syzbot

==================================================================
BUG: KASAN: user-memory-access in atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
BUG: KASAN: user-memory-access in atomic_fetch_add_unless include/linux/atomic-fallback.h:1086 [inline]
BUG: KASAN: user-memory-access in atomic_add_unless include/linux/atomic-fallback.h:1111 [inline]
BUG: KASAN: user-memory-access in atomic_inc_not_zero include/linux/atomic-fallback.h:1127 [inline]
BUG: KASAN: user-memory-access in dst_hold_safe include/net/dst.h:297 [inline]
BUG: KASAN: user-memory-access in ip6_hold_safe+0xad/0x380 net/ipv6/route.c:1050
Read of size 4 at addr 000000010000003f by task syz-executor.1/11707

CPU: 0 PID: 11707 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #25
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 __kasan_report.cold+0x5/0x40 mm/kasan/report.c:321
 kasan_report+0x12/0x20 mm/kasan/common.c:614
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x123/0x190 mm/kasan/generic.c:191
 kasan_check_read+0x11/0x20 mm/kasan/common.c:94
 atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
 atomic_fetch_add_unless include/linux/atomic-fallback.h:1086 [inline]
 atomic_add_unless include/linux/atomic-fallback.h:1111 [inline]
 atomic_inc_not_zero include/linux/atomic-fallback.h:1127 [inline]
 dst_hold_safe include/net/dst.h:297 [inline]
 ip6_hold_safe+0xad/0x380 net/ipv6/route.c:1050
 rt6_get_pcpu_route net/ipv6/route.c:1277 [inline]
 ip6_pol_route+0x336/0x1010 net/ipv6/route.c:2028
 ip6_pol_route_output+0x54/0x70 net/ipv6/route.c:2204
 fib6_rule_lookup+0x279/0x5a0 net/ipv6/fib6_rules.c:120
 ip6_route_output_flags+0x2c4/0x350 net/ipv6/route.c:2233
 ip6_route_output include/net/ip6_route.h:89 [inline]
 ip6_dst_lookup_tail+0xd10/0x1b30 net/ipv6/ip6_output.c:1027
 ip6_dst_lookup_flow+0xa8/0x220 net/ipv6/ip6_output.c:1155
 tcp_v6_connect+0xda3/0x20a0 net/ipv6/tcp_ipv6.c:282
 __inet_stream_connect+0x834/0xe90 net/ipv4/af_inet.c:659
 tcp_sendmsg_fastopen net/ipv4/tcp.c:1143 [inline]
 tcp_sendmsg_locked+0x2318/0x3920 net/ipv4/tcp.c:1185
 tcp_sendmsg+0x30/0x50 net/ipv4/tcp.c:1419
 inet_sendmsg+0x141/0x5d0 net/ipv4/af_inet.c:802
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:671
 ___sys_sendmsg+0x803/0x920 net/socket.c:2292
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2330
 __do_sys_sendmsg net/socket.c:2339 [inline]
 __se_sys_sendmsg net/socket.c:2337 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2337
 do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4592c9
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fbc8ecbfc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004592c9
RDX: 0000000020008844 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc8ecc06d4
R13: 00000000004c6f76 R14: 00000000004dc0b0 R15: 00000000ffffffff
==================================================================