batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 ================================================================================ device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state UBSAN: Undefined behaviour in net/batman-adv/bat_iv_ogm.c:780:36 member access within null pointer of type 'struct batadv_ogm_packet' CPU: 1 PID: 15869 Comm: kworker/u4:3 Not tainted 4.9.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet ffff88010d9cf818 ffffffff8381b081 1ffffffff11b8e8a 0000000041b58ab3 ffffffff886f84ac ffffffff8381aec4 0000000000000086 ffffffff00000018 ffff88010d9cf840 ffff88010d9cf7f0 ffff880125df4500 ffffffff87cb0be0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x1bd/0x29c lib/dump_stack.c:51 [] ubsan_epilogue+0xd/0x8a lib/ubsan.c:164 [] handle_null_ptr_deref lib/ubsan.c:281 [inline] [] __ubsan_handle_type_mismatch+0x157/0x411 lib/ubsan.c:323 [] batadv_iv_ogm_queue_add+0x1489/0x15f0 net/batman-adv/bat_iv_ogm.c:780 [] batadv_iv_ogm_schedule+0xa76/0xf60 net/batman-adv/bat_iv_ogm.c:984 [] batadv_iv_send_outstanding_bat_ogm_packet+0x385/0xf90 net/batman-adv/bat_iv_ogm.c:1810 [] process_one_work+0x7ab/0x1ae0 kernel/workqueue.c:2096 [] worker_thread+0x60c/0x1450 kernel/workqueue.c:2230 [] kthread+0x23c/0x390 kernel/kthread.c:209 [] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 ================================================================================ kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 15869 Comm: kworker/u4:3 Not tainted 4.9.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet task: ffff880125df4500 task.stack: ffff88010d9c8000 RIP: 0010:[] [] batadv_iv_ogm_queue_add+0xa5/0x15f0 net/batman-adv/bat_iv_ogm.c:780 RSP: 0018:ffff88010d9cf8e8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff880120bf7cb0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff88010d9cf9f8 R08: 0000000000000007 R09: 0000000000000000 R10: ffff880125df4d10 R11: 0000000000000006 R12: 000000000000003c R13: ffff880120bf7c80 R14: 0000000000000000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff88012c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fdb0d490000 CR3: 000000011a1a0000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff880125df4d00 0000000041b58ab3 ffffffff886f79a6 ffffffff81575900 0000000000000000 0000000000000000 0000000000000024 0000000000000000 ffff88010d9cf938 ffffffff815ceacb ffff880120bf7c80 ffff880120bf7c80 Call Trace: [] batadv_iv_ogm_schedule+0xa76/0xf60 net/batman-adv/bat_iv_ogm.c:984 [] batadv_iv_send_outstanding_bat_ogm_packet+0x385/0xf90 net/batman-adv/bat_iv_ogm.c:1810 [] process_one_work+0x7ab/0x1ae0 kernel/workqueue.c:2096 [] worker_thread+0x60c/0x1450 kernel/workqueue.c:2230 [] kthread+0x23c/0x390 kernel/kthread.c:209 [] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 Code: f1 f1 c7 40 04 00 f4 f4 f4 c7 40 08 f3 f3 f3 f3 0f 84 eb 13 00 00 49 8d 7e 03 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 b6 13 00 RIP [] batadv_iv_ogm_queue_add+0xa5/0x15f0 net/batman-adv/bat_iv_ogm.c:780 RSP ---[ end trace 1e8695affd563946 ]---