bisecting cause commit starting from ac3a0c8472969a03c0496ae774b3a29eb26c8d5a building syzkaller on 63a7334112fa63edb0c0a3f317d3d92135a6ead9 testing commit ac3a0c8472969a03c0496ae774b3a29eb26c8d5a with gcc (GCC) 8.1.0 kernel signature: c5a2ce11867ec853324807d5b4656486a52bd1bddd0eabed4d5ec32a27caf657 run #0: crashed: general protection fault in hci_send_acl run #1: crashed: general protection fault in hci_send_acl run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_send_acl run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_send_acl run #4: crashed: general protection fault in hci_send_acl run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_send_acl run #6: crashed: general protection fault in hci_send_acl run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_send_acl run #8: crashed: WARNING: ODEBUG bug in corrupted run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_send_acl testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 6bde9c5804f46097289017be4ced637b9e027026fd07cc36486a728b8578d467 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: cacd4b27f859938d144261a01b1d633ac2c430fe34d532fbf8b28d1b36ee7dd6 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: c65faed60cfe0f7c6a4265134f45882a8d94492d868f562a4ce597906227c155 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 4c84949ebc173fb7900b49a2401fb95023689e2e896d1c3ce71b378b030cce2f all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: a220f6cd5d518edeb7c066826ac6049bb0cc39f8889ba3fbf37d88972f6eadf0 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 37836dfbe79b13b5d79885400b4436df696604f1a993fc636d8f0534d3860298 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: a487358cca5493b6caa6c5d4c03a08fcb7d23a892b06de9070b0c164cb224f63 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: e2ee8809fc36d7b360b7bc4fd35e1fa8094d223ae1a77293fc4cc70419804d9e all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 06c3c4a77836c35b9e70ac956e2fff730767b485cab562702766a19f01a5a4cb all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: ddb3c77c78b18422cc764c6055373f6437e8ded5ecf63996552835d4d2df2762 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 4c8b9f85e03105a5c79ef8a33f807221236d5eda48cfae60e3f2451e5efc2eaf all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: cff5b4700d292ce52ed4e0c03dca1f60546c3fdec9a77b432b75286d6169f2b8 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 75baec5a63f0828838298f0335ca0559526f31ae87efb7153c1a14b8fe2ad498 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 5737af986e85cee1fcc65c9f48d1cefaa1f0005ad4bc60569dde8e602ab2f528 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: e78f9ffcf0a0c7e750e374f10dbdab01eacabbda385c722eb7b63d78c6898ff3 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: c2cb5d9db8f7dc5f126735cff8622f1252a0f5f0b098576fb45598599052959e all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: b03e34541162096ac0b1b3e0c4c23479564755d52281dd8337e5be9d0cf4e51a all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: c97a864b28818fbfb9292cf2c9fca295b0f2956b31fd9fd1d08a2a7dc37423d2 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: 273c735f4495748c650f8e7e82351cdd9d89cb58922c17bb47a210bc83d73942 all runs: crashed: KASAN: use-after-free Read in hci_send_acl testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: ce0a7629b1a96e9a72264cbacc49a20f5581f0cc2ea67085817ef101ef71912b run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: WARNING in nf_unregister_net_hook run #9: OK testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 kernel signature: d2e056ef10732ebdc890270f06103d77714b5bf53734eb959755b9319c981857 all runs: OK # git bisect start 69973b830859bc6529a7a0468ba0d80ee5117826 c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 Bisecting: 8695 revisions left to test after this (roughly 13 steps) [a5af7e1fc69a46f29b977fd4b570e0ac414c2338] rxrpc: Fix loss of PING RESPONSE ACK production due to PING ACKs testing commit a5af7e1fc69a46f29b977fd4b570e0ac414c2338 with gcc (GCC) 5.5.0 kernel signature: 20d30fa3f8ba4560df1d514076e88668aa85e2342bbc81c8767d688be5b0459f run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: WARNING in nf_unregister_net_hook run #9: OK # git bisect bad a5af7e1fc69a46f29b977fd4b570e0ac414c2338 Bisecting: 4346 revisions left to test after this (roughly 12 steps) [d268dbe76a53d72cc41316eb59e7968db60e77ad] Merge tag 'pinctrl-v4.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit d268dbe76a53d72cc41316eb59e7968db60e77ad with gcc (GCC) 5.5.0 kernel signature: 599505ad1ac8dc7633702f1d5f1e152a735ee9afcb2bff189f08023b7ac924ed run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: general protection fault in nf_unregister_net_hook run #9: crashed: general protection fault in nf_unregister_net_hook # git bisect bad d268dbe76a53d72cc41316eb59e7968db60e77ad Bisecting: 2170 revisions left to test after this (roughly 11 steps) [02bafd96f3a5d8e610b19033ffec55b92459aaae] Merge tag 'docs-4.9' of git://git.lwn.net/linux testing commit 02bafd96f3a5d8e610b19033ffec55b92459aaae with gcc (GCC) 5.5.0 kernel signature: da1182a1d1bfcb4fdde38882d7d36e5fcb6cedf9302b8fd5bb5cf865d3f2a4a9 all runs: OK # git bisect good 02bafd96f3a5d8e610b19033ffec55b92459aaae Bisecting: 1051 revisions left to test after this (roughly 10 steps) [e812bd905a5cf00fea95da9df4889dad63d4a36a] Merge tag 'wireless-drivers-next-for-davem-2016-09-15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit e812bd905a5cf00fea95da9df4889dad63d4a36a with gcc (GCC) 5.5.0 kernel signature: 20ae574695f9c5b8433a166cc8469dcbd7c6ae9651a3278203f9fa9633db9f9e all runs: OK # git bisect good e812bd905a5cf00fea95da9df4889dad63d4a36a Bisecting: 525 revisions left to test after this (roughly 9 steps) [7a823471ad42cba6c3b658494d8437ca5c166292] igb: fix non static symbol warning testing commit 7a823471ad42cba6c3b658494d8437ca5c166292 with gcc (GCC) 5.5.0 kernel signature: eb25cf7fd4dece1c4b37a58532ae90c6e40230b171d6fe32b767e826d5e5b9cf run #0: OK run #1: OK run #2: OK run #3: OK run #4: crashed: general protection fault in nf_unregister_net_hook run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 7a823471ad42cba6c3b658494d8437ca5c166292 Bisecting: 262 revisions left to test after this (roughly 8 steps) [1fbafcb84747d0784fe928bedc4189f47d18ad8f] Merge branch 'vlan_act_modify' testing commit 1fbafcb84747d0784fe928bedc4189f47d18ad8f with gcc (GCC) 5.5.0 kernel signature: fb660652262d5fa4b9600f565724da2a7a473f77a48b87bc0849846dae672d7c run #0: OK run #1: OK run #2: crashed: WARNING in nf_unregister_net_hook run #3: crashed: WARNING in nf_unregister_net_hook run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 1fbafcb84747d0784fe928bedc4189f47d18ad8f Bisecting: 131 revisions left to test after this (roughly 7 steps) [d0bef1d26fb6fdad818f3d15a178d51e2a8478ae] Bluetooth: Add extra channel checks for control open/close messages testing commit d0bef1d26fb6fdad818f3d15a178d51e2a8478ae with gcc (GCC) 5.5.0 kernel signature: 813bebbc59b1036b1a206ce99aae26cd19f69faa44e033ca4b8de2286b596d29 all runs: OK # git bisect good d0bef1d26fb6fdad818f3d15a178d51e2a8478ae Bisecting: 61 revisions left to test after this (roughly 6 steps) [204dfe1798bbfa242e4083b87c3a8c5200412e6f] Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next testing commit 204dfe1798bbfa242e4083b87c3a8c5200412e6f with gcc (GCC) 5.5.0 kernel signature: 6ad7b99542d917e257032f81771582627953ff4cd2cec820fc132c9868bc5d54 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: crashed: WARNING in nf_unregister_net_hook run #8: OK run #9: OK # git bisect bad 204dfe1798bbfa242e4083b87c3a8c5200412e6f Bisecting: 34 revisions left to test after this (roughly 5 steps) [1f449736525addd6fcce674d654bd1471748484e] net-next: dsa: b53: remove empty set_addr() stub testing commit 1f449736525addd6fcce674d654bd1471748484e with gcc (GCC) 5.5.0 kernel signature: c872f0544a3f0ee53d3a6dfe5f5ee91af8c9cf9ac4f0d42adcd7ea8a6c944bae run #0: OK run #1: OK run #2: crashed: WARNING in nf_unregister_net_hook run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 1f449736525addd6fcce674d654bd1471748484e Bisecting: 17 revisions left to test after this (roughly 4 steps) [6b352ebccbcf68866fa5e2ec98cce5e6b7cdf92e] net: ethernet: broadcom: bcmgenet: use new api ethtool_{get|set}_link_ksettings testing commit 6b352ebccbcf68866fa5e2ec98cce5e6b7cdf92e with gcc (GCC) 5.5.0 kernel signature: e33b8d23352b2cddb7e0a45d3c3b0195d6b37075122efe415de9601b058aef30 run #0: OK run #1: OK run #2: crashed: WARNING in nf_unregister_net_hook run #3: crashed: WARNING in nf_unregister_net_hook run #4: crashed: WARNING in nf_unregister_net_hook run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 6b352ebccbcf68866fa5e2ec98cce5e6b7cdf92e Bisecting: 8 revisions left to test after this (roughly 3 steps) [001154eb242b5a6667b74e5cf20873fb75f1b9d3] bnxt_en: Call firmware to approve the random VF MAC address. testing commit 001154eb242b5a6667b74e5cf20873fb75f1b9d3 with gcc (GCC) 5.5.0 kernel signature: 19ec6e623c84e4e3393de4d7258e0e53669fa93211265588543fa645f64d7288 all runs: OK # git bisect good 001154eb242b5a6667b74e5cf20873fb75f1b9d3 Bisecting: 4 revisions left to test after this (roughly 2 steps) [583c139c71ae1919c7c94b43fb55d6777ef30eaf] Merge branch 'bnxt_en-next' testing commit 583c139c71ae1919c7c94b43fb55d6777ef30eaf with gcc (GCC) 5.5.0 kernel signature: 2941b853e455500912655baf9567dc8f26e8fc79bfb91ff549201d58ea6e65a5 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: crashed: WARNING in nf_unregister_net_hook run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 583c139c71ae1919c7c94b43fb55d6777ef30eaf Bisecting: 1 revision left to test after this (roughly 1 step) [ae8e98a6fa7a73917196c507e43414ea96b6a0fc] bnxt_en: Support for "ethtool -r" command testing commit ae8e98a6fa7a73917196c507e43414ea96b6a0fc with gcc (GCC) 5.5.0 kernel signature: 397ed1c389c142f41f04a550a0ab968233e0694f95fa7a3a38eb047ea23fdf84 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: crashed: WARNING in nf_unregister_net_hook run #7: OK run #8: OK run #9: OK # git bisect bad ae8e98a6fa7a73917196c507e43414ea96b6a0fc Bisecting: 0 revisions left to test after this (roughly 0 steps) [4ffcd582301bd020b1f9d00c55473af305ec19b5] bnxt_en: Pad TX packets below 52 bytes. testing commit 4ffcd582301bd020b1f9d00c55473af305ec19b5 with gcc (GCC) 5.5.0 kernel signature: 03e9448aec91517ede859e62cb4de16335cfc11ff5100100e5fd35505a9182a7 run #0: OK run #1: OK run #2: OK run #3: OK run #4: crashed: KASAN: null-ptr-deref Read run #5: crashed: KASAN: use-after-free Read in batadv_iv_ogm_queue_add run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 4ffcd582301bd020b1f9d00c55473af305ec19b5 4ffcd582301bd020b1f9d00c55473af305ec19b5 is the first bad commit commit 4ffcd582301bd020b1f9d00c55473af305ec19b5 Author: Michael Chan Date: Mon Sep 19 03:58:07 2016 -0400 bnxt_en: Pad TX packets below 52 bytes. The hardware has a limitation that it won't pass host to BMC loopback packets below 52-bytes. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: 03e9448aec91517ede859e62cb4de16335cfc11ff5100100e5fd35505a9182a7 parent signature: 19ec6e623c84e4e3393de4d7258e0e53669fa93211265588543fa645f64d7288 revisions tested: 36, total time: 7h11m59.305296713s (build: 3h10m16.926648932s, test: 3h56m22.717016482s) first bad commit: 4ffcd582301bd020b1f9d00c55473af305ec19b5 bnxt_en: Pad TX packets below 52 bytes. recipients (to): ["davem@davemloft.net" "michael.chan@broadcom.com" "netdev@vger.kernel.org"] recipients (cc): ["davem@davemloft.net" "linux-kernel@vger.kernel.org" "michael.chan@broadcom.com"] crash: KASAN: use-after-free Read in batadv_iv_ogm_queue_add batman_adv: batadv0: Removing interface: batadv_slave_1 ================================================================== device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state BUG: KASAN: use-after-free in batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:710 [inline] at addr ffff88010b75f100 BUG: KASAN: use-after-free in batadv_iv_ogm_queue_add+0x71f/0xf50 net/batman-adv/bat_iv_ogm.c:815 at addr ffff88010b75f100 Read of size 60 by task kworker/u4:0/6 CPU: 0 PID: 6 Comm: kworker/u4:0 Not tainted 4.8.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet 0000000000000000 ffff88012b0bf940 ffffffff82d07402 ffff88012bc00200 ffff88010b75f100 ffff88010b75f140 ffff880122b60a40 ffff88010e0cc500 ffff88012b0bf968 ffffffff8175db4c ffff88012b0bf9f8 ffff88010b75f100 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x136/0x1d4 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:156 [] print_address_description mm/kasan/report.c:194 [inline] [] kasan_report_error+0x1b0/0x490 mm/kasan/report.c:283 [] kasan_report+0x34/0x40 mm/kasan/report.c:303 [] check_memory_region_inline mm/kasan/kasan.c:285 [inline] [] check_memory_region+0x13d/0x1a0 mm/kasan/kasan.c:299 [] memcpy+0x23/0x50 mm/kasan/kasan.c:334 [] batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:710 [inline] [] batadv_iv_ogm_queue_add+0x71f/0xf50 net/batman-adv/bat_iv_ogm.c:815 [] batadv_iv_ogm_schedule+0x95e/0xcc0 net/batman-adv/bat_iv_ogm.c:984 [] batadv_iv_send_outstanding_bat_ogm_packet+0x4fa/0x8b0 net/batman-adv/bat_iv_ogm.c:1810 [] process_one_work+0x67d/0x14f0 kernel/workqueue.c:2096 [] worker_thread+0xda/0xf10 kernel/workqueue.c:2230 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 Object at ffff88010b75f100, in cache kmalloc-64 size: 64 Allocated: PID = 6 [] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67 [] save_stack mm/kasan/kasan.c:479 [inline] [] set_track mm/kasan/kasan.c:491 [inline] [] kasan_kmalloc+0xee/0x180 mm/kasan/kasan.c:582 [] __do_kmalloc mm/slab.c:3737 [inline] [] __kmalloc+0x162/0x440 mm/slab.c:3746 [] kmalloc include/linux/slab.h:495 [inline] [] batadv_tvlv_realloc_packet_buff net/batman-adv/tvlv.c:288 [inline] [] batadv_tvlv_container_ogm_append+0x117/0x470 net/batman-adv/tvlv.c:329 [] batadv_iv_ogm_schedule+0xa34/0xcc0 net/batman-adv/bat_iv_ogm.c:947 [] batadv_iv_send_outstanding_bat_ogm_packet+0x4fa/0x8b0 net/batman-adv/bat_iv_ogm.c:1810 [] process_one_work+0x67d/0x14f0 kernel/workqueue.c:2096 [] worker_thread+0xda/0xf10 kernel/workqueue.c:2230 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 Freed: PID = 6154 [] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67 [] save_stack mm/kasan/kasan.c:479 [inline] [] set_track mm/kasan/kasan.c:491 [inline] [] kasan_slab_free+0xad/0x180 mm/kasan/kasan.c:555 [] __cache_free mm/slab.c:3515 [inline] [] kfree+0xd4/0x2d0 mm/slab.c:3832 [] batadv_iv_ogm_iface_disable+0x34/0x70 net/batman-adv/bat_iv_ogm.c:393 [] batadv_hardif_disable_interface+0x31c/0xbb0 net/batman-adv/hard-interface.c:636 [] batadv_softif_destroy_netlink+0xd9/0x100 net/batman-adv/soft-interface.c:1038 [] default_device_exit_batch+0x241/0x3d0 net/core/dev.c:8247 [] ops_exit_list.isra.0+0xd6/0x120 net/core/net_namespace.c:139 [] cleanup_net+0x2d0/0x540 net/core/net_namespace.c:430 [] process_one_work+0x67d/0x14f0 kernel/workqueue.c:2096 [] worker_thread+0xda/0xf10 kernel/workqueue.c:2230 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 Memory state around the buggy address: ffff88010b75f000: 00 00 00 00 00 00 00 06 fc fc fc fc fc fc fc fc ffff88010b75f080: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc >ffff88010b75f100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ^ ffff88010b75f180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff88010b75f200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ================================================================== kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 6 Comm: kworker/u4:0 Tainted: G B 4.8.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet task: ffff88012b0ae180 task.stack: ffff88012b0b8000 RIP: 0010:[] [] batadv_iv_ogm_queue_add+0x2f/0xf50 net/batman-adv/bat_iv_ogm.c:780 RSP: 0018:ffff88012b0bfa78 EFLAGS: 00010296 RAX: dffffc0000000000 RBX: ffff8801295b42c0 RCX: ffff8801128b2500 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff88012b0bfb18 R08: ffff8801295b42c0 R09: 0000000000000001 R10: 0000000000000009 R11: 0000000000000000 R12: 000000000000003c R13: 0000000000000000 R14: ffff8801128b2500 R15: ffff88011f322940 FS: 0000000000000000(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffca2de4660 CR3: 000000010e02a000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 0000000000000000 0000000000000000 0000000000000002 0000000000000000 ffff88012b0bfb18 0000000000000282 0000000000000000 ffffffff85c86c1d ffff880100000000 ffff8801128b2500 ffff88011f322a10 ffff8801128b2500 Call Trace: [] batadv_iv_ogm_schedule+0x95e/0xcc0 net/batman-adv/bat_iv_ogm.c:984 [] batadv_iv_send_outstanding_bat_ogm_packet+0x4fa/0x8b0 net/batman-adv/bat_iv_ogm.c:1810 [] process_one_work+0x67d/0x14f0 kernel/workqueue.c:2096 [] worker_thread+0xda/0xf10 kernel/workqueue.c:2230 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 Code: 00 00 00 fc ff df 55 48 89 e5 41 57 49 89 ff 48 8d 7e 03 41 56 41 55 49 89 f5 41 54 41 89 d4 48 89 fa 48 c1 ea 03 53 48 83 ec 78 <0f> b6 04 02 48 89 fa 48 89 4d a8 83 e2 07 4c 89 45 b8 44 89 4d RIP [] batadv_iv_ogm_queue_add+0x2f/0xf50 net/batman-adv/bat_iv_ogm.c:769 RSP ---[ end trace eb011d2cd23186cd ]---