bisecting cause commit starting from 614cb2751d3150850d459bee596c397f344a7936
building syzkaller on a2fe1cb58994e43fb14f141ecd6e6dcce9bb697a
testing commit 614cb2751d3150850d459bee596c397f344a7936
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 1acfa40464f89737014dfd9aaf076fcf8353341f13e0302d1ec153501088ab50
run #0: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #2: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #3: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #4: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #5: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #6: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #8: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #9: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #10: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #11: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #12: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #13: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #14: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #15: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #16: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #17: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #18: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #19: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: eaab50170f966c8b3eb39852b91e95d9bc7e454d96827a490e5a435720d1ffbe
run #0: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #2: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #3: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #4: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #5: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #8: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #9: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
testing release v5.12
testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: a2c67d0aa4cd9031fb2dccc0e9429d13c38be324308c26aa1ef6b084265ddb79
run #0: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #2: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #3: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #4: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #5: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #8: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #9: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
testing release v5.11
testing commit f40ddce88593482919761f74910f42f4b84c004b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 760afc9eb3d03287b34ea942b7a411382f5645571be3e022de43df2d69784b74
run #0: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #1: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #2: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #3: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #4: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #5: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #7: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #8: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #9: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: ed87a01106570e960457a093defc61da2463f8df499a22d92a19e05b34bca040
run #0: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #2: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #3: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #4: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #5: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #8: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #9: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: a6ff38e82dd9e7b72f8594f21d4456e9f130fed2d0baffe8f9a1ac831a8846b8
run #0: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #2: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #3: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #4: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #5: crashed: PANIC: double fault in __switch_to_asm
run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #8: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #9: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c
compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 148af9454d2419d8c534f359dc0ada77e2a0b73e26499bd1d569517b33bb77e1
run #0: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #2: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #3: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #4: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #5: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #6: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #7: crashed: BUG: Bad rss-counter state
run #8: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #9: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162
compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: c39813ac1b4cf9ee17cd9581d29834c9312d7a9e2d37c5149682cd29e326d445
run #0: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #2: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #3: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #4: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #5: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
run #8: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
run #9: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 65e9f41c1707ffe281e68adea77024db743fc3aec52e15a3092851b775aa1091
all runs: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: df229a265ef77d7ea04c00e82025c3f1c0476396510a270bc6ec4e905f5dd17e
all runs: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 4db262e20e001154554aacba8ee069cf005e1d0d472bd35a6ff08601ed7ef2f2
all runs: crashed: KASAN: use-after-free Write in ext4_write_inline_data_end
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 8a03cb69477372e7c3f6c0fee23e5ea1b68880d5ca37439f59113cf3c4eda96e
all runs: crashed: KASAN: use-after-free Write in ext4_write_inline_data
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: a63def1637c68d4b2393eca6fa64f291c241df7444f98d045fce92c45e3140a6
run #0: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
run #1: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
run #2: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
run #3: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: f8efdfe78b77cd25d04aab4225a16b81c92c36c009eef26f6201701b40898542
all runs: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 8febb2553a8c0a5b6ddbcecc9d82d1b651fdece6c7b63653a085e30edb3aa2ec
all runs: OK
# git bisect start e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd 1c163f4c7b3f621efff9b28a47abb36f7378d783
Bisecting: 7074 revisions left to test after this (roughly 13 steps)
[b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew)

testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: b281b7ab79f90be6e7892236434785884ba5fe495b691b0ed8f7648a7b887a2d
all runs: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
# git bisect bad b5dd0c658c31b469ccff1b637e5124851e7a4a1c
Bisecting: 3569 revisions left to test after this (roughly 12 steps)
[3478588b5136966c80c571cf0006f08e9e5b8f04] Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 3478588b5136966c80c571cf0006f08e9e5b8f04
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: d35782ffd11d3ba75c74bdafda14c85de11834af657ca2c45a795d2f681e3ca2
all runs: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
# git bisect bad 3478588b5136966c80c571cf0006f08e9e5b8f04
Bisecting: 1673 revisions left to test after this (roughly 11 steps)
[1a2566085650be593d464c4d73ac2d20ff67c058] Merge tag 'wireless-drivers-next-for-davem-2019-02-22' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next

testing commit 1a2566085650be593d464c4d73ac2d20ff67c058
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 3e3246f1640c53b7d0fcc3e5def00e54d9bf4717a8844eefbd5a2ef71d199941
all runs: OK
# git bisect good 1a2566085650be593d464c4d73ac2d20ff67c058
Bisecting: 1091 revisions left to test after this (roughly 10 steps)
[18a4d8bf250a33c015955f0dec27259780ef6448] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

testing commit 18a4d8bf250a33c015955f0dec27259780ef6448
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 4ea38fdfbfbbfb9acbd55ffece88eee16c698c0317b6cf8778aa23392f7da613
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 18a4d8bf250a33c015955f0dec27259780ef6448
Bisecting: 290 revisions left to test after this (roughly 8 steps)
[844f01da9301a71fbed1e768837f4a1a6aa60529] mlxsw: spectrum_acl: Put vchunk migrate start/end code into separate functions

testing commit 844f01da9301a71fbed1e768837f4a1a6aa60529
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 256587a38baa75dcd797e705bd0b7f61cea6a366cecd73182a0af66e3ae36484
all runs: OK
# git bisect good 844f01da9301a71fbed1e768837f4a1a6aa60529
Bisecting: 146 revisions left to test after this (roughly 7 steps)
[4e7df119d9a621262f22cacf8ae5ca5060183bea] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

testing commit 4e7df119d9a621262f22cacf8ae5ca5060183bea
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: f2dce5c5148421c2c4d1feeb785474661104c4264730bc538d00ff192dac0dd7
all runs: OK
# git bisect good 4e7df119d9a621262f22cacf8ae5ca5060183bea
Bisecting: 87 revisions left to test after this (roughly 6 steps)
[87dab7c3d54ce0f1ff6b54840bf7279d0944bc6a] bpf: add test cases for non-pointer sanitiation logic

testing commit 87dab7c3d54ce0f1ff6b54840bf7279d0944bc6a
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 85a9e8f1785af747fc5367935cf6a92c71a99afb2baa63935757ea3b02875600
all runs: OK
# git bisect good 87dab7c3d54ce0f1ff6b54840bf7279d0944bc6a
Bisecting: 43 revisions left to test after this (roughly 6 steps)
[7d827379b062533085f3cd31762a8bb7bf48df19] Merge branch 'net-phy-clean-up-the-old-gen10g-functions'

testing commit 7d827379b062533085f3cd31762a8bb7bf48df19
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 357482973a6ecef96ba2335470392aa608552e9b13bc8fb920f82389a7a20620
all runs: OK
# git bisect good 7d827379b062533085f3cd31762a8bb7bf48df19
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[692c31bd4054212312396b1d303bffab2c5b93a7] team: Free BPF filter when unregistering netdev

testing commit 692c31bd4054212312396b1d303bffab2c5b93a7
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 6a7384d2038a451a725cf7b8e9c8f2636eb8b64730cf3f71f82621d09d4c8cb7
all runs: OK
# git bisect good 692c31bd4054212312396b1d303bffab2c5b93a7
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[a154d5d83d21af6b9ee32adc5dbcea5ac1fb534c] net: ignore sysctl_devconf_inherit_init_net without SYSCTL

testing commit a154d5d83d21af6b9ee32adc5dbcea5ac1fb534c
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: d8c6ccdfc62913baa22365851f544728612af4d6a301efed7b33416c0f9a704f
run #0: crashed: KASAN: use-after-free Read in batadv_iv_ogm_queue_add
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad a154d5d83d21af6b9ee32adc5dbcea5ac1fb534c
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[d6089c741803acc53e23141998c3437b058c8d3a] Merge branch 'Devlink-health-updates'

testing commit d6089c741803acc53e23141998c3437b058c8d3a
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 44058db4b93d5824835e35f444b9e9d65a19a6f3dba780f57d5d9c94574a6705
all runs: OK
# git bisect good d6089c741803acc53e23141998c3437b058c8d3a
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[3acca1dd17060332cfab15693733cdaf9fba1c90] net: dsa: mv88e6xxx: add call to mv88e6xxx_ports_cmode_init to probe for new DSA framework

testing commit 3acca1dd17060332cfab15693733cdaf9fba1c90
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 44058db4b93d5824835e35f444b9e9d65a19a6f3dba780f57d5d9c94574a6705
all runs: OK
# git bisect good 3acca1dd17060332cfab15693733cdaf9fba1c90
Bisecting: 0 revisions left to test after this (roughly 1 step)
[64af7dc35f0fc8d3435327c44ef50359bdbe2c67] phy: mdio-mux: fix Kconfig dependencies

testing commit 64af7dc35f0fc8d3435327c44ef50359bdbe2c67
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: a1178f4c9224d4f9e0c2f8a8bb9a4f092fec2411f53c2ba6f57393364a2d4154
all runs: OK
# git bisect good 64af7dc35f0fc8d3435327c44ef50359bdbe2c67
a154d5d83d21af6b9ee32adc5dbcea5ac1fb534c is the first bad commit
commit a154d5d83d21af6b9ee32adc5dbcea5ac1fb534c
Author: Arnd Bergmann <arnd@arndb.de>
Date:   Mon Mar 4 21:38:03 2019 +0100

    net: ignore sysctl_devconf_inherit_init_net without SYSCTL
    
    When CONFIG_SYSCTL is turned off, we get a link failure for
    the newly introduced tuning knob.
    
    net/ipv6/addrconf.o: In function `addrconf_init_net':
    addrconf.c:(.text+0x31dc): undefined reference to `sysctl_devconf_inherit_init_net'
    
    Add an IS_ENABLED() check to fall back to the default behavior
    (sysctl_devconf_inherit_init_net=0) here.
    
    Fixes: 856c395cfa63 ("net: introduce a knob to control whether to inherit devconf config")
    Signed-off-by: Arnd Bergmann <arnd@arndb.de>
    Acked-by: Christian Brauner <christian@brauner.io>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 net/ipv4/devinet.c  | 4 +++-
 net/ipv6/addrconf.c | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

culprit signature: d8c6ccdfc62913baa22365851f544728612af4d6a301efed7b33416c0f9a704f
parent  signature: a1178f4c9224d4f9e0c2f8a8bb9a4f092fec2411f53c2ba6f57393364a2d4154
Reproducer flagged being flaky
revisions tested: 28, total time: 6h41m2.287201278s (build: 2h50m15.298871035s, test: 3h46m40.592326231s)
first bad commit: a154d5d83d21af6b9ee32adc5dbcea5ac1fb534c net: ignore sysctl_devconf_inherit_init_net without SYSCTL
recipients (to): ["arnd@arndb.de" "christian@brauner.io" "davem@davemloft.net"]
recipients (cc): []
crash: KASAN: use-after-free Read in batadv_iv_ogm_queue_add
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
==================================================================
BUG: KASAN: use-after-free in memcpy include/linux/string.h:352 [inline]
BUG: KASAN: use-after-free in batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:550 [inline]
BUG: KASAN: use-after-free in batadv_iv_ogm_queue_add+0x327/0xec0 net/batman-adv/bat_iv_ogm.c:646
Read of size 60 at addr ffff8880aef47120 by task kworker/u4:3/727

CPU: 0 PID: 727 Comm: kworker/u4:3 Not tainted 5.0.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x86/0xca lib/dump_stack.c:113
 print_address_description.cold.3+0x9/0x244 mm/kasan/report.c:187
 kasan_report.cold.4+0x1b/0x35 mm/kasan/report.c:317
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x13c/0x1b0 mm/kasan/generic.c:191
 memcpy+0x23/0x50 mm/kasan/common.c:130
 memcpy include/linux/string.h:352 [inline]
 batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:550 [inline]
 batadv_iv_ogm_queue_add+0x327/0xec0 net/batman-adv/bat_iv_ogm.c:646
 batadv_iv_ogm_schedule+0xb47/0xe80 net/batman-adv/bat_iv_ogm.c:819
 batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 net/batman-adv/bat_iv_ogm.c:1681
 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2173
 worker_thread+0x85/0xb60 kernel/workqueue.c:2319
 kthread+0x324/0x3e0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Allocated by task 727:
 save_stack mm/kasan/common.c:73 [inline]
 set_track mm/kasan/common.c:85 [inline]
 __kasan_kmalloc.part.0+0x66/0x100 mm/kasan/common.c:495
 __kasan_kmalloc.constprop.1+0xb5/0xc0 mm/kasan/common.c:476
 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:509
 __kmalloc+0x148/0x320 mm/slub.c:3801
 kmalloc include/linux/slab.h:550 [inline]
 batadv_tvlv_realloc_packet_buff net/batman-adv/tvlv.c:289 [inline]
 batadv_tvlv_container_ogm_append+0x16f/0x4b0 net/batman-adv/tvlv.c:330
 batadv_iv_ogm_schedule+0xc39/0xe80 net/batman-adv/bat_iv_ogm.c:782
 batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 net/batman-adv/bat_iv_ogm.c:1681
 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2173
 worker_thread+0x85/0xb60 kernel/workqueue.c:2319
 kthread+0x324/0x3e0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Freed by task 7:
 save_stack mm/kasan/common.c:73 [inline]
 set_track mm/kasan/common.c:85 [inline]
 __kasan_slab_free+0x167/0x240 mm/kasan/common.c:457
 kasan_slab_free+0xe/0x10 mm/kasan/common.c:465
 slab_free_hook mm/slub.c:1430 [inline]
 slab_free_freelist_hook mm/slub.c:1457 [inline]
 slab_free mm/slub.c:3005 [inline]
 kfree+0xf2/0x310 mm/slub.c:3957
 batadv_iv_ogm_iface_disable+0x34/0x70 net/batman-adv/bat_iv_ogm.c:232
 batadv_hardif_disable_interface.cold.8+0x607/0xef7 net/batman-adv/hard-interface.c:883
 batadv_softif_destroy_netlink+0x94/0x100 net/batman-adv/soft-interface.c:1158
 default_device_exit_batch+0x239/0x3d0 net/core/dev.c:9756
 ops_exit_list.isra.0+0xd3/0x120 net/core/net_namespace.c:156
 cleanup_net+0x363/0x840 net/core/net_namespace.c:551
 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2173
 worker_thread+0x85/0xb60 kernel/workqueue.c:2319
 kthread+0x324/0x3e0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

The buggy address belongs to the object at ffff8880aef47120
 which belongs to the cache kmalloc-64 of size 64
The buggy address is located 0 bytes inside of
 64-byte region [ffff8880aef47120, ffff8880aef47160)
The buggy address belongs to the page:
page:ffffea0002bbd1c0 count:1 mapcount:0 mapping:ffff88813ff35600 index:0x0
flags: 0xfff00000000200(slab)
raw: 00fff00000000200 ffffea000294b100 0000000300000003 ffff88813ff35600
raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page allocated via order 0, migratetype Unmovable, gfp_mask 0x6012c0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:1950 [inline]
 prep_new_page mm/page_alloc.c:1958 [inline]
 get_page_from_freelist.part.22+0x300d/0x45b0 mm/page_alloc.c:3512
 get_page_from_freelist mm/page_alloc.c:3402 [inline]
 __alloc_pages_nodemask+0x2a6/0x2500 mm/page_alloc.c:4547
 alloc_pages_current+0xd6/0x1b0 mm/mempolicy.c:2106
 alloc_pages include/linux/gfp.h:509 [inline]
 alloc_slab_page mm/slub.c:1498 [inline]
 allocate_slab mm/slub.c:1643 [inline]
 new_slab+0x48f/0x750 mm/slub.c:1715
 new_slab_objects mm/slub.c:2469 [inline]
 ___slab_alloc+0x5b7/0x900 mm/slub.c:2621
 __slab_alloc.isra.23+0x4f/0x80 mm/slub.c:2661
 slab_alloc_node mm/slub.c:2724 [inline]
 kmem_cache_alloc_node_trace+0xc8/0x330 mm/slub.c:2808
 kmalloc_node include/linux/slab.h:583 [inline]
 kzalloc_node include/linux/slab.h:751 [inline]
 __get_vm_area_node+0x99/0x2e0 mm/vmalloc.c:1389
 __vmalloc_node_range+0xb5/0x680 mm/vmalloc.c:1745
 __vmalloc_node mm/vmalloc.c:1795 [inline]
 __vmalloc_node_flags mm/vmalloc.c:1809 [inline]
 vzalloc+0x6a/0x80 mm/vmalloc.c:1848
 xt_counters_alloc+0x20/0x30 net/netfilter/x_tables.c:1353
 __do_replace+0x9a/0x9b0 net/ipv6/netfilter/ip6_tables.c:1069
 do_replace net/ipv6/netfilter/ip6_tables.c:1160 [inline]
 do_ip6t_set_ctl+0x27e/0x3eb net/ipv6/netfilter/ip6_tables.c:1684
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x5c/0xb0 net/netfilter/nf_sockopt.c:115
 ipv6_setsockopt+0x95/0xf0 net/ipv6/ipv6_sockglue.c:951
 tcp_setsockopt net/ipv4/tcp.c:3108 [inline]
 tcp_setsockopt+0x6a/0xd0 net/ipv4/tcp.c:3102

Memory state around the buggy address:
 ffff8880aef47000: 00 00 00 00 00 fc fc fc fc fc fc fc 00 00 00 00
 ffff8880aef47080: 00 fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
>ffff8880aef47100: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
                               ^
 ffff8880aef47180: 00 00 00 00 00 fc fc fc fc fc fc fc fb fb fb fb
 ffff8880aef47200: fb fb fb fb fc fc fc fc 00 00 00 00 00 fc fc fc
==================================================================