last executing test programs:

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:3424' (ED25519) to the list of known hosts.
[   41.741958][ T5651] cgroup: Unknown subsys name 'net'
[   41.906394][ T5651] cgroup: Unknown subsys name 'cpuset'
[   41.910441][ T5651] cgroup: Unknown subsys name 'rlimit'
[   42.067072][ T5659] 
[   42.067927][ T5659] =====================================
[   42.069761][ T5659] WARNING: bad unlock balance detected!
[   42.071538][ T5659] syzkaller #0 Not tainted
[   42.073024][ T5659] -------------------------------------
[   42.074802][ T5659] rm/5659 is trying to release lock (rcu_read_lock) at:
[   42.076948][ T5659] [<ffffffff8258d27c>] __zap_vma_range+0x22dc/0x4bf0
[   42.079153][ T5659] but there are no more locks to release!
[   42.080943][ T5659] 
[   42.080943][ T5659] other info that might help us debug this:
[   42.083832][ T5659] 1 lock held by rm/5659:
[   42.085221][ T5659]  #0: ffff88801b8d6538 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x124/0xa10
[   42.088066][ T5659] 
[   42.088066][ T5659] stack backtrace:
[   42.089988][ T5659] CPU: 2 UID: 0 PID: 5659 Comm: rm Not tainted syzkaller #0 PREEMPT(full) 
[   42.090001][ T5659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   42.090008][ T5659] Call Trace:
[   42.090013][ T5659]  <TASK>
[   42.090017][ T5659]  dump_stack_lvl+0x100/0x190
[   42.090029][ T5659]  ? __zap_vma_range+0x22dc/0x4bf0
[   42.090042][ T5659]  print_unlock_imbalance_bug.part.0+0xfb/0x106
[   42.090060][ T5659]  ? __zap_vma_range+0x22dc/0x4bf0
[   42.090071][ T5659]  lock_release+0x28d/0x310
[   42.090083][ T5659]  __zap_vma_range+0x22e1/0x4bf0
[   42.090099][ T5659]  ? __pfx___zap_vma_range+0x10/0x10
[   42.090111][ T5659]  ? find_held_lock+0x2b/0x80
[   42.090126][ T5659]  unmap_vmas+0x299/0x5f0
[   42.090139][ T5659]  ? __pfx_unmap_vmas+0x10/0x10
[   42.090151][ T5659]  ? mas_next_slot+0x10a3/0x1960
[   42.090168][ T5659]  exit_mmap+0x1ef/0xa10
[   42.090182][ T5659]  ? __pfx_exit_mmap+0x10/0x10
[   42.090194][ T5659]  ? trace_contention_end+0x122/0x170
[   42.090206][ T5659]  ? uprobe_clear_state+0x5f/0x260
[   42.090215][ T5659]  ? uprobe_clear_state+0x5f/0x260
[   42.090226][ T5659]  ? __lock_acquire+0x4a5/0x2630
[   42.090237][ T5659]  ? arch_uprobe_clear_state+0x107/0x150
[   42.090250][ T5659]  __mmput+0x12a/0x410
[   42.090264][ T5659]  mmput+0x67/0x80
[   42.090277][ T5659]  do_exit+0x833/0x2a60
[   42.090293][ T5659]  ? do_raw_spin_lock+0x128/0x260
[   42.090305][ T5659]  ? __pfx_do_exit+0x10/0x10
[   42.090320][ T5659]  ? do_group_exit+0x1bd/0x2a0
[   42.090336][ T5659]  ? rcu_is_watching+0x12/0xc0
[   42.090350][ T5659]  do_group_exit+0xd5/0x2a0
[   42.090366][ T5659]  __x64_sys_exit_group+0x3e/0x50
[   42.090383][ T5659]  x64_sys_call+0x102c/0x1530
[   42.090397][ T5659]  do_syscall_64+0x10b/0xf80
[   42.090410][ T5659]  ? clear_bhb_loop+0x40/0x90
[   42.090421][ T5659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.090432][ T5659] RIP: 0033:0x7f7aca2d66c5
[   42.090440][ T5659] Code: Unable to access opcode bytes at 0x7f7aca2d669b.
[   42.090445][ T5659] RSP: 002b:00007ffe56ec63f8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[   42.090455][ T5659] RAX: ffffffffffffffda RBX: 00007f7aca3d7fe8 RCX: 00007f7aca2d66c5
[   42.090461][ T5659] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
[   42.090467][ T5659] RBP: 0000000000000001 R08: 00007ffe56ec6388 R09: 0000000000000000
[   42.090473][ T5659] R10: 00007ffe56ec6220 R11: 0000000000000202 R12: 0000000000000000
[   42.090480][ T5659] R13: 0000000000000000 R14: 00007f7aca3d6680 R15: 00007f7aca3d8000
[   42.090488][ T5659]  </TASK>
[   42.168301][ T5659] ------------[ cut here ]------------
[   42.170166][ T5659] rrln < 0 || rrln > RCU_NEST_PMAX
[   42.170173][ T5659] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x235/0x5e0, CPU#3: rm/5659
[   42.213330][ T5659] Modules linked in:
[   42.214701][ T5659] CPU: 3 UID: 0 PID: 5659 Comm: rm Not tainted syzkaller #0 PREEMPT(full) 
[   42.264285][ T5659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   42.267491][ T5659] RIP: 0010:__rcu_read_unlock+0x235/0x5e0
[   42.269431][ T5659] Code: 74 11 c7 45 58 01 00 00 00 bf 09 00 00 00 e8 92 a3 da ff e8 fd de 22 00 9c 58 f6 c4 02 0f 85 dd 02 00 00 fb e9 57 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d9 f0 9c 09 e8 84 60 87
[   42.350600][ T5659] RSP: 0018:ffffc9000445f778 EFLAGS: 00010286
[   42.352627][ T5659] RAX: 00000000ffffffff RBX: ffff888029188000 RCX: ffffffff81e7203e
[   42.526411][ T5659] RDX: 0000000000000000 RSI: ffffffff8def466d RDI: ffff8880291884c4
[   42.528961][ T5659] RBP: 0000000000000004 R08: 0000000000000005 R09: 0000000000000000
[   42.531480][ T5659] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88801b8d6ab8
[   42.573419][ T5659] R13: fffffbfff21afcdc R14: 0000000000000000 R15: 0000556a06b21000
[   42.575944][ T5659] FS:  0000000000000000(0000) GS:ffff888097480000(0000) knlGS:0000000000000000
[   42.578804][ T5659] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.580915][ T5659] CR2: 00007f143e740e9c CR3: 000000000e596000 CR4: 0000000000352ef0
[   42.622118][ T5659] Call Trace:
[   42.661095][ T5659]  <TASK>
[   42.706184][ T5659]  __zap_vma_range+0x22e6/0x4bf0
[   42.712474][ T5659]  ? __pfx___zap_vma_range+0x10/0x10
[   42.751973][ T5659]  ? find_held_lock+0x2b/0x80
[   42.856175][ T5659]  unmap_vmas+0x299/0x5f0
[   42.859346][ T5659]  ? __pfx_unmap_vmas+0x10/0x10
[   42.862127][ T5659]  ? mas_next_slot+0x10a3/0x1960
[   42.906152][ T5659]  exit_mmap+0x1ef/0xa10
[   42.908786][ T5659]  ? __pfx_exit_mmap+0x10/0x10
[   42.911050][ T5659]  ? trace_contention_end+0x122/0x170
[   43.010192][ T5659]  ? uprobe_clear_state+0x5f/0x260
[   43.012528][ T5659]  ? uprobe_clear_state+0x5f/0x260
[   43.077583][ T5659]  ? __lock_acquire+0x4a5/0x2630
[   43.082087][ T5659]  ? arch_uprobe_clear_state+0x107/0x150
[   43.085844][ T5659]  __mmput+0x12a/0x410
[   43.088201][ T5659]  mmput+0x67/0x80
[   43.090095][ T5659]  do_exit+0x833/0x2a60
[   43.092813][ T5659]  ? do_raw_spin_lock+0x128/0x260
[   43.095205][ T5659]  ? __pfx_do_exit+0x10/0x10
[   43.097147][ T5659]  ? do_group_exit+0x1bd/0x2a0
[   43.099527][ T5659]  ? rcu_is_watching+0x12/0xc0
[   43.102798][ T5659]  do_group_exit+0xd5/0x2a0
[   43.105612][ T5659]  __x64_sys_exit_group+0x3e/0x50
[   43.107900][ T5659]  x64_sys_call+0x102c/0x1530
[   43.109959][ T5659]  do_syscall_64+0x10b/0xf80
[   43.111974][ T5659]  ? clear_bhb_loop+0x40/0x90
[   43.114858][ T5659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.117426][ T5659] RIP: 0033:0x7f7aca2d66c5
[   43.119300][ T5659] Code: Unable to access opcode bytes at 0x7f7aca2d669b.
[   43.122022][ T5659] RSP: 002b:00007ffe56ec63f8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[   43.125320][ T5659] RAX: ffffffffffffffda RBX: 00007f7aca3d7fe8 RCX: 00007f7aca2d66c5
[   43.128379][ T5659] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
[   43.131507][ T5659] RBP: 0000000000000001 R08: 00007ffe56ec6388 R09: 0000000000000000
[   43.134753][ T5659] R10: 00007ffe56ec6220 R11: 0000000000000202 R12: 0000000000000000
[   43.137788][ T5659] R13: 0000000000000000 R14: 00007f7aca3d6680 R15: 00007f7aca3d8000
[   43.144533][ T5659]  </TASK>
[   43.145832][ T5659] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   43.148652][ T5659] CPU: 3 UID: 0 PID: 5659 Comm: rm Not tainted syzkaller #0 PREEMPT(full) 
[   43.152029][ T5659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   43.155948][ T5659] Call Trace:
[   43.157461][ T5659]  <TASK>
[   43.158848][ T5659]  dump_stack_lvl+0x100/0x190
[   43.161660][ T5659]  vpanic+0x552/0x970
[   43.163845][ T5659]  ? __pfx_vpanic+0x10/0x10
[   43.168309][ T5659]  panic+0xd1/0xe0
[   43.170261][ T5659]  ? __pfx_panic+0x10/0x10
[   43.174269][ T5659]  ? check_panic_on_warn+0x1f/0x90
[   43.177103][ T5659]  check_panic_on_warn.cold+0x19/0x34
[   43.179669][ T5659]  ? __rcu_read_unlock+0x235/0x5e0
[   43.181703][ T5659]  __warn.cold+0x191/0x328
[   43.184600][ T5659]  __report_bug+0x296/0x3d0
[   43.186616][ T5659]  ? __rcu_read_unlock+0x235/0x5e0
[   43.189393][ T5659]  ? __pfx___report_bug+0x10/0x10
[   43.191978][ T5659]  ? is_bpf_text_address+0x8a/0x1a0
[   43.194152][ T5659]  ? lock_release+0x245/0x310
[   43.196154][ T5659]  ? bpf_ksym_find+0x124/0x1c0
[   43.198956][ T5659]  ? __pfx___schedule+0x10/0x10
[   43.201654][ T5659]  ? preempt_schedule_irq+0x7b/0x90
[   43.204371][ T5659]  ? __rcu_read_unlock+0x235/0x5e0
[   43.206978][ T5659]  report_bug+0xb2/0x220
[   43.209157][ T5659]  ? __rcu_read_unlock+0x235/0x5e0
[   43.211593][ T5659]  handle_bug+0x16a/0x2a0
[   43.213959][ T5659]  exc_invalid_op+0x17/0x50
[   43.216219][ T5659]  asm_exc_invalid_op+0x1a/0x20
[   43.218402][ T5659] RIP: 0010:__rcu_read_unlock+0x235/0x5e0
[   43.220766][ T5659] Code: 74 11 c7 45 58 01 00 00 00 bf 09 00 00 00 e8 92 a3 da ff e8 fd de 22 00 9c 58 f6 c4 02 0f 85 dd 02 00 00 fb e9 57 fe ff ff 90 <0f> 0b 90 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d9 f0 9c 09 e8 84 60 87
[   43.228397][ T5659] RSP: 0018:ffffc9000445f778 EFLAGS: 00010286
[   43.230859][ T5659] RAX: 00000000ffffffff RBX: ffff888029188000 RCX: ffffffff81e7203e
[   43.234028][ T5659] RDX: 0000000000000000 RSI: ffffffff8def466d RDI: ffff8880291884c4
[   43.237163][ T5659] RBP: 0000000000000004 R08: 0000000000000005 R09: 0000000000000000
[   43.240314][ T5659] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88801b8d6ab8
[   43.243517][ T5659] R13: fffffbfff21afcdc R14: 0000000000000000 R15: 0000556a06b21000
[   43.248118][ T5659]  ? nbcon_cpu_emergency_exit+0x11e/0x1e0
[   43.252498][ T5659]  __zap_vma_range+0x22e6/0x4bf0
[   43.259766][ T5659]  ? __pfx___zap_vma_range+0x10/0x10
[   43.263533][ T5659]  ? find_held_lock+0x2b/0x80
[   43.267350][ T5659]  unmap_vmas+0x299/0x5f0
[   43.270726][ T5659]  ? __pfx_unmap_vmas+0x10/0x10
[   43.273580][ T5659]  ? mas_next_slot+0x10a3/0x1960
[   43.279243][ T5659]  exit_mmap+0x1ef/0xa10
[   43.282030][ T5659]  ? __pfx_exit_mmap+0x10/0x10
[   43.284316][ T5659]  ? trace_contention_end+0x122/0x170
[   43.287736][ T5659]  ? uprobe_clear_state+0x5f/0x260
[   43.290014][ T5659]  ? uprobe_clear_state+0x5f/0x260
[   43.293997][ T5659]  ? __lock_acquire+0x4a5/0x2630
[   43.298753][ T5659]  ? arch_uprobe_clear_state+0x107/0x150
[   43.302507][ T5659]  __mmput+0x12a/0x410
[   43.304963][ T5659]  mmput+0x67/0x80
[   43.306918][ T5659]  do_exit+0x833/0x2a60
[   43.309650][ T5659]  ? do_raw_spin_lock+0x128/0x260
[   43.312085][ T5659]  ? __pfx_do_exit+0x10/0x10
[   43.314026][ T5659]  ? do_group_exit+0x1bd/0x2a0
[   43.316444][ T5659]  ? rcu_is_watching+0x12/0xc0
[   43.319743][ T5659]  do_group_exit+0xd5/0x2a0
[   43.322530][ T5659]  __x64_sys_exit_group+0x3e/0x50
[   43.324825][ T5659]  x64_sys_call+0x102c/0x1530
[   43.326909][ T5659]  do_syscall_64+0x10b/0xf80
[   43.328943][ T5659]  ? clear_bhb_loop+0x40/0x90
[   43.331721][ T5659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.334138][ T5659] RIP: 0033:0x7f7aca2d66c5
[   43.336039][ T5659] Code: Unable to access opcode bytes at 0x7f7aca2d669b.
[   43.338810][ T5659] RSP: 002b:00007ffe56ec63f8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[   43.342137][ T5659] RAX: ffffffffffffffda RBX: 00007f7aca3d7fe8 RCX: 00007f7aca2d66c5
[   43.345323][ T5659] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
[   43.348482][ T5659] RBP: 0000000000000001 R08: 00007ffe56ec6388 R09: 0000000000000000
[   43.351621][ T5659] R10: 00007ffe56ec6220 R11: 0000000000000202 R12: 0000000000000000
[   43.354794][ T5659] R13: 0000000000000000 R14: 00007f7aca3d6680 R15: 00007f7aca3d8000
[   43.360867][ T5659]  </TASK>
[   43.362804][ T5659] Kernel Offset: disabled
[   43.364634][ T5659] Rebooting in 86400 seconds..