last executing test programs: 1.55142092s ago: executing program 1 (id=27): renameat2(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.355577865s ago: executing program 1 (id=29): syz_open_dev$drirender(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$drirender(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$drirender(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$drirender(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$drirender(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$drirender(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$drirender(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$drirender(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$drirender(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$drirender(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$drirender(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$drirender(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$drirender(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$drirender(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$drirender(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$drirender(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$drirender(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$drirender(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$drirender(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$drirender(&(0x7f0000000500), 0x4, 0x800) 1.093525332s ago: executing program 1 (id=30): landlock_restrict_self(0xffffffffffffffff, 0x0) 882.563297ms ago: executing program 0 (id=32): socket$nl_crypto(0x10, 0x3, 0x15) 882.040977ms ago: executing program 1 (id=33): syz_open_dev$dmmidi(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$dmmidi(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$dmmidi(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$dmmidi(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$dmmidi(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$dmmidi(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$dmmidi(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$dmmidi(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$dmmidi(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$dmmidi(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$dmmidi(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$dmmidi(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$dmmidi(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$dmmidi(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$dmmidi(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$dmmidi(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$dmmidi(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$dmmidi(&(0x7f0000000500), 0x4, 0x800) 662.223513ms ago: executing program 0 (id=34): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats', 0x0, 0x0) 525.704836ms ago: executing program 1 (id=35): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l/by-path/platform-soc@0:qcom_cam-req-mgr-video-index0', 0x2, 0x0) 436.591219ms ago: executing program 0 (id=36): getrandom(&(0x7f0000000000), 0x0, 0x0) 372.947571ms ago: executing program 1 (id=37): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 296.438543ms ago: executing program 0 (id=38): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pmem0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pmem0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/pmem0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pmem0', 0x800, 0x0) 124.601177ms ago: executing program 0 (id=39): lsm_set_self_attr(0x0, &(0x7f0000000000), 0x0, 0x0) 0s ago: executing program 0 (id=40): setrlimit(0x0, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:59890' (ED25519) to the list of known hosts. [ 125.241899][ T29] audit: type=1400 audit(125.030:58): avc: denied { name_bind } for pid=3271 comm="sshd" src=30005 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 125.564172][ T29] audit: type=1400 audit(125.360:59): avc: denied { execute } for pid=3273 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 125.567691][ T29] audit: type=1400 audit(125.360:60): avc: denied { execute_no_trans } for pid=3273 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 130.656368][ T29] audit: type=1400 audit(130.450:61): avc: denied { mounton } for pid=3273 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1736 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 130.667536][ T29] audit: type=1400 audit(130.460:62): avc: denied { mount } for pid=3273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 130.703067][ T3273] cgroup: Unknown subsys name 'net' [ 130.721030][ T29] audit: type=1400 audit(130.510:63): avc: denied { unmount } for pid=3273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 131.043894][ T3273] cgroup: Unknown subsys name 'cpuset' [ 131.069184][ T3273] cgroup: Unknown subsys name 'rlimit' [ 131.399719][ T29] audit: type=1400 audit(131.190:64): avc: denied { setattr } for pid=3273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 131.403292][ T29] audit: type=1400 audit(131.190:65): avc: denied { create } for pid=3273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 131.409030][ T29] audit: type=1400 audit(131.200:66): avc: denied { write } for pid=3273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 131.413976][ T29] audit: type=1400 audit(131.200:67): avc: denied { module_request } for pid=3273 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 131.566198][ T29] audit: type=1400 audit(131.360:68): avc: denied { read } for pid=3273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 131.581629][ T29] audit: type=1400 audit(131.370:69): avc: denied { mounton } for pid=3273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 131.599295][ T29] audit: type=1400 audit(131.390:70): avc: denied { mount } for pid=3273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 131.960281][ T3276] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 132.058451][ T3273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 137.583723][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 137.583851][ T29] audit: type=1400 audit(137.370:75): avc: denied { execmem } for pid=3277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 137.670171][ T29] audit: type=1400 audit(137.460:76): avc: denied { read } for pid=3279 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 137.676979][ T29] audit: type=1400 audit(137.470:77): avc: denied { open } for pid=3279 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 137.698966][ T29] audit: type=1400 audit(137.490:78): avc: denied { mounton } for pid=3279 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 138.317233][ T29] audit: type=1400 audit(138.110:79): avc: denied { mount } for pid=3280 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 138.335854][ T29] audit: type=1400 audit(138.130:80): avc: denied { mounton } for pid=3279 comm="syz-executor" path="/syzkaller.iRTHlV/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 138.353225][ T29] audit: type=1400 audit(138.140:81): avc: denied { mount } for pid=3280 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 138.380924][ T29] audit: type=1400 audit(138.170:82): avc: denied { mounton } for pid=3279 comm="syz-executor" path="/syzkaller.iRTHlV/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 138.394953][ T29] audit: type=1400 audit(138.180:83): avc: denied { mounton } for pid=3280 comm="syz-executor" path="/syzkaller.gnPyS8/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2480 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 138.421612][ T29] audit: type=1400 audit(138.210:84): avc: denied { unmount } for pid=3279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 142.992903][ C1] [ 142.993317][ C1] ============================= [ 142.993539][ C1] [ BUG: Invalid wait context ] [ 142.994172][ C1] 6.13.0-rc1-syzkaller-00005-gceb8bf2ceaa7 #0 Not tainted [ 142.994579][ C1] ----------------------------- [ 142.994809][ C1] syz.0.40/3323 is trying to lock: [ 142.995092][ C1] ffff00007fc1ffd8 (&zone->lock){..-.}-{3:3}, at: __rmqueue_pcplist+0x388/0x1178 [ 142.998236][ C1] other info that might help us debug this: [ 142.998587][ C1] context-{2:2} [ 142.998879][ C1] 4 locks held by syz.0.40/3323: [ 142.999137][ C1] #0: ffff0000171eed10 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0xe4/0x94c [ 142.999765][ C1] #1: ffff800086f89760 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x0/0x290 [ 143.000374][ C1] #2: ffff00000fbdcc78 (ptlock_ptr(ptdesc)){+.+.}-{3:3}, at: __pte_offset_map_lock+0x118/0x2ec [ 143.000905][ C1] #3: ffff000069f98698 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x428/0x20f0 [ 143.001446][ C1] stack backtrace: [ 143.002014][ C1] CPU: 1 UID: 0 PID: 3323 Comm: syz.0.40 Not tainted 6.13.0-rc1-syzkaller-00005-gceb8bf2ceaa7 #0 [ 143.002599][ C1] Hardware name: linux,dummy-virt (DT) [ 143.003134][ C1] Call trace: [ 143.003476][ C1] show_stack+0x18/0x24 (C) [ 143.003828][ C1] dump_stack_lvl+0xa4/0xf4 [ 143.004078][ C1] dump_stack+0x1c/0x28 [ 143.004309][ C1] __lock_acquire+0x1514/0x6604 [ 143.004563][ C1] lock_acquire+0x450/0x76c [ 143.004775][ C1] _raw_spin_lock_irqsave+0x58/0x80 [ 143.005011][ C1] __rmqueue_pcplist+0x388/0x1178 [ 143.005233][ C1] get_page_from_freelist+0x4a0/0x20f0 [ 143.005480][ C1] __alloc_pages_noprof+0x1b4/0x2248 [ 143.005708][ C1] alloc_pages_mpol_noprof+0x104/0x490 [ 143.005956][ C1] alloc_pages_noprof+0x178/0x1ec [ 143.006188][ C1] stack_depot_save_flags+0x508/0x95c [ 143.006449][ C1] kasan_save_stack+0x50/0x64 [ 143.006673][ C1] __kasan_record_aux_stack+0xa0/0xb8 [ 143.006923][ C1] kasan_record_aux_stack+0x14/0x20 [ 143.007151][ C1] task_work_add+0x9c/0x35c [ 143.007388][ C1] run_posix_cpu_timers+0x51c/0x810 [ 143.007627][ C1] update_process_times+0x16c/0x444 [ 143.007859][ C1] tick_nohz_handler+0x198/0x40c [ 143.008108][ C1] __hrtimer_run_queues+0x5ec/0x964 [ 143.008395][ C1] hrtimer_interrupt+0x2a0/0x768 [ 143.008625][ C1] arch_timer_handler_phys+0x40/0x6c [ 143.008874][ C1] handle_percpu_devid_irq+0x19c/0x30c [ 143.009137][ C1] generic_handle_domain_irq+0x78/0xa4 [ 143.009390][ C1] gic_handle_irq+0x54/0x184 [ 143.009635][ C1] call_on_irq_stack+0x24/0x4c [ 143.009860][ C1] do_interrupt_handler+0x12c/0x150 [ 143.010088][ C1] el1_interrupt+0x34/0x54 [ 143.010312][ C1] el1h_64_irq_handler+0x18/0x24 [ 143.010606][ C1] el1h_64_irq+0x6c/0x70 [ 143.010897][ C1] __kasan_check_write+0x20/0x2c (P) [ 143.011175][ C1] __kasan_check_write+0x20/0x2c (L) [ 143.011437][ C1] folio_remove_rmap_ptes+0x6c/0x380 [ 143.011668][ C1] unmap_page_range+0xe38/0x2318 [ 143.011881][ C1] unmap_single_vma.constprop.0+0xb4/0x188 [ 143.012261][ C1] unmap_vmas+0x194/0x318 [ 143.012454][ C1] exit_mmap+0x138/0x94c [ 143.012715][ C1] __mmput+0xa8/0x39c [ 143.012901][ C1] mmput+0x88/0x98 [ 143.013075][ C1] do_exit+0x6d4/0x2048 [ 143.013411][ C1] do_group_exit+0xa4/0x208 [ 143.013663][ C1] __arm64_sys_exit_group+0x3c/0x44 [ 143.013878][ C1] invoke_syscall+0x6c/0x258 [ 143.014082][ C1] el0_svc_common.constprop.0+0xac/0x230 [ 143.014362][ C1] do_el0_svc_compat+0x40/0x68 [ 143.014592][ C1] el0_svc_compat+0x4c/0x17c [ 143.014793][ C1] el0t_32_sync_handler+0x98/0x13c [ 143.015019][ C1] el0t_32_sync+0x19c/0x1a0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) VM DIAGNOSIS: 17:30:44 Registers: info registers vcpu 0 CPU#0 PC=ffff800081050e78 X00=ffff8000a1387ad0 X01=ffff000014913c80 X02=1fffe00002922791 X03=0000000000000001 X04=0000000000000000 X05=00000000f3f3f300 X06=0000800000000000 X07=ffff700014270f82 X08=0000000041b58ab3 X09=dfff800000000000 X10=ffff700014270f3e X11=1ffff00014270f3e X12=dfff800000000000 X13=000000000000f1f1 X14=00000000f200f204 X15=00000000f204f204 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=ffff00000f04a878 X20=ffff00000eb6c000 X21=ffff00000f04a800 X22=ffff00001227dcf0 X23=ffff800086d8d000 X24=ffff800087185b00 X25=ffff8000808f96f8 X26=1ffff00014270f28 X27=ffff800086d8ce08 X28=0000000000000000 X29=ffff8000a13879e0 X30=ffff8000808c4db8 SP=ffff8000a13878c0 PSTATE=60000005 -ZC- EL1h FPCR=00000000 FPSR=00000000 Q00=2f2f2f2f2f2f2f2f:2f2f2f2f2f2f2f2f Q01=0000000000003334:2f68637461772f76 Q02=c0fcc0fcc0fc0000:3000000000003000 Q03=0000000000000000:ff0000000000ff00 Q04=3003300330033003:3003300330033003 Q05=bcbcbc0030000030:bcbcbc0030000030 Q06=c00c000000000000:c00c000000000000 Q07=0000aaaad6673790:000002da00000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000002000:0000000000000000 Q17=000000000000000b:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008044bea8 X00=ffff8000866ca898 X01=0000000000000000 X02=1ffff00010cd9513 X03=0000000000000003 X04=ffff800086301140 X05=dfff800000000000 X06=1ffff00010c60228 X07=dfff800000000000 X08=1ffff000119eaca3 X09=0000000041b58ab3 X10=ffff7000119eacb7 X11=1ffff000119eacb7 X12=ffff7000119eacb8 X13=0000000000000004 X14=0000000000000000 X15=fffffffffffcfa08 X16=0000000000000000 X17=0000000000000000 X18=0000000000000004 X19=ffff8000866ca000 X20=ffff800086301000 X21=ffff80008cf561f0 X22=ffff80008cf561d0 X23=ffff8000808cfc0c X24=ffff80008cf56210 X25=ffff80008cf56230 X26=00000000ffffffff X27=000000000003a12a X28=ffff80008cf56a08 X29=ffff80008cf560c0 X30=ffff80008044cfb4 SP=ffff80008cf560c0 PSTATE=100000c5 ---V EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000 Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000 Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000 Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000