forked to background, child pid 3172
[   30.402994][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.415169][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: [   30.834331][ T3264] sshd (3264) used greatest stack depth: 22848 bytes left
OK

syzkaller
Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   51.079954][ T3597] ==================================================================
[   51.088139][ T3597] BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0
[   51.095346][ T3597] Read of size 8 at addr ffff888011fd21e0 by task syz-executor962/3597
[   51.103574][ T3597] 
[   51.105886][ T3597] CPU: 0 PID: 3597 Comm: syz-executor962 Not tainted 5.17.0-rc3-syzkaller-00020-g555f3d7be91a #0
[   51.116366][ T3597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.126410][ T3597] Call Trace:
[   51.129678][ T3597]  <TASK>
[   51.132601][ T3597]  dump_stack_lvl+0xcd/0x134
[   51.137199][ T3597]  print_address_description.constprop.0.cold+0x8d/0x336
[   51.144223][ T3597]  ? __list_add_valid+0x93/0xa0
[   51.149069][ T3597]  ? __list_add_valid+0x93/0xa0
[   51.153924][ T3597]  kasan_report.cold+0x83/0xdf
[   51.158684][ T3597]  ? __list_add_valid+0x93/0xa0
[   51.163530][ T3597]  __list_add_valid+0x93/0xa0
[   51.168212][ T3597]  rdma_listen+0x86e/0xde0
[   51.172627][ T3597]  ? do_raw_spin_unlock+0x171/0x230
[   51.177823][ T3597]  ? rdma_resolve_addr+0x2460/0x2460
[   51.183104][ T3597]  ? ucma_get_ctx+0x1f0/0x280
[   51.187901][ T3597]  ? ucma_create_uevent+0xb60/0xb60
[   51.193378][ T3597]  ucma_listen+0x16a/0x210
[   51.197786][ T3597]  ? ucma_notify+0x1b0/0x1b0
[   51.202367][ T3597]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   51.208603][ T3597]  ? _copy_from_user+0x5d/0x180
[   51.213450][ T3597]  ? ucma_notify+0x1b0/0x1b0
[   51.218139][ T3597]  ucma_write+0x25c/0x350
[   51.222486][ T3597]  ? ucma_query_gid+0x520/0x520
[   51.227339][ T3597]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   51.233576][ T3597]  ? security_file_permission+0xab/0xd0
[   51.239161][ T3597]  ? ucma_query_gid+0x520/0x520
[   51.244002][ T3597]  vfs_write+0x28e/0xae0
[   51.248248][ T3597]  ksys_write+0x1ee/0x250
[   51.252581][ T3597]  ? __ia32_sys_read+0xb0/0xb0
[   51.257343][ T3597]  ? syscall_enter_from_user_mode_prepare+0x17/0x40
[   51.263930][ T3597]  __do_fast_syscall_32+0x65/0xf0
[   51.268949][ T3597]  do_fast_syscall_32+0x2f/0x70
[   51.273795][ T3597]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   51.280132][ T3597] RIP: 0023:0xf7ee4549
[   51.284197][ T3597] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   51.304077][ T3597] RSP: 002b:00000000ffcff46c EFLAGS: 00000217 ORIG_RAX: 0000000000000004
[   51.312510][ T3597] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[   51.320479][ T3597] RDX: 0000000000000010 RSI: 0000000000000004 RDI: 0000000000000003
[   51.328443][ T3597] RBP: 00000000200000c0 R08: 0000000000000000 R09: 0000000000000000
[   51.336410][ T3597] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   51.344384][ T3597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   51.352352][ T3597]  </TASK>
[   51.355359][ T3597] 
[   51.357672][ T3597] Allocated by task 3596:
[   51.361986][ T3597]  kasan_save_stack+0x1e/0x40
[   51.366652][ T3597]  __kasan_kmalloc+0xa9/0xd0
[   51.371231][ T3597]  __rdma_create_id+0x5b/0x5c0
[   51.375985][ T3597]  rdma_create_user_id+0x79/0xd0
[   51.380922][ T3597]  ucma_create_id+0x162/0x360
[   51.385592][ T3597]  ucma_write+0x25c/0x350
[   51.389934][ T3597]  vfs_write+0x28e/0xae0
[   51.394169][ T3597]  ksys_write+0x1ee/0x250
[   51.398492][ T3597]  __do_fast_syscall_32+0x65/0xf0
[   51.403506][ T3597]  do_fast_syscall_32+0x2f/0x70
[   51.408349][ T3597]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   51.414668][ T3597] 
[   51.416981][ T3597] Freed by task 3596:
[   51.420956][ T3597]  kasan_save_stack+0x1e/0x40
[   51.425759][ T3597]  kasan_set_track+0x21/0x30
[   51.430356][ T3597]  kasan_set_free_info+0x20/0x30
[   51.435282][ T3597]  ____kasan_slab_free+0x130/0x160
[   51.440388][ T3597]  slab_free_freelist_hook+0x8b/0x1c0
[   51.445753][ T3597]  kfree+0xcb/0x280
[   51.449554][ T3597]  ucma_destroy_private_ctx+0x9ca/0xd20
[   51.455091][ T3597]  ucma_close+0x10a/0x180
[   51.459408][ T3597]  __fput+0x286/0x9f0
[   51.463749][ T3597]  task_work_run+0xdd/0x1a0
[   51.468244][ T3597]  do_exit+0xb29/0x2a30
[   51.472390][ T3597]  do_group_exit+0xd2/0x2f0
[   51.477016][ T3597]  __ia32_sys_exit_group+0x3a/0x50
[   51.482132][ T3597]  __do_fast_syscall_32+0x65/0xf0
[   51.487152][ T3597]  do_fast_syscall_32+0x2f/0x70
[   51.491990][ T3597]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   51.498308][ T3597] 
[   51.500623][ T3597] Last potentially related work creation:
[   51.506320][ T3597]  kasan_save_stack+0x1e/0x40
[   51.511004][ T3597]  __kasan_record_aux_stack+0xbe/0xd0
[   51.516460][ T3597]  call_rcu+0xb1/0x740
[   51.520516][ T3597]  netlink_release+0xf08/0x1db0
[   51.525355][ T3597]  __sock_release+0xcd/0x280
[   51.529935][ T3597]  sock_close+0x18/0x20
[   51.534081][ T3597]  __fput+0x286/0x9f0
[   51.538171][ T3597]  task_work_run+0xdd/0x1a0
[   51.542687][ T3597]  exit_to_user_mode_prepare+0x27e/0x290
[   51.548318][ T3597]  syscall_exit_to_user_mode+0x19/0x60
[   51.553791][ T3597]  do_syscall_64+0x42/0xb0
[   51.558196][ T3597]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.564083][ T3597] 
[   51.566394][ T3597] The buggy address belongs to the object at ffff888011fd2000
[   51.566394][ T3597]  which belongs to the cache kmalloc-2k of size 2048
[   51.580444][ T3597] The buggy address is located 480 bytes inside of
[   51.580444][ T3597]  2048-byte region [ffff888011fd2000, ffff888011fd2800)
[   51.593798][ T3597] The buggy address belongs to the page:
[   51.599413][ T3597] page:ffffea000047f400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fd0
[   51.609640][ T3597] head:ffffea000047f400 order:3 compound_mapcount:0 compound_pincount:0
[   51.617976][ T3597] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   51.625951][ T3597] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888010c42000
[   51.634524][ T3597] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[   51.643095][ T3597] page dumped because: kasan: bad access detected
[   51.649517][ T3597] page_owner tracks the page as allocated
[   51.655217][ T3597] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 2712324607, free_ts 0
[   51.673197][ T3597]  get_page_from_freelist+0xa72/0x2f50
[   51.678664][ T3597]  __alloc_pages+0x1b2/0x500
[   51.683255][ T3597]  alloc_page_interleave+0x1e/0x200
[   51.688467][ T3597]  alloc_pages+0x2b1/0x310
[   51.692873][ T3597]  new_slab+0x28a/0x3b0
[   51.697032][ T3597]  ___slab_alloc+0x87c/0xe90
[   51.701614][ T3597]  __slab_alloc.constprop.0+0x4d/0xa0
[   51.706983][ T3597]  kmem_cache_alloc_trace+0x289/0x2c0
[   51.712346][ T3597]  acpi_ds_create_walk_state+0x88/0x1ff
[   51.717881][ T3597]  acpi_ds_call_control_method+0xda/0x56f
[   51.723596][ T3597]  acpi_ps_parse_aml+0x2e5/0x8cc
[   51.728524][ T3597]  acpi_ps_execute_method+0x5a7/0x61c
[   51.733888][ T3597]  acpi_ns_evaluate+0x6c7/0x966
[   51.738726][ T3597]  acpi_evaluate_object+0x3db/0x7f5
[   51.743913][ T3597]  acpi_evaluate_integer+0xbf/0x1e0
[   51.749212][ T3597]  acpi_bus_get_status+0x193/0x360
[   51.754324][ T3597] page_owner free stack trace missing
[   51.759689][ T3597] 
[   51.762009][ T3597] Memory state around the buggy address:
[   51.767624][ T3597]  ffff888011fd2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.775693][ T3597]  ffff888011fd2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.783774][ T3597] >ffff888011fd2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.791850][ T3597]                                                        ^
[   51.799035][ T3597]  ffff888011fd2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.807108][ T3597]  ffff888011fd2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.815155][ T3597] ==================================================================
[   51.823198][ T3597] Disabling lock debugging due to kernel taint
[   51.829964][ T3597] Kernel panic - not syncing: panic_on_warn set ...
[   51.836553][ T3597] CPU: 1 PID: 3597 Comm: syz-executor962 Tainted: G    B             5.17.0-rc3-syzkaller-00020-g555f3d7be91a #0
[   51.848433][ T3597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.858482][ T3597] Call Trace:
[   51.861754][ T3597]  <TASK>
[   51.864674][ T3597]  dump_stack_lvl+0xcd/0x134
[   51.869271][ T3597]  panic+0x2b0/0x6dd
[   51.873163][ T3597]  ? __warn_printk+0xf3/0xf3
[   51.877754][ T3597]  ? preempt_schedule_common+0x59/0xc0
[   51.883212][ T3597]  ? __list_add_valid+0x93/0xa0
[   51.888055][ T3597]  ? preempt_schedule_thunk+0x16/0x18
[   51.893424][ T3597]  ? trace_hardirqs_on+0x38/0x1c0
[   51.898439][ T3597]  ? trace_hardirqs_on+0x51/0x1c0
[   51.903541][ T3597]  ? __list_add_valid+0x93/0xa0
[   51.908381][ T3597]  ? __list_add_valid+0x93/0xa0
[   51.913222][ T3597]  end_report.cold+0x63/0x6f
[   51.917812][ T3597]  kasan_report.cold+0x71/0xdf
[   51.922573][ T3597]  ? __list_add_valid+0x93/0xa0
[   51.927415][ T3597]  __list_add_valid+0x93/0xa0
[   51.932089][ T3597]  rdma_listen+0x86e/0xde0
[   51.936511][ T3597]  ? do_raw_spin_unlock+0x171/0x230
[   51.941711][ T3597]  ? rdma_resolve_addr+0x2460/0x2460
[   51.946991][ T3597]  ? ucma_get_ctx+0x1f0/0x280
[   51.951660][ T3597]  ? ucma_create_uevent+0xb60/0xb60
[   51.957129][ T3597]  ucma_listen+0x16a/0x210
[   51.961542][ T3597]  ? ucma_notify+0x1b0/0x1b0
[   51.966561][ T3597]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   51.972805][ T3597]  ? _copy_from_user+0x5d/0x180
[   51.977651][ T3597]  ? ucma_notify+0x1b0/0x1b0
[   51.982232][ T3597]  ucma_write+0x25c/0x350
[   51.986556][ T3597]  ? ucma_query_gid+0x520/0x520
[   51.991401][ T3597]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   51.997636][ T3597]  ? security_file_permission+0xab/0xd0
[   52.003181][ T3597]  ? ucma_query_gid+0x520/0x520
[   52.008031][ T3597]  vfs_write+0x28e/0xae0
[   52.012273][ T3597]  ksys_write+0x1ee/0x250
[   52.016597][ T3597]  ? __ia32_sys_read+0xb0/0xb0
[   52.021359][ T3597]  ? syscall_enter_from_user_mode_prepare+0x17/0x40
[   52.028033][ T3597]  __do_fast_syscall_32+0x65/0xf0
[   52.033050][ T3597]  do_fast_syscall_32+0x2f/0x70
[   52.037892][ T3597]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   52.044210][ T3597] RIP: 0023:0xf7ee4549
[   52.048265][ T3597] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   52.067870][ T3597] RSP: 002b:00000000ffcff46c EFLAGS: 00000217 ORIG_RAX: 0000000000000004
[   52.076283][ T3597] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[   52.084247][ T3597] RDX: 0000000000000010 RSI: 0000000000000004 RDI: 0000000000000003
[   52.092206][ T3597] RBP: 00000000200000c0 R08: 0000000000000000 R09: 0000000000000000
[   52.100166][ T3597] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   52.108129][ T3597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   52.116094][ T3597]  </TASK>
[   52.119300][ T3597] Kernel Offset: disabled
[   52.123612][ T3597] Rebooting in 86400 seconds..