[   48.638351][    T8] device veth0_macvtap left promiscuous mode
[   48.645949][    T8] device veth1_vlan left promiscuous mode
[   48.651986][    T8] device veth0_vlan left promiscuous mode
[   51.834791][    T8] team0 (unregistering): Port device team_slave_1 removed
[   51.848520][    T8] team0 (unregistering): Port device team_slave_0 removed
[   51.860669][    T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   51.874371][    T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   51.919222][    T8] bond0 (unregistering): Released all slaves
[   53.624138][ T5432] can: request_module (can-proto-0) failed.
[   53.641961][ T5432] can: request_module (can-proto-0) failed.
[   71.223488][ T2937] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts.
[   73.117856][ T5889] ==================================================================
[   73.126422][ T5889] BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0
[   73.133797][ T5889] Read of size 8 at addr ffff88801fa531e0 by task syz-executor427/5889
[   73.142800][ T5889] 
[   73.145117][ T5889] CPU: 0 PID: 5889 Comm: syz-executor427 Not tainted 5.11.0-syzkaller #0
[   73.153609][ T5889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.164008][ T5889] Call Trace:
[   73.167594][ T5889]  dump_stack+0x9a/0xcc
[   73.171748][ T5889]  ? __list_add_valid+0x93/0xa0
[   73.176957][ T5889]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   73.184559][ T5889]  ? __list_add_valid+0x93/0xa0
[   73.189746][ T5889]  ? __list_add_valid+0x93/0xa0
[   73.194978][ T5889]  kasan_report.cold+0x79/0xd5
[   73.200046][ T5889]  ? __list_add_valid+0x93/0xa0
[   73.204888][ T5889]  __list_add_valid+0x93/0xa0
[   73.209559][ T5889]  rdma_listen+0x51c/0xb10
[   73.214499][ T5889]  ? _raw_spin_unlock+0x24/0x40
[   73.219605][ T5889]  ? rdma_resolve_addr+0x1db0/0x1db0
[   73.224990][ T5889]  ? ucma_get_event+0x5e0/0x5e0
[   73.230191][ T5889]  ? ucma_notify+0x160/0x160
[   73.234863][ T5889]  ucma_listen+0x11b/0x1a0
[   73.239288][ T5889]  ? ucma_notify+0x160/0x160
[   73.243903][ T5889]  ucma_write+0x1aa/0x2b0
[   73.248219][ T5889]  ? ucma_query_gid+0x4b0/0x4b0
[   73.253069][ T5889]  ? apparmor_file_permission+0x14e/0x450
[   73.258787][ T5889]  ? security_file_permission+0x49/0x460
[   73.265012][ T5889]  vfs_write+0x1c4/0x870
[   73.269245][ T5889]  ksys_write+0x171/0x1d0
[   73.273564][ T5889]  ? __ia32_sys_read+0xa0/0xa0
[   73.278316][ T5889]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   73.284277][ T5889]  ? syscall_enter_from_user_mode+0x27/0x70
[   73.290202][ T5889]  do_syscall_64+0x2d/0x70
[   73.294864][ T5889]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   73.300991][ T5889] RIP: 0033:0x7fc57c77dfa9
[   73.305549][ T5889] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   73.325489][ T5889] RSP: 002b:00007fffbfa07b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   73.334204][ T5889] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc57c77dfa9
[   73.342456][ T5889] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003
[   73.350870][ T5889] RBP: 0000000000000000 R08: 00007fffbfa07d28 R09: 00007fffbfa07d28
[   73.359092][ T5889] R10: 00007fffbfa07d28 R11: 0000000000000246 R12: 00007fffbfa07b9c
[   73.367148][ T5889] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[   73.375343][ T5889] 
[   73.377661][ T5889] Allocated by task 5888:
[   73.381970][ T5889]  kasan_save_stack+0x1b/0x40
[   73.386657][ T5889]  ____kasan_kmalloc.constprop.0+0x82/0xa0
[   73.392621][ T5889]  __rdma_create_id+0x56/0x500
[   73.397383][ T5889]  rdma_create_user_id+0x75/0xc0
[   73.402320][ T5889]  ucma_create_id+0x117/0x2e0
[   73.407145][ T5889]  ucma_write+0x1aa/0x2b0
[   73.411504][ T5889]  vfs_write+0x1c4/0x870
[   73.415821][ T5889]  ksys_write+0x171/0x1d0
[   73.420133][ T5889]  do_syscall_64+0x2d/0x70
[   73.424545][ T5889]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   73.430426][ T5889] 
[   73.433518][ T5889] Freed by task 5888:
[   73.437687][ T5889]  kasan_save_stack+0x1b/0x40
[   73.442355][ T5889]  kasan_set_track+0x1c/0x30
[   73.446926][ T5889]  kasan_set_free_info+0x20/0x30
[   73.452183][ T5889]  ____kasan_slab_free+0xe1/0x110
[   73.457334][ T5889]  slab_free_freelist_hook+0x5d/0x150
[   73.462818][ T5889]  kfree+0xdb/0x3b0
[   73.466625][ T5889]  ucma_destroy_private_ctx+0x7df/0xa80
[   73.472161][ T5889]  ucma_close+0xfc/0x180
[   73.476388][ T5889]  __fput+0x204/0x870
[   73.480364][ T5889]  task_work_run+0xc0/0x160
[   73.484875][ T5889]  do_exit+0xa81/0x2570
[   73.489011][ T5889]  do_group_exit+0xe7/0x290
[   73.493491][ T5889]  __x64_sys_exit_group+0x35/0x40
[   73.498504][ T5889]  do_syscall_64+0x2d/0x70
[   73.502939][ T5889]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   73.508822][ T5889] 
[   73.511136][ T5889] The buggy address belongs to the object at ffff88801fa53000
[   73.511136][ T5889]  which belongs to the cache kmalloc-2k of size 2048
[   73.525951][ T5889] The buggy address is located 480 bytes inside of
[   73.525951][ T5889]  2048-byte region [ffff88801fa53000, ffff88801fa53800)
[   73.539496][ T5889] The buggy address belongs to the page:
[   73.545305][ T5889] page:00000000e6561816 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fa50
[   73.555721][ T5889] head:00000000e6561816 order:3 compound_mapcount:0 compound_pincount:0
[   73.564031][ T5889] flags: 0xfff00000010200(slab|head)
[   73.569301][ T5889] raw: 00fff00000010200 ffffea000089e000 0000000300000003 ffff88800f442000
[   73.578168][ T5889] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[   73.587039][ T5889] page dumped because: kasan: bad access detected
[   73.593530][ T5889] page_owner tracks the page as allocated
[   73.599320][ T5889] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 8, ts 47725083692
[   73.618068][ T5889]  post_alloc_hook+0x144/0x1c0
[   73.623210][ T5889]  get_page_from_freelist+0x1c6e/0x3f80
[   73.630049][ T5889]  __alloc_pages_nodemask+0x2d6/0x730
[   73.635542][ T5889]  allocate_slab+0x2b6/0x4a0
[   73.640585][ T5889]  ___slab_alloc+0x476/0x790
[   73.645170][ T5889]  __slab_alloc.constprop.0+0x95/0xe0
[   73.650667][ T5889]  __kmalloc_node_track_caller+0x1ad/0x3f0
[   73.656493][ T5889]  __alloc_skb+0x7f/0x4e0
[   73.660959][ T5889]  rtmsg_ifinfo_build_skb+0x6d/0x160
[   73.666499][ T5889]  rollback_registered_many+0xcbe/0x1290
[   73.672292][ T5889]  unregister_netdevice_many.part.0+0x10/0x2b0
[   73.679436][ T5889]  ip_tunnel_delete_nets+0x326/0x4d0
[   73.685342][ T5889]  cleanup_net+0x423/0x990
[   73.689854][ T5889]  process_one_work+0x84c/0x13b0
[   73.694962][ T5889]  worker_thread+0x598/0xf80
[   73.700250][ T5889]  kthread+0x36f/0x450
[   73.704644][ T5889] page last free stack trace:
[   73.709636][ T5889]  __free_pages_ok+0x4da/0xed0
[   73.714450][ T5889]  unfreeze_partials+0x16c/0x1b0
[   73.719379][ T5889]  put_cpu_partial+0x129/0x200
[   73.724183][ T5889]  qlist_free_all+0x5a/0xc0
[   73.729007][ T5889]  quarantine_reduce+0x180/0x200
[   73.734116][ T5889]  ____kasan_kmalloc.constprop.0+0x98/0xa0
[   73.740115][ T5889]  kmem_cache_alloc_node+0x1e0/0x470
[   73.746191][ T5889]  __alloc_skb+0x42/0x4e0
[   73.750969][ T5889]  rtmsg_ifinfo_build_skb+0x6d/0x160
[   73.756500][ T5889]  rtmsg_ifinfo+0x5c/0x100
[   73.761016][ T5889]  dev_close_many+0x27c/0x580
[   73.766166][ T5889]  rollback_registered_many+0x365/0x1290
[   73.771892][ T5889]  unregister_netdevice_many.part.0+0x10/0x2b0
[   73.778174][ T5889]  ip_tunnel_delete_nets+0x326/0x4d0
[   73.783463][ T5889]  cleanup_net+0x423/0x990
[   73.788112][ T5889]  process_one_work+0x84c/0x13b0
[   73.793180][ T5889] 
[   73.795930][ T5889] Memory state around the buggy address:
[   73.802158][ T5889]  ffff88801fa53080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.810798][ T5889]  ffff88801fa53100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.819408][ T5889] >ffff88801fa53180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.828047][ T5889]                                                        ^
[   73.835543][ T5889]  ffff88801fa53200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.844242][ T5889]  ffff88801fa53280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.852441][ T5889] ==================================================================
[   73.861016][ T5889] Disabling lock debugging due to kernel taint
[   73.867705][ T5889] Kernel panic - not syncing: panic_on_warn set ...
[   73.874303][ T5889] CPU: 1 PID: 5889 Comm: syz-executor427 Tainted: G    B             5.11.0-syzkaller #0
[   73.884873][ T5889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.895809][ T5889] Call Trace:
[   73.899111][ T5889]  dump_stack+0x9a/0xcc
[   73.903262][ T5889]  panic+0x256/0x4eb
[   73.907753][ T5889]  ? __warn_printk+0xee/0xee
[   73.912416][ T5889]  ? preempt_schedule_common+0x59/0xc0
[   73.918129][ T5889]  ? __list_add_valid+0x93/0xa0
[   73.923231][ T5889]  ? preempt_schedule_thunk+0x16/0x18
[   73.928597][ T5889]  ? __list_add_valid+0x93/0xa0
[   73.933670][ T5889]  ? __list_add_valid+0x93/0xa0
[   73.938507][ T5889]  end_report+0x58/0x5e
[   73.942725][ T5889]  kasan_report.cold+0x67/0xd5
[   73.947493][ T5889]  ? __list_add_valid+0x93/0xa0
[   73.952575][ T5889]  __list_add_valid+0x93/0xa0
[   73.957371][ T5889]  rdma_listen+0x51c/0xb10
[   73.961866][ T5889]  ? _raw_spin_unlock+0x24/0x40
[   73.966966][ T5889]  ? rdma_resolve_addr+0x1db0/0x1db0
[   73.972369][ T5889]  ? ucma_get_event+0x5e0/0x5e0
[   73.977215][ T5889]  ? ucma_notify+0x160/0x160
[   73.981791][ T5889]  ucma_listen+0x11b/0x1a0
[   73.986202][ T5889]  ? ucma_notify+0x160/0x160
[   73.991028][ T5889]  ucma_write+0x1aa/0x2b0
[   73.995448][ T5889]  ? ucma_query_gid+0x4b0/0x4b0
[   74.000677][ T5889]  ? apparmor_file_permission+0x14e/0x450
[   74.006601][ T5889]  ? security_file_permission+0x49/0x460
[   74.012225][ T5889]  vfs_write+0x1c4/0x870
[   74.016530][ T5889]  ksys_write+0x171/0x1d0
[   74.020844][ T5889]  ? __ia32_sys_read+0xa0/0xa0
[   74.025591][ T5889]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[   74.031670][ T5889]  ? syscall_enter_from_user_mode+0x27/0x70
[   74.037687][ T5889]  do_syscall_64+0x2d/0x70
[   74.042093][ T5889]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   74.048210][ T5889] RIP: 0033:0x7fc57c77dfa9
[   74.052622][ T5889] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   74.072520][ T5889] RSP: 002b:00007fffbfa07b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   74.081000][ T5889] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc57c77dfa9
[   74.089131][ T5889] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000003
[   74.097291][ T5889] RBP: 0000000000000000 R08: 00007fffbfa07d28 R09: 00007fffbfa07d28
[   74.105539][ T5889] R10: 00007fffbfa07d28 R11: 0000000000000246 R12: 00007fffbfa07b9c
[   74.113754][ T5889] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[   74.121996][ T5889] Kernel Offset: disabled
[   74.126423][ T5889] Rebooting in 86400 seconds..