syzbot

panic: Incrementing non-positive ref count 0xc000020a40 owned by *mm.SpecialMappable

goroutine 122682 [running]:
panic(0x100cc20, 0xc0005a16e0)
	GOROOT/src/runtime/panic.go:1064 +0x46d fp=0xc000ea3448 sp=0xc000ea3390 pc=0x43438d
gvisor.dev/gvisor/pkg/sentry/mm.(*SpecialMappableRefs).IncRef(0xc000020a40)
	bazel-out/k8-fastbuild/bin/pkg/sentry/mm/special_mappable_refs.go:83 +0xe0 fp=0xc000ea34b0 sp=0xc000ea3448 pc=0x7dc550
gvisor.dev/gvisor/pkg/sentry/mm.(*MemoryManager).Fork(0xc000717000, 0x14045a0, 0xc00090ea80, 0x0, 0x0, 0x0)
	pkg/sentry/mm/lifecycle.go:133 +0x6e5 fp=0xc000ea3800 sp=0xc000ea34b0 pc=0x7c3915
gvisor.dev/gvisor/pkg/sentry/kernel.(*TaskContext).Fork(0xc00090f238, 0x14045a0, 0xc00090ea80, 0xc000372000, 0xc00089ea00, 0xc000ea38f8, 0x7f8ca8, 0x7f3ce4d739f0)
	pkg/sentry/kernel/task_context.go:101 +0x1ca fp=0xc000ea3868 sp=0xc000ea3800 pc=0x95716a
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Clone(0xc00090ea80, 0xc000ea3ae0, 0xc000000000, 0x0, 0x0, 0x0)
	pkg/sentry/kernel/task_clone.go:252 +0x342 fp=0xc000ea3ab0 sp=0xc000ea3868 pc=0x954612
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.clone(0xc00090ea80, 0x1200011, 0x0, 0x0, 0x169cc10, 0x169c940, 0xc000ea3bc8, 0x47bc71, 0xfbe0, 0xc000ea3bc4)
	pkg/sentry/syscalls/linux/sys_thread.go:270 +0x165 fp=0xc000ea3b48 sp=0xc000ea3ab0 pc=0xa07365
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Clone(0xc00090ea80, 0x1200011, 0x0, 0x0, 0x169cc10, 0x169c940, 0x0, 0xc000ea3c14, 0xdcf948, 0x65, ...)
	pkg/sentry/syscalls/linux/sys_clone_amd64.go:37 +0xa3 fp=0xc000ea3ba8 sp=0xc000ea3b48 pc=0x9cfef3
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).executeSyscall(0xc00090ea80, 0x38, 0x1200011, 0x0, 0x0, 0x169cc10, 0x169c940, 0x0, 0x0, 0x11f2b20, ...)
	pkg/sentry/kernel/task_syscall.go:117 +0x1b6 fp=0xc000ea3c68 sp=0xc000ea3ba8 pc=0x971a56
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke(0xc00090ea80, 0x38, 0x1200011, 0x0, 0x0, 0x169cc10, 0x169c940, 0x0, 0x169c940, 0x0)
	pkg/sentry/kernel/task_syscall.go:292 +0x70 fp=0xc000ea3cf0 sp=0xc000ea3c68 pc=0x972d40
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter(0xc00090ea80, 0x38, 0x1200011, 0x0, 0x0, 0x169cc10, 0x169c940, 0x0, 0x13d2001, 0x100000000000000)
	pkg/sentry/kernel/task_syscall.go:239 +0xb4 fp=0xc000ea3d50 sp=0xc000ea3cf0 pc=0x9727f4
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).doSyscall(0xc00090ea80, 0x2, 0xc00090ea80)
	pkg/sentry/kernel/task_syscall.go:206 +0x198 fp=0xc000ea3e10 sp=0xc000ea3d50 pc=0x9720d8
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0x0, 0xc00090ea80, 0x13d2080, 0x0)
	pkg/sentry/kernel/task_run.go:321 +0xd88 fp=0xc000ea3f60 sp=0xc000ea3e10 pc=0x965068
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc00090ea80, 0x39)
	pkg/sentry/kernel/task_run.go:97 +0x1bd fp=0xc000ea3fd0 sp=0xc000ea3f60 pc=0x963bad
runtime.goexit()
	src/runtime/asm_amd64.s:1373 +0x1 fp=0xc000ea3fd8 sp=0xc000ea3fd0 pc=0x467da1
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
	pkg/sentry/kernel/task_start.go:371 +0x112