[   66.055938][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.074737][   T12] device veth1_macvtap left promiscuous mode
[   66.081400][   T12] device veth0_macvtap left promiscuous mode
[   66.091222][   T12] device veth1_vlan left promiscuous mode
[   66.097888][   T12] device veth0_vlan left promiscuous mode
[   66.374970][   T12] team0 (unregistering): Port device team_slave_1 removed
[   66.406183][   T12] team0 (unregistering): Port device team_slave_0 removed
[   66.423776][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   66.443559][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   66.540686][   T12] bond0 (unregistering): Released all slaves
[   81.607895][ T2489] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts.
2023/02/07 05:11:08 ignoring optional flag "sandboxArg"="0"
2023/02/07 05:11:08 parsed 1 programs
2023/02/07 05:11:08 executed programs: 0
[   84.528305][   T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.536376][   T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.545453][   T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.553934][   T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.561701][   T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   84.569493][   T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.679380][ T5545] chnl_net:caif_netlink_parms(): no params data found
[   84.721664][ T5545] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.729050][ T5545] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.737033][ T5545] device bridge_slave_0 entered promiscuous mode
[   84.745465][ T5545] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.753144][ T5545] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.761264][ T5545] device bridge_slave_1 entered promiscuous mode
[   84.785255][ T5545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.798834][ T5545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.828064][ T5545] team0: Port device team_slave_0 added
[   84.835796][ T5545] team0: Port device team_slave_1 added
[   84.855487][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.863132][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.889631][ T5545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.904121][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.911142][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.937288][ T5545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.966804][ T5545] device hsr_slave_0 entered promiscuous mode
[   84.973683][ T5545] device hsr_slave_1 entered promiscuous mode
[   85.645380][ T5545] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   85.655594][ T5545] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   85.666364][ T5545] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   85.677440][ T5545] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   85.784699][ T5545] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.802796][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   85.811498][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.823727][ T5545] 8021q: adding VLAN 0 to HW filter on device team0
[   85.837117][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   85.846071][ T5095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   85.855932][ T5095] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.863155][ T5095] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.890445][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   85.900572][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   85.912243][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   85.921314][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.928415][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.936759][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   85.945512][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   85.954936][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   85.964037][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   85.973261][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   85.982240][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   86.003990][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   86.012782][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   86.021525][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   86.030850][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   86.040348][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   86.051411][ T5545] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   86.288421][ T2489] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   86.296318][ T2489] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   86.312070][ T5545] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.338200][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   86.348173][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   86.376921][ T2489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   86.385429][ T2489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   86.396499][ T5545] device veth0_vlan entered promiscuous mode
[   86.405851][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   86.417845][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   86.429773][ T5545] device veth1_vlan entered promiscuous mode
[   86.456352][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   86.465529][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   86.474336][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   86.484248][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   86.497272][ T5545] device veth0_macvtap entered promiscuous mode
[   86.509138][ T5545] device veth1_macvtap entered promiscuous mode
[   86.528835][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.536232][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   86.545929][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   86.555010][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   86.564322][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.577643][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.589914][ T2489] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   86.599351][ T2489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.610782][ T5545] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.621266][ T5545] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.631226][ T5545] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.640960][ T5545] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.664125][   T48] Bluetooth: hci0: command 0x0409 tx timeout
[   86.736008][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.757865][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.779749][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   86.799589][   T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.807886][   T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.822845][ T5092] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   86.871195][   T27] audit: type=1804 audit(1675746671.187:2): pid=5600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir243332669/syzkaller.1Dt7uo/0/bus" dev="sda1" ino=1148 res=1 errno=0
[   86.905225][   T27] audit: type=1800 audit(1675746671.207:3): pid=5600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0
[   86.931294][ T5603] BUG: Bad rss-counter state mm:ffff88807ac59200 type:MM_ANONPAGES val:1
[   86.941016][ T5603] BUG: non-zero pgtables_bytes on freeing mm: 12288
[   87.027616][   T27] audit: type=1804 audit(1675746671.347:4): pid=5607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir243332669/syzkaller.1Dt7uo/1/bus" dev="sda1" ino=1148 res=1 errno=0
[   87.056068][   T27] audit: type=1800 audit(1675746671.367:5): pid=5607 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0
[   87.198593][   T27] audit: type=1804 audit(1675746671.517:6): pid=5614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir243332669/syzkaller.1Dt7uo/2/bus" dev="sda1" ino=1148 res=1 errno=0
[   87.239640][   T27] audit: type=1800 audit(1675746671.517:7): pid=5614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0
[   87.323169][   T27] audit: type=1804 audit(1675746671.637:8): pid=5618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir243332669/syzkaller.1Dt7uo/3/bus" dev="sda1" ino=1148 res=1 errno=0
[   87.358452][   T27] audit: type=1800 audit(1675746671.637:9): pid=5618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0
[   87.459319][   T27] audit: type=1804 audit(1675746671.777:10): pid=5623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir243332669/syzkaller.1Dt7uo/4/bus" dev="sda1" ino=1148 res=1 errno=0
[   87.488693][   T27] audit: type=1800 audit(1675746671.807:11): pid=5623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0
[   88.480038][ T5666] BUG: Bad rss-counter state mm:ffff88801bcac800 type:MM_ANONPAGES val:9
[   88.579726][ T5674] BUG: Bad rss-counter state mm:ffff8880232a5100 type:MM_ANONPAGES val:23
[   88.588816][ T5674] BUG: non-zero pgtables_bytes on freeing mm: 12288
[   88.726820][   T48] Bluetooth: hci0: command 0x041b tx timeout
[   89.168069][ T5270] page:ffffea0004ffbb00 refcount:29 mapcount:27 mapping:ffff88801b9004d8 index:0x6f pfn:0x13feec
[   89.179241][ T5270] memcg:ffff888016660000
[   89.183696][ T5270] aops:ext4_da_aops ino:1c4 dentry name:"libc-2.33.so"
[   89.190716][ T5270] flags: 0x17ff00000020036(referenced|uptodate|lru|active|mappedtodisk|node=0|zone=2|lastcpupid=0x7ff)
[   89.202499][ T5270] raw: 017ff00000020036 ffffea0004ffbac8 ffffea0004ffbb48 ffff88801b9004d8
[   89.211371][ T5270] raw: 000000000000006f 0000000000000000 0000001e0000001b ffff888016660000
[   89.220296][ T5270] page dumped because: VM_BUG_ON_PAGE(batch->nr > batch->max)
[   89.227826][ T5270] page_owner tracks the page as allocated
[   89.233879][ T5270] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 1, tgid 1 (init), ts 18496530148, free_ts 0
[   89.254815][ T5270]  get_page_from_freelist+0x11bb/0x2d50
[   89.260562][ T5270]  __alloc_pages+0x1cb/0x5c0
[   89.265209][ T5270]  alloc_pages+0x1aa/0x270
[   89.269763][ T5270]  folio_alloc+0x20/0x70
[   89.274072][ T5270]  filemap_alloc_folio+0x3ad/0x450
[   89.279516][ T5270]  page_cache_ra_unbounded+0x1ae/0x5e0
[   89.285180][ T5270]  page_cache_ra_order+0x6ec/0xa00
[   89.290433][ T5270]  ondemand_readahead+0x6b3/0x1080
[   89.295603][ T5270]  page_cache_async_ra+0x117/0x150
[   89.300843][ T5270]  filemap_get_pages+0x6c5/0x16b0
[   89.305918][ T5270]  filemap_read+0x315/0xc00
[   89.310590][ T5270]  generic_file_read_iter+0x3ad/0x5b0
[   89.316011][ T5270]  ext4_file_read_iter+0x1d9/0x690
[   89.321266][ T5270]  __kernel_read+0x2ca/0x830
[   89.325918][ T5270]  integrity_kernel_read+0x7f/0xb0
[   89.331222][ T5270]  ima_calc_file_hash_tfm+0x2aa/0x3b0
[   89.336863][ T5270] page_owner free stack trace missing
[   89.342385][ T5270] ------------[ cut here ]------------
[   89.347932][ T5270] kernel BUG at mm/mmu_gather.c:143!
[   89.353259][ T5270] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   89.359355][ T5270] CPU: 0 PID: 5270 Comm: dhcpcd Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[   89.368495][ T5270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   89.378668][ T5270] RIP: 0010:__tlb_remove_page_size+0x25b/0x480
[   89.385051][ T5270] Code: 0f 82 d6 fe ff ff e9 4e ff ff ff e8 9f 63 c1 ff 0f 0b e8 98 63 c1 ff 4c 89 f7 48 c7 c6 c0 77 58 8a 48 83 e7 fc e8 55 0b fa ff <0f> 0b e8 8e 66 10 00 e9 94 fe ff ff e8 84 66 10 00 e9 2b fe ff ff
[   89.405665][ T5270] RSP: 0018:ffffc900051bf8d8 EFLAGS: 00010293
[   89.411768][ T5270] RAX: 0000000000000000 RBX: ffffc900051bfcd8 RCX: 0000000000000000
[   89.419868][ T5270] RDX: ffff88807e671d40 RSI: ffffffff81c3071b RDI: 0000000000000000
[   89.427865][ T5270] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8e751757
[   89.429498][ T5703] page:ffffea0001bcea00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xc0 pfn:0x6f3a8
[   89.435842][ T5270] R10: fffffbfff1cea2ea R11: 0000000000000000 R12: 0000000000000001
[   89.435860][ T5270] R13: 0000000000000000 R14: ffffea0004ffbb00 R15: ffffc900051bfd00
[   89.435875][ T5270] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   89.446449][ T5703] memcg:ffff888016660000
[   89.454238][ T5270] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   89.454255][ T5270] CR2: 000055de11486680 CR3: 000000001c85d000 CR4: 00000000003506f0
[   89.454271][ T5270] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   89.454284][ T5270] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   89.454299][ T5270] Call Trace:
[   89.454304][ T5270]  <TASK>
[   89.454313][ T5270]  unmap_page_range+0x1226/0x3ce0
[   89.454351][ T5270]  ? vm_normal_page_pmd+0x5a0/0x5a0
[   89.462344][ T5703] anon flags: 0xfff000000a0014(uptodate|lru|mappedtodisk|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
[   89.471400][ T5270]  ? uprobe_munmap+0x20/0x550
[   89.471431][ T5270]  unmap_single_vma+0x194/0x2a0
[   89.475662][ T5703] raw: 00fff000000a0014 ffffea0001ba5e08 ffffea0001bcbf88 ffff888071503111
[   89.482215][ T5270]  unmap_vmas+0x234/0x380
[   89.482243][ T5270]  ? unmap_single_vma+0x2a0/0x2a0
[   89.490318][ T5703] raw: 00000000000000c0 0000000000000000 00000001ffffffff ffff888016660000
[   89.498775][ T5270]  ? find_held_lock+0x2d/0x110
[   89.498809][ T5270]  ? lock_downgrade+0x690/0x690
[   89.506816][ T5703] page dumped because: VM_BUG_ON_PAGE(batch->nr > batch->max)
[   89.510052][ T5270]  ? trace_lock_acquire+0x1f1/0x2b0
[   89.513114][ T5703] page_owner tracks the page as allocated
[   89.518124][ T5270]  exit_mmap+0x190/0x7d0
[   89.518171][ T5270]  ? do_vma_munmap+0xa0/0xa0
[   89.523359][ T5703] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5703, tgid 5703 (sed), ts 89378913814, free_ts 89372494624
[   89.534116][ T5270]  __mmput+0x128/0x4c0
[   89.534151][ T5270]  mmput+0x60/0x70
[   89.538842][ T5703]  get_page_from_freelist+0x11bb/0x2d50
[   89.543651][ T5270]  do_exit+0x9d7/0x2b60
[   89.552260][ T5703]  __alloc_pages+0x1cb/0x5c0
[   89.556568][ T5270]  ? mm_update_next_owner+0x7b0/0x7b0
[   89.561579][ T5703]  __folio_alloc+0x16/0x40
[   89.570225][ T5270]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.575417][ T5703]  vma_alloc_folio+0x155/0x880
[   89.580248][ T5270]  do_group_exit+0xd4/0x2a0
[   89.580276][ T5270]  __x64_sys_exit_group+0x3e/0x50
[   89.587835][ T5703]  __handle_mm_fault+0xf6c/0x3e60
[   89.593089][ T5270]  do_syscall_64+0x39/0xb0
[   89.598811][ T5703]  handle_mm_fault+0x1b6/0x850
[   89.603029][ T5270]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   89.607741][ T5703]  do_user_addr_fault+0x475/0x1230
[   89.625210][ T5270] RIP: 0033:0x7f91d5082309
[   89.625233][ T5270] Code: Unable to access opcode bytes at 0x7f91d50822df.
[   89.625242][ T5270] RSP: 002b:00007fff95ad3538 EFLAGS: 00000202
[   89.629335][ T5703]  exc_page_fault+0x98/0x170
[   89.633010][ T5270]  ORIG_RAX: 00000000000000e7
[   89.638547][ T5703]  asm_exc_page_fault+0x26/0x30
[   89.642695][ T5270] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f91d5082309
[   89.647278][ T5703] page last free stack trace:
[   89.652702][ T5270] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[   89.657200][ T5703]  free_pcp_prepare+0x4d0/0x910
[   89.662352][ T5270] RBP: 00007fff95ad35a8 R08: ffffffffffffff88 R09: 000055de130672c0
[   89.667295][ T5703]  free_unref_page_list+0x176/0xcd0
[   89.671764][ T5270] R10: 000000000000000b R11: 0000000000000202 R12: 0000000000000000
[   89.676822][ T5703]  release_pages+0xcb1/0x1330
[   89.681829][ T5270] R13: 00007fff95ad3b58 R14: 0000000000000003 R15: 0000000000000000
[   89.686227][ T5703]  tlb_batch_pages_flush+0xa8/0x1a0
[   89.691145][ T5270]  </TASK>
[   89.691152][ T5270] Modules linked in:
[   89.691191][ T5270] ---[ end trace 0000000000000000 ]---
[   89.697219][ T5703]  tlb_finish_mmu+0x14b/0x7e0
[   89.702305][ T5270] RIP: 0010:__tlb_remove_page_size+0x25b/0x480
[   89.706799][ T5703]  exit_mmap+0x205/0x7d0
[   89.713819][ T5270] Code: 0f 82 d6 fe ff ff e9 4e ff ff ff e8 9f 63 c1 ff 0f 0b e8 98 63 c1 ff 4c 89 f7 48 c7 c6 c0 77 58 8a 48 83 e7 fc e8 55 0b fa ff <0f> 0b e8 8e 66 10 00 e9 94 fe ff ff e8 84 66 10 00 e9 2b fe ff ff
[   89.719982][ T5703]  __mmput+0x128/0x4c0
[   89.724637][ T5270] RSP: 0018:ffffc900051bf8d8 EFLAGS: 00010293
[   89.729307][ T5703]  mmput+0x60/0x70
[   89.734131][ T5270] 
[   89.734137][ T5270] RAX: 0000000000000000 RBX: ffffc900051bfcd8 RCX: 0000000000000000
[   89.742101][ T5703]  begin_new_exec+0xf69/0x2e60
[   89.746765][ T5270] RDX: ffff88807e671d40 RSI: ffffffff81c3071b RDI: 0000000000000000
[   89.754727][ T5703]  load_elf_binary+0x801/0x4ff0
[   89.759661][ T5270] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8e751757
[   89.767628][ T5703]  bprm_execve+0x7fd/0x1b00
[   89.772903][ T5270] R10: fffffbfff1cea2ea R11: 0000000000000000 R12: 0000000000000001
[   89.780899][ T5703]  do_execveat_common+0x72c/0x8e0
[   89.785551][ T5270] R13: 0000000000000000 R14: ffffea0004ffbb00 R15: ffffc900051bfd00
[   89.793518][ T5703]  __x64_sys_execve+0x93/0xc0
[   89.798706][ T5270] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   89.801709][ T5703]  do_syscall_64+0x39/0xb0
[   89.806281][ T5270] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   89.811900][ T5703]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   89.816571][ T5270] CR2: 000055de11486680 CR3: 000000001c85d000 CR4: 00000000003506f0
[   89.822937][ T5703] ------------[ cut here ]------------
[   89.827091][ T5270] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   89.847223][ T5703] kernel BUG at mm/mmu_gather.c:143!
[   89.851651][ T5270] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   89.857723][ T5703] invalid opcode: 0000 [#2] PREEMPT SMP KASAN
[   89.861416][ T5270] Kernel panic - not syncing: Fatal exception
[   89.863726][ T5703] CPU: 1 PID: 5703 Comm: sed Tainted: G      D            6.2.0-rc6-next-20230203-syzkaller #0
[   89.871785][ T5703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   89.876622][ T5703] RIP: 0010:__tlb_remove_page_size+0x25b/0x480
[   89.884663][ T5703] Code: 0f 82 d6 fe ff ff e9 4e ff ff ff e8 9f 63 c1 ff 0f 0b e8 98 63 c1 ff 4c 89 f7 48 c7 c6 c0 77 58 8a 48 83 e7 fc e8 55 0b fa ff <0f> 0b e8 8e 66 10 00 e9 94 fe ff ff e8 84 66 10 00 e9 2b fe ff ff
[   89.889595][ T5703] RSP: 0018:ffffc900058b78d8 EFLAGS: 00010293
[   89.902046][ T5703] RAX: 0000000000000000 RBX: ffffc900058b7cd8 RCX: 0000000000000000
[   89.910017][ T5703] RDX: ffff88801e5f8000 RSI: ffffffff81c3071b RDI: ffffffff8e751750
[   89.915051][ T5703] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8e751757
[   89.923020][ T5703] R10: fffffbfff1cea2ea R11: 313030203a504952 R12: 0000000000000001
[   89.927687][ T5703] R13: 0000000000000000 R14: ffffea0001bcea00 R15: ffffc900058b7d00
[   89.936711][ T5703] FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   89.941147][ T5703] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   89.948194][ T5703] CR2: 00007f67feddb378 CR3: 0000000027fc7000 CR4: 00000000003506e0
[   89.954395][ T5703] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   89.962383][ T5703] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   89.967936][ T5703] Call Trace:
[   89.975916][ T5703]  <TASK>
[   89.981189][ T5703]  unmap_page_range+0x1226/0x3ce0
[   89.989311][ T5703]  ? vm_normal_page_pmd+0x5a0/0x5a0
[   89.995375][ T5703]  ? uprobe_munmap+0x20/0x550
[   90.001540][ T5703]  unmap_single_vma+0x194/0x2a0
[   90.011948][ T5703]  unmap_vmas+0x234/0x380
[   90.022274][ T5703]  ? unmap_single_vma+0x2a0/0x2a0
[   90.028526][ T5703]  ? folio_batch_move_lru+0x2b7/0x440
[   90.048589][ T5703]  ? perf_trace_mm_lru_insertion+0xae0/0xae0
[   90.054692][ T5703]  ? lock_downgrade+0x690/0x690
[   90.062759][ T5703]  ? trace_lock_acquire+0x1d1/0x2b0
[   90.070749][ T5703]  exit_mmap+0x190/0x7d0
[   90.078736][ T5703]  ? do_vma_munmap+0xa0/0xa0
[   90.086731][ T5703]  __mmput+0x128/0x4c0
[   90.094709][ T5703]  mmput+0x60/0x70
[   90.103725][ T5703]  do_exit+0x9d7/0x2b60
[   90.110349][ T5703]  ? lock_release+0x593/0x780
[   90.118440][ T5703]  ? lock_downgrade+0x690/0x690
[   90.126503][ T5703]  ? do_raw_spin_lock+0x124/0x2b0
[   90.134665][ T5703]  ? mm_update_next_owner+0x7b0/0x7b0
[   90.137949][ T5703]  ? spin_bug+0x1c0/0x1c0
[   90.140926][ T5703]  ? lock_acquire+0x32/0xc0
[   90.145950][ T5703]  ? do_group_exit+0x146/0x2a0
[   90.151149][ T5703]  do_group_exit+0xd4/0x2a0
[   90.155826][ T5703]  __x64_sys_exit_group+0x3e/0x50
[   90.160672][ T5703]  do_syscall_64+0x39/0xb0
[   90.165031][ T5703]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   90.170076][ T5703] RIP: 0033:0x7f78b1ba5309
[   90.175457][ T5703] Code: Unable to access opcode bytes at 0x7f78b1ba52df.
[   90.181435][ T5703] RSP: 002b:00007ffecddbf0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   90.191542][ T5703] RAX: ffffffffffffffda RBX: 00007f78b1c93780 RCX: 00007f78b1ba5309
[   90.195778][ T5703] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[   90.200703][ T5703] RBP: 0000000000000000 R08: ffffffffffffff88 R09: 0000000000000001
[   90.204758][ T5703] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f78b1c93780
[   90.208469][ T5703] R13: 0000000000000001 R14: 00007f78b1c98c88 R15: 0000000000000000
[   90.212625][ T5703]  </TASK>
[   90.217290][ T5703] Modules linked in:
[   90.233059][ T5270] Kernel Offset: disabled
[   90.338652][ T5270] Rebooting in 86400 seconds..