last executing test programs:

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:64629' (ED25519) to the list of known hosts.
syzkaller login: [   56.651939][ T5533] cgroup: Unknown subsys name 'net'
[   56.808518][ T5533] cgroup: Unknown subsys name 'cpuset'
[   56.817568][ T5533] cgroup: Unknown subsys name 'rlimit'
[   56.933971][ T5543] 
[   56.934985][ T5543] =====================================
[   56.937125][ T5543] WARNING: bad unlock balance detected!
[   56.939221][ T5543] syzkaller #0 Not tainted
[   56.940911][ T5543] -------------------------------------
[   56.943070][ T5543] sshd/5543 is trying to release lock (rcu_read_lock) at:
[   56.945646][ T5543] [<ffffffff8219432b>] do_pte_missing+0x125b/0x33f0
[   56.948058][ T5543] but there are no more locks to release!
[   56.950154][ T5543] 
[   56.950154][ T5543] other info that might help us debug this:
[   56.953137][ T5543] 1 lock held by sshd/5543:
[   56.954911][ T5543]  #0: ffff888109268b08 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500
[   56.958466][ T5543] 
[   56.958466][ T5543] stack backtrace:
[   56.960788][ T5543] CPU: 0 UID: 0 PID: 5543 Comm: sshd Not tainted syzkaller #0 PREEMPT(full) 
[   56.960830][ T5543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   56.960841][ T5543] Call Trace:
[   56.960849][ T5543]  <TASK>
[   56.960856][ T5543]  dump_stack_lvl+0xe8/0x150
[   56.960875][ T5543]  ? do_pte_missing+0x125b/0x33f0
[   56.960894][ T5543]  print_unlock_imbalance_bug+0xdc/0xf0
[   56.960913][ T5543]  lock_release+0x248/0x3c0
[   56.960933][ T5543]  ? do_pte_missing+0x125b/0x33f0
[   56.960951][ T5543]  ? do_pte_missing+0x125b/0x33f0
[   56.960968][ T5543]  do_pte_missing+0x1fc4/0x33f0
[   56.960989][ T5543]  ? handle_mm_fault+0xee/0x3170
[   56.961005][ T5543]  handle_mm_fault+0x1bd7/0x3170
[   56.961025][ T5543]  ? handle_mm_fault+0xee/0x3170
[   56.961041][ T5543]  ? __pfx_handle_mm_fault+0x10/0x10
[   56.961055][ T5543]  ? lock_vma_under_rcu+0x45a/0x500
[   56.961080][ T5543]  do_user_addr_fault+0xa73/0x1340
[   56.961097][ T5543]  ? rcu_is_watching+0x15/0xb0
[   56.961112][ T5543]  ? trace_page_fault_user+0x84/0x1e0
[   56.961126][ T5543]  exc_page_fault+0x6a/0xc0
[   56.961143][ T5543]  asm_exc_page_fault+0x26/0x30
[   56.961156][ T5543] RIP: 0033:0x7f33b05c4661
[   56.961170][ T5543] Code: 4c 8d 35 38 ca 01 00 41 55 41 54 41 bc 0c 00 00 00 55 53 48 8b 1f 4c 8b 6a 28 48 03 5a 10 49 29 dc 4a 8d 04 23 4c 39 e8 73 3b <8b> 2b 83 fd 04 75 1b 83 7b 08 05 75 15 48 8d 7b 0c ba 04 00 00 00
[   56.961181][ T5543] RSP: 002b:00007ffc134b6a50 EFLAGS: 00010283
[   56.961194][ T5543] RAX: 000000000000000c RBX: 00007f33b056d580 RCX: 00007f33b05e5350
[   56.961203][ T5543] RDX: 00007f33b04f9190 RSI: 0000000000000003 RDI: 00007f33b05b4500
[   56.961212][ T5543] RBP: 00007ffc134b6be0 R08: 000000006ffffdff R09: 000000006ffffeff
[   56.961221][ T5543] R10: 000000006fffff41 R11: 000000006ffffe35 R12: ffff80cc4fa92a8c
[   56.961230][ T5543] R13: 0000000000000030 R14: 00007f33b05e1076 R15: 00000000effffef5
[   56.961244][ T5543]  </TASK>
[   57.031856][ T5543] ------------[ cut here ]------------
[   57.074395][ T5543] rrln < 0 || rrln > RCU_NEST_PMAX
[   57.074405][ T5543] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x79/0xe0, CPU#0: sshd/5543
[   57.079790][ T5543] Modules linked in:
[   57.081224][ T5543] CPU: 0 UID: 0 PID: 5543 Comm: sshd Not tainted syzkaller #0 PREEMPT(full) 
[   57.084704][ T5543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   57.088513][ T5543] RIP: 0010:__rcu_read_unlock+0x79/0xe0
[   57.090790][ T5543] Code: 75 66 41 83 3e 00 75 27 43 0f b6 04 3c 84 c0 75 41 8b 03 3d 00 00 00 40 73 0f 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 90 <0f> 0b 90 eb eb e8 6d 00 00 00 eb d2 89 d9 80 e1 07 80 c1 03 38 c1
[   57.097983][ T5543] RSP: 0000:ffffc90004377b10 EFLAGS: 00010286
[   57.100538][ T5543] RAX: 00000000ffffffff RBX: ffff8881694edd44 RCX: 0000000000000046
[   57.104195][ T5543] RDX: 0000000000000000 RSI: ffffffff8e218380 RDI: ffff8881694ed880
[   57.107648][ T5543] RBP: 0000000000000067 R08: 0000000000000003 R09: 0000000000000004
[   57.111033][ T5543] R10: dffffc0000000000 R11: fffffbfff1d06d14 R12: 1ffff1102d29dba8
[   57.114548][ T5543] R13: 0000000000000100 R14: 0000000000000074 R15: dffffc0000000000
[   57.117952][ T5543] FS:  0000000000000000(0000) GS:ffff88818dc90000(0000) knlGS:0000000000000000
Setting up swapspace version 1, size = 127995904 bytes
[   57.121438][ T5543] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.231540][ T5543] CR2: 00007f33b056d580 CR3: 0000000113c00000 CR4: 00000000000006f0
[   57.234958][ T5543] Call Trace:
[   57.236349][ T5543]  <TASK>
[   57.238166][ T5543]  ? do_pte_missing+0x125b/0x33f0
[   57.240305][ T5543]  do_pte_missing+0x1fc9/0x33f0
[   57.245466][ T5543]  ? handle_mm_fault+0xee/0x3170
[   57.248809][ T5543]  handle_mm_fault+0x1bd7/0x3170
[   57.254696][ T5543]  ? handle_mm_fault+0xee/0x3170
[   57.258775][ T5543]  ? __pfx_handle_mm_fault+0x10/0x10
[   57.260995][ T5543]  ? lock_vma_under_rcu+0x45a/0x500
[   57.269248][ T5543]  do_user_addr_fault+0xa73/0x1340
[   57.273391][ T5543]  ? rcu_is_watching+0x15/0xb0
[   57.275915][ T5543]  ? trace_page_fault_user+0x84/0x1e0
[   57.279108][ T5543]  exc_page_fault+0x6a/0xc0
[   57.281736][ T5543]  asm_exc_page_fault+0x26/0x30
[   57.284028][ T5543] RIP: 0033:0x7f33b05c4661
[   57.285836][ T5543] Code: 4c 8d 35 38 ca 01 00 41 55 41 54 41 bc 0c 00 00 00 55 53 48 8b 1f 4c 8b 6a 28 48 03 5a 10 49 29 dc 4a 8d 04 23 4c 39 e8 73 3b <8b> 2b 83 fd 04 75 1b 83 7b 08 05 75 15 48 8d 7b 0c ba 04 00 00 00
[   57.293364][ T5543] RSP: 002b:00007ffc134b6a50 EFLAGS: 00010283
[   57.295604][ T5543] RAX: 000000000000000c RBX: 00007f33b056d580 RCX: 00007f33b05e5350
[   57.298532][ T5543] RDX: 00007f33b04f9190 RSI: 0000000000000003 RDI: 00007f33b05b4500
[   57.301381][ T5543] RBP: 00007ffc134b6be0 R08: 000000006ffffdff R09: 000000006ffffeff
[   57.304383][ T5543] R10: 000000006fffff41 R11: 000000006ffffe35 R12: ffff80cc4fa92a8c
[   57.307434][ T5543] R13: 0000000000000030 R14: 00007f33b05e1076 R15: 00000000effffef5
[   57.314384][ T5543]  </TASK>
[   57.315587][ T5543] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   57.318423][ T5543] CPU: 0 UID: 0 PID: 5543 Comm: sshd Not tainted syzkaller #0 PREEMPT(full) 
[   57.321804][ T5543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   57.325630][ T5543] Call Trace:
[   57.327111][ T5543]  <TASK>
[   57.328437][ T5543]  vpanic+0x56c/0xa60
[   57.330745][ T5543]  ? __pfx__printk+0x10/0x10
[   57.333312][ T5543]  ? __pfx_vpanic+0x10/0x10
[   57.335234][ T5543]  ? is_bpf_text_address+0x292/0x2b0
[   57.337729][ T5543]  ? is_bpf_text_address+0x26/0x2b0
[   57.342463][ T5543]  panic+0xc5/0xd0
[   57.344624][ T5543]  ? __pfx_panic+0x10/0x10
[   57.351209][ T5543]  __warn+0x315/0x4c0
[   57.352679][ T5543]  ? __rcu_read_unlock+0x79/0xe0
[   57.354819][ T5543]  ? __rcu_read_unlock+0x79/0xe0
[   57.357038][ T5543]  __report_bug+0x29a/0x540
[   57.360123][ T5543]  ? __rcu_read_unlock+0x79/0xe0
[   57.362566][ T5543]  ? __pfx___report_bug+0x10/0x10
[   57.367415][ T5543]  ? __rcu_read_unlock+0x79/0xe0
[   57.369480][ T5543]  report_bug+0x16a/0x220
[   57.371364][ T5543]  ? __rcu_read_unlock+0x79/0xe0
[   57.373181][ T5543]  ? __rcu_read_unlock+0x7b/0xe0
[   57.374951][ T5543]  handle_bug+0x9c/0x200
[   57.376792][ T5543]  exc_invalid_op+0x1a/0x50
[   57.378648][ T5543]  asm_exc_invalid_op+0x1a/0x20
[   57.380458][ T5543] RIP: 0010:__rcu_read_unlock+0x79/0xe0
[   57.382326][ T5543] Code: 75 66 41 83 3e 00 75 27 43 0f b6 04 3c 84 c0 75 41 8b 03 3d 00 00 00 40 73 0f 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 90 <0f> 0b 90 eb eb e8 6d 00 00 00 eb d2 89 d9 80 e1 07 80 c1 03 38 c1
[   57.388384][ T5543] RSP: 0000:ffffc90004377b10 EFLAGS: 00010286
[   57.390182][ T5543] RAX: 00000000ffffffff RBX: ffff8881694edd44 RCX: 0000000000000046
[   57.392694][ T5543] RDX: 0000000000000000 RSI: ffffffff8e218380 RDI: ffff8881694ed880
[   57.395377][ T5543] RBP: 0000000000000067 R08: 0000000000000003 R09: 0000000000000004
[   57.398073][ T5543] R10: dffffc0000000000 R11: fffffbfff1d06d14 R12: 1ffff1102d29dba8
[   57.400647][ T5543] R13: 0000000000000100 R14: 0000000000000074 R15: dffffc0000000000
[   57.407385][ T5543]  ? do_pte_missing+0x125b/0x33f0
[   57.409171][ T5543]  do_pte_missing+0x1fc9/0x33f0
[   57.412892][ T5543]  ? handle_mm_fault+0xee/0x3170
[   57.415465][ T5543]  handle_mm_fault+0x1bd7/0x3170
[   57.419885][ T5543]  ? handle_mm_fault+0xee/0x3170
[   57.422980][ T5543]  ? __pfx_handle_mm_fault+0x10/0x10
[   57.424850][ T5543]  ? lock_vma_under_rcu+0x45a/0x500
[   57.430885][ T5543]  do_user_addr_fault+0xa73/0x1340
[   57.434353][ T5543]  ? rcu_is_watching+0x15/0xb0
[   57.436527][ T5543]  ? trace_page_fault_user+0x84/0x1e0
[   57.439176][ T5543]  exc_page_fault+0x6a/0xc0
[   57.441574][ T5543]  asm_exc_page_fault+0x26/0x30
[   57.443396][ T5543] RIP: 0033:0x7f33b05c4661
[   57.445191][ T5543] Code: 4c 8d 35 38 ca 01 00 41 55 41 54 41 bc 0c 00 00 00 55 53 48 8b 1f 4c 8b 6a 28 48 03 5a 10 49 29 dc 4a 8d 04 23 4c 39 e8 73 3b <8b> 2b 83 fd 04 75 1b 83 7b 08 05 75 15 48 8d 7b 0c ba 04 00 00 00
[   57.450589][ T5543] RSP: 002b:00007ffc134b6a50 EFLAGS: 00010283
[   57.452840][ T5543] RAX: 000000000000000c RBX: 00007f33b056d580 RCX: 00007f33b05e5350
[   57.455582][ T5543] RDX: 00007f33b04f9190 RSI: 0000000000000003 RDI: 00007f33b05b4500
[   57.458741][ T5543] RBP: 00007ffc134b6be0 R08: 000000006ffffdff R09: 000000006ffffeff
[   57.461367][ T5543] R10: 000000006fffff41 R11: 000000006ffffe35 R12: ffff80cc4fa92a8c
[   57.464037][ T5543] R13: 0000000000000030 R14: 00007f33b05e1076 R15: 00000000effffef5
[   57.469234][ T5543]  </TASK>
[   57.471042][ T5543] Kernel Offset: disabled
[   57.472913][ T5543] Rebooting in 86400 seconds..
