device batadv0 entered promiscuous mode
================================================================================
UBSAN: Undefined behaviour in net/bridge/br_private.h:586:29
load of value 4 is not a valid value for type '_Bool'
CPU: 0 PID: 9358 Comm: syz-executor.0 Not tainted 4.19.149-syzkaller #0
audit: type=1804 audit(1601823889.675:17): pid=9363 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir672160179/syzkaller.fRzg0q/21/bus" dev="sda1" ino=15853 res=1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_load_invalid_value.cold+0x63/0x6f lib/ubsan.c:454
 br_skb_isolated net/bridge/br_private.h:586 [inline]
 should_deliver net/bridge/br_forward.c:34 [inline]
 maybe_deliver.cold+0x15/0x34 net/bridge/br_forward.c:178
 br_flood+0x180/0x4f0 net/bridge/br_forward.c:226
 br_dev_xmit+0xdd0/0x1510 net/bridge/br_device.c:103
 __netdev_start_xmit include/linux/netdevice.h:4333 [inline]
 netdev_start_xmit include/linux/netdevice.h:4347 [inline]
 xmit_one net/core/dev.c:3256 [inline]
 dev_hard_start_xmit+0x1a8/0x960 net/core/dev.c:3272
 __dev_queue_xmit+0x276a/0x2ec0 net/core/dev.c:3838
audit: type=1804 audit(1601823889.805:18): pid=9373 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir672160179/syzkaller.fRzg0q/21/bus" dev="sda1" ino=15853 res=1
 mrp_queue_xmit net/802/mrp.c:354 [inline]
 mrp_join_timer+0x8a/0xc0 net/802/mrp.c:598
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:97
Code: 48 c7 c7 20 04 0f 88 4c 89 25 7c cb bc 0b 41 bc f4 ff ff ff e8 c0 7b e9 ff 48 c7 05 66 cb bc 0b 00 00 00 00 e9 39 ec ff ff 90 <48> 8b 34 24 65 48 8b 04 25 40 ee 01 00 65 8b 15 5c 1b 90 7e 81 e2
RSP: 0018:ffff8880453bff20 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000002 RBX: 0000000000000200 RCX: ffffffff8100a5b3
RDX: 0000000000000200 RSI: ffff888045ac0680 RDI: 0000000000000007
RBP: ffff8880453bff58 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000001 R12: 0000000000000000
R13: ffffffff896389f8 R14: 0000000000000000 R15: 0000000000000000
 syscall_return_slowpath arch/x86/entry/common.c:267 [inline]
 do_syscall_64+0x1a1/0x670 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4179e7
Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 07 fa ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 4d fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007fc687d45a20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
RAX: 0000000000000000 RBX: 0000000000003250 RCX: 00000000004179e7
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000020018280 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0aaaaaaaaaaaaad6
R13: 0000000000000005 R14: 0000000000000005 R15: 000000002004ba10
================================================================================
EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
EXT4-fs (loop3): fragment/cluster size (4096) != block size (2048)
netlink: 'syz-executor.0': attribute type 4 has an invalid length.
audit: type=1804 audit(1601823890.535:19): pid=9408 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir672160179/syzkaller.fRzg0q/22/bus" dev="sda1" ino=15838 res=1
audit: type=1804 audit(1601823890.585:20): pid=9408 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir672160179/syzkaller.fRzg0q/22/bus" dev="sda1" ino=15838 res=1
REISERFS warning (device loop4): super-6502 reiserfs_getopt: unknown mount option "subj_user=/dev/null"
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'.
EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
EXT4-fs (loop3): fragment/cluster size (4096) != block size (2048)
EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
EXT4-fs (loop3): fragment/cluster size (4096) != block size (2048)
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'.
EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
EXT4-fs (loop3): fragment/cluster size (4096) != block size (2048)
EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
EXT4-fs (loop3): fragment/cluster size (4096) != block size (2048)
EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
EXT4-fs (loop3): fragment/cluster size (4096) != block size (2048)
EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
EXT4-fs (loop3): fragment/cluster size (4096) != block size (2048)
EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
EXT4-fs (loop3): fragment/cluster size (4096) != block size (2048)
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
Bluetooth: hci0: command 0x0409 tx timeout
Bluetooth: hci0: command 0x041b tx timeout