syzbot

32-bit node address hash set to 100007f
BUG: unable to handle kernel paging request at ffffd76c8cfffff0
#PF error: [WRITE]
PGD 0 P4D 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 15086 Comm: kworker/u4:9 Not tainted 5.0.0-rc3+ #17
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:__skb_unlink include/linux/skbuff.h:1924 [inline]
RIP: 0010:__skb_dequeue include/linux/skbuff.h:1941 [inline]
RIP: 0010:__skb_queue_purge include/linux/skbuff.h:2655 [inline]
RIP: 0010:gro_cells_destroy net/core/gro_cells.c:89 [inline]
RIP: 0010:gro_cells_destroy+0x1ab/0x360 net/core/gro_cells.c:78
Code: 7a 08 49 8b 47 08 49 c7 07 00 00 00 00 48 89 f9 49 c7 47 08 00 00 00 00 48 c1 e9 03 42 80 3c 21 00 0f 85 10 01 00 00 48 89 c1 <48> 89 42 08 48 c1 e9 03 42 80 3c 21 00 0f 85 dd 00 00 00 48 89 10
RSP: 0018:ffff888060f0f4b0 EFLAGS: 00010246
RAX: 00ffffffffffffe8 RBX: ffffe8ffffd767a0 RCX: 00ffffffffffffe8
RDX: ffffd76c8cffffe8 RSI: ffffffff86327d6a RDI: ffffd76c8cfffff0
RBP: ffff888060f0f510 R08: ffff888064726080 R09: fffffbfff1461cb5
R10: fffffbfff1461cb4 R11: ffffffff8a30e5a3 R12: dffffc0000000000
R13: 0000000000000001 R14: ffffe8ffffd767b0 R15: ffffe8ffffd767a5
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffd76c8cfffff0 CR3: 000000009d9b9000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ip_tunnel_dev_free+0x19/0x60 net/ipv4/ip_tunnel.c:960
kobject: 'loop1' (00000000c6e21b9d): kobject_uevent_env
 netdev_run_todo+0x647/0xae0 net/core/dev.c:8885
kobject: 'loop1' (00000000c6e21b9d): fill_kobj_path: path = '/devices/virtual/block/loop1'
 rtnl_unlock+0xe/0x10 net/core/rtnetlink.c:117
 ip_tunnel_delete_nets+0x4df/0x6d0 net/ipv4/ip_tunnel.c:1074
 ipip_exit_batch_net+0x23/0x30 net/ipv4/ipip.c:663
 ops_exit_list.isra.0+0x105/0x160 net/core/net_namespace.c:156
 cleanup_net+0x51d/0xb10 net/core/net_namespace.c:551
 process_one_work+0xd0c/0x1ce0 kernel/workqueue.c:2153
 worker_thread+0x143/0x14a0 kernel/workqueue.c:2296
 kthread+0x357/0x430 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Modules linked in:
CR2: ffffd76c8cfffff0
---[ end trace e4737d4ec48ad9bc ]---
RIP: 0010:__skb_unlink include/linux/skbuff.h:1924 [inline]
RIP: 0010:__skb_dequeue include/linux/skbuff.h:1941 [inline]
RIP: 0010:__skb_queue_purge include/linux/skbuff.h:2655 [inline]
RIP: 0010:gro_cells_destroy net/core/gro_cells.c:89 [inline]
RIP: 0010:gro_cells_destroy+0x1ab/0x360 net/core/gro_cells.c:78
Code: 7a 08 49 8b 47 08 49 c7 07 00 00 00 00 48 89 f9 49 c7 47 08 00 00 00 00 48 c1 e9 03 42 80 3c 21 00 0f 85 10 01 00 00 48 89 c1 <48> 89 42 08 48 c1 e9 03 42 80 3c 21 00 0f 85 dd 00 00 00 48 89 10
RSP: 0018:ffff888060f0f4b0 EFLAGS: 00010246
RAX: 00ffffffffffffe8 RBX: ffffe8ffffd767a0 RCX: 00ffffffffffffe8
RDX: ffffd76c8cffffe8 RSI: ffffffff86327d6a RDI: ffffd76c8cfffff0
RBP: ffff888060f0f510 R08: ffff888064726080 R09: fffffbfff1461cb5
R10: fffffbfff1461cb4 R11: ffffffff8a30e5a3 R12: dffffc0000000000
R13: 0000000000000001 R14: ffffe8ffffd767b0 R15: ffffe8ffffd767a5
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffd76c8cfffff0 CR3: 000000009d9b9000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400