forked to background, child pid 4651
no interfaces have a carrier
[   34.875160][ T4652] 8021q: adding VLAN 0 to HW filter on device bond0
[   34.889582][ T4652] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.94' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   57.059820][ T5072] ------------[ cut here ]------------
[   57.065408][ T5072] WARNING: CPU: 1 PID: 5072 at kernel/fork.c:845 __put_task_struct+0x330/0x3d0
[   57.067620][ T5071] ------------[ cut here ]------------
[   57.074919][ T5072] Modules linked in:
[   57.079958][ T5071] refcount_t: addition on 0; use-after-free.
[   57.080476][ T5071] WARNING: CPU: 0 PID: 5071 at lib/refcount.c:25 refcount_warn_saturate+0x17c/0x1f0
[   57.084302][ T5072] 
[   57.089883][ T5071] Modules linked in:
[   57.099506][ T5072] CPU: 1 PID: 5072 Comm: syz-executor214 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[   57.101603][ T5071] 
[   57.101611][ T5071] CPU: 0 PID: 5071 Comm: syz-executor214 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[   57.101640][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.105553][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.115496][ T5071] RIP: 0010:refcount_warn_saturate+0x17c/0x1f0
[   57.115543][ T5071] Code: 0a 31 ff 89 de e8 d4 13 78 fd 84 db 0f 85 2e ff ff ff e8 57 17 78 fd 48 c7 c7 60 87 a6 8a c6 05 e0 ce 54 0a 01 e8 98 a7 b2 05 <0f> 0b e9 0f ff ff ff e8 38 17 78 fd 0f b6 1d ca ce 54 0a 31 ff 89
[   57.115564][ T5071] RSP: 0018:ffffc90003bbfb68 EFLAGS: 00010286
[   57.115585][ T5071] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   57.115599][ T5071] RDX: ffff88802943ba80 RSI: ffffffff8166972c RDI: fffff52000777f5f
[   57.115615][ T5071] RBP: ffff888027d7d7e8 R08: 0000000000000005 R09: 0000000000000000
[   57.115630][ T5071] R10: 0000000080000001 R11: 0000000000000000 R12: ffff88807523da00
[   57.115649][ T5071] R13: ffff888027d7dce8 R14: 0000000000000000 R15: ffff888027d7d7e8
[   57.115668][ T5071] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   57.115694][ T5071] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.119879][ T5072] RIP: 0010:__put_task_struct+0x330/0x3d0
[   57.128029][ T5071] CR2: 0000000020d55000 CR3: 00000000720f8000 CR4: 00000000003506f0
[   57.128054][ T5071] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   57.128071][ T5071] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   57.128088][ T5071] Call Trace:
[   57.128095][ T5071]  <TASK>
[   57.128107][ T5071]  mm_update_next_owner+0x585/0x7b0
[   57.174282][ T5072] Code: 0e 4c 89 e6 e8 f1 3a 85 00 e9 22 ff ff ff e8 c7 aa 37 00 be 03 00 00 00 4c 89 e7 e8 fa 91 bf 02 e9 0b ff ff ff e8 b0 aa 37 00 <0f> 0b e9 1a fd ff ff e8 a4 aa 37 00 0f 0b e9 62 fd ff ff e8 98 aa
[   57.180342][ T5071]  do_exit+0x9a4/0x2a90
[   57.204464][ T5072] RSP: 0018:ffffc90003bffa68 EFLAGS: 00010293
[   57.212497][ T5071]  ? find_held_lock+0x2d/0x110
[   57.220876][ T5072] 
[   57.229491][ T5071]  ? get_signal+0x8a0/0x24f0
[   57.236062][ T5072] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   57.241753][ T5071]  ? mm_update_next_owner+0x7b0/0x7b0
[   57.249840][ T5072] RDX: ffff888027d7d7c0 RSI: ffffffff814a1230 RDI: 0000000000000005
[   57.257779][ T5071]  do_group_exit+0xd4/0x2a0
[   57.265759][ T5072] RBP: ffff888027d7d7c0 R08: 0000000000000005 R09: 0000000000000000
[   57.269039][ T5071]  get_signal+0x225f/0x24f0
[   57.269076][ T5071]  ? vfs_write+0x49e/0xe10
[   57.272944][ T5072] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000403
[   57.277210][ T5071]  ? exit_signals+0x910/0x910
[   57.297245][ T5072] R13: ffff888017c51940 R14: fffffffffffffbfd R15: ffff888017c51800
[   57.301043][ T5071]  ? kick_process+0xf6/0x190
[   57.307633][ T5072] FS:  00007fafe995a700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   57.312064][ T5071]  ? task_work_add+0x18e/0x2c0
[   57.314450][ T5072] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.319048][ T5071]  arch_do_signal_or_restart+0x79/0x5c0
[   57.319086][ T5071]  ? get_sigframe_size+0x10/0x10
[   57.340855][ T5072] CR2: 00007fafe9a1edb8 CR3: 00000000720f8000 CR4: 00000000003506e0
[   57.344986][ T5071]  exit_to_user_mode_prepare+0x11f/0x240
[   57.357673][ T5072] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   57.357693][ T5072] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   57.357711][ T5072] Call Trace:
[   57.357719][ T5072]  <TASK>
[   57.362114][ T5071]  syscall_exit_to_user_mode+0x1d/0x50
[   57.370781][ T5072]  io_uring_drop_tctx_refs+0xfc/0x109
[   57.374814][ T5071]  do_syscall_64+0x46/0xb0
[   57.374849][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.383237][ T5072]  io_uring_cancel_generic+0x259/0x606
[   57.387475][ T5071] RIP: 0033:0x7fafe99ce109
[   57.387499][ T5071] Code: Unable to access opcode bytes at 0x7fafe99ce0df.
[   57.396817][ T5072]  ? io_submit_sqes.cold+0xc2/0xc2
[   57.401181][ T5071] RSP: 002b:00007fafe997b308 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   57.408100][ T5072]  ? do_exit+0x2e9/0x2a90
[   57.413338][ T5071] RAX: 0000000000e51000 RBX: 00007fafe9a51428 RCX: 00007fafe99ce109
[   57.413359][ T5071] RDX: 00000000fffffd2c RSI: 0000000020000000 RDI: 0000000000000004
[   57.418758][ T5072]  ? lock_downgrade+0x6e0/0x6e0
[   57.426279][ T5071] RBP: 00007fafe9a51420 R08: 0000000000000000 R09: 0000000000000000
[   57.426299][ T5071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fafe9a1f074
[   57.426318][ T5071] R13: 00007ffcd88beacf R14: 00007fafe997b400 R15: 0000000000022000
[   57.432513][ T5072]  ? prepare_to_wait_exclusive+0x2c0/0x2c0
[   57.440027][ T5071]  </TASK>
[   57.448072][ T5072]  ? rwlock_bug.part.0+0x90/0x90
[   57.451292][ T5071] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   57.451305][ T5071] CPU: 0 PID: 5071 Comm: syz-executor214 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[   57.451332][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.451345][ T5071] Call Trace:
[   57.451353][ T5071]  <TASK>
[   57.451362][ T5071]  dump_stack_lvl+0xd1/0x138
[   57.451391][ T5071]  panic+0x2cc/0x626
[   57.451429][ T5071]  ? panic_print_sys_info.part.0+0x112/0x112
[   57.451488][ T5071]  ? refcount_warn_saturate+0x17c/0x1f0
[   57.451526][ T5071]  check_panic_on_warn.cold+0x19/0x35
[   57.451568][ T5071]  __warn+0xf2/0x1a0
[   57.451602][ T5071]  ? refcount_warn_saturate+0x17c/0x1f0
[   57.451639][ T5071]  report_bug+0x1c0/0x210
[   57.451678][ T5071]  handle_bug+0x3c/0x70
[   57.451712][ T5071]  exc_invalid_op+0x18/0x50
[   57.451742][ T5071]  asm_exc_invalid_op+0x1a/0x20
[   57.451778][ T5071] RIP: 0010:refcount_warn_saturate+0x17c/0x1f0
[   57.451815][ T5071] Code: 0a 31 ff 89 de e8 d4 13 78 fd 84 db 0f 85 2e ff ff ff e8 57 17 78 fd 48 c7 c7 60 87 a6 8a c6 05 e0 ce 54 0a 01 e8 98 a7 b2 05 <0f> 0b e9 0f ff ff ff e8 38 17 78 fd 0f b6 1d ca ce 54 0a 31 ff 89
[   57.451840][ T5071] RSP: 0018:ffffc90003bbfb68 EFLAGS: 00010286
[   57.451862][ T5071] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   57.451878][ T5071] RDX: ffff88802943ba80 RSI: ffffffff8166972c RDI: fffff52000777f5f
[   57.451895][ T5071] RBP: ffff888027d7d7e8 R08: 0000000000000005 R09: 0000000000000000
[   57.451912][ T5071] R10: 0000000080000001 R11: 0000000000000000 R12: ffff88807523da00
[   57.451928][ T5071] R13: ffff888027d7dce8 R14: 0000000000000000 R15: ffff888027d7d7e8
[   57.451957][ T5071]  ? vprintk+0x8c/0xa0
[   57.451990][ T5071]  ? refcount_warn_saturate+0x17c/0x1f0
[   57.452026][ T5071]  mm_update_next_owner+0x585/0x7b0
[   57.452080][ T5071]  do_exit+0x9a4/0x2a90
[   57.452116][ T5071]  ? find_held_lock+0x2d/0x110
[   57.452160][ T5071]  ? get_signal+0x8a0/0x24f0
[   57.452188][ T5071]  ? mm_update_next_owner+0x7b0/0x7b0
[   57.452239][ T5071]  do_group_exit+0xd4/0x2a0
[   57.452282][ T5071]  get_signal+0x225f/0x24f0
[   57.452315][ T5071]  ? vfs_write+0x49e/0xe10
[   57.452348][ T5071]  ? exit_signals+0x910/0x910
[   57.452375][ T5071]  ? kick_process+0xf6/0x190
[   57.452414][ T5071]  ? task_work_add+0x18e/0x2c0
[   57.452455][ T5071]  arch_do_signal_or_restart+0x79/0x5c0
[   57.452488][ T5071]  ? get_sigframe_size+0x10/0x10
[   57.452539][ T5071]  exit_to_user_mode_prepare+0x11f/0x240
[   57.452573][ T5071]  syscall_exit_to_user_mode+0x1d/0x50
[   57.452609][ T5071]  do_syscall_64+0x46/0xb0
[   57.452638][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.452675][ T5071] RIP: 0033:0x7fafe99ce109
[   57.452699][ T5071] Code: Unable to access opcode bytes at 0x7fafe99ce0df.
[   57.452709][ T5071] RSP: 002b:00007fafe997b308 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   57.452733][ T5071] RAX: 0000000000e51000 RBX: 00007fafe9a51428 RCX: 00007fafe99ce109
[   57.452750][ T5071] RDX: 00000000fffffd2c RSI: 0000000020000000 RDI: 0000000000000004
[   57.452767][ T5071] RBP: 00007fafe9a51420 R08: 0000000000000000 R09: 0000000000000000
[   57.452783][ T5071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fafe9a1f074
[   57.452799][ T5071] R13: 00007ffcd88beacf R14: 00007fafe997b400 R15: 0000000000022000
[   57.452835][ T5071]  </TASK>
[   57.454378][ T5071] Kernel Offset: disabled
[   57.884771][ T5071] Rebooting in 86400 seconds..