DUID 00:04:f8:bf:f0:9c:61:e1:97:95:98:d7:6e:33:ae:fb:a4:bd
forked to background, child pid 3182
[   28.699496][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.711991][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   54.795135][ T3598] 
[   54.797488][ T3598] =====================================
[   54.803009][ T3598] WARNING: bad unlock balance detected!
[   54.808539][ T3598] 5.16.0-rc5-syzkaller #0 Not tainted
[   54.813894][ T3598] -------------------------------------
[   54.819417][ T3598] syz-executor545/3598 is trying to release lock (&call->user_mutex) at:
[   54.827825][ T3598] [<ffffffff88546903>] rxrpc_do_sendmsg+0xc13/0x1350
[   54.834510][ T3598] but there are no more locks to release!
[   54.840207][ T3598] 
[   54.840207][ T3598] other info that might help us debug this:
[   54.848246][ T3598] no locks held by syz-executor545/3598.
[   54.853858][ T3598] 
[   54.853858][ T3598] stack backtrace:
[   54.859726][ T3598] CPU: 1 PID: 3598 Comm: syz-executor545 Not tainted 5.16.0-rc5-syzkaller #0
[   54.868476][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.878519][ T3598] Call Trace:
[   54.881787][ T3598]  <TASK>
[   54.884708][ T3598]  dump_stack_lvl+0xcd/0x134
[   54.889300][ T3598]  lock_release.cold+0x49/0x4e
[   54.894060][ T3598]  ? rxrpc_do_sendmsg+0xc13/0x1350
[   54.899174][ T3598]  ? lock_downgrade+0x6e0/0x6e0
[   54.904023][ T3598]  ? trace_rxrpc_timer+0x290/0x290
[   54.909134][ T3598]  __mutex_unlock_slowpath+0x99/0x5e0
[   54.914503][ T3598]  ? wait_for_completion_io+0x270/0x270
[   54.920045][ T3598]  ? wake_up_q+0xf0/0xf0
[   54.924287][ T3598]  ? rxrpc_do_sendmsg+0xef8/0x1350
[   54.929392][ T3598]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   54.935636][ T3598]  ? rxrpc_put_peer+0x8a/0x3c0
[   54.940391][ T3598]  rxrpc_do_sendmsg+0xc13/0x1350
[   54.945322][ T3598]  ? rxrpc_kernel_send_data+0x450/0x450
[   54.950864][ T3598]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   54.957104][ T3598]  ? rxrpc_lookup_local+0x9bd/0x1050
[   54.962401][ T3598]  rxrpc_sendmsg+0x420/0x630
[   54.966985][ T3598]  ? rxrpc_sock_set_min_security_level+0xe0/0xe0
[   54.973340][ T3598]  sock_sendmsg+0xcf/0x120
[   54.977750][ T3598]  ____sys_sendmsg+0x6e8/0x810
[   54.982507][ T3598]  ? kernel_sendmsg+0x50/0x50
[   54.987175][ T3598]  ? do_recvmmsg+0x6d0/0x6d0
[   54.991759][ T3598]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   54.997823][ T3598]  ? lock_downgrade+0x6e0/0x6e0
[   55.002672][ T3598]  ___sys_sendmsg+0xf3/0x170
[   55.007260][ T3598]  ? sendmsg_copy_msghdr+0x160/0x160
[   55.012539][ T3598]  ? lock_downgrade+0x6e0/0x6e0
[   55.017742][ T3598]  ? __fget_light+0xea/0x280
[   55.022323][ T3598]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   55.028570][ T3598]  __sys_sendmsg+0xe5/0x1b0
[   55.033069][ T3598]  ? __sys_sendmsg_sock+0x30/0x30
[   55.038102][ T3598]  ? syscall_enter_from_user_mode+0x21/0x70
[   55.043994][ T3598]  do_syscall_64+0x35/0xb0
[   55.048410][ T3598]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   55.054301][ T3598] RIP: 0033:0x7fd4c406ddf9
[   55.058708][ T3598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   55.078306][ T3598] RSP: 002b:00007fd4c4020318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   55.086708][ T3598] RAX: ffffffffffffffda RBX: 00007fd4c40f63e8 RCX: 00007fd4c406ddf9
[   55.094671][ T3598