bisecting cause commit starting from fb0155a09b0224a7147cb07a4ce6034c8d29667f building syzkaller on 1b88c6d5c8477f1d4fb3b389443b200acc32e9a8 testing commit fb0155a09b0224a7147cb07a4ce6034c8d29667f with gcc (GCC) 8.1.0 kernel signature: 892e5ec428751c32acfab367512da264ebd3ccd0ed2e67da3655e54b4b44d45a run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #3: crashed: WARNING in __proc_create run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #7: OK run #8: OK run #9: OK testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: d4cb203bfe6779d5fde1429966726f8bfa953d4d25e9b25056b7387423718a11 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_request_key run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: WARNING: ODEBUG bug in __do_softirq run #3: crashed: WARNING: ODEBUG bug in __do_softirq run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #7: crashed: WARNING: proc registration bug in afs_manage_cell run #8: crashed: general protection fault in afs_proc_cell_setup run #9: OK testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 106ceb18c6ca2b6d53eea862065361863b520a578e0d33d8335165af1f67de55 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: WARNING: ODEBUG bug in __do_softirq run #3: crashed: WARNING: ODEBUG bug in __do_softirq run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: WARNING: ODEBUG bug in __do_softirq run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: OK run #8: OK run #9: OK testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 79ce6c87be205996aa73f44c39fd08158942b05c33cdf47a4c7c411cb1e40383 run #0: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: WARNING: ODEBUG bug in __do_softirq run #3: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: WARNING: ODEBUG bug in __do_softirq testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: ea3fc1306c0a9b35beca54be874b10f6e1de7136a29371745713dc42f38ca409 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: WARNING: ODEBUG bug in __do_softirq run #2: crashed: WARNING: ODEBUG bug in __do_softirq run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Read in __proc_create run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: KASAN: use-after-free Read in afs_deactivate_cell testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: e544cd22338d948a9de452d9da916d35baa3f4fc272b0388044cecc5879e3895 run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: KASAN: use-after-free Read in afs_deactivate_cell testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 2492fee85e0621d33d3c64ed32aece023433ef04df688574d5b6f4c24238136b run #0: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: INFO: rcu detected stall in sys_mount run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: WARNING: ODEBUG bug in afs_cell_destroy testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 0e9d4596b8b883436e5aa2dfe282421287e019213dc3202171fe63d11024cace run #0: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #3: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #4: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: WARNING: proc registration bug in afs_manage_cell run #8: crashed: WARNING: proc registration bug in afs_manage_cell run #9: OK testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 6c37830c2bae4e2441c0c5f236215116a70377b449ce63f9befd0043fe2a9c6c run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #7: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: ae0e77b00369b7a01d2743ea6b638bf06b4a02800d5a6f34aaa525be2f604f9b all runs: OK # git bisect start e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd 1c163f4c7b3f621efff9b28a47abb36f7378d783 Bisecting: 7074 revisions left to test after this (roughly 13 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 kernel signature: c44f1e1b53e9f05695c5614c6a742404ed49eb03250aa0d715fdaf390085835b all runs: OK # git bisect good b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 3573 revisions left to test after this (roughly 12 steps) [4f0237062ca70c8e34e16e518aee4b84c30d1832] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 4f0237062ca70c8e34e16e518aee4b84c30d1832 with gcc (GCC) 8.1.0 kernel signature: 1b3ccf5fd79094890a12a5e75a97c06d432d0beaedae06b7a0bd48ed6005376d all runs: OK # git bisect good 4f0237062ca70c8e34e16e518aee4b84c30d1832 Bisecting: 1796 revisions left to test after this (roughly 11 steps) [345077c8e172c255ea0707214303ccd099e5656b] KVM: PPC: Book3S: Protect memslots while validating user address testing commit 345077c8e172c255ea0707214303ccd099e5656b with gcc (GCC) 8.1.0 kernel signature: 85da063ded53ea7bca602dae5b92fe402cbc713acc0a9b054fa496639326a531 run #0: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #1: crashed: KASAN: use-after-free Read in __proc_create run #2: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #4: crashed: KASAN: use-after-free Read in __proc_create run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #7: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: INFO: rcu detected stall in sys_mount # git bisect bad 345077c8e172c255ea0707214303ccd099e5656b Bisecting: 880 revisions left to test after this (roughly 10 steps) [f3ca4c55a6581c46e9f4a592dd698a7c67a713dd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit f3ca4c55a6581c46e9f4a592dd698a7c67a713dd with gcc (GCC) 8.1.0 kernel signature: d2b0a3e212267ac0d165cd95086b917a7d5e3fc6a62021849cbae51fc6c8d3dc run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #8: crashed: WARNING: proc registration bug in afs_manage_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell # git bisect bad f3ca4c55a6581c46e9f4a592dd698a7c67a713dd Bisecting: 441 revisions left to test after this (roughly 9 steps) [a5adcfcad55d5f034b33f79f1a873229d1e77b24] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit a5adcfcad55d5f034b33f79f1a873229d1e77b24 with gcc (GCC) 8.1.0 kernel signature: ac45c17d8b4d12ee635f4187864576e69fed52344899e8462468fb4f59b02fc8 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #3: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #5: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell # git bisect bad a5adcfcad55d5f034b33f79f1a873229d1e77b24 Bisecting: 225 revisions left to test after this (roughly 8 steps) [5f739e4a491ab63730ef3b7464171340c689fbff] Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 5f739e4a491ab63730ef3b7464171340c689fbff with gcc (GCC) 8.1.0 kernel signature: ad64fb7c65e41531b2cbf0aa8da6a29c5572303719497aeef09917ee9819cd48 all runs: OK # git bisect good 5f739e4a491ab63730ef3b7464171340c689fbff Bisecting: 134 revisions left to test after this (roughly 7 steps) [4d6c671ace569d4b0d3f8d92ab3aef18a5d166bc] SUNRPC: Take the transport send lock before binding+connecting testing commit 4d6c671ace569d4b0d3f8d92ab3aef18a5d166bc with gcc (GCC) 8.1.0 kernel signature: 11eeaffbd8bd720bf42cf49a3be770dbb6ec42e414f92c8202904747ce0de445 all runs: OK # git bisect good 4d6c671ace569d4b0d3f8d92ab3aef18a5d166bc Bisecting: 63 revisions left to test after this (roughly 6 steps) [dfee9c257b102d7c0407629eef2ed32e152de0d2] Merge tag 'fuse-update-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit dfee9c257b102d7c0407629eef2ed32e152de0d2 with gcc (GCC) 8.1.0 kernel signature: d84b8a2d879ac2617555fe275507104d22766e1b3cf651a3ef78464798bd612b run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #8: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #9: crashed: KASAN: use-after-free Read in afs_deactivate_cell # git bisect bad dfee9c257b102d7c0407629eef2ed32e152de0d2 Bisecting: 35 revisions left to test after this (roughly 5 steps) [32021982a324dce93b4ae00c06213bf45fb319c8] hugetlbfs: Convert to fs_context testing commit 32021982a324dce93b4ae00c06213bf45fb319c8 with gcc (GCC) 8.1.0 kernel signature: fa944c77358260af436c820fefaf06f300fa19ca0f89d74a7ec35c994b78b168 all runs: OK # git bisect good 32021982a324dce93b4ae00c06213bf45fb319c8 Bisecting: 17 revisions left to test after this (roughly 4 steps) [75126f5504524dd0f24753d8815db42d9ab23614] fuse: use atomic64_t for khctr testing commit 75126f5504524dd0f24753d8815db42d9ab23614 with gcc (GCC) 8.1.0 kernel signature: f07b337338c6f2e7878d06ac5debb45ca454e93633e16766d904e4ba0c72f614 run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 75126f5504524dd0f24753d8815db42d9ab23614 Bisecting: 8 revisions left to test after this (roughly 3 steps) [5e0fed717a383ce6e894334cffe7a2acc9dc17b9] fuse: Wake up req->waitq of only if not background testing commit 5e0fed717a383ce6e894334cffe7a2acc9dc17b9 with gcc (GCC) 8.1.0 kernel signature: 460418128c725863bbb7b05e7cef8c77cf65220bc9f2eada984f62a2fe81bf8e all runs: OK # git bisect good 5e0fed717a383ce6e894334cffe7a2acc9dc17b9 Bisecting: 4 revisions left to test after this (roughly 2 steps) [4510d86fbbb36872224482bb21836d47cce8be8c] fuse: Convert fc->attr_version into atomic64_t testing commit 4510d86fbbb36872224482bb21836d47cce8be8c with gcc (GCC) 8.1.0 kernel signature: c664a48861237ef212a54de9f8da91813aedce808b3f9b315bc5498b29f624fe all runs: OK # git bisect good 4510d86fbbb36872224482bb21836d47cce8be8c Bisecting: 2 revisions left to test after this (roughly 1 step) [c9d8f5f0692d5960ed50970ffe63756fb8f96cdb] fuse: Protect fi->nlookup with fi->lock testing commit c9d8f5f0692d5960ed50970ffe63756fb8f96cdb with gcc (GCC) 8.1.0 kernel signature: 349a3a538f48fbbdd76d87ce53be580b60da7fb755d7312175af198518ad7b93 run #0: crashed: KASAN: use-after-free Read in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad c9d8f5f0692d5960ed50970ffe63756fb8f96cdb Bisecting: 0 revisions left to test after this (roughly 0 steps) [f15ecfef058d94d03bdb35dcdfda041b3de9d543] fuse: Introduce fi->lock to protect write related fields testing commit f15ecfef058d94d03bdb35dcdfda041b3de9d543 with gcc (GCC) 8.1.0 kernel signature: 926a7837ecb6172d902ed1780280648f0ad2e0e7bbb7ec3f73b3b805dc3c22f5 all runs: OK # git bisect good f15ecfef058d94d03bdb35dcdfda041b3de9d543 c9d8f5f0692d5960ed50970ffe63756fb8f96cdb is the first bad commit commit c9d8f5f0692d5960ed50970ffe63756fb8f96cdb Author: Kirill Tkhai Date: Fri Nov 9 13:33:27 2018 +0300 fuse: Protect fi->nlookup with fi->lock This continues previous patch and introduces the same protection for nlookup field. Signed-off-by: Kirill Tkhai Signed-off-by: Miklos Szeredi fs/fuse/dir.c | 4 ++-- fs/fuse/inode.c | 4 ++-- fs/fuse/readdir.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) culprit signature: 349a3a538f48fbbdd76d87ce53be580b60da7fb755d7312175af198518ad7b93 parent signature: 926a7837ecb6172d902ed1780280648f0ad2e0e7bbb7ec3f73b3b805dc3c22f5 revisions tested: 24, total time: 6h23m19.335131864s (build: 2h36m8.405768432s, test: 3h44m8.842301325s) first bad commit: c9d8f5f0692d5960ed50970ffe63756fb8f96cdb fuse: Protect fi->nlookup with fi->lock recipients (to): ["ktkhai@virtuozzo.com" "linux-fsdevel@vger.kernel.org" "miklos@szeredi.hu" "mszeredi@redhat.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: use-after-free Read in batadv_iv_ogm_queue_add device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 ================================================================== BUG: KASAN: use-after-free in memcpy include/linux/string.h:352 [inline] BUG: KASAN: use-after-free in batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:550 [inline] BUG: KASAN: use-after-free in batadv_iv_ogm_queue_add+0x326/0xe50 net/batman-adv/bat_iv_ogm.c:646 Read of size 60 at addr ffff888095c19f00 by task kworker/u4:0/7 CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.0.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x165/0x21a lib/dump_stack.c:113 print_address_description.cold.3+0x9/0x211 mm/kasan/report.c:187 kasan_report.cold.4+0x1b/0x37 mm/kasan/report.c:317 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x13c/0x1b0 mm/kasan/generic.c:191 memcpy+0x23/0x50 mm/kasan/common.c:130 memcpy include/linux/string.h:352 [inline] batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:550 [inline] batadv_iv_ogm_queue_add+0x326/0xe50 net/batman-adv/bat_iv_ogm.c:646 batadv_iv_ogm_schedule+0xb47/0xe80 net/batman-adv/bat_iv_ogm.c:819 batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 net/batman-adv/bat_iv_ogm.c:1681 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2173 worker_thread+0x85/0xb60 kernel/workqueue.c:2319 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Allocated by task 7: save_stack mm/kasan/common.c:73 [inline] set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc.part.0+0x66/0x100 mm/kasan/common.c:496 __kasan_kmalloc.constprop.1+0xb5/0xc0 mm/kasan/common.c:477 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:504 __do_kmalloc mm/slab.c:3711 [inline] __kmalloc+0x164/0x3e0 mm/slab.c:3720 kmalloc include/linux/slab.h:550 [inline] batadv_tvlv_realloc_packet_buff net/batman-adv/tvlv.c:289 [inline] batadv_tvlv_container_ogm_append+0x16f/0x4b0 net/batman-adv/tvlv.c:330 batadv_iv_ogm_schedule+0xc39/0xe80 net/batman-adv/bat_iv_ogm.c:782 batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 net/batman-adv/bat_iv_ogm.c:1681 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2173 worker_thread+0x85/0xb60 kernel/workqueue.c:2319 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Freed by task 7528: save_stack mm/kasan/common.c:73 [inline] set_track mm/kasan/common.c:85 [inline] __kasan_slab_free+0x13c/0x220 mm/kasan/common.c:458 kasan_slab_free+0xe/0x10 mm/kasan/common.c:466 __cache_free mm/slab.c:3487 [inline] kfree+0xcf/0x220 mm/slab.c:3806 batadv_iv_ogm_iface_disable+0x34/0x70 net/batman-adv/bat_iv_ogm.c:232 batadv_hardif_disable_interface.cold.9+0x712/0x107a net/batman-adv/hard-interface.c:883 batadv_softif_destroy_netlink+0x94/0x100 net/batman-adv/soft-interface.c:1149 default_device_exit_batch+0x239/0x3d0 net/core/dev.c:9674 ops_exit_list.isra.0+0xd3/0x120 net/core/net_namespace.c:156 cleanup_net+0x363/0x840 net/core/net_namespace.c:551 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2173 worker_thread+0x85/0xb60 kernel/workqueue.c:2319 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 The buggy address belongs to the object at ffff888095c19f00 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [ffff888095c19f00, ffff888095c19f40) The buggy address belongs to the page: page:ffffea0002570640 count:1 mapcount:0 mapping:ffff88812c3f6340 index:0xffff888095c19080 flags: 0xfffe0000000200(slab) raw: 00fffe0000000200 ffffea00027e7d88 ffffea00022751c8 ffff88812c3f6340 raw: ffff888095c19080 ffff888095c19000 0000000100000016 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888095c19e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888095c19e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc >ffff888095c19f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ^ ffff888095c19f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff888095c1a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================