.105648][ T5684] ? rcu_is_watching+0x12/0xc0 [ 79.108438][ T5684] do_group_exit+0xd5/0x2a0 [ 79.110881][ T5684] __x64_sys_exit_group+0x3e/0x50 [ 79.112865][ T5684] x64_sys_call+0x102c/0x1530 [ 79.114662][ T5684] do_syscall_64+0x10b/0xf80 [ 79.116372][ T5684] ? clear_bhb_loop+0x40/0x90 [ 79.118615][ T5684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.120682][ T5684] RIP: 0033:0x7f86edb946c5 [ 79.122201][ T5684] Code: Unable to access opcode bytes at 0x7f86edb9469b. [ 79.124383][ T5684] RSP: 002b:00007ffe0360d588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 79.127030][ T5684] RAX: ffffffffffffffda RBX: 0000556aa8bde2c0 RCX: 00007f86edb946c5 [ 79.129475][ T5684] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000 [ 79.131962][ T5684] RBP: 00007ffe0360d8b8 R08: 0000000000000000 R09: 0000000000000000 [ 79.134440][ T5684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe0360d8b0 [ 79.137000][ T5684] R13: 00007ffe0360d8c0 R14: 00007f86edda4000 R15: 0000556a73d27d98 [ 79.142054][ T5684] [ 79.143778][ T5684] Kernel Offset: disabled [ 79.145250][ T5684] Rebooting in 86400 seconds..