Warning: Permanently added '[localhost]:36937' (ED25519) to the list of known hosts.
2025/11/03 22:41:01 parsed 1 programs
syzkaller login: [   86.892212][   T10] cfg80211: failed to load regulatory.db
[   87.795073][ T5815] cgroup: Unknown subsys name 'net'
[   87.903187][ T5815] cgroup: Unknown subsys name 'cpuset'
[   87.907155][ T5815] cgroup: Unknown subsys name 'rlimit'
[   89.454523][ T5815] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.080942][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.152786][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.155454][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.187382][   T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.189969][   T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.695574][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   93.787180][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.791199][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.794150][ T5859] bridge_slave_0: entered allmulticast mode
[   93.797790][ T5859] bridge_slave_0: entered promiscuous mode
[   93.803966][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.806913][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.809927][ T5859] bridge_slave_1: entered allmulticast mode
[   93.814445][ T5859] bridge_slave_1: entered promiscuous mode
[   93.913291][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.920282][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.962210][ T5859] team0: Port device team_slave_0 added
[   93.965513][ T5859] team0: Port device team_slave_1 added
[   93.990138][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.993370][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   94.002551][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.007914][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.010793][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   94.020820][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.058722][ T5859] hsr_slave_0: entered promiscuous mode
[   94.062044][ T5859] hsr_slave_1: entered promiscuous mode
[   94.217562][ T5859] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   94.223910][ T5859] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   94.228345][ T5859] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   94.232921][ T5859] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   94.287166][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.299018][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   94.305466][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.307894][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.314338][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.316743][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.418954][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.443199][ T5859] veth0_vlan: entered promiscuous mode
[   94.448374][ T5859] veth1_vlan: entered promiscuous mode
[   94.463334][ T5859] veth0_macvtap: entered promiscuous mode
[   94.467703][ T5859] veth1_macvtap: entered promiscuous mode
[   94.479109][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.487469][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.496229][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.500062][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.504142][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.509743][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.589869][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.633263][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.704123][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.759100][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.149417][ T5202] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.154072][ T5202] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.156757][ T5202] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.160054][ T5202] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.163758][ T5202] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/11/03 22:41:12 executed programs: 0
[   96.147139][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.150785][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.154086][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.157886][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.161463][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.314905][ T5919] chnl_net:caif_netlink_parms(): no params data found
[   96.387899][ T5919] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.391351][ T5919] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.394087][ T5919] bridge_slave_0: entered allmulticast mode
[   96.397531][ T5919] bridge_slave_0: entered promiscuous mode
[   96.401484][ T5919] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.403702][ T5919] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.405958][ T5919] bridge_slave_1: entered allmulticast mode
[   96.408574][ T5919] bridge_slave_1: entered promiscuous mode
[   96.427525][ T5919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.431995][ T5919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.452306][ T5919] team0: Port device team_slave_0 added
[   96.455942][ T5919] team0: Port device team_slave_1 added
[   96.477894][ T5919] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.479936][ T5919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   96.490926][ T5919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.499949][ T5919] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.503032][ T5919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   96.512949][ T5919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.551813][ T5919] hsr_slave_0: entered promiscuous mode
[   96.554605][ T5919] hsr_slave_1: entered promiscuous mode
[   96.557339][ T5919] debugfs: 'hsr0' already exists in 'hsr'
[   96.559548][ T5919] Cannot create hsr debugfs directory
[   97.732846][   T12] bridge_slave_1: left allmulticast mode
[   97.734951][   T12] bridge_slave_1: left promiscuous mode
[   97.737054][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.770108][   T12] bridge_slave_0: left allmulticast mode
[   97.774920][   T12] bridge_slave_0: left promiscuous mode
[   97.777896][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.020981][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   98.026763][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   98.032687][   T12] bond0 (unregistering): Released all slaves
[   98.140215][   T12] hsr_slave_0: left promiscuous mode
[   98.143163][   T12] hsr_slave_1: left promiscuous mode
[   98.145811][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   98.148735][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   98.153299][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   98.156167][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   98.170845][   T55] Bluetooth: hci0: command tx timeout
[   98.173234][   T12] veth1_macvtap: left promiscuous mode
[   98.175499][   T12] veth0_macvtap: left promiscuous mode
[   98.177760][   T12] veth1_vlan: left promiscuous mode
[   98.179880][   T12] veth0_vlan: left promiscuous mode
[   98.436698][   T12] team0 (unregistering): Port device team_slave_1 removed
[   98.455283][   T12] team0 (unregistering): Port device team_slave_0 removed
[   98.892032][ T5919] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.907071][ T5919] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.913461][ T5919] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.923373][ T5919] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.005037][ T5919] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.021116][ T5919] 8021q: adding VLAN 0 to HW filter on device team0
[   99.033270][  T184] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.036186][  T184] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.043405][  T184] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.046233][  T184] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.430152][ T5919] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.468521][ T5919] veth0_vlan: entered promiscuous mode
[   99.477521][ T5919] veth1_vlan: entered promiscuous mode
[   99.504287][ T5919] veth0_macvtap: entered promiscuous mode
[   99.510191][ T5919] veth1_macvtap: entered promiscuous mode
[   99.524190][ T5919] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.530696][ T5919] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.539079][ T5827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.542259][ T5827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.545069][ T5827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.547660][ T5827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.601388][  T184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.603980][  T184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.624306][  T184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.627108][  T184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.251505][   T55] Bluetooth: hci0: command tx timeout
2025/11/03 22:41:17 executed programs: 4
[  102.332800][   T55] Bluetooth: hci0: command tx timeout
[  104.411529][   T55] Bluetooth: hci0: command tx timeout
[  106.695427][ T6004] 
[  106.696505][ T6004] ======================================================
[  106.699218][ T6004] WARNING: possible circular locking dependency detected
[  106.701834][ T6004] syzkaller #0 Not tainted
[  106.704139][ T6004] ------------------------------------------------------
[  106.707126][ T6004] syz.0.24/6004 is trying to acquire lock:
[  106.709352][ T6004] ffff88810f7fcd20 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x126/0xb40
[  106.712255][ T6004] 
[  106.712255][ T6004] but task is already holding lock:
[  106.715179][ T6004] ffff888111ad0f88 (vm_lock){++++}-{0:0}, at: __vma_start_write+0x23/0x140
[  106.718699][ T6004] 
[  106.718699][ T6004] which lock already depends on the new lock.
[  106.718699][ T6004] 
[  106.722838][ T6004] 
[  106.722838][ T6004] the existing dependency chain (in reverse order) is:
[  106.726398][ T6004] 
[  106.726398][ T6004] -> #1 (vm_lock){++++}-{0:0}:
[  106.729108][ T6004]        lock_acquire+0x120/0x360
[  106.731094][ T6004]        __vma_enter_locked+0x1a0/0x570
[  106.733236][ T6004]        __vma_start_write+0x23/0x140
[  106.735332][ T6004]        mprotect_fixup+0x57d/0x9c0
[  106.737350][ T6004]        setup_arg_pages+0x52a/0xa90
[  106.739459][ T6004]        load_elf_binary+0xba4/0x2740
[  106.741593][ T6004]        bprm_execve+0x99c/0x1450
[  106.743606][ T6004]        kernel_execve+0x8f0/0x9f0
[  106.745580][ T6004]        try_to_run_init_process+0x13/0x60
[  106.747811][ T6004]        kernel_init+0xad/0x1d0
[  106.749711][ T6004]        ret_from_fork+0x4bc/0x870
[  106.751630][ T6004]        ret_from_fork_asm+0x1a/0x30
[  106.753751][ T6004] 
[  106.753751][ T6004] -> #0 (&mm->mmap_lock){++++}-{4:4}:
[  106.756633][ T6004]        validate_chain+0xb9b/0x2140
[  106.758671][ T6004]        __lock_acquire+0xab9/0xd20
[  106.760628][ T6004]        lock_acquire+0x120/0x360
[  106.762565][ T6004]        down_read+0x46/0x2e0
[  106.764401][ T6004]        exit_mmap+0x126/0xb40
[  106.766293][ T6004]        __mmput+0x118/0x430
[  106.768119][ T6004]        copy_mm+0x1f3/0x4b0
[  106.769908][ T6004]        copy_process+0x1706/0x3c00
[  106.771883][ T6004]        kernel_clone+0x21e/0x840
[  106.773826][ T6004]        __x64_sys_clone+0x18b/0x1e0
[  106.775872][ T6004]        do_syscall_64+0xfa/0xfa0
[  106.777870][ T6004]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.780342][ T6004] 
[  106.780342][ T6004] other info that might help us debug this:
[  106.780342][ T6004] 
[  106.784210][ T6004]  Possible unsafe locking scenario:
[  106.784210][ T6004] 
[  106.787163][ T6004]        CPU0                    CPU1
[  106.789299][ T6004]        ----                    ----
[  106.791438][ T6004]   lock(vm_lock);
[  106.792947][ T6004]                                lock(&mm->mmap_lock);
[  106.795533][ T6004]                                lock(vm_lock);
[  106.797805][ T6004]   rlock(&mm->mmap_lock);
[  106.799241][ T6004] 
[  106.799241][ T6004]  *** DEADLOCK ***
[  106.799241][ T6004] 
[  106.801709][ T6004] 2 locks held by syz.0.24/6004:
[  106.803364][ T6004]  #0: ffffffff8dff64d0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x131/0x4b0
[  106.805999][ T6004]  #1: ffff888111ad0f88 (vm_lock){++++}-{0:0}, at: __vma_start_write+0x23/0x140
[  106.809120][ T6004] 
[  106.809120][ T6004] stack backtrace:
[  106.810967][ T6004] CPU: 0 UID: 0 PID: 6004 Comm: syz.0.24 Not tainted syzkaller #0 PREEMPT(full) 
[  106.810976][ T6004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  106.810981][ T6004] Call Trace:
[  106.810986][ T6004]  <TASK>
[  106.810989][ T6004]  dump_stack_lvl+0x189/0x250
[  106.811002][ T6004]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.811011][ T6004]  ? __pfx__printk+0x10/0x10
[  106.811017][ T6004]  ? stack_trace_save+0x9c/0xe0
[  106.811028][ T6004]  print_circular_bug+0x2ee/0x310
[  106.811037][ T6004]  check_noncircular+0x134/0x160
[  106.811046][ T6004]  validate_chain+0xb9b/0x2140
[  106.811055][ T6004]  ? look_up_lock_class+0x74/0x170
[  106.811065][ T6004]  ? register_lock_class+0x51/0x320
[  106.811072][ T6004]  __lock_acquire+0xab9/0xd20
[  106.811080][ T6004]  ? exit_mmap+0x126/0xb40
[  106.811093][ T6004]  lock_acquire+0x120/0x360
[  106.811099][ T6004]  ? exit_mmap+0x126/0xb40
[  106.811109][ T6004]  ? rcu_is_watching+0x15/0xb0
[  106.811117][ T6004]  down_read+0x46/0x2e0
[  106.811126][ T6004]  ? exit_mmap+0x126/0xb40
[  106.811136][ T6004]  exit_mmap+0x126/0xb40
[  106.811145][ T6004]  ? uprobe_clear_state+0x20f/0x290
[  106.811152][ T6004]  ? __pfx_exit_mmap+0x10/0x10
[  106.811161][ T6004]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  106.811171][ T6004]  ? __pfx_exit_aio+0x10/0x10
[  106.811179][ T6004]  ? uprobe_clear_state+0x27c/0x290
[  106.811185][ T6004]  ? mm_init+0xd74/0xfa0
[  106.811192][ T6004]  __mmput+0x118/0x430
[  106.811199][ T6004]  copy_mm+0x1f3/0x4b0
[  106.811207][ T6004]  copy_process+0x1706/0x3c00
[  106.811216][ T6004]  ? copy_process+0x97f/0x3c00
[  106.811224][ T6004]  ? __pfx_copy_process+0x10/0x10
[  106.811233][ T6004]  kernel_clone+0x21e/0x840
[  106.811241][ T6004]  ? css_rstat_updated+0x23a/0x4f0
[  106.811249][ T6004]  ? __pfx_kernel_clone+0x10/0x10
[  106.811258][ T6004]  ? count_memcg_event_mm+0x21/0x260
[  106.811267][ T6004]  __x64_sys_clone+0x18b/0x1e0
[  106.811275][ T6004]  ? __pfx___x64_sys_clone+0x10/0x10
[  106.811286][ T6004]  ? do_user_addr_fault+0xc85/0x1380
[  106.811293][ T6004]  ? do_syscall_64+0xbe/0xfa0
[  106.811302][ T6004]  do_syscall_64+0xfa/0xfa0
[  106.811311][ T6004]  ? lockdep_hardirqs_on+0x9c/0x150
[  106.811319][ T6004]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.811325][ T6004]  ? exc_page_fault+0xab/0x100
[  106.811335][ T6004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.811342][ T6004] RIP: 0033:0x7f45ab18efc9
[  106.811351][ T6004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.811357][ T6004] RSP: 002b:00007f45abfaefe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  106.811365][ T6004] RAX: ffffffffffffffda RBX: 00007f45ab3e6090 RCX: 00007f45ab18efc9
[  106.811370][ T6004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001000
[  106.811374][ T6004] RBP: 00007f45ab211f91 R08: 0000000000000000 R09: 0000000000000000
[  106.811378][ T6004] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  106.811382][ T6004] R13: 00007f45ab3e6128 R14: 00007f45ab3e6090 R15: 00007ffe9b2a02c8
[  106.811389][ T6004]  </TASK>
[  106.923617][ T6004] ------------[ cut here ]------------
[  106.925714][ T6004] refcount_t: saturated; leaking memory.
[  106.928139][ T6004] WARNING: CPU: 0 PID: 6004 at lib/refcount.c:19 refcount_warn_saturate+0x13a/0x1d0
[  106.931752][ T6004] Modules linked in:
[  106.933272][ T6004] CPU: 0 UID: 0 PID: 6004 Comm: syz.0.24 Not tainted syzkaller #0 PREEMPT(full) 
[  106.936896][ T6004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  106.940763][ T6004] RIP: 0010:refcount_warn_saturate+0x13a/0x1d0
[  106.942743][ T6004] Code: 20 57 be 8b e8 87 a8 f9 fc 90 0f 0b 90 90 eb b7 e8 6b 8c 36 fd c6 05 1b 75 dd 0a 01 90 48 c7 c7 60 56 be 8b e8 67 a8 f9 fc 90 <0f> 0b 90 90 eb 97 e8 4b 8c 36 fd c6 05 ff 74 dd 0a 01 90 48 c7 c7
[  106.949780][ T6004] RSP: 0018:ffffc900036f75a8 EFLAGS: 00010246
[  106.951997][ T6004] RAX: 37ca69179b3b1c00 RBX: 0000000000000000 RCX: ffff88810c6c0000
[  106.954913][ T6004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  106.957436][ T6004] RBP: ffffc900036f76b0 R08: 0000000000000003 R09: 0000000000000004
[  106.959977][ T6004] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: ffff888111ad0f80
[  106.963157][ T6004] R13: 1ffff920006deec4 R14: ffff888111ad0f80 R15: 0000000000000000
[  106.965678][ T6004] FS:  00007f45abfaf6c0(0000) GS:ffff88818eb3e000(0000) knlGS:0000000000000000
[  106.968353][ T6004] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  106.970417][ T6004] CR2: 00007f45abfaefc8 CR3: 00000001bbaba000 CR4: 00000000000006f0
[  106.973009][ T6004] Call Trace:
[  106.974202][ T6004]  <TASK>
[  106.975310][ T6004]  __vma_enter_locked+0x534/0x570
[  106.977162][ T6004]  ? __pfx___vma_enter_locked+0x10/0x10
[  106.979174][ T6004]  ? lock_release+0x4b/0x3e0
[  106.980764][ T6004]  __vma_start_write+0x23/0x140
[  106.982525][ T6004]  vma_modify+0xce0/0x1970
[  106.984205][ T6004]  vma_modify_flags_uffd+0x204/0x250
[  106.986044][ T6004]  ? __pfx_vma_modify_flags_uffd+0x10/0x10
[  106.988371][ T6004]  ? mas_find+0xb0e/0xd30
[  106.989956][ T6004]  userfaultfd_release_all+0x34c/0x5d0
[  106.991846][ T6004]  ? __pfx_userfaultfd_release_all+0x10/0x10
[  106.994103][ T6004]  userfaultfd_release+0xe7/0x1b0
[  106.995670][ T6004]  ? __pfx_userfaultfd_release+0x10/0x10
[  106.997374][ T6004]  ? evm_file_release+0x108/0x1e0
[  106.998927][ T6004]  ? __pfx_userfaultfd_release+0x10/0x10
[  107.000703][ T6004]  __fput+0x44c/0xa70
[  107.001882][ T6004]  task_work_run+0x1d4/0x260
[  107.003267][ T6004]  ? __pfx_task_work_run+0x10/0x10
[  107.004767][ T6004]  ? kernel_clone+0x238/0x840
[  107.006159][ T6004]  ? css_rstat_updated+0x23a/0x4f0
[  107.007702][ T6004]  get_signal+0x11ec/0x1340
[  107.009103][ T6004]  ? count_memcg_event_mm+0x21/0x260
[  107.010749][ T6004]  arch_do_signal_or_restart+0xa0/0x790
[  107.012496][ T6004]  ? __pfx___x64_sys_clone+0x10/0x10
[  107.014159][ T6004]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  107.016064][ T6004]  ? rcu_is_watching+0x15/0xb0
[  107.017569][ T6004]  exit_to_user_mode_loop+0x72/0x130
[  107.019328][ T6004]  do_syscall_64+0x2bd/0xfa0
[  107.021074][ T6004]  ? lockdep_hardirqs_on+0x9c/0x150
[  107.022875][ T6004]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.024939][ T6004]  ? exc_page_fault+0xab/0x100
[  107.026419][ T6004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.028246][ T6004] RIP: 0033:0x7f45ab18efc9
[  107.029647][ T6004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.036318][ T6004] RSP: 002b:00007f45abfaefe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  107.038937][ T6004] RAX: fffffffffffffff4 RBX: 00007f45ab3e6090 RCX: 00007f45ab18efc9
[  107.042218][ T6004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001000
[  107.045194][ T6004] RBP: 00007f45ab211f91 R08: 0000000000000000 R09: 0000000000000000
[  107.048000][ T6004] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  107.051055][ T6004] R13: 00007f45ab3e6128 R14: 00007f45ab3e6090 R15: 00007ffe9b2a02c8
[  107.054079][ T6004]  </TASK>
[  107.055309][ T6004] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  107.057855][ T6004] CPU: 0 UID: 0 PID: 6004 Comm: syz.0.24 Not tainted syzkaller #0 PREEMPT(full) 
[  107.061092][ T6004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  107.064866][ T6004] Call Trace:
[  107.066154][ T6004]  <TASK>
[  107.067275][ T6004]  dump_stack_lvl+0x99/0x250
[  107.069054][ T6004]  ? __asan_memcpy+0x40/0x70
[  107.070824][ T6004]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.072797][ T6004]  ? __pfx__printk+0x10/0x10
[  107.074578][ T6004]  vpanic+0x237/0x6d0
[  107.076106][ T6004]  ? __pfx_vpanic+0x10/0x10
[  107.077857][ T6004]  panic+0xb9/0xc0
[  107.079273][ T6004]  ? __pfx_panic+0x10/0x10
[  107.081055][ T6004]  __warn+0x31b/0x4b0
[  107.082666][ T6004]  ? refcount_warn_saturate+0x13a/0x1d0
[  107.084842][ T6004]  ? refcount_warn_saturate+0x13a/0x1d0
[  107.087054][ T6004]  report_bug+0x2be/0x4f0
[  107.088792][ T6004]  ? refcount_warn_saturate+0x13a/0x1d0
[  107.090995][ T6004]  ? refcount_warn_saturate+0x13a/0x1d0
[  107.093124][ T6004]  ? refcount_warn_saturate+0x13c/0x1d0
[  107.095254][ T6004]  handle_bug+0x84/0x160
[  107.096905][ T6004]  exc_invalid_op+0x1a/0x50
[  107.098681][ T6004]  asm_exc_invalid_op+0x1a/0x20
[  107.100638][ T6004] RIP: 0010:refcount_warn_saturate+0x13a/0x1d0
[  107.103033][ T6004] Code: 20 57 be 8b e8 87 a8 f9 fc 90 0f 0b 90 90 eb b7 e8 6b 8c 36 fd c6 05 1b 75 dd 0a 01 90 48 c7 c7 60 56 be 8b e8 67 a8 f9 fc 90 <0f> 0b 90 90 eb 97 e8 4b 8c 36 fd c6 05 ff 74 dd 0a 01 90 48 c7 c7
[  107.110446][ T6004] RSP: 0018:ffffc900036f75a8 EFLAGS: 00010246
[  107.112806][ T6004] RAX: 37ca69179b3b1c00 RBX: 0000000000000000 RCX: ffff88810c6c0000
[  107.115965][ T6004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  107.119054][ T6004] RBP: ffffc900036f76b0 R08: 0000000000000003 R09: 0000000000000004
[  107.122213][ T6004] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: ffff888111ad0f80
[  107.125363][ T6004] R13: 1ffff920006deec4 R14: ffff888111ad0f80 R15: 0000000000000000
[  107.128489][ T6004]  ? refcount_warn_saturate+0x139/0x1d0
[  107.130671][ T6004]  __vma_enter_locked+0x534/0x570
[  107.132669][ T6004]  ? __pfx___vma_enter_locked+0x10/0x10
[  107.134845][ T6004]  ? lock_release+0x4b/0x3e0
[  107.136584][ T6004]  __vma_start_write+0x23/0x140
[  107.138459][ T6004]  vma_modify+0xce0/0x1970
[  107.140214][ T6004]  vma_modify_flags_uffd+0x204/0x250
[  107.142249][ T6004]  ? __pfx_vma_modify_flags_uffd+0x10/0x10
[  107.144550][ T6004]  ? mas_find+0xb0e/0xd30
[  107.146204][ T6004]  userfaultfd_release_all+0x34c/0x5d0
[  107.148375][ T6004]  ? __pfx_userfaultfd_release_all+0x10/0x10
[  107.150791][ T6004]  userfaultfd_release+0xe7/0x1b0
[  107.152842][ T6004]  ? __pfx_userfaultfd_release+0x10/0x10
[  107.155065][ T6004]  ? evm_file_release+0x108/0x1e0
[  107.157011][ T6004]  ? __pfx_userfaultfd_release+0x10/0x10
[  107.159152][ T6004]  __fput+0x44c/0xa70
[  107.160757][ T6004]  task_work_run+0x1d4/0x260
[  107.162598][ T6004]  ? __pfx_task_work_run+0x10/0x10
[  107.164571][ T6004]  ? kernel_clone+0x238/0x840
[  107.166429][ T6004]  ? css_rstat_updated+0x23a/0x4f0
[  107.168421][ T6004]  get_signal+0x11ec/0x1340
[  107.170210][ T6004]  ? count_memcg_event_mm+0x21/0x260
[  107.172271][ T6004]  arch_do_signal_or_restart+0xa0/0x790
[  107.174342][ T6004]  ? __pfx___x64_sys_clone+0x10/0x10
[  107.176300][ T6004]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  107.178676][ T6004]  ? rcu_is_watching+0x15/0xb0
[  107.180603][ T6004]  exit_to_user_mode_loop+0x72/0x130
[  107.182703][ T6004]  do_syscall_64+0x2bd/0xfa0
[  107.184570][ T6004]  ? lockdep_hardirqs_on+0x9c/0x150
[  107.186662][ T6004]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.189084][ T6004]  ? exc_page_fault+0xab/0x100
[  107.190998][ T6004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.193310][ T6004] RIP: 0033:0x7f45ab18efc9
[  107.195099][ T6004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.202812][ T6004] RSP: 002b:00007f45abfaefe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  107.206025][ T6004] RAX: fffffffffffffff4 RBX: 00007f45ab3e6090 RCX: 00007f45ab18efc9
[  107.209145][ T6004] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001000
[  107.212274][ T6004] RBP: 00007f45ab211f91 R08: 0000000000000000 R09: 0000000000000000
[  107.215430][ T6004] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  107.218498][ T6004] R13: 00007f45ab3e6128 R14: 00007f45ab3e6090 R15: 00007ffe9b2a02c8
[  107.221618][ T6004]  </TASK>
[  107.223590][ T6004] Kernel Offset: disabled
[  107.225236][ T6004] Rebooting in 86400 seconds..

VM DIAGNOSIS:
22:41:22  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900036f6e50
R8 =ffff888108eb8237 R9 =1ffff110211d7046 R10=dffffc0000000000 R11=ffffffff8514c9b0
R12=dffffc0000000000 R13=ffffffff997d6908 R14=ffffffff99ae9f20 R15=0000000000000000
RIP=ffffffff8514ca2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f45abfaf6c0 ffffffff 00c00000
GS =0000 ffff88818eb3e000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f45abfaefc8 CR3=00000001bbaba000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f45ab3b7498 00007f45ab3b7470 XMM03=00007f45ab3b74a8 00007f45ab3b74a0
XMM04=00007f45abf1d100 00007f45ab3b7460 XMM05=00007f45ab3b7478 00007f45ab3b74c0
XMM06=00007f45ab3b74b8 00007f45ab3b74b0 XMM07=00007f45ab3b74a8 00007f45ab3b74a0
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f45ab21315a
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=c8f46289a8933700 RBX=ffffffff81967be7 RCX=c8f46289a8933700 RDX=0000000000000001
RSI=ffffffff8d70bf1d RDI=ffffffff8bbf05e0 RBP=ffffc90000197f10 RSP=ffffc90000197de0
R8 =ffff88823c632fdb R9 =1ffff110478c65fb R10=dffffc0000000000 R11=ffffed10478c65fc
R12=ffffffff8f7cd470 R13=0000000000000001 R14=0000000000000001 R15=1ffff1102c1d3000
RIP=ffffffff8b460dd3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8882a9f3e000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555559e6c808 CR3=000000000dd38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffff00 ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f45ab21315a
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000