DUID 00:04:83:15:3d:b3:f9:44:11:d6:e6:e1:d9:1f:49:4d:f4:66
forked to background, child pid 3181
[   42.347711][ T3182] 8021q: adding VLAN 0 to HW filter on device bond0
[   42.381447][ T3182] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.72' (ECDSA) to the list of known hosts.
syzkaller login: [   64.068887][ T3597] cgroup: Unknown subsys name 'net'
[   64.169401][ T3597] cgroup: Unknown subsys name 'rlimit'
executing program
[   64.330983][ T3599] ==================================================================
[   64.339168][ T3599] BUG: KASAN: use-after-free in __lock_acquire+0x3d86/0x54a0
[   64.346550][ T3599] Read of size 8 at addr ffff888011a36840 by task syz-executor048/3599
[   64.354785][ T3599] 
[   64.357162][ T3599] CPU: 0 PID: 3599 Comm: syz-executor048 Not tainted 5.16.0-rc5-syzkaller #0
[   64.365914][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.375975][ T3599] Call Trace:
[   64.379256][ T3599]  <TASK>
[   64.382183][ T3599]  dump_stack_lvl+0xcd/0x134
[   64.386792][ T3599]  print_address_description.constprop.0.cold+0x8d/0x320
[   64.393819][ T3599]  ? __lock_acquire+0x3d86/0x54a0
[   64.398843][ T3599]  ? __lock_acquire+0x3d86/0x54a0
[   64.403869][ T3599]  kasan_report.cold+0x83/0xdf
[   64.408643][ T3599]  ? __lock_acquire+0x3d86/0x54a0
[   64.413671][ T3599]  __lock_acquire+0x3d86/0x54a0
[   64.418527][ T3599]  ? __lock_acquire+0xbc2/0x54a0
[   64.423479][ T3599]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   64.429484][ T3599]  lock_acquire+0x1ab/0x510
[   64.434028][ T3599]  ? remove_wait_queue+0x1d/0x180
[   64.439072][ T3599]  ? lock_release+0x720/0x720
[   64.443769][ T3599]  ? lock_release+0x720/0x720
[   64.448448][ T3599]  ? _raw_spin_lock_irqsave+0x4e/0x50
[   64.453826][ T3599]  _raw_spin_lock_irqsave+0x39/0x50
[   64.459029][ T3599]  ? remove_wait_queue+0x1d/0x180
[   64.464056][ T3599]  remove_wait_queue+0x1d/0x180
[   64.468912][ T3599]  ep_remove_wait_queue+0x88/0x1a0
[   64.474027][ T3599]  ep_remove+0x106/0x9c0
[   64.478276][ T3599]  eventpoll_release_file+0xe1/0x130
[   64.483566][ T3599]  __fput+0x87b/0x9f0
[   64.487550][ T3599]  task_work_run+0xdd/0x1a0
[   64.492059][ T3599]  exit_to_user_mode_prepare+0x27e/0x290
[   64.497693][ T3599]  syscall_exit_to_user_mode+0x19/0x60
[   64.503158][ T3599]  do_syscall_64+0x42/0xb0
[   64.507581][ T3599]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   64.513480][ T3599] RIP: 0033:0x7fe98399eef3
[   64.517892][ T3599] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
[   64.537515][ T3599] RSP: 002b:00007ffe94b8f958 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   64.545948][ T3599] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007fe98399eef3
[   64.553915][ T3599] RDX: 000000000000002f RSI: 0000000020001340 RDI: 0000000000000004
[   64.562018][ T3599] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffe94b8f980
[   64.570264][ T3599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe94b8f97c
[   64.578237][ T3599] R13: 00007ffe94b8f990 R14: 00007ffe94b8f9d0 R15: 0000000000000000
[   64.586214][ T3599]  </TASK>
[   64.589226][ T3599] 
[   64.591628][ T3599] Allocated by task 3599:
[   64.595941][ T3599]  kasan_save_stack+0x1e/0x50
[   64.600621][ T3599]  __kasan_kmalloc+0xa9/0xd0
[   64.605206][ T3599]  psi_trigger_create.part.0+0x15e/0x7f0
[   64.610841][ T3599]  cgroup_pressure_write+0x15d/0x6b0
[   64.616127][ T3599]  cgroup_file_write+0x1ec/0x780
[   64.621064][ T3599]  kernfs_fop_write_iter+0x342/0x500
[   64.626350][ T3599]  new_sync_write+0x429/0x660
[   64.631030][ T3599]  vfs_write+0x7cd/0xae0
[   64.635273][ T3599]  ksys_write+0x12d/0x250
[   64.639600][ T3599]  do_syscall_64+0x35/0xb0
[   64.644019][ T3599]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   64.650136][ T3599] 
[   64.652453][ T3599] Freed by task 3599:
[   64.656423][ T3599]  kasan_save_stack+0x1e/0x50
[   64.661115][ T3599]  kasan_set_track+0x21/0x30
[   64.665701][ T3599]  kasan_set_free_info+0x20/0x30
[   64.670639][ T3599]  __kasan_slab_free+0xff/0x130
[   64.675488][ T3599]  slab_free_freelist_hook+0x8b/0x1c0
[   64.682159][ T3599]  kfree+0xf6/0x560
[   64.685963][ T3599]  cgroup_pressure_write+0x18d/0x6b0
[   64.691244][ T3599]  cgroup_file_write+0x1ec/0x780
[   64.696176][ T3599]  kernfs_fop_write_iter+0x342/0x500
[   64.701465][ T3599]  new_sync_write+0x429/0x660
[   64.706142][ T3599]  vfs_write+0x7cd/0xae0
[   64.710381][ T3599]  ksys_write+0x12d/0x250
[   64.714717][ T3599]  do_syscall_64+0x35/0xb0
[   64.719146][ T3599]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   64.725045][ T3599] 
[   64.727364][ T3599] The buggy address belongs to the object at ffff888011a36800
[   64.727364][ T3599]  which belongs to the cache kmalloc-192 of size 192
[   64.741411][ T3599] The buggy address is located 64 bytes inside of
[   64.741411][ T3599]  192-byte region [ffff888011a36800, ffff888011a368c0)
[   64.754590][ T3599] The buggy address belongs to the page:
[   64.760202][ T3599] page:ffffea0000468d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a36
[   64.770346][ T3599] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   64.777893][ T3599] raw: 00fff00000000200 0000000000000000 dead000000000001 ffff888010c41a00
[   64.786479][ T3599] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   64.795050][ T3599] page dumped because: kasan: bad access detected
[   64.801455][ T3599] page_owner tracks the page as allocated
[   64.807240][ T3599] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(), pid 1, ts 1906309021, free_ts 0
[   64.818514][ T3599]  register_early_stack+0x66/0xb0
[   64.823549][ T3599]  init_page_owner+0x4e/0x920
[   64.828246][ T3599]  page_ext_init+0x4c9/0x4dc
[   64.832847][ T3599]  kernel_init_freeable+0x48b/0x73a
[   64.838079][ T3599] page_owner free stack trace missing
[   64.843456][ T3599] 
[   64.845780][ T3599] Memory state around the buggy address:
[   64.851403][ T3599]  ffff888011a36700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.859464][ T3599]  ffff888011a36780: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.867517][ T3599] >ffff888011a36800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.875566][ T3599]                                            ^
[   64.881720][ T3599]  ffff888011a36880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   64.889801][ T3599]  ffff888011a36900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.899414][ T3599] ==================================================================
[   64.907461][ T3599] Disabling lock debugging due to kernel taint
[   64.913599][ T3599] Kernel panic - not syncing: panic_on_warn set ...
[   64.920173][ T3599] CPU: 0 PID: 3599 Comm: syz-executor048 Tainted: G    B             5.16.0-rc5-syzkaller #0
[   64.930408][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.940811][ T3599] Call Trace:
[   64.944086][ T3599]  <TASK>
[   64.947066][ T3599]  dump_stack_lvl+0xcd/0x134
[   64.951659][ T3599]  panic+0x2b0/0x6dd
[   64.955574][ T3599]  ? __warn_printk+0xf3/0xf3
[   64.960165][ T3599]  ? __lock_acquire+0x3d86/0x54a0
[   64.965190][ T3599]  ? __lock_acquire+0x3d86/0x54a0
[   64.970236][ T3599]  ? __lock_acquire+0x3d86/0x54a0
[   64.975260][ T3599]  end_report.cold+0x63/0x6f
[   64.979851][ T3599]  kasan_report.cold+0x71/0xdf
[   64.984622][ T3599]  ? __lock_acquire+0x3d86/0x54a0
[   64.989646][ T3599]  __lock_acquire+0x3d86/0x54a0
[   64.994586][ T3599]  ? __lock_acquire+0xbc2/0x54a0
[   64.999523][ T3599]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   65.005513][ T3599]  lock_acquire+0x1ab/0x510
[   65.010014][ T3599]  ? remove_wait_queue+0x1d/0x180
[   65.015037][ T3599]  ? lock_release+0x720/0x720
[   65.019716][ T3599]  ? lock_release+0x720/0x720
[   65.024389][ T3599]  ? _raw_spin_lock_irqsave+0x4e/0x50
[   65.029770][ T3599]  _raw_spin_lock_irqsave+0x39/0x50
[   65.034970][ T3599]  ? remove_wait_queue+0x1d/0x180
[   65.039994][ T3599]  remove_wait_queue+0x1d/0x180
[   65.044848][ T3599]  ep_remove_wait_queue+0x88/0x1a0
[   65.049963][ T3599]  ep_remove+0x106/0x9c0
[   65.054207][ T3599]  eventpoll_release_file+0xe1/0x130
[   65.059499][ T3599]  __fput+0x87b/0x9f0
[   65.063482][ T3599]  task_work_run+0xdd/0x1a0
[   65.067991][ T3599]  exit_to_user_mode_prepare+0x27e/0x290
[   65.073717][ T3599]  syscall_exit_to_user_mode+0x19/0x60
[   65.079177][ T3599]  do_syscall_64+0x42/0xb0
[   65.083596][ T3599]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   65.089490][ T3599] RIP: 0033:0x7fe98399eef3
[   65.093906][ T3599] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
[   65.113511][ T3599] RSP: 002b:00007ffe94b8f958 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   65.121922][ T3599] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007fe98399eef3
[   65.129891][ T3599] RDX: 000000000000002f RSI: 0000000020001340 RDI: 0000000000000004
[   65.137855][ T3599] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffe94b8f980
[   65.145822][ T3599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe94b8f97c
[   65.153791][ T3599] R13: 00007ffe94b8f990 R14: 00007ffe94b8f9d0 R15: 0000000000000000
[   65.161769][ T3599]  </TASK>
[   65.165007][ T3599] Kernel Offset: disabled
[   65.169322][ T3599] Rebooting in 86400 seconds..