[   86.172060][   T40] audit: type=1400 audit(1767569305.565:116): avc:  denied  { transition } for  pid=6135 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   86.182425][   T40] audit: type=1400 audit(1767569305.565:117): avc:  denied  { noatsecure } for  pid=6135 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   86.191115][   T40] audit: type=1400 audit(1767569305.575:118): avc:  denied  { rlimitinh } for  pid=6135 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   86.199904][   T40] audit: type=1400 audit(1767569305.575:119): avc:  denied  { siginh } for  pid=6135 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   92.089836][  T940] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:2837' (ED25519) to the list of known hosts.
2026/01/04 23:28:33 parsed 1 programs
[   94.293787][   T40] audit: type=1400 audit(1767569313.695:120): avc:  denied  { node_bind } for  pid=6168 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   96.481424][   T40] audit: type=1400 audit(1767569315.875:121): avc:  denied  { read write } for  pid=6185 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   96.492143][   T40] audit: type=1400 audit(1767569315.875:122): avc:  denied  { open } for  pid=6185 comm="syz-executor" path="/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   96.526123][   T40] audit: type=1400 audit(1767569315.925:123): avc:  denied  { unlink } for  pid=6185 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[   96.887551][   T40] audit: type=1400 audit(1767569316.285:124): avc:  denied  { relabelto } for  pid=6188 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   97.599621][ T6185] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   99.872431][ T6206] chnl_net:caif_netlink_parms(): no params data found
[   99.998057][ T6206] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.001185][ T6206] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.005098][ T6206] bridge_slave_0: entered allmulticast mode
[  100.009229][ T6206] bridge_slave_0: entered promiscuous mode
[  100.014869][ T6206] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.017608][ T6206] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.020293][ T6206] bridge_slave_1: entered allmulticast mode
[  100.024743][ T6206] bridge_slave_1: entered promiscuous mode
[  100.052684][ T6206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.060852][ T6206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.087135][ T6206] team0: Port device team_slave_0 added
[  100.095157][ T6206] team0: Port device team_slave_1 added
[  100.113516][ T6206] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.115910][ T6206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.124257][ T6206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.129426][ T6206] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.131908][ T6206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.140840][ T6206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.174480][ T6206] hsr_slave_0: entered promiscuous mode
[  100.177275][ T6206] hsr_slave_1: entered promiscuous mode
[  100.670534][ T6206] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.678824][ T6206] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.685639][ T6206] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.693585][ T6206] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.722777][ T6206] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.725816][ T6206] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.728791][ T6206] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.731513][ T6206] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.771978][ T6206] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.784934][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.789765][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.804902][ T6206] 8021q: adding VLAN 0 to HW filter on device team0
[  100.813909][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.816899][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.827571][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.830262][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.892097][   T40] audit: type=1400 audit(1767569320.285:125): avc:  denied  { sys_module } for  pid=6206 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  100.993312][ T6206] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.036855][ T6206] veth0_vlan: entered promiscuous mode
[  101.043802][ T6206] veth1_vlan: entered promiscuous mode
[  101.062348][ T6206] veth0_macvtap: entered promiscuous mode
[  101.067458][ T6206] veth1_macvtap: entered promiscuous mode
[  101.077660][ T6206] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.090586][ T6206] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.105528][ T1179] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.109586][ T1179] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.114616][ T1179] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.118043][ T1179] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.229139][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.327222][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.404813][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.520083][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.814614][   T40] audit: type=1401 audit(1767569321.205:126): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[  102.293517][   T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.298266][   T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.301689][   T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.307350][   T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.311079][   T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.851818][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.855058][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.866122][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.869579][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/01/04 23:28:42 executed programs: 0
[  103.269855][ T5291] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.274089][ T5291] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  103.277513][ T5291] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  103.281953][ T5291] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  103.285639][ T5291] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.406710][ T6349] chnl_net:caif_netlink_parms(): no params data found
[  103.465376][ T6349] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.468311][ T6349] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.471056][ T6349] bridge_slave_0: entered allmulticast mode
[  103.474787][ T6349] bridge_slave_0: entered promiscuous mode
[  103.479278][ T6349] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.482282][ T6349] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.485180][ T6349] bridge_slave_1: entered allmulticast mode
[  103.488947][ T6349] bridge_slave_1: entered promiscuous mode
[  103.510913][ T6349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.516677][ T6349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.538852][ T6349] team0: Port device team_slave_0 added
[  103.543251][ T6349] team0: Port device team_slave_1 added
[  103.558704][ T6349] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.560983][ T6349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.570066][ T6349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.578229][ T6349] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.580521][ T6349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.589942][ T6349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.620632][ T6349] hsr_slave_0: entered promiscuous mode
[  103.623683][ T6349] hsr_slave_1: entered promiscuous mode
[  103.626275][ T6349] debugfs: 'hsr0' already exists in 'hsr'
[  103.628267][ T6349] Cannot create hsr debugfs directory
[  104.485067][   T13] bridge_slave_1: left allmulticast mode
[  104.487109][   T13] bridge_slave_1: left promiscuous mode
[  104.489069][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.493947][   T13] bridge_slave_0: left allmulticast mode
[  104.495756][   T13] bridge_slave_0: left promiscuous mode
[  104.498110][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.767724][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  104.772350][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.776632][   T13] bond0 (unregistering): Released all slaves
[  104.898539][   T13] hsr_slave_0: left promiscuous mode
[  104.901437][   T13] hsr_slave_1: left promiscuous mode
[  104.904834][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.907275][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.910269][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.914071][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.925354][   T13] veth1_macvtap: left promiscuous mode
[  104.927251][   T13] veth0_macvtap: left promiscuous mode
[  104.929189][   T13] veth1_vlan: left promiscuous mode
[  104.931208][   T13] veth0_vlan: left promiscuous mode
[  105.249056][   T13] team0 (unregistering): Port device team_slave_1 removed
[  105.270618][   T13] team0 (unregistering): Port device team_slave_0 removed
[  105.365512][ T5291] Bluetooth: hci0: command tx timeout
[  105.973257][ T6349] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.979912][ T6349] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.988958][ T6349] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.996228][ T6349] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.066587][ T6349] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.080165][ T6349] 8021q: adding VLAN 0 to HW filter on device team0
[  106.088038][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.091446][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.100934][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.104395][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.511653][ T6349] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.607223][ T6349] veth0_vlan: entered promiscuous mode
[  106.624073][ T6349] veth1_vlan: entered promiscuous mode
[  106.647481][ T6349] veth0_macvtap: entered promiscuous mode
[  106.652046][ T6349] veth1_macvtap: entered promiscuous mode
[  106.691659][ T6349] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.701471][ T6349] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.711878][ T1179] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.715806][ T1179] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.719525][ T1179] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.722853][  T216] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.820876][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.823773][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.845901][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.848592][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.887377][   T40] audit: type=1400 audit(1767569326.285:127): avc:  denied  { prog_load } for  pid=6396 comm="syz.0.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  106.911790][   T40] audit: type=1400 audit(1767569326.285:128): avc:  denied  { bpf } for  pid=6396 comm="syz.0.17" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  106.922341][   T40] audit: type=1400 audit(1767569326.285:129): avc:  denied  { perfmon } for  pid=6396 comm="syz.0.17" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  106.931846][   T40] audit: type=1400 audit(1767569326.295:130): avc:  denied  { prog_run } for  pid=6396 comm="syz.0.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  106.945688][   T40] audit: type=1400 audit(1767569326.325:131): avc:  denied  { read append } for  pid=6396 comm="syz.0.17" name="comedi3" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  106.958423][   T40] audit: type=1400 audit(1767569326.325:132): avc:  denied  { open } for  pid=6396 comm="syz.0.17" path="/dev/comedi3" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  106.968448][   T40] audit: type=1400 audit(1767569326.325:133): avc:  denied  { map } for  pid=6396 comm="syz.0.17" path="/dev/comedi3" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  106.994235][ T6400] page: refcount:2 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x42b0a
[  106.998285][ T6400] memcg:ffff888100068d40
[  107.000042][ T6400] anon flags: 0xfff0800002090c(referenced|uptodate|active|owner_2|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
[  107.005524][ T6400] raw: 00fff0800002090c 0000000000000000 dead000000000122 ffff88802bf64221
[  107.009579][ T6400] raw: 0000000000000000 0000000000000000 0000000200000000 ffff888100068d40
[  107.012857][ T6400] page dumped because: VM_WARN_ON_FOLIO(atomic_read(&anon_vma->refcount) == 0)
[  107.016478][ T6400] page_owner tracks the page as allocated
[  107.019344][ T6400] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 6401, tgid 6399 (syz.0.18), ts 106993191011, free_ts 106961867734
[  107.027298][ T6400]  post_alloc_hook+0x1af/0x220
[  107.029341][   T40] audit: type=1400 audit(1767569326.425:134): avc:  denied  { read } for  pid=5323 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  107.029605][ T6400]  get_page_from_freelist+0xd0b/0x31a0
[  107.038278][   T40] audit: type=1400 audit(1767569326.425:135): avc:  denied  { search } for  pid=5323 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  107.040530][ T6400]  __alloc_frozen_pages_noprof+0x25f/0x2430
[  107.040563][ T6400]  alloc_pages_mpol+0x1fb/0x550
[  107.049049][   T40] audit: type=1400 audit(1767569326.425:136): avc:  denied  { search } for  pid=5323 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  107.050707][ T6400]  folio_alloc_mpol_noprof+0x36/0x2f0
[  107.050745][ T6400]  vma_alloc_folio_noprof+0xed/0x1e0
[  107.066441][ T6400]  do_fault+0x219/0x1ad0
[  107.068244][ T6400]  __handle_mm_fault+0x1919/0x2bb0
[  107.070432][ T6400]  handle_mm_fault+0x3fe/0xad0
[  107.072437][ T6400]  __get_user_pages+0x54e/0x3590
[  107.074867][ T6400]  get_user_pages_remote+0x243/0xab0
[  107.077097][ T6400]  uprobe_write+0x22b/0x23b0
[  107.079081][ T6400]  uprobe_write_opcode+0x99/0x1a0
[  107.081375][ T6400]  set_swbp+0x112/0x200
[  107.083495][ T6400]  install_breakpoint+0x14b/0xa20
[  107.085945][ T6400]  uprobe_mmap+0x512/0x10e0
[  107.087782][ T6400] page last free pid 6349 tgid 6349 stack trace:
[  107.090318][ T6400]  free_unref_folios+0xa22/0x1610
[  107.092306][ T6400]  folios_put_refs+0x4be/0x750
[  107.094585][ T6400]  folio_batch_move_lru+0x278/0x3a0
[  107.096571][ T6400]  lru_add_drain_cpu+0x521/0x800
[  107.098215][ T6400]  lru_add_drain+0x109/0x430
[  107.100158][ T6400]  __folio_batch_release+0x68/0xb0
[  107.102354][ T6400]  shmem_undo_range+0x58f/0x1140
[  107.104667][ T6400]  shmem_evict_inode+0x39e/0xbe0
[  107.106996][ T6400]  evict+0x3c2/0xad0
[  107.108725][ T6400]  iput.part.0+0x621/0x1190
[  107.110430][ T6400]  iput+0x35/0x40
[  107.111612][ T6400]  do_unlinkat+0x3d2/0x660
[  107.113199][ T6400]  __x64_sys_unlink+0xc5/0x110
[  107.115151][ T6400]  do_syscall_64+0xcd/0xf80
[  107.116601][ T6400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.119024][ T6400] ------------[ cut here ]------------
[  107.121248][ T6400] WARNING: ./include/linux/rmap.h:462 at folio_remove_rmap_ptes+0xc27/0xfb0, CPU#3: syz.0.18/6400
[  107.126043][ T6400] Modules linked in:
[  107.128220][ T6400] CPU: 3 UID: 0 PID: 6400 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) 
[  107.132447][ T6400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.137240][ T6400] RIP: 0010:folio_remove_rmap_ptes+0xc27/0xfb0
[  107.139853][ T6400] Code: 00 e9 49 f4 ff ff e8 58 39 aa ff e8 53 57 17 ff e9 98 fc ff ff e8 49 39 aa ff 48 c7 c6 40 b8 9c 8b 4c 89 e7 e8 aa 13 f5 ff 90 <0f> 0b 90 e9 5a f6 ff ff e8 2c 39 aa ff 48 8b 54 24 10 48 b8 00 00
[  107.148379][ T6400] RSP: 0018:ffffc900036f7260 EFLAGS: 00010293
[  107.151008][ T6400] RAX: 0000000000000000 RBX: ffffea00010ac280 RCX: ffffc900036f7144
[  107.154595][ T6400] RDX: ffff888028c98000 RSI: ffffffff8214af76 RDI: ffff888028c98484
[  107.157896][ T6400] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  107.161464][ T6400] R10: 0000000000000001 R11: ffff888028c98b30 R12: ffffea00010ac280
[  107.165389][ T6400] R13: ffff88803c8528c0 R14: 0000000000000000 R15: ffff88802bf64220
[  107.168588][ T6400] FS:  00007f9cc5f666c0(0000) GS:ffff8880d6bf5000(0000) knlGS:0000000000000000
[  107.171995][ T6400] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  107.174964][ T6400] CR2: 00007f9cc5f65f98 CR3: 0000000030f53000 CR4: 0000000000352ef0
[  107.177670][ T6400] Call Trace:
[  107.179141][ T6400]  <TASK>
[  107.180455][ T6400]  unmap_page_range+0x1b7d/0x43c0
[  107.182416][ T6400]  ? __pfx_unmap_page_range+0x10/0x10
[  107.185057][ T6400]  ? uprobe_munmap+0x437/0x600
[  107.187048][ T6400]  ? uprobe_munmap+0x46c/0x600
[  107.188862][ T6400]  unmap_single_vma+0x153/0x240
[  107.191097][ T6400]  unmap_vmas+0x218/0x470
[  107.193156][ T6400]  ? __pfx_unmap_vmas+0x10/0x10
[  107.194876][ T6400]  ? mas_prev_slot+0x1a10/0x1a20
[  107.196582][ T6400]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  107.199007][ T6400]  ? mas_update_gap+0x309/0x4f0
[  107.201201][ T6400]  vms_clear_ptes+0x419/0x790
[  107.203363][ T6400]  ? __pfx_vms_clear_ptes+0x10/0x10
[  107.205764][ T6400]  ? __pfx_mas_store_gfp+0x10/0x10
[  107.208164][ T6400]  ? do_syscall_64+0xcd/0xf80
[  107.210172][ T6400]  vms_complete_munmap_vmas+0x1ca/0x970
[  107.212259][ T6400]  do_vmi_align_munmap+0x446/0x7e0
[  107.214263][ T6400]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  107.216113][ T6400]  do_vmi_munmap+0x204/0x3e0
[  107.217893][ T6400]  do_munmap+0xb6/0xf0
[  107.219389][ T6400]  ? __pfx_do_munmap+0x10/0x10
[  107.221407][ T6400]  ? mas_walk+0x6f5/0x980
[  107.223309][ T6400]  mremap_to+0x236/0x450
[  107.225079][ T6400]  do_mremap+0x13a8/0x2020
[  107.226981][ T6400]  ? futex_private_hash_put+0xd0/0x1b0
[  107.229406][ T6400]  ? __pfx_do_mremap+0x10/0x10
[  107.231679][ T6400]  __do_sys_mremap+0x119/0x170
[  107.233941][ T6400]  ? __pfx___do_sys_mremap+0x10/0x10
[  107.236345][ T6400]  ? __x64_sys_futex+0x1e0/0x4c0
[  107.238919][ T6400]  do_syscall_64+0xcd/0xf80
[  107.241181][ T6400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.243791][ T6400] RIP: 0033:0x7f9cc518f7c9
[  107.246053][ T6400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.254610][ T6400] RSP: 002b:00007f9cc5f66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  107.258043][ T6400] RAX: ffffffffffffffda RBX: 00007f9cc53e5fa0 RCX: 00007f9cc518f7c9
[  107.261328][ T6400] RDX: 0000000000004000 RSI: 0000000000004000 RDI: 0000200000ffc000
[  107.264846][ T6400] RBP: 00007f9cc5213f91 R08: 0000200000002000 R09: 0000000000000000
[  107.267720][ T6400] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000
[  107.270903][ T6400] R13: 00007f9cc53e6038 R14: 00007f9cc53e5fa0 R15: 00007fff9d804f18
[  107.274253][ T6400]  </TASK>
[  107.275602][ T6400] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  107.278636][ T6400] CPU: 3 UID: 0 PID: 6400 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) 
[  107.282585][ T6400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.287173][ T6400] Call Trace:
[  107.288818][ T6400]  <TASK>
[  107.290288][ T6400]  dump_stack_lvl+0x3d/0x1f0
[  107.292497][ T6400]  vpanic+0x640/0x6f0
[  107.294277][ T6400]  ? folio_remove_rmap_ptes+0xc27/0xfb0
[  107.296336][ T6400]  panic+0xca/0xd0
[  107.297848][ T6400]  ? __pfx_panic+0x10/0x10
[  107.299774][ T6400]  ? check_panic_on_warn+0x1f/0xb0
[  107.301971][ T6400]  check_panic_on_warn+0xab/0xb0
[  107.304096][ T6400]  __warn+0x108/0x3c0
[  107.305828][ T6400]  __report_bug+0x2a0/0x520
[  107.307726][ T6400]  ? folio_remove_rmap_ptes+0xc27/0xfb0
[  107.310018][ T6400]  ? __pfx___report_bug+0x10/0x10
[  107.312185][ T6400]  ? _printk+0xc7/0x100
[  107.314085][ T6400]  ? __pfx__printk+0x10/0x10
[  107.316281][ T6400]  ? __pfx__printk+0x10/0x10
[  107.318386][ T6400]  ? find_held_lock+0x2b/0x80
[  107.320417][ T6400]  ? folio_remove_rmap_ptes+0xc27/0xfb0
[  107.322695][ T6400]  report_bug+0xb2/0x220
[  107.324592][ T6400]  ? folio_remove_rmap_ptes+0xc27/0xfb0
[  107.326987][ T6400]  handle_bug+0x127/0x260
[  107.328837][ T6400]  exc_invalid_op+0x17/0x50
[  107.330917][ T6400]  asm_exc_invalid_op+0x1a/0x20
[  107.333166][ T6400] RIP: 0010:folio_remove_rmap_ptes+0xc27/0xfb0
[  107.336017][ T6400] Code: 00 e9 49 f4 ff ff e8 58 39 aa ff e8 53 57 17 ff e9 98 fc ff ff e8 49 39 aa ff 48 c7 c6 40 b8 9c 8b 4c 89 e7 e8 aa 13 f5 ff 90 <0f> 0b 90 e9 5a f6 ff ff e8 2c 39 aa ff 48 8b 54 24 10 48 b8 00 00
[  107.344435][ T6400] RSP: 0018:ffffc900036f7260 EFLAGS: 00010293
[  107.346988][ T6400] RAX: 0000000000000000 RBX: ffffea00010ac280 RCX: ffffc900036f7144
[  107.350294][ T6400] RDX: ffff888028c98000 RSI: ffffffff8214af76 RDI: ffff888028c98484
[  107.353650][ T6400] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  107.356978][ T6400] R10: 0000000000000001 R11: ffff888028c98b30 R12: ffffea00010ac280
[  107.360229][ T6400] R13: ffff88803c8528c0 R14: 0000000000000000 R15: ffff88802bf64220
[  107.364050][ T6400]  ? folio_remove_rmap_ptes+0xc26/0xfb0
[  107.366574][ T6400]  unmap_page_range+0x1b7d/0x43c0
[  107.368919][ T6400]  ? __pfx_unmap_page_range+0x10/0x10
[  107.371789][ T6400]  ? uprobe_munmap+0x437/0x600
[  107.374174][ T6400]  ? uprobe_munmap+0x46c/0x600
[  107.376224][ T6400]  unmap_single_vma+0x153/0x240
[  107.378391][ T6400]  unmap_vmas+0x218/0x470
[  107.380166][ T6400]  ? __pfx_unmap_vmas+0x10/0x10
[  107.382154][ T6400]  ? mas_prev_slot+0x1a10/0x1a20
[  107.384204][ T6400]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  107.386665][ T6400]  ? mas_update_gap+0x309/0x4f0
[  107.388697][ T6400]  vms_clear_ptes+0x419/0x790
[  107.390672][ T6400]  ? __pfx_vms_clear_ptes+0x10/0x10
[  107.392927][ T6400]  ? __pfx_mas_store_gfp+0x10/0x10
[  107.395335][ T6400]  ? do_syscall_64+0xcd/0xf80
[  107.397440][ T6400]  vms_complete_munmap_vmas+0x1ca/0x970
[  107.399761][ T6400]  do_vmi_align_munmap+0x446/0x7e0
[  107.401946][ T6400]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  107.404534][ T6400]  do_vmi_munmap+0x204/0x3e0
[  107.406640][ T6400]  do_munmap+0xb6/0xf0
[  107.408478][ T6400]  ? __pfx_do_munmap+0x10/0x10
[  107.410979][ T6400]  ? mas_walk+0x6f5/0x980
[  107.413047][ T6400]  mremap_to+0x236/0x450
[  107.414984][ T6400]  do_mremap+0x13a8/0x2020
[  107.416916][ T6400]  ? futex_private_hash_put+0xd0/0x1b0
[  107.419200][ T6400]  ? __pfx_do_mremap+0x10/0x10
[  107.421262][ T6400]  __do_sys_mremap+0x119/0x170
[  107.423324][ T6400]  ? __pfx___do_sys_mremap+0x10/0x10
[  107.425674][ T6400]  ? __x64_sys_futex+0x1e0/0x4c0
[  107.427582][ T6400]  do_syscall_64+0xcd/0xf80
[  107.429363][ T6400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.431896][ T6400] RIP: 0033:0x7f9cc518f7c9
[  107.433827][ T6400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.441828][ T6400] RSP: 002b:00007f9cc5f66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  107.445425][ T6400] RAX: ffffffffffffffda RBX: 00007f9cc53e5fa0 RCX: 00007f9cc518f7c9
[  107.448915][ T6400] RDX: 0000000000004000 RSI: 0000000000004000 RDI: 0000200000ffc000
[  107.452381][ T6400] RBP: 00007f9cc5213f91 R08: 0000200000002000 R09: 0000000000000000
[  107.455556][ T6400] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000
[  107.458281][ T6400] R13: 00007f9cc53e6038 R14: 00007f9cc53e5fa0 R15: 00007fff9d804f18
[  107.461554][ T6400]  </TASK>
[  107.463679][ T6400] Kernel Offset: disabled
[  107.465676][ T6400] Rebooting in 86400 seconds..