DUID 00:04:22:6a:1f:62:54:25:21:a9:cf:52:ab:bd:c7:70:d9:1c
forked to background, child pid 3182
[ 41.495703][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0
[ 41.514760][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts.
syzkaller login: [ 63.249879][ T3602] cgroup: Unknown subsys name 'net'
[ 63.378868][ T3602] cgroup: Unknown subsys name 'rlimit'
executing program
[ 63.539295][ T3604] ==================================================================
[ 63.547364][ T3604] BUG: KASAN: use-after-free in __lock_acquire+0x3d86/0x54a0
[ 63.554780][ T3604] Read of size 8 at addr ffff888014ddf140 by task syz-executor914/3604
[ 63.563002][ T3604]
[ 63.565308][ T3604] CPU: 1 PID: 3604 Comm: syz-executor914 Not tainted 5.16.0-rc4-syzkaller #0
[ 63.574051][ T3604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 63.584093][ T3604] Call Trace:
[ 63.587364][ T3604]
[ 63.590277][ T3604] dump_stack_lvl+0xcd/0x134
[ 63.595301][ T3604] print_address_description.constprop.0.cold+0x8d/0x320
[ 63.602320][ T3604] ? __lock_acquire+0x3d86/0x54a0
[ 63.607428][ T3604] ? __lock_acquire+0x3d86/0x54a0
[ 63.612442][ T3604] kasan_report.cold+0x83/0xdf
[ 63.617201][ T3604] ? __lock_acquire+0x3d86/0x54a0
[ 63.622218][ T3604] __lock_acquire+0x3d86/0x54a0
[ 63.627074][ T3604] ? __lock_acquire+0xbc2/0x54a0
[ 63.632089][ T3604] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 63.638058][ T3604] lock_acquire+0x1ab/0x510
[ 63.642546][ T3604] ? remove_wait_queue+0x1d/0x180
[ 63.647558][ T3604] ? lock_release+0x720/0x720
[ 63.652228][ T3604] ? lock_release+0x720/0x720
[ 63.656960][ T3604] ? _raw_spin_lock_irqsave+0x4e/0x50
[ 63.662320][ T3604] _raw_spin_lock_irqsave+0x39/0x50
[ 63.667680][ T3604] ? remove_wait_queue+0x1d/0x180
[ 63.672692][ T3604] remove_wait_queue+0x1d/0x180
[ 63.677532][ T3604] ep_remove_wait_queue+0x88/0x1a0
[ 63.682640][ T3604] ep_remove+0x106/0x9c0
[ 63.686873][ T3604] eventpoll_release_file+0xe1/0x130
[ 63.692148][ T3604] __fput+0x87b/0x9f0
[ 63.696152][ T3604] task_work_run+0xdd/0x1a0
[ 63.700687][ T3604] exit_to_user_mode_prepare+0x27e/0x290
[ 63.706458][ T3604] syscall_exit_to_user_mode+0x19/0x60
[ 63.711907][ T3604] do_syscall_64+0x42/0xb0
[ 63.716380][ T3604] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 63.722259][ T3604] RIP: 0033:0x7f42c4713ef3
[ 63.726671][ T3604] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
[ 63.746468][ T3604] RSP: 002b:00007ffcdbe5e668 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 63.754871][ T3604] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f42c4713ef3
[ 63.762829][ T3604] RDX: 000000000000002f RSI: 0000000020001340 RDI: 0000000000000004
[ 63.770915][ T3604] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffcdbe5e690
[ 63.778964][ T3604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcdbe5e68c
[ 63.786939][ T3604] R13: 00007ffcdbe5e6a0 R14: 00007ffcdbe5e6e0 R15: 0000000000000000
[ 63.794910][ T3604]
[ 63.797928][ T3604]
[ 63.800234][ T3604] Allocated by task 3604:
[ 63.804541][ T3604] kasan_save_stack+0x1e/0x50
[ 63.809215][ T3604] __kasan_kmalloc+0xa9/0xd0
[ 63.813803][ T3604] psi_trigger_create.part.0+0x15e/0x7f0
[ 63.819439][ T3604] cgroup_pressure_write+0x15d/0x6b0
[ 63.824760][ T3604] cgroup_file_write+0x1ec/0x780
[ 63.829683][ T3604] kernfs_fop_write_iter+0x342/0x500
[ 63.835159][ T3604] new_sync_write+0x429/0x660
[ 63.839826][ T3604] vfs_write+0x7cd/0xae0
[ 63.844056][ T3604] ksys_write+0x12d/0x250
[ 63.848370][ T3604] do_syscall_64+0x35/0xb0
[ 63.852775][ T3604] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 63.858660][ T3604]
[ 63.860965][ T3604] Freed by task 3604:
[ 63.864924][ T3604] kasan_save_stack+0x1e/0x50
[ 63.869610][ T3604] kasan_set_track+0x21/0x30
[ 63.874187][ T3604] kasan_set_free_info+0x20/0x30
[ 63.879113][ T3604] __kasan_slab_free+0xff/0x130
[ 63.883951][ T3604] slab_free_freelist_hook+0x8b/0x1c0
[ 63.889307][ T3604] kfree+0xf6/0x560
[ 63.893096][ T3604] cgroup_pressure_write+0x18d/0x6b0
[ 63.898373][ T3604] cgroup_file_write+0x1ec/0x780
[ 63.903466][ T3604] kernfs_fop_write_iter+0x342/0x500
[ 63.908835][ T3604] new_sync_write+0x429/0x660
[ 63.913606][ T3604] vfs_write+0x7cd/0xae0
[ 63.917921][ T3604] ksys_write+0x12d/0x250
[ 63.922236][ T3604] do_syscall_64+0x35/0xb0
[ 63.926815][ T3604] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 63.932695][ T3604]
[ 63.935002][ T3604] The buggy address belongs to the object at ffff888014ddf100
[ 63.935002][ T3604] which belongs to the cache kmalloc-192 of size 192
[ 63.949047][ T3604] The buggy address is located 64 bytes inside of
[ 63.949047][ T3604] 192-byte region [ffff888014ddf100, ffff888014ddf1c0)
[ 63.962217][ T3604] The buggy address belongs to the page:
[ 63.967828][ T3604] page:ffffea00005377c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14ddf
[ 63.977963][ T3604] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 63.985502][ T3604] raw: 00fff00000000200 ffffea0000537940 dead000000000003 ffff888010c41a00
[ 63.994070][ T3604] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 64.002629][ T3604] page dumped because: kasan: bad access detected
[ 64.009017][ T3604] page_owner tracks the page as allocated
[ 64.014709][ T3604] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2056104772, free_ts 0
[ 64.029532][ T3604] get_page_from_freelist+0xa72/0x2f50
[ 64.034983][ T3604] __alloc_pages+0x1b2/0x500
[ 64.039572][ T3604] alloc_page_interleave+0x1e/0x200
[ 64.044772][ T3604] alloc_pages+0x29f/0x300
[ 64.049172][ T3604] new_slab+0x32d/0x4a0
[ 64.053311][ T3604] ___slab_alloc+0x918/0xfe0
[ 64.057883][ T3604] __slab_alloc.constprop.0+0x4d/0xa0
[ 64.063240][ T3604] kmem_cache_alloc_trace+0x289/0x2c0
[ 64.068598][ T3604] call_usermodehelper_setup+0x97/0x340
[ 64.074136][ T3604] kobject_uevent_env+0xf73/0x1650
[ 64.079245][ T3604] param_sysfs_init+0x367/0x43b
[ 64.084097][ T3604] do_one_initcall+0x103/0x650
[ 64.088869][ T3604] kernel_init_freeable+0x6b1/0x73a
[ 64.094059][ T3604] kernel_init+0x1a/0x1d0
[ 64.098378][ T3604] ret_from_fork+0x1f/0x30
[ 64.102785][ T3604] page_owner free stack trace missing
[ 64.108134][ T3604]
[ 64.110443][ T3604] Memory state around the buggy address:
[ 64.116052][ T3604] ffff888014ddf000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 64.124100][ T3604] ffff888014ddf080: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 64.132412][ T3604] >ffff888014ddf100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 64.140460][ T3604] ^
[ 64.146607][ T3604] ffff888014ddf180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 64.154662][ T3604] ffff888014ddf200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 64.162721][ T3604] ==================================================================
[ 64.170760][ T3604] Disabling lock debugging due to kernel taint
[ 64.176890][ T3604] Kernel panic - not syncing: panic_on_warn set ...
[ 64.183483][ T3604] CPU: 1 PID: 3604 Comm: syz-executor914 Tainted: G B 5.16.0-rc4-syzkaller #0
[ 64.193626][ T3604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 64.203674][ T3604] Call Trace:
[ 64.206949][ T3604]
[ 64.209872][ T3604] dump_stack_lvl+0xcd/0x134
[ 64.214469][ T3604] panic+0x2b0/0x6dd
[ 64.218369][ T3604] ? __warn_printk+0xf3/0xf3
[ 64.222957][ T3604] ? __lock_acquire+0x3d86/0x54a0
[ 64.228148][ T3604] ? __lock_acquire+0x3d86/0x54a0
[ 64.233166][ T3604] ? __lock_acquire+0x3d86/0x54a0
[ 64.238181][ T3604] end_report.cold+0x63/0x6f
[ 64.242767][ T3604] kasan_report.cold+0x71/0xdf
[ 64.247522][ T3604] ? __lock_acquire+0x3d86/0x54a0
[ 64.252622][ T3604] __lock_acquire+0x3d86/0x54a0
[ 64.257462][ T3604] ? __lock_acquire+0xbc2/0x54a0
[ 64.262535][ T3604] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 64.268524][ T3604] lock_acquire+0x1ab/0x510
[ 64.273034][ T3604] ? remove_wait_queue+0x1d/0x180
[ 64.278057][ T3604] ? lock_release+0x720/0x720
[ 64.282746][ T3604] ? lock_release+0x720/0x720
[ 64.287419][ T3604] ? _raw_spin_lock_irqsave+0x4e/0x50
[ 64.292784][ T3604] _raw_spin_lock_irqsave+0x39/0x50
[ 64.297974][ T3604] ? remove_wait_queue+0x1d/0x180
[ 64.303058][ T3604] remove_wait_queue+0x1d/0x180
[ 64.307918][ T3604] ep_remove_wait_queue+0x88/0x1a0
[ 64.313033][ T3604] ep_remove+0x106/0x9c0
[ 64.317265][ T3604] eventpoll_release_file+0xe1/0x130
[ 64.322539][ T3604] __fput+0x87b/0x9f0
[ 64.326508][ T3604] task_work_run+0xdd/0x1a0
[ 64.331122][ T3604] exit_to_user_mode_prepare+0x27e/0x290
[ 64.336756][ T3604] syscall_exit_to_user_mode+0x19/0x60
[ 64.342219][ T3604] do_syscall_64+0x42/0xb0
[ 64.346724][ T3604] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 64.352622][ T3604] RIP: 0033:0x7f42c4713ef3
[ 64.357138][ T3604] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
[ 64.376767][ T3604] RSP: 002b:00007ffcdbe5e668 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 64.385176][ T3604] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f42c4713ef3
[ 64.393140][ T3604] RDX: 000000000000002f RSI: 0000000020001340 RDI: 0000000000000004
[ 64.401101][ T3604] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffcdbe5e690
[ 64.409066][ T3604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcdbe5e68c
[ 64.417022][ T3604] R13: 00007ffcdbe5e6a0 R14: 00007ffcdbe5e6e0 R15: 0000000000000000
[ 64.424988][ T3604]
[ 64.428240][ T3604] Kernel Offset: disabled
[ 64.432550][ T3604] Rebooting in 86400 seconds..