[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd:
[ 85.891648][ T27] audit: type=1400 audit(1582055690.998:37): avc: denied { watch } for pid=10997 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16180 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 90.254456][ T27] kauditd_printk_skb: 3 callbacks suppressed
[ 90.254472][ T27] audit: type=1400 audit(1582055695.358:41): avc: denied { map } for pid=11088 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts.
[ 97.234636][ T27] audit: type=1400 audit(1582055702.338:42): avc: denied { map } for pid=11100 comm="syz-executor939" path="/root/syz-executor939689700" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 97.260218][T11101] IPVS: ftp: loaded support on port[0] = 21
[ 97.327165][T11101] chnl_net:caif_netlink_parms(): no params data found
[ 97.369701][T11101] bridge0: port 1(bridge_slave_0) entered blocking state
[ 97.378084][T11101] bridge0: port 1(bridge_slave_0) entered disabled state
[ 97.386386][T11101] device bridge_slave_0 entered promiscuous mode
[ 97.395745][T11101] bridge0: port 2(bridge_slave_1) entered blocking state
[ 97.403165][T11101] bridge0: port 2(bridge_slave_1) entered disabled state
[ 97.411074][T11101] device bridge_slave_1 entered promiscuous mode
[ 97.429535][T11101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 97.441198][T11101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 97.462676][T11101] team0: Port device team_slave_0 added
[ 97.470754][T11101] team0: Port device team_slave_1 added
[ 97.486764][T11101] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 97.493775][T11101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 97.520042][T11101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 97.533377][T11101] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 97.540625][T11101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 97.566957][T11101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 97.658109][T11101] device hsr_slave_0 entered promiscuous mode
[ 97.716421][T11101] device hsr_slave_1 entered promiscuous mode
[ 97.847099][ T27] audit: type=1400 audit(1582055702.958:43): avc: denied { create } for pid=11101 comm="syz-executor939" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 97.874904][T11101] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.876115][ T27] audit: type=1400 audit(1582055702.978:44): avc: denied { write } for pid=11101 comm="syz-executor939" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 97.907437][ T27] audit: type=1400 audit(1582055702.978:45): avc: denied { read } for pid=11101 comm="syz-executor939" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 97.939788][T11101] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.998597][T11101] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 98.078799][T11101] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 98.155997][T11101] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.163413][T11101] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.171483][T11101] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.178840][T11101] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.237104][T11101] 8021q: adding VLAN 0 to HW filter on device bond0
[ 98.252980][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 98.264393][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 98.283195][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 98.292124][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 98.306700][T11101] 8021q: adding VLAN 0 to HW filter on device team0
[ 98.320383][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 98.329513][ T26] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.336646][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.356194][ T2689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 98.366143][ T2689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 98.375377][ T2689] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.383004][ T2689] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.390629][ T2689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 98.399719][ T2689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 98.414681][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 98.425008][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 98.434284][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 98.447434][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 98.456806][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 98.471791][ T2689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 98.481678][ T2689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 98.496644][T11101] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 98.509583][T11101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 98.518186][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 98.527112][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 98.548623][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 98.557521][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 98.572437][T11101] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.595522][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 98.604474][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 98.627108][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 98.636174][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 98.645570][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 98.653940][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 98.663850][T11101] device veth0_vlan entered promiscuous mode
[ 98.678023][T11101] device veth1_vlan entered promiscuous mode
[ 98.704484][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 98.713840][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 98.722195][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 98.730743][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 98.742389][T11101] device veth0_macvtap entered promiscuous mode
[ 98.754741][T11101] device veth1_macvtap entered promiscuous mode
[ 98.774835][T11101] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.783018][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 98.791422][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 98.799621][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 98.809173][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 98.822161][T11101] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.830000][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 98.839600][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 99.006903][ C0] ==================================================================
[ 99.015178][ C0] BUG: KASAN: use-after-free in find_match+0xb39/0xc90
[ 99.022499][ C0] Read of size 8 at addr ffff888096856320 by task kworker/0:1/12
[ 99.030212][ C0]
[ 99.032537][ C0] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.6.0-rc2-syzkaller #0
[ 99.040918][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 99.051149][ C0] Workqueue: ipv6_addrconf addrconf_dad_work
[ 99.057123][ C0] Call Trace:
[ 99.060413][ C0]
[ 99.063283][ C0] dump_stack+0x197/0x210
[ 99.067625][ C0] ? find_match+0xb39/0xc90
[ 99.072147][ C0] print_address_description.constprop.0.cold+0xd4/0x30b
[ 99.079162][ C0] ? find_match+0xb39/0xc90
[ 99.083679][ C0] ? find_match+0xb39/0xc90
[ 99.088193][ C0] __kasan_report.cold+0x1b/0x32
[ 99.093147][ C0] ? find_match+0xb39/0xc90
[ 99.097740][ C0] kasan_report+0x12/0x20
[ 99.102210][ C0] __asan_report_load8_noabort+0x14/0x20
[ 99.107875][ C0] find_match+0xb39/0xc90
[ 99.112370][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 99.117408][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 99.123245][ C0] __find_rr_leaf+0x14e/0x750
[ 99.128202][ C0] ? nexthop_is_blackhole+0x690/0x690
[ 99.133582][ C0] ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 99.139752][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 99.144791][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 99.150639][ C0] fib6_table_lookup+0x697/0xdb0
[ 99.155728][ C0] ? rt6_age_exceptions+0x130/0x130
[ 99.160943][ C0] ? __kasan_check_read+0x11/0x20
[ 99.166271][ C0] ip6_pol_route+0x1f6/0xa70
[ 99.170882][ C0] ? ip6_pol_route_lookup+0x12e0/0x12e0
[ 99.176440][ C0] ? flow_hash_from_keys+0x2c4/0x8c0
[ 99.181748][ C0] ip6_pol_route_input+0x65/0x80
[ 99.186725][ C0] fib6_rule_lookup+0x133/0x7d0
[ 99.191637][ C0] ? ip6_pol_route+0xa70/0xa70
[ 99.196414][ C0] ? fib6_lookup+0x340/0x340
[ 99.201022][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 99.207283][ C0] ? nf_conntrack_icmpv6_error+0x3c1/0x560
[ 99.213182][ C0] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 99.220491][ C0] ip6_route_input_lookup+0xb7/0xd0
[ 99.225703][ C0] ip6_route_input+0x5f0/0xa40
[ 99.230468][ C0] ? ip6_route_check_nh+0x670/0x670
[ 99.235689][ C0] ? slab_prepare_cpu+0x88/0xa0
[ 99.240755][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 99.245911][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 99.251744][ C0] ip6_rcv_finish_core.isra.0+0x174/0x590
[ 99.257465][ C0] ip6_rcv_finish+0x17a/0x310
[ 99.262179][ C0] ipv6_rcv+0x10e/0x420
[ 99.266353][ C0] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 99.271823][ C0] ? ip6_rcv_finish_core.isra.0+0x590/0x590
[ 99.277857][ C0] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 99.283317][ C0] __netif_receive_skb_one_core+0x113/0x1a0
[ 99.289206][ C0] ? __netif_receive_skb_core+0x30b0/0x30b0
[ 99.295299][ C0] ? lock_acquire+0x190/0x410
[ 99.299997][ C0] ? process_backlog+0x1b5/0x780
[ 99.305009][ C0] __netif_receive_skb+0x2c/0x1d0
[ 99.310053][ C0] process_backlog+0x226/0x780
[ 99.314816][ C0] ? net_rx_action+0x27b/0x1120
[ 99.319764][ C0] ? lockdep_hardirqs_on+0x19e/0x5e0
[ 99.325059][ C0] net_rx_action+0x508/0x1120
[ 99.329760][ C0] ? napi_busy_loop+0x970/0x970
[ 99.334812][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 99.340377][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 99.346379][ C0] ? ip6_finish_output2+0x10d3/0x25c0
[ 99.351769][ C0] ? trace_hardirqs_on+0x67/0x240
[ 99.356801][ C0] __do_softirq+0x262/0x98c
[ 99.361456][ C0] ? ip6_finish_output2+0x10d3/0x25c0
[ 99.366833][ C0] do_softirq_own_stack+0x2a/0x40
[ 99.371866][ C0]
[ 99.375033][ C0] do_softirq.part.0+0x11a/0x170
[ 99.380185][ C0] __local_bh_enable_ip+0x211/0x270
[ 99.385512][ C0] ip6_finish_output2+0x1101/0x25c0
[ 99.390773][ C0] ? ip6_mtu+0x2e6/0x450
[ 99.395197][ C0] ? ip6_frag_next+0xb20/0xb20
[ 99.399971][ C0] ? lock_downgrade+0x920/0x920
[ 99.404857][ C0] ? __kasan_check_read+0x11/0x20
[ 99.409907][ C0] __ip6_finish_output+0x444/0xaa0
[ 99.415018][ C0] ? __ip6_finish_output+0x444/0xaa0
[ 99.420331][ C0] ip6_finish_output+0x38/0x1f0
[ 99.425209][ C0] ip6_output+0x25e/0x880
[ 99.429570][ C0] ? ip6_finish_output+0x1f0/0x1f0
[ 99.434812][ C0] ? __ip6_finish_output+0xaa0/0xaa0
[ 99.440117][ C0] ndisc_send_skb+0xf1f/0x1490
[ 99.444917][ C0] ? nf_hook.constprop.0+0x560/0x560
[ 99.450323][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 99.456602][ C0] ? skb_set_owner_w+0x265/0x410
[ 99.461676][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 99.467427][ C0] ndisc_send_ns+0x3a9/0x850
[ 99.472021][ C0] ? mark_held_locks+0xa4/0xf0
[ 99.476808][ C0] ? ndisc_netdev_event+0x5e0/0x5e0
[ 99.482014][ C0] ? lockdep_hardirqs_on+0x421/0x5e0
[ 99.487324][ C0] ? addrconf_dad_work+0xb2c/0x11d0
[ 99.492545][ C0] ? trace_hardirqs_on+0x67/0x240
[ 99.497594][ C0] ? addrconf_dad_work+0xb2c/0x11d0
[ 99.503237][ C0] addrconf_dad_work+0xbf3/0x11d0
[ 99.508278][ C0] ? addrconf_dad_completed+0xbb0/0xbb0
[ 99.513851][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 99.520011][ C0] ? trace_hardirqs_on+0x67/0x240
[ 99.525206][ C0] process_one_work+0xa05/0x17a0
[ 99.530148][ C0] ? mark_held_locks+0xf0/0xf0
[ 99.535072][ C0] ? pwq_dec_nr_in_flight+0x320/0x320
[ 99.540443][ C0] ? lock_acquire+0x190/0x410
[ 99.545151][ C0] worker_thread+0x98/0xe40
[ 99.549704][ C0] ? trace_hardirqs_on+0x67/0x240
[ 99.554763][ C0] kthread+0x361/0x430
[ 99.558855][ C0] ? process_one_work+0x17a0/0x17a0
[ 99.564155][ C0] ? kthread_mod_delayed_work+0x1f0/0x1f0
[ 99.569891][ C0] ret_from_fork+0x24/0x30
[ 99.574313][ C0]
[ 99.576630][ C0] Allocated by task 11101:
[ 99.581060][ C0] save_stack+0x23/0x90
[ 99.585225][ C0] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 99.590867][ C0] kasan_kmalloc+0x9/0x10
[ 99.595191][ C0] __kmalloc_node+0x4e/0x70
[ 99.599703][ C0] kvmalloc_node+0x68/0x100
[ 99.604222][ C0] alloc_netdev_mqs+0x98/0xe40
[ 99.608983][ C0] vti6_init_net+0x244/0x810
[ 99.613701][ C0] ops_init+0xb3/0x420
[ 99.617774][ C0] setup_net+0x2d5/0x8b0
[ 99.622039][ C0] copy_net_ns+0x29e/0x5a0
[ 99.626477][ C0] create_new_namespaces+0x403/0xb50
[ 99.631791][ C0] unshare_nsproxy_namespaces+0xc2/0x200
[ 99.637416][ C0] ksys_unshare+0x444/0x980
[ 99.642037][ C0] __x64_sys_unshare+0x31/0x40
[ 99.647679][ C0] do_syscall_64+0xfa/0x790
[ 99.652192][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 99.658168][ C0]
[ 99.660499][ C0] Freed by task 11101:
[ 99.664690][ C0] save_stack+0x23/0x90
[ 99.668856][ C0] __kasan_slab_free+0x102/0x150
[ 99.673811][ C0] kasan_slab_free+0xe/0x10
[ 99.678309][ C0] kfree+0x10a/0x2c0
[ 99.682217][ C0] __netdev_name_node_alt_destroy+0x1ff/0x2a0
[ 99.688285][ C0] netdev_name_node_alt_destroy+0x57/0x80
[ 99.694030][ C0] rtnl_linkprop.isra.0+0x575/0x6f0
[ 99.699222][ C0] rtnl_dellinkprop+0x46/0x60
[ 99.704060][ C0] rtnetlink_rcv_msg+0x45e/0xaf0
[ 99.709129][ C0] netlink_rcv_skb+0x177/0x450
[ 99.713886][ C0] rtnetlink_rcv+0x1d/0x30
[ 99.718315][ C0] netlink_unicast+0x59e/0x7e0
[ 99.723085][ C0] netlink_sendmsg+0x91c/0xea0
[ 99.728108][ C0] sock_sendmsg+0xd7/0x130
[ 99.732531][ C0] ____sys_sendmsg+0x753/0x880
[ 99.737306][ C0] ___sys_sendmsg+0x100/0x170
[ 99.741981][ C0] __sys_sendmsg+0x105/0x1d0
[ 99.746712][ C0] __x64_sys_sendmsg+0x78/0xb0
[ 99.751472][ C0] do_syscall_64+0xfa/0x790
[ 99.755982][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 99.761879][ C0]
[ 99.764207][ C0] The buggy address belongs to the object at ffff888096856000
[ 99.764207][ C0] which belongs to the cache kmalloc-4k of size 4096
[ 99.778272][ C0] The buggy address is located 800 bytes inside of
[ 99.778272][ C0] 4096-byte region [ffff888096856000, ffff888096857000)
[ 99.791633][ C0] The buggy address belongs to the page:
[ 99.797267][ C0] page:ffffea00025a1580 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0
[ 99.808294][ C0] flags: 0xfffe0000010200(slab|head)
[ 99.813612][ C0] raw: 00fffe0000010200 ffffea00027a3988 ffffea0002622b08 ffff8880aa402000
[ 99.822212][ C0] raw: 0000000000000000 ffff888096856000 0000000100000001 0000000000000000
[ 99.830801][ C0] page dumped because: kasan: bad access detected
[ 99.837324][ C0]
[ 99.839644][ C0] Memory state around the buggy address:
[ 99.845407][ C0] ffff888096856200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 99.853503][ C0] ffff888096856280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 99.861579][ C0] >ffff888096856300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 99.869733][ C0] ^
[ 99.874857][ C0] ffff888096856380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 99.883287][ C0] ffff888096856400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 99.891366][ C0] ==================================================================
[ 99.899456][ C0] Disabling lock debugging due to kernel taint
[ 99.905789][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 99.912839][ C0] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.6.0-rc2-syzkaller #0
[ 99.922372][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 99.932700][ C0] Workqueue: ipv6_addrconf addrconf_dad_work
[ 99.938680][ C0] Call Trace:
[ 99.941969][ C0]
[ 99.944813][ C0] dump_stack+0x197/0x210
[ 99.949148][ C0] panic+0x2e3/0x75c
[ 99.953053][ C0] ? add_taint.cold+0x16/0x16
[ 99.957747][ C0] ? trace_hardirqs_on+0x5e/0x240
[ 99.962765][ C0] ? trace_hardirqs_on+0x5e/0x240
[ 99.967784][ C0] ? find_match+0xb39/0xc90
[ 99.972387][ C0] end_report+0x47/0x4f
[ 99.976546][ C0] ? find_match+0xb39/0xc90
[ 99.981058][ C0] __kasan_report.cold+0xe/0x32
[ 99.985995][ C0] ? find_match+0xb39/0xc90
[ 99.990507][ C0] kasan_report+0x12/0x20
[ 99.994827][ C0] __asan_report_load8_noabort+0x14/0x20
[ 100.000568][ C0] find_match+0xb39/0xc90
[ 100.004902][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 100.010107][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 100.015911][ C0] __find_rr_leaf+0x14e/0x750
[ 100.020946][ C0] ? nexthop_is_blackhole+0x690/0x690
[ 100.026315][ C0] ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 100.032522][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 100.037610][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 100.043442][ C0] fib6_table_lookup+0x697/0xdb0
[ 100.048379][ C0] ? rt6_age_exceptions+0x130/0x130
[ 100.053580][ C0] ? __kasan_check_read+0x11/0x20
[ 100.058596][ C0] ip6_pol_route+0x1f6/0xa70
[ 100.063180][ C0] ? ip6_pol_route_lookup+0x12e0/0x12e0
[ 100.068716][ C0] ? flow_hash_from_keys+0x2c4/0x8c0
[ 100.074086][ C0] ip6_pol_route_input+0x65/0x80
[ 100.079026][ C0] fib6_rule_lookup+0x133/0x7d0
[ 100.084275][ C0] ? ip6_pol_route+0xa70/0xa70
[ 100.089040][ C0] ? fib6_lookup+0x340/0x340
[ 100.093830][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 100.100060][ C0] ? nf_conntrack_icmpv6_error+0x3c1/0x560
[ 100.105860][ C0] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 100.111860][ C0] ip6_route_input_lookup+0xb7/0xd0
[ 100.117052][ C0] ip6_route_input+0x5f0/0xa40
[ 100.121843][ C0] ? ip6_route_check_nh+0x670/0x670
[ 100.127598][ C0] ? slab_prepare_cpu+0x88/0xa0
[ 100.132452][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 100.137467][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 100.143262][ C0] ip6_rcv_finish_core.isra.0+0x174/0x590
[ 100.149143][ C0] ip6_rcv_finish+0x17a/0x310
[ 100.153941][ C0] ipv6_rcv+0x10e/0x420
[ 100.158275][ C0] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 100.163734][ C0] ? ip6_rcv_finish_core.isra.0+0x590/0x590
[ 100.169627][ C0] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 100.175091][ C0] __netif_receive_skb_one_core+0x113/0x1a0
[ 100.180981][ C0] ? __netif_receive_skb_core+0x30b0/0x30b0
[ 100.186868][ C0] ? lock_acquire+0x190/0x410
[ 100.191539][ C0] ? process_backlog+0x1b5/0x780
[ 100.196461][ C0] __netif_receive_skb+0x2c/0x1d0
[ 100.201481][ C0] process_backlog+0x226/0x780
[ 100.206371][ C0] ? net_rx_action+0x27b/0x1120
[ 100.211356][ C0] ? lockdep_hardirqs_on+0x19e/0x5e0
[ 100.216636][ C0] net_rx_action+0x508/0x1120
[ 100.222200][ C0] ? napi_busy_loop+0x970/0x970
[ 100.227045][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 100.232586][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 100.238570][ C0] ? ip6_finish_output2+0x10d3/0x25c0
[ 100.244402][ C0] ? trace_hardirqs_on+0x67/0x240
[ 100.249415][ C0] __do_softirq+0x262/0x98c
[ 100.254155][ C0] ? ip6_finish_output2+0x10d3/0x25c0
[ 100.259532][ C0] do_softirq_own_stack+0x2a/0x40
[ 100.264539][ C0]
[ 100.267560][ C0] do_softirq.part.0+0x11a/0x170
[ 100.272480][ C0] __local_bh_enable_ip+0x211/0x270
[ 100.277679][ C0] ip6_finish_output2+0x1101/0x25c0
[ 100.282954][ C0] ? ip6_mtu+0x2e6/0x450
[ 100.287182][ C0] ? ip6_frag_next+0xb20/0xb20
[ 100.291975][ C0] ? lock_downgrade+0x920/0x920
[ 100.296828][ C0] ? __kasan_check_read+0x11/0x20
[ 100.301853][ C0] __ip6_finish_output+0x444/0xaa0
[ 100.306996][ C0] ? __ip6_finish_output+0x444/0xaa0
[ 100.312443][ C0] ip6_finish_output+0x38/0x1f0
[ 100.317290][ C0] ip6_output+0x25e/0x880
[ 100.321609][ C0] ? ip6_finish_output+0x1f0/0x1f0
[ 100.326715][ C0] ? __ip6_finish_output+0xaa0/0xaa0
[ 100.331994][ C0] ndisc_send_skb+0xf1f/0x1490
[ 100.336874][ C0] ? nf_hook.constprop.0+0x560/0x560
[ 100.342359][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 100.348601][ C0] ? skb_set_owner_w+0x265/0x410
[ 100.353527][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 100.359335][ C0] ndisc_send_ns+0x3a9/0x850
[ 100.363948][ C0] ? mark_held_locks+0xa4/0xf0
[ 100.368766][ C0] ? ndisc_netdev_event+0x5e0/0x5e0
[ 100.373966][ C0] ? lockdep_hardirqs_on+0x421/0x5e0
[ 100.379259][ C0] ? addrconf_dad_work+0xb2c/0x11d0
[ 100.384457][ C0] ? trace_hardirqs_on+0x67/0x240
[ 100.389475][ C0] ? addrconf_dad_work+0xb2c/0x11d0
[ 100.394676][ C0] addrconf_dad_work+0xbf3/0x11d0
[ 100.399691][ C0] ? addrconf_dad_completed+0xbb0/0xbb0
[ 100.405237][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 100.411319][ C0] ? trace_hardirqs_on+0x67/0x240
[ 100.416395][ C0] process_one_work+0xa05/0x17a0
[ 100.421334][ C0] ? mark_held_locks+0xf0/0xf0
[ 100.426200][ C0] ? pwq_dec_nr_in_flight+0x320/0x320
[ 100.431980][ C0] ? lock_acquire+0x190/0x410
[ 100.436657][ C0] worker_thread+0x98/0xe40
[ 100.441346][ C0] ? trace_hardirqs_on+0x67/0x240
[ 100.446367][ C0] kthread+0x361/0x430
[ 100.450463][ C0] ? process_one_work+0x17a0/0x17a0
[ 100.455692][ C0] ? kthread_mod_delayed_work+0x1f0/0x1f0
[ 100.461429][ C0] ret_from_fork+0x24/0x30
[ 100.467535][ C0] Kernel Offset: disabled
[ 100.471988][ C0] Rebooting in 86400 seconds..