IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9482 Comm: syz-executor.0 Not tainted 4.18.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:dequeue_head net/sched/sch_fq_codel.c:126 [inline] RIP: 0010:fq_codel_drop net/sched/sch_fq_codel.c:174 [inline] RIP: 0010:fq_codel_enqueue+0x865/0x12e0 net/sched/sch_fq_codel.c:236 Code: 48 89 7c 24 48 eb 0b 44 39 7c 24 58 0f 86 bb 00 00 00 48 8b 7c 24 50 80 3f 00 0f 85 82 06 00 00 4c 8b 20 4c 89 e2 48 c1 ea 03 <80> 3c 0a 00 0f 85 64 05 00 00 49 8b 14 24 49 8d 7c 24 28 48 89 10 RSP: 0018:ffff88008acff500 EFLAGS: 00010246 ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' RAX: ffff88008a860900 RBX: ffff8800a8b68040 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed001150c120 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready RBP: ffff88008acff5f0 R08: 0000000000000000 R09: 0000000000000000 wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 R10: 0000000000000000 R11: ffff8800a8b68328 R12: 0000000000000000 R13: 1ffff1001159feac R14: ffff88008acff700 R15: 0000000000000000 FS: 00007f05b593d700(0000) GS:ffff8800ba700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc1ae75c60 CR3: 0000000097475000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 __dev_xmit_skb net/core/dev.c:3272 [inline] __dev_queue_xmit+0x10ca/0x2960 net/core/dev.c:3537 IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready dev_queue_xmit+0xb/0x10 net/core/dev.c:3602 wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 __bpf_tx_skb net/core/filter.c:1995 [inline] __bpf_redirect_common net/core/filter.c:2033 [inline] __bpf_redirect+0x55f/0xa00 net/core/filter.c:2040 ____bpf_clone_redirect net/core/filter.c:2073 [inline] bpf_clone_redirect+0x29b/0x3f0 net/core/filter.c:2045 ___bpf_prog_run+0x1f96/0x4f60 kernel/bpf/core.c:1112 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 __bpf_prog_run512+0x9d/0xd0 kernel/bpf/core.c:1366 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready bpf_test_run_one net/bpf/test_run.c:20 [inline] bpf_test_run+0x8a/0x2d0 net/bpf/test_run.c:36 ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready bpf_prog_test_run_skb+0x537/0xa90 net/bpf/test_run.c:138 wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 bpf_prog_test_run kernel/bpf/syscall.c:1688 [inline] __do_sys_bpf kernel/bpf/syscall.c:2325 [inline] __se_sys_bpf+0x12e7/0x29f0 kernel/bpf/syscall.c:2269 __x64_sys_bpf+0x6e/0xb0 kernel/bpf/syscall.c:2269 do_syscall_64+0xda/0x540 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f05b61c7a39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f05b593d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f05b62daf60 RCX: 00007f05b61c7a39 RDX: 0000000000000048 RSI: 0000000020000140 RDI: 000000000000000a RBP: 00007f05b6221e8f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd6d778bf R14: 00007f05b593d300 R15: 0000000000022000 Modules linked in: ---[ end trace b88c356f128c4b9b ]--- wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 RIP: 0010:dequeue_head net/sched/sch_fq_codel.c:126 [inline] RIP: 0010:fq_codel_drop net/sched/sch_fq_codel.c:174 [inline] RIP: 0010:fq_codel_enqueue+0x865/0x12e0 net/sched/sch_fq_codel.c:236 Code: 48 ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' 89 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 7c IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready 24 48 eb 0b 44 39 7c 24 58 0f 86 bb 00 00 00 48 8b 7c 24 50 80 3f 00 0f 85 82 06 00 00 4c 8b 20 4c 89 e2 48 c1 ea 03 <80> 3c 0a 00 0f 85 64 05 00 00 49 8b 14 24 49 8d 7c 24 28 48 89 10 RSP: 0018:ffff88008acff500 EFLAGS: 00010246 RAX: ffff88008a860900 RBX: ffff8800a8b68040 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed001150c120 RBP: ffff88008acff5f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffff8800a8b68328 R12: 0000000000000000 R13: 1ffff1001159feac R14: ffff88008acff700 R15: 0000000000000000 FS: 00007f05b593d700(0000) GS:ffff8800ba700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc1ae75c60 CR3: 0000000097475000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 89 7c 24 48 mov %rdi,0x48(%rsp) 5: eb 0b jmp 0x12 7: 44 39 7c 24 58 cmp %r15d,0x58(%rsp) c: 0f 86 bb 00 00 00 jbe 0xcd 12: 48 8b 7c 24 50 mov 0x50(%rsp),%rdi 17: 80 3f 00 cmpb $0x0,(%rdi) 1a: 0f 85 82 06 00 00 jne 0x6a2 20: 4c 8b 20 mov (%rax),%r12 23: 4c 89 e2 mov %r12,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 0a 00 cmpb $0x0,(%rdx,%rcx,1) <-- trapping instruction 2e: 0f 85 64 05 00 00 jne 0x598 34: 49 8b 14 24 mov (%r12),%rdx 38: 49 8d 7c 24 28 lea 0x28(%r12),%rdi 3d: 48 89 10 mov %rdx,(%rax)