syzbot

=====================================================
BUG: KMSAN: use-after-free in fib6_nh_flush_exceptions net/ipv6/route.c:1724 [inline]
BUG: KMSAN: use-after-free in fib6_nh_release+0x304/0x6b0 net/ipv6/route.c:3505
CPU: 0 PID: 16795 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf8/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 fib6_nh_flush_exceptions net/ipv6/route.c:1724 [inline]
 fib6_nh_release+0x304/0x6b0 net/ipv6/route.c:3505
 fib6_info_destroy_rcu+0x18b/0x330 net/ipv6/ip6_fib.c:174
 __rcu_reclaim kernel/rcu/rcu.h:222 [inline]
 rcu_do_batch kernel/rcu/tree.c:2183 [inline]
 rcu_core+0xc76/0x1b10 kernel/rcu/tree.c:2408
 rcu_core_si+0xe/0x10 kernel/rcu/tree.c:2417
 __do_softirq+0x4a1/0x83a kernel/softirq.c:293
 invoke_softirq kernel/softirq.c:375 [inline]
 irq_exit+0x230/0x280 kernel/softirq.c:416
 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:536
 smp_apic_timer_interrupt+0x48/0x70 arch/x86/kernel/apic/apic.c:1140
 apic_timer_interrupt+0x2e/0x40 arch/x86/entry/entry_64.S:834
 </IRQ>
RIP: 0010:array_index_mask_nospec+0x34/0x90 arch/x86/include/asm/barrier.h:41
Code: 41 54 53 48 83 ec 10 49 89 f7 49 89 fe e8 34 3e 0c 01 48 89 c3 4c 8b 20 8b 80 88 0c 00 00 89 45 d0 8b 83 90 0c 00 00 89 45 d4 <4c> 8b 6b 08 e8 83 a0 a3 00 4d 85 ed 75 34 4d 85 e4 75 3c 4c 89 7d
RSP: 0018:ffffa98b0c1ffee8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: ffff9ed6808a09d0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000000001b4 RDI: 00000000000000e7
RBP: ffffa98b0c1fff20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 00000000000000e7 R15: 00000000000001b4
 do_syscall_64+0x91/0x160 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45af49
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:0000000000a6fd88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000001e RCX: 000000000045af49
RDX: 0000000000414ae1 RSI: fffffffffffffff7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffff R09: 0000000000a6fde0
R10: 00000000814f55f1 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000a6fde0 R14: 0000000000000000 R15: 0000000000a6fdf0

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x5c/0xf0 mm/kmsan/kmsan.c:127
 kmsan_slab_free+0x6e/0xb0 mm/kmsan/kmsan_hooks.c:107
 slab_free_freelist_hook mm/slub.c:1458 [inline]
 slab_free mm/slub.c:3021 [inline]
 kfree+0x8ce/0x3090 mm/slub.c:3974
 batadv_forw_packet_free+0x2d4/0x3a0 net/batman-adv/send.c:483
 batadv_iv_send_outstanding_bat_ogm_packet+0xc4c/0xd50 net/batman-adv/bat_iv_ogm.c:1724
 process_one_work+0x1572/0x1ef0 kernel/workqueue.c:2264
 worker_thread+0x111b/0x2460 kernel/workqueue.c:2410
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353
=====================================================