[   81.428475][   T27] audit: type=1400 audit(1582285428.441:37): avc:  denied  { watch } for  pid=10704 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   81.469979][   T27] audit: type=1400 audit(1582285428.441:38): avc:  denied  { watch } for  pid=10704 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m[   81.684776][   T27] audit: type=1800 audit(1582285428.701:39): pid=10617 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   81.719764][   T27] audit: type=1800 audit(1582285428.701:40): pid=10617 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   84.619870][   T27] audit: type=1400 audit(1582285431.631:41): avc:  denied  { map } for  pid=10796 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts.
[  107.282423][   T27] audit: type=1400 audit(1582285454.301:42): avc:  denied  { map } for  pid=10808 comm="syz-executor206" path="/root/syz-executor206772896" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  107.307651][T10809] IPVS: ftp: loaded support on port[0] = 21
[  107.361604][T10809] chnl_net:caif_netlink_parms(): no params data found
[  107.399349][T10809] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.407249][T10809] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.417665][T10809] device bridge_slave_0 entered promiscuous mode
[  107.426846][T10809] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.434066][T10809] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.442151][T10809] device bridge_slave_1 entered promiscuous mode
[  107.461280][T10809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.473156][T10809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.493579][T10809] team0: Port device team_slave_0 added
[  107.502957][T10809] team0: Port device team_slave_1 added
[  107.518871][T10809] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.526134][T10809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.553134][T10809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.566821][T10809] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.574514][T10809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.600699][T10809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.682529][T10809] device hsr_slave_0 entered promiscuous mode
[  107.730359][T10809] device hsr_slave_1 entered promiscuous mode
[  107.835338][   T27] audit: type=1400 audit(1582285454.851:43): avc:  denied  { create } for  pid=10809 comm="syz-executor206" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  107.861897][   T27] audit: type=1400 audit(1582285454.881:44): avc:  denied  { write } for  pid=10809 comm="syz-executor206" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  107.863973][T10809] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.889435][   T27] audit: type=1400 audit(1582285454.881:45): avc:  denied  { read } for  pid=10809 comm="syz-executor206" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  107.942978][T10809] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.012121][T10809] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  108.102754][T10809] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.177950][T10809] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.185616][T10809] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.193666][T10809] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.200808][T10809] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.254612][T10809] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.269389][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  108.281383][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.289211][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.297587][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  108.311579][T10809] 8021q: adding VLAN 0 to HW filter on device team0
[  108.324460][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  108.333693][ T3886] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.340953][ T3886] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.353619][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  108.362921][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.370168][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.390011][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  108.398468][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  108.409194][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  108.417782][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  108.439310][T10809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  108.450554][T10809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  108.463499][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  108.471633][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  108.481100][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  108.489619][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  108.498469][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  108.508184][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  108.516629][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  108.527159][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  108.547619][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  108.555150][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  108.569896][T10809] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.600167][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  108.609204][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  108.625242][T10809] device veth0_vlan entered promiscuous mode
[  108.633180][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  108.642021][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  108.651358][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  108.659368][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  108.673852][T10809] device veth1_vlan entered promiscuous mode
[  108.698397][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  108.707512][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  108.715588][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  108.724657][ T3886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  108.735832][T10809] device veth0_macvtap entered promiscuous mode
[  108.747284][T10809] device veth1_macvtap entered promiscuous mode
[  108.766283][T10809] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.774339][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  108.783825][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  108.791936][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  108.800962][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  108.813786][T10809] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.821860][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  108.830751][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[  108.980681][    C0] ==================================================================
[  108.988881][    C0] BUG: KASAN: use-after-free in find_match+0xb39/0xc90
[  108.995723][    C0] Read of size 8 at addr ffff88809672e320 by task kworker/0:0/5
[  109.003438][    C0] 
[  109.005770][    C0] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.6.0-rc2-syzkaller #0
[  109.013823][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.023880][    C0] Workqueue: ipv6_addrconf addrconf_dad_work
[  109.029844][    C0] Call Trace:
[  109.033117][    C0]  <IRQ>
[  109.035963][    C0]  dump_stack+0x197/0x210
[  109.040288][    C0]  ? find_match+0xb39/0xc90
[  109.044794][    C0]  print_address_description.constprop.0.cold+0xd4/0x30b
[  109.051812][    C0]  ? find_match+0xb39/0xc90
[  109.056319][    C0]  ? find_match+0xb39/0xc90
[  109.060813][    C0]  __kasan_report.cold+0x1b/0x32
[  109.065738][    C0]  ? find_match+0xb39/0xc90
[  109.070243][    C0]  kasan_report+0x12/0x20
[  109.074593][    C0]  __asan_report_load8_noabort+0x14/0x20
[  109.080212][    C0]  find_match+0xb39/0xc90
[  109.084532][    C0]  ? rcu_read_lock_held+0x9c/0xb0
[  109.089539][    C0]  ? rcu_read_lock_held_common+0x130/0x130
[  109.095341][    C0]  __find_rr_leaf+0x14e/0x750
[  109.100023][    C0]  ? nexthop_is_blackhole+0x690/0x690
[  109.105396][    C0]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  109.111584][    C0]  ? rcu_read_lock_held+0x9c/0xb0
[  109.116589][    C0]  ? rcu_read_lock_held_common+0x130/0x130
[  109.122402][    C0]  fib6_table_lookup+0x697/0xdb0
[  109.127344][    C0]  ? rt6_age_exceptions+0x130/0x130
[  109.132533][    C0]  ? __kasan_check_read+0x11/0x20
[  109.137588][    C0]  ip6_pol_route+0x1f6/0xa70
[  109.142162][    C0]  ? ip6_pol_route_lookup+0x12e0/0x12e0
[  109.147704][    C0]  ? flow_hash_from_keys+0x2c4/0x8c0
[  109.152978][    C0]  ip6_pol_route_input+0x65/0x80
[  109.157909][    C0]  fib6_rule_lookup+0x133/0x7d0
[  109.162754][    C0]  ? ip6_pol_route+0xa70/0xa70
[  109.167499][    C0]  ? fib6_lookup+0x340/0x340
[  109.172091][    C0]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  109.178316][    C0]  ? ipvlan_ht_addr_lookup+0x2df/0x450
[  109.183771][    C0]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  109.189665][    C0]  ip6_route_input_lookup+0xb7/0xd0
[  109.194865][    C0]  ip6_route_input+0x5f0/0xa40
[  109.199612][    C0]  ? ip6_route_check_nh+0x670/0x670
[  109.204845][    C0]  ? ipvlan_link_new.cold+0x45/0x45
[  109.210102][    C0]  ? cpuup_canceled+0xf8/0x1d0
[  109.214868][    C0]  ? rcu_read_lock_held+0x9c/0xb0
[  109.219941][    C0]  ? rcu_read_lock_held_common+0x130/0x130
[  109.225751][    C0]  ip6_rcv_finish_core.isra.0+0x174/0x590
[  109.231483][    C0]  ? ipvlan_nf_input+0x190/0x190
[  109.236415][    C0]  ip6_rcv_finish+0x17a/0x310
[  109.241081][    C0]  ipv6_rcv+0x10e/0x420
[  109.245232][    C0]  ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[  109.250684][    C0]  ? ip6_rcv_finish_core.isra.0+0x590/0x590
[  109.256562][    C0]  ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[  109.262008][    C0]  __netif_receive_skb_one_core+0x113/0x1a0
[  109.267924][    C0]  ? __netif_receive_skb_core+0x30b0/0x30b0
[  109.273806][    C0]  ? lock_acquire+0x190/0x410
[  109.278473][    C0]  ? process_backlog+0x1b5/0x780
[  109.283480][    C0]  __netif_receive_skb+0x2c/0x1d0
[  109.288524][    C0]  process_backlog+0x226/0x780
[  109.293274][    C0]  ? net_rx_action+0x27b/0x1120
[  109.298135][    C0]  ? lockdep_hardirqs_on+0x19e/0x5e0
[  109.303462][    C0]  net_rx_action+0x508/0x1120
[  109.308150][    C0]  ? napi_busy_loop+0x970/0x970
[  109.313000][    C0]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  109.318609][    C0]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  109.324575][    C0]  ? ip6_finish_output2+0x10d3/0x25c0
[  109.329978][    C0]  ? trace_hardirqs_on+0x67/0x240
[  109.334992][    C0]  __do_softirq+0x262/0x98c
[  109.339495][    C0]  ? ip6_finish_output2+0x10d3/0x25c0
[  109.344853][    C0]  do_softirq_own_stack+0x2a/0x40
[  109.349907][    C0]  </IRQ>
[  109.352844][    C0]  do_softirq.part.0+0x11a/0x170
[  109.357829][    C0]  __local_bh_enable_ip+0x211/0x270
[  109.363077][    C0]  ip6_finish_output2+0x1101/0x25c0
[  109.368334][    C0]  ? ip6_frag_next+0xb20/0xb20
[  109.373086][    C0]  ? lock_downgrade+0x920/0x920
[  109.377922][    C0]  ? __kasan_check_read+0x11/0x20
[  109.382951][    C0]  __ip6_finish_output+0x444/0xaa0
[  109.388098][    C0]  ? __ip6_finish_output+0x444/0xaa0
[  109.393381][    C0]  ip6_finish_output+0x38/0x1f0
[  109.398225][    C0]  ip6_output+0x25e/0x880
[  109.402552][    C0]  ? ip6_finish_output+0x1f0/0x1f0
[  109.407728][    C0]  ? __ip6_finish_output+0xaa0/0xaa0
[  109.413023][    C0]  ndisc_send_skb+0xf1f/0x1490
[  109.417786][    C0]  ? nf_hook.constprop.0+0x560/0x560
[  109.423075][    C0]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  109.429305][    C0]  ? skb_set_owner_w+0x265/0x410
[  109.434239][    C0]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  109.440048][    C0]  ndisc_send_ns+0x3a9/0x850
[  109.444632][    C0]  ? mark_held_locks+0xa4/0xf0
[  109.449379][    C0]  ? ndisc_netdev_event+0x5e0/0x5e0
[  109.454571][    C0]  ? lockdep_hardirqs_on+0x421/0x5e0
[  109.459837][    C0]  ? addrconf_dad_work+0xb2c/0x11d0
[  109.465023][    C0]  ? trace_hardirqs_on+0x67/0x240
[  109.470035][    C0]  ? addrconf_dad_work+0xb2c/0x11d0
[  109.475231][    C0]  addrconf_dad_work+0xbf3/0x11d0
[  109.480247][    C0]  ? addrconf_dad_completed+0xbb0/0xbb0
[  109.485782][    C0]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  109.491747][    C0]  ? trace_hardirqs_on+0x67/0x240
[  109.496772][    C0]  process_one_work+0xa05/0x17a0
[  109.501868][    C0]  ? mark_held_locks+0xf0/0xf0
[  109.506680][    C0]  ? pwq_dec_nr_in_flight+0x320/0x320
[  109.512037][    C0]  ? lock_acquire+0x190/0x410
[  109.516713][    C0]  worker_thread+0x98/0xe40
[  109.521241][    C0]  kthread+0x361/0x430
[  109.525323][    C0]  ? process_one_work+0x17a0/0x17a0
[  109.530510][    C0]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[  109.536371][    C0]  ret_from_fork+0x24/0x30
[  109.540795][    C0] 
[  109.543107][    C0] Allocated by task 10809:
[  109.547511][    C0]  save_stack+0x23/0x90
[  109.551656][    C0]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  109.557277][    C0]  kasan_kmalloc+0x9/0x10
[  109.561591][    C0]  __kmalloc_node+0x4e/0x70
[  109.566086][    C0]  kvmalloc_node+0x68/0x100
[  109.570574][    C0]  alloc_netdev_mqs+0x98/0xe40
[  109.575330][    C0]  vti6_init_net+0x244/0x810
[  109.579912][    C0]  ops_init+0xb3/0x420
[  109.583978][    C0]  setup_net+0x2d5/0x8b0
[  109.588200][    C0]  copy_net_ns+0x29e/0x5a0
[  109.592599][    C0]  create_new_namespaces+0x403/0xb50
[  109.597873][    C0]  unshare_nsproxy_namespaces+0xc2/0x200
[  109.603499][    C0]  ksys_unshare+0x444/0x980
[  109.607995][    C0]  __x64_sys_unshare+0x31/0x40
[  109.612738][    C0]  do_syscall_64+0xfa/0x790
[  109.617233][    C0]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  109.623099][    C0] 
[  109.625415][    C0] Freed by task 10809:
[  109.629466][    C0]  save_stack+0x23/0x90
[  109.633602][    C0]  __kasan_slab_free+0x102/0x150
[  109.638677][    C0]  kasan_slab_free+0xe/0x10
[  109.643214][    C0]  kfree+0x10a/0x2c0
[  109.647097][    C0]  __netdev_name_node_alt_destroy+0x1ff/0x2a0
[  109.653142][    C0]  netdev_name_node_alt_destroy+0x57/0x80
[  109.658876][    C0]  rtnl_linkprop.isra.0+0x575/0x6f0
[  109.664060][    C0]  rtnl_dellinkprop+0x46/0x60
[  109.668712][    C0]  rtnetlink_rcv_msg+0x45e/0xaf0
[  109.673636][    C0]  netlink_rcv_skb+0x177/0x450
[  109.678391][    C0]  rtnetlink_rcv+0x1d/0x30
[  109.682798][    C0]  netlink_unicast+0x59e/0x7e0
[  109.687555][    C0]  netlink_sendmsg+0x91c/0xea0
[  109.692298][    C0]  sock_sendmsg+0xd7/0x130
[  109.696697][    C0]  ____sys_sendmsg+0x753/0x880
[  109.701441][    C0]  ___sys_sendmsg+0x100/0x170
[  109.706140][    C0]  __sys_sendmsg+0x105/0x1d0
[  109.710707][    C0]  __x64_sys_sendmsg+0x78/0xb0
[  109.715466][    C0]  do_syscall_64+0xfa/0x790
[  109.719951][    C0]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  109.725822][    C0] 
[  109.728134][    C0] The buggy address belongs to the object at ffff88809672e000
[  109.728134][    C0]  which belongs to the cache kmalloc-4k of size 4096
[  109.742186][    C0] The buggy address is located 800 bytes inside of
[  109.742186][    C0]  4096-byte region [ffff88809672e000, ffff88809672f000)
[  109.755524][    C0] The buggy address belongs to the page:
[  109.761142][    C0] page:ffffea000259cb80 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0
[  109.772055][    C0] flags: 0xfffe0000010200(slab|head)
[  109.777331][    C0] raw: 00fffe0000010200 ffffea0002598f08 ffffea0002615108 ffff8880aa402000
[  109.785900][    C0] raw: 0000000000000000 ffff88809672e000 0000000100000001 0000000000000000
[  109.794463][    C0] page dumped because: kasan: bad access detected
[  109.800854][    C0] 
[  109.803162][    C0] Memory state around the buggy address:
[  109.808776][    C0]  ffff88809672e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.816853][    C0]  ffff88809672e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.824900][    C0] >ffff88809672e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.832971][    C0]                                ^
[  109.838070][    C0]  ffff88809672e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.846122][    C0]  ffff88809672e400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.854222][    C0] ==================================================================
[  109.862302][    C0] Disabling lock debugging due to kernel taint
[  109.868469][    C0] Kernel panic - not syncing: panic_on_warn set ...
[  109.875037][    C0] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G    B             5.6.0-rc2-syzkaller #0
[  109.884467][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.894669][    C0] Workqueue: ipv6_addrconf addrconf_dad_work
[  109.900676][    C0] Call Trace:
[  109.903945][    C0]  <IRQ>
[  109.906812][    C0]  dump_stack+0x197/0x210
[  109.911144][    C0]  panic+0x2e3/0x75c
[  109.915044][    C0]  ? add_taint.cold+0x16/0x16
[  109.919724][    C0]  ? trace_hardirqs_on+0x5e/0x240
[  109.924739][    C0]  ? trace_hardirqs_on+0x5e/0x240
[  109.929757][    C0]  ? find_match+0xb39/0xc90
[  109.934258][    C0]  end_report+0x47/0x4f
[  109.938426][    C0]  ? find_match+0xb39/0xc90
[  109.942909][    C0]  __kasan_report.cold+0xe/0x32
[  109.947802][    C0]  ? find_match+0xb39/0xc90
[  109.952304][    C0]  kasan_report+0x12/0x20
[  109.956642][    C0]  __asan_report_load8_noabort+0x14/0x20
[  109.962345][    C0]  find_match+0xb39/0xc90
[  109.966686][    C0]  ? rcu_read_lock_held+0x9c/0xb0
[  109.971692][    C0]  ? rcu_read_lock_held_common+0x130/0x130
[  109.977538][    C0]  __find_rr_leaf+0x14e/0x750
[  109.982204][    C0]  ? nexthop_is_blackhole+0x690/0x690
[  109.987564][    C0]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  109.993705][    C0]  ? rcu_read_lock_held+0x9c/0xb0
[  109.998802][    C0]  ? rcu_read_lock_held_common+0x130/0x130
[  110.004615][    C0]  fib6_table_lookup+0x697/0xdb0
[  110.009546][    C0]  ? rt6_age_exceptions+0x130/0x130
[  110.014730][    C0]  ? __kasan_check_read+0x11/0x20
[  110.019735][    C0]  ip6_pol_route+0x1f6/0xa70
[  110.024318][    C0]  ? ip6_pol_route_lookup+0x12e0/0x12e0
[  110.029857][    C0]  ? flow_hash_from_keys+0x2c4/0x8c0
[  110.035135][    C0]  ip6_pol_route_input+0x65/0x80
[  110.040060][    C0]  fib6_rule_lookup+0x133/0x7d0
[  110.044957][    C0]  ? ip6_pol_route+0xa70/0xa70
[  110.049715][    C0]  ? fib6_lookup+0x340/0x340
[  110.054315][    C0]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  110.060630][    C0]  ? ipvlan_ht_addr_lookup+0x2df/0x450
[  110.066082][    C0]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  110.071969][    C0]  ip6_route_input_lookup+0xb7/0xd0
[  110.077284][    C0]  ip6_route_input+0x5f0/0xa40
[  110.082035][    C0]  ? ip6_route_check_nh+0x670/0x670
[  110.087214][    C0]  ? ipvlan_link_new.cold+0x45/0x45
[  110.092399][    C0]  ? cpuup_canceled+0xf8/0x1d0
[  110.097415][    C0]  ? rcu_read_lock_held+0x9c/0xb0
[  110.102421][    C0]  ? rcu_read_lock_held_common+0x130/0x130
[  110.108316][    C0]  ip6_rcv_finish_core.isra.0+0x174/0x590
[  110.114013][    C0]  ? ipvlan_nf_input+0x190/0x190
[  110.118942][    C0]  ip6_rcv_finish+0x17a/0x310
[  110.123785][    C0]  ipv6_rcv+0x10e/0x420
[  110.127931][    C0]  ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[  110.133491][    C0]  ? ip6_rcv_finish_core.isra.0+0x590/0x590
[  110.139375][    C0]  ? ip6_rcv_core.isra.0+0x1c30/0x1c30
[  110.144822][    C0]  __netif_receive_skb_one_core+0x113/0x1a0
[  110.150690][    C0]  ? __netif_receive_skb_core+0x30b0/0x30b0
[  110.156596][    C0]  ? lock_acquire+0x190/0x410
[  110.161254][    C0]  ? process_backlog+0x1b5/0x780
[  110.166181][    C0]  __netif_receive_skb+0x2c/0x1d0
[  110.171188][    C0]  process_backlog+0x226/0x780
[  110.175929][    C0]  ? net_rx_action+0x27b/0x1120
[  110.180789][    C0]  ? lockdep_hardirqs_on+0x19e/0x5e0
[  110.186111][    C0]  net_rx_action+0x508/0x1120
[  110.190779][    C0]  ? napi_busy_loop+0x970/0x970
[  110.195630][    C0]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  110.201215][    C0]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  110.207181][    C0]  ? ip6_finish_output2+0x10d3/0x25c0
[  110.212541][    C0]  ? trace_hardirqs_on+0x67/0x240
[  110.217551][    C0]  __do_softirq+0x262/0x98c
[  110.222044][    C0]  ? ip6_finish_output2+0x10d3/0x25c0
[  110.227402][    C0]  do_softirq_own_stack+0x2a/0x40
[  110.232507][    C0]  </IRQ>
[  110.235479][    C0]  do_softirq.part.0+0x11a/0x170
[  110.240398][    C0]  __local_bh_enable_ip+0x211/0x270
[  110.245584][    C0]  ip6_finish_output2+0x1101/0x25c0
[  110.250772][    C0]  ? ip6_frag_next+0xb20/0xb20
[  110.255516][    C0]  ? lock_downgrade+0x920/0x920
[  110.260348][    C0]  ? __kasan_check_read+0x11/0x20
[  110.265361][    C0]  __ip6_finish_output+0x444/0xaa0
[  110.270456][    C0]  ? __ip6_finish_output+0x444/0xaa0
[  110.275729][    C0]  ip6_finish_output+0x38/0x1f0
[  110.280558][    C0]  ip6_output+0x25e/0x880
[  110.284877][    C0]  ? ip6_finish_output+0x1f0/0x1f0
[  110.289971][    C0]  ? __ip6_finish_output+0xaa0/0xaa0
[  110.295247][    C0]  ndisc_send_skb+0xf1f/0x1490
[  110.299994][    C0]  ? nf_hook.constprop.0+0x560/0x560
[  110.305269][    C0]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  110.311505][    C0]  ? skb_set_owner_w+0x265/0x410
[  110.316428][    C0]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  110.322134][    C0]  ndisc_send_ns+0x3a9/0x850
[  110.326702][    C0]  ? mark_held_locks+0xa4/0xf0
[  110.331485][    C0]  ? ndisc_netdev_event+0x5e0/0x5e0
[  110.336716][    C0]  ? lockdep_hardirqs_on+0x421/0x5e0
[  110.341990][    C0]  ? addrconf_dad_work+0xb2c/0x11d0
[  110.347166][    C0]  ? trace_hardirqs_on+0x67/0x240
[  110.352611][    C0]  ? addrconf_dad_work+0xb2c/0x11d0
[  110.357832][    C0]  addrconf_dad_work+0xbf3/0x11d0
[  110.362905][    C0]  ? addrconf_dad_completed+0xbb0/0xbb0
[  110.368438][    C0]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  110.374407][    C0]  ? trace_hardirqs_on+0x67/0x240
[  110.379427][    C0]  process_one_work+0xa05/0x17a0
[  110.384343][    C0]  ? mark_held_locks+0xf0/0xf0
[  110.389140][    C0]  ? pwq_dec_nr_in_flight+0x320/0x320
[  110.394491][    C0]  ? lock_acquire+0x190/0x410
[  110.399170][    C0]  worker_thread+0x98/0xe40
[  110.403659][    C0]  kthread+0x361/0x430
[  110.407714][    C0]  ? process_one_work+0x17a0/0x17a0
[  110.412888][    C0]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[  110.418586][    C0]  ret_from_fork+0x24/0x30
[  110.424567][    C0] Kernel Offset: disabled
[  110.428884][    C0] Rebooting in 86400 seconds..