[ 81.428475][ T27] audit: type=1400 audit(1582285428.441:37): avc: denied { watch } for pid=10704 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[ 81.469979][ T27] audit: type=1400 audit(1582285428.441:38): avc: denied { watch } for pid=10704 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m[ 81.684776][ T27] audit: type=1800 audit(1582285428.701:39): pid=10617 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[ 81.719764][ T27] audit: type=1800 audit(1582285428.701:40): pid=10617 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 84.619870][ T27] audit: type=1400 audit(1582285431.631:41): avc: denied { map } for pid=10796 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts.
[ 107.282423][ T27] audit: type=1400 audit(1582285454.301:42): avc: denied { map } for pid=10808 comm="syz-executor206" path="/root/syz-executor206772896" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 107.307651][T10809] IPVS: ftp: loaded support on port[0] = 21
[ 107.361604][T10809] chnl_net:caif_netlink_parms(): no params data found
[ 107.399349][T10809] bridge0: port 1(bridge_slave_0) entered blocking state
[ 107.407249][T10809] bridge0: port 1(bridge_slave_0) entered disabled state
[ 107.417665][T10809] device bridge_slave_0 entered promiscuous mode
[ 107.426846][T10809] bridge0: port 2(bridge_slave_1) entered blocking state
[ 107.434066][T10809] bridge0: port 2(bridge_slave_1) entered disabled state
[ 107.442151][T10809] device bridge_slave_1 entered promiscuous mode
[ 107.461280][T10809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 107.473156][T10809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 107.493579][T10809] team0: Port device team_slave_0 added
[ 107.502957][T10809] team0: Port device team_slave_1 added
[ 107.518871][T10809] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 107.526134][T10809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 107.553134][T10809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 107.566821][T10809] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 107.574514][T10809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 107.600699][T10809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 107.682529][T10809] device hsr_slave_0 entered promiscuous mode
[ 107.730359][T10809] device hsr_slave_1 entered promiscuous mode
[ 107.835338][ T27] audit: type=1400 audit(1582285454.851:43): avc: denied { create } for pid=10809 comm="syz-executor206" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 107.861897][ T27] audit: type=1400 audit(1582285454.881:44): avc: denied { write } for pid=10809 comm="syz-executor206" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 107.863973][T10809] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 107.889435][ T27] audit: type=1400 audit(1582285454.881:45): avc: denied { read } for pid=10809 comm="syz-executor206" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 107.942978][T10809] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 108.012121][T10809] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 108.102754][T10809] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 108.177950][T10809] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.185616][T10809] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.193666][T10809] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.200808][T10809] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.254612][T10809] 8021q: adding VLAN 0 to HW filter on device bond0
[ 108.269389][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 108.281383][ T5] bridge0: port 1(bridge_slave_0) entered disabled state
[ 108.289211][ T5] bridge0: port 2(bridge_slave_1) entered disabled state
[ 108.297587][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 108.311579][T10809] 8021q: adding VLAN 0 to HW filter on device team0
[ 108.324460][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 108.333693][ T3886] bridge0: port 1(bridge_slave_0) entered blocking state
[ 108.340953][ T3886] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 108.353619][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 108.362921][ T5] bridge0: port 2(bridge_slave_1) entered blocking state
[ 108.370168][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 108.390011][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 108.398468][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 108.409194][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 108.417782][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 108.439310][T10809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 108.450554][T10809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 108.463499][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 108.471633][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 108.481100][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 108.489619][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 108.498469][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 108.508184][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 108.516629][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 108.527159][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 108.547619][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 108.555150][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 108.569896][T10809] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 108.600167][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 108.609204][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 108.625242][T10809] device veth0_vlan entered promiscuous mode
[ 108.633180][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 108.642021][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 108.651358][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 108.659368][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 108.673852][T10809] device veth1_vlan entered promiscuous mode
[ 108.698397][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 108.707512][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 108.715588][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 108.724657][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 108.735832][T10809] device veth0_macvtap entered promiscuous mode
[ 108.747284][T10809] device veth1_macvtap entered promiscuous mode
[ 108.766283][T10809] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 108.774339][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 108.783825][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 108.791936][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 108.800962][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 108.813786][T10809] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 108.821860][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 108.830751][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[ 108.980681][ C0] ==================================================================
[ 108.988881][ C0] BUG: KASAN: use-after-free in find_match+0xb39/0xc90
[ 108.995723][ C0] Read of size 8 at addr ffff88809672e320 by task kworker/0:0/5
[ 109.003438][ C0]
[ 109.005770][ C0] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.6.0-rc2-syzkaller #0
[ 109.013823][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 109.023880][ C0] Workqueue: ipv6_addrconf addrconf_dad_work
[ 109.029844][ C0] Call Trace:
[ 109.033117][ C0]
[ 109.035963][ C0] dump_stack+0x197/0x210
[ 109.040288][ C0] ? find_match+0xb39/0xc90
[ 109.044794][ C0] print_address_description.constprop.0.cold+0xd4/0x30b
[ 109.051812][ C0] ? find_match+0xb39/0xc90
[ 109.056319][ C0] ? find_match+0xb39/0xc90
[ 109.060813][ C0] __kasan_report.cold+0x1b/0x32
[ 109.065738][ C0] ? find_match+0xb39/0xc90
[ 109.070243][ C0] kasan_report+0x12/0x20
[ 109.074593][ C0] __asan_report_load8_noabort+0x14/0x20
[ 109.080212][ C0] find_match+0xb39/0xc90
[ 109.084532][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 109.089539][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 109.095341][ C0] __find_rr_leaf+0x14e/0x750
[ 109.100023][ C0] ? nexthop_is_blackhole+0x690/0x690
[ 109.105396][ C0] ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 109.111584][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 109.116589][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 109.122402][ C0] fib6_table_lookup+0x697/0xdb0
[ 109.127344][ C0] ? rt6_age_exceptions+0x130/0x130
[ 109.132533][ C0] ? __kasan_check_read+0x11/0x20
[ 109.137588][ C0] ip6_pol_route+0x1f6/0xa70
[ 109.142162][ C0] ? ip6_pol_route_lookup+0x12e0/0x12e0
[ 109.147704][ C0] ? flow_hash_from_keys+0x2c4/0x8c0
[ 109.152978][ C0] ip6_pol_route_input+0x65/0x80
[ 109.157909][ C0] fib6_rule_lookup+0x133/0x7d0
[ 109.162754][ C0] ? ip6_pol_route+0xa70/0xa70
[ 109.167499][ C0] ? fib6_lookup+0x340/0x340
[ 109.172091][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 109.178316][ C0] ? ipvlan_ht_addr_lookup+0x2df/0x450
[ 109.183771][ C0] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 109.189665][ C0] ip6_route_input_lookup+0xb7/0xd0
[ 109.194865][ C0] ip6_route_input+0x5f0/0xa40
[ 109.199612][ C0] ? ip6_route_check_nh+0x670/0x670
[ 109.204845][ C0] ? ipvlan_link_new.cold+0x45/0x45
[ 109.210102][ C0] ? cpuup_canceled+0xf8/0x1d0
[ 109.214868][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 109.219941][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 109.225751][ C0] ip6_rcv_finish_core.isra.0+0x174/0x590
[ 109.231483][ C0] ? ipvlan_nf_input+0x190/0x190
[ 109.236415][ C0] ip6_rcv_finish+0x17a/0x310
[ 109.241081][ C0] ipv6_rcv+0x10e/0x420
[ 109.245232][ C0] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 109.250684][ C0] ? ip6_rcv_finish_core.isra.0+0x590/0x590
[ 109.256562][ C0] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 109.262008][ C0] __netif_receive_skb_one_core+0x113/0x1a0
[ 109.267924][ C0] ? __netif_receive_skb_core+0x30b0/0x30b0
[ 109.273806][ C0] ? lock_acquire+0x190/0x410
[ 109.278473][ C0] ? process_backlog+0x1b5/0x780
[ 109.283480][ C0] __netif_receive_skb+0x2c/0x1d0
[ 109.288524][ C0] process_backlog+0x226/0x780
[ 109.293274][ C0] ? net_rx_action+0x27b/0x1120
[ 109.298135][ C0] ? lockdep_hardirqs_on+0x19e/0x5e0
[ 109.303462][ C0] net_rx_action+0x508/0x1120
[ 109.308150][ C0] ? napi_busy_loop+0x970/0x970
[ 109.313000][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 109.318609][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 109.324575][ C0] ? ip6_finish_output2+0x10d3/0x25c0
[ 109.329978][ C0] ? trace_hardirqs_on+0x67/0x240
[ 109.334992][ C0] __do_softirq+0x262/0x98c
[ 109.339495][ C0] ? ip6_finish_output2+0x10d3/0x25c0
[ 109.344853][ C0] do_softirq_own_stack+0x2a/0x40
[ 109.349907][ C0]
[ 109.352844][ C0] do_softirq.part.0+0x11a/0x170
[ 109.357829][ C0] __local_bh_enable_ip+0x211/0x270
[ 109.363077][ C0] ip6_finish_output2+0x1101/0x25c0
[ 109.368334][ C0] ? ip6_frag_next+0xb20/0xb20
[ 109.373086][ C0] ? lock_downgrade+0x920/0x920
[ 109.377922][ C0] ? __kasan_check_read+0x11/0x20
[ 109.382951][ C0] __ip6_finish_output+0x444/0xaa0
[ 109.388098][ C0] ? __ip6_finish_output+0x444/0xaa0
[ 109.393381][ C0] ip6_finish_output+0x38/0x1f0
[ 109.398225][ C0] ip6_output+0x25e/0x880
[ 109.402552][ C0] ? ip6_finish_output+0x1f0/0x1f0
[ 109.407728][ C0] ? __ip6_finish_output+0xaa0/0xaa0
[ 109.413023][ C0] ndisc_send_skb+0xf1f/0x1490
[ 109.417786][ C0] ? nf_hook.constprop.0+0x560/0x560
[ 109.423075][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 109.429305][ C0] ? skb_set_owner_w+0x265/0x410
[ 109.434239][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 109.440048][ C0] ndisc_send_ns+0x3a9/0x850
[ 109.444632][ C0] ? mark_held_locks+0xa4/0xf0
[ 109.449379][ C0] ? ndisc_netdev_event+0x5e0/0x5e0
[ 109.454571][ C0] ? lockdep_hardirqs_on+0x421/0x5e0
[ 109.459837][ C0] ? addrconf_dad_work+0xb2c/0x11d0
[ 109.465023][ C0] ? trace_hardirqs_on+0x67/0x240
[ 109.470035][ C0] ? addrconf_dad_work+0xb2c/0x11d0
[ 109.475231][ C0] addrconf_dad_work+0xbf3/0x11d0
[ 109.480247][ C0] ? addrconf_dad_completed+0xbb0/0xbb0
[ 109.485782][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 109.491747][ C0] ? trace_hardirqs_on+0x67/0x240
[ 109.496772][ C0] process_one_work+0xa05/0x17a0
[ 109.501868][ C0] ? mark_held_locks+0xf0/0xf0
[ 109.506680][ C0] ? pwq_dec_nr_in_flight+0x320/0x320
[ 109.512037][ C0] ? lock_acquire+0x190/0x410
[ 109.516713][ C0] worker_thread+0x98/0xe40
[ 109.521241][ C0] kthread+0x361/0x430
[ 109.525323][ C0] ? process_one_work+0x17a0/0x17a0
[ 109.530510][ C0] ? kthread_mod_delayed_work+0x1f0/0x1f0
[ 109.536371][ C0] ret_from_fork+0x24/0x30
[ 109.540795][ C0]
[ 109.543107][ C0] Allocated by task 10809:
[ 109.547511][ C0] save_stack+0x23/0x90
[ 109.551656][ C0] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 109.557277][ C0] kasan_kmalloc+0x9/0x10
[ 109.561591][ C0] __kmalloc_node+0x4e/0x70
[ 109.566086][ C0] kvmalloc_node+0x68/0x100
[ 109.570574][ C0] alloc_netdev_mqs+0x98/0xe40
[ 109.575330][ C0] vti6_init_net+0x244/0x810
[ 109.579912][ C0] ops_init+0xb3/0x420
[ 109.583978][ C0] setup_net+0x2d5/0x8b0
[ 109.588200][ C0] copy_net_ns+0x29e/0x5a0
[ 109.592599][ C0] create_new_namespaces+0x403/0xb50
[ 109.597873][ C0] unshare_nsproxy_namespaces+0xc2/0x200
[ 109.603499][ C0] ksys_unshare+0x444/0x980
[ 109.607995][ C0] __x64_sys_unshare+0x31/0x40
[ 109.612738][ C0] do_syscall_64+0xfa/0x790
[ 109.617233][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 109.623099][ C0]
[ 109.625415][ C0] Freed by task 10809:
[ 109.629466][ C0] save_stack+0x23/0x90
[ 109.633602][ C0] __kasan_slab_free+0x102/0x150
[ 109.638677][ C0] kasan_slab_free+0xe/0x10
[ 109.643214][ C0] kfree+0x10a/0x2c0
[ 109.647097][ C0] __netdev_name_node_alt_destroy+0x1ff/0x2a0
[ 109.653142][ C0] netdev_name_node_alt_destroy+0x57/0x80
[ 109.658876][ C0] rtnl_linkprop.isra.0+0x575/0x6f0
[ 109.664060][ C0] rtnl_dellinkprop+0x46/0x60
[ 109.668712][ C0] rtnetlink_rcv_msg+0x45e/0xaf0
[ 109.673636][ C0] netlink_rcv_skb+0x177/0x450
[ 109.678391][ C0] rtnetlink_rcv+0x1d/0x30
[ 109.682798][ C0] netlink_unicast+0x59e/0x7e0
[ 109.687555][ C0] netlink_sendmsg+0x91c/0xea0
[ 109.692298][ C0] sock_sendmsg+0xd7/0x130
[ 109.696697][ C0] ____sys_sendmsg+0x753/0x880
[ 109.701441][ C0] ___sys_sendmsg+0x100/0x170
[ 109.706140][ C0] __sys_sendmsg+0x105/0x1d0
[ 109.710707][ C0] __x64_sys_sendmsg+0x78/0xb0
[ 109.715466][ C0] do_syscall_64+0xfa/0x790
[ 109.719951][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 109.725822][ C0]
[ 109.728134][ C0] The buggy address belongs to the object at ffff88809672e000
[ 109.728134][ C0] which belongs to the cache kmalloc-4k of size 4096
[ 109.742186][ C0] The buggy address is located 800 bytes inside of
[ 109.742186][ C0] 4096-byte region [ffff88809672e000, ffff88809672f000)
[ 109.755524][ C0] The buggy address belongs to the page:
[ 109.761142][ C0] page:ffffea000259cb80 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0
[ 109.772055][ C0] flags: 0xfffe0000010200(slab|head)
[ 109.777331][ C0] raw: 00fffe0000010200 ffffea0002598f08 ffffea0002615108 ffff8880aa402000
[ 109.785900][ C0] raw: 0000000000000000 ffff88809672e000 0000000100000001 0000000000000000
[ 109.794463][ C0] page dumped because: kasan: bad access detected
[ 109.800854][ C0]
[ 109.803162][ C0] Memory state around the buggy address:
[ 109.808776][ C0] ffff88809672e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 109.816853][ C0] ffff88809672e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 109.824900][ C0] >ffff88809672e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 109.832971][ C0] ^
[ 109.838070][ C0] ffff88809672e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 109.846122][ C0] ffff88809672e400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 109.854222][ C0] ==================================================================
[ 109.862302][ C0] Disabling lock debugging due to kernel taint
[ 109.868469][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 109.875037][ C0] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G B 5.6.0-rc2-syzkaller #0
[ 109.884467][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 109.894669][ C0] Workqueue: ipv6_addrconf addrconf_dad_work
[ 109.900676][ C0] Call Trace:
[ 109.903945][ C0]
[ 109.906812][ C0] dump_stack+0x197/0x210
[ 109.911144][ C0] panic+0x2e3/0x75c
[ 109.915044][ C0] ? add_taint.cold+0x16/0x16
[ 109.919724][ C0] ? trace_hardirqs_on+0x5e/0x240
[ 109.924739][ C0] ? trace_hardirqs_on+0x5e/0x240
[ 109.929757][ C0] ? find_match+0xb39/0xc90
[ 109.934258][ C0] end_report+0x47/0x4f
[ 109.938426][ C0] ? find_match+0xb39/0xc90
[ 109.942909][ C0] __kasan_report.cold+0xe/0x32
[ 109.947802][ C0] ? find_match+0xb39/0xc90
[ 109.952304][ C0] kasan_report+0x12/0x20
[ 109.956642][ C0] __asan_report_load8_noabort+0x14/0x20
[ 109.962345][ C0] find_match+0xb39/0xc90
[ 109.966686][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 109.971692][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 109.977538][ C0] __find_rr_leaf+0x14e/0x750
[ 109.982204][ C0] ? nexthop_is_blackhole+0x690/0x690
[ 109.987564][ C0] ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 109.993705][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 109.998802][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 110.004615][ C0] fib6_table_lookup+0x697/0xdb0
[ 110.009546][ C0] ? rt6_age_exceptions+0x130/0x130
[ 110.014730][ C0] ? __kasan_check_read+0x11/0x20
[ 110.019735][ C0] ip6_pol_route+0x1f6/0xa70
[ 110.024318][ C0] ? ip6_pol_route_lookup+0x12e0/0x12e0
[ 110.029857][ C0] ? flow_hash_from_keys+0x2c4/0x8c0
[ 110.035135][ C0] ip6_pol_route_input+0x65/0x80
[ 110.040060][ C0] fib6_rule_lookup+0x133/0x7d0
[ 110.044957][ C0] ? ip6_pol_route+0xa70/0xa70
[ 110.049715][ C0] ? fib6_lookup+0x340/0x340
[ 110.054315][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 110.060630][ C0] ? ipvlan_ht_addr_lookup+0x2df/0x450
[ 110.066082][ C0] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 110.071969][ C0] ip6_route_input_lookup+0xb7/0xd0
[ 110.077284][ C0] ip6_route_input+0x5f0/0xa40
[ 110.082035][ C0] ? ip6_route_check_nh+0x670/0x670
[ 110.087214][ C0] ? ipvlan_link_new.cold+0x45/0x45
[ 110.092399][ C0] ? cpuup_canceled+0xf8/0x1d0
[ 110.097415][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 110.102421][ C0] ? rcu_read_lock_held_common+0x130/0x130
[ 110.108316][ C0] ip6_rcv_finish_core.isra.0+0x174/0x590
[ 110.114013][ C0] ? ipvlan_nf_input+0x190/0x190
[ 110.118942][ C0] ip6_rcv_finish+0x17a/0x310
[ 110.123785][ C0] ipv6_rcv+0x10e/0x420
[ 110.127931][ C0] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 110.133491][ C0] ? ip6_rcv_finish_core.isra.0+0x590/0x590
[ 110.139375][ C0] ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[ 110.144822][ C0] __netif_receive_skb_one_core+0x113/0x1a0
[ 110.150690][ C0] ? __netif_receive_skb_core+0x30b0/0x30b0
[ 110.156596][ C0] ? lock_acquire+0x190/0x410
[ 110.161254][ C0] ? process_backlog+0x1b5/0x780
[ 110.166181][ C0] __netif_receive_skb+0x2c/0x1d0
[ 110.171188][ C0] process_backlog+0x226/0x780
[ 110.175929][ C0] ? net_rx_action+0x27b/0x1120
[ 110.180789][ C0] ? lockdep_hardirqs_on+0x19e/0x5e0
[ 110.186111][ C0] net_rx_action+0x508/0x1120
[ 110.190779][ C0] ? napi_busy_loop+0x970/0x970
[ 110.195630][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 110.201215][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 110.207181][ C0] ? ip6_finish_output2+0x10d3/0x25c0
[ 110.212541][ C0] ? trace_hardirqs_on+0x67/0x240
[ 110.217551][ C0] __do_softirq+0x262/0x98c
[ 110.222044][ C0] ? ip6_finish_output2+0x10d3/0x25c0
[ 110.227402][ C0] do_softirq_own_stack+0x2a/0x40
[ 110.232507][ C0]
[ 110.235479][ C0] do_softirq.part.0+0x11a/0x170
[ 110.240398][ C0] __local_bh_enable_ip+0x211/0x270
[ 110.245584][ C0] ip6_finish_output2+0x1101/0x25c0
[ 110.250772][ C0] ? ip6_frag_next+0xb20/0xb20
[ 110.255516][ C0] ? lock_downgrade+0x920/0x920
[ 110.260348][ C0] ? __kasan_check_read+0x11/0x20
[ 110.265361][ C0] __ip6_finish_output+0x444/0xaa0
[ 110.270456][ C0] ? __ip6_finish_output+0x444/0xaa0
[ 110.275729][ C0] ip6_finish_output+0x38/0x1f0
[ 110.280558][ C0] ip6_output+0x25e/0x880
[ 110.284877][ C0] ? ip6_finish_output+0x1f0/0x1f0
[ 110.289971][ C0] ? __ip6_finish_output+0xaa0/0xaa0
[ 110.295247][ C0] ndisc_send_skb+0xf1f/0x1490
[ 110.299994][ C0] ? nf_hook.constprop.0+0x560/0x560
[ 110.305269][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 110.311505][ C0] ? skb_set_owner_w+0x265/0x410
[ 110.316428][ C0] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 110.322134][ C0] ndisc_send_ns+0x3a9/0x850
[ 110.326702][ C0] ? mark_held_locks+0xa4/0xf0
[ 110.331485][ C0] ? ndisc_netdev_event+0x5e0/0x5e0
[ 110.336716][ C0] ? lockdep_hardirqs_on+0x421/0x5e0
[ 110.341990][ C0] ? addrconf_dad_work+0xb2c/0x11d0
[ 110.347166][ C0] ? trace_hardirqs_on+0x67/0x240
[ 110.352611][ C0] ? addrconf_dad_work+0xb2c/0x11d0
[ 110.357832][ C0] addrconf_dad_work+0xbf3/0x11d0
[ 110.362905][ C0] ? addrconf_dad_completed+0xbb0/0xbb0
[ 110.368438][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 110.374407][ C0] ? trace_hardirqs_on+0x67/0x240
[ 110.379427][ C0] process_one_work+0xa05/0x17a0
[ 110.384343][ C0] ? mark_held_locks+0xf0/0xf0
[ 110.389140][ C0] ? pwq_dec_nr_in_flight+0x320/0x320
[ 110.394491][ C0] ? lock_acquire+0x190/0x410
[ 110.399170][ C0] worker_thread+0x98/0xe40
[ 110.403659][ C0] kthread+0x361/0x430
[ 110.407714][ C0] ? process_one_work+0x17a0/0x17a0
[ 110.412888][ C0] ? kthread_mod_delayed_work+0x1f0/0x1f0
[ 110.418586][ C0] ret_from_fork+0x24/0x30
[ 110.424567][ C0] Kernel Offset: disabled
[ 110.428884][ C0] Rebooting in 86400 seconds..