[   85.901355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.913510] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.925714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  130.295998] NOHZ: local_softirq_pending 08
[  168.055360] NOHZ: local_softirq_pending 08
[  313.334496] NOHZ: local_softirq_pending 08
[  457.343942] NOHZ: local_softirq_pending 08
[  457.348231] NOHZ: local_softirq_pending 08
[  495.095438] syz-executor.4 (5898) used greatest stack depth: 24184 bytes left
[  495.733167] NOHZ: local_softirq_pending 08
[  496.146078] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  496.152833] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.160579] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  496.168264] batman_adv: batadv0: Removing interface: batadv_slave_1
[  496.177967] device bridge_slave_1 left promiscuous mode
[  496.184167] bridge0: port 2(bridge_slave_1) entered disabled state
[  496.225285] device bridge_slave_0 left promiscuous mode
[  496.230808] bridge0: port 1(bridge_slave_0) entered disabled state
[  496.318889] device veth1_macvtap left promiscuous mode
[  496.324587] device veth0_macvtap left promiscuous mode
[  496.329954] device veth1_vlan left promiscuous mode
[  496.335588] device veth0_vlan left promiscuous mode
[  496.507151] team0 (unregistering): Port device team_slave_1 removed
[  496.527418] team0 (unregistering): Port device team_slave_0 removed
[  496.543937] bond0 (unregistering): Releasing backup interface bond_slave_1
[  496.590571] bond0 (unregistering): Releasing backup interface bond_slave_0
[  496.707882] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.16' (ECDSA) to the list of known hosts.
[  501.200056] audit: type=1400 audit(1596520300.650:11): avc:  denied  { execmem } for  pid=25402 comm="syz-executor479" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[  504.665509] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  504.672259] batman_adv: batadv0: Removing interface: batadv_slave_0
[  504.679778] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  504.687505] batman_adv: batadv0: Removing interface: batadv_slave_1
[  504.695100] ==================================================================
[  504.696438] device bridge_slave_1 left promiscuous mode
[  504.696683] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.714218] BUG: KASAN: use-after-free in batadv_iv_ogm_queue_add+0x71f/0xf50 at addr ffff88010b75f100
[  504.723634] Read of size 60 by task kworker/u4:0/6
[  504.728534] CPU: 0 PID: 6 Comm: kworker/u4:0 Not tainted 4.8.0-rc6-syzkaller #0
[  504.735950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  504.745295] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[  504.752507]  0000000000000000 ffff88012b0bf940 ffffffff82d07402 ffff88012bc00200
[  504.760626]  ffff88010b75f100 ffff88010b75f140 ffff880122b60a40 ffff88010e0cc500
[  504.768616]  ffff88012b0bf968 ffffffff8175db4c ffff88012b0bf9f8 ffff88010b75f100
[  504.779788] Call Trace:
[  504.782438]  [<ffffffff82d07402>] dump_stack+0x136/0x1d4
[  504.787907]  [<ffffffff8175db4c>] kasan_object_err+0x1c/0x70
[  504.793678]  [<ffffffff8175dda0>] kasan_report_error+0x1b0/0x490
[  504.799842]  [<ffffffff81492e5e>] ? rcu_read_lock_sched_held+0x9e/0x160
[  504.806573]  [<ffffffff8175e414>] kasan_report+0x34/0x40
[  504.812012]  [<ffffffff85c83baf>] ? batadv_iv_ogm_queue_add+0x71f/0xf50
[  504.818746]  [<ffffffff8175cd7d>] check_memory_region+0x13d/0x1a0
[  504.824947]  [<ffffffff8175d213>] memcpy+0x23/0x50
[  504.829845]  [<ffffffff85c83baf>] batadv_iv_ogm_queue_add+0x71f/0xf50
[  504.836408]  [<ffffffff85c86c1d>] ? batadv_iv_ogm_schedule+0x7cd/0xcc0
[  504.843053]  [<ffffffff85c86dae>] batadv_iv_ogm_schedule+0x95e/0xcc0
[  504.849518]  [<ffffffff85c8761a>] batadv_iv_send_outstanding_bat_ogm_packet+0x4fa/0x8b0
[  504.857674]  [<ffffffff81393d9d>] process_one_work+0x67d/0x14f0
[  504.863704]  [<ffffffff81393cf2>] ? process_one_work+0x5d2/0x14f0
[  504.869903]  [<ffffffff81393720>] ? cancel_delayed_work_sync+0x10/0x10
[  504.876540]  [<ffffffff81394cea>] worker_thread+0xda/0xf10
[  504.882143]  [<ffffffff81394c10>] ? process_one_work+0x14f0/0x14f0
[  504.888445]  [<ffffffff813a5699>] kthread+0x209/0x2d0
[  504.893622]  [<ffffffff813a5490>] ? kthread_create_on_node+0x390/0x390
[  504.900315]  [<ffffffff85de2e8f>] ret_from_fork+0x1f/0x40
[  504.905828]  [<ffffffff813a5490>] ? kthread_create_on_node+0x390/0x390
[  504.912473] Object at ffff88010b75f100, in cache kmalloc-64 size: 64
[  504.918939] Allocated:
[  504.921413] PID = 6
[  504.923626]  [<ffffffff81211826>] save_stack_trace+0x26/0x50
[  504.929559]  [<ffffffff8175d08e>] kasan_kmalloc+0xee/0x180
[  504.935297]  [<ffffffff81758fc2>] __kmalloc+0x162/0x440
[  504.940777]  [<ffffffff85cfbe87>] batadv_tvlv_container_ogm_append+0x117/0x470
[  504.948302]  [<ffffffff85c86e84>] batadv_iv_ogm_schedule+0xa34/0xcc0
[  504.954899]  [<ffffffff85c8761a>] batadv_iv_send_outstanding_bat_ogm_packet+0x4fa/0x8b0
[  504.963183]  [<ffffffff81393d9d>] process_one_work+0x67d/0x14f0
[  504.969347]  [<ffffffff81394cea>] worker_thread+0xda/0xf10
[  504.975066]  [<ffffffff813a5699>] kthread+0x209/0x2d0
[  504.980342]  [<ffffffff85de2e8f>] ret_from_fork+0x1f/0x40
[  504.985966] Freed:
[  504.988095] PID = 6154
[  504.990578]  [<ffffffff81211826>] save_stack_trace+0x26/0x50
[  504.996485]  [<ffffffff8175d6dd>] kasan_slab_free+0xad/0x180
[  505.002402]  [<ffffffff8175b454>] kfree+0xd4/0x2d0
[  505.007508]  [<ffffffff85c82aa4>] batadv_iv_ogm_iface_disable+0x34/0x70
[  505.014353]  [<ffffffff85cb0fbc>] batadv_hardif_disable_interface+0x31c/0xbb0
[  505.021725]  [<ffffffff85cda8c9>] batadv_softif_destroy_netlink+0xd9/0x100
[  505.028847]  [<ffffffff84af7661>] default_device_exit_batch+0x241/0x3d0
[  505.035805]  [<ffffffff84acf5a6>] ops_exit_list.isra.0+0xd6/0x120
[  505.042126]  [<ffffffff84ad1860>] cleanup_net+0x2d0/0x540
[  505.047756]  [<ffffffff81393d9d>] process_one_work+0x67d/0x14f0
[  505.053916]  [<ffffffff81394cea>] worker_thread+0xda/0xf10
[  505.059635]  [<ffffffff813a5699>] kthread+0x209/0x2d0
[  505.064939]  [<ffffffff85de2e8f>] ret_from_fork+0x1f/0x40
[  505.070579] Memory state around the buggy address:
[  505.075478]  ffff88010b75f000: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc
[  505.082815]  ffff88010b75f080: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc
[  505.090156] >ffff88010b75f100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  505.097483]                    ^
[  505.100819]  ffff88010b75f180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  505.108149]  ffff88010b75f200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  505.115474] ==================================================================
[  505.122800] Disabling lock debugging due to kernel taint
[  505.128529] kasan: CONFIG_KASAN_INLINE enabled
[  505.133115] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  505.140484] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  505.146696] Modules linked in:
[  505.151068] CPU: 0 PID: 6 Comm: kworker/u4:0 Tainted: G    B           4.8.0-rc6-syzkaller #0
[  505.159967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  505.169306] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[  505.176522] task: ffff88012b0ae180 task.stack: ffff88012b0b8000
[  505.182548] RIP: 0010:[<ffffffff85c834bf>]  [<ffffffff85c834bf>] batadv_iv_ogm_queue_add+0x2f/0xf50
[  505.191936] RSP: 0018:ffff88012b0bfa78  EFLAGS: 00010296
[  505.197352] RAX: dffffc0000000000 RBX: ffff8801295b42c0 RCX: ffff8801128b2500
[  505.204594] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  505.211833] RBP: ffff88012b0bfb18 R08: ffff8801295b42c0 R09: 0000000000000001
[  505.219073] R10: 0000000000000009 R11: 0000000000000000 R12: 000000000000003c
[  505.226398] R13: 0000000000000000 R14: ffff8801128b2500 R15: ffff88011f322940
[  505.233638] FS:  0000000000000000(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000
[  505.241850] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  505.247716] CR2: 00007ffca2de4660 CR3: 000000010e02a000 CR4: 00000000001406f0
[  505.254968] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  505.262207] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  505.269446] Stack:
[  505.271566]  0000000000000000 0000000000000000 0000000000000002 0000000000000000
[  505.279561]  ffff88012b0bfb18 0000000000000282 0000000000000000 ffffffff85c86c1d
[  505.287520]  ffff880100000000 ffff8801128b2500 ffff88011f322a10 ffff8801128b2500
[  505.295514] Call Trace:
[  505.298074]  [<ffffffff85c86c1d>] ? batadv_iv_ogm_schedule+0x7cd/0xcc0
[  505.304720]  [<ffffffff85c86dae>] batadv_iv_ogm_schedule+0x95e/0xcc0
[  505.311181]  [<ffffffff85c8761a>] batadv_iv_send_outstanding_bat_ogm_packet+0x4fa/0x8b0
[  505.319305]  [<ffffffff81393d9d>] process_one_work+0x67d/0x14f0
[  505.325332]  [<ffffffff81393cf2>] ? process_one_work+0x5d2/0x14f0
[  505.331538]  [<ffffffff81393720>] ? cancel_delayed_work_sync+0x10/0x10
[  505.338172]  [<ffffffff81394cea>] worker_thread+0xda/0xf10
[  505.343850]  [<ffffffff81394c10>] ? process_one_work+0x14f0/0x14f0
[  505.350135]  [<ffffffff813a5699>] kthread+0x209/0x2d0
[  505.355303]  [<ffffffff813a5490>] ? kthread_create_on_node+0x390/0x390
[  505.361948]  [<ffffffff85de2e8f>] ret_from_fork+0x1f/0x40
[  505.367462]  [<ffffffff813a5490>] ? kthread_create_on_node+0x390/0x390
[  505.374092] Code: 00 00 00 fc ff df 55 48 89 e5 41 57 49 89 ff 48 8d 7e 03 41 56 41 55 49 89 f5 41 54 41 89 d4 48 89 fa 48 c1 ea 03 53 48 83 ec 78 <0f> b6 04 02 48 89 fa 48 89 4d a8 83 e2 07 4c 89 45 b8 44 89 4d 
[  505.400857] RIP  [<ffffffff85c834bf>] batadv_iv_ogm_queue_add+0x2f/0xf50
[  505.407800]  RSP <ffff88012b0bfa78>
[  505.411697] ---[ end trace eb011d2cd23186cd ]---
[  505.416456] Kernel panic - not syncing: Fatal exception
[  505.422878] Kernel Offset: disabled