last executing test programs:

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:50252' (ED25519) to the list of known hosts.
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xa9000)
[   40.477082][ T1126] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[   40.479770][ T1126] ata1: failed to read log page 10h (errno=-5)
[   40.482238][ T1126] ata1.00: exception Emask 0x1 SAct 0xc000 SErr 0x0 action 0x0
[   40.485241][ T1126] ata1.00: irq_stat 0x41000000
[   40.488627][ T1126] ata1.00: failed command: READ FPDMA QUEUED
[   40.491026][ T1126] ata1.00: cmd 60/48:70:d6:33:04/05:00:00:00:00/40 tag 14 ncq dma 692224 in
[   40.491026][ T1126]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   40.497129][ T1126] ata1.00: status: { DRDY }
[   40.498621][ T1126] ata1.00: error: { ABRT }
[   40.500121][ T1126] ata1.00: failed command: READ FPDMA QUEUED
[   40.502067][ T1126] ata1.00: cmd 60/b8:78:1e:39:04/02:00:00:00:00/40 tag 15 ncq dma 356352 in
[   40.502067][ T1126]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   40.507668][ T1126] ata1.00: status: { DRDY }
[   40.509151][ T1126] ata1.00: error: { ABRT }
[   40.511273][ T1126] ata1.00: configured for UDMA/100
[   40.513350][ T1126] sd 0:0:0:0: [sda] tag#14 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[   40.516510][ T1126] sd 0:0:0:0: [sda] tag#14 Sense Key : Aborted Command [current] 
[   40.518862][ T1126] sd 0:0:0:0: [sda] tag#14 Add. Sense: No additional sense information
[   40.521484][ T1126] sd 0:0:0:0: [sda] tag#14 CDB: Read(10) 28 00 00 04 33 d6 00 05 48 00
[   40.524117][ T1126] I/O error, dev sda, sector 275414 op 0x0:(READ) flags 0x84700 phys_seg 168 prio class 2
[   40.528023][ T1126] sd 0:0:0:0: [sda] tag#15 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[   40.531180][ T1126] sd 0:0:0:0: [sda] tag#15 Sense Key : Aborted Command [current] 
[   40.533950][ T1126] sd 0:0:0:0: [sda] tag#15 Add. Sense: No additional sense information
[   40.536629][ T1126] sd 0:0:0:0: [sda] tag#15 CDB: Read(10) 28 00 00 04 39 1e 00 02 b8 00
[   40.539220][ T1126] I/O error, dev sda, sector 276766 op 0x0:(READ) flags 0x80700 phys_seg 86 prio class 2
[   40.542426][ T1126] ata1: EH complete
[   42.781414][ T5657] cgroup: Unknown subsys name 'net'
[   42.919804][ T5657] cgroup: Unknown subsys name 'cpuset'
[   42.923949][ T5657] cgroup: Unknown subsys name 'rlimit'
[   43.039016][ T5696] 
[   43.039834][ T5696] =====================================
[   43.041543][ T5696] WARNING: bad unlock balance detected!
[   43.043362][ T5696] syzkaller #0 Not tainted
[   43.044821][ T5696] -------------------------------------
[   43.046650][ T5696] rm/5696 is trying to release lock (rcu_read_lock) at:
[   43.048726][ T5696] [<ffffffff8258d61c>] __zap_vma_range+0x22dc/0x4bf0
[   43.050793][ T5696] but there are no more locks to release!
[   43.052544][ T5696] 
[   43.052544][ T5696] other info that might help us debug this:
[   43.054977][ T5696] 1 lock held by rm/5696:
[   43.056295][ T5696]  #0: ffff888025cd7178 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x124/0xa10
[   43.059065][ T5696] 
[   43.059065][ T5696] stack backtrace:
[   43.060865][ T5696] CPU: 1 UID: 0 PID: 5696 Comm: rm Not tainted syzkaller #0 PREEMPT(full) 
[   43.060878][ T5696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   43.060884][ T5696] Call Trace:
[   43.060889][ T5696]  <TASK>
[   43.060893][ T5696]  dump_stack_lvl+0x100/0x190
[   43.060904][ T5696]  ? __zap_vma_range+0x22dc/0x4bf0
[   43.060915][ T5696]  print_unlock_imbalance_bug.part.0+0xfb/0x106
[   43.060932][ T5696]  ? __zap_vma_range+0x22dc/0x4bf0
[   43.060944][ T5696]  lock_release+0x28d/0x310
[   43.060954][ T5696]  __zap_vma_range+0x22e1/0x4bf0
[   43.060970][ T5696]  ? __pfx___zap_vma_range+0x10/0x10
[   43.060982][ T5696]  ? find_held_lock+0x2b/0x80
[   43.060996][ T5696]  unmap_vmas+0x299/0x5f0
[   43.061023][ T5696]  ? __pfx_unmap_vmas+0x10/0x10
[   43.061034][ T5696]  ? mas_next_slot+0x10a3/0x1960
[   43.061050][ T5696]  exit_mmap+0x1ef/0xa10
[   43.061063][ T5696]  ? __pfx_exit_mmap+0x10/0x10
[   43.061075][ T5696]  ? trace_contention_end+0x122/0x170
[   43.061086][ T5696]  ? uprobe_clear_state+0x5f/0x260
[   43.061095][ T5696]  ? uprobe_clear_state+0x5f/0x260
[   43.061105][ T5696]  ? __lock_acquire+0x4a5/0x2630
[   43.061116][ T5696]  ? arch_uprobe_clear_state+0x107/0x150
[   43.061129][ T5696]  __mmput+0x12a/0x410
[   43.061141][ T5696]  mmput+0x67/0x80
[   43.061157][ T5696]  do_exit+0x833/0x2a60
[   43.061172][ T5696]  ? do_raw_spin_lock+0x128/0x260
[   43.061184][ T5696]  ? __pfx_do_exit+0x10/0x10
[   43.061198][ T5696]  ? do_group_exit+0x1bd/0x2a0
[   43.061213][ T5696]  ? rcu_is_watching+0x12/0xc0
[   43.061226][ T5696]  do_group_exit+0xd5/0x2a0
[   43.061241][ T5696]  __x64_sys_exit_group+0x3e/0x50
[   43.061257][ T5696]  x64_sys_call+0x102c/0x1530
[   43.061270][ T5696]  do_syscall_64+0x10b/0xf80
[   43.061282][ T5696]  ? clear_bhb_loop+0x40/0x90
[   43.061293][ T5696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.061304][ T5696] RIP: 0033:0x7fa6bc8586c5
[   43.061312][ T5696] Code: Unable to access opcode bytes at 0x7fa6bc85869b.
[   43.061316][ T5696] RSP: 002b:00007ffcce58f088 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[   43.061326][ T5696] RAX: ffffffffffffffda RBX: 00007fa6bc959fe8 RCX: 00007fa6bc8586c5
[   43.061332][ T5696] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
[   43.061338][ T5696] RBP: 0000000000000001 R08: 00007ffcce58f018 R09: 0000000000000000
[   43.061344][ T5696] R10: 00007ffcce58eeb0 R11: 0000000000000202 R12: 0000000000000000
[   43.061350][ T5696] R13: 0000000000000000 R14: 00007fa6bc958680 R15: 00007fa6bc95a000
[   43.061358][ T5696]  </TASK>
[   43.134833][ T5696] ------------[ cut here ]------------
[   43.188020][ T5696] rrln < 0 || rrln > RCU_NEST_PMAX
[   43.188028][ T5696] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x235/0x5e0, CPU#0: rm/5696
[   43.192854][ T5696] Modules linked in:
[   43.194851][ T5696] CPU: 0 UID: 0 PID: 5696 Comm: rm Not tainted syzkaller #0 PREEMPT(full) 
Setting up swapspace version 1, size = 127995904 bytes
[   43.279656][ T5696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   43.282840][ T5696] RIP: 0010:__rcu_read_unlock+0x235/0x5e0
[   43.284770][ T5696] Code: 74 11 c7 45 58 01 00 00 00 bf 09 00 00 00 e8 92 a3 da ff e8 9d e2 22 00 9c 58 f6 c4 02 0f 85 dd 02 00 00 fb e9 57 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d9 e0 9c 09 e8 44 64 87
[   43.333473][ T5696] RSP: 0018:ffffc90003d7f778 EFLAGS: 00010286
[   43.335428][ T5696] RAX: 00000000ffffffff RBX: ffff888029068000 RCX: ffffffff81e7203e
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xa8000)
[   43.378867][ T5696] RDX: 0000000000000000 RSI: ffffffff8def4169 RDI: ffff8880290684c4
[   43.381365][ T5696] RBP: 0000000000000004 R08: 0000000000000005 R09: 0000000000000000
[   43.383844][ T5696] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888025cd76f8
[   43.426970][ T5696] R13: fffffbfff21afcbc R14: 0000000000000000 R15: 00007fa6bc76c000
[   43.429465][ T5696] FS:  0000000000000000(0000) GS:ffff888097180000(0000) knlGS:0000000000000000
[   43.432178][ T5696] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.434230][ T5696] CR2: 00007fdc3700a6b0 CR3: 000000000e596000 CR4: 0000000000352ef0
[   43.477214][ T5696] Call Trace:
[   43.478354][ T5696]  <TASK>
[   43.479884][ T5696]  __zap_vma_range+0x22e6/0x4bf0
[   43.485375][ T5696]  ? __pfx___zap_vma_range+0x10/0x10
[   43.528231][ T5696]  ? find_held_lock+0x2b/0x80
[   43.531222][ T5696]  unmap_vmas+0x299/0x5f0
[   43.533785][ T5696]  ? __pfx_unmap_vmas+0x10/0x10
[   43.535969][ T5696]  ? mas_next_slot+0x10a3/0x1960
[   43.579807][ T5696]  exit_mmap+0x1ef/0xa10
[   43.582003][ T5696]  ? __pfx_exit_mmap+0x10/0x10
[   43.583790][ T5696]  ? trace_contention_end+0x122/0x170
[   43.637729][ T5696]  ? uprobe_clear_state+0x5f/0x260
[   43.639517][ T5696]  ? uprobe_clear_state+0x5f/0x260
[   43.642516][ T5696]  ? __lock_acquire+0x4a5/0x2630
[   43.759945][ T5696]  ? arch_uprobe_clear_state+0x107/0x150
[   43.762863][ T5696]  __mmput+0x12a/0x410
[   43.764765][ T5696]  mmput+0x67/0x80
[   43.811135][ T5696]  do_exit+0x833/0x2a60
[   43.813392][ T5696]  ? do_raw_spin_lock+0x128/0x260
[   43.815292][ T5696]  ? __pfx_do_exit+0x10/0x10
[   43.916847][ T5696]  ? do_group_exit+0x1bd/0x2a0
[   43.918806][ T5696]  ? rcu_is_watching+0x12/0xc0
[   43.921455][ T5696]  do_group_exit+0xd5/0x2a0
[   43.923608][ T5696]  __x64_sys_exit_group+0x3e/0x50
[   43.925480][ T5696]  x64_sys_call+0x102c/0x1530
[   44.021997][ T5696]  do_syscall_64+0x10b/0xf80
[   44.023625][ T5696]  ? clear_bhb_loop+0x40/0x90
[   44.025799][ T5696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.068309][ T5696] RIP: 0033:0x7fa6bc8586c5
[   44.069772][ T5696] Code: Unable to access opcode bytes at 0x7fa6bc85869b.
[   44.071767][ T5696] RSP: 002b:00007ffcce58f088 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[   44.074319][ T5696] RAX: ffffffffffffffda RBX: 00007fa6bc959fe8 RCX: 00007fa6bc8586c5
[   44.148177][ T5696] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
[   44.150720][ T5696] RBP: 0000000000000001 R08: 00007ffcce58f018 R09: 0000000000000000
[   44.153162][ T5696] R10: 00007ffcce58eeb0 R11: 0000000000000202 R12: 0000000000000000
[   44.155613][ T5696] R13: 0000000000000000 R14: 00007fa6bc958680 R15: 00007fa6bc95a000
[   44.200550][ T5696]  </TASK>
[   44.201560][ T5696] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   44.203788][ T5696] CPU: 0 UID: 0 PID: 5696 Comm: rm Not tainted syzkaller #0 PREEMPT(full) 
[   44.206407][ T5696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   44.209564][ T5696] Call Trace:
[   44.210718][ T5696]  <TASK>
[   44.211774][ T5696]  dump_stack_lvl+0x100/0x190
[   44.213964][ T5696]  vpanic+0x552/0x970
[   44.215601][ T5696]  ? __pfx_vpanic+0x10/0x10
[   44.218802][ T5696]  panic+0xd1/0xe0
[   44.220385][ T5696]  ? __pfx_panic+0x10/0x10
[   44.223679][ T5696]  ? check_panic_on_warn+0x1f/0x90
[   44.225952][ T5696]  check_panic_on_warn.cold+0x19/0x34
[   44.228042][ T5696]  ? __rcu_read_unlock+0x235/0x5e0
[   44.229984][ T5696]  __warn.cold+0x191/0x328
[   44.232327][ T5696]  __report_bug+0x296/0x3d0
[   44.233907][ T5696]  ? __rcu_read_unlock+0x235/0x5e0
[   44.236198][ T5696]  ? __pfx___report_bug+0x10/0x10
[   44.238268][ T5696]  ? is_bpf_text_address+0x8a/0x1a0
[   44.240048][ T5696]  ? lock_release+0x245/0x310
[   44.241683][ T5696]  ? bpf_ksym_find+0x124/0x1c0
[   44.243999][ T5696]  ? __pfx___schedule+0x10/0x10
[   44.246218][ T5696]  ? preempt_schedule_irq+0x7b/0x90
[   44.248427][ T5696]  ? __rcu_read_unlock+0x235/0x5e0
[   44.250464][ T5696]  report_bug+0xb2/0x220
[   44.252180][ T5696]  ? __rcu_read_unlock+0x235/0x5e0
[   44.254166][ T5696]  handle_bug+0x16a/0x2a0
[   44.256022][ T5696]  exc_invalid_op+0x17/0x50
[   44.257856][ T5696]  asm_exc_invalid_op+0x1a/0x20
[   44.259586][ T5696] RIP: 0010:__rcu_read_unlock+0x235/0x5e0
[   44.261463][ T5696] Code: 74 11 c7 45 58 01 00 00 00 bf 09 00 00 00 e8 92 a3 da ff e8 9d e2 22 00 9c 58 f6 c4 02 0f 85 dd 02 00 00 fb e9 57 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d9 e0 9c 09 e8 44 64 87
[   44.267302][ T5696] RSP: 0018:ffffc90003d7f778 EFLAGS: 00010286
[   44.269196][ T5696] RAX: 00000000ffffffff RBX: ffff888029068000 RCX: ffffffff81e7203e
[   44.271605][ T5696] RDX: 0000000000000000 RSI: ffffffff8def4169 RDI: ffff8880290684c4
[   44.274075][ T5696] RBP: 0000000000000004 R08: 0000000000000005 R09: 0000000000000000
[   44.276492][ T5696] R10: 0000000080000000 R11: 0000000000000001 R12: ffff888025cd76f8
[   44.278910][ T5696] R13: fffffbfff21afcbc R14: 0000000000000000 R15: 00007fa6bc76c000
[   44.282629][ T5696]  ? nbcon_cpu_emergency_exit+0x11e/0x1e0
[   44.286307][ T5696]  __zap_vma_range+0x22e6/0x4bf0
[   44.292492][ T5696]  ? __pfx___zap_vma_range+0x10/0x10
[   44.295542][ T5696]  ? find_held_lock+0x2b/0x80
[   44.298665][ T5696]  unmap_vmas+0x299/0x5f0
[   44.301416][ T5696]  ? __pfx_unmap_vmas+0x10/0x10
[   44.303691][ T5696]  ? mas_next_slot+0x10a3/0x1960
[   44.308432][ T5696]  exit_mmap+0x1ef/0xa10
[   44.310727][ T5696]  ? __pfx_exit_mmap+0x10/0x10
[   44.312523][ T5696]  ? trace_contention_end+0x122/0x170
[   44.315300][ T5696]  ? uprobe_clear_state+0x5f/0x260
[   44.317086][ T5696]  ? uprobe_clear_state+0x5f/0x260
[   44.320321][ T5696]  ? __lock_acquire+0x4a5/0x2630
[   44.324308][ T5696]  ? arch_uprobe_clear_state+0x107/0x150
[   44.327365][ T5696]  __mmput+0x12a/0x410
[   44.329363][ T5696]  mmput+0x67/0x80
[   44.330942][ T5696]  do_exit+0x833/0x2a60
[   44.333218][ T5696]  ? do_raw_spin_lock+0x128/0x260
[   44.335150][ T5696]  ? __pfx_do_exit+0x10/0x10
[   44.336761][ T5696]  ? do_group_exit+0x1bd/0x2a0
[   44.338705][ T5696]  ? rcu_is_watching+0x12/0xc0
[   44.341407][ T5696]  do_group_exit+0xd5/0x2a0
[   44.343661][ T5696]  __x64_sys_exit_group+0x3e/0x50
[   44.345515][ T5696]  x64_sys_call+0x102c/0x1530
[   44.347202][ T5696]  do_syscall_64+0x10b/0xf80
[   44.348825][ T5696]  ? clear_bhb_loop+0x40/0x90
[   44.351093][ T5696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.353082][ T5696] RIP: 0033:0x7fa6bc8586c5
[   44.354586][ T5696] Code: Unable to access opcode bytes at 0x7fa6bc85869b.
[   44.356702][ T5696] RSP: 002b:00007ffcce58f088 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[   44.359278][ T5696] RAX: ffffffffffffffda RBX: 00007fa6bc959fe8 RCX: 00007fa6bc8586c5
[   44.361701][ T5696] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
[   44.364139][ T5696] RBP: 0000000000000001 R08: 00007ffcce58f018 R09: 0000000000000000
[   44.366636][ T5696] R10: 00007ffcce58eeb0 R11: 0000000000000202 R12: 0000000000000000
[   44.369166][ T5696] R13: 0000000000000000 R14: 00007fa6bc958680 R15: 00007fa6bc95a000
[   44.374233][ T5696]  </TASK>
[   44.375940][ T5696] Kernel Offset: disabled
[   44.377449][ T5696] Rebooting in 86400 seconds..