[ 417.226551] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 417.238909] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 417.329198] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 417.341105] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 417.343529] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 417.353321] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 417.396113] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 417.397325] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 417.422130] EXT4-fs error (device loop5): ext4_add_entry:2078: inode #2: comm syz-executor.5: Directory hole found [ 417.444994] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 417.445054] EXT4-fs error (device loop5): ext4_add_entry:2078: inode #2: comm syz-executor.5: Directory hole found [ 417.467990] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 417.568466] EXT4-fs error (device loop5): ext4_add_entry:2078: inode #2: comm syz-executor.5: Directory hole found [ 417.584366] EXT4-fs error (device loop5): ext4_add_entry:2078: inode #2: comm syz-executor.5: Directory hole found [ 417.809037] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 417.821879] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 417.862984] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 417.886993] EXT4-fs error (device loop5): ext4_add_entry:2078: inode #2: comm syz-executor.5: Directory hole found [ 417.894024] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 417.909063] EXT4-fs error (device loop5): ext4_add_entry:2078: inode #2: comm syz-executor.5: Directory hole found [ 417.939895] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 417.966348] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 417.982149] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 418.004908] EXT4-fs error (device loop5): ext4_add_entry:2078: inode #2: comm syz-executor.5: Directory hole found [ 418.016750] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 418.037474] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 418.037617] EXT4-fs error (device loop5): ext4_add_entry:2078: inode #2: comm syz-executor.5: Directory hole found [ 418.058742] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 418.102559] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 418.118752] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 418.130267] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 418.132414] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 418.217623] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 418.229173] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 418.474818] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 418.487936] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 418.502845] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 418.503771] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 418.631328] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 418.642416] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 418.646138] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 418.653617] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 418.758708] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 418.771536] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 418.800489] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 418.811911] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 418.853425] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 418.878148] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 418.891063] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 418.909758] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 418.933627] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 418.950512] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.044259] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.072804] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.072825] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.095499] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.120274] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 419.131016] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.145754] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 419.162811] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 419.173805] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 419.177291] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.261359] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 419.272638] EXT4-fs error (device loop0): ext4_add_entry:2078: inode #2: comm syz-executor.0: Directory hole found [ 419.289218] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 419.300443] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 419.371673] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.383081] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.429041] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.446278] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.451492] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.459963] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.587246] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.599711] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.740243] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 419.754395] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 419.765874] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.791766] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.801803] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.813415] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.819157] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 419.834729] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.837988] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.847122] EXT4-fs error (device loop3): ext4_add_entry:2078: inode #2: comm syz-executor.3: Directory hole found [ 419.866837] EXT4-fs error (device loop2): ext4_add_entry:2078: inode #2: comm syz-executor.2: Directory hole found [ 419.880628] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 419.887135] EXT4-fs error (device loop4): ext4_add_entry:2078: inode #2: comm syz-executor.4: Directory hole found [ 419.909475] EXT4-fs: failed to create workqueue [ 419.911452] EXT4-fs error (device loop1): ext4_add_entry:2078: inode #2: comm syz-executor.1: Directory hole found [ 419.929197] EXT4-fs (loop0): mount failed [ 421.848035] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 421.854755] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 421.862588] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 421.870044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 421.877024] ================================================================== [ 421.884501] BUG: KASAN: use-after-free in batadv_iv_ogm_queue_add+0x327/0xec0 [ 421.891756] Read of size 60 at addr ffff8880aef47120 by task kworker/u4:3/727 [ 421.898998] [ 421.900602] CPU: 0 PID: 727 Comm: kworker/u4:3 Not tainted 5.0.0-rc7-syzkaller #0 [ 421.908190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 421.917522] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 421.924593] Call Trace: [ 421.927155] dump_stack+0x86/0xca [ 421.930737] print_address_description.cold.3+0x9/0x244 [ 421.936080] ? batadv_iv_ogm_queue_add+0x327/0xec0 [ 421.941035] kasan_report.cold.4+0x1b/0x35 [ 421.945384] ? batadv_iv_ogm_queue_add+0x327/0xec0 [ 421.950294] ? batadv_forw_packet_free+0xe0/0x160 [ 421.955107] ? batadv_iv_ogm_queue_add+0x327/0xec0 [ 421.960012] check_memory_region+0x13c/0x1b0 [ 421.964393] memcpy+0x23/0x50 [ 421.967472] batadv_iv_ogm_queue_add+0x327/0xec0 [ 421.972215] ? __rcu_report_exp_rnp+0x148/0x1b0 [ 421.976859] ? batadv_iv_ogm_iface_enable+0x370/0x370 [ 421.982108] ? lock_acquire+0x111/0x2d0 [ 421.986054] ? kasan_check_read+0x11/0x20 [ 421.990174] batadv_iv_ogm_schedule+0xb47/0xe80 [ 421.994814] ? batadv_iv_ogm_queue_add+0xec0/0xec0 [ 421.999717] batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 [ 422.006033] ? rcu_lockdep_current_cpu_online+0xe5/0x130 [ 422.011457] process_one_work+0x7b9/0x15e0 [ 422.015679] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 422.020316] ? lock_acquire+0x111/0x2d0 [ 422.024267] ? _raw_spin_lock_irq+0xe/0x50 [ 422.028475] worker_thread+0x85/0xb60 [ 422.032245] ? __kthread_parkme+0x47/0x190 [ 422.036470] kthread+0x324/0x3e0 [ 422.039808] ? process_one_work+0x15e0/0x15e0 [ 422.044294] ? kthread_park+0x120/0x120 [ 422.048252] ret_from_fork+0x24/0x30 [ 422.051957] [ 422.053566] Allocated by task 727: [ 422.057079] __kasan_kmalloc.part.0+0x66/0x100 [ 422.061631] __kasan_kmalloc.constprop.1+0xb5/0xc0 [ 422.066529] kasan_kmalloc+0x9/0x10 [ 422.070140] __kmalloc+0x148/0x320 [ 422.073661] batadv_tvlv_container_ogm_append+0x16f/0x4b0 [ 422.079174] batadv_iv_ogm_schedule+0xc39/0xe80 [ 422.083854] batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 [ 422.090146] process_one_work+0x7b9/0x15e0 [ 422.094350] worker_thread+0x85/0xb60 [ 422.098123] kthread+0x324/0x3e0 [ 422.101502] ret_from_fork+0x24/0x30 [ 422.105188] [ 422.106798] Freed by task 7: [ 422.109831] __kasan_slab_free+0x167/0x240 [ 422.114041] kasan_slab_free+0xe/0x10 [ 422.117812] kfree+0xf2/0x310 [ 422.120890] batadv_iv_ogm_iface_disable+0x34/0x70 [ 422.125977] batadv_hardif_disable_interface.cold.8+0x607/0xef7 [ 422.132583] batadv_softif_destroy_netlink+0x94/0x100 [ 422.137751] default_device_exit_batch+0x239/0x3d0 [ 422.142653] ops_exit_list.isra.0+0xd3/0x120 [ 422.147149] cleanup_net+0x363/0x840 [ 422.151079] process_one_work+0x7b9/0x15e0 [ 422.155295] worker_thread+0x85/0xb60 [ 422.159103] kthread+0x324/0x3e0 [ 422.162454] ret_from_fork+0x24/0x30 [ 422.166136] [ 422.167739] The buggy address belongs to the object at ffff8880aef47120 [ 422.167739] which belongs to the cache kmalloc-64 of size 64 [ 422.180193] The buggy address is located 0 bytes inside of [ 422.180193] 64-byte region [ffff8880aef47120, ffff8880aef47160) [ 422.191776] The buggy address belongs to the page: [ 422.196687] page:ffffea0002bbd1c0 count:1 mapcount:0 mapping:ffff88813ff35600 index:0x0 [ 422.204942] flags: 0xfff00000000200(slab) [ 422.209146] raw: 00fff00000000200 ffffea000294b100 0000000300000003 ffff88813ff35600 [ 422.217085] raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000 [ 422.225019] page dumped because: kasan: bad access detected [ 422.230713] page allocated via order 0, migratetype Unmovable, gfp_mask 0x6012c0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY) [ 422.241621] get_page_from_freelist.part.22+0x300d/0x45b0 [ 422.247181] __alloc_pages_nodemask+0x2a6/0x2500 [ 422.251905] alloc_pages_current+0xd6/0x1b0 [ 422.256230] new_slab+0x48f/0x750 [ 422.259657] ___slab_alloc+0x5b7/0x900 [ 422.263602] __slab_alloc.isra.23+0x4f/0x80 [ 422.268071] kmem_cache_alloc_node_trace+0xc8/0x330 [ 422.273057] __get_vm_area_node+0x99/0x2e0 [ 422.277263] __vmalloc_node_range+0xb5/0x680 [ 422.281642] vzalloc+0x6a/0x80 [ 422.284807] xt_counters_alloc+0x20/0x30 [ 422.288840] __do_replace+0x9a/0x9b0 [ 422.292523] do_ip6t_set_ctl+0x27e/0x3eb [ 422.296573] nf_setsockopt+0x5c/0xb0 [ 422.300257] ipv6_setsockopt+0x95/0xf0 [ 422.304113] tcp_setsockopt+0x6a/0xd0 [ 422.307882] [ 422.309478] Memory state around the buggy address: [ 422.314379] ffff8880aef47000: 00 00 00 00 00 fc fc fc fc fc fc fc 00 00 00 00 [ 422.321721] ffff8880aef47080: 00 fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc [ 422.329060] >ffff8880aef47100: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc [ 422.336412] ^ [ 422.340809] ffff8880aef47180: 00 00 00 00 00 fc fc fc fc fc fc fc fb fb fb fb [ 422.348161] ffff8880aef47200: fb fb fb fb fc fc fc fc 00 00 00 00 00 fc fc fc [ 422.355512] ================================================================== [ 422.362855] Disabling lock debugging due to kernel taint [ 422.368488] Kernel panic - not syncing: panic_on_warn set ... [ 422.374360] CPU: 0 PID: 727 Comm: kworker/u4:3 Tainted: G B 5.0.0-rc7-syzkaller #0 [ 422.383352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.392696] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 422.399764] Call Trace: [ 422.402323] dump_stack+0x86/0xca [ 422.405747] ? batadv_iv_ogm_queue_add+0x230/0xec0 [ 422.410646] panic+0x1e7/0x3ac [ 422.413825] ? __warn_printk+0xd6/0xd6 [ 422.417682] ? ___preempt_schedule+0x16/0x18 [ 422.422076] ? batadv_iv_ogm_queue_add+0x327/0xec0 [ 422.426976] end_report+0x47/0x4f [ 422.430400] kasan_report.cold.4+0xe/0x35 [ 422.434516] ? batadv_iv_ogm_queue_add+0x327/0xec0 [ 422.439415] ? batadv_forw_packet_free+0xe0/0x160 [ 422.444226] ? batadv_iv_ogm_queue_add+0x327/0xec0 [ 422.449136] check_memory_region+0x13c/0x1b0 [ 422.453511] memcpy+0x23/0x50 [ 422.456588] batadv_iv_ogm_queue_add+0x327/0xec0 [ 422.461314] ? __rcu_report_exp_rnp+0x148/0x1b0 [ 422.465982] ? batadv_iv_ogm_iface_enable+0x370/0x370 [ 422.471232] ? lock_acquire+0x111/0x2d0 [ 422.475219] ? kasan_check_read+0x11/0x20 [ 422.479372] batadv_iv_ogm_schedule+0xb47/0xe80 [ 422.484021] ? batadv_iv_ogm_queue_add+0xec0/0xec0 [ 422.488929] batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 [ 422.495227] ? rcu_lockdep_current_cpu_online+0xe5/0x130 [ 422.500655] process_one_work+0x7b9/0x15e0 [ 422.505039] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 422.509693] ? lock_acquire+0x111/0x2d0 [ 422.513833] ? _raw_spin_lock_irq+0xe/0x50 [ 422.518060] worker_thread+0x85/0xb60 [ 422.522196] ? __kthread_parkme+0x47/0x190 [ 422.526432] kthread+0x324/0x3e0 [ 422.529774] ? process_one_work+0x15e0/0x15e0 [ 422.534252] ? kthread_park+0x120/0x120 [ 422.538643] ret_from_fork+0x24/0x30 [ 422.543908] Kernel Offset: disabled [ 422.547515] Rebooting in 86400 seconds..