[   71.673381][    T5] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts.
[   72.103649][ T5895] cgroup: Unknown subsys name 'net'
[   72.111503][ T5895] cgroup: Unknown subsys name 'rlimit'
[   72.126370][ T5896] IPVS: ftp: loaded support on port[0] = 21
[   72.168600][ T5897] ==================================================================
[   72.176732][ T5897] BUG: KASAN: use-after-free in __lock_acquire+0x3f13/0x57d0
[   72.184339][ T5897] Read of size 8 at addr ffff8880168f3e40 by task syz-executor696/5897
[   72.192843][ T5897] 
[   72.195155][ T5897] CPU: 0 PID: 5897 Comm: syz-executor696 Not tainted 5.11.0-syzkaller #0
[   72.203627][ T5897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.213747][ T5897] Call Trace:
[   72.217223][ T5897]  dump_stack+0x9a/0xcc
[   72.221651][ T5897]  ? __lock_acquire+0x3f13/0x57d0
[   72.227099][ T5897]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   72.235155][ T5897]  ? __lock_acquire+0x3f13/0x57d0
[   72.245631][ T5897]  ? __lock_acquire+0x3f13/0x57d0
[   72.250919][ T5897]  kasan_report.cold+0x79/0xd5
[   72.255770][ T5897]  ? __lock_acquire+0x3f13/0x57d0
[   72.260953][ T5897]  __lock_acquire+0x3f13/0x57d0
[   72.265888][ T5897]  ? __lock_acquire+0xbfc/0x57d0
[   72.270806][ T5897]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   72.276954][ T5897]  lock_acquire+0x1a8/0x720
[   72.281452][ T5897]  ? remove_wait_queue+0x1d/0x180
[   72.286484][ T5897]  ? lock_release+0x710/0x710
[   72.291145][ T5897]  ? lock_acquire+0x1a8/0x720
[   72.296000][ T5897]  ? lock_release+0x710/0x710
[   72.300937][ T5897]  ? mutex_lock_io_nested+0xf60/0xf60
[   72.306303][ T5897]  ? _raw_spin_lock_irqsave+0x4e/0x50
[   72.311663][ T5897]  _raw_spin_lock_irqsave+0x39/0x50
[   72.317270][ T5897]  ? remove_wait_queue+0x1d/0x180
[   72.322301][ T5897]  remove_wait_queue+0x1d/0x180
[   72.327133][ T5897]  ep_remove_wait_queue+0x71/0x110
[   72.332322][ T5897]  ep_remove+0xe0/0x860
[   72.337264][ T5897]  eventpoll_release_file+0xc8/0x110
[   72.342551][ T5897]  __fput+0x5ac/0x870
[   72.346876][ T5897]  ? _raw_spin_unlock_irq+0x1f/0x40
[   72.352103][ T5897]  task_work_run+0xc0/0x160
[   72.356974][ T5897]  exit_to_user_mode_prepare+0x249/0x250
[   72.362804][ T5897]  syscall_exit_to_user_mode+0x19/0x60
[   72.368449][ T5897]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   72.374424][ T5897] RIP: 0033:0x7fc53c978ee3
[   72.378915][ T5897] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
[   72.399991][ T5897] RSP: 002b:00007ffcf2f146c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   72.408476][ T5897] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007fc53c978ee3
[   72.416782][ T5897] RDX: 000000000000002f RSI: 0000000020001340 RDI: 0000000000000004
[   72.424826][ T5897] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffcf2f146f0
[   72.432825][ T5897] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf2f146ec
[   72.440861][ T5897] R13: 00007ffcf2f14700 R14: 00007ffcf2f14740 R15: 0000000000000000
[   72.448901][ T5897] 
[   72.451202][ T5897] Allocated by task 5897:
[   72.455783][ T5897]  kasan_save_stack+0x1b/0x40
[   72.461024][ T5897]  ____kasan_kmalloc.constprop.0+0x82/0xa0
[   72.467119][ T5897]  psi_trigger_create.part.0+0x15e/0x830
[   72.472926][ T5897]  cgroup_pressure_write+0x117/0x4f0
[   72.478296][ T5897]  cgroup_file_write+0x268/0x690
[   72.483244][ T5897]  kernfs_fop_write_iter+0x2c5/0x460
[   72.488522][ T5897]  new_sync_write+0x35d/0x5f0
[   72.493390][ T5897]  vfs_write+0x5be/0x870
[   72.497739][ T5897]  ksys_write+0xf4/0x1d0
[   72.501978][ T5897]  do_syscall_64+0x2d/0x70
[   72.506621][ T5897]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   72.512641][ T5897] 
[   72.514989][ T5897] Freed by task 5897:
[   72.519026][ T5897]  kasan_save_stack+0x1b/0x40
[   72.523864][ T5897]  kasan_set_track+0x1c/0x30
[   72.528445][ T5897]  kasan_set_free_info+0x20/0x30
[   72.533646][ T5897]  ____kasan_slab_free+0xe1/0x110
[   72.538824][ T5897]  slab_free_freelist_hook+0x5d/0x150
[   72.544265][ T5897]  kfree+0xdb/0x3b0
[   72.548149][ T5897]  cgroup_pressure_write+0x12f/0x4f0
[   72.553407][ T5897]  cgroup_file_write+0x268/0x690
[   72.558314][ T5897]  kernfs_fop_write_iter+0x2c5/0x460
[   72.563652][ T5897]  new_sync_write+0x35d/0x5f0
[   72.568402][ T5897]  vfs_write+0x5be/0x870
[   72.572750][ T5897]  ksys_write+0xf4/0x1d0
[   72.577138][ T5897]  do_syscall_64+0x2d/0x70
[   72.581617][ T5897]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   72.587591][ T5897] 
[   72.589891][ T5897] Last potentially related work creation:
[   72.595885][ T5897]  kasan_save_stack+0x1b/0x40
[   72.600586][ T5897]  kasan_record_aux_stack+0xc5/0xf0
[   72.605938][ T5897]  insert_work+0x42/0x300
[   72.610266][ T5897]  __queue_work+0x497/0xcb0
[   72.614752][ T5897]  queue_work_on+0x6d/0x80
[   72.619155][ T5897]  call_usermodehelper_exec+0x1b8/0x430
[   72.624680][ T5897]  kobject_uevent_env+0xc6f/0x12c0
[   72.629771][ T5897]  device_add+0x941/0x1ad0
[   72.634161][ T5897]  device_create_groups_vargs+0x1c8/0x230
[   72.639852][ T5897]  device_create+0xa1/0xd0
[   72.644236][ T5897]  bdi_register_va.part.0+0x91/0x6d0
[   72.649495][ T5897]  bdi_register+0x110/0x130
[   72.653975][ T5897]  __device_add_disk+0xa42/0x1020
[   72.658977][ T5897]  nbd_dev_add+0x661/0x850
[   72.663374][ T5897]  nbd_init+0x160/0x175
[   72.667506][ T5897]  do_one_initcall+0xbe/0x430
[   72.672162][ T5897]  kernel_init_freeable+0x570/0x5ca
[   72.677333][ T5897]  kernel_init+0x8/0x108
[   72.681567][ T5897]  ret_from_fork+0x1f/0x30
[   72.685959][ T5897] 
[   72.688265][ T5897] The buggy address belongs to the object at ffff8880168f3e00
[   72.688265][ T5897]  which belongs to the cache kmalloc-192 of size 192
[   72.702286][ T5897] The buggy address is located 64 bytes inside of
[   72.702286][ T5897]  192-byte region [ffff8880168f3e00, ffff8880168f3ec0)
[   72.715455][ T5897] The buggy address belongs to the page:
[   72.721059][ T5897] page:000000000a139344 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x168f3
[   72.731183][ T5897] flags: 0xfff00000000200(slab)
[   72.736023][ T5897] raw: 00fff00000000200 0000000000000000 0000000a00000001 ffff88800f441500
[   72.744674][ T5897] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   72.753232][ T5897] page dumped because: kasan: bad access detected
[   72.759742][ T5897] page_owner tracks the page as allocated
[   72.765733][ T5897] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 6743796608
[   72.779712][ T5897]  post_alloc_hook+0x144/0x1c0
[   72.784548][ T5897]  get_page_from_freelist+0x1c6e/0x3f80
[   72.790077][ T5897]  __alloc_pages_nodemask+0x2d6/0x730
[   72.795436][ T5897]  alloc_page_interleave+0xf/0x190
[   72.800535][ T5897]  allocate_slab+0x2b6/0x4a0
[   72.805182][ T5897]  ___slab_alloc+0x476/0x790
[   72.809763][ T5897]  __slab_alloc.constprop.0+0x95/0xe0
[   72.815351][ T5897]  kmem_cache_alloc_trace+0x2cc/0x360
[   72.820706][ T5897]  call_usermodehelper_setup+0x7f/0x300
[   72.826232][ T5897]  kobject_uevent_env+0xc5b/0x12c0
[   72.831323][ T5897]  device_add+0x941/0x1ad0
[   72.835710][ T5897]  device_create_groups_vargs+0x1c8/0x230
[   72.841417][ T5897]  device_create+0xa1/0xd0
[   72.845808][ T5897]  bdi_register_va.part.0+0x91/0x6d0
[   72.851084][ T5897]  bdi_register+0x110/0x130
[   72.855572][ T5897]  __device_add_disk+0xa42/0x1020
[   72.860583][ T5897] page last free stack trace:
[   72.865228][ T5897]  free_pcp_prepare+0x2cb/0x410
[   72.870057][ T5897]  free_unref_page+0x12/0x1b0
[   72.874712][ T5897]  __mmdrop+0xb9/0x350
[   72.878805][ T5897]  free_bprm+0x5b/0x290
[   72.883037][ T5897]  kernel_execve+0x2cc/0x3e0
[   72.887628][ T5897]  call_usermodehelper_exec_async+0x2c1/0x500
[   72.893672][ T5897]  ret_from_fork+0x1f/0x30
[   72.898067][ T5897] 
[   72.900364][ T5897] Memory state around the buggy address:
[   72.905976][ T5897]  ffff8880168f3d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   72.914008][ T5897]  ffff8880168f3d80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   72.922039][ T5897] >ffff8880168f3e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.930067][ T5897]                                            ^
[   72.936191][ T5897]  ffff8880168f3e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   72.944225][ T5897]  ffff8880168f3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   72.952256][ T5897] ==================================================================
[   72.960461][ T5897] Disabling lock debugging due to kernel taint
[   72.966591][ T5897] Kernel panic - not syncing: panic_on_warn set ...
[   72.973241][ T5897] CPU: 0 PID: 5897 Comm: syz-executor696 Tainted: G    B             5.11.0-syzkaller #0
[   72.983014][ T5897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.993044][ T5897] Call Trace:
[   72.996306][ T5897]  dump_stack+0x9a/0xcc
[   73.000530][ T5897]  panic+0x256/0x4eb
[   73.004469][ T5897]  ? __warn_printk+0xee/0xee
[   73.009060][ T5897]  ? __lock_acquire+0x3f13/0x57d0
[   73.014114][ T5897]  ? __lock_acquire+0x3f13/0x57d0
[   73.019140][ T5897]  end_report+0x58/0x5e
[   73.023281][ T5897]  kasan_report.cold+0x67/0xd5
[   73.028020][ T5897]  ? __lock_acquire+0x3f13/0x57d0
[   73.033021][ T5897]  __lock_acquire+0x3f13/0x57d0
[   73.037875][ T5897]  ? __lock_acquire+0xbfc/0x57d0
[   73.042798][ T5897]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   73.048754][ T5897]  lock_acquire+0x1a8/0x720
[   73.053243][ T5897]  ? remove_wait_queue+0x1d/0x180
[   73.058260][ T5897]  ? lock_release+0x710/0x710
[   73.062993][ T5897]  ? lock_acquire+0x1a8/0x720
[   73.067664][ T5897]  ? lock_release+0x710/0x710
[   73.072313][ T5897]  ? mutex_lock_io_nested+0xf60/0xf60
[   73.077652][ T5897]  ? _raw_spin_lock_irqsave+0x4e/0x50
[   73.083603][ T5897]  _raw_spin_lock_irqsave+0x39/0x50
[   73.088955][ T5897]  ? remove_wait_queue+0x1d/0x180
[   73.094106][ T5897]  remove_wait_queue+0x1d/0x180
[   73.099071][ T5897]  ep_remove_wait_queue+0x71/0x110
[   73.104185][ T5897]  ep_remove+0xe0/0x860
[   73.108592][ T5897]  eventpoll_release_file+0xc8/0x110
[   73.113959][ T5897]  __fput+0x5ac/0x870
[   73.117927][ T5897]  ? _raw_spin_unlock_irq+0x1f/0x40
[   73.123108][ T5897]  task_work_run+0xc0/0x160
[   73.127606][ T5897]  exit_to_user_mode_prepare+0x249/0x250
[   73.133227][ T5897]  syscall_exit_to_user_mode+0x19/0x60
[   73.138663][ T5897]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   73.144977][ T5897] RIP: 0033:0x7fc53c978ee3
[   73.149466][ T5897] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
[   73.169338][ T5897] RSP: 002b:00007ffcf2f146c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   73.177812][ T5897] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007fc53c978ee3
[   73.186023][ T5897] RDX: 000000000000002f RSI: 0000000020001340 RDI: 0000000000000004
[   73.194062][ T5897] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffcf2f146f0
[   73.202006][ T5897] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf2f146ec
[   73.209962][ T5897] R13: 00007ffcf2f14700 R14: 00007ffcf2f14740 R15: 0000000000000000
[   73.218096][ T5897] Kernel Offset: disabled
[   73.222406][ T5897] Rebooting in 86400 seconds..