Starting mcstransd:
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 93.546683][ T27] audit: type=1400 audit(1582108263.052:37): avc: denied { watch } for pid=11107 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 97.603128][ T27] kauditd_printk_skb: 3 callbacks suppressed
[ 97.603143][ T27] audit: type=1400 audit(1582108267.102:41): avc: denied { map } for pid=11180 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts.
[ 111.847031][ T27] audit: type=1400 audit(1582108281.352:42): avc: denied { map } for pid=11192 comm="syz-executor075" path="/root/syz-executor075335041" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 111.875029][T11193] IPVS: ftp: loaded support on port[0] = 21
[ 111.929693][T11193] chnl_net:caif_netlink_parms(): no params data found
[ 111.976086][T11193] bridge0: port 1(bridge_slave_0) entered blocking state
[ 111.984402][T11193] bridge0: port 1(bridge_slave_0) entered disabled state
[ 111.992620][T11193] device bridge_slave_0 entered promiscuous mode
[ 112.002227][T11193] bridge0: port 2(bridge_slave_1) entered blocking state
[ 112.009688][T11193] bridge0: port 2(bridge_slave_1) entered disabled state
[ 112.017763][T11193] device bridge_slave_1 entered promiscuous mode
[ 112.038154][T11193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 112.051027][T11193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 112.075061][T11193] team0: Port device team_slave_0 added
[ 112.083414][T11193] team0: Port device team_slave_1 added
[ 112.100325][T11193] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 112.108997][T11193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 112.142208][T11193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 112.158732][T11193] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 112.166180][T11193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 112.193817][T11193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 112.276959][T11193] device hsr_slave_0 entered promiscuous mode
[ 112.345373][T11193] device hsr_slave_1 entered promiscuous mode
[ 112.501687][ T27] audit: type=1400 audit(1582108282.002:43): avc: denied { create } for pid=11193 comm="syz-executor075" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 112.506445][T11193] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 112.529652][ T27] audit: type=1400 audit(1582108282.002:44): avc: denied { write } for pid=11193 comm="syz-executor075" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 112.559932][ T27] audit: type=1400 audit(1582108282.002:45): avc: denied { read } for pid=11193 comm="syz-executor075" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 112.619937][T11193] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 112.678442][T11193] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 112.737467][T11193] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 112.828282][T11193] bridge0: port 2(bridge_slave_1) entered blocking state
[ 112.836025][T11193] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 112.844134][T11193] bridge0: port 1(bridge_slave_0) entered blocking state
[ 112.851565][T11193] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 112.909618][T11193] 8021q: adding VLAN 0 to HW filter on device bond0
[ 112.927628][ T2746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 112.940870][ T2746] bridge0: port 1(bridge_slave_0) entered disabled state
[ 112.949435][ T2746] bridge0: port 2(bridge_slave_1) entered disabled state
[ 112.958943][ T2746] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 112.974663][T11193] 8021q: adding VLAN 0 to HW filter on device team0
[ 112.988004][ T2744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 112.996946][ T2744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 113.005963][ T2744] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.013339][ T2744] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 113.032866][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 113.042608][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 113.051884][ T2740] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.059101][ T2740] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 113.067803][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 113.079255][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 113.095313][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 113.104523][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 113.115065][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 113.124376][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 113.134443][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 113.147742][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 113.156380][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 113.172356][T11193] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 113.184352][T11193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 113.192732][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 113.201335][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 113.226577][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 113.234199][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 113.249743][T11193] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 113.277114][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 113.287390][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 113.309089][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 113.318416][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 113.328114][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 113.336871][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 113.348249][T11193] device veth0_vlan entered promiscuous mode
[ 113.363701][T11193] device veth1_vlan entered promiscuous mode
[ 113.390784][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 113.399387][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 113.407854][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 113.417248][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 113.429746][T11193] device veth0_macvtap entered promiscuous mode
[ 113.441641][T11193] device veth1_macvtap entered promiscuous mode
[ 113.462854][T11193] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 113.470625][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 113.478975][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 113.488084][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 113.497159][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 113.510999][T11193] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 113.518676][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 113.528579][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 113.685183][ C1] ==================================================================
[ 113.693579][ C1] BUG: KASAN: use-after-free in find_match+0xb39/0xc90
[ 113.700489][ C1] Read of size 8 at addr ffff888087b54320 by task kworker/1:16/2740
[ 113.708449][ C1]
[ 113.710816][ C1] CPU: 1 PID: 2740 Comm: kworker/1:16 Not tainted 5.6.0-rc2-syzkaller #0
[ 113.719344][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 113.729420][ C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 113.735788][ C1] Call Trace:
[ 113.739065][ C1]
[ 113.741936][ C1] dump_stack+0x197/0x210
[ 113.746486][ C1] ? find_match+0xb39/0xc90
[ 113.751049][ C1] print_address_description.constprop.0.cold+0xd4/0x30b
[ 113.758150][ C1] ? find_match+0xb39/0xc90
[ 113.762648][ C1] ? find_match+0xb39/0xc90
[ 113.767266][ C1] __kasan_report.cold+0x1b/0x32
[ 113.772214][ C1] ? find_match+0xb39/0xc90
[ 113.776854][ C1] kasan_report+0x12/0x20
[ 113.781212][ C1] __asan_report_load8_noabort+0x14/0x20
[ 113.786971][ C1] find_match+0xb39/0xc90
[ 113.791304][ C1] ? rcu_read_lock_held+0x9c/0xb0
[ 113.796323][ C1] ? rcu_read_lock_held_common+0x130/0x130
[ 113.802257][ C1] __find_rr_leaf+0x14e/0x750
[ 113.806933][ C1] ? nexthop_is_blackhole+0x690/0x690
[ 113.812323][ C1] ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 113.818481][ C1] ? rcu_read_lock_held+0x9c/0xb0
[ 113.823539][ C1] ? rcu_read_lock_held_common+0x130/0x130
[ 113.829369][ C1] fib6_table_lookup+0x697/0xdb0
[ 113.834335][ C1] ? rt6_age_exceptions+0x130/0x130
[ 113.839543][ C1] ? __kasan_check_read+0x11/0x20
[ 113.844585][ C1] ip6_pol_route+0x1f6/0xa70
[ 113.849183][ C1] ? ip6_pol_route_lookup+0x12e0/0x12e0
[ 113.854862][ C1] ? flow_hash_from_keys+0x2c4/0x8c0
[ 113.860212][ C1] ? get_stack_info+0x37/0x143
[ 113.864987][ C1] ip6_pol_route_input+0x65/0x80
[ 113.869925][ C1] fib6_rule_lookup+0x133/0x7d0
[ 113.874804][ C1] ? ip6_pol_route+0xa70/0xa70
[ 113.879570][ C1] ? fib6_lookup+0x340/0x340
[ 113.884387][ C1] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 113.890639][ C1] ? nf_conntrack_icmpv6_error+0x3c1/0x560
[ 113.896556][ C1] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 113.902459][ C1] ip6_route_input_lookup+0xb7/0xd0
[ 113.908065][ C1] ip6_route_input+0x5f0/0xa40
[ 113.912842][ C1] ? ip6_route_check_nh+0x670/0x670
[ 113.918040][ C1] ? cpuup_canceled+0xf8/0x1d0
[ 113.923098][ C1] ? rcu_read_lock_held+0x9c/0xb0
[ 113.928231][ C1] ? rcu_read_lock_held_common+0x130/0x130
[ 113.934211][ C1] ip6_rcv_finish_core.isra.0+0x174/0x590
[ 113.940152][ C1] ip6_rcv_finish+0x17a/0x310
[ 113.944855][ C1] ipv6_rcv+0x10e/0x420
[ 113.949035][ C1] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 113.954513][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 113.959617][ C1] ? ip6_rcv_finish_core.isra.0+0x590/0x590
[ 113.965640][ C1] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 113.971108][ C1] __netif_receive_skb_one_core+0x113/0x1a0
[ 113.977244][ C1] ? __netif_receive_skb_core+0x30b0/0x30b0
[ 113.983135][ C1] ? lock_acquire+0x190/0x410
[ 113.987807][ C1] ? process_backlog+0x1b5/0x780
[ 113.992761][ C1] __netif_receive_skb+0x2c/0x1d0
[ 113.997801][ C1] process_backlog+0x226/0x780
[ 114.002553][ C1] ? net_rx_action+0x27b/0x1120
[ 114.007517][ C1] ? lockdep_hardirqs_on+0x19e/0x5e0
[ 114.012963][ C1] net_rx_action+0x508/0x1120
[ 114.017789][ C1] ? napi_busy_loop+0x970/0x970
[ 114.022678][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 114.028234][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 114.034354][ C1] ? ip6_finish_output2+0x10d3/0x25c0
[ 114.039739][ C1] ? trace_hardirqs_on+0x67/0x240
[ 114.044981][ C1] __do_softirq+0x262/0x98c
[ 114.049525][ C1] ? ip6_finish_output2+0x10d3/0x25c0
[ 114.054968][ C1] do_softirq_own_stack+0x2a/0x40
[ 114.060113][ C1]
[ 114.063065][ C1] do_softirq.part.0+0x11a/0x170
[ 114.068007][ C1] __local_bh_enable_ip+0x211/0x270
[ 114.073472][ C1] ip6_finish_output2+0x1101/0x25c0
[ 114.078692][ C1] ? ip6_frag_next+0xb20/0xb20
[ 114.083458][ C1] ? lock_downgrade+0x920/0x920
[ 114.088311][ C1] ? __kasan_check_read+0x11/0x20
[ 114.093458][ C1] __ip6_finish_output+0x444/0xaa0
[ 114.098706][ C1] ? __ip6_finish_output+0x444/0xaa0
[ 114.104013][ C1] ip6_finish_output+0x38/0x1f0
[ 114.108880][ C1] ip6_output+0x25e/0x880
[ 114.113225][ C1] ? ip6_finish_output+0x1f0/0x1f0
[ 114.118341][ C1] ? __ip6_finish_output+0xaa0/0xaa0
[ 114.123764][ C1] ndisc_send_skb+0xf1f/0x1490
[ 114.128637][ C1] ? nf_hook.constprop.0+0x560/0x560
[ 114.133943][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 114.140173][ C1] ? skb_set_owner_w+0x265/0x410
[ 114.145123][ C1] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 114.150900][ C1] ndisc_send_ns+0x3a9/0x850
[ 114.155493][ C1] ? mark_held_locks+0xa4/0xf0
[ 114.160340][ C1] ? ndisc_netdev_event+0x5e0/0x5e0
[ 114.165538][ C1] ? lockdep_hardirqs_on+0x421/0x5e0
[ 114.170880][ C1] ? addrconf_dad_work+0xb2c/0x11d0
[ 114.176099][ C1] ? trace_hardirqs_on+0x67/0x240
[ 114.181396][ C1] ? addrconf_dad_work+0xb2c/0x11d0
[ 114.186601][ C1] addrconf_dad_work+0xbf3/0x11d0
[ 114.191701][ C1] ? addrconf_dad_completed+0xbb0/0xbb0
[ 114.197255][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 114.203246][ C1] ? trace_hardirqs_on+0x67/0x240
[ 114.208276][ C1] process_one_work+0xa05/0x17a0
[ 114.213231][ C1] ? mark_held_locks+0xf0/0xf0
[ 114.218020][ C1] ? pwq_dec_nr_in_flight+0x320/0x320
[ 114.223387][ C1] ? lock_acquire+0x190/0x410
[ 114.228220][ C1] worker_thread+0x98/0xe40
[ 114.232913][ C1] kthread+0x361/0x430
[ 114.236981][ C1] ? process_one_work+0x17a0/0x17a0
[ 114.242168][ C1] ? kthread_mod_delayed_work+0x1f0/0x1f0
[ 114.247895][ C1] ret_from_fork+0x24/0x30
[ 114.252367][ C1]
[ 114.254687][ C1] Allocated by task 11193:
[ 114.259104][ C1] save_stack+0x23/0x90
[ 114.263264][ C1] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 114.268912][ C1] kasan_kmalloc+0x9/0x10
[ 114.273236][ C1] __kmalloc_node+0x4e/0x70
[ 114.277843][ C1] kvmalloc_node+0x68/0x100
[ 114.282459][ C1] alloc_netdev_mqs+0x98/0xe40
[ 114.287339][ C1] vti6_init_net+0x244/0x810
[ 114.291933][ C1] ops_init+0xb3/0x420
[ 114.295987][ C1] setup_net+0x2d5/0x8b0
[ 114.300347][ C1] copy_net_ns+0x29e/0x5a0
[ 114.304897][ C1] create_new_namespaces+0x403/0xb50
[ 114.310304][ C1] unshare_nsproxy_namespaces+0xc2/0x200
[ 114.315961][ C1] ksys_unshare+0x444/0x980
[ 114.320469][ C1] __x64_sys_unshare+0x31/0x40
[ 114.325237][ C1] do_syscall_64+0xfa/0x790
[ 114.329743][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 114.335690][ C1]
[ 114.338017][ C1] Freed by task 11193:
[ 114.342091][ C1] save_stack+0x23/0x90
[ 114.346253][ C1] __kasan_slab_free+0x102/0x150
[ 114.351196][ C1] kasan_slab_free+0xe/0x10
[ 114.355694][ C1] kfree+0x10a/0x2c0
[ 114.359603][ C1] __netdev_name_node_alt_destroy+0x1ff/0x2a0
[ 114.365678][ C1] netdev_name_node_alt_destroy+0x57/0x80
[ 114.371517][ C1] rtnl_linkprop.isra.0+0x575/0x6f0
[ 114.376702][ C1] rtnl_dellinkprop+0x46/0x60
[ 114.381365][ C1] rtnetlink_rcv_msg+0x45e/0xaf0
[ 114.386335][ C1] netlink_rcv_skb+0x177/0x450
[ 114.391099][ C1] rtnetlink_rcv+0x1d/0x30
[ 114.395503][ C1] netlink_unicast+0x59e/0x7e0
[ 114.400299][ C1] netlink_sendmsg+0x91c/0xea0
[ 114.405060][ C1] sock_sendmsg+0xd7/0x130
[ 114.409903][ C1] ____sys_sendmsg+0x753/0x880
[ 114.414669][ C1] ___sys_sendmsg+0x100/0x170
[ 114.419374][ C1] __sys_sendmsg+0x105/0x1d0
[ 114.424059][ C1] __x64_sys_sendmsg+0x78/0xb0
[ 114.428864][ C1] do_syscall_64+0xfa/0x790
[ 114.433376][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 114.439263][ C1]
[ 114.441717][ C1] The buggy address belongs to the object at ffff888087b54000
[ 114.441717][ C1] which belongs to the cache kmalloc-4k of size 4096
[ 114.455891][ C1] The buggy address is located 800 bytes inside of
[ 114.455891][ C1] 4096-byte region [ffff888087b54000, ffff888087b55000)
[ 114.469240][ C1] The buggy address belongs to the page:
[ 114.474876][ C1] page:ffffea00021ed500 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0
[ 114.485801][ C1] flags: 0xfffe0000010200(slab|head)
[ 114.491116][ C1] raw: 00fffe0000010200 ffffea00027b3788 ffffea00027a4b08 ffff8880aa402000
[ 114.499823][ C1] raw: 0000000000000000 ffff888087b54000 0000000100000001 0000000000000000
[ 114.508398][ C1] page dumped because: kasan: bad access detected
[ 114.514814][ C1]
[ 114.517149][ C1] Memory state around the buggy address:
[ 114.522906][ C1] ffff888087b54200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 114.530974][ C1] ffff888087b54280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 114.539039][ C1] >ffff888087b54300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 114.547144][ C1] ^
[ 114.552352][ C1] ffff888087b54380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 114.560427][ C1] ffff888087b54400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 114.568486][ C1] ==================================================================
[ 114.576532][ C1] Disabling lock debugging due to kernel taint
[ 114.582775][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 114.589375][ C1] CPU: 1 PID: 2740 Comm: kworker/1:16 Tainted: G B 5.6.0-rc2-syzkaller #0
[ 114.599280][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 114.609460][ C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 114.615438][ C1] Call Trace:
[ 114.618717][ C1]
[ 114.621566][ C1] dump_stack+0x197/0x210
[ 114.625902][ C1] panic+0x2e3/0x75c
[ 114.629805][ C1] ? add_taint.cold+0x16/0x16
[ 114.634482][ C1] ? trace_hardirqs_on+0x5e/0x240
[ 114.639523][ C1] ? trace_hardirqs_on+0x5e/0x240
[ 114.644554][ C1] ? find_match+0xb39/0xc90
[ 114.649079][ C1] end_report+0x47/0x4f
[ 114.653233][ C1] ? find_match+0xb39/0xc90
[ 114.657732][ C1] __kasan_report.cold+0xe/0x32
[ 114.662627][ C1] ? find_match+0xb39/0xc90
[ 114.667148][ C1] kasan_report+0x12/0x20
[ 114.671491][ C1] __asan_report_load8_noabort+0x14/0x20
[ 114.677124][ C1] find_match+0xb39/0xc90
[ 114.681447][ C1] ? rcu_read_lock_held+0x9c/0xb0
[ 114.686475][ C1] ? rcu_read_lock_held_common+0x130/0x130
[ 114.692297][ C1] __find_rr_leaf+0x14e/0x750
[ 114.696973][ C1] ? nexthop_is_blackhole+0x690/0x690
[ 114.702474][ C1] ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 114.708623][ C1] ? rcu_read_lock_held+0x9c/0xb0
[ 114.713664][ C1] ? rcu_read_lock_held_common+0x130/0x130
[ 114.719489][ C1] fib6_table_lookup+0x697/0xdb0
[ 114.724557][ C1] ? rt6_age_exceptions+0x130/0x130
[ 114.729780][ C1] ? __kasan_check_read+0x11/0x20
[ 114.734813][ C1] ip6_pol_route+0x1f6/0xa70
[ 114.739546][ C1] ? ip6_pol_route_lookup+0x12e0/0x12e0
[ 114.745224][ C1] ? flow_hash_from_keys+0x2c4/0x8c0
[ 114.750512][ C1] ? get_stack_info+0x37/0x143
[ 114.755405][ C1] ip6_pol_route_input+0x65/0x80
[ 114.760344][ C1] fib6_rule_lookup+0x133/0x7d0
[ 114.765222][ C1] ? ip6_pol_route+0xa70/0xa70
[ 114.769999][ C1] ? fib6_lookup+0x340/0x340
[ 114.774595][ C1] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 114.780847][ C1] ? nf_conntrack_icmpv6_error+0x3c1/0x560
[ 114.786655][ C1] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 114.792559][ C1] ip6_route_input_lookup+0xb7/0xd0
[ 114.797766][ C1] ip6_route_input+0x5f0/0xa40
[ 114.802534][ C1] ? ip6_route_check_nh+0x670/0x670
[ 114.807742][ C1] ? cpuup_canceled+0xf8/0x1d0
[ 114.812550][ C1] ? rcu_read_lock_held+0x9c/0xb0
[ 114.817878][ C1] ? rcu_read_lock_held_common+0x130/0x130
[ 114.823717][ C1] ip6_rcv_finish_core.isra.0+0x174/0x590
[ 114.829467][ C1] ip6_rcv_finish+0x17a/0x310
[ 114.834163][ C1] ipv6_rcv+0x10e/0x420
[ 114.838325][ C1] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 114.843783][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 114.848743][ C1] ? ip6_rcv_finish_core.isra.0+0x590/0x590
[ 114.854665][ C1] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 114.860141][ C1] __netif_receive_skb_one_core+0x113/0x1a0
[ 114.866053][ C1] ? __netif_receive_skb_core+0x30b0/0x30b0
[ 114.871959][ C1] ? lock_acquire+0x190/0x410
[ 114.876634][ C1] ? process_backlog+0x1b5/0x780
[ 114.881595][ C1] __netif_receive_skb+0x2c/0x1d0
[ 114.886639][ C1] process_backlog+0x226/0x780
[ 114.891391][ C1] ? net_rx_action+0x27b/0x1120
[ 114.896249][ C1] ? lockdep_hardirqs_on+0x19e/0x5e0
[ 114.901532][ C1] net_rx_action+0x508/0x1120
[ 114.906220][ C1] ? napi_busy_loop+0x970/0x970
[ 114.911090][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 114.916638][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 114.922663][ C1] ? ip6_finish_output2+0x10d3/0x25c0
[ 114.928044][ C1] ? trace_hardirqs_on+0x67/0x240
[ 114.933082][ C1] __do_softirq+0x262/0x98c
[ 114.937598][ C1] ? ip6_finish_output2+0x10d3/0x25c0
[ 114.943131][ C1] do_softirq_own_stack+0x2a/0x40
[ 114.948151][ C1]
[ 114.951104][ C1] do_softirq.part.0+0x11a/0x170
[ 114.956045][ C1] __local_bh_enable_ip+0x211/0x270
[ 114.961368][ C1] ip6_finish_output2+0x1101/0x25c0
[ 114.966575][ C1] ? ip6_frag_next+0xb20/0xb20
[ 114.971346][ C1] ? lock_downgrade+0x920/0x920
[ 114.976214][ C1] ? __kasan_check_read+0x11/0x20
[ 114.981264][ C1] __ip6_finish_output+0x444/0xaa0
[ 114.986380][ C1] ? __ip6_finish_output+0x444/0xaa0
[ 114.991675][ C1] ip6_finish_output+0x38/0x1f0
[ 114.996524][ C1] ip6_output+0x25e/0x880
[ 115.000966][ C1] ? ip6_finish_output+0x1f0/0x1f0
[ 115.006090][ C1] ? __ip6_finish_output+0xaa0/0xaa0
[ 115.011389][ C1] ndisc_send_skb+0xf1f/0x1490
[ 115.016188][ C1] ? nf_hook.constprop.0+0x560/0x560
[ 115.021523][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 115.027800][ C1] ? skb_set_owner_w+0x265/0x410
[ 115.032736][ C1] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 115.038472][ C1] ndisc_send_ns+0x3a9/0x850
[ 115.043107][ C1] ? mark_held_locks+0xa4/0xf0
[ 115.047990][ C1] ? ndisc_netdev_event+0x5e0/0x5e0
[ 115.053199][ C1] ? lockdep_hardirqs_on+0x421/0x5e0
[ 115.058493][ C1] ? addrconf_dad_work+0xb2c/0x11d0
[ 115.063704][ C1] ? trace_hardirqs_on+0x67/0x240
[ 115.068750][ C1] ? addrconf_dad_work+0xb2c/0x11d0
[ 115.074080][ C1] addrconf_dad_work+0xbf3/0x11d0
[ 115.079231][ C1] ? addrconf_dad_completed+0xbb0/0xbb0
[ 115.084892][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 115.090896][ C1] ? trace_hardirqs_on+0x67/0x240
[ 115.095985][ C1] process_one_work+0xa05/0x17a0
[ 115.100916][ C1] ? mark_held_locks+0xf0/0xf0
[ 115.105693][ C1] ? pwq_dec_nr_in_flight+0x320/0x320
[ 115.111066][ C1] ? lock_acquire+0x190/0x410
[ 115.115757][ C1] worker_thread+0x98/0xe40
[ 115.120275][ C1] kthread+0x361/0x430
[ 115.124358][ C1] ? process_one_work+0x17a0/0x17a0
[ 115.129554][ C1] ? kthread_mod_delayed_work+0x1f0/0x1f0
[ 115.135268][ C1] ret_from_fork+0x24/0x30
[ 115.141400][ C1] Kernel Offset: disabled
[ 115.145796][ C1] Rebooting in 86400 seconds..