[ 456.247797] syz-executor.0 (5934) used greatest stack depth: 23096 bytes left [ 456.686385] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 456.693109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 456.701021] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 456.707720] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 456.715849] device bridge_slave_1 left promiscuous mode [ 456.721534] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.731109] device bridge_slave_0 left promiscuous mode [ 456.735616] NOHZ: local_softirq_pending 08 [ 456.740835] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.751340] device veth1_macvtap left promiscuous mode [ 456.756924] device veth0_macvtap left promiscuous mode [ 456.762211] device veth1_vlan left promiscuous mode [ 456.767608] device veth0_vlan left promiscuous mode [ 456.849396] team0 (unregistering): Port device team_slave_1 removed [ 456.859079] team0 (unregistering): Port device team_slave_0 removed [ 456.871653] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 456.882743] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 456.922337] bond0 (unregistering): Released all slaves [ 458.875291] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.881996] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 458.891164] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 458.898106] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 458.906631] device bridge_slave_1 left promiscuous mode [ 458.912045] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.919334] device bridge_slave_0 left promiscuous mode [ 458.924874] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.932959] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.939683] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 458.947037] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 458.953692] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 458.961112] device bridge_slave_1 left promiscuous mode [ 458.966896] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.973663] device bridge_slave_0 left promiscuous mode [ 458.979150] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.987928] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.995952] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 459.003256] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 459.009950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 459.017471] device bridge_slave_1 left promiscuous mode [ 459.022863] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.030211] device bridge_slave_0 left promiscuous mode [ 459.035677] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.043881] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 459.050545] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 459.058105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 459.064810] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 459.072147] device bridge_slave_1 left promiscuous mode [ 459.077912] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.085182] device bridge_slave_0 left promiscuous mode [ 459.090585] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.098963] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 459.105675] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 459.112978] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 459.119698] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 459.126695] ================================================================================ [ 459.127904] device bridge_slave_1 left promiscuous mode [ 459.127980] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.146890] UBSAN: Undefined behaviour in net/batman-adv/bat_iv_ogm.c:780:36 [ 459.154043] member access within null pointer of type 'struct batadv_ogm_packet' [ 459.161546] CPU: 1 PID: 15869 Comm: kworker/u4:3 Not tainted 4.9.0-rc4-syzkaller #0 [ 459.169318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.178731] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 459.185918] ffff88010d9cf818 ffffffff8381b081 1ffffffff11b8e8a 0000000041b58ab3 [ 459.193899] ffffffff886f84ac ffffffff8381aec4 0000000000000086 ffffffff00000018 [ 459.201905] ffff88010d9cf840 ffff88010d9cf7f0 ffff880125df4500 ffffffff87cb0be0 [ 459.209899] Call Trace: [ 459.212471] [] dump_stack+0x1bd/0x29c [ 459.217890] [] ? _atomic_dec_and_lock+0xc4/0xc4 [ 459.224233] [] ubsan_epilogue+0xd/0x8a [ 459.229756] [] __ubsan_handle_type_mismatch+0x157/0x411 [ 459.236784] [] ? queue_delayed_work_on+0x10e/0x1b0 [ 459.243334] [] ? ubsan_epilogue+0x8a/0x8a [ 459.249163] [] ? trace_hardirqs_on+0xd/0x10 [ 459.255106] [] batadv_iv_ogm_queue_add+0x1489/0x15f0 [ 459.261825] [] ? debug_check_no_locks_freed+0x4c0/0x4c0 [ 459.268850] [] ? debug_lockdep_rcu_enabled+0x7b/0x90 [ 459.275596] [] ? batadv_iv_ogm_iface_enable+0x3e0/0x3e0 [ 459.282609] [] ? debug_smp_processor_id+0x17/0x20 [ 459.289071] [] batadv_iv_ogm_schedule+0xa76/0xf60 [ 459.295579] [] ? __local_bh_enable_ip+0xdc/0x1f0 [ 459.301955] [] batadv_iv_send_outstanding_bat_ogm_packet+0x385/0xf90 [ 459.310072] [] ? debug_lockdep_rcu_enabled+0x7b/0x90 [ 459.316794] [] ? batadv_iv_iface_activate+0x10/0x10 [ 459.323445] [] process_one_work+0x7ab/0x1ae0 [ 459.329477] [] ? process_one_work+0x704/0x1ae0 [ 459.335692] [] ? mod_delayed_work_on+0x190/0x190 [ 459.342077] [] ? worker_thread+0x1e0/0x1450 [ 459.348034] [] worker_thread+0x60c/0x1450 [ 459.353807] [] ? process_one_work+0x1ae0/0x1ae0 [ 459.360107] [] ? process_one_work+0x1ae0/0x1ae0 [ 459.366409] [] kthread+0x23c/0x390 [ 459.371576] [] ? kthread_create_on_node+0xa0/0xa0 [ 459.378075] [] ? put_task_stack+0xc2/0x260 [ 459.383948] [] ? kthread_create_on_node+0xa0/0xa0 [ 459.390410] [] ? kthread_create_on_node+0xa0/0xa0 [ 459.396942] [] ret_from_fork+0x2a/0x40 [ 459.402451] ================================================================================ [ 459.411503] kasan: CONFIG_KASAN_INLINE enabled [ 459.416092] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 459.423480] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 459.429681] Modules linked in: [ 459.432971] CPU: 1 PID: 15869 Comm: kworker/u4:3 Not tainted 4.9.0-rc4-syzkaller #0 [ 459.440744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.450076] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 459.457271] task: ffff880125df4500 task.stack: ffff88010d9c8000 [ 459.463299] RIP: 0010:[] [] batadv_iv_ogm_queue_add+0xa5/0x15f0 [ 459.472660] RSP: 0018:ffff88010d9cf8e8 EFLAGS: 00010246 [ 459.478086] RAX: dffffc0000000000 RBX: ffff880120bf7cb0 RCX: 0000000000000000 [ 459.485344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 459.492596] RBP: ffff88010d9cf9f8 R08: 0000000000000007 R09: 0000000000000000 [ 459.499835] R10: ffff880125df4d10 R11: 0000000000000006 R12: 000000000000003c [ 459.507085] R13: ffff880120bf7c80 R14: 0000000000000000 R15: dffffc0000000000 [ 459.514330] FS: 0000000000000000(0000) GS:ffff88012c100000(0000) knlGS:0000000000000000 [ 459.522530] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 459.528400] CR2: 00007fdb0d490000 CR3: 000000011a1a0000 CR4: 00000000001406e0 [ 459.535643] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 459.542881] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 459.550119] Stack: [ 459.552253] ffff880125df4d00 0000000041b58ab3 ffffffff886f79a6 ffffffff81575900 [ 459.560237] 0000000000000000 0000000000000000 0000000000000024 0000000000000000 [ 459.568212] ffff88010d9cf938 ffffffff815ceacb ffff880120bf7c80 ffff880120bf7c80 [ 459.576209] Call Trace: [ 459.578776] [] ? debug_check_no_locks_freed+0x4c0/0x4c0 [ 459.585775] [] ? debug_lockdep_rcu_enabled+0x7b/0x90 [ 459.592497] [] ? batadv_iv_ogm_iface_enable+0x3e0/0x3e0 [ 459.599481] [] ? debug_smp_processor_id+0x17/0x20 [ 459.605947] [] batadv_iv_ogm_schedule+0xa76/0xf60 [ 459.612419] [] ? __local_bh_enable_ip+0xdc/0x1f0 [ 459.618792] [] batadv_iv_send_outstanding_bat_ogm_packet+0x385/0xf90 [ 459.627076] [] ? debug_lockdep_rcu_enabled+0x7b/0x90 [ 459.633797] [] ? batadv_iv_iface_activate+0x10/0x10 [ 459.640451] [] process_one_work+0x7ab/0x1ae0 [ 459.646564] [] ? process_one_work+0x704/0x1ae0 [ 459.652764] [] ? mod_delayed_work_on+0x190/0x190 [ 459.659149] [] ? worker_thread+0x1e0/0x1450 [ 459.665102] [] worker_thread+0x60c/0x1450 [ 459.671311] [] ? process_one_work+0x1ae0/0x1ae0 [ 459.677600] [] ? process_one_work+0x1ae0/0x1ae0 [ 459.683899] [] kthread+0x23c/0x390 [ 459.689243] [] ? kthread_create_on_node+0xa0/0xa0 [ 459.695705] [] ? put_task_stack+0xc2/0x260 [ 459.701568] [] ? kthread_create_on_node+0xa0/0xa0 [ 459.708029] [] ? kthread_create_on_node+0xa0/0xa0 [ 459.714494] [] ret_from_fork+0x2a/0x40 [ 459.720006] Code: f1 f1 c7 40 04 00 f4 f4 f4 c7 40 08 f3 f3 f3 f3 0f 84 eb 13 00 00 49 8d 7e 03 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 b6 13 00 [ 459.746873] RIP [] batadv_iv_ogm_queue_add+0xa5/0x15f0 [ 459.753909] RSP [ 459.757590] ---[ end trace 1e8695affd563946 ]--- [ 459.762331] Kernel panic - not syncing: Fatal exception [ 459.768778] Kernel Offset: disabled