[ 464.178028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 464.187397] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 464.194471] Call Trace: [ 464.197058] dump_stack+0x15a/0x20a [ 464.200712] print_address_description.cold.6+0x9/0x211 [ 464.206095] kasan_report.cold.7+0x242/0x307 [ 464.210475] ? batadv_iv_ogm_queue_add+0x326/0xe50 [ 464.215377] check_memory_region+0x13c/0x1b0 [ 464.219764] memcpy+0x23/0x50 [ 464.222853] batadv_iv_ogm_queue_add+0x326/0xe50 [ 464.227625] ? __local_bh_enable_ip+0x160/0x250 [ 464.232295] ? _raw_spin_unlock_bh+0x30/0x40 [ 464.236710] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 464.241262] ? __local_bh_enable_ip+0x160/0x250 [ 464.245904] ? batadv_iv_ogm_iface_enable+0x370/0x370 [ 464.251063] ? lock_acquire+0x180/0x3a0 [ 464.255009] ? kasan_check_read+0x11/0x20 [ 464.259128] batadv_iv_ogm_schedule+0xb7e/0xf30 [ 464.263771] ? batadv_iv_ogm_neigh_dump+0x580/0x580 [ 464.268761] batadv_iv_send_outstanding_bat_ogm_packet+0x4b2/0x7b0 [ 464.275100] process_one_work+0x7b9/0x15a0 [ 464.279324] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 464.283967] ? lock_acquire+0x180/0x3a0 [ 464.287914] ? kasan_check_write+0x14/0x20 [ 464.292167] ? do_raw_spin_lock+0xc1/0x230 [ 464.296419] worker_thread+0x85/0xb60 [ 464.300202] ? __kthread_parkme+0x47/0x190 [ 464.304428] kthread+0x324/0x3e0 [ 464.307768] ? process_one_work+0x15a0/0x15a0 [ 464.312246] ? kthread_park+0x120/0x120 [ 464.316215] ret_from_fork+0x24/0x30 [ 464.319904] [ 464.321507] Allocated by task 208: [ 464.325021] kasan_kmalloc.part.1+0x62/0xf0 [ 464.329314] kasan_kmalloc+0xaf/0xc0 [ 464.332997] __kmalloc+0x151/0x3c0 [ 464.336557] batadv_tvlv_container_ogm_append+0x16f/0x4b0 [ 464.342067] batadv_iv_ogm_schedule+0xc66/0xf30 [ 464.346708] batadv_iv_send_outstanding_bat_ogm_packet+0x4b2/0x7b0 [ 464.352995] process_one_work+0x7b9/0x15a0 [ 464.357199] worker_thread+0x85/0xb60 [ 464.360969] kthread+0x324/0x3e0 [ 464.364305] ret_from_fork+0x24/0x30 [ 464.367987] [ 464.369590] Freed by task 32028: [ 464.372929] __kasan_slab_free+0x13c/0x220 [ 464.377135] kasan_slab_free+0xe/0x10 [ 464.380923] kfree+0xcf/0x220 [ 464.384001] batadv_iv_ogm_iface_disable+0x34/0x70 [ 464.388901] batadv_hardif_disable_interface.cold.9+0x9c8/0xfc4 [ 464.394929] batadv_softif_destroy_netlink+0x94/0x100 [ 464.400120] default_device_exit_batch+0x239/0x3d0 [ 464.405028] ops_exit_list.isra.3+0xd3/0x120 [ 464.409412] cleanup_net+0x363/0x840 [ 464.413107] process_one_work+0x7b9/0x15a0 [ 464.417314] worker_thread+0x85/0xb60 [ 464.421094] kthread+0x324/0x3e0 [ 464.424438] ret_from_fork+0x24/0x30 [ 464.428120] [ 464.429722] The buggy address belongs to the object at ffff88009b575b80 [ 464.429722] which belongs to the cache kmalloc-64 of size 64 [ 464.442173] The buggy address is located 0 bytes inside of [ 464.442173] 64-byte region [ffff88009b575b80, ffff88009b575bc0) [ 464.453754] The buggy address belongs to the page: [ 464.458652] page:ffffea00026d5d40 count:1 mapcount:0 mapping:ffff88012c298340 index:0x0 [ 464.466764] flags: 0xfffe0000000100(slab) [ 464.470884] raw: 00fffe0000000100 ffffea00025ee148 ffffea0002555348 ffff88012c298340 [ 464.478734] raw: 0000000000000000 ffff88009b575000 0000000100000020 0000000000000000 [ 464.486582] page dumped because: kasan: bad access detected [ 464.492261] [ 464.493858] Memory state around the buggy address: [ 464.498755] ffff88009b575a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 464.506082] ffff88009b575b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 464.513410] >ffff88009b575b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 464.520764] ^ [ 464.524104] ffff88009b575c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 464.531433] ffff88009b575c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 464.538761] ================================================================== [ 464.546089] Disabling lock debugging due to kernel taint [ 464.553023] Kernel panic - not syncing: panic_on_warn set ... [ 464.553023] [ 464.560381] CPU: 0 PID: 208 Comm: kworker/u4:3 Tainted: G B 4.19.0-syzkaller #0 [ 464.569114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 464.578456] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 464.585526] Call Trace: [ 464.588103] dump_stack+0x15a/0x20a [ 464.591747] panic+0x1c6/0x36b [ 464.594907] ? __warn_printk+0xd6/0xd6 [ 464.598793] ? ___preempt_schedule+0x16/0x18 [ 464.603173] kasan_end_report+0x47/0x4f [ 464.607113] kasan_report.cold.7+0x76/0x307 [ 464.611404] ? batadv_iv_ogm_queue_add+0x326/0xe50 [ 464.616301] check_memory_region+0x13c/0x1b0 [ 464.620682] memcpy+0x23/0x50 [ 464.623756] batadv_iv_ogm_queue_add+0x326/0xe50 [ 464.628482] ? __local_bh_enable_ip+0x160/0x250 [ 464.633122] ? _raw_spin_unlock_bh+0x30/0x40 [ 464.637501] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 464.642052] ? __local_bh_enable_ip+0x160/0x250 [ 464.646695] ? batadv_iv_ogm_iface_enable+0x370/0x370 [ 464.651853] ? lock_acquire+0x180/0x3a0 [ 464.655797] ? kasan_check_read+0x11/0x20 [ 464.659915] batadv_iv_ogm_schedule+0xb7e/0xf30 [ 464.664554] ? batadv_iv_ogm_neigh_dump+0x580/0x580 [ 464.669541] batadv_iv_send_outstanding_bat_ogm_packet+0x4b2/0x7b0 [ 464.675831] process_one_work+0x7b9/0x15a0 [ 464.680035] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 464.684675] ? lock_acquire+0x180/0x3a0 [ 464.688617] ? kasan_check_write+0x14/0x20 [ 464.692907] ? do_raw_spin_lock+0xc1/0x230 [ 464.697111] worker_thread+0x85/0xb60 [ 464.700880] ? __kthread_parkme+0x47/0x190 [ 464.705086] kthread+0x324/0x3e0 [ 464.708420] ? process_one_work+0x15a0/0x15a0 [ 464.712886] ? kthread_park+0x120/0x120 [ 464.716831] ret_from_fork+0x24/0x30 [ 464.721904] Kernel Offset: disabled [ 464.725522] Rebooting in 86400 seconds..